BLADEOS™ 6.5 Application Guide RackSwitch™ G8124/G8124-E Part Number: BMD00220, October 2010 2051 Mission College Blvd. Santa Clara, CA 95054 www.bladenetwork.
BLADEOS 6.5.2 Application Guide Copyright © 2010 BLADE Network Technologies, Inc., 2051 Mission College Blvd., Santa Clara, California, 95054, USA. All rights reserved. Part Number: BMD00220. This document is protected by copyright and distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of BLADE Network Technologies, Inc.
Contents Preface 17 Who Should Use This Guide 17 What You’ll Find in This Guide 17 Additional References 20 Typographic Conventions 21 How to Get Help 22 Part 1: Getting Started 23 Chapter 1: Switch Administration 25 Administration Interfaces 25 Command Line Interface 26 Browser-Based Interface 26 Establishing a Connection 27 Using the Switch Management Ports 27 Using the Switch Data Ports 29 Using Telnet 30 Using Secure Shell 31 Using a Web Browser 32 Configuring HTTP
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.2 Application Guide VLAN Maps 176 VM Policy Bandwidth Control 178 VM Policy Bandwidth Control Commands 178 Bandwidth Policies vs. Bandwidth Shaping 179 VMready Information Displays 180 VMready Configuration Example 184 Chapter 14: FCoE and CEE 187 Fibre Channel over Ethernet 189 The FCoE Topology 189 FCoE Requirements 191 Converged Enhanced Ethernet 192 Turning CEE On or Off 192 Effects on Link Layer Discovery Protocol 192 Effects on 802.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.
Preface The BLADEOS 6.5.2 Application Guide describes how to configure and use the BLADEOS 6.5 software on the RackSwitch G8124/G8124-E (collectively referred to as G8124 throughout this document). For documentation on installing the switch physically, see the Installation Guide for your G8124. Who Should Use This Guide This guide is intended for network installers and system administrators engaged in configuring and maintaining a network.
BLADEOS 6.5.2 Application Guide Part 2: Securing the Switch Chapter 3, “Securing Administration,” describes methods for using Secure Shell for administration connections, and configuring end-user access control. Chapter 4, “Authentication & Authorization Protocols,” describes different secure administration for remote administrators. This includes using Remote Authentication Dial-in User Service (RADIUS), as well as TACACS+ and LDAP.
BLADEOS 6.5.2 Application Guide Part 5: IP Routing Chapter 15, “Basic IP Routing,” describes how to configure the G8124 for IP routing using IP subnets, BOOTP, and DHCP Relay. Chapter 16, “Internet Protocol Version 6,” describes how to configure the G8124 for IPv6 host management. Chapter 17, “Routing Information Protocol,” describes how the BLADEOS software implements standard Routing Information Protocol (RIP) for exchanging TCP/IP route information with other routers.
BLADEOS 6.5.2 Application Guide Part 8: Monitoring Chapter 27, “Remote Monitoring,” describes how to configure the RMON agent on the switch, so that the switch can exchange network monitoring data. Chapter 28, “sFLOW, described how to use the embedded sFlow agent for sampling network traffic and providing continuous monitoring information to a central sFlow analyzer. Chapter 29, “Port Mirroring,” discusses tools how copy selected port traffic to a monitor port for network analysis.
BLADEOS 6.5.2 Application Guide Typographic Conventions The following table describes the typographic styles used in this book. Table 1 Typographic Conventions Typeface or Symbol Meaning Example ABC123 This type is used for names of commands, files, and directories used within the text. View the readme.txt file. It also depicts on-screen computer output and prompts. Main# ABC123 This bold type appears in command examples. It shows text that must be typed in exactly as shown.
BLADEOS 6.5.2 Application Guide How to Get Help If you need help, service, or technical assistance, call BLADE Network Technologies Technical Support: US toll free calls: 1-800-414-5268 International calls: 1-408-834-7871 You also can visit our web site at the following address: http://www.bladenetwork.net Click the Support tab. The warranty card received with your product provides details for contacting a customer support representative.
Part 1: Getting Started BMD00220, October 2010 23
BLADEOS 6.5.
CHAPTER 1 Switch Administration Your RackSwitch G8124 (G8124) is ready to perform basic switching functions right out of the box. Some of the more advanced features, however, require some administrative configuration before they can be used effectively. The extensive BLADEOS switching software included in the G8124 provides a variety of options for accessing the switch to perform configuration, and to view switch information and statistics.
BLADEOS 6.5.2 Application Guide Command Line Interface The BLADEOS Command Line Interface (CLI) provides a simple, direct method for switch administration. Using a basic terminal, you are presented with an organized hierarchy of menus, each with logically-related sub-menus and commands. These allow you to view detailed information and statistics about the switch, and to perform any necessary configuration and switch software maintenance.
BLADEOS 6.5.2 Application Guide Establishing a Connection The factory default settings permit initial switch administration through only the built-in serial port. All other forms of access require additional switch configuration before they can be used. Remote access using the network requires the accessing terminal to have a valid, routable connection to the switch interface.
BLADEOS 6.5.2 Application Guide 3. Configure a management IP address. The switch reserves four management interfaces: Using IPv4: RS RS RS RS RS G8124(config)# interface ip [127|128] G8124(config-ip-if)# ip address G8124(config-ip-if)# ip netmask G8124(config-ip-if)# enable G8124(config-ip-if)# exit IF 127 supports IPv4 management port A and uses IPv4 default gateway 3.
BLADEOS 6.5.2 Application Guide Using the Switch Data Ports You also can configure in-band management through any of the switch data ports. To allow in-band management, use the following procedure: 1. Log on to the switch. 2. Enter IP interface mode. RS G8124> enable RS G8124# configure terminal RS G8124(config)# interface ip Note – Interface 125 through 128 are reserved for out-of-band management interfaces (see “Using the Switch Management Ports” on page 27). 3.
BLADEOS 6.5.2 Application Guide Note – IPv4 gateway 1 and 2, and IPv6 gateway 1, are used for in-band data networks. IPv4 and IPv6 gateways 3 and 4 are reserved for out-of-band management ports (see “Using the Switch Management Ports” on page 27). Once you configure the IP address and you have an existing network connection, you can use the Telnet program from an external management station to access and control the switch.
BLADEOS 6.5.2 Application Guide Using Secure Shell Although a remote network administrator can manage the configuration of a G8124 via Telnet, this method does not provide a secure connection. The Secure Shell (SSH) protocol enables you to securely log into another device over a network to execute commands remotely. As a secure alternative to using Telnet to manage switch configuration, SSH ensures that all data sent over the network is encrypted and secure.
BLADEOS 6.5.2 Application Guide Using a Web Browser The switch provides a Browser-Based Interface (BBI) for accessing the common configuration, management and operation features of the G8124 through your Web browser. By default, BBI access via HTTP is enabled on the switch. You can also access the BBI directly from an open Web browser window. Enter the URL using the IP address of the switch interface (for example, http://).
BLADEOS 6.5.2 Application Guide 3. Generate the HTTPS certificate. Accessing the BBI via HTTPS requires that you generate a certificate to be used during the key exchange. A default certificate is created the first time HTTPS is enabled, but you can create a new certificate defining the information you want to be used in the various fields.
BLADEOS 6.5.2 Application Guide BBI Summary The BBI is organized at a high level as follows: Context buttons—These buttons allow you to select the type of action you wish to perform. The Configuration button provides access to the configuration elements for the entire switch. The Statistics button provides access to the switch statistics and state information. The Dashboard button allows you to display the settings and operating status of a variety of switch features.
BLADEOS 6.5.2 Application Guide Using Simple Network Management Protocol BLADEOS provides Simple Network Management Protocol (SNMP) version 1, version 2, and version 3 support for access through any network management software, such as IBM Director or HP-OpenView. Note – SNMP read and write functions are enabled by default. For best security practices, if SNMP is not needed for your network, it is recommended that you disable these functions prior to connecting the switch to the network.
BLADEOS 6.5.2 Application Guide BOOTP/DHCP Client IP Address Services For remote switch administration, the client terminal device must have a valid IP address on the same network as a switch interface. The IP address on the client device may be configured manually, or obtained automatically using IPv6 stateless address configuration, or an IPv4 address may obtained automatically via BOOTP or DHCP relay as discussed below. The G8124 can function as a relay agent for Bootstrap Protocol (BOOTP) or DHCP.
BLADEOS 6.5.2 Application Guide Global BOOTP Relay Agent Configuration To enable the G8124 to be a BOOTP (or DHCP) forwarder, enable the BOOTP relay feature, configure up to four global BOOTP server IPv4 addresses on the switch, and enable BOOTP relay on the interface(s) on which the client requests are expected. Generally, you should configure BOOTP for the switch IP interface that is closest to the client, so that the BOOTP server knows from which IPv4 subnet the newly allocated IPv4 address should come.
BLADEOS 6.5.2 Application Guide Switch Login Levels To enable better switch management and user accountability, three levels or classes of user access have been implemented on the G8124. Levels of access to CLI, Web management functions, and screens increase as needed to perform various switch management tasks. Conceptually, access classes are defined as follows: User interaction with the switch is completely passive—nothing can be changed on the G8124.
BLADEOS 6.5.2 Application Guide Setup vs. the Command Line Once the administrator password is verified, you are given complete access to the switch. If the switch is still set to its factory default configuration, the system will ask whether you wish to run Setup (see “Initial Setup” on page 41”), a utility designed to help you through the first-time configuration process. If the switch has already been configured, the command line is displayed instead.
BLADEOS 6.5.
CHAPTER 2 Initial Setup To help with the initial process of configuring your switch, the BLADEOS software includes a Setup utility. The Setup utility prompts you step-by-step to enter all the necessary information for basic configuration of the switch. Whenever you log in as the system administrator under the factory default configuration, you are asked whether you wish to run the Setup utility. Setup can also be activated manually from the command line interface any time after login.
BLADEOS 6.5.2 Application Guide Default Setup Options The Setup prompt appears automatically whenever you login as the system administrator under the factory default settings. 1. Connect to the switch. After connecting, the login prompt will appear as shown below. Enter Password: 2. Enter admin as the default administrator password. If the factory default configuration is detected, the system prompts: RackSwitch G8124 18:44:05 Wed Jan 3, 2009 The switch is booted with factory default configuration.
BLADEOS 6.5.2 Application Guide Setup Part 1: Basic System Configuration When Setup is started, the system prompts: "Set Up" will walk you through the configuration of System Date and Time, Spanning Tree, Port Speed/Mode, VLANs, and IP interfaces. [type Ctrl-C to abort "Set Up"] 1. Enter y if you will be configuring VLANs. Otherwise enter n. If you decide not to configure VLANs during this session, you can configure them later using the configuration menus, or by restarting the Setup facility.
BLADEOS 6.5.2 Application Guide 6. Enter the minute of the current time at the prompt: Enter minutes [55]: Enter the minute as a number from 00 to 59. To keep the current minute, press . 7. Enter the seconds of the current time at the prompt: Enter seconds [37]: Enter the seconds as a number from 00 to 59. To keep the current second, press . The system then displays the date and time settings: System clock set to 8:55:36 Wed Jan 28, 2009. 8.
BLADEOS 6.5.2 Application Guide 3. Configure Gigabit Ethernet port flow parameters. The system prompts: Gig Link Configuration: Port Flow Control: Current Port EXT1 flow control setting: both Enter new value ["rx"/"tx"/"both"/"none"]: Enter rx to enable receive flow control, tx for transmit flow control, both to enable both, or none to turn flow control off for the port. To keep the current setting, press . 4. Configure Gigabit Ethernet port autonegotiation mode.
BLADEOS 6.5.2 Application Guide Setup Part 3: VLANs If you chose to skip VLANs configuration back in Part 2, skip to “Setup Part 4: IP Configuration” on page 47. 1. Select the VLAN to configure, or skip VLAN configuration at the prompt: VLAN Config: Enter VLAN number from 2 to 4094, NULL at end: If you wish to change settings for individual VLANs, enter the number of the VLAN you wish to configure.
BLADEOS 6.5.2 Application Guide Setup Part 4: IP Configuration The system prompts for IPv4 parameters. Although the switch supports both IPv4 and IPv6 networks, the Setup utility permits only IPv4 configuration. For IPv6 configuration, see “Internet Protocol Version 6” on page 229|. IP Interfaces IP interfaces are used for defining the networks to which the switch belongs. Up to 128 IP interfaces can be configured on the RackSwitch G8124 (G8124).
BLADEOS 6.5.2 Application Guide 4. If configuring VLANs, specify a VLAN for the interface. This prompt appears if you selected to configure VLANs back in Part 1: Current VLAN: 1 Enter new VLAN [1-4094]: Enter the number for the VLAN to which the interface belongs, or press without specifying a VLAN number to accept the current setting. 5. At the prompt, enter y to enable the IP interface, or n to leave it disabled: Enable IP interface? [y/n] 6.
BLADEOS 6.5.2 Application Guide Default Gateways 1. At the prompt, select an IP default gateway for configuration, or skip default gateway configuration: IP default gateways: Enter default gateway number: (1-4) Enter the number for the IP default gateway to be configured. To skip default gateway configuration, press without typing a gateway number and go to “IP Routing” on page 49. 2.
BLADEOS 6.5.2 Application Guide Setup Part 5: Final Steps 1. When prompted, decide whether to restart Setup or continue: Would you like to run from top again? [y/n] Enter y to restart the Setup utility from the beginning, or n to continue. 2. When prompted, decide whether you wish to review the configuration changes: Review the changes made? [y/n] Enter y to review the changes made during this session of the Setup utility. Enter n to continue without reviewing the changes.
BLADEOS 6.5.2 Application Guide Optional Setup for Telnet Support Note – This step is optional. Perform this procedure only if you are planning on connecting to the G8124 through a remote Telnet connection. 1. Telnet is enabled by default. To change the setting, use the following command: >> # /cfg/sys/access/tnet 2. Apply and save the configuration(s).
BLADEOS 6.5.
Part 2: Securing the Switch BMD00220, October 2010 53
BLADEOS 6.5.
CHAPTER 3 Securing Administration Secure switch management is needed for environments that perform significant management functions across the Internet. Common functions for secured management are described in the following sections: “Secure Shell and Secure Copy” on page 55 “End User Access Control” on page 62 Note – SNMP read and write functions are enabled by default.
BLADEOS 6.5.
BLADEOS 6.5.2 Application Guide Configuring the SCP Administrator Password To configure the SCP-only administrator password, enter the following command (the default password is admin): RS G8124(config)# [no] ssh scp-password Changing SCP-only Administrator password; validation required... Enter current administrator password: Enter new SCP-only administrator password: Re-enter new SCP-only administrator password: New SCP-only administrator password accepted.
BLADEOS 6.5.2 Application Guide To Load a Switch Configuration File from the SCP Host Syntax: >> scp [-4|-6] @:putcfg Example: >> scp ad4.cfg scpadmin@205.178.15.157:putcfg To Apply and Save the Configuration When loading a configuration file to the switch, the apply and save commands are still required, in order for the configuration commands to take effect. The apply and save commands may be entered manually on the switch, or by using SCP commands.
BLADEOS 6.5.2 Application Guide To Copy the Switch Image and Boot Files to the SCP Host Syntax: >> scp [-4|-6] @:getimg1 >> scp [-4|-6] @:getimg2 >> scp [-4|-6] @:getboot Example: >> scp scpadmin@205.178.15.157:getimg1 6.1.0_os.
BLADEOS 6.5.2 Application Guide Generating RSA Host and Server Keys for SSH Access To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the G8124. The server key is 768 bits and is used to make it impossible to decipher a captured session by breaking into the G8124 at a later time.
BLADEOS 6.5.2 Application Guide SSH/SCP Integration with TACACS+ Authentication SSH/SCP is integrated with TACACS+ authentication. After the TACACS+ server is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified TACACS+ servers for authentication. The redirection is transparent to the SSH clients. SecurID Support SSH/SCP can also work with SecurID, a token card-based authentication method.
