53-1002334-01 30 May 2012 ServerIron Traffic Works Switching and Routing Guide Supporting ServerIron TrafficWorks version 10.2.
Copyright © 2012 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing symbol, DCX, Fabric OS, MLX, SAN Health, VCS, and VDX are registered trademarks, and AnyIO, Brocade One, CloudPlex, Effortless Networking, ICX, NET Health, OpenScript, and The Effortless Network are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners.
Contents CHAPTER 1 ABOUT THIS GUIDE ..................................................................................... 1-1 AUDIENCE ..................................................................................................................................................1-1 CONVENTIONS ............................................................................................................................................1-1 RELATED DOCUMENTATION ................................................
ServerIron Switching and Routing Guide ASSIGNING TAGGED OR UNTAGGED PORTS TO A PORT-BASED VLAN ...................................................2-8 CONFIGURING UPLINK PORTS ...............................................................................................................2-8 SETTING A PRIORITY FOR A VLAN ........................................................................................................2-9 CONFIGURING AN APPLETALK PROTOCOL VLAN ............................................
CONFIGURING A DECNET PROTOCOL VLAN ..............................................................................................2-32 CONFIGURING AN IP INTERFACE ................................................................................................................2-32 CONFIGURING AN IP FILTER ......................................................................................................................2-33 SLB EXAMPLE .........................................................................
ServerIron Switching and Routing Guide vi © 2012 Brocade Communications Systems, Inc.
Chapter 1 About this Guide This guide describes the switching and routing features of the Brocade® ServerIron devices. Audience This guide is intended for network engineers with a basic knowledge of switching, routing, and application traffic management. Conventions This guide uses the following typographical conventions to describe information: Italic Highlights the title of another publication or emphasizes a word or phrase. Bold code Indicates code that is entered exactly as shown.
ServerIron Switching and Routing Guide ServerIron family of application delivery controllers. • ServerIron TrafficWorks Server Load Balancing Guide – describes basic Server Load Balancing configurations for the ServerIron product family.
Chapter 2 Switching and Routing This chapter describes Layer 2 switching and routing for ServerIron devices.
ServerIron Switching and Routing Guide By default, all ports in a Brocade device belong to a common Layer 2 broadcast domain, VLAN 1. You can configure port-based VLANs (Virtual LANs) to create smaller broadcast domains that use subsets of the device’s ports. Static MAC Entries MAC entries that the Brocade device learns and caches are subject to an aging time. After a cached entry remains unused for the duration of the aging time, the software removes the entry from the Layer 2 cache.
Switching and Routing NOTE: The information displayed in columns with headings CamF, and CIDX0 through CIDX5, is not relevant for day-to-day management of the ServerIron. The information is used by engineering and technical support staff for debug purposes. Syntax: show mac-address [ethernet | | session] The session keyword causes information about MAC session entries to be displayed.
ServerIron Switching and Routing Guide Replace the with a port that has redundant uplinks on a wiring closet switch. Modifying Spanning Tree Parameters Spanning Tree bridge and port parameters are configurable using the spanning-tree command. When no portbased VLANs are active on the system, spanning tree parameters are set at the Global CONFIG Level. When port-based VLANs are active on the system, spanning tree protocol bridge and port parameters can be configured globally at the VLAN Level.
Switching and Routing Displaying Spanning Tree Statistics To display spanning tree statistics, enter the following command: ServerIron#show span ? DECIMAL Number of spanning tree entries to skip before display begins detail Show more details of STP information on each port pvst-mode PVST status vlan Show spanning tree of a VLAN | Output modifiers ServerIron#show span VLAN 1 BPDU cam_index is 2061 and the DMA master Are(HEX) 4 STP instance owned by VLAN 1 Global STP (IEEE 802.
ServerIron Switching and Routing Guide IronSpan STP Enhancements IronSpan is a set of Layer 2 features that extend the operation of standard STP. IronSpan enables you to fine tune standard STP and avoid some of its limitations. IronSpan includes the following features: • Fast Port Span – By default, devices running Fast Port Span perform Spanning Tree Protocol (STP) convergence in four seconds instead of 30 or more seconds for certain ports connected to end stations.
