Sunday, 28 September 2014

Why we need VPC?

Initially when I heard of VPC, I neither understand the advantage of it nor its difference with VSS. Below I tried to explain the difference between VPC and VSS and the legacy setup where STP is being used to prevent L2 loops. But STP has many limitations which are discussed below:-

1.Suboptimal Path:-  To understand it, take a look to  the below topology where  three switches are connected to provide complete redundant path .

The problem with this design is, STP will block the port Gi0/3 of Sw-2. And hence traffic instead of taking direct route from SW-1 to SW-3, will reach to SW-3 via SW-1 and is known as suboptimal path. It adds extra hop in the path and reduces the efficiency of the network.

 2.Underutilization of uplink bandwidth:-
STP prevents the layer-2 loop by blocking the redundant path which is an advantage but in way reduces the uplink bandwidth which sometimes creates the congestion in the network.

Refer to the below diagram, traffic from SW-3 to internet has two path but due to spanning tree Gig0/3 of SW-3 is in blocking state. It will reduce the uplink bandwidth available to the SW-3.



3.Inefficiency: - Let’s assume the traffic is load share between SW-1 and SW-2 and both switches advertise the user subnet from same metric. There is no problem when the return traffic hit the SW-1 but what will happen when the very first return traffic that hits SW-2.

Does SW-2 have the mac-address of PC-1? Generally NO!

 SW-2 will send the unknown broadcast for the mac-address and if there are many users sitting in the LAN, unknown unicast will not only create the unnecessary traffic but it also impacts the CPU utilization of switches.

By using VSS in 6500, both the switches will virtually become one. One sup is active at a time which will control the data plan of both the chassis. It not remove the layer 2 loop from the network  but also remove the sub-optimal path and inefficiency problem which we had in our legacy environment.


As you can see there is neither a suboptimal path nor there is problem of reduced uplinks. It also removed the unnecessary unknown unicast issue.

But in VSS, control plane is active only on one switch whereas data plane is active on both the switches. As only one Sup is active the overall throughput is limited and other SUP capacity is gone wasted.

Advantage with VPC is not only it removes the above stated problems but also control and data plane of both the chassis are active at the same time. It increases the overall throughput of the system.

In the below design, traffic from PC-1 can directly reach PC-2 with adding any hop.



Also in the below design, traffic from PC-1 can go to internet via SW-1 or SW-2 depending open the hashing algorithm of SW-3. Also it removes the problem of unknown unicast in case of asymmetric routing as both the switch will be appearing as one.

Posted by at No comments:
Labels:

Friday, 26 September 2014

Important port details:- Cisco Wireless

    Important port details:-

         1. Enable these UDP ports for LWAPP traffic:

             Data - 12222
            Control - 12223

         2. Enable these UDP ports for CAPWAP traffic:

             Data - 5247
            Control - 5246

         3. Enable these UDP ports for Mobility traffic:

             16666 - Secured Mode
            16667 - Unsecured Mode

     Mobility and data messages are usually exchanged through EtherIP packets. IP protocol 97 must be allowed on the firewall to allow EtherIP packets. If you use ESP to encapsulate mobility packets, you have to permit ISAKMP through the firewall when you open UDP port 500. You also have to open the IP protocol 50 to allow the encrypted data to pass through the firewall.

     These ports are optional (depending on your requirements):
  • TCP 161 and 162 for SNMP (for the Wireless Control System [WCS])
  • UDP 69 for TFTP
  • TCP 80 and/or 443 for HTTP or HTTPS for GUI access
  • TCP 23 and/or 22 for Telnet or secure shell (SSH) for CLI access

Posted by at No comments:

Monday, 22 September 2014

OTV FAQs


1.Can OTV VDC configured with SVI of the Extended VLAN?
Answer:-No, OTV VDC cannot have SVI of the extended Vlans.

2.Is OTV supported on all series of line cards?
Answer:- No, OTV is not supported on F1,F2,F2e. It is only supported on M series and F3 line cards.

3.Does OTV advertise the mac-address?
Answer: - Unlike fabricpath, OTV advertise the mac-address.

4.What is the size of OTV header?
Answer: 42 Bytes

5.How the authoritative edge device role is negotiated?
Answer:- Edge device with lower system-id will become authoritative for all even extended vlans and edge devices with higher system-id will be elected for all odd vlans.

6.What is the COS and DSCP value of OTV control packet?
Answer:- COS=6/DSCP=48

7.Can multiple overlay interfaces share the same join interface?
Answer:- Yes, One join interface can be shared between multiple overlay interfaces.

8.How many overlay interfaces can be configured on the edge devices?
Answer:- Maximum 10 overlay interfaces can be configured.

9.How many sites can be paired on OTV?
Answer:- Maximum 6 sites can be configured.