BLADEOS 6.5.2 Application Guide End User Access Control BLADEOS allows an administrator to define end user accounts that permit end users to perform operation tasks via the switch CLI commands. Once end user accounts are configured and enabled, the switch requires username/password authentication. For example, an administrator can assign a user, who can then log into the switch and perform operational commands (effective only until the next switch reboot).
BLADEOS 6.5.2 Application Guide The administrator can choose the number of days allowed before each password expires. When a strong password expires, the user is allowed to log in one last time (last time) to change the password. A warning provides advance notice for users to change the password. Use the Strong Password commands to configure Strong Passwords. >> # access user strong-password enable User Access Control The end-user access control commands allow you to configure end-user accounts.
BLADEOS 6.5.2 Application Guide Listing Current Users The following command displays defined user accounts and whether or not each user is currently logged into the switch.
CHAPTER 4 Authentication & Authorization Protocols Secure switch management is needed for environments that perform significant management functions across the Internet. The following are some of the functions for secured IPv4 management and device access: “RADIUS Authentication and Authorization” on page 65 “TACACS+ Authentication” on page 69 “LDAP Authentication and Authorization” on page 73 Note – BLADEOS 6.5 does not support IPv6 for RADIUS, TACACS+ or LDAP.
BLADEOS 6.5.2 Application Guide How RADIUS Authentication Works 1. Remote administrator connects to the switch and provides user name and password. 2. Using Authentication/Authorization protocol, the switch sends request to authentication server. 3. Authentication server checks the request against the user ID database. 4. Using RADIUS protocol, the authentication server instructs the switch to grant or deny administrative access.
BLADEOS 6.5.2 Application Guide RADIUS Authentication Features in BLADEOS BLADEOS supports the following RADIUS authentication features: Supports RADIUS client on the switch, based on the protocol definitions in RFC 2138 and RFC 2866. Allows RADIUS secret password up to 32 bytes and less than 16 octets. Supports secondary authentication server so that when the primary authentication server is unreachable, the switch can send client authentication requests to the secondary authentication server.
BLADEOS 6.5.2 Application Guide Switch User Accounts The user accounts listed in Table 3 can be defined in the RADIUS server dictionary file. Table 3 User Access Levels User Account Description and Tasks Performed Password User The User has no direct responsibility for switch management. user He/she can view all switch status information and statistics but cannot make any configuration changes to the switch. Operator The Operator manages all functions of the switch.
BLADEOS 6.5.2 Application Guide TACACS+ Authentication BLADEOS supports authentication and authorization with networks using the Cisco Systems TACACS+ protocol. The G8124 functions as the Network Access Server (NAS) by interacting with the remote client and initiating authentication and authorization sessions with the TACACS+ access server. The remote user is defined as someone requiring management access to the G8124 either through a data port or management port.
BLADEOS 6.5.2 Application Guide TACACS+ Authentication Features in BLADEOS Authentication is the action of determining the identity of a user, and is generally done when the user first attempts to log in to a device or gain access to its services. BLADEOS supports ASCII inbound login to the device. PAP, CHAP and ARAP login methods, TACACS+ change password requests, and one-time password authentication are not supported.
BLADEOS 6.5.2 Application Guide Accounting Accounting is the action of recording a user's activities on the device for the purposes of billing and/or security. It follows the authentication and authorization actions. If the authentication and authorization is not performed via TACACS+, there are no TACACS+ accounting messages sent out. You can use TACACS+ to record and track software login access, configuration changes, and interactive commands.
BLADEOS 6.5.2 Application Guide Configuring TACACS+ Authentication on the Switch 1. Configure the IPv4 addresses of the Primary and Secondary TACACS+ servers, and enable TACACS authentication. Specify the interface port (optional). RS RS RS RS RS G8124(config)# G8124(config)# G8124(config)# G8124(config)# G8124(config)# tacacs-server tacacs-server tacacs-server tacacs-server tacacs-server primary-host 10.10.1.1 primary-host mgtb-port secondary-host 10.10.1.2 secondary-host data-port enable 2.
BLADEOS 6.5.2 Application Guide LDAP Authentication and Authorization BLADEOS supports the LDAP (Lightweight Directory Access Protocol) method to authenticate and authorize remote administrators to manage the switch. LDAP is based on a client/server model. The switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts only with the switch, not the back-end server and database.
BLADEOS 6.5.2 Application Guide Configuring LDAP Authentication on the Switch 1. Turn LDAP authentication on, then configure the IPv4 addresses of the Primary and Secondary LDAP servers. Specify the interface port (optional). >> # ldap-server enable >> # ldap-server primary-host 10.10.1.1 mgta-port >> # ldap-server secondary-host 10.10.1.2 data-port 2. Configure the domain name. >> # ldap-server domain 3.
CHAPTER 5 Access Control Lists Access Control Lists (ACLs) are filters that permit or deny traffic for security purposes. They can also be used with QoS to classify and segment traffic in order to provide different levels of service to different traffic types. Each filter defines the conditions that must match for inclusion in the filter, and also the actions that are performed when a match is made. BLADEOS 6.
BLADEOS 6.5.2 Application Guide Summary of Packet Classifiers ACLs allow you to classify packets according to a variety of content in the packet header (such as the source address, destination address, source port number, destination port number, and others). Once classified, packet flows can be identified for more processing.
BLADEOS 6.5.
BLADEOS 6.5.2 Application Guide Summary of ACL Actions Once classified using ACLs, the identified packet flows can be processed differently. For each ACL, an action can be assigned. The action determines how the switch treats packets that match the classifiers assigned to the ACL. G8124 ACL actions include the following: Pass or Drop the packet Re-mark the packet with a new DiffServ Code Point (DSCP) Re-mark the 802.
BLADEOS 6.5.2 Application Guide ACL Metering and Re-Marking You can define a profile for the aggregate traffic flowing through the G8124 by configuring a QoS meter (if desired) and assigning ACLs to ports. Note – When you add ACLs to a port, make sure they are ordered correctly in terms of precedence (see “ACL Order of Precedence” on page 78). Actions taken by an ACL are called In-Profile actions. You can configure additional In-Profile and Out-of-Profile actions on a port.
BLADEOS 6.5.2 Application Guide ACL Port Mirroring For regular ACLs and VMaps, packets that match an ACL on a specific port can be mirrored to another switch port for network diagnosis and monitoring. The source port for the mirrored packets cannot be a portchannel, but may be a member of a portchannel. The destination port to which packets are mirrored must be a physical port. If the ACL or VMap has an action (permit, drop, etc.) assigned, it cannot be used to mirror packets for that ACL.
BLADEOS 6.5.2 Application Guide ACL Configuration Examples ACL Example 1 Use this configuration to block traffic to a specific host. All traffic that ingresses on port 1 is denied if it is destined for the host at IP address 100.10.1.1 1. Configure an Access Control List. RS G8124(config)# access-control list 1 ipv4 destination-ip-address 100.10.1.1 RS G8124(config)# access-control list 1 action deny 2. Add ACL 1 to port EXT1.
BLADEOS 6.5.2 Application Guide ACL Example 3 Use this configuration to block traffic from a specific IPv6 source address. All traffic that ingresses in port 2 with source IP from class 2001:0:0:5:0:0:0:2/128 is denied. 1. Configure an Access Control List. RS G8124(config)# access-control list6 3 ipv6 source-address 2001:0:0:5:0:0:0:2 128 RS G8124(config)# access-control list6 3 action deny 2. Add ACL 2 to port EXT2.
BLADEOS 6.5.
BLADEOS 6.5.2 Application Guide Using Storm Control Filters The G8124 provides filters that can limit the number of the following packet types transmitted by switch ports: Broadcast packets Multicast packets Unknown unicast packets (destination lookup failure) Broadcast Storms Excessive transmission of broadcast or multicast traffic can result in a broadcast storm. A broadcast storm can overwhelm your network with constant broadcast or multicast traffic, and degrade network performance.
Part 3: Switch Basics This section discusses basic switching functions: VLANs Port Trunking Spanning Tree Protocols (Spanning Tree Groups, Rapid Spanning Tree Protocol, and Multiple Spanning Tree Protocol) Quality of Service BMD00220, October 2010 85
BLADEOS 6.5.
CHAPTER 6 VLANs This chapter describes network design and topology considerations for using Virtual Local Area Networks (VLANs). VLANs commonly are used to split up groups of network users into manageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among logical segments.
BLADEOS 6.5.2 Application Guide VLANs Overview Setting up virtual LANs (VLANs) is a way to segment networks to increase network flexibility without changing the physical network topology. With network segmentation, each switch port connects to a segment that is a single broadcast domain. When a switch port is configured to be a member of a VLAN, it is added to a group of ports (workgroup) that belong to one broadcast domain. Ports are grouped into broadcast domains by assigning them to the same VLAN.
BLADEOS 6.5.2 Application Guide PVID Numbers Each port in the switch has a configurable default VLAN number, known as its PVID. By default, the PVID for all non-management ports is set to 1, which correlates to the default VLAN ID. The PVID for each port can be configured to any VLAN number between 1 and 4094.
BLADEOS 6.5.2 Application Guide VLAN Tagging BLADEOS software supports 802.1Q VLAN tagging, providing standards-based VLAN support for Ethernet systems. Tagging places the VLAN identifier in the frame header of a packet, allowing each port to belong to multiple VLANs. When you add a port to multiple VLANs, you also must enable tagging on that port.
BLADEOS 6.5.2 Application Guide Figure 1 Default VLAN settings 802.1Q Switch VLAN 1 Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 ... PVID = 1 DA CRC SA Incoming untagged packet Data Outgoing untagged packet (unchanged) CRC Data SA DA Key By default: All ports are assigned PVID = 1 All ports are untagged members of VLAN 1 BS45010A Note – The port numbers specified in these illustrations may not directly correspond to the physical port configuration of your switch model.
BLADEOS 6.5.2 Application Guide Figure 2 Port-based VLAN assignment Data P ort 4 CRC S A DA Before P ort 2 P ort 3 Tagged member of V LAN 2 P ort 5 P ort 1 P V ID = 2 Untagged packet 802.1Q S witch P ort 6 P ort 7 P ort 8 Untagged member of V LAN 2 As shown in Figure 3, the untagged packet is marked (tagged) as it leaves the switch through port 5, which is configured as a tagged member of VLAN 2.
BLADEOS 6.5.2 Application Guide Figure 4 802.1Q tag assignment CRC Data Tag P ort 4 Tagged packet S A DA Before P ort 2 P ort 3 Tagged member of V LAN 2 P ort 5 P ort 1 P V ID = 2 802.1Q S witch P ort 6 P ort 7 P ort 8 Untagged member of V LAN 2 BS 0 3A As shown in Figure 5, the tagged packet remains unchanged as it leaves the switch through port 5, which is configured as a tagged member of VLAN 2.
BLADEOS 6.5.2 Application Guide VLAN Topologies and Design Considerations By default, the G8124 software is configured so that tagging is disabled on all ports. By default, the G8124 software is configured so that all data ports are members of VLAN 1. By default, the BLADEOS software is configured so that the management ports (MGTA and MGTB) are members of VLAN 4095 (the management VLAN). STG 128 is reserved for switch management.
BLADEOS 6.5.2 Application Guide Multiple VLANs with Tagging Adapters Figure 6 illustrates a network topology described in Note – and the configuration example on page page 97.
BLADEOS 6.5.2 Application Guide The features of this VLAN are described below: Table 6-1 Multiple VLANs Example Component Description G8124 switch This switch is configured with three VLANs that represent three different IP subnets. Five ports are connected downstream to servers. Two ports are connected upstream to routing switches. Uplink ports are members of all three VLANs, with VLAN tagging enabled. Server 1 This server is a member of VLAN 1 and has presence in only one IP subnet.
BLADEOS 6.5.2 Application Guide VLAN Configuration Example Use the following procedure to configure the example network shown in Figure 6. 1. Enable VLAN tagging on server ports that support multiple VLANs. RS G8124(config)# interface port 5 RS G8124(config-if)# tagging RS G8124(config-if)# exit 2. Enable tagging on uplink ports that support multiple VLANs.
BLADEOS 6.5.2 Application Guide Private VLANs Private VLANs provide Layer 2 isolation between the ports within the same broadcast domain. Private VLANs can control traffic within a VLAN domain, and provide port-based security for host servers. Use Private VLANs to partition a VLAN domain into sub-domains. Each sub-domain is comprised of one primary VLAN and one or more secondary VLANs, as follows: Primary VLAN—carries unidirectional traffic downstream from promiscuous ports.
BLADEOS 6.5.2 Application Guide Configuration Guidelines The following guidelines apply when configuring Private VLANs: The default VLAN 1 cannot be a Private VLAN. The management VLAN 4095 cannot be a Private VLAN. The management port cannot be a member of a Private VLAN. IGMP Snooping must be disabled on isolated VLANs. Each secondary port’s (isolated port and community ports) PVID must match its corresponding secondary VLAN ID.
BLADEOS 6.5.
CHAPTER 7 Ports and Trunking Trunk groups can provide super-bandwidth, multi-link connections between the RackSwitch G8124 (G8124) and other trunk-capable devices. A trunk group is a group of ports that act together, combining their bandwidth to create a single, larger virtual link.
BLADEOS 6.5.2 Application Guide Trunking Overview When using port trunk groups between two switches, as shown in Figure 7, you can create a virtual link between the switches, operating with combined throughput levels that depends on how many physical ports are included. Each G8124 supports up to 12 trunk groups. Two trunk types are available: static trunk groups (portchannel), and dynamic LACP trunk groups. Each type can contain up to 8 member ports, depending on the port type and availability.
BLADEOS 6.5.2 Application Guide Before You Configure Static Trunks When you create and enable a static trunk, the trunk members (switch ports) take on certain settings necessary for correct operation of the trunking feature. Before you configure your trunk, you must consider these settings, along with specific configuration rules, as follows: 1. Read the configuration rules provided in the section, “Trunk Group Configuration Rules” on page 104. 2.
BLADEOS 6.5.2 Application Guide Trunk Group Configuration Rules The trunking feature operates according to specific configuration rules. When creating trunks, consider the following rules that determine how a trunk group reacts in any network topology: All trunks must originate from one device, and lead to one destination device. Any physical switch port can belong to only one trunk group. Trunking from third-party devices must comply with Cisco® EtherChannel® technology.
BLADEOS 6.5.2 Application Guide 1. Follow these steps on the G8124: a. Define a trunk group. RS G8124(config)# portchannel 3 port 2,9,16 RS G8124(config)# portchannel 3 enable b. Verify the configuration. # show portchannel information Examine the resulting information. If any settings are incorrect, make appropriate changes. 2. Repeat the process on the other switch. RS G8124(config)# portchannel 1 port 1,11,18 RS G8124(config)# portchannel 1 enable 3.
BLADEOS 6.5.2 Application Guide Configurable Trunk Hash Algorithm Traffic in a trunk group is statistically distributed among member ports using a hash process where various address and attribute bits from each transmitted frame are recombined to specify the particular trunk port the frame will use. The switch can be configured to use a variety of hashing options. To achieve the most even traffic distribution, select options that exhibit a wide range of values for your particular network.
BLADEOS 6.5.2 Application Guide Link Aggregation Control Protocol Link Aggregation Control Protocol (LACP) is an IEEE 802.3ad standard for grouping several physical ports into one logical port (known as a dynamic trunk group or Link Aggregation group) with any device that supports the standard. Please refer to IEEE 802.3ad-2002 for a full description of the standard. The 802.3ad standard allows standard Ethernet links to form a single Layer 2 link using the Link Aggregation Control Protocol (LACP).
BLADEOS 6.5.2 Application Guide Each port on the switch can have one of the following LACP modes. off (default) The user can configure this port in to a regular static trunk group. active The port is capable of forming an LACP trunk. This port sends LACPDU packets to partner system ports. passive The port is capable of forming an LACP trunk. This port only responds to the LACPDU packets sent from an LACP active port.
CHAPTER 8 Spanning Tree Protocols When multiple paths exist between two points on a network, Spanning Tree Protocol (STP), or one of its enhanced variants, can prevent broadcast loops and ensure that the RackSwitch G8124 (G8124) uses only the most efficient network path.
