|
BGP Path Selection Process Decision Steps |
IOS |
JUNOS |
|
| Next-Hop accessible/resolvable (mandatory attribute) |
By default, the NEXT-HOP is changed for EBGP and is unchanged for iBGP.
The NEXT-HOP identifies the EBGP speaker in the adjoining AS, and IGP will not carry this route, thereby leading to an unreachable next hop. |
||
|
Synchronization |
BGP process expects the IGP to have a copy of each route before that route can be advertised by BGP. This is why disabling synchronization is the 1st step in IOS configuration. |
NONE. |
|
| Weight (Influences OUTBOUND traffic, but apply on inbound). | This is Cisco proprietary parameter given to a route on a particular router and is used only within that router. The weight is never given to other routers.
*Default weight = 0, except for locally sourced routes which get a default weight = 32,768. The maximum weight is 65,535. *Weight value => the higher the better. |
NONE. |
|
| Local Preference (Influences OUTBOUND traffic, but apply on inbound). (discretionary attribute)
|
Local preferences are shared among iBGP routers, but they are NOT shared with external BGP routers.
*Default Local_PREF = 100. *Local_PREF value => the higher the better. |
||
|
Self-Originated |
BGP routes prefer routes that originate inside their own AS. That is, to choose the route that originated with BGP on this router. | ||
| AS Path (Influences INBOUND traffic, but apply on outbound). (mandatory attribute) |
By default, BGP discards any route advertisement that contains its local AS number in the AS path to prevent routing loop. For routes that originate outside of the AS, BGP will prefer the one with the shortest path. | ||
| Origin. (mandatory attribute)
ORIGIN has 3 values: 0 = IGP, 1 = EGP, 2 = Incomplete |
BGP selects IGP routes in preference to EGP, and EGP in preference to INCOMPLETE routes. An INCOMPLETE route is one that is injected into BGP via redistribution. *Origin value => the lower the better. |
||
| MED (Influences INBOUND traffic, but apply on outbound). (nontransitive attribute)
Use MED to tell your ISPs which of several entrances to your |
MED is used by the local AS to influence the routing decisions in an adjacent AS for traffic that is inbound to the local AS. BGP selects the route with the lowest MED value. MED actually leaves your AS and tells your neighbor routers which link we want them to talk to.
*Default MED = 0. *MED value => the lower the better |
||
| MED is used ONLY if both routes are received from the same AS, or if the command “bgp always-compare-med” has been enabled.
With “bgp always-compare-med” enabled, BGP will compare MED values even if they come from different ASes, although to reach this step the AS_PATHs must have the same length. You should use this command throughout the AS or you risk creating routing loops. |
|
||
| External
BGP prefer the paths learned using EBGP over paths learned using iBGP to eliminate loops. |
EBGP AD = 20 is lower than other IGP because it should go out of the AS instead of staying in AS.
iBGP AD = 200 is higher than other IGP because if it¡¯s an internal route, it should use internal IGP. |
BGP default protocol preference = 170 | |
| IGP Cost
BGP prefers paths with the lowest IGP metric. |
a. Make sure disabling synchronization.
b. Choose the routes with the lowest IGP administrative distance. |
a. Examine route tables inet.0 and inet.3 for the BGP next hop, and then install the physical next hop for the route with the better preference.
b. For preference ties, install the physical next hop found in inet.3. c. For preference ties within the same route table, install the physical next hop where the greater number of equal-cost paths exists. |
|
| eBGP Peering/Ages of the routes |
BGP will look at the ages of the routes and use the oldest route to particular destination for stability. | ||
| Router ID | A router’s ID is the IP address assigned to the loopback interface or the highest IP address on an active interface at boot time.
*Router ID => the lower the better |
||
November 6, 2009
Decision of BGP Path Selection on IOS and JUNOS
October 20, 2009
JUNOS Default Policies
LS protocol (Link-State protocol): OSPF and ISIS
1. LS default policy:
a. default import policy:
1) accept all routes learned through LS protocol
2) for OSPF, filter external routes from being installed into the route table.
b. default export policy:
1) reject everything
2) for OSPF, LSA flooding is not affected by export policy. The advertisement of local interfaces are enabled to run OSPF, the readvertisement (flooding) of LSAs received fro other routers.
2. RIP default policy:
a. default import policy: accept all received RIP routes that pass a sanity check
b. default export policy: advertise no routes
*You’ll need to create and apply a custom export policy to readvertise RIP learned and direct routes for interfaces running RIP to other RIP speakers.
