Ads 468x60px

Sunday, July 31, 2011

Traffic Control Using ACL- Maipu Switches

As we use rate limit feature to restrict bandwidth in switch.Today we will see how to control bandwidth with ACL.

For this we need to understand some more related concepts with ACL.

Action Group –
  • To support the packet classification and traffic control, the switch extends the traditional ACL, so that the ACL and each permit rule in the ACL can be bound with one action group
  • It will take the corresponding action for the matching packet. The action group is the set of actions
  • One action group can contain packet mirroring, packet re-direction, packet modification, packet traffic control, and packet counting.
  • Each entry of the ACL can be bound to one action group. Execute the corresponding action for the matching packet.
  • The action group can only be bound with the IP ACL and can only be bound with the permit rule.

Hope now you have fair enough information about Action group used with ACL. Let’s see how to use it for our requirement.For that, need to understand Traffic meter.

Traffic Meter

It’s a traffic meter, which you define separately in global configuration in Maipu switch for bandwidth control and bind it with action group and then action group will be configured with permit ACL rule. So that as ACL will get match it should apply the action group for matched packets.  

Let’s start with some well known terms used in traffic meter.

Related Terms:

CIR: Committed Information Rate
CBS: Committed Burst Size
EBS: Excess Burst Size
PIR: Peak Information Rate
PBS: Peak Burst Size

SRTCM (Single Rate Three Color Marker): It is defined in RFC2697. Use the three parameters (CIR, CBS, and EBS) to realize the single rate control and packet coloring function. It includes color bind mode and color –sensing mode.


Details - The Single Rate Three Color Marker (srTCM) meters an IP packet stream and marks its packets either green, yellow, or red.  Marking is based    on a Committed Information Rate (CIR) and two associated burst sizes,   a Committed Burst Size (CBS) and an Excess Burst Size (EBS).  A   packet is marked green if it doesn't exceed the CBS, yellow if it    does exceed the CBS, but not the EBS, and red otherwise.  The srTCM    is useful, for example, for ingress policing of a service, where only  the length, not the peak rate, of the burst determines service  eligibility.

TRTCM (Two Rate Three Color Marker): It is defined in RFC2698. Use CIR, CBS, PIR, and PBS to realize the two rate control and the coloring for packets. It includes the color bind mode and color –sensing mode.


Details: The Two Rate Three Color Marker (trTCM) meters an IP packet stream and marks its packets either green, yellow, or red.  A packet is marked red if it exceeds the Peak Information Rate (PIR).  Otherwise it is marked either yellow or green depending on whether it exceeds or doesn't exceed the Committed Information Rate (CIR).  The trTCM is    useful, for example, for ingress policing of a service, where a peak rate needs to be enforced separately from a committed rate.

Working flow of Traffic meter:
  • To support the packet based traffic control, you can specify one meter name in the action group.
  • The meter supports two modes, including SRTCM and TRTCM. The function of the meter is to remark or drop the packet according to the traffic.
  • The meter has the processing action for the coloured packet. When being configured as drop the colored packet, it is used to complete the packet traffic limitation function; when being configured as remark the colored packet, it is used to complete the packet classification according to the traffic so that the user takes different QoS policies in the later data path.
  • After the meter is configured to color the packets, the counter in the action group can count the packets.

Below is one configuration example, It will help for better understanding...

Topology:

PC1 sender(192.168.1.9)------- port0/0 swtich port 0/1----------PC2 receiver (192.168.1.15)

Configuration:

Traffic meter: (It is configured with 5Mb)

traffic-meter TEST_VLAN100
 meter mode trtcm 5120 160000 5120 512000
 meter action red drop
 meter action yellow drop
 exit

l3-action-group TRAFFIC_LIMIT
 meter TEST_VLAN100
 exit

ip access-list extended MATCH_TRAFFIC
 10 permit ip any any l3-action-group TRAFFIC_LIMIT
 exit

vlan 100
 ip access-group MATCH_TRAFFIC in
 exit

Port  configuration:

port 0/0
 port-type uni
 uni-isolate community
 port access vlan 100
load-interval 30
 exit
port 0/1
 port-type uni
 uni-isolate community
 port access vlan 100
load-interval 30
 exit


You can see, the results in below screenshots.

