Layer 3 Switching

Comparing First hop redundancy protocols: HSRP and GLBP

FHRP, General Routing & Switching No Responses »

Mar 302013

In short Hot Standby Routing Protocol and Gateway Load Balancing Protocol do first hop redundancy, the former is open standard, and the latter is Cisco proprietary. HSRP works in an active standby fashion, whereas in GLBP all routers are forwarding packets.

In HSRP the active router answers the ARP requests with the MAC address assigned to the standby group, thus only the active router forward packets. The standby router only will take over the forwarding process if it does not hear from the active router (3 hello messages by default) or by changing the priority/preemption. Thus a router could be taken out of service or taken into service by simply altering the priorities.

In GLBP the Active Virtual Gateway (AVG) is responsible for the ARP requests. It will reply with ARP replies with mac address of Active Virtual Forwarders (AVF) by default in a round robin fashion. Thus all routers will forward packets equally. Naturally all routers generate hello packets with the virtual MAC as source, so that the switches can learn the virtual mac address, which is the same with HSRP.

In GLBP as all routers are forwarding traffic, we have to alter the Weight value to make a router not to forward traffic. For this a tracking object must be defined. If the tracked object is UP, the router will be in service. Below is the example of such tracking. The loopback interface is tracked for its status. If the loopback 100 is shutdown, then the weight will be decremented by 100. When the weight value is below the lower threshold, the router will not send hello packets with Virtual MAC address as source, causing the L2 switches to remove the MAC from their forwarding table.

track 100 interface Loopback100 line-protocol

interface FastEthernet0/0

glbp 1 ip 10.0.0.201

glbp 1 weighting track 100 decrement 100

glbp 1 weighting 100 lower 1 upper 100

if we want to take a GLBP router out of service, it must also not be the GLBP AVG.

BGP Outbound Route Filtering

BGP, My IE-R&S Hunt No Responses »

Mar 272013

A Multihomed customer will receive probably the whole BGP table from both service providers. He will then filter out routes inbound from the service provider. This kind of construct is flexible and scalable in the sense of less administrative burden.

The routers from the provider side have to send the complete BGP table, which must be then received and processed by the customer router, which then filters about 90% of the routes probably with a filter list. There is a lot of waste of resources which could be utilized elsewhere.

If the customer router could dynamically request a subset of routes from the provider will be the optimum solution to this problem. This situation could be solved with outbound route filtering (RFC 5291). The idea is to send the prefix list which the customer uses to filter towards the provider. Then the provider will filter the routes outbound.

Router R2 receives 4 networks via BGP 1.1.0/24, 1.1.1/24, 1.1.2/24 and 1.1.3/24. It then filters the networks 1.1.2/24 and 1.1.3/24 networks inbound with a prefx-list. The debug ip bgp updates in displays the effect.

Datacenter Interconnect at Layer 2 using Ethernet over MPLS

Data Center No Responses »

Feb 172013

In traditional physically looped L2 switched networks, the redundancy is removed by the STP algorithm. There we use the PVST or MST to tune that some link are not blocked for a specified VLAN. In a long run this will be a huge administrative burden.

To achieve forwarding over all links in the core, is to use some protocol which has the knowledge of the whole topology and the active links. Examples would be Fabric Path (FP) from Cisco, or the open standard Transparent Interconnection of Lots of Links (TRILL). We could also use the old good MPLS also to achieve this; specifically we will be encapsulating L2 Ethernet frames into MPLS

In the below topology we have H1 and H2 belonging to VLAN 2, which are supposed to communicate over the EoMPLS backbone. All of the packets send from VLAN 2 will be encapsulated inside the MPLS payload. At the end we have 2 logical wires or Pseudo-wire between the 2 switches.

For MPLS to work at all we have to take the following points into account:

Ensure L3 reachability via static routing or dynamic routing.
Enable MPLS on the interfaces.
Loopback interfaces on routers to specify the MPLS Label Distribution Protocol (LDP) router-id.
CEF switching must be enabled for MPLS to work (default enabled).

Using SNMP to check Nexus power status

Data Center No Responses »

Jan 072013

The nexus series switches return an integer value of 4 when it detects a power failure and integer value of 2 if operational.

The power labels are 470 or 471 if the power supply of the switch is damaged. The label 470 and 471 relates to the power supply unit 1 and 2 respectively.

If a fabric extender detects a power unit failure, it returns an integer of 4 for the labels fex_number_000470 and fex_number_000471. For example if the fabric extender attached has an association number of 111, the label will be 111000470 for power supply unit 1 and 111000471 for power supply unit 2.

snmpwalk -c public 10.23.225.166 -v 2c 1.3.6.1.4.1.9.9.117.1.1.2.1.2 | grep -i "INTEGER: 4"

SNMPv2-SMI::enterprises.9.9.117.1.1.2.1.2.471 = INTEGER: 4

In the above example the power supply unit 2 of the switch 10.23.225.166 is failed.

Choosing OSPF Router-ID

General Routing & Switching, OSPF No Responses »

Dec 302012

Each OSPF routers have a unique identification number which represents the router to the OSPF domain. If the ID is configured using the router-id command, it will be preferred over any highest loopback IPv4 address.

When looking out at the detailed output of a route in the routing table, the advertising routers RID will be displayed. Thus looking at the RIB we can determine to which router the network is attached.

Older Entries Newer Entries