3. BGP default policy:
a. default import policy: accept all received BGP routes that pass a sanity check
b. default export policy: readvertise all learned BGP routes to all BGP speakers
October 15, 2009
IOS ADs versus JUNOS preferences
|
Source |
IOS administrative distance |
JUNOS protocol preference |
Purpose |
| Local |
0 |
0 |
Local IP of the interface |
| Connected Interface |
0 |
0 |
Subnet corresponding to the directly connected interface |
| System Routes |
|
4 |
|
| Static |
1 |
5 |
Static routes |
| RSVP |
|
7 |
Routes learned from the Resource Reservation Protocol used in MPLS |
| LDF |
|
8 |
|
| LDP |
|
9 |
Routes learned from the Label Distribution Protocol used in MPLS |
| OSPF internal route |
|
10 |
OSPF internal routes such as interfaces that are running OSPF |
| IS-IS Level 1 internal route |
|
15 |
IS-IS Level 1 internal routes such as interfaces that are running ISIS |
| IS-IS Level 2 internal route |
|
18 |
IS-IS Level 2 internal routes such as interfaces that are running ISIS |
| EBGP |
20 |
|
|
| Redirects |
|
30 |
Routes from ICMP redirect |
| Kernel |
|
40 |
Routes learned via route socket from kernel |
| SNMP |
|
50 |
Routes installed by NMS through the SNMP |
| Router discovery |
|
55 |
Routes installed by ICMP Router Discovery |
| Internal EIGRP |
90 |
|
Cisco proprietary routing protocol |
| RIP |
|
100 |
Routes from Routing Information Protocol (IPv4) |
| RIPng |
|
100 |
Routes from Routing Information Protocol (IPv6) |
| IGRP |
100 |
|
Internal Gateway Routing Protocol |
| PIM |
|
105 |
Routes from Protocol Independent Multicast |
| DVMRP |
|
110 |
Routes from Distance Vector Multicast |
| OSPF |
110 |
|
|
| IS-IS |
115 |
|
|
| RIP |
120 |
|
Routes from Routing Information Protocol |
| Aggregate |
|
130 |
Aggregate and generated routes |
| EGP |
140 |
|
Routes from Exterior Gateway Protocol |
| OSPF AS external routes |
|
150 |
Routes from OSPF that have been redistributed into OSPF |
| ODR |
160 |
|
On Demand Routing |
| IS-IS Level 1 external route |
|
160 |
Routes from IS-IS Level 1 that have been redistributed into ISIS |
| IS-IS Level 2 external route |
|
165 |
Routes from IS-IS Level 2 that have been redistributed into ISIS |
| BGP |
|
170 |
Routes from BGP |
| MSDP |
|
175 |
|
| External EIGRP |
170 |
|
|
| iBGP |
200 |
|
|
| Unknown |
255 |
255 |
September 29, 2009
Basic JUNOS – 1
15. Security:
a. SSH:
jc@Junos> set system services ss
b. Direct broadcast msgs:
Junos doesn’t forwared these msgs to prevent DoS, which are datagrams with a destination address of an IP subnetwork broadcast address.
c. Martian addresses:
Martian addresses are host or network addresses about which all routing information is ignored.
(1) In IPv4: 0.0.0.0/8, 127.0.0.0/8, 128.0.0.0/16, 191.255.0.0/16, 192.0.0.0/24, 223.255.255.0/24, 240.0.0.0/4
(2) In IPv6: the loopback address, the reserved and unassigned prefixes from RFC 2373, and the link-local unicast prefix are the default martian addresses
d. Who’s logged in:
jc@Junos> show system users
jc@Junos> request system logout mike
jc@Junos> request message user mike message "End router session now!"
jc@Junos> request message all message "End router session now!"
e. Who’s configuring:
jc@Junos# status
Users currently editing the configuration:
fred terminal p0 (pid 13329) on since 2008-03-23 15:15:12 UTC
f. Ensure no one else can modify the router while u’re editing:
jc@Junos# configure exclusive
14. IS-IS:
a. IS-IS runs directly on the data link layer (Layer 2). As a result, each interface that runs IS-IS doesn’t need an IP address to exchange IS-IS information.
b. It was developed as part of the OSI network protocols and not part of TCP/IP, thus IS-IS doesn’t use IP addresses.
c. IS-IS addresses are called NETs (Network Entity Titles). NETs can be 8~20 bytes long, but are generally 10 bytes long:
d. All the routers within an area exchange their network topology information in IS-IS LSPs, and run the SPF calculation to keep their link-state database identical.
e. Routers within an area can send summaries of their routes to other areas in the IS-IS network.
f. Two types of routers:
(1) Level 1 systems: When they receive traffic destined for somewhere outside the area, they send the packet toward a Level 2 system.
(2) Level 2 systems:
(2.1) Route traffic b/w 2 IS-IS areas.
(2.2) They route traffic to other ASs.
g. Configure IS-IS:
jc@Junos> set interfaces ge-1/0/0 unit 0 family iso jc@Junos> set protocols isis interface ge-1/0/0.0
e. Monitor IS-IS:
jc@Junos> show isis database jc@Junos> show isis adjacency => displays the neighbors jc@Junos> show ospf interface jc@Junos> show ospf route jc@Junos> show route protocol isi
13. OSPF:
a. Link-state protocols run a SPF algorithm to create a database of the network’s topology to determine the best path to a destination.
b. Each router goes through the following process to discover the network topology and determine the best path to each destination:
1) OSPF creates LSAs which describe the network topology that the router has in its link-state database.
2) The router floods the LSAs to all routers in the domain.
3) When the router receives LSAs from other routers, it adds the information to its link-state database.
4) The router runs the Dijkstra SPF calculation to determine the shortest path to each destination in the domain. The result of the calculation is the destination address and the next hop. OSPF places this information in its OSPF routing database. Each router performs the SPF calculation independently, all routers end up with identical link-state databases thought the routers may have different next hops for the destination.
5) When changes occur in the domain, this information is transmitted in LSAs, and all the OSPF routers rerun the SPF calculation and update their link-state database.
c. As an OSPF network gets larger, one of the challenges is keeping all the link-state statements on all routers in sync. => divide it into smaller areas
1) Each area has the same properties: All the routers within the area exchange their network topology information in LSAs, and this smaller group of routers run the SPF calculation to keep their link-state databases identical.
2) ABRs – run 2 SPF calculations, maintain 2 link-state databases, pass route information between the 2 areas but summarize it before sending it into the neighboring area.
Summarization improves the overall stability of the OSPF network.
3) ASBRs – are responsible to advertise externally learned routes into the OSPF administrative domains.
4) All routers in the OSPF backbone must be physically connected to each other. If any routers aren’t physically contiguous, they must be connected by an OSPF virtual link so that they appear to be contiguous.