Screenshots:

BEFORE APPLYING

PC-1 : (Sender- 192.168.1.9) – PC1 in sending 7 MB of traffic to PC 2.
Before Traffic meter:


PC-2 Receiver (192.168.1.15)

Before applying Traffic meter :




After applying traffic meter:
AFTER APPLYING

PC-1 (Sender - 192.168.1.9)
When you apply traffic meter, then also sender will not get affected, it will send the traffic as usual. But you can see the effects in receiver end.





PC-2 (Receiver – 192.168.1.15)
you can see here our ACL is working. After applying traffic meter, the receiver is only receiving 5 MB.



I was doing one testing, Where I used traffic meter. So I shared this testing and traffic meter concepts. 

Device used: Maipu 3400 switch
IOS: sp1-g-6.2.17.pck

Plz check the command explanations: 

meter mode srtcm cir cbs ebs

meter mode trtcm cir cbs bps pir




Command
Description
meter mode srtcm
Configure the traffic meter as srtcm mode. The configuration is colored according to the metering result of the traffic meter.
meter mode trtcm
Configure the traffic meter as trtcm mode. The configuration is colored according to the metering result of the traffic meter.
Cir
Commitment information rate
Cbs
Commitment burst size
Ebs
Exceeding burst size
Pbs
Peak burst size
Pir
Peak information rate


You can use this feature for VLAN based traffic control using ACL.

Hope this information is informative for you.
For feedback, Plz comment with your name and mail id. For new users you can use Name/URL option.

Thanks for reading… 
Posted by Uttamkumar at 9:02 PM 18 comments
Labels: , ,

Monday, July 25, 2011

PIM – Assert Mechanism


As in last post, I discussed about Multicast DR and querier. In this post I would like to discuss about PIM assert messages.  When it is important ?
Coming to this subject – In shared LAN networks, There may be more than one routers for redundancy and they can have reachability to RP. But as the redundancy is important same time need to know, how the PIM messages will be handled ?  The topology would be similar to below figure.
        
In this topology, the Multicast group hosts will receive duplicate packets from multicast Routers. To overcome this issue PIM have assert messages mechanism. This will help to decide PIM designated forwarder.

In this example,
  1. Router 1 is the RP, forwards multicast traffic to entire network.
  2. Routers 2 and 3 are redundant routers in a enterprise location. These routers forward the multicast traffic to LAN Router.
  3. Assume Router 3 transmits first multicast packet. Router 2 receives the same multicast packet in its outgoing interface, In R2 multicast routing table this group is destined to go out from outgoing interface.
  4. Router 2 then forwards multicast packet to LAN and Router 3 receives it, which means that Router 3 has also received data on an outgoing interface.
  5. Receiving an unexpected packet on an outgoing interface of Routers. Both Routers get alerted to the fact that other PIM-SM neighbors on the LAN are also forwarding traffic to the group.
  6. This means group hosts will receive duplicate data.

 This will big issue in big enterprise network, To overcome this problem,
  1. Routers generate Assert messages to select a single router to forward traffic. Here Downstream routers can see the Assert messages so that they know which one was elected and where to send subsequent Join messages afterwards.
  2. In our example, LAN Router sent Join messages to both gateway Router 2 and Router 3. That means as Local router received query from 2 routers, It replied to both. This means in return it will duplicate packets.
  3. After the election of PIM forwarder using Assert messages, all Join messages will go to either Router 2 or Router 3, depending on which becomes the designated forwarder.