Switching and Routing Port-based VLANs can reduce the likelihood and severity of broadcast storms by reducing the number of ports affected by a storm. In addition, for devices such as servers that can cause broadcast storms, you can add static MAC entries for the devices and assign the static entries to a VLAN. Each port-based VLAN maintains a separate spanning tree. (See “STP” on page 2-3.) Changing the Tag Type Tag type is the value that will be sent out on a packet to indicate it as tagged VLAN port.
ServerIron Switching and Routing Guide Syntax: [no] tftp client enable vlan Disabling or Re-enabling Dynamic Discovery of Protocol VLANs Dynamic discovery of protocol VLANs on switch-to-switch links enables switch-to-switch links to be automatically included in protocol VLANs that have dynamic port membership. By default, the command is enabled.
Switching and Routing ServerIron(config-vlan-10)# untag ethernet 1/1 to 1/24 ServerIron(config-vlan-10)# untag ethernet 2/1 to 2/2 ServerIron(config-vlan-10)# uplink-switch ethernet 2/1 to 2/2 In this example, 24 ports on a 10/100 module and two Gigabit ports on a Gigabit module are added to port-based VLAN 10. The two Gigabit ports are then configured as uplink ports.
ServerIron Switching and Routing Guide Syntax: [no] decnet-proto [] To specify a VLAN name, use the name keyword followed by a string. The name keyword and string are the last arguments in the command. The name can contain blank spaces if you use double quotation marks before and after the name. The can be up to 16 characters long and can contain blanks. Configuring an IP Protocol VLAN You can create an IP protocol VLAN on a ServerIron within a port-based VLAN, when entered at the VLAN Level.
Switching and Routing When configuring on a switch, all ports are dynamically allocated to the VLAN. You can modify port membership by using the static or exclude commands. When configuring on a Brocade router, ports must be added to the VLAN with the static command. Ports are not dynamically allocated to IPX network VLANs. To create an IPX network VLAN with a network number of 500 and frame type of 802.
ServerIron Switching and Routing Guide The can be up to 16 characters long and can contain blanks Configuring Another Protocol VLAN You can create another protocol VLAN on the system. All ports of the switch are by default dynamically assigned to the newly created VLAN. VLAN Membership can be modified using the dynamic, static, or exclude commands.
Switching and Routing ServerIron(config-if-e100-2/11)#dual-mode ServerIron(config-if-e100-2/11)#exit Syntax: [no] dual-mode Starting with Release 09.5.02a, you can configure a dual-mode port to transmit traffic for a specified VLAN (which is defined as Default VLAN) as untagged, while transmitting traffic for other VLANs as tagged. Figure 2.2 illustrates this enhancement. Figure 2.
ServerIron Switching and Routing Guide The show vlan command displays a separate row for dual-mode ports on each VLAN.
Switching and Routing ServerIron(config-if-1/1)#mac filter-group 1 These commands configure a filter to deny ARP traffic with a source MAC address that begins with “3565” to any destination. The second filter permits all traffic that is not denied by another filter. After you define the filters, you apply them to individual interfaces using the mac filter-group command.
ServerIron Switching and Routing Guide NOTE: Once you define a MAC filter, the device drops Layer 2 traffic that does not match a MAC permit filter. Additional Examples of Layer 2 MAC Filter Definitions ServerIron(config)#mac filter 1 permit any any etype eq 0800 This filter configures the device to permit (forward) any inbound packet with the Ethertype field set to 0800 (IP). ServerIron(config)#mac filter 2 deny 0080.0020.000 ffff.ffff.
Switching and Routing Enabling Logging of Packets Denied by Layer 2 MAC Filters When you enable this feature, the device generates Syslog entries and SNMP traps for denied packets. To enable logging of packets that are denied by Layer 2 MAC filters, enter the following command: ServerIron(config)#mac filter log-enable Syntax: [no] mac filter log-enable Address-Lock Filters An address-lock filter restricts the number of MAC addresses that a switch can learn from a specific port.
ServerIron Switching and Routing Guide Syntax: [no] exclude-ports ethernet to Or Syntax: [no] exclude-ports ethernet ethernet These commands specify the ports to which the filter applies. NOTE: This is the same command syntax as that used for configuring port-based VLANs. Use the first command for adding a range of ports. Use the second command for adding separate ports (not in a range). You also can combine the syntax.