5) Area ID 0 is normally written as the 32-bit value 0.0.0.0.
6) Stub areas — receive only summarized routing information about other areas within the OSPF domain, and don’t receive any information about external OSPF routes. => Stub areas can’t connect to external networks.
7) NSSAs – can connect to external networks.
d. Configure OSPF:
[edit protocols]
jc@Junos# set ospf area 0.0.0.0 interface ge-1/3/0.0 authentication md5 123456
e. Monitor OSPF:
jc@Junos> show ospf database
jc@Junos> show ospf database summary
jc@Junos> show ospf database brief
jc@Junos> show ospf database router
jc@Junos> show ospf interface
jc@Junos> show ospf neighbor
jc@Junos> show ospf route
jc@Junos> show ospf overview
jc@Junos> show route protocol ospf
12. RIP:
[edit protocols]
jc@Junos# set rip group fred-group neighbor ge-0/0/1.0
a. All RIP neighbors needs to be part of a group with group keyword. (i.e. fred-group)
jc@Junos> show rip neighbor
Source Destination Send Receive In
Neighbor State Address Address Mode Mode Met
-------- ----- ------- ----------- ---- ------- ---
ge-0/0/1.0 Up 10.0.29.2 224.0.0.9 mcast both 1
b. The last column reports the inbound metric, which is how many hops will be added to received routes.
11. Default Route Preferences:
| How Route is Learned | Default Route Preference |
| Directly connected router or network | 0 |
| Configured static routes | 5 |
| MPLS | 7 |
| LDP (Label Distribution Protocol) | 9 |
| OSPF internal routes | 10 |
| IS-IS Level 1 internal routes | 15 |
| IS-IS Level 2 internal routes | 18 |
| SNMP | 50 |
| RIP | 100 |
| PIM | 105 |
| DVMRP | 110 |
| Aggregate | 130 |
| OSPF external routes | 150 |
| IS-IS Level 1 external routes | 160 |
| IS-IS Level 2 external routes | 165 |
| BGP | 170 |
| MSDP | 175 |
a. LDP – MPLS-specific protocol that LSRs can use to exchange information about the labels for each FEC so that they can assign the correct labels to each of their forwarding paths.
1) LSR (Label Switching Router) — a networking device that can run the MPLS protocols
2) LSP (Lable Switched Path) — the end-to-end, unidirectional path established through the MPLS network
3) FEC (Forward Equivalency Class) — the set of IP packets assigned to a particular path and identified by its label
10. Routing Table:
| Routing Table | Description |
| inet.0 | Default table for IPv4 unicast routes, including configured static routes, RIP, OSPF, IS-IS, and BGP. |
| inet.1 | Multicast forwarding cache, used by DVMRP and PIM |
| inet.3 | Stores paths and label information for traffic engineering (MPLS) |
| inet.6.0 | Default table for IPv6 unicast routes |
| iso.0 | ISO routes for IS-IS |
| mpls.0 | Next hops for MPLS label-switched paths (LSPs) |
jc@Junos> show route inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 2.0.0.0/24 *[Direct/0] 9w3d 17:41:54 > via ge-0/0/2.0 2.0.0.120/32 *[Local/0] 9w3d 17:41:57 Local via ge-0/0/2.0 10.5.0.0/16 *[Static/5] 9w3d 17:41:56 > to 10.93.15.254 via fxp0.0 10.10.0.0/16 *[Static/5] 9w3d 17:41:56 > to 10.93.15.254 via fxp0.0 10.93.4.52/32 *[Direct/0] 9w3d 17:43:44 > via lo0.0 [Static/5] 9w3d 17:43:44 __juniper_private1__.inet.0: 14 destinations, 14 routes (8 active, 0 holddown, 6 hidden) + = Active Route, - = Last Active, * = Both 10.0.0.0/8 *[Direct/0] 9w3d 17:43:44 > via fxp1.0 10.0.0.1/32 *[Local/0] 9w3d 17:41:57 Local __juniper_private1__.inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both fe80::/64 *[Direct/0] 9w3d 17:43:44 > via fxp1.0 fe80::200:ff:fe00:4/128 *[Local/0] 9w3d 17:41:57 Local via fxp1.0
a. hold-down state — it occurs before a route is removed from the routing table
b. hidden state — it a result of a plicy that you’ve configured on the router a problem with the route
9. Static Route:
[edit routing-options]
jc@Junos# set static route 192.168.1.1 next-hop 10.1.0.1
8. Interface:
[edit]
jc@Junos# set interfaces ge-1/2/0 unit 0 family inet address 192.168.10.40/24
jc@Junos# set ge1-1/3/0 unit 0 family inet6 address::2/64
jc@Junos# set ge-1/3/0 unit 0 family iso
a. four levels:
physical interface — unit – family – protocol family
1) unit is a logical interface
2) at least one family on each logical itnerface
3) at least one protocol family on each logical interface to allow it to receive and transmit protocol traffic
b. common protocols on interfaces:
1) inet – for IPv4
2) inet6 – for IPv6
3) iso – for the interfaces that need to support CLNS, which is the ISO network layer service protocol that is used by IS-IS.