Election using Assert Messages
  1. The router generating an Assert message with the lowest Administrative distance is elected  as the forwarder.  If all the routers are running the same unicast protocol.
  2. Then router assert message with the best unicast routing metric will be elected. For example, if all the routers are using RIP, the router with the smallest hop count is elected. If the metrics are equal.
  3. The router with the highest IP address is elected.

4.      After selection of PIM designated forwarded, The other router will prune its interface on physical media. So that elected members should send join messages to elected Router.
Hope this explanation will help you to understand the use of PIM assert messages in network. It is used to select a PIM forwarder to avoid duplicate multicast packets generation in network.  
Hope this post is informative for you. 
For any feedback, Plz comment with your Name and mail id, you can use Name/ URL for new users. 
Posted by Uttamkumar at 7:53 PM 22 comments
Labels: ,

Sunday, July 24, 2011

Multicast - DR and Querying Router



Today I would like to share some important concept about Multicast PIM-Sparse Mode DR and querier elections in PIM and role of them.

As we all know, IGMP has IGMP versions v1, v2 and v3.

In every version, The concept and role is bit different.

First let’s see about roles.

Roles:

Querier – Querying Router tasks is to send IGMP query message to LAN network , ensuring that is any one is still interested to join this multicast stream. As any of host will send a leave message in IGMPv2 , the querier router will send out query addressing to 224.0.0.1 (all multicast host) is anyone else would like to access this stream. If any host sends membership report for particular group. Then It will continue its task, If not It will discontinue.

DR – The DR is responsible for sending Join/Prune messages to the RP. Another role of DR is it sends a source-register message to the rendezvous point, on behalf of a source.

Let’s come to concept –

Many times confusions happens that querier and DR is one router only or what is use of DR?
  • In IGMP v1 – Both tasks are performed by one router.
  • In IGMP v2 - 
    • At start up each router sends a query message to the all 224.0.0.1 from its own interface address. The router with the lowest ip address is elected IGMP querier.


                      AND
    • Among all PIM-SM enabled router, Highest IP address will win DR selection, One more criteria can change this election, interface DR priority. But by default priority will be 1 for every interface, you can change priority under interface. Then highest priority will win DR election. Then that particular router will be responsible to send your join messages to RP and ensure about your communication.


This concept mainly applies, in shared LAN segment with more PIM enabled routers. You need to make sure that who should be concern router for DR, to handle join messages.
                                      Otherwise many times, by mistakenly any router in LAN segment enabled with PIM can be DR due to by default selection parameters and will handle your join messages coming from LAN hosts. Which will disturb your Multicast flow, since that another router will not have path to reach RP, So make sure in shared LAN environment you configured proper DR in all PIM enabled router.

The Designated Router in Detail -

When multiple routers are connected to a multi-access network (for example, an Ethernet) one of them must be selected to act as the designated router (DR) for a given period of time. The DR is responsible for sending Join/Prune messages to the RP. To elect the DR, each PIM router on the network examines the received Hello messages and compares its IP address with those of its neighbors. The router with the highest address is the DR. But highest priority can overcome it. 


Configuration :

MP1800(config-if-fastethernet0)#ip pim dr-priority 200 ?   
To check more in Router, Plz use show ip igmp interface (int)(Cisco command) , It will show you querier Router IP address and DR router detail.  In Maipu Routers "show ip igmp interface" will show you querier router IP address and "show ip pim neighbor detail" will show you detail about DR. 
It will show details about querying router and DR to us.

Hope this information will help you for more understanding about DR and querying router in PIM sparse mode. For more information you can refer RFC 2236.
Hope this post is informative for you.

For any feedback, Plz comment. For non bloggers users you can use Name/URL option
Thanks for reading… 
Posted by Uttamkumar at 6:25 PM 15 comments
Labels: ,

Wednesday, July 20, 2011

Link Aggregation - Maipu and Cisco

Today we will discuss about Link aggregation, This is very important topic in