BLADEOS 6.5.2 Application Guide Rapid Spanning Tree Protocol (RSTP) IEEE 802.1D (2004) RSTP mode is an enhanced version of STP. It provides more rapid convergence of the Spanning Tree network path states on STG 1. RSTP is the default Spanning Tree mode on the G8124. See “Rapid Spanning Tree Protocol” on page 124 for details. Per-VLAN Rapid Spanning Tree (PVRST) PVRST mode is based on RSTP to provide rapid Spanning Tree convergence, but allows for multiple STGs, with an STGs on a per-VLAN basis.
BLADEOS 6.5.2 Application Guide STP/PVST+ Mode Using STP, network devices detect and eliminate logical loops in a bridged or switched network. When multiple paths exist, Spanning Tree configures the network so that a switch uses only the most efficient path. If that path fails, Spanning Tree automatically sets up another active path on the network to sustain network operations. BLADEOS STP/PVST+ mode implements IEEE 802.
BLADEOS 6.5.2 Application Guide Bridge Protocol Data Units Bridge Protocol Data Units Overview To create a Spanning Tree, the switch generates a configuration Bridge Protocol Data Unit (BPDU), which it then forwards out of its ports. All switches in the Layer 2 network participating in the Spanning Tree gather information about other switches in the network through an exchange of BPDUs. A bridge sends BPDU packets at a configurable regular interval (2 seconds by default).
BLADEOS 6.5.2 Application Guide Port Priority The port priority helps determine which bridge port becomes the root port or the designated port. The case for the root port is when two switches are connected using a minimum of two links with the same path-cost. The case for the designated port is in a network topology that has multiple bridge ports with the same path-cost connected to a single segment, the port with the lowest port priority becomes the designated port for the segment.
BLADEOS 6.5.2 Application Guide Fast Uplink Configuration Guidelines When you enable Fast Uplink Convergence, BLADEOS automatically makes the following configuration changes: The bridge priority is set to 65535 so that it does not become the root switch. The cost of all ports is increased by 3000, across all VLANs and STGs. This ensures that traffic never flows through the G8124 to get to another switch unless there is no other path. These changes are reversed if the feature is disabled.
BLADEOS 6.5.2 Application Guide Simple STP Configuration Figure 9 depicts a simple topology using a switch-to-switch link between two G8124 1 and 2. Figure 9 Spanning Tree Blocking a Switch-to-Switch Link Enterprise Routing Switches BLADE Switch 1 Server x STP Blocks Link Server Server BLADE Switch 2 Server To prevent a network loop among the switches, STP must block one of the links between them.
BLADEOS 6.5.2 Application Guide Figure 10 Spanning Tree Restoring the Switch-to-Switch Link Enterprise Routing Switches Uplink Failure BLADE Switch 1 BLADE Switch 2 Server STP Restores Link Server Server Server In this example, port 10 on each G8124 is used for the switch-to-switch link. To ensure that the G8124 switch-to-switch link is blocked during normal operation, the port path cost is set to a higher value than other paths in the network.
BLADEOS 6.5.2 Application Guide Per-VLAN Spanning Tree Groups STP/PVST+ mode supports a maximum of 127 STGs, with each STG acting as an independent, simultaneous instance of STP. Multiple STGs provide multiple data paths which can be used for load-balancing and redundancy. To enable load balancing between two G8124s using multiple STGs, configure each path with a different VLAN and then assign each VLAN to a separate STG. Since each STG is independent, they each send their own IEEE 802.
BLADEOS 6.5.2 Application Guide STP/PVST+ Defaults and Guidelines In STP/PVST+ configuration, up to 128 STGs are available on the switch. STG 1 is the default STG. Although ports can be added to or deleted from default STG 1, the STG itself cannot be deleted from the system. By default, STG 1 is enabled and includes VLAN 1 and all ports on the switch (except for management VLANs and ports). Any newly created VLANs will automatically belong to STG 1 until assigned to another STG.
BLADEOS 6.5.2 Application Guide Creating a VLAN When you create a VLAN, that VLAN automatically belongs to STG 1, the default STG. To place the VLAN in a different STG, follow these steps: Create the VLAN. Add the VLAN to an existing STG. The VLAN is automatically removed from its old STG before being placed into the new STG. Each VLANs must be contained within a single STG; a VLAN cannot span multiple STGs.
BLADEOS 6.5.2 Application Guide Adding and Removing Ports from STGs When you add a port to a VLAN that belongs to an STG, the port is also added to that STG. However, if the port you are adding is an untagged port and is already a member of another STG, that port will be removed from its current STG and added to the new STG. An untagged port cannot belong to more that one STG. For example: Assume that VLAN 1 belongs to STG 1, and that port 1 is untagged and does not belong to any STG.
BLADEOS 6.5.2 Application Guide Switch-Centric Configuration STP/PVST+ is switch-centric: STGs are enforced only on the switch where they are configured. The STG ID is not transmitted in the Spanning Tree BPDU. Each Spanning Tree decision is based entirely on the configuration of the particular switch. For example, in Figure 12, though VLAN 2 is shared by the Switch A and Switch B, each switch is responsible for the proper configuration of its own ports, VLANs, and STGs.
BLADEOS 6.5.2 Application Guide Configuring Multiple STGs This configuration shows how to configure the three instances of STGs on the switches A, B, C, and D illustrated in Figure 12 on page 121. By default Spanning Trees 2 to 127 are empty, and STG 1 contains all configured VLANs until individual VLANs are explicitly assigned to other STGs. 1. Configure the following on Switch A: Add port 17 to VLAN 2, port 18 to VLAN 3, and define STG 2 for VLAN 2 and VLAN 3.
BLADEOS 6.5.2 Application Guide 3. Configure the following on application switch C: Add port 8 to VLAN 3 and define STG 2 for VLAN 3. RS RS RS RS RS G8124(config)# vlan 3 G8124(config-vlan)# enable G8124(config-vlan)# member 8 G8124(config-vlan)# exit G8124(config)# spanning-tree stp 2 vlan 3 VLAN 3 is automatically removed from STG 1. By default VLAN 1 remains in STG 1. 4. Switch D does not require any special configuration for multiple Spanning Trees. Switch D uses default STG 1 only.
BLADEOS 6.5.2 Application Guide Rapid Spanning Tree Protocol Note – Rapid Spanning Tree Protocol (RSTP) is enabled by default on the G8124. RSTP provides rapid convergence of the Spanning Tree and provides the fast re-configuration critical for networks carrying delay-sensitive traffic such as voice and video. RSTP significantly reduces the time to reconfigure the active topology of the network when changes occur to the physical topology or its configuration parameters.
BLADEOS 6.5.2 Application Guide RSTP Configuration Guidelines This section provides important information about configuring RSTP. When RSTP is turned on, the following occurs: STP parameters apply only to STG 1. Only STG 1 is available. All other STGs are turned off. All VLANs, including management VLANs, are moved to STG 1. RSTP Configuration Example This section provides steps to configure RSTP. Note – Rapid Spanning Tree is the default Spanning Tree mode on the G8124. 1.
BLADEOS 6.5.2 Application Guide Per-VLAN Rapid Spanning Tree Groups PVRST is based on IEEE 802.1w Rapid Spanning Tree Protocol (RSTP). Like RSTP, PVRST mode provides rapid Spanning Tree convergence. However, similar to the way standard STP is enhanced by PVST+ (see “Per-VLAN Spanning Tree Groups” on page 117), PVRST is enhanced to allow per-VLAN STGs on the switch. In PVRST mode, each VLAN may be assigned to one of 128 STGs, with each STG acting as an independent, simultaneous instance of STP.
BLADEOS 6.5.2 Application Guide Multiple Spanning Tree Protocol Multiple Spanning Tree Protocol (MSTP) extends Rapid Spanning Tree Protocol (RSTP), allowing multiple Spanning Tree Groups (STGs) which may each include multiple VLANs. MSTP was originally defined in IEEE 802.1s (2002) and was later included in IEEE 802.1Q (2003). In MSTP mode, the G8124 supports up to 32 instances of Spanning Tree, corresponding to STGs 1-32, with each STG acting as an independent, simultaneous instance of STP.
BLADEOS 6.5.2 Application Guide MSTP Configuration Guidelines This section provides important information about configuring Multiple Spanning Tree Groups: When MSTP is turned on, the switch automatically moves all VLANs to the CIST. When MSTP is turned off, the switch moves all VLANs from the CIST to STG 1. When you enable MSTP, you must configure the Region Name. A default version number of 1 is configured automatically.
BLADEOS 6.5.2 Application Guide MSTP Configuration Example 2 This configuration shows how to configure MSTP Groups on the switch, as shown in Figure 12.
BLADEOS 6.5.2 Application Guide 1. Configure port membership and define the STGs for VLAN 1. Enable tagging on uplink ports that share VLANs. Port 19 and port 20 connect to the Enterprise Routing switches. RS RS RS RS RS RS G8124(config)# interface port 19 G8124(config-if)# tagging G8124(config-if)# exit G8124(config)# interface port 20 G8124(config-if)# tagging G8124(config-if)# exit 2. Add server ports 1 and 2 to VLAN 1. Add uplink ports 19 and port 20 to VLAN 1.
BLADEOS 6.5.2 Application Guide Port Type and Link Type For use in RSTP, MSTP, and PVRST modes, BLADEOS Spanning Tree configuration includes parameters for edge port and link type. Note – Although edge port and link type parameters are configured with global commands on ports, they only take effect when RSTP, MSTP, or PVRST is turned on. Edge Port A port that does not connect to a bridge is called an edge port.
BLADEOS 6.5.
CHAPTER 9 Quality of Service Quality of Service features allow you to allocate network resources to mission-critical applications at the expense of applications that are less sensitive to such factors as time delays or network congestion. You can configure your network to prioritize specific types of traffic, ensuring that each type receives the appropriate Quality of Service (QoS) level.
BLADEOS 6.5.2 Application Guide Figure 14 shows the basic QoS model used by the switch. Figure 14 QoS Model Ingress Ports Classify Packets Perform Actions ACL Filter Permit/Deny Queue and Schedule Egress COS Queue The basic QoS model works as follows: Classify traffic: Read DSCP value. Read 802.1p priority value. Match ACL filter parameters.
BLADEOS 6.5.2 Application Guide Using ACL Filters Access Control Lists (ACLs) are filters that allow you to classify and segment traffic, so you can provide different levels of service to different traffic types. Each filter defines the conditions that must match for inclusion in the filter, and also the actions that are performed when a match is made. BLADEOS 6.5 supports up to 127 ACLs when the switch is operating in the Balanced deployment mode (see “Deployment Profiles” on page 147).
BLADEOS 6.5.2 Application Guide ACL Metering and Re-Marking You can define a profile for the aggregate traffic flowing through the G8124 by configuring a QoS meter (if desired) and assigning ACLs to ports. When you add ACLs to a port, make sure they are ordered correctly in terms of precedence. Actions taken by an ACL are called In-Profile actions. You can configure additional In-Profile and Out-of-Profile actions on a port.
BLADEOS 6.5.2 Application Guide Using DSCP Values to Provide QoS The switch uses the Differentiated Services (DiffServ) architecture to provide QoS functions. DiffServ is described in IETF RFCs 2474 and 2475. The six most significant bits in the TOS byte of the IP header are defined as DiffServ Code Points (DSCP). Packets are marked with a certain value depending on the type of treatment the packet must receive in the network device. DSCP is a measure of the Quality of Service (QoS) level of the packet.
BLADEOS 6.5.2 Application Guide Per Hop Behavior The DSCP value determines the Per Hop Behavior (PHB) of each packet. The PHB is the forwarding treatment given to packets at each hop. QoS policies are built by applying a set of rules to packets, based on the DSCP value, as they hop through the network. The default settings are based on the following standard PHBs, as defined in the IEEE standards: Expedited Forwarding (EF)—This PHB has the highest egress priority and lowest drop precedence level.
BLADEOS 6.5.2 Application Guide QoS Levels Table 13 shows the default service levels provided by the switch, listed from highest to lowest importance: Table 13 Default QoS Service Levels Service Level Default PHB 802.
BLADEOS 6.5.2 Application Guide DSCP Re-Marking and Mapping The switch can use the DSCP value of ingress packets to re-mark the DSCP to a new value, and to set an 802.1p priority value. Use the following command to view the default settings. RS G8124# show qos dscp Current DSCP Remarking Configuration: OFF DSCP -------0 1 2 3 4 5 6 7 8 9 10 ... 54 55 56 57 58 59 60 61 62 63 New DSCP -------0 1 2 3 4 5 6 7 8 9 10 54 55 56 57 58 59 60 61 62 63 New 802.
BLADEOS 6.5.2 Application Guide DSCP Re-Marking Configuration Example 1. Turn DSCP re-marking on globally, and define the DSCP-DSCP-802.1p mapping. You can use the default mapping. RS G8124(config)# qos dscp re-marking RS G8124(config)# qos dscp dscp-mapping RS G8124(config)# qos dscp dot1p-mapping <802.1p value> 2. Enable DSCP re-marking on a port.
BLADEOS 6.5.2 Application Guide Using 802.1p Priority to Provide QoS The G8124 provides Quality of Service functions based on the priority bits in a packet’s VLAN header. (The priority bits are defined by the 802.1p standard within the IEEE 802.1Q VLAN header.) The 802.1p bits, if present in the packet, specify the priority that should be given to packets during forwarding. Packets with a numerically higher (non-zero) priority are given forwarding preference over packets with lower priority value.
BLADEOS 6.5.2 Application Guide Queuing and Scheduling The G8124 can be configured to have either 2 or 8 output Class of Service (COS) queues per port, into which each packet is placed. Each packet’s 802.1p priority determines its COS queue, except when an ACL action sets the COS queue of the packet. Note – When vNIC operations are enabled, the total number of COS queues available is 4. You can configure the following attributes for COS queues: Map 802.
BLADEOS 6.5.
Part 4: Advanced Switching Features BMD00220, October 2010 145
BLADEOS 6.5.
CHAPTER 10 Deployment Profiles The BLADEOS software for the RackSwitch G8124 can be configured to operate in different modes for different deployment scenarios. Each deployment profile sets different capacity levels for basic switch resources, such as the number of IP routes and ARP entries, in order to optimize the switch for different types of networks.
BLADEOS 6.5.2 Application Guide The properties of each mode are compared in the following table.
BLADEOS 6.5.2 Application Guide Selecting Profiles To change the deployment profile, the new profile must first be selected, and the switch must then be rebooted to use the new profile. Note – Before changing profiles, it is recommended that you save the active switch configuration to a backup file so that it may be restored later if desired.
BLADEOS 6.5.
CHAPTER 11 Virtualization Virtualization allows resources to be allocated in a fluid manner based on the logical needs of the data center, rather than on the strict, physical nature of components. The following virtualization features are included in BLADEOS 6.
BLADEOS 6.5.
CHAPTER 12 Virtual NICs A Network Interface Controller (NIC) is a component within a server that allows the server to be connected to a network. The NIC provides the physical point of connection, as well as internal software for encoding and decoding network packets. Virtualizing the NIC helps to resolve issues caused by limited NIC slot availability.
BLADEOS 6.5.2 Application Guide Each vNIC can be independently allocated a symmetric percentage of the 10Gbps bandwidth on the link (from NIC to switch, and from switch to NIC). The G8124 can be used as the single point of vNIC configuration. The following restrictions apply to vNICs: vNICs are not supported simultaneously with VM groups (see “VMready” on page 165) on the same switch ports.
BLADEOS 6.5.2 Application Guide vNIC IDs vNIC IDs on the Switch BLADEOS 6.5 supports up to four vNICs attached to each server port. Each vNIC is provided its own independent virtual pipe on the port. On the switch, each vNIC is identified by its port and vNIC number as follows: . For example: 1.1, 1.2, 1.3, and 1.4 represent the vNICs on port 1. 2.1, 2.2, 2.3, and 2.4 represent the vNICs on port 2, etc.