4) mpls
7. Traceoptions:
[edit] jc@Junos# set protocols ospf traceoptions file ospf.log jc@Junos# set protocols ospf traceoptions flag all jc@Junos# set security traceoptions flag policy-manager jc@Junos# set security traceoptions flag general jc@Junos# set routing-options traceoptions file trace-events world-readable jc@Junos# set routing-options traceoptions flag all
6. Syslog:
[edit system] jc@Junos# set syslog file ? Possible completions: <file-name> Name of file in which to log data cli-commands Name of file in which to log data emergency Name of file in which to log data firewall Name of file in which to log data messages Name of file in which to log data [edit system] jc@Junos# set syslog file messages any notice jc@Junos# set syslog file messages authorization info jc@Junos# set syslog file cli-commands interactive-commands any jc@Junos# set syslog file emergency any emergency jc@Junos# set syslog file firewall firewall notice
|
Types of Logging Events |
Logging Se verity Levels |
| any | notice |
| Any router event | General router operational events of more interest than “info” |
| authorization | info |
| Authentication and authorization attempts | General router operation |
| interactive-commands | any |
| Commands typed at the command-line interface or by a JUNOScript client application | All events |
| any | emergency |
| Errors that cause the router to stop operating | |
| firewall | notice |
| Packet filtering performed by firewall filters |
5.RADIUS:
[edit system] jc@Junos# set radius-server 192.168.10.1 port 1812 secret 123456 jc@Junos# set radius-server 192.168.10.1 timeout 1 jc@Junos# set radius-server 192.168.10.1 retry 1 jc@Junos# set radius-server 192.168.10.1 source-address 192.168.200.2 [edit system] jc@Junos# show radius-server { 192.168.10.1 { port 1812; secret "$9$SZQUk.fTz6Ct5TcyevLX"; ## SECRET-DATA timeout 1; retry 1; source-address 192.168.200.2; } } [edit system] jc@Junos# set authentication-order [ radius password ]
4. Junos encrypts all passwords and marks them as ## SECRET-DATA. It allows you to hide the fact that a password is even present in the configuration.
[edit system login]
jc@Junos# show | except SECRET-DATA
class operation {
idle-timeout 0;
permissions all;
}
user operation {
full-name "Operation Team";
uid 2000;
class operation;
authentication {
}
}
user jc {
uid 2005;
class operation;
}
3. User Acct:
jc@Junos# set user jc class super-user jc@Junos# set user jc authentication plain-text-password
2. Banner:
jc@Junos# set system login message "--------------------\nWARNING: Unauthorized access prohibited. --------------------\n" jc@Junos# set system announcement "Network maintenance announcement."
1. Keyboard shortcuts:
Ctrl+a — move to beginning of command line
Ctrl+e — move to end of command line
Ctrl+k — delete all text from cursor to end of command line
Esc+b — move back one word
Esc+f — move forward one word
Esc+d — delete the word after the cursor
Esc+Backspace — delete the word before the cursor
August 30, 2009
August 29, 2009
August 21, 2009
Routing Engine and Packet Forwarding Engine
RE (Routing Engine)
PFE (Packet Forwarding Engine)
PIC (PPhysical Interface Card)
FPC (Flexible PIC Concentrator)
SCB (Switching Control Board)
Router Concept
GRES (graceful Routing Engine switchover) – In a router that contains a master and a backup Routing Engine, allows the backup Routing Engine to assume mastership automatically, with no disruption of packet forwarding.
Graceful switchover — JUNOS software feature that allows a change from the primary device, such as a Routing Engine, to the backup device without interruption of packet forwarding.
(lecture by Tim Chung)
1. Basic Router and Routing:
a. R1 and R2 has routing protocol (i.e RIP or OSPF), so the computer can reach the destination server 10.0.0.1.
b. R2 is a single CPU router which is like a Linux server doing a routing job.
c. A single CPU needs to process all of the packets whichever goes through the router. If the computer is sending too many data packets through R2, then the CPU of R2 is going to be occupied by the data packets.
d. When CPU is too busy (up to 99%~100% usage) on processing the data packets, other important packets for control, such as routing protocols, SNMP, wouldn’t be processed in time which would cause routing adjacency dropped. All of the data packets would not reach the destination.
e. Thus, Cisco 2800 series can only do T1 since it’s a single RISC processor, and Juniper J-series is also single IBM CPU. They both couldn’t handle high traffic. They are both software based routers.
2. For modern routers, they have more than 1 CPU doing data packet forwarding and processing control information.
a. Take Juniper router as an example, a router has 2 plane: RE and PFE. All of the data packets going through PFE and goes out.
b. PFE passes all important control packets to RE.
c. In this way, router wouldn’t drop the adjacency which wont lose the routes. Data packets can be sent to the destination.
3. For Redundancy:
a. Uses fabric between RE and PFE and PIC for high traffic transmissions.
b. Uses full-mesh x-bar for PFEs.
4. For more redundancy with GRES:
August 16, 2009
6500 Multilayer Switches
*Multilayer switches are divided by chassis type.
SUP-32 = Supervisor 32Gbps backplane bus
SUP-720 = Supervisor 720Gbps fabric bus with 1,440Gbps on the horizon.
SVIs (Switched Virtual Interfaces)
GSR (Gigabit Switch Router)
GBIC (Gigabit Interface Converter)
SFP (Small Form-factor Pluggable)
dCEF (distributed Cisco Express Forwarding)
MSFC (Multilayer Switch Function Card)
PFC (Policy Feature Card)
DFC (Distributed Feature Card)
SFM (Switch Fabric Module)
FWSM (Firewall Services Module) – security module
CSM (Content Switching Module) – load-balancing
NAM (Network Analysis Module) – monitoring
IDSM (Intrusion Detection System Module)
CMM (Communication Media Module) – VoIP connectivity
VMS (VPN/Security Management Solution)
MARS (Monitoring, Analysis, and Response System)
NEBS (Network Equipment Building System)
1. 6500e (enhanced) chassis Power:
a. 6000-watt AC power supply requires 2 power outlets per supply => 4 outlets per chassis
b. 8700-watt AC power supply requires 3 power outlets per supply => 6 outlets per chassis
c. The power supplies can be configured in a failover mode or a combined mode to allow more power for hungry modules.