Switching and Routing Or, assign it to a specific interface: ServerIron(config)#int e 2 ServerIron(config-if-2)#dhcp-gateway-list 1 Syntax: [no] dhcp-gateway-list Multicast Enabling IP Multicast Traffic Reduction IP multicast containment allows Brocade switches to limit switching of IP multicast packets to only those ports on the switch that are identified as IP multicast members.
ServerIron Switching and Routing Guide The parameter values are the same as the for the broadcast filter command. In addition, the multicast filter command requires the mac | any parameter, which specifies the multicast address. Enter mac any to filter on all multicast addresses. Enter mac followed by a specific multicast address to filter only on that multicast address. To filter on a range of multicast addresses, use the mask parameter.
Switching and Routing To add a virtual routing interface, enter commands such as the following: ServerIron(config)# vlan 1 ServerIron(config-vlan-1)# router-interface ve 1 The vlan 1 command changes the CLI to the configuration level for VLAN 1. The router-interface ve 1 command adds virtual routing interface 1. Syntax: [no] router-interface ve The parameter specifies the interface ID and can be from 1 – 24.
ServerIron Switching and Routing Guide Adding a Static IP Route The software places the static route in the IP route table only if the virtual routing interface is up. To add a static IP route to the 209.157.2.x/24 sub-net, enter a command such as the following: ServerIron(config)#ip route 209.157.2.0 255.255.255.0 192.168.2.
Switching and Routing NOTE: You can add static ARP entries regardless of whether IP forwarding is enabled. On software release 08.x.xxR, you must create the static MAC that corresponds to the static ARP before creating a static ARP entry.
ServerIron Switching and Routing Guide ServerIron(config)#system-max view 15 Syntax: [no] system-max
Switching and Routing Displaying IP Forwarding Information You can display the following IP forwarding information: • The IP forwarding state (enabled or disabled) • ARP entries • IP interfaces • The IP route table • IP traffic statistics Displaying IP Forwarding State Information To display IP forwarding state information as well as other global IP parameters, enter the following command at any level of the CLI: ServerIron(config)# show ip Enabled : IP_Forwarding Disabled : RIP RIP-Redist Swit
ServerIron Switching and Routing Guide Table 2.1: CLI Display of Global IP Configuration Information (Continued) This Field... Displays... Switch IP address The management IP address you configured on the ServerIron. Specify this address for Telnet or Web management access. Subnet mask The sub-net mask for the management IP address. Default router address The address of the default gateway, if you specified one.
Switching and Routing Syntax: show arp [ [] | ethernet mac-address []] The and parameters let you restrict the display to entries for a specific IP address and network mask. Specify the IP address masks in standard decimal mask format (for example, 255.255.0.0). NOTE: The parameter and parameter perform different operations.
ServerIron Switching and Routing Guide Displaying Static ARP Entries To display static ARP entries, enter the following command at any level of the CLI: ServerIron(config)# show ip static-arp Static ARP table size: 64, configurable from 64 to 128 Index IP Address MAC Address Port 1 10.10.10.10 00d0.0958.9b07 9 2 192.168.2.1 00e0.5205.9056 15 3 192.168.2.157 00e0.2972.2ab5 15 4 192.168.2.14 0050.04bb.81fa 15 5 192.168.2.15 0010.5ad1.
Switching and Routing This command displays the following information. Table 2.4: CLI Display of IP Interfaces This Field... Displays... Interface The virtual routing interface. IP-Address The IP address of the interface. OK? Whether the IP address has been configured on the interface. Method Whether the IP address has been saved in NVRAM.
ServerIron Switching and Routing Guide This command displays the following information. Table 2.5: CLI Display of IP Route Table This Field... Displays... Total number of IP routes The total number of routes in the table, including routes that you added and directly-connected routes the software added when you added IP interfaces. Start index The starting entry number in the table. Destination The destination network of the route. NetMask The network mask of the destination address.
Switching and Routing Table 2.6: CLI Display of IP Forwarding Traffic Statistics (Continued) This Field... Displays... fragmented The total number of IP packets fragmented by this device to accommodate the MTU of this device or of another device. reassembled The total number of fragmented IP packets that this device reassembled. bad header The number of IP packets dropped by the device due to a bad packet header. no route The number of packets dropped by the device because there was no route.