BLADEOS 6.5.2 Application Guide vNIC Bandwidth Metering BLADEOS 6.5 supports bandwidth metering for vNIC traffic. By default, each of the four vNICs on any given port is allowed an equal share (25%) of NIC capacity when enabled. However, you may configure the percentage of available switch port bandwidth permitted to each vNIC. vNIC bandwidth can be configured as a value from 1 to 100, with each unit representing 1% (or 100Mbps) of the 10Gbps link.
BLADEOS 6.5.2 Application Guide vNIC Groups vNICs can be grouped together, along with uplink ports and trunks, as well as other ports that were defined as server ports but not connected to vNICs. Each vNIC group is essentially a separate virtual network within the switch. Elements within a vNIC group have a common logical function and can communicate with each other, while elements in different vNIC groups are separated. BLADEOS 6.5 supports up to 32 independent vNIC groups.
BLADEOS 6.5.2 Application Guide Other vNIC group rules are as follows: vNIC groups may have one or more vNIC members. However, any given vNIC can be a member of only one vNIC group. All vNICs on a given port must belong to different vNIC groups. All members of a vNIC group must have the same vNIC pipe index. For instance, 1.1 and 2.1 share the same “.1” vNIC pipe index, but 3.2 uses the “.2” vNIC pipe index and cannot be placed in the same vNIC group.
BLADEOS 6.5.2 Application Guide vNIC Teaming Failover For NIC failover in a non-virtualized environment, when a service group’s uplink ports fail or are disconnected, the switch disables the affected group’s server ports, causing the server to failover to the backup NIC and switch. However, in a virtualized environment, disabling the affected server ports would disrupt all vNIC pipes on those ports, not just those that have lost their uplinks (see Figure 19).
BLADEOS 6.5.
BLADEOS 6.5.2 Application Guide vNIC Configuration Example Consider the following example configuration: Figure 21 Multiple vNIC Groups Switch 1 Port 11 Servers Port 1 .1 .2 .3 .4 60% 40% VNIC VNIC VNIC VNIC To Switch 2 VNIC Group 1 VLAN 1000 Port 12 Port 2 .1 .2 .3 .4 25% 25% VNIC VNIC VNIC VNIC To Switch 2 Port 13 Port 3 .1 .2 .3 .
BLADEOS 6.5.2 Application Guide 1. Define the server ports. RS G8124(config)# system server-ports port 1-5 2. Configure the external trunk to be used with vNIC group 2. RS G8124(config)# portchannel 1 port 13,14 RS G8124(config)# portchannel 1 enable 3. Enable the vNIC feature on the switch. RS G8124 # vnic enable 4.
BLADEOS 6.5.2 Application Guide 5. Add ports, trunks, and virtual pipes to their vNIC groups. RS RS RS RS RS RS RS RS RS G8124(config)# vnic vnicgroup 1 G8124(vnic group config)# vlan 1000 G8124(vnic group config)# member 1.1 G8124(vnic group config)# member 2.
BLADEOS 6.5.2 Application Guide vNICs for iSCSI on Emulex Eraptor 2 The BLADEOS vNIC feature works with standard network applications like iSCSI as previously described. However, the Emulex Eraptor 2 NIC expects iSCSI traffic to occur only on a single vNIC pipe. When using the Emulex Erapter 2, only vNIC pipe 2 may participate in ISCSI.
CHAPTER 13 VMready Virtualization is used to allocate server resources based on logical needs, rather than on strict physical structure. With appropriate hardware and software support, servers can be virtualized to host multiple instances of operating systems, known as virtual machines (VMs). Each VM has its own presence on the network and runs its own service applications.
BLADEOS 6.5.2 Application Guide VE Capacity When VMready is enabled, the switch will automatically discover VEs that reside in hypervisors directly connected on the switch ports. BLADEOS 6.5 supports up to 2048 VEs. Once this limit is reached, the switch will reject additional VEs. Note – In rare situations, the switch may reject new VEs prior to reaching the supported limit. This can occur when the internal hash corresponding to the new VE is already in use.
BLADEOS 6.5.2 Application Guide Local VM Groups The configuration for local VM groups is maintained on the switch (locally) and is not directly synchronized with hypervisors. Local VM groups may include only local elements: local switch ports and trunks, and only those VEs connected to one of the switch ports or pre-provisioned on the switch. Of the 2048 VEs supported on the switch, up to 500 VEs may be used in local groups.
BLADEOS 6.5.2 Application Guide The following rules apply to the local VM group configuration commands: key: Add LACP trunks to the group. port: Add switch server ports or switch uplink ports to the group. Note that VM groups and vNICs (see “Virtual NICs” on page 153) are not supported simultaneously on the same port. portchannel: Add static port trunks to the group. profile: The profile options are not applicable to local VM groups.
BLADEOS 6.5.2 Application Guide Distributed VM Groups Distributed VM groups allow configuration profiles to be synchronized between the G8124 and associated hypervisors and VEs. This allows VE configuration to be centralized, and provides for more reliable VE migration across hypervisors. Using distributed VM groups requires a virtualization management server.
BLADEOS 6.5.2 Application Guide Note – The bandwidth shaping parameters in the VM profile are used by the hypervisor virtual switch software. To set bandwidth policies for individual VEs, see “VM Policy Bandwidth Control” on page 178. Once configured, the VM profile may be assigned to a distributed VM group as shown in the following section. Initializing a Distributed VM Group Note – A VM profile is required before a distributed VM group may be configured. See “VM Profiles” on page 169 for details.
BLADEOS 6.5.2 Application Guide Synchronizing the Configuration When the configuration for a distributed VM group is modified, the switch updates the assigned virtualization management server. The management server then distributes changes to the appropriate hypervisors. For VM membership changes, hypervisors modify their internal virtual switch port groups, adding or removing server port memberships to enforce the boundaries defined by the distributed VM groups.
BLADEOS 6.5.2 Application Guide Virtualization Management Servers The G8124 can connect with a virtualization management server to collect configuration information about associated VEs. The switch can also automatically push VM group configuration profiles to the virtualization management server, which in turn configures the hypervisors and VEs, providing enhanced VE mobility. One virtual management server must be assigned on the switch before distributed VM groups may be used. BLADEOS 6.
BLADEOS 6.5.2 Application Guide vCenter Scans Once the vCenter is assigned, the switch will periodically scan the vCenter to collect basic information about all the VEs in the datacenter, and more detailed information about the local VEs that the switch has discovered attached to its own ports. The switch completes a vCenter scan approximately every two minutes. Any major changes made through the vCenter may take up to two minutes to be reflected on the switch.
BLADEOS 6.5.2 Application Guide Exporting Profiles VM profiles for discovered VEs in distributed VM groups are automatically synchronized with the virtual management server and the appropriate hypervisors. However, VM profiles can also be manually exported to specific hosts before individual VEs are defined on them. By exporting VM profiles to a specific host, BNT port groups will be available to the host’s internal virtual switches so that new VMs may be configured to use them.
BLADEOS 6.5.2 Application Guide Pre-Provisioning VEs VEs may be manually added to VM groups in advance of being detected on the switch ports. By pre-provisioning the MAC address of VEs that are not yet active, the switch will be able to later recognize the VE when it becomes active on a switch port, and immediately assign the proper VM group properties without further configuration.
BLADEOS 6.5.2 Application Guide VLAN Maps A VLAN map (VMAP) is a type of Access Control List (ACL) that is applied to a VLAN or VM group rather than to a switch port as with regular ACLs (see “Access Control Lists” on page 75). In a virtualized environment, VMAPs allow you to create traffic filtering and metering policies that are associated with a VM group VLAN, allowing filters to follow VMs as they migrate between hypervisors.
BLADEOS 6.5.2 Application Guide Once a VMAP filter is created, it can be assigned or removed using the following commands: For regular VLANs, use config-vlan mode: RS G8124(config)# vlan RS G8124(config-vlan)# [no] vmap [serverports| non-serverports] For a VM group, use the global configuration mode: RS G8124(config)# [no] virt vmgroup vmap [serverports|non-serverports] Note – Each VMAP can be assigned to only one VLAN or VM group.
BLADEOS 6.5.2 Application Guide VM Policy Bandwidth Control Note – VM policy bandwidth control is supported only when the switch is operating with the Default deployment profile (see “Deployment Profiles” on page 147). If using the Routing profile, VM policy bandwidth control commands will not be available.
BLADEOS 6.5.2 Application Guide Bandwidth Policies vs. Bandwidth Shaping VM Profile Bandwidth Shaping differs from VM Policy Bandwidth Control. VM Profile Bandwidth Shaping (see “VM Profiles” on page 169) is configured per VM group and is enforced on the server by a virtual switch in the hypervisor. Shaping is unidirectional and limits traffic transmitted from the virtual switch to the G8124. Shaping is performed prior to transmit VM Policy Bandwidth Control.
BLADEOS 6.5.2 Application Guide VMready Information Displays The G8124 can be used to display a variety of VMready information. Note – Some displays depict information collected from scans of a VMware vCenter and may not be available without a valid vCenter. If a vCenter is assigned (see “Assigning a vCenter” on page 172), scan information might not be available for up to two minutes after the switch boots or when VMready is first enabled.
BLADEOS 6.5.2 Application Guide If a vCenter is available, more verbose information can be obtained using the following ISCLI privileged EXEC command option: RS G8124# show virt vm -v Index MAC Address, IP Address -----------00:50:56:9c:21:2f 172.16.46.15 Name (VM or Host), @Host (VMs only) -----------------atom @172.16.46.10 Port, VLAN ----4 500 +1 00:50:56:72:ec:86 172.16.46.51 172.16.46.50 3 0 vSwitch0 VMkernel *2 00:50:56:4f:f2:85 172.16.46.10 172.16.46.
BLADEOS 6.5.2 Application Guide vCenter Hypervisor Hosts If a vCenter is available, the following ISCLI privileged EXEC command displays the name and UUID of all VMware hosts, providing an essential overview of the data center: RS G8124# show virt vmware hosts UUID Name(s), IP Address --------------------------------------------------------------00a42681-d0e5-5910-a0bf-bd23bd3f7800 172.16.41.30 002e063c-153c-dd11-8b32-a78dd1909a00 172.16.46.10 00f1fe30-143c-dd11-84f2-a8ba2cd7ae00 172.16.44.
BLADEOS 6.5.
BLADEOS 6.5.2 Application Guide VMready Configuration Example This example has the following characteristics: A VMware vCenter is fully installed and configured prior to VMready configuration and includes a “bladevm” administration account and a valid SSL certificate. The distributed VM group model is used. The VM profile named “Finance” is configured for VLAN 30, and specifies NIC-to-switch bandwidth shaping for 1Mbps average bandwidth, 2MB bursts, and 3Mbps maximum bandwidth.
BLADEOS 6.5.2 Application Guide 5. Define the VM group. RS RS RS RS RS RS G8124(config)# G8124(config)# G8124(config)# G8124(config)# G8124(config)# G8124(config)# virt virt virt virt virt virt vmgroup vmgroup vmgroup vmgroup vmgroup vmgroup 1 1 1 1 1 1 profile Finance vm arctic vm monster vm sierra vm 00:50:56:4f:f2:00 portchannel 1 When VMs are added, the server ports on which they appear are automatically added to the VM group. In this example, there is no need to manually add ports 1 and 2.
BLADEOS 6.5.
CHAPTER 14 FCoE and CEE This chapter provides conceptual background and configuration examples for using Converged Enhanced Ethernet (CEE) features of the RackSwitch G8124, with an emphasis on Fibre Channel over Ethernet (FCoE) solutions. The following topics are addressed in this chapter: “Fibre Channel over Ethernet” on page 189 Fibre Channel over Ethernet (FCoE) allows Fibre Channel traffic to be transported over Ethernet links.
BLADEOS 6.5.2 Application Guide “Enhanced Transmission Selection” on page 204 Enhanced Transmission Selection (ETS) provides a method for allocating link bandwidth based on the 802.1p priority value in each packet’s VLAN tag.
BLADEOS 6.5.2 Application Guide Fibre Channel over Ethernet Fibre Channel over Ethernet (FCoE) is an effort to converge two of the different physical networks in today’s data centers. It allows Fibre Channel traffic (such as that commonly used in Storage Area Networks, or SANs) to be transported without loss over 10Gb Ethernet links (typically used for high-speed Local Area Networks, or LANs).
BLADEOS 6.5.2 Application Guide In Figure 22 on page 189, the Fibre Channel network is connected to the FCoE network through an FCoE Forwarder (FCF). The FCF acts as a Fibre Channel gateway to and from the FCoE network. For the FCoE portion of the network, the FCF is connected to the FCoE-enabled G8124, which is connected to a server (running Fibre Channel applications) through an FCoE-enabled Converged Network Adapter (CNA) known in Fibre Channel as Ethernet Nodes (ENodes). BLADEOS 6.
BLADEOS 6.5.2 Application Guide FCoE Requirements The following are required for implementing FCoE using the RackSwitch G8124 (G8124) with BLADEOS 6.5 software: The G8124 must be connected to the Fibre Channel network through an FCF such as a Cisco Nexus 5000 Series Switch. For each G8124 port participating in FCoE, the connected server must use the supported FCoE CNA. The QLogic CNA is currently the first CNA supported for this purpose.
BLADEOS 6.5.2 Application Guide Converged Enhanced Ethernet Converged Enhanced Ethernet (CEE) refers to a set of IEEE standards designed to allow different physical networks with different data handling requirements to be converged together, simplifying management, increasing efficiency and utilization, and leveraging legacy investments without sacrificing evolutionary growth. CEE standards were developed primarily to enable Fibre Channel traffic to be carried over Ethernet networks.
BLADEOS 6.5.2 Application Guide Effects on 802.1p Quality of Service While CEE is off (the default), the G8124 allows 802.1p priority values to be used for Quality of Service (QoS) configuration (see page 133). 802.1p QoS default settings are shown in Table 16, but can be changed by the administrator. When CEE is turned on, 802.1p QoS is replaced by ETS (see “Enhanced Transmission Selection” on page 204). As a result, while CEE is turned on, the 802.
BLADEOS 6.5.2 Application Guide If the prior, non-CEE configuration used 802.1p priority values for different purposes, or does not expect bandwidth allocation as shown in Table 17 on page 193, when CEE is turned on, the administrator should reconfigure ETS settings as appropriate. Each time CEE is turned on or off, the appropriate ETS or 802.1p QoS default settings shown in Table 16 on page 193 are restored, and any manual settings made to prior ETS or 802.1p QoS configurations are cleared.
BLADEOS 6.5.2 Application Guide FCoE Initialization Protocol Snooping FCoE Initialization Protocol (FIP) snooping is an FCoE feature. In order to enforce point-to-point links for FCoE traffic outside the regular Fibre Channel topology, Ethernet ports used in FCoE can be automatically and dynamically configured with Access Control Lists (ACLs). Using FIP snooping, the G8124 examines the FIP frames normally exchanged between the FCF and ENodes to determine information about connected FCoE devices.
BLADEOS 6.5.2 Application Guide Port FCF and ENode Detection When FIP snooping is enabled on a port, the port is placed in FCF auto-detect mode by default. In this mode, the port assumes connection to an ENode unless FIP packets show the port is connected to an FCF.
BLADEOS 6.5.2 Application Guide FCoE ACL Rules When FIP Snooping is enabled on a port, the switch automatically installs the appropriate ACLs to enforce the following rules for FCoE traffic: Ensure that FIP frames from ENodes may only be addressed to FCFs. Flag important FIP packets for switch processing. Ensure no end device uses an FCF MAC address as its source.
BLADEOS 6.5.2 Application Guide Viewing FIP Snooping Information ACLs automatically generated under FIP snooping are independent of regular, manually configure ACLs, and are not listed with regular ACLs in switch information and statistics output.
BLADEOS 6.5.2 Application Guide FIP Snooping Configuration In this example, as shown in Figure 22 on page 189, FCoE devices are connected to port 2 for the FCF device, and port 3 for an ENode. FIP snooping can be configured on these ports using the following ISCLI commands: 1. Enable VLAN tagging on the FCoE ports: RS G8124(config)# interface port 2,3 RS G8124(config-if)# tagging RS G8124(config-if)# exit (Select FCoE ports) (Enable VLAN tagging) (Exit port configuration mode) 2.