2. Modules:
a. Most of the modules are hot-swappable, but some modules must be shutdown before being removed.
b. Modules communicate with each other over the backplane, thus they have faster speed than the standalone counterparts.
=> FWSM is capable of more than 4Gbps throughput, but the fastest standalone PIX is capable of only 1.5 Gbps.
3. Architecture:
a. 6000-series has 32 Gbps backplane bus
b. 6500-series has fabric bus (or crossbar switching bus) allows backplane speeds to be boosted up to 720 Gbps.
c. SFM is a 16-port switch that connects each of the fabric-enabled modules via the fabric bus.
1) SFM could only reside in certain slots.
2) Sup-720 includes the SFM’s functionality, it must reside in the SFM’s slots.
3) For 6509, Sup-720 modules must reside in slots 5 and 6.
d. Buses:
1) D bus (data bus):
1.1) 32 Gbps
1.2) D bus is shared like a traditional Ethernet network, in that all modules receive all frames that are placed on the bus.
2) R bus (result bus):
2.1) 4 Gbps
2.2) handles communication b/w the modules and the switching logic on the supervisors.
3) C bus (control bus), EOBC (Ethernet Out-of-Band Channel):
3.1) 100 Mbps half-duplex
3.2) is used for communication b/w the line cards and the network management processors on the supervisors.
4) Crossbar fabric bus:
4.1) “Fabric” is used to describe the mesh of connections.
4.2) Crossbar Fabric is a type of switching technology – each node is connected to every other node
4.3) Fully Interconnected Fabric – each port is directly connected to every other port
4.4) The crossbar fabric bus, in combination with a Sup-2 and a SFM, is capable of 256 Gbps and 30 Mpps (million packet per second).
4.5) With the addition of a dCEF, this combination is capable of 210 Mpps.
4.6) With a Sup-720 module, crossbar fabric supports up to 720 Gbps.
4.7) When using dCEF interface module, a Sup-720 is capable of 400 Mpps.
4.8) SFM provides the actual switch fabric b/w all the fabric-enabled modules. SFM’s functionality is included in the Sup-720 already.
e. 6509 backplanes:
1) Two backplane circuit boards separated by a vertical space.
2) 6506-chassis doesn’t have slots 7,8, and 9.
3) 6513-chassis has Sup-720 in slot 7 and 8.
e. Enhanced Chassis:
1) 6500e is designed to allow more power to be drawn to the line cards. i.e. PoE line cards.
2) It uses high-speed fans to cool these power-hungry modules.
3) it provides a redesgined backplane – allows for a total of 80 Gbps of throughput per slot. (standard 6500 has 40 Gbps of throughput per slot)
4) The new architecture will allow eight 10 Gbps ports per blade with no oversubsciption.
f. Supervisors:
1) Chassis-based switches don’t have processors built into them. Instead, the processor is on a module: Supervisor.
2) MSFC:
2.1) Supervisors offer L2 processing capabilities with an add-on daughter card, MSFC, supports L3 and higher functionality.
2.2) MSFC3 is part of the Sup-720.
3) PFC:
3.1) A daughter card supports QoS, no direct configuration of the PFC is required.
3.2) PFC3 is part of the Sup720.
4) Sup-720:
4.1) Capable of 400 Mpps (million packet per second) and 720 Gbps
4.2) It’s designed for bandwidth-hungry installation
4.3) It includes PFC3 and MSFC3, a new accelerated CEF and dCEF capabilities
4.4) Fabric-only modules are capable of 40 Gbps throughput with a Sup-720.
4.5) Sup-720 has two CompactFlash Type II slots. The keywords for the slots on the active Sup-720 are disk0: and disk1:.
4.6) The CompactFlash Type II slots support CompactFlash Type II Flash PC cards sold by Cisco.
4.7) Sup-720 port 1 has a SFP connector w/o unique configuration options.
4.8) Sup-720 port 2 has a RJ-45 connector and an SFP connector (default).
To configure port 2 with RJ-45:
R1# int gi5/2
R1(config-if)# media-type rj45
To configure port 2 with SFP:
R1# int gi5/2
R1(config-if)# media-type sfp
4.9)
5) Forwarding Deciscions for L3 Traffic:
PFC3 or DFC3 makes the forwarding deciscion for L3 traffic:
5.1) PFC3 makes all forwarding decisions for each packet that enters the switch through a module without a DFC3.
5.2) DFC3 makes all forwarding decisions for each packet that enters the switch on a DFC3-enabled module in 3 situations:
5.2.1) If the egress port is on the same module as the ingress port, the DFC3 forwards the packet locally (the packet never leaves the module).
5.2.2) If the egress port is on a different fabric-enabled module, the DFC3 sends the packet to the egress module, which sends it out the egress port.
5.2.3) If the egress port is on a different nonfabric-enabled module, the DFC3 sends the packet to the Sup-720. The Sup-720 fabric interface transfers the packet to the 32-Gbps switching bus where it is received by the egress module and is sent out the egress port.
g. Modules:
1) Nonfabric-enabled module: A module doesn’t support crossbar fabric
=>It only has connectors on one sides, for connection to the D bus.
2) Fabric-enabled module: A module that supports the 32 Gbps D bus and fabric bus
=> It has two connectors on the back of the blade: one for the D bus, and one for the crossbar fabric bus.
3) Fabric-only module: a module that uses only the fabric bus
=> It has a single connector on the fabric side, with no connector on the D bus side.