ServerIron Switching and Routing Guide If you configure an IP address on an individual port, you can configure Layer 3 interface parameters on that port. If you configure a virtual routing interface, you can configure Layer 3 interface parameters only on the virtual routing interface. This also applies to security features such as SYN-Guard and SYN-Defense. The source-nat Parameter Some configurations require use of the source-nat parameter.
Switching and Routing This command applies only to Layer 3 IP interfaces for use with IP forwarding. The address | nat-address | standby-address parameter identifies the type of IP interface you are adding. • The address parameter adds a standard IP interface. This option is applicable in most cases. • The nat-address parameter applies to active-standby configurations. This parameter configures a shared IP interface for use with SLB source NAT.
ServerIron Switching and Routing Guide NOTE: To filter on Layer 2 traffic, you can configure Layer 2 MAC filters. See “MAC Filters” on page 2-14. To set up IP filters to explicitly permit or deny access to specific TCP/UDP ports, use the ip filter command. When you configure this type of filter, you specify the virtual IP address (VIP) as the destination address for the filter, not the real server’s IP address.
Switching and Routing Filters apply only to new connections. New filters do not affect existing connections. You can turn off web caching for a certain range of source or destination addresses to allow filtering on an address basis using IP filters. Policy-Based Cache Switching The ServerIron TCS software allows you to configure IP filters to selectively cache or not cache content from specific web sites on specific cache servers.
ServerIron Switching and Routing Guide NOTE: An IP Protocol and IP sub-net VLAN cannot operate simultaneously on a Brocade switch or router. This restriction is also true for IPX and IPX network VLANs. If you have previously defined an IP protocol VLAN on the system, you need to delete it before an IP sub-net VLAN can be created. To create an IP sub-net of IP address 192.75.3.0 with permanent port membership of 1 and 2, enter the following commands: BigIron(config)#ip-subnet 192.75.3.0 255.255.255.
Switching and Routing ServerIron(config-rip-router)#interface ve 1 ServerIron(config-vif-1)#ip rip v1-only Syntax: [no] ip rip v1-only | v1-compatible-v2 | v2-only RIP Timers ServerIron Release 10.2.00 enhances the current functionality by providing support for RIP timers, such as update, aging, and garbage collection.
ServerIron Switching and Routing Guide ServerIron(config-rip-router)# deny redistribute 1 static address 207.92.0.0 255.255.0.0 This command denies redistribution of all 207.92.x.x IP static routes. Syntax: [no] permit | deny redistribute static address [match-metric | set-metric ] The specifies the redistribution filter ID. Specify a number from 1 – 64. The software uses the filters in ascending numerical order.
Switching and Routing ServerIron(config-rip-router)# deny redistribute 2 static address 207.92.0.0 255.255.0.0 match-metric 5 The following commands deny redistribution of all routes except routes for 10.10.10.x and 20.20.20.x: ServerIron(config-rip-router)# deny redistribute 64 static address 255.255.255.255 255.255.255.255 ServerIron(config-rip-router)# permit redistribute 1 static address 10.10.10.0 255.255.255.0 ServerIron(config-rip-router)# permit redistribute 2 static address 20.20.20.0 255.255.255.
ServerIron Switching and Routing Guide NOTE: The set-metric parameter does not apply to static routes. Learning RIP Default Routes By default, the software does not learn RIP default routes.
Switching and Routing • Interface parameters: • Area membership • Authentication (simple password or MD5) • Link cost • Interface priority • Retransmit interval, transit delay, and dead interval For information about the OSPF features and how to configure them, see the "Configuring OSPF" chapter in the Foundry Enterprise Configuration and Management Guide. Dynamic Link Aggregation The software supports the IEEE 802.3ad standard for link aggregation.
ServerIron Switching and Routing Guide neighbor sessions with OSPF and BGP4 peers, and clearing and relearning dynamic route entries and forwarding cache entries. Although the reset causes a brief interruption, the protocols automatically resume normal operation. • If a device changes the number of ports in an active aggregate link, the Brocade device on the other end of the link tears down the link. Once the other device recovers, 802.3 can renegotiate the link without a mismatch.