10.   How many edge device per site can exist?
Answer:- Maximum two edge devices can be configured per site.

11. How many vlans can be extended via OTV?
Answer:- Maximum 256 Vlans can be extended.

12.What license is required for OTV?
Answer:- Transport  service license.

13.   Can we configure loopback interface as join interface?
 Answer:- NO, only physical interface, sub-interface,port-channel and port-channel sub interface can be configured as join interface.

SVI and loopback cannot be configured as join interface.

15.Can we configure 1 Gig port as join interface?
Answer:- Yes, there is no restriction for 10 gig.

16. Is OTV support fragmentation?
Answer:- No in OTV fragmentation or reassembly is not supported. All control and data traffic is sent with DF bit sent. OTV adds 42 byte header to IP packet.

17.Is STP BPDU sent across OTV link by default?
Answer: - No, STP BPDU are blocked by default.

18.Is unknown unicast is sent across OTV link?
Answer:- No, it is also not permitted to cross OTV link. OTV assume that there is no silent machine in the environment.

Posted by at No comments:
Labels:

Sunday, 21 September 2014

Fabricpath FAQs

1. What is the unique mac address used in unknown Unicast.
Answer:- 01:0F:FF:C1:01:C0

2. What is STP bridge ID used by all Fabricpath edge devices?
Answer:- C84C.75FA.6000

3. What is the maximum number of VPC+ port channel support?
Answer: - 244

Note: - On F2/F2E line card, we can increase the maximum number of VPC+ port-channel support by using no port-channel limit commands.

4. What is the default value Root priority?
Answer: - 64 ( It can be between 0 to 255)

5. What is the default TTL value set for all frames?
Answer: 32.

Note:-We can use the command fabricpath ttl to configure the TTL Value.

6. Does VPC+ support static port-channel?
Answer: - Yes, it supports both LACP and Static port-channels.

7. Is fabricpath supported on M cards?
Answer:- No. Fabricpath is only supported on F series.

8. Which license is required for Fabricpath?
Answer:- Enhanced Layer 2 Package

9. What is ethertype value of Fabricpath frame?
Answer:- 0x8903

10. What is order of preference for root election?
Answer:- Root priority-> System ID->Switch ID

Note:- Higher is better.

11. Is the mac addresses are advertised by fabricpath IS-IS like in OTV?

Answer :- No, Fabricpath IS-IS will not advertise any mac address.
Posted by at 1 comment:
Labels:

Saturday, 20 September 2014

F1 Vs. F2 Vs. F2E Vs. F3 - Cisco Nexus 7000

There are four types of F line cards available. Below is the difference between F1, F2, F2e and F3.

F1 Card:-
  • Only perform Layer-2 task.
  • No interface can be converted to Layer3.
  • M and F1 card can coexist in a chassis
F2 line card:-
  • Interface can be used as L2 or L3
  • M and F2 card cannot coexist in a chassis.
  • Don’t support OTV,MPLS and LISP
F2E line card:-
  • Interface can be used as L2 or L3
  •  M and F2E card can coexist in a chassis but in L2 mode only.
  •  Don’t support OTV,MPLS and LISP
F3 line cards:-
  • Interface can be used as L2 or L3
  • M and F3 card can coexist in a chassis
  • Support OTV, MPLS and LISP features.

Posted by at No comments:
Labels:

Nexus 7000 License

1. Enterprise Services Package LAN_ENTERPRISE_SERVICES_PKG
- To enable Routing protocols like BGP,OSPF,EIGRP etch.
2. Advanced Services Package:- LAN_ADVANCED_SERVICES_PKG
-Without it one only one default VDC can be in use. BY installing Advance service license  4 VDC can be created on SUP1/SUP2 and SUP 2E.
In case of SUP-2E we need another VDC Licenses to support eight VDCs
3.Transport Services Package :-LAN_TRANSPORT_SERVICES_PKG 
To enable OTV and LISP
4. Scalable Services Package :-  SCALABLE_SERVICES_PKG
-A single license per system enables all XL-capable I/O modules to operate in XL mode
5. Enhanced Layer 2 Package:- ENHANCED_LAYER2_PKG 
- To enable FabricPath on F modules.
6. MPLS Services Package :- MPLS_PKG
- It is used to enable advance feature like MPLS, VPN, EoMPLS etc.
7. Storage Enterprise Package:- STORAGE_ENT
- It is require to enable IVR
8. FCoE Services Package :-  FCOE_PKG
It is the only license which is enabled on module bases. There are two different Licenses for F1 and F2 module.
FCOE_PKG- For F1 card
FCOE_F2 - F2 seires
Posted by at No comments:
Labels:

Friday, 19 September 2014

Ethertype values

Switch identifies the type of frame by looking at the ethertype vlaue. Below are some common values and related technologies:-



Posted by at No comments:
Subscribe to: Posts (Atom)