4) Sup-720 is operating in dCEF mode, which allows forwarding at up to 720 Gbps:
R1#sh mod Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAD192803ZN 2 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL190415QR 3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAD101205F1 5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL1201GSDZ Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 1 0014.1c6b.d87d to 0014.1c6b.d87e 2.2 12.2(14r)S5 12.2(33)SXI Ok 2 0013.1a23.216a to 0013.1a23.216b 2.2 12.2(14r)S5 12.2(33)SXI Ok 3 0015.f91d.d50c to 0015.f91d.d5db 2.3 12.2(14r)S5 12.2(33)SXI Ok 5 0016.9de6.7ae1 to 0016.9de6.7ae3 5.7 8.5(2) 12.2(33)SXI Ok Mod Sub-Module Model Serial Hw Status ---- --------------------------- ------------------ ----------- ------- ------- 1 Distributed Forwarding Card WS-F6700-DFC3B SAD0939021M 4.2 Ok 2 Distributed Forwarding Card WS-F6700-DFC3B SAD093803VY 4.2 Ok 3 Centralized Forwarding Card WS-F6700-CFC SAD100402PG 2.0 Ok 5 Policy Feature Card 3 WS-F6K-PFC3B SAL1208GK44 2.4 Ok 5 MSFC3 Daughterboard WS-SUP720 SAL1208GHM6 3.2 Ok Mod Online Diag Status ---- ------------------- 1 Pass 2 Pass 3 Pass 5 Pass R1#sh fabric switching-mode Global switching mode is Compact dCEF mode is not enforced for system to operate Fabric module is not required for system to operate Modules are allowed to operate in bus mode Truncated mode is allowed, due to presence of DFC, CEF720 module Module Slot Switching Mode 1 dCEF 2 dCEF 3 Crossbar 5 dCEF
5) Each of the fabric-only modules has two 20 Gbps connections to the crossbar fabric bus:
R1#sh fabric util
slot channel speed Ingress % Egress %
1 0 20G 0 3
1 1 20G 2 0
2 0 20G 0 3
2 1 20G 0 0
3 0 20G 0 0
3 1 20G 0 0
5 0 20G 0 0
6) Module Types:
Modules are generally divided into line cards and service modules: Line card offers connectivity, such as copper or fiber Ethernet. Service Modules offer functionality.
6.1) Ethernet modules:
6.1.1) Connectivity options: RJ-45, GBIC, small-form-factor GBIC, Amphenol connectors for direct connection to path panels.
6.1.2) Port density: 4-port 10 Gbps XENPAK-based modules, 48-port 1Gbps RJ-45 modules, 96-port RJ-21 connector modules support 10/100 Mbps.
6.1.3) Capability: PoE and dCEF
6.2) FWSM:
6.2.1) It’s as a PIX, the difference is that all connections are internal to the switch, resulting in very high throughput.
6.2.2) the interfaces are SVIs, so the FWSM is not limited to physical connections.
6.2.3) FWSM is capable of over 4 Gbps of throughput, comparing with 1.7 Gbps on the PIX 535.
6.2.4) FWSM is a separate device in the chassis. To login:
R1# session slot 8 proc 1
The default escape character is Ctrol-^, then x.
You can also type 'exit' at the remote prompt to end the session
Trying 127.0.0.81 ... Open
User Access Verification
Password:
Type help or '?' for a list of available commands.
R1> en
Password: ********
6.2.5) If FWSM is running in single-context mode, you’ll be able to run all PIX commands. If FWSM is running in multiple-context mode, you’ll need to change to the proper context to make changes.
R1# sho context Context Name Class Interfaces URL admin default disk:/admin.cfg *EComm default vlan20,30 disk:/Ecomm.cfg R1# changeto context EComm R1/EComm# sho int Interface Vlan20 "outside", is up, line protocol is up MAC address 0008.4cff.b403, MTU 1500 IP address 10.1.1.1, subnet mask 255.255.255.0 Received 90083941155 packets, 6909049206185 bytes Transmitted 3710031826 packets, 1371444635 bytes Dropped 156162887 packets Interface Vlan30 "inside", is up, line protocol is up MAC address 0008.4cff.b403, MTU 1500 Transmitted 2954364369 packets, 7023125736 bytes Dropped 14255735 packets
6.3) CSM:
6.3.1) CSM is capable of 4Gbps of throughput.
6.3.2) All of the CSM commands are included in the switch’s CLI. Command for CSM are included under command:
R1 (config)# mod csm 9 R1 (config-module-csm)#
6.3.3) CSM is not fabric-enabled, it’s a 32 Gbps blade. Insert it into a switch that is using the fabric backplane will cause the supervisor to revert to bus mode instead of aster modes such as dCEF.
=> A switch with a Sup-720, fabric-only Ethernet modules, and a CSM will not run at 720 Gbps because of the CSM’s limited backplane connections.
6.3.4) CSM blades will operate in a stateful failover design. A pair of CSMs can synced with the command:
R1# hw-module csm 9 standby config-sync R1 # May 5 17:21:14: %CSM_SLB-6-REDUNDANCY_INFO: Module 9 FT info: Active: Bulk sync started May 5 17:21:17 %CSM_SLB-4-REDUNDANCY_WARN: Module 9 FT warning: FT configuration might be out of sync. May 5 17:21:24: %CSM_SLB-4-REDUNDANCY_WARN: Module 9 FT warning: FT configuration back in sync May 5 17:21:26: %CSM_SLB-6-REDUNDANCY_INFO: Module 9 FT info: Active: Manual bulk sync completed
6.4) NAM:
6.4.1) NAM is a remote monitorying (RMON) probe and packet-capture device that controlled through a web browser with no extra software required.
6.4.2) NAM is able to capture more than one session at a time.
6.4.3) With the ability to capture from RSPAN sources, the NAM blade can be used to analyze traffic on any switch on the network.