Switching and Routing Figure 2.4 Examples of valid aggregate links Ports enabled for link aggregation follow the same rules as ports configured for trunk groups. Port 1/1 Port 1/2 Port 1/3 Port 1/4 Port 1/5 Port 1/6 Port 1/7 Port 1/8 Port 1/1 Port 1/2 Port 1/3 Port 1/4 Port 1/5 Port 1/6 ed for link n follow the same rules onfigured for trunk groups.
ServerIron Switching and Routing Guide Flexible Trunk Eligibility Flexible Trunk Eligibility increases the tolerance for down ports during link negotiation. In a valid trunk configuration (2-port, 4-port, or 8-port trunk starting on a valid primary port number) the device groups the device's ports into 2-port groups consisting of an odd-numbered port and the next even-numbered port. For example, ports 1/1 and 1/2 are a two-port group, as are ports 1/3 and 1/4, 9/1 and 9/10, and do on.
Switching and Routing Table 2.7 shows examples of the ports from Figure 2.5 that will be eligible for an aggregate link based on individual port states. Table 2.
ServerIron Switching and Routing Guide Assigning a Unique Key and Enabling Link Aggregation Use this command sequence to assign a link aggregation key on ports that do not have link aggregation enabled, and for all other link aggregation parameters (i.e., system priority, port priority, and link type).
Switching and Routing Link Aggregation Parameters You can change the settings for the following link aggregation parameters, on an individual port basis: System Priority The system-priority parameter specifies the Brocade device’s link aggregation priority. On links on which link aggregation is enabled, system priority specifies the Brocade device’s link aggregation priority relative to the devices at the other ends. A higher value indicates a lower priority.
ServerIron Switching and Routing Guide Figure 2.6 Ports with the same key in different aggregate links Port 1/1 Port 1/2 All these ports have the same key, but are in two separate aggregate links with two other devices. Port 1/3 System ID: dddd.eeee.ffff Ports 1/5 - 1/8: Key 4 Port 1/4 Port 1/5 Port 1/6 Port 1/7 Port 1/8 System ID: aaaa.bbbb.cccc Ports 1/1 - 1/8: Key 0 System ID: 1111.2222.3333 Ports 1/5 - 1/8: Key 69 Notice that the keys between one device and another do not need to match.
Switching and Routing Figure 2.7 Multi-slot aggregate link All ports in a multi-slot aggregate link have the same key. Port 1/1 Port 1/2 Port 1/3 Port 1/4 Port 3/5 Port 3/6 Port 3/7 Port 3/8 System ID: aaaa.bbbb.cccc Ports 1/1 - 1/4: Key 0 Ports 3/5 - 3/8: Key 0 By default, the device’s ports are divided into 4-port groups. The software dynamically assigns a unique key to each 4-port group.
ServerIron Switching and Routing Guide Displaying and Determining the Status of Aggregate Links Use the show link-aggregation command to determine the operational status of ports associated with aggregate links. To display the link aggregation information for a specific port, enter a command such as the following at any level of the CLI: ServerIron(config-mif-1/1-1/8)# show link-aggregation ethernet 1/1 System ID: 00e0.52a9.
Switching and Routing Table 2.8: CLI Display of Link Aggregation Information (Continued) This Field... Displays... Act Indicates the link aggregation mode, which can be one of the following: • No – The mode is passive or link aggregation is disabled (off) on the port.
ServerIron Switching and Routing Guide Table 2.8: CLI Display of Link Aggregation Information (Continued) This Field... Displays... Dis Indicates the distribution state of the port, which determines whether the port is ready to receive traffic over the trunk link. Def Exp Ope • Dis – The port is ready to receive traffic over the trunk link. • No – The port is not ready to receive traffic over the trunk link. Indicates whether the port is using default link aggregation values.
Switching and Routing To clear the link aggregation information, enter the following command at the Privileged EXEC level of the CLI: ServerIron# clear link-aggregate Syntax: clear link-aggregate May 2012 © 2012 Brocade Communications Systems, Inc.
ServerIron Switching and Routing Guide 2 - 54 © 2012 Brocade Communications Systems, Inc.