BLADEOS 6.5.2 Application Guide Priority-Based Flow Control Priority-based Flow Control (PFC) is defined in IEEE 802.1Qbb. PFC extends the IEEE 802.3x standard flow control mechanism. Under standard flow control, when a port becomes busy, the switch manages congestion by pausing all the traffic on the port, regardless of the traffic type. PFC provides more granular flow control, allowing the switch to pause specified types of traffic on the port, while other traffic on the port continues.
BLADEOS 6.5.2 Application Guide Global Configuration PFC requires CEE to be turned on (“Turning CEE On or Off” on page 192). When CEE is turned on, standard flow control is disabled on all ports, and PFC is enabled on all ports for 802.1p priority value 3. While CEE is turned on, PFC cannot be disabled for priority value 3. This default is chosen because priority value 3 is commonly used to identify FCoE traffic in a CEE environment and must be guaranteed lossless behavior.
BLADEOS 6.5.2 Application Guide PFC Configuration Example Note – DCBX may be configured to permit sharing or learning PFC configuration with or from external devices. This example assumes that PFC configuration is being performed manually. See “Data Center Bridging Capability Exchange” on page 211 for more information on DCBX. This example is consistent with the network shown in Figure 22 on page 189. In this example, the following topology is used.
BLADEOS 6.5.2 Application Guide 2. Enable PFC for the FCoE traffic. Note – PFC is enabled on priority 3 by default. If using the defaults, the manual configuration commands shown in this step are not necessary. RS G8124(config)# cee global pfc priority 3 enable (Enable on FCoE priority) RS G8124(config)# cee global pfc priority 3 description "FCoE" (Optional description) 3.
BLADEOS 6.5.2 Application Guide Enhanced Transmission Selection Enhanced Transmission Selection (ETS) is defined in IEEE 802.1Qaz. ETS provides a method for allocating port bandwidth based on 802.1p priority values in the VLAN tag. Using ETS, different amounts of link bandwidth can specified for different traffic types (such as for LAN, SAN, and management).
BLADEOS 6.5.2 Application Guide 802.1p priority values may be assigned by the administrator for a variety of purposes. However, when CEE is turned on, the G8124 sets the initial default values for ETS configuration as follows: Figure 23 Default ETS Priority Groups Typical Traffic Type LAN LAN LAN SAN Latency-Sensitive LAN Latency-Sensitive LAN Latency-Sensitive LAN Latency-Sensitive LAN 802.
BLADEOS 6.5.2 Application Guide Priority Groups For ETS use, each 801.2p priority value is assigned to a priority group which can then be allocated a specific portion of available link bandwidth. To configure a priority group, the following is required: CEE must be turned on (“Turning CEE On or Off” on page 192) for the ETS feature to function. A priority group must be assigned a priority group ID (PGID), one or more 802.1p priority values, and allocated link bandwidth greater than 0%.
BLADEOS 6.5.2 Application Guide Assigning Priority Values to a Priority Group Each priority group may be configured from its corresponding ETS Priority Group, available using the following command: RS G8124(config)# cee global ets priority-group priorities where priority list is one or more 802.1p priority values (with each separated by a comma).
BLADEOS 6.5.2 Application Guide Allocating Bandwidth Allocated Bandwidth for PGID 0 Through 7 The administrator may allocate a portion of the switch’s available bandwidth to PGIDs 0 through 7. Available bandwidth is defined as the amount of link bandwidth that remains after priorities within PGID 15 are serviced (see “Unlimited Bandwidth for PGID 15” on page 208), and assuming that all PGIDs are fully subscribed.
BLADEOS 6.5.2 Application Guide If PGID 15 has low traffic levels, most of the switch’s bandwidth will be available to serve priority groups 0 through 7. However, if PGID 15 consumes a larger part of the switch’s total bandwidth, the amount available to the other groups is reduced. Note – Consider traffic load when assigning priority values to PGID 15. Heavy traffic in this group may restrict the bandwidth available to other groups.
BLADEOS 6.5.2 Application Guide This example can be configured using the following commands: 1. Turn CEE on. RS G8124(config)# cee enable Note – Turning CEE on will automatically change some 802.1p QoS and 802.3x standard flow control settings and menus (see “Turning CEE On or Off” on page 192). 2. Configure each allocated priority group with a description (optional), list of 802.
BLADEOS 6.5.2 Application Guide Data Center Bridging Capability Exchange Data Center Bridging Capability Exchange (DCBX) protocol is a vital element of CEE. DCBX allows peer CEE devices to exchange information about their advanced capabilities. Using DCBX, neighboring network devices discover their peers, negotiate peer configurations, and detect misconfigurations.
BLADEOS 6.5.2 Application Guide Enabling and Disabling DCBX When CEE is turned on, DCBX can be enabled and disabled on a per-port basis, using the following commands: RS G8124(config)# [no] cee port dcbx enable Note – DCBX and vNICs (see “Virtual NICs” on page 153) are not supported simultaneously on the same G8124. When DCBX is enabled on a port, Link Layer Detection Protocol (LLDP) is used to exchange DCBX parameters between CEE peers.
BLADEOS 6.5.2 Application Guide These flags are available for the following CEE features: Application Protocol DCBX exchanges information regarding FCoE and FIP snooping, including the 802.1p priority value used for FCoE traffic.
BLADEOS 6.5.2 Application Guide Configuring DCBX Consider an example consistent Figure 22 on page 189 and used with the previous FCoE examples in this chapter: FCoE is used on ports 2 and 3. CEE features are also used with LANs on ports 1 and 4. All other ports are disabled or are connected to regular (non-CEE) LAN devices. In this example, the G8124 acts as the central point for CEE configuration.
BLADEOS 6.5.2 Application Guide 4. Disable DCBX for each non-CEE port as appropriate: RS G8124(config)# no cee port 5-24 dcbx enable 5. Save the configuration.
BLADEOS 6.5.
Part 5: IP Routing This section discusses Layer 3 switching functions. In addition to switching traffic at near line rates, the application switch can perform multi-protocol routing.
BLADEOS 6.5.
CHAPTER 15 Basic IP Routing This chapter provides configuration background and examples for using the G8124 to perform IP routing functions.
BLADEOS 6.5.2 Application Guide For example, consider the following topology migration: Figure 24 The Router Legacy Network Server Subnet Internet Server Subnet Internet BLADE Switch In this example, a corporate campus has migrated from a router-centric topology to a faster, more powerful, switch-based topology. As is often the case, the legacy of network growth and redesign has left the system with a mix of illogically distributed subnets. This is a situation that switching alone cannot cure.
BLADEOS 6.5.2 Application Guide Example of Subnet Routing Consider the role of the G8124 in the following configuration example: Figure 25 Switch-Based Routing Topology Default router: 205.21.17.1 IF 1 VLAN 1 IF 2 VLAN 2 IF 4 VLAN 4 IF 3 VLAN 3 Server subnet 3: 206.30.15.2-254 Server subnet 1: 100.20.10.2-254 Server subnet 2: 131.15.15.2-254 The switch connects the Gigabit Ethernet and Fast Ethernet trunks from various switched subnets throughout one building.
BLADEOS 6.5.2 Application Guide Using VLANs to Segregate Broadcast Domains If you want to control the broadcasts on your network, use VLANs to create distinct broadcast domains. Create one VLAN for each server subnet, and one for the router. Configuration Example This section describes the steps used to configure the example topology shown in Figure 25 on page 221. 1. Assign an IP address (or document the existing one) for each router and each server.
BLADEOS 6.5.2 Application Guide 3. Determine which switch ports and IP interfaces belong to which VLANs. The following table adds port and VLAN information: Table 22 Subnet Routing Example: Optional VLAN Ports Devices IP Interface Switch Ports VLAN # Default router 1 22 1 Web servers 2 1 and 2 2 Database servers 3 3 and 4 3 Terminal Servers 4 5 and 6 4 Note – To perform this configuration, you must be connected to the switch Command Line Interface (CLI) as the administrator. 4.
BLADEOS 6.5.2 Application Guide 5. Assign a VLAN to each IP interface. Now that the ports are separated into VLANs, the VLANs are assigned to the appropriate IP interface for each subnet.
BLADEOS 6.5.2 Application Guide ECMP Static Routes Equal-Cost Multi-Path (ECMP) is a forwarding mechanism that routes packets along multiple paths of equal cost. ECMP provides equally-distributed link load sharing across the paths. The hashing algorithm used is based on the source IP address (SIP). ECMP routes allow the switch to choose between several next hops toward a given destination. The switch performs periodic health checks (ping) on each ECMP gateway.
BLADEOS 6.5.2 Application Guide Configuring ECMP Static Routes To configure ECMP static routes, add the same route multiple times, each with the same destination IP address, but with a different gateway IP address. These routes become ECMP routes. 1. Add a static route (IP address, subnet mask, gateway, and interface number). RS G8124(config)# ip route 10.10.1.1 255.255.255.255 100.10.1.1 1 2. Add another static route with the same IP address and mask, but a different gateway address.
BLADEOS 6.5.2 Application Guide Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) is a transport protocol that provides a framework for automatically assigning IP addresses and configuration information to other IP hosts or clients in a large TCP/IP network. Without DHCP, the IP address must be entered manually for each network device.
BLADEOS 6.5.2 Application Guide When a switch receives a UDP broadcast on port 67 from a DHCP client requesting an IP address, the switch acts as a proxy for the client, replacing the client source IP (SIP) and destination IP (DIP) addresses. The request is then forwarded as a UDP Unicast MAC layer message to two BOOTP servers whose IP addresses are configured on the switch. The servers respond as a UDP Unicast message back to the switch, with the default gateway and IP address for the client.
CHAPTER 16 Internet Protocol Version 6 Internet Protocol version 6 (IPv6) is a network layer protocol intended to expand the network address space. IPv6 is a robust and expandable protocol that meets the need for increased physical address space.
BLADEOS 6.5.2 Application Guide IPv6 Limitations The following IPv6 features are not supported in this release. Dynamic Host Control Protocol for IPv6 (DHCPv6) Border Gateway Protocol for IPv6 (BGP) Routing Information Protocol for IPv6 (RIPng) Multicast Listener Discovery (MLD) Most other BLADEOS 6.5 features permit IP addresses to be configured using either IPv4 or IPv6 address formats.
BLADEOS 6.5.2 Application Guide IPv6 Address Format The IPv6 address is 128 bits (16 bytes) long and is represented as a sequence of eight 16-bit hex values, separated by colons.
BLADEOS 6.5.2 Application Guide IPv6 Address Types IPv6 supports three types of addresses: unicast (one-to-one), multicast (one-to-many), and anycast (one-to-nearest). Multicast addresses replace the use of broadcast addresses. Unicast Address Unicast is a communication between a single host and a single receiver. Packets sent to a unicast address are delivered to the interface identified by that address.
BLADEOS 6.5.2 Application Guide Anycast Packets sent to an anycast address or list of addresses are delivered to the nearest interface identified by that address. Anycast is a communication between a single sender and a list of addresses. Anycast addresses are allocated from the unicast address space, using any of the defined unicast address formats. Thus, anycast addresses are syntactically indistinguishable from unicast addresses.
BLADEOS 6.5.2 Application Guide IPv6 Interfaces Each IPv6 interface supports multiple IPv6 addresses. You can manually configure up to two IPv6 addresses for each interface, or you can allow the switch to use stateless autoconfiguration. You can manually configure two IPv6 addresses for each interface, as follows: Initial IPv6 address is a global unicast or anycast address.
BLADEOS 6.5.2 Application Guide Neighbor Discovery Neighbor Discovery Overview The switch uses Neighbor Discovery protocol (ND) to gather information about other router and host nodes, including the IPv6 addresses. Host nodes use ND to configure their interfaces and perform health detection. ND allows each node to determine the link-layer addresses of neighboring nodes, and to keep track of each neighbor’s information. A neighboring node is a host or a router that is linked directly to the switch.
BLADEOS 6.5.2 Application Guide Host vs. Router Each IPv6 interface can be configured as a router node or a host node, as follows: A router node’s IP address is configured manually. Router nodes can send Router Advertisements. A host node’s IP address is autoconfigured. Host nodes listen for Router Advertisements that convey information about devices on the network. Note – When IP forwarding is turned on. all IPv6 interfaces configured on the switch can forward packets.
BLADEOS 6.5.2 Application Guide Supported Applications The following applications have been enhanced to provide IPv6 support. Ping The ping command supports IPv6 addresses.
BLADEOS 6.5.2 Application Guide SSH Secure Shell (SSH) connections over IPv6 are supported. The following syntax is required from the client: ssh -u Example: ssh -u 2001:2:3:4:0:0:0:142 TFTP The TFTP commands support both IPv4 and IPv6 addresses. Link-local addresses are not supported. FTP The FTP commands support both IPv4 and IPv6 addresses. Link-local addresses are not supported. DNS client DNS commands support both IPv4 and IPv6 addresses.
BLADEOS 6.5.2 Application Guide Configuration Guidelines When you configure an interface for IPv6, consider the following guidelines: IPv6 only supports static routes. Support for subnet router anycast addresses is not available. A single interface can accept either IPv4 or IPv6 addresses, but not both IPv4 and IPv6 addresses. A single interface can accept multiple IPv6 addresses. A single interface can accept only one IPv4 address.
BLADEOS 6.5.2 Application Guide IPv6 Configuration Examples This section provides steps to configure IPv6 on the switch. IPv6 Example 1 The following example uses IPv6 host mode to autoconfigure an IPv6 address for the interface. By default, the interface is assigned to VLAN 1. 1. Enable IPv6 host mode on an interface. RS RS RS RS G8124(config)# interface ip 2 G8124(config-ip-if)# ip6host G8124(config-ip-if)# enable G8124(config-ip-if)# exit 2. Configure the IPv6 default gateway.
BLADEOS 6.5.2 Application Guide 2. Configure the IPv6 default gateway. RS G8124(config)# ip gateway6 1 address 2001:BA98:7654:BA98:FEDC:1234:ABCD:5412 RS G8124(config)# ip gateway6 1 enable 3. Configure Neighbor Discovery advertisements for the interface (optional) RS G8124(config)# interface ip 3 RS G8124(config-ip-if)# no ipv6 nd suppress-ra 4. Verify the configuration.
BLADEOS 6.5.
CHAPTER 17 Routing Information Protocol In a routed environment, routers communicate with one another to keep track of available routes. Routers can learn about available routes dynamically using the Routing Information Protocol (RIP). BLADEOS software supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2) for exchanging TCP/IPv4 route information with other routers. Note – BLADEOS 6.5 does not support IPv6 for RIP. Distance Vector Protocol RIP is known as a distance vector protocol.
BLADEOS 6.5.2 Application Guide Routing Updates RIP sends routing-update messages at regular intervals and when the network topology changes. Each router “advertises” routing information by sending a routing information update every 30 seconds. If a router doesn’t receive an update from another router for 180 seconds, those routes provided by that router are declared invalid. The routes are removed from the routing table, but they remain in the RIP routes table.
BLADEOS 6.5.2 Application Guide RIPv2 in RIPv1 Compatibility Mode BLADEOS allows you to configure RIPv2 in RIPv1compatibility mode, for using both RIPv2 and RIPv1 routers within a network. In this mode, the regular routing updates use broadcast UDP data packet to allow RIPv1 routers to receive those packets. With RIPv1 routers as recipients, the routing updates have to carry natural or host mask. Hence, it is not a recommended configuration for most network topologies.
BLADEOS 6.5.2 Application Guide Default The RIP router can listen and supply a default route, usually represented as IPv4 0.0.0.0 in the routing table. When a router does not have an explicit route to a destination network in its routing table, it uses the default route to forward those packets. Metric The metric field contains a configurable value between 1 and 15 (inclusive) which specifies the current metric for the interface.
BLADEOS 6.5.2 Application Guide RIP Configuration Example Note – An interface RIP disabled uses all the default values of the RIP, no matter how the RIP parameters are configured for that interface. RIP sends out RIP regular updates to include an UP interface, but not a DOWN interface. 1. Add VLANs for routing interfaces.