6.5) IDSM: It’s a preconfigured Linux server that reside on a blade which connected to the crossar fabric bus.
6.6) FlexWAN module:
6.6.1) It allows the connection of WAN links, such as T1, DS3, OC3.
6.6.2) Two types of FlexAN modules: FlexWAN and Enhanced FlexWAN.
6.6.3) Difference b/w the two versions: CPU speed, memory capacity, and connection to the crossbar fabric bus.
6.7) CMM:
6.7.1) It provides telephony integration into 6500-series switches.
6.7.2) It’s fabric-enabled module has 3 slots which accept different port adapters.
6.7.3) A 6500 chassis can be filled with CMMs and a supervisor to provide large port density for VoIP connectivity.
h. Switch Fabric Functionality Switching Modes:
1) Compact mode:
The switch uses this mode for all traffic when only fabric-enabled modules are installed. In this mode, a compact version of the D Bus header is forwarded over the switch fabric channel, which provides the best possible performance.
2) Truncated mode:
The switch uses this mode for traffic between fabric-enabled modules when there are both fabric-enabled and nonfabric-enabled modules installed. In this mode, the switch sends a truncated version of the traffic (the first 64 bytes of the frame) over the switch fabric channel.
3) Bus mode:
The switch uses this mode for traffic between nonfabric-enabled modules and for traffic between a nonfabric-enabled module and a fabric-enabled module. In this mode, all traffic passes between the local bus and the supervisor engine bus.
4) To allow use of nonfabric-enabled modules or to allow fabric-enabled modules to use bus mode:
R1(config)# fabric switching-mode allow bus-mode
To prevent use of nonfabric-enabled modules or to prevent fabric-enabled modules from using bus mode:
R1(config)# no fabric switching-mode allow bus-mode
=> power will be removed from any nonfabric-enabled modules installed in the switch.
6) To allow fabric-enabled modules to use truncated mode:
R1(config)# fabric switching-mode allow truncated
To prevent fabric-enabled modules from using truncated mode:
R1(config)# no fabric switching-mode allow truncated
7) Displaying switch fabric functionality modes:
R1# sh fabric active Active fabric card in slot 5 No backup fabric card in the system R1# show fabric switching-mode module 5 Module Slot Switching Mode 5 dCEF R1# show fabric status 5 slot channel speed module fabric hotStandby Standby Standby status status support module fabric 5 0 20G OK OK Y(not-hot) R1# show fabric utilization 5 slot channel speed Ingress % Egress % 5 0 20G 0 0 R1# show fabric errors Module errors: slot channel crc hbeat sync DDR sync 1 0 0 0 0 0 1 1 0 0 0 0 2 0 0 0 0 0 2 1 0 0 0 0 3 0 0 0 0 0 3 1 0 0 0 0 5 0 0 0 0 0 Fabric errors: slot channel sync buffer timeout 1 0 0 0 0 1 1 0 0 0 2 0 0 0 0 2 1 0 0 0 3 0 0 0 0 3 1 0 0 0 5 0 0 0 0
August 14, 2009
Switching Algorithms/Paths
A. Overview:
1. Switching - the process of moving packets from one interface to another whinin a router.
2. Routing - the process of choosing paths and forwarding packets to destinations outside of the physical router.
3. Switching Algorithm – a valuable way to increase or decrease a router’s performance.
4. RIB (Routing Information Base) -
1) is built by L3 routing protocols
2) is essentially the routing table
3) The decisions about how to move packets from one interface to another are based on the RIB.
5. Steps of the process of switching a packet:
1) Determine whether the packet’s destination is reachable
2) Determine the next hop to the destination, and to which interface the packet should be switched to
3) Rewrite the MAC header on the packet to reach its destination
6. Requirements of router switching:
a. Interfaces have access to input/output memory. When a packet comes into an interface, the router must decide to which interface the packet should be sent. Once the decision is made, the packet’s MAC header are rewritten, and the packet is sent on its way.
b. Packets must get from one interface to another.
c. How the router decides which interface to switch the packet to – is based on the switching path in use.
d. Routing table contains all the necessary information to determine the correct interface, but process switching must be used to retrieve data from the routing table.
B. Process Switching:
1. It’s the original method of determining which interface to forward a packet to.
2. The processor calls a process that accesses the RIB, and waiting for the next scheduled execution of that process to run.
3. Steps for Process Switching:
1) The interface processor detects a packet and moves the packet to the input/output memory.
2) Interface processor generates a receive interrupt.
a. CPU(Central processor) determines the packet type (IP), and copies it to the processor memory if necessary.
b. Then the processor places the packet on the appropriate process’s input queue and releases the interrupt.
c. The process for IP packets is titled ip_input.
3) When the scheduler next runs, it notices the presence of a packet in the input queue for the ip_input process, then schedules the process for execution.
4) When the ip_input process runs, it looks up the next hop and output interface information in the RIB. Then it consults the ARP cache to retrieve the L2 address for the next hop.
5) The process rewrites the packet’s MAC header with the appropriate addresses, then places the packet on the output queue of the appropriate interface.
6) The packet is moved from the output queue of the outbound interface to the transmit queue of the outbound interface.
=> then Outbound QoS
7) The output interface processor notices the packet in its queue, and transfers the packet to the network media.
4. Slowness happens at:
a. The processor waits for the next scheduled execution of the ip_input process.
b. ip_input process references the RIB when it runs
1) ip_input process is at the same priority level as other processes on the router, such as routing protocol and HTTP web server interface.
2) Packets sourced from or destined to the router itself are always process-switched, such as SNMP traps from the router and telnet packets destined for the router.