BLADEOS 6.5.2 Application Guide Use the following command to check the current valid routes in the routing table of the switch: >> # show ip route For those RIP routes learned within the garbage collection period, that are routes phasing out of the routing table with metric 16, use the following command: >> # show ip rip Locally configured static routes do not appear in the RIP Routes table.
CHAPTER 18 Internet Group Management Protocol Internet Group Management Protocol (IGMP) is used by IPv4 Multicast routers to learn about the existence of host group members on their directly attached subnet (see RFC 2236). The IPv4 Multicast routers get this information by broadcasting IGMP Membership Queries and listening for IPv4 hosts reporting their host group memberships.
BLADEOS 6.5.2 Application Guide IGMP Snooping IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports. The switch learns which server hosts are interested in receiving multicast traffic, and forwards it only to ports connected to those servers. IGMP Snooping conserves bandwidth.
BLADEOS 6.5.2 Application Guide IGMP Groups The G8124 supports a maximum of 1000 IGMP entries, on a maximum of 1024 VLANs. One IGMP entry is allocated for each unique join request, based on the VLAN and IGMP group address. If multiple ports join the same IGMP group using the same VLAN, only a single IGMP entry is used.
BLADEOS 6.5.2 Application Guide The switch supports the following IGMPv3 filter modes: INCLUDE mode: The host requests membership to a multicast group and provides a list of IPv4 addresses from which it wants to receive traffic. EXCLUDE mode: The host requests membership to a multicast group and provides a list of IPv4 addresses from which it does not want to receive traffic. This indicates that the host wants to receive traffic only from sources that are not part of the Exclude list.
BLADEOS 6.5.2 Application Guide IGMP Snooping Configuration Example This section provides steps to configure IGMP Snooping on the switch. 1. Configure port and VLAN membership on the switch. 2. Add VLANs to IGMP Snooping. RS G8124(config)# ip igmp snoop vlan 1 3. Enable IGMPv3 Snooping (optional). RS G8124(config)# ip igmp snoop igmpv3 enable 4. Enable the IGMP feature. RS G8124(config)# ip igmp enable 5. View dynamic IGMP information. RS G8124# show ip igmp groups Note: Local groups (224.0.0.
BLADEOS 6.5.2 Application Guide Static Multicast Router A static multicast router (Mrouter) can be configured for a particular port on a particular VLAN. A static Mrouter does not have to be learned through IGMP Snooping. Any data port can accept a static Mrouter. When you configure a static Mrouter on a VLAN, it replaces any dynamic Mrouters learned through IGMP Snooping. Configure a Static Multicast Router 1. For each MRouter, configure a port (1-24), VLAN (1-4094) and version (1-3).
BLADEOS 6.5.2 Application Guide IGMP Querier IGMP Querier allows the switch to perform the multicast router (Mrouter) role and provide Mrouter discovery when the network or virtual LAN (VLAN) does not have a router. When IGMP Querier is enabled on a VLAN, the switch acts as an IGMP querier in a Layer 2 network environment. The IGMP querier periodically broadcasts IGMP Queries and listens for hosts to respond with IGMP Reports indicating their IGMP group memberships.
BLADEOS 6.5.2 Application Guide IGMP Filtering With IGMP Filtering, you can allow or deny a port to send and receive multicast traffic to certain multicast groups. Unauthorized users are restricted from streaming multicast traffic across the network. If access to a multicast group is denied, IGMP Membership Reports from the port are dropped, and the port is not allowed to receive IPv4 multicast traffic from that group.
BLADEOS 6.5.2 Application Guide Configure IGMP Filtering 1. Enable IGMP Filtering on the switch. >> # ip igmp filtering 2. Define an IGMP filter with IPv4 information. >> # ip igmp profile 1 range 224.0.0.0 226.0.0.0 >> # ip igmp profile 1 action deny >> # ip igmp profile 1 enable 3. Assign the IGMP filter to a port.
BLADEOS 6.5.
CHAPTER 19 Border Gateway Protocol Border Gateway Protocol (BGP) is an Internet protocol that enables routers on an IPv4 network to share and advertise routing information with each other about the segments of the IPv4 address space they can access within their network and with routers on external networks.
BLADEOS 6.5.2 Application Guide Internal Routing Versus External Routing To ensure effective processing of network traffic, every router on your network needs to know how to send a packet (directly or indirectly) to any other location/destination in your network. This is referred to as internal routing and can be done with static routes or using active, internal dynamic routing protocols, such as RIP, RIPv2, and OSPF. Static routes should have a higher degree of precedence than dynamic routing protocols.
BLADEOS 6.5.2 Application Guide Forming BGP Peer Routers Two BGP routers become peers or neighbors once you establish a TCP connection between them. For each new route, if a peer is interested in that route (for example, if a peer would like to receive your static routes and the new route is static), an update message is sent to that peer containing the new route.
BLADEOS 6.5.2 Application Guide Figure 27 Distributing Network Filters in Access Lists and Route Maps Route Maps Network Filter (rmap) (nwf) Access Lists (alist) Route Map 1 Route Map 2 ----------------------------Route Map 32 1 ------- 1 8 8 1 ------8 9 16 1 ------- 249 8 256 Incoming and Outgoing Route Maps You can have two types of route maps: incoming and outgoing.
BLADEOS 6.5.2 Application Guide Precedence You can set a priority to a route map by specifying a precedence value with the following command (Route Map mode): RS G8124(config)# route-map
BLADEOS 6.5.2 Application Guide 4. Set up the BGP attributes. If you want to overwrite the attributes that the peer router is sending, then define the following BGP attributes: Specify the AS numbers that you want to prepend to a matched route and the local preference for the matched route. Specify the metric [Multi Exit Discriminator (MED)] for the matched route.
BLADEOS 6.5.2 Application Guide Aggregating Routes Aggregation is the process of combining several different routes in such a way that a single route can be advertised, which minimizes the size of the routing table. You can configure aggregate routes in BGP either by redistributing an aggregate route into BGP or by creating an aggregate entry in the BGP routing table.
BLADEOS 6.5.2 Application Guide BGP Attributes The following two BGP attributes are discussed in this section: Local preference and metric (Multi-Exit Discriminator). Local Preference Attribute When there are multiple paths to the same destination, the local preference attribute indicates the preferred path. The path with the higher preference is preferred (the default value of the local preference attribute is 100).
BLADEOS 6.5.2 Application Guide Selecting Route Paths in BGP BGP selects only one path as the best path. It does not rely on metric attributes to determine the best path. When the same network is learned via more than one BGP peer, BGP uses its policy for selecting the best route to that network. The BGP implementation on the G8124 uses the following criteria to select a path when the same route is received from multiple peers. 1. Local fixed and static routes are preferred over learned routes. 2.
BLADEOS 6.5.2 Application Guide BGP Failover Configuration Use the following example to create redundant default gateways for a G8124 at a Web Host/ISP site, eliminating the possibility, should one gateway go down, that requests will be forwarded to an upstream router unknown to the switch. As shown in Figure 28, the switch is connected to ISP 1 and ISP 2. The customer negotiates with both ISPs to allow the switch to use their peer routers as default gateways.
BLADEOS 6.5.2 Application Guide 1. Define the VLANs. For simplicity, both default gateways are configured in the same VLAN in this example. The gateways could be in the same VLAN or different VLANs. >> # vlan 1 >> (config-vlan)# member 2. Define the IP interfaces with IPv4 addresses. The switch will need an IP interface for each default gateway to which it will be connected. Each interface must be placed in the appropriate VLAN.
BLADEOS 6.5.2 Application Guide Default Redistribution and Route Aggregation Example This example shows you how to configure the switch to redistribute information from one routing protocol to another and create an aggregate route entry in the BGP routing table to minimize the size of the routing table. As illustrated in Figure 29, you have two peer routers: an internal and an external peer router. Configure the G8124 to redistribute the default routes from AS 200 to AS 135.
BLADEOS 6.5.2 Application Guide 3. Configure internal peer router 1 and external peer router 2 with IPv4 addresses. >> >> >> >> >> # router bgp (config-router-bgp)# (config-router-bgp)# (config-router-bgp)# (config-router-bgp)# neighbor neighbor neighbor neighbor 1 1 2 2 remote-address 10.1.1.4 remote-as 135 remote-address 20.20.20.2 remote-as 200 4. Configure redistribution for Peer 1.
BLADEOS 6.5.
CHAPTER 20 OSPF BLADEOS supports the Open Shortest Path First (OSPF) routing protocol. The BLADEOS implementation conforms to the OSPF version 2 specifications detailed in Internet RFC 1583, and OSPF version 3 specifications in RFC 2740. The following sections discuss OSPF support for the RackSwitch G8124: “OSPFv2 Overview” on page 273.
BLADEOS 6.5.2 Application Guide Types of OSPF Areas An AS can be broken into logical units known as areas. In any AS with multiple areas, one area must be designated as area 0, known as the backbone. The backbone acts as the central OSPF area. All other areas in the AS must be connected to the backbone. Areas inject summary routing information into the backbone, which then distributes it to other areas as needed.
BLADEOS 6.5.2 Application Guide Types of OSPF Routing Devices As shown in Figure 31, OSPF uses the following types of routing devices: Internal Router (IR)—a router that has all of its interfaces within the same area. IRs maintain LSDBs identical to those of other routing devices within the local area. Area Border Router (ABR)—a router that has interfaces in multiple areas. ABRs maintain one LSDB for each connected area and disseminate routing information between areas.
BLADEOS 6.5.2 Application Guide Neighbors and Adjacencies In areas with two or more routing devices, neighbors and adjacencies are formed. Neighbors are routing devices that maintain information about each others’ health. To establish neighbor relationships, routing devices periodically send hello packets on each of their interfaces.
BLADEOS 6.5.2 Application Guide The Shortest Path First Tree The routing devices use a link-state algorithm (Dijkstra’s algorithm) to calculate the shortest path to all known destinations, based on the cumulative cost required to reach the destination. The cost of an individual interface in OSPF is an indication of the overhead required to send packets across it. The cost is inversely proportional to the bandwidth of the interface. A lower cost indicates a higher bandwidth.
BLADEOS 6.5.2 Application Guide OSPFv2 Implementation in BLADEOS BLADEOS supports a single instance of OSPF and up to 4K routes on the network.
BLADEOS 6.5.2 Application Guide Defining Areas If you are configuring multiple areas in your OSPF domain, one of the areas must be designated as area 0, known as the backbone. The backbone is the central OSPF area and is usually physically connected to all other areas. The areas inject routing information into the backbone which, in turn, disseminates the information into other areas. Since the backbone connects the areas in your network, it must be a contiguous area.
BLADEOS 6.5.2 Application Guide Using the Area ID to Assign the OSPF Area Number The OSPF area number is defined in the areaid option. The octet format is used in order to be compatible with two different systems of notation used by other OSPF network vendors. There are two valid ways to designate an area ID: Placing the area number in the last octet (0.0.0.n) Most common OSPF vendors express the area ID number as a single number. For example, the Cisco IOS-based router command “network 1.
BLADEOS 6.5.2 Application Guide Interface Cost The OSPF link-state algorithm (Dijkstra’s algorithm) places each routing device at the root of a tree and determines the cumulative cost required to reach each destination. Usually, the cost is inversely proportional to the bandwidth of the interface. Low cost indicates high bandwidth.
BLADEOS 6.5.2 Application Guide Default Routes When an OSPF routing device encounters traffic for a destination address it does not recognize, it forwards that traffic along the default route. Typically, the default route leads upstream toward the backbone until it reaches the intended area or an external router. Each G8124 acting as an ABR automatically inserts a default route into each attached area.
BLADEOS 6.5.2 Application Guide Virtual Links Usually, all areas in an OSPF AS are physically connected to the backbone. In some cases where this is not possible, you can use a virtual link. Virtual links are created to connect one area to the backbone through another non-backbone area (see Figure 30 on page 274). The area which contains a virtual link must be a transit area and have full routing information. Virtual links cannot be configured inside a stub area or NSSA.
BLADEOS 6.5.2 Application Guide Authentication OSPF protocol exchanges can be authenticated so that only trusted routing devices can participate. This ensures less processing on routing devices that are not listening to OSPF packets. OSPF allows packet authentication and uses IP multicast when sending and receiving packets. Routers participate in routing domains based on pre-defined passwords. BLADEOS supports simple password (type 1 plain text passwords) and MD5 cryptographic authentication.
BLADEOS 6.5.2 Application Guide Configuring Plain Text OSPF Passwords To configure simple plain text OSPF passwords on the switches shown in Figure 33 use the following commands: 1. Enable OSPF authentication for Area 0 on switches 1, 2, and 3. RS G8124(config-router-ospf)# area 0 authentication-type password RS G8124(config-router-ospf)# exit 2. Configure a simple text password up to eight characters for each OSPF IP interface in Area 0 on switches 1, 2, and 3.
BLADEOS 6.5.2 Application Guide Configuring MD5 Authentication Use the following commands to configure MD5 authentication on the switches shown in Figure 33: 1. Enable OSPF MD5 authentication for Area 0 on switches 1, 2, and 3. RS G8124(config-router-ospf)# area 0 authentication-type md5 2. Configure MD5 key ID for Area 0 on switches 1, 2, and 3. RS G8124(config-router-ospf)# message-digest-key 1 md5-key test RS G8124(config-router-ospf)# exit 3.
BLADEOS 6.5.2 Application Guide Host Routes for Load Balancing BLADEOS implementation of OSPF includes host routes. Host routes are used for advertising network device IP addresses to external networks, accomplishing the following goals: ABR Load Sharing As a form of load balancing, host routes can be used for dividing OSPF traffic among multiple ABRs. To accomplish this, each switch provides identical services but advertises a host route for a different IP address to the external network.
BLADEOS 6.5.2 Application Guide OSPFv2 Configuration Examples A summary of the basic steps for configuring OSPF on the G8124 is listed here. Detailed instructions for each of the steps is covered in the following sections: 1. Configure IP interfaces. One IP interface is required for each desired network (range of IP addresses) being assigned to an OSPF area on the switch. 2. (Optional) Configure the router ID. The router ID is required only when configuring virtual links on the switch. 3.
BLADEOS 6.5.2 Application Guide Example 1: Simple OSPF Domain In this example, two OSPF areas are defined—one area is the backbone and the other is a stub area. A stub area does not allow advertisements of external routes, thus reducing the size of the database. Instead, a default summary route of IP address 0.0.0.0 is automatically inserted into the stub area. Any traffic for IP address destinations outside the stub area will be forwarded to the stub area’s IP interface, and then into the backbone.
BLADEOS 6.5.2 Application Guide 3. Define the backbone. The backbone is always configured as a transit area using areaid 0.0.0.0. RS G8124(config-router-ospf)# area 0 area-id 0.0.0.0 RS G8124(config-router-ospf)# area 0 type transit RS G8124(config-router-ospf)# area 0 enable 4. Define the stub area. RS RS RS RS G8124(config-router-ospf)# G8124(config-router-ospf)# G8124(config-router-ospf)# G8124(config-router-ospf)# area 1 area-id 0.0.0.1 area 1 type stub area 1 enable exit 5.
BLADEOS 6.5.2 Application Guide Example 2: Virtual Links In the example shown in Figure 35, area 2 is not physically connected to the backbone as is usually required. Instead, area 2 will be connected to the backbone via a virtual link through area 1. The virtual link must be configured at each endpoint. Figure 35 Configuring a Virtual Link Switch 1 Switch 2 Note – OSPFv2 supports IPv4 only. IPv6 is supported in OSPFv3 (see “OSPFv3 Implementation in BLADEOS” on page 298).
BLADEOS 6.5.2 Application Guide 3. Enable OSPF. RS G8124(config)# router ospf RS G8124(config-router-ospf)# enable 4. Define the backbone. RS G8124(config-router-ospf)# area 0 area-id 0.0.0.0 RS G8124(config-router-ospf)# area 0 type transit RS G8124(config-router-ospf)# area 0 enable 5. Define the transit area. The area that contains the virtual link must be configured as a transit area.
BLADEOS 6.5.2 Application Guide Configuring OSPF for a Virtual Link on Switch #2 1. Configure IP interfaces on each network that will be attached to OSPF areas. In this example, two IP interfaces are needed: Interface 1 for the transit area network on 10.10.12.0/24 Interface 2 for the stub area network on 10.10.24.
BLADEOS 6.5.2 Application Guide 6. Define the stub area. RS RS RS RS G8124(config-router-ospf)# G8124(config-router-ospf)# G8124(config-router-ospf)# G8124(config-router-ospf)# area 2 area-id 0.0.0.2 area 1 type stub area 1 enable exit 7. Attach the network interface to the backbone. RS RS RS RS G8124(config)# interface ip 1 G8124(config-ip-if)# ip ospf area 1 G8124(config-ip-if)# ip ospf enable G8124(config-ip-if)# exit 8. Attach the network interface to the transit area.
BLADEOS 6.5.2 Application Guide Example 3: Summarizing Routes By default, ABRs advertise all the network addresses from one area into another area. Route summarization can be used for consolidating advertised addresses and reducing the perceived complexity of the network. If network IP addresses in an area are assigned to a contiguous subnet range, you can configure the ABR to advertise a single summary route that includes all individual IP addresses within the area.
BLADEOS 6.5.2 Application Guide 2. Enable OSPF. RS G8124(config)# router ospf RS G8124(config-router-ospf)# enable 3. Define the backbone. RS G8124(config-router-ospf)# area 0 area-id 0.0.0.0 RS G8124(config-router-ospf)# area 0 type transit RS G8124(config-router-ospf)# area 0 enable 4. Define the stub area. RS RS RS RS G8124(config-router-ospf)# G8124(config-router-ospf)# G8124(config-router-ospf)# G8124(config-router-ospf)# area 1 area-id 0.0.0.1 area 1 type stub area 1 enable exit 5.
BLADEOS 6.5.2 Application Guide 8. Use the hide command to prevent a range of addresses from advertising to the backbone. RS G8124(config)# router ospf RS G8124(config-router-ospf)# 255.255.255.0 RS G8124(config-router-ospf)# RS G8124(config-router-ospf)# RS G8124(config-router-ospf)# area-range 2 address 36.128.200.
BLADEOS 6.5.2 Application Guide OSPFv3 Implementation in BLADEOS OSPF version 3 is based on OSPF version 2, but has been modified to support IPv6 addressing. In most other ways, OSPFv3 is similar to OSPFv2: They both have the same packet types and interfaces, and both use the same mechanisms for neighbor discovery, adjacency formation, LSA flooding, aging, and so on.
BLADEOS 6.5.2 Application Guide OSPFv3 Uses Independent Command Paths Though OSPFv3 and OSPFv2 are very similar, they are configured independently. They each have their own separate menus in the CLI, and their own command paths in the ISCLI.
BLADEOS 6.5.2 Application Guide OSPFv3 Limitations BLADEOS 6.5 does not currently support the following OSPFv3 features: Multiple instances of OSPFv3 on one IPv6 link. Authentication via IPv6 Security (IPsec) OSPFv3 Configuration Example The following example depicts the OSPFv3 equivalent configuration of “Example 3: Summarizing Routes” on page 295 for OSPFv2. In this example, one summary route from area 1 (stub area) is injected into area 0 (the backbone).
BLADEOS 6.5.2 Application Guide 2. Enable OSPFv3. RS G8124(config)# ipv6 router ospf RS G8124(config-router-ospf3)# enable This is equivalent to the OSPFv2 enable option in the router ospf command path. 3. Define the backbone. RS G8124(config-router-ospf3)# area 0 area-id 0.0.0.0 RS G8124(config-router-ospf3)# area 0 type transit RS G8124(config-router-ospf3)# area 0 enable This is identical to OSPFv2 configuration. 4. Define the stub area.
BLADEOS 6.5.2 Application Guide 7. Configure route summarization by specifying the starting address and prefix length of the range of addresses to be summarized. RS RS RS RS G8124(config)# ipv6 router ospf G8124(config-router-ospf3)# area-range 1 address 36:0:0:0:0:0:0:0 32 G8124(config-router-ospf3)# area-range 1 area 0 G8124(config-router-ospf3)# area-range 1 enable This differs from OSPFv2 only in that the OSPFv3 command path is used, and the address and prefix are specified in IPv6 format. 8.
CHAPTER 21 Protocol Independent Multicast BLADEOS supports Protocol Independent Multicast (PIM) in Sparse Mode (PIM-SM) and Dense Mode (PIM-DM). Note – BLADEOS 6.5 does not support IPv6 for PIM.
BLADEOS 6.5.2 Application Guide PIM-SM is a reverse-path routing mechanism. Client receiver stations advertise their willingness to join a multicast group. The local routing and switching devices collect multicast routing information and forward the request toward the station that will provide the multicast content. When the join requests reach the sending station, the multicast data is sent toward the receivers, flowing in the opposite direction of the original join requests.
BLADEOS 6.5.2 Application Guide The following PIM modes and features are not currently supported in BLADEOS 6.5: Hybrid Sparse-Dense Mode (PIM-SM/DM). Sparse Mode and Dense Mode may be configured on separate IP interfaces on the switch, but are not currently supported simultaneously on the same IP interface. PIM Source-Specific Multicast (PIM-SSM) Anycast RP PIM RP filters Only configuration via the switch ISCLI is supported.
BLADEOS 6.5.2 Application Guide Defining a PIM Network Component The G8124 can be attached to a maximum of two independent PIM network components. Each component represents a different PIM network, and can be defined for either PIM-SM or PIM-DM operation.
BLADEOS 6.5.2 Application Guide PIM Neighbor Filters The G8124 accepts connection to up to 72 PIM interfaces. By default, the switch accepts all PIM neighbors attached to the PIM-enabled interfaces, up to the maximum number. Once the maximum is reached, the switch will deny further PIM neighbors. To ensure that only the appropriate PIM neighbors are accepted by the switch, the administrator can use PIM neighbor filters to specify which PIM neighbors may be accepted or denied on a per-interface basis.
BLADEOS 6.5.2 Application Guide Additional Sparse Mode Settings Specifying the Rendezvous Point Using PIM-SM, at least one PIM-capable router must be a candidate for use as a Rendezvous Point (RP) for any given multicast group. If desired, the G8124 can act as an RP candidate. To assign a configured switch IP interface as a candidate, use the following procedure. 1. Select the PIM component that will represent the RP candidate: RS G8124(config)# ip pim component <1-2> 2.
BLADEOS 6.5.2 Application Guide Influencing the Designated Router Selection Using PIM-SM, All PIM-enabled IP interfaces are considered as potential Designate Routers (DR) for their domain. By default, the interface with the highest IP address on the domain is selected. However, if an interface is configured with a DR priority value, it overrides the IP address selection process. If more than one interface on a domain is configured with a DR priority, the one with the highest number is selected.
BLADEOS 6.5.2 Application Guide Using PIM with Other Features PIM with ACLs or VMAPs If using ACLs or VMAPs, be sure to permit traffic for local hosts and routers. PIM with IGMP If using IGMP (see “Internet Group Management Protocol” on page 249): IGMP static joins can be configured with a PIM-SM or PIM-DM multicast group IPv4 address.
BLADEOS 6.5.2 Application Guide PIM Configuration Examples Example 1: PIM-SM with Dynamic RP This example configures PIM Sparse Mode for one IP interface, with the switch acting as a candidate for dynamic Rendezvous Point (RP) selection. 1. Globally enable the PIM feature: RS G8124(config)# ip pim enable 2.
BLADEOS 6.5.2 Application Guide Example 2: PIM-SM with Static RP The following commands can be used to modify the prior example configuration to use a static RP: RS G8124(config)# ip pim static-rp enable RS G8124(config)# ip pim component 1 RS G8124(config-ip-pim-comp)# rp-static rp-address 225.1.0.0 255.255.0.0 10.10.1.1 RS G8124(config-ip-pim-comp)# exit Where 225.1.0.0 255.255.0.0 is the multicast group base address and mask, and 10.10.1.1 is the RP candidate address.
BLADEOS 6.5.2 Application Guide 1. Configure the PIM-SM component as shown in the prior examples, or if using PIM-DM independently, enable the PIM feature. RS G8124(config)# ip pim enable 2. Configure a PIM component and set the PIM mode: RS G8124(config)# ip pim component 2 RS G8124(config-ip-pim-comp)# mode dense RS G8124(config-ip-pim-comp)# exit 3. Define an IP interface for use with PIM: RS RS RS RS G8124(config)# interface ip 102 G8124(config-ip-if)# ip address 10.10.1.2 255.255.255.
BLADEOS 6.5.
Part 6: High Availability Fundamentals Internet traffic consists of myriad services and applications which use the Internet Protocol (IP) for data delivery. However, IP is not optimized for all the various applications. High Availability goes beyond IP and makes intelligent switching decisions to provide redundant network configurations.
BLADEOS 6.5.
CHAPTER 22 Basic Redundancy BLADEOS 6.5 includes various features for providing basic link or device redundancy: “Trunking for Link Redundancy” on page 317 “Hot Links” on page 318 “Active MultiPath Protocol” on page 320 Trunking for Link Redundancy Multiple switch ports can be combined together to form robust, high-bandwidth trunks to other devices. Since trunks are comprised of multiple physical links, the trunk group is inherently fault tolerant.
BLADEOS 6.5.2 Application Guide Hot Links For network topologies that require Spanning Tree to be turned off, Hot Links provides basic link redundancy with fast recovery. Hot Links consists of up to 25 triggers. A trigger consists of a pair of layer 2 interfaces, each containing an individual port, trunk, or LACP adminkey. One interface is the Master, and the other is a Backup.
BLADEOS 6.5.2 Application Guide Configuration Guidelines The following configuration guidelines apply to Hot links: Ports that are configured as Hot Link interfaces must have STP disabled. When Hot Links is turned on, MSTP, RSTP, and PVRST must be turned off. When Hot Links is turned on, UplinkFast must be disabled. A port that is a member of the Master interface cannot be a member of the Backup interface.
BLADEOS 6.5.2 Application Guide Active MultiPath Protocol Active MultiPath Protocol (AMP) allows you to connect three switches in a loop topology, and load-balance traffic across all uplinks (no blocking). When an AMP link fails, upstream communication continues over the remaining AMP link. Once the failed AMP link re-establishes connectivity, communication resumes to its original flow pattern. AMP is supported over Layer 2 only. Layer 3 routing is not supported.
BLADEOS 6.5.2 Application Guide When the AMP loop is broken, the STP port states are set to forwarding or blocking, depending on the switch priority and port/trunk precedence, as follows: An aggregator's port/trunk has higher precedence over an access switch's port/trunk. Static trunks have highest precedence, followed by LACP trunks, then physical ports. Between two static trunks, the trunk with the lower trunk ID has higher precedence.
BLADEOS 6.5.2 Application Guide AMP ports cannot be used as monitoring ports in a port-mirroring configuration. Do not configure AMP ports as Layer 2 Failover control ports. For IGMP, IP-based multicast entries support only Layer 2 (MAC) based multicast forwarding for IGMP Snooping. IGMP snooping must be disabled before enabling AMP, to clear all the existing IP based multicast entries. IGMP Snooping may be re-enabled after AMP is enabled.
BLADEOS 6.5.2 Application Guide Configuring an Access Switch Perform the following steps to configure AMP on an access switch: 1. Turn off Spanning Tree. >> # spanning-tree mode disable 2. Turn AMP on. >> # active-multipath enable 3. Define the AMP group links, and enable the AMP group. >> # active-multipath group 1 port 3 >> # active-multipath group 1 port2 4 >> # active-multipath group 1 enable Verifying AMP Operation Display AMP group information to verify that the AMP loop is healthy.
BLADEOS 6.5.
CHAPTER 23 Layer 2 Failover The primary application for Layer 2 Failover is to support Network Adapter Teaming. With Network Adapter Teaming, all the NICs on each server share the same IP address, and are configured into a team. One NIC is the primary link, and the other is a standby link. For more details, refer to the documentation for your Ethernet adapter. Note – Only two links per server can be used for Layer 2 Trunk Failover (one primary and one backup).
BLADEOS 6.5.2 Application Guide Figure 41 is a simple example of Layer 2 Failover. One G8124 is the primary, and the other is used as a backup. In this example, all ports on the primary switch belong to a single trunk group, with Layer 2 Failover enabled, and Failover Limit set to 2. If two or fewer links in trigger 1 remain active, the switch temporarily disables all control ports. This action causes a failover event on Server 1 and Server 2.
BLADEOS 6.5.2 Application Guide Manually Monitoring Port Links The Manual Monitor allows you to configure a set of ports and/or trunks to monitor for link failures (a monitor list), and another set of ports and/or trunks to disable when the trigger limit is reached (a control list). When the switch detects a link failure on the monitor list, it automatically disables the items in control list.
BLADEOS 6.5.2 Application Guide L2 Failover with Other Features L2 Failover works together with Link Aggregation Control Protocol (LACP) and with Spanning Tree Protocol (STP), as described below. LACP Link Aggregation Control Protocol allows the switch to form dynamic trunks. You can use the admin key to add up to two LACP trunks to a failover trigger using automatic monitoring. When you add an admin key to a trigger, any LACP trunk with that admin key becomes a member of the trigger.
BLADEOS 6.5.2 Application Guide Configuring Layer 2 Failover Use the following procedure to configure a Layer 2 Failover Manual Monitor. 1. Specify the links to monitor. >> # failover trigger 1 mmon monitor member 1-5 2. Specify the links to disable when the failover limit is reached. >> # failover trigger 1 mmon control member 6-10 3. Configure general Failover parameters.
BLADEOS 6.5.
CHAPTER 24 Virtual Router Redundancy Protocol The BNT RackSwitch G8124 (G8124) supports IPv4 high-availability network topologies through an enhanced implementation of the Virtual Router Redundancy Protocol (VRRP). Note – BLADEOS 6.5 does not support IPv6 for VRRP. The following topics are discussed in this chapter: “VRRP Overview” on page 332. This section discusses VRRP operation and BLADEOS redundancy configurations. “Failover Methods” on page 334.
BLADEOS 6.5.2 Application Guide VRRP Overview In a high-availability network topology, no device can create a single point-of-failure for the network or force a single point-of-failure to any other part of the network. This means that your network will remain in service despite the failure of any single device. To achieve this usually requires redundancy for all vital network components.
BLADEOS 6.5.2 Application Guide Master and Backup Virtual Router Within each virtual router, one VRRP router is selected to be the virtual router master. See “Selecting the Master VRRP Router” on page 334 for an explanation of the selection process. Note – If the IPv4 address owner is available, it will always become the virtual router master. The virtual router master forwards packets sent to the virtual router.
BLADEOS 6.5.2 Application Guide Selecting the Master VRRP Router Each VRRP router is configured with a priority between 1–254. A bidding process determines which VRRP router is or becomes the master—the VRRP router with the highest priority. The master periodically sends advertisements to an IPv4 multicast address. As long as the backups receive these advertisements, they remain in the backup state.
BLADEOS 6.5.2 Application Guide Active-Active Redundancy In an active-active configuration, shown in Figure 42, two switches provide redundancy for each other, with both active at the same time. Each switch processes traffic on a different subnet. When a failure occurs, the remaining switch can process traffic on all subnets. For a configuration example, see “High Availability Configurations” on page 338.
BLADEOS 6.5.2 Application Guide BLADEOS Extensions to VRRP This section describes VRRP enhancements that are implemented in BLADEOS. BLADEOS supports a tracking function that dynamically modifies the priority of a VRRP router, based on its current state. The objective of tracking is to have, whenever possible, the master bidding processes for various virtual routers in a LAN converge on the same switch. Tracking ensures that the selected switch is the one that offers optimal network performance.
BLADEOS 6.5.2 Application Guide Virtual Router Deployment Considerations Assigning VRRP Virtual Router ID During the software upgrade process, VRRP virtual router IDs will be automatically assigned if failover is enabled on the switch. When configuring virtual routers at any point after upgrade, virtual router ID numbers must be assigned. The virtual router ID may be configured as any number between 1 and 255.