C. Interrupt Context Switching:
1. The processor interrupts the current process to switch the packet.
2. It’s faster than process switching since ip_input process is rarely called. Interrupt Context Switching usually bypasses the RIB, and works with parallel tables, which are built more efficiently.
3. Steps for Interrupt Context Switching:
1) The interface processor detects a packet and moves the packet into input/output memory.
2) The interface processor generates a receive interrupt. During this time, the CPU determines the packet type (IP) and begins to switch the packet.
3) The processor searches the route cache for: destination reach-ability, output interface, next hop, MAC conversion. Then the processor uses this information to rewrite the packet’s MAC header.
4) The packet is copied to either the transmit or the output queue of the outbound interface. The receive interrupt is ended, and the originally running process continues.
5) The output interface processor notices the packet in its queue, and transfers the packet to the network media.
4. RIB is by passed entirely in this model. The necessary information is retrieved from “route cache“. Each switching path has its own means of determining, storing, and retrieving this information. There are 3 different methods:
a. Fast Switching:
1) uses binary tree format for recording/retrieving information in the route cache.
2) The information of the next hop and MAC address changes is stored within each node.
3) It’s fast compared with searching the RIB since the tree is very deterministic.
4) Drawbacks:
4.1) The data for each address is stored within the nodes, the size of the data is not static. Each node may be a different size, the table can be inefficient.
4.2) Route cache is updated only when packets are process-switched. The route cache is updated only when the 1st packet to a destination is switched. To keep the data in the route cache current, 1/20th of the entire route cache is aged out (discarded) every minute. This table must be rebuilt using process switching.
4.3) ARP table is not directly related to the contents of the route cache. Process switching must be used when ARP changes.
b. Optimum switching:
1) uses a multiway tree instead of a binary tree for recording/retrieving information in the route cache
2) This pattern continues for 4 levels – one for each octet.
3) The information of each route (prefix) or IP address is stored within the final node.
4) The size of the table can be variable since each node may or may not contain information.
5) Drawbacks:
5.1) Searching the tree is not as efficient as it might be if every node were of a known static size.
5.2) The relevant data is stored in the nodes and has no direct relationship to the RIB or ARP cache, entries are aged and rebuilt through process switching.
c. Cisco Express Forwarding (CEF):
1) CEF is the default switching path on all modern routers.
2) The data is not stored within the nodes. Each node becomes a pointer to another table, which contains the data.
3) Each node is the is the same static size w/o data but the position of the node is a reference to adjacency table.
4) Adjacency table stores the pertinent data, such as MAC header substitution and next hop information for the nodes.
5) Advantages:
5.1) Both forwarding table and adjacency table are built w/o process switching
5.2) Forwarding table is built separately from the adjacency table, an error in one table doesn’t cause the other to become stale.
5.3) When the ARP cache changes, only the adjacency table changes, so aging or invalidation of the forwarding table is not required.
5.4) CEF supports load balancing over equal-cost paths.
D. Configuring and Managing Switching Algorithm (or Paths):
1. Process Switching:
R0# sh ip int vlan 301 | i switching
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is enabled
IP CEF switching is enabled
IP Selective flow switching turbo vector
IP Flow CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP multicast multilayer switching is disabled
a. To disable all Interrupt Context Switching Paths, use command:
R0(config-if)# no ip route-cache R0#sh ip int vlan 301 | i switching IP fast switching is disabled IP fast switching on the same interface is disabled IP Flow switching is disabled IP CEF switching is disabled IP Selective flow switching turbo vector IP Flow CEF switching turbo vector IP multicast fast switching is disabled IP multicast distributed fast switching is disabled IP multicast multilayer switching is disabled
b. When a router is process switching most of its IP packets, the top process will always be ip_input. You can verify this by the command:
R0# sh proc cpu sorted | e 0.00
CPU utilization for five seconds: 49%/26%; one minute: 45%; five minutes: 45%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
281 3118803922583781382 0 26.95% 24.53% 21.42% 0 IP Input
178 2276332 5264619 432 0.15% 0.08% 0.03% 0 SNMP ENGINE
2. Fast Switching:
To enable fast switching:
R0(config-if)# ip route-cache R0#sh ip int vlan 301 | i swi IP fast switching is enabled IP fast switching on the same interface is enabled IP Flow switching is disabled IP CEF switching is disabled IP Selective flow switching turbo vector IP Flow CEF switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP multicast multilayer switching is disabled
=> Turning on fast switching is NOT enabling CEF.
3. CEF:
a. CEF is enabled by default.
b. There are 2 places that it con be configured:
R0(config)# ip cef R0(config-if)# ip route-cache cef
c. CEF will load-balance packets based on a per-destination by default. => A single destination will use the same link
d. CEF allows you to configure load balancing on a per-packet basis. => VoIP cannot tolerate per-packet load balancing because packets may arrive out of order. When using usch protocols, always ensure that load balancing is performed per-destination, or use a higher-level protocol such as Multilink-PPP.
R0(config-if)# ip load-sharing per-packet R0(config-if)# ip load-sharing per-destination
e. To show CEF tables:
R0# sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 192.168.4.14 Vlan301
0.0.0.0/32 receive
127.0.0.0/8 attached EOBC0/0
127.0.0.0/32 receive
127.0.0.51/32 receive
127.255.255.255/32 receive
192.168.4.0/28 attached Vlan301
192.168.4.0/32 receive
192.168.4.1/32 receive
192.168.4.12/32 192.168.4.12 Vlan301
192.168.4.13/32 192.168.4.13 Vlan301
192.168.4.14/32 192.168.4.14 Vlan301
192.168.4.15/32 receive
224.0.0.0/4 drop
224.0.0.0/24 receive
255.255.255.255/32 receive