BLADEOS 6.5.2 Application Guide High Availability Configurations Figure 43 shows an example configuration where two G8124s are used as VRRP routers in an active-active configuration. In this configuration, both switches respond to packets. Figure 43 Active-Active High-Availability Configuration VIR 1: 192.168.1.200 (Master) VIR 2: 192.168.2.200 (Backup) L2 Switch 1 2 NIC 1: 10.0.1.1/24 Server 1 NIC 2: 10.0.2.1/24 Switch 1 NIC 1: 10.0.1.2/24 Server 2 NIC 2: 10.0.2.
BLADEOS 6.5.2 Application Guide Task 1: Configure G8124 1 1. Configure client and server interfaces.
BLADEOS 6.5.2 Application Guide 4. Enable tracking on ports. Set the priority of Virtual Router 1 to 101, so that it becomes the Master. RS RS RS RS G8124(config-vrrp)# G8124(config-vrrp)# G8124(config-vrrp)# G8124(config-vrrp)# virtual-router 1 track ports virtual-router 1 priority 101 virtual-router 2 track ports exit 5. Configure ports.
BLADEOS 6.5.2 Application Guide Task 2: Configure G8124 2 1. Configure client and server interfaces.
BLADEOS 6.5.2 Application Guide 4. Enable tracking on ports. Set the priority of Virtual Router 2 to 101, so that it becomes the Master. RS RS RS RS G8124(config-vrrp)# G8124(config-vrrp)# G8124(config-vrrp)# G8124(config-vrrp)# virtual-router 1 track ports virtual-router 2 track ports virtual-router 2 priority 101 exit 5. Configure ports.
Part 7: Network Management BMD00220, October 2010 343
BLADEOS 6.5.
CHAPTER 25 Link Layer Discovery Protocol The BLADEOS software support Link Layer Discovery Protocol (LLDP). This chapter discusses the use and configuration of LLDP on the switch: “LLDP Overview” on page 345 “Enabling or Disabling LLDP” on page 346 “LLDP Transmit Features” on page 347 “LLDP Receive Features” on page 351 “LLDP Example Configuration” on page 353 LLDP Overview Link Layer Discovery Protocol (LLDP) is an IEEE 802.
BLADEOS 6.5.2 Application Guide The LLDP information to be distributed by the G8124 ports, and that which has been collected from other LLDP stations, is stored in the switch’s Management Information Base (MIB). Network Management Systems (NMS) can use Simple Network Management Protocol (SNMP) to access this MIB information. LLDP-related MIB information is read-only.
BLADEOS 6.5.2 Application Guide LLDP Transmit Features Numerous LLDP transmit options are available, including scheduled and minimum transmit interval, expiration on remote systems, SNMP trap notification, and the types of information permitted to be shared. Scheduled Interval The G8124 can be configured to transmit LLDP information to neighboring devices once each 5 to 32768 seconds. The scheduled interval is global; the same interval value applies to all LLDP transmit-enabled ports.
BLADEOS 6.5.2 Application Guide Time-to-Live for Transmitted Information The transmitted LLDP information is held by remote systems for a limited time. A time-to-live parameter allows the switch to determine how long the transmitted data should be held before it expires. The hold time is configured as a multiple of the configured transmission interval. RS G8124(config)# lldp holdtime-multiplier where multiplier is a value between 2 and 10.
BLADEOS 6.5.2 Application Guide If SNMP trap notification is enabled, the notification messages can also appear in the system log. This is enabled by default.
BLADEOS 6.5.
BLADEOS 6.5.
BLADEOS 6.5.2 Application Guide To view detailed information for a remote device, specify the Index number as found in the summary.
BLADEOS 6.5.2 Application Guide LLDP Example Configuration 1. Turn LLDP on globally. RS G8124(config)# lldp enable 2. Set the global LLDP timer features. RS RS RS RS RS G8124(config)# G8124(config)# G8124(config)# G8124(config)# G8124(config)# lldp lldp lldp lldp lldp transmission-delay 30 transmission-delay 2 holdtime-multiplier 4 reinit-delay 2 trap-notification-interval (Transmit each 30 seconds) (No more often than 2 sec.) (Remote hold 4 intervals) (Wait 2 sec. after reinit.) 5(Minimum 5 sec.
BLADEOS 6.5.
CHAPTER 26 Simple Network Management Protocol BLADEOS provides Simple Network Management Protocol (SNMP) version 1, version 2, and version 3 support for access through any network management software, such as IBM Director or HP-OpenView. Note – SNMP read and write functions are enabled by default. For best security practices, if SNMP is not needed for your network, it is recommended that you disable these functions prior to connecting the switch to the network.
BLADEOS 6.5.2 Application Guide SNMP Version 3 SNMP version 3 (SNMPv3) is an enhanced version of the Simple Network Management Protocol, approved by the Internet Engineering Steering Group in March, 2002. SNMPv3 contains additional security and authentication features that provide data origin authentication, data integrity checks, timeliness indicators and encryption to protect against threats such as masquerade, modification of information, message stream modification and disclosure.
BLADEOS 6.5.2 Application Guide User Configuration Example 1. To configure a user with name “admin,” authentication type MD5, and authentication password of “admin,” privacy option DES with privacy password of “admin,” use the following CLI commands. RS G8124(config)# snmp-server user 5 name admin RS G8124(config)# snmp-server user 5 authentication-protocol md5 authentication-password Changing authentication password; validation required: Enter current admin password:
BLADEOS 6.5.2 Application Guide Configuring SNMP Trap Hosts SNMPv1 Trap Host 1. Configure a user with no authentication and password. >> # /cfg/sys/ssnmp/snmpv3/usm 10/name "v1trap" 2. Configure an access group and group table entries for the user. Use the following menu to specify which traps can be received by the user: >> # /cfg/sys/ssnmp/snmpv3/access In the example below the user will receive the traps sent by the switch.
BLADEOS 6.5.2 Application Guide 5. Use the community table to specify which community string is used in the trap. /c/sys/ssnmp/snmpv3/comm 10 index v1trap name public uname v1trap (Define the community string) SNMPv2 Trap Host Configuration The SNMPv2 trap host configuration is similar to the SNMPv1 trap host configuration. Wherever you specify the model, use snmpv2 instead of snmpv1.
BLADEOS 6.5.2 Application Guide SNMPv3 Trap Host Configuration To configure a user for SNMPv3 traps, you can choose to send the traps with both privacy and authentication, with authentication only, or without privacy or authentication. This is configured in the access table using the following commands: RS G8124(config)# snmp-server access <1-32> level RS G8124(config)# snmp-server target-parameters <1-16> Configure the user in the user table accordingly.
BLADEOS 6.5.2 Application Guide SNMP MIBs The BLADEOS SNMP agent supports SNMP version 3. Security is provided through SNMP community strings. The default community strings are “public” for SNMP GET operation and “private” for SNMP SET operation. The community string can be modified only through the Command Line Interface (CLI). Detailed SNMP MIBs and trap definitions of the BLADEOS SNMP agent are contained in the following BLADEOS enterprise MIB document: GbTOR-10G-L2L3.
BLADEOS 6.5.2 Application Guide The BLADEOS SNMP agent supports the following generic traps as defined in RFC 1215: ColdStart WarmStart LinkDown LinkUp AuthenticationFailure The SNMP agent also supports two Spanning Tree traps as defined in RFC 1493: NewRoot TopologyChange The following are the enterprise SNMP traps supported in BLADEOS: Table 25 BLADEOS-Supported Enterprise SNMP Traps Trap Name Description altSwDefGwUp Signifies that the default gateway is alive.
BLADEOS 6.5.2 Application Guide Table 25 BLADEOS-Supported Enterprise SNMP Traps (continued) Trap Name Description altSwStgTopologyChanged Signifies that there was a STG topology change. altSwStgBlockingState An altSwStgBlockingState trap is sent when port state is changed in blocking state. altSwCistNewRoot Signifies that the bridge has become the new root of the CIST. altSwCistTopologyChanged Signifies that there was a CIST topology change.
BLADEOS 6.5.2 Application Guide Switch Images and Configuration Files This section describes how to use MIB calls to work with switch images and configuration files. You can use a standard SNMP tool to perform the actions, using the MIBs listed in Table 26. Table 26 lists the MIBS used to perform operations associated with the Switch Image and Configuration files. Table 26 MIBs for Switch Image and Configuration Files MIB Name MIB OID agTransferServer 1.3.6.1.4.1872.2.5.1.1.7.1.0 agTransferImage 1.3.
BLADEOS 6.5.2 Application Guide Loading a New Switch Image To load a new switch image with the name “MyNewImage-1.img” into image2, follow the steps below. This example shows an FTP/TFTP server at IPv4 address 192.168.10.10, though IPv6 is also supported. 1. Set the FTP/TFTP server address where the switch image resides: Set agTransferServer.0 "192.168.10.10" 2. Set the area where the new image will be loaded: Set agTransferImage.0 "image2" 3. Set the name of the image: Set agTransferImageFileName.
BLADEOS 6.5.2 Application Guide Saving the Switch Configuration To save the switch configuration to a FTP/TFTP server follow the steps below. This example shows a FTP/TFTP server at IPv4 address 192.168.10.10, though IPv6 is also supported. 1. Set the FTP/TFTP server address where the configuration file is saved: Set agTransferServer.0 "192.168.10.10" 2. Set the name of the configuration file: Set agTransferCfgFileName.0 "MyRunningConfig.cfg" 3.
Part 8: Monitoring The ability to monitor traffic passing through the G8124 can be invaluable for troubleshooting some types of networking problems.
BLADEOS 6.5.
CHAPTER 27 Remote Monitoring Remote Monitoring (RMON) allows network devices to exchange network monitoring data. RMON allows the switch to perform the following functions: Track events and trigger alarms when a threshold is reached. Notify administrators by issuing a syslog message or SNMP trap. RMON Overview The RMON MIB provides an interface between the RMON agent on the switch and an RMON management application. The RMON MIB is described in RFC 1757.
BLADEOS 6.5.2 Application Guide RMON Group 1—Statistics The switch supports collection of Ethernet statistics as outlined in the RMON statistics MIB, in reference to etherStatsTable. You can configure RMON statistics on a per-port basis. RMON statistics are sampled every second, and new data overwrites any old data on a given port. Note – RMON port statistics must be enabled for the port before you can view RMON statistics. Example Configuration 1. Enable RMON on a port.
BLADEOS 6.5.2 Application Guide RMON Group 2—History The RMON History Group allows you to sample and archive Ethernet statistics for a specific interface during a specific time interval. History sampling is done per port. Note – RMON port statistics must be enabled for the port before an RMON History Group can monitor the port. Data is stored in buckets, which store data gathered during discreet sampling intervals.
BLADEOS 6.5.2 Application Guide Configuring RMON History Perform the following steps to configure RMON History on a port. 1. Enable RMON on a port. RS G8124(config)# interface port 1 RS G8124(config-if)# rmon RS G8124(config-if)# exit 2. Configure the RMON History parameters for a port. RS RS RS RS G8124(config)# G8124(config)# G8124(config)# G8124(config)# rmon rmon rmon rmon history history history history 1 1 1 1 interface-oid 1.3.6.1.2.1.2.2.1.1.
BLADEOS 6.5.2 Application Guide RMON Group 3—Alarms The RMON Alarm Group allows you to define a set of thresholds used to determine network performance. When a configured threshold is crossed, an alarm is generated. For example, you can configure the switch to issue an alarm if more than 1,000 CRC errors occur during a 10-minute time interval. Each Alarm index consists of a variable to monitor, a sampling time interval, and parameters for rising and falling thresholds.
BLADEOS 6.5.2 Application Guide RMON Group 9—Events The RMON Event Group allows you to define events that are triggered by alarms. An event can be a log message, an SNMP trap, or both. When an alarm is generated, it triggers a corresponding event notification.
CHAPTER 28 sFLOW The G8124 supports sFlow technology for monitoring traffic in data networks. The switch includes an embedded sFlow agent which can be configured to provide continuous monitoring information of IPv4 traffic to a central sFlow analyzer. The switch is responsible only for forwarding sFlow information. A separate sFlow analyzer is required elsewhere on the network in order to interpret sFlow data. Note – BLADEOS 6.5 does not support IPv6 for sFLOW.
BLADEOS 6.5.2 Application Guide sFlow sampling has the following restrictions: Sample Rate—The fastest sFlow sample rate is 1 out of every 256 packets. ACLs—sFlow sampling is performed before ACLs are processed. For ports configured both with sFlow sampling and one or more ACLs, sampling will occur regardless of the action of the ACL. Port Mirroring—sFlow sampling will not occur on mirrored traffic.
CHAPTER 29 Port Mirroring The BLADEOS port mirroring feature allows you to mirror (copy) the packets of a target port, and forward them to a monitoring port. Port mirroring functions for all layer 2 and layer 3 traffic on a port. This feature can be used as a troubleshooting tool or to enhance the security of your network. For example, an IDS server or other traffic sniffer device or analyzer can be connected to the monitoring port in order to detect intruders attacking the network.
BLADEOS 6.5.2 Application Guide The G8124 supports three monitor ports. Each monitor port can receive mirrored traffic from any number of target ports. BLADEOS does not support “one to many” or “many to many” mirroring models where traffic from a specific port traffic is copied to multiple monitor ports. For example, port 1 traffic cannot be monitored by both port 3 and 4 at the same time, nor can port 2 ingress traffic be monitored by a different port than its egress traffic.
Part 9: Appendices BMD00220, October 2010 379
BLADEOS 6.5.
APPENDIX A Glossary CNA Converged Network Adapter. A device used for I/O consolidation such as that in Converged Enhanced Ethernet (CEE) environments implementing Fibre Channel over Ethernet (FCoE). The CNA performs the duties of both a Network Interface Card (NIC) for Local Area Networks (LANs) and a Host Bus Adapter (HBA) for Storage Area Networks (SANs). DIP The destination IP address of a frame.
BLADEOS 6.5.2 Application Guide Tracking In VRRP, a method to increase the priority of a virtual router and thus master designation (with preemption enabled). Tracking can be very valuable in an active/active configuration. You can track the following: Active IP interfaces on the Web switch (increments priority by 2 for each) Active ports on the same VLAN (increments priority by 2 for each) Number of virtual routers in master mode on the switch VIR Virtual Interface Router.
Index Symbols B [ ]....................................................................... 21 bandwidth allocation ..................................193, 208 BBI, See Browser-Based Interface Bootstrap Router, PIM ........................................309 Border Gateway Protocol (BGP)..........................259 attributes ....................................................266 failover configuration ...................................268 route aggregation .........................................
BLADEOS 6.5.2 Application Guide configuration rules CEE .......................................................... 192 FCoE ........................................................ 191 Trunking.................................................... 104 configuring BGP failover .............................................. 268 DCBX ....................................................... 214 ETS .......................................................... 209 FIP snooping .........................................
BLADEOS 6.5.2 Application Guide I L IBM Director .................................................... 355 IBM DirectorSNMP, IBM Director ....................... 35 ICMP ................................................................. 76 IEEE standards 802.1D .............................................. 109, 110 802.1p ....................................................... 142 802.1Q ........................................................ 90 802.1Qaz ..................................................
BLADEOS 6.5.2 Application Guide P Q packet size .......................................................... 88 password administrator account .............................. 38, 68 default ................................................... 38, 68 user account ........................................... 38, 68 passwords ........................................................... 38 payload size ........................................................ 88 Per Hop Behavior (PHB) ..............................
BLADEOS 6.5.2 Application Guide S T SAN ......................................................... 189, 192 SecurID .............................................................. 61 security LDAP authentication ..................................... 73 port mirroring ............................................. 377 RADIUS authentication ................................. 65 TACACS+ ................................................... 69 VLANs .......................................................
BLADEOS 6.5.2 Application Guide VLANs............................................................... 47 broadcast domains ........................................ 87 default PVID ................................................ 89 example showing multiple VLANs ................. 95 FCoE ........................................................ 197 ID numbers .................................................. 88 interface ...................................................... 48 IP interface configuration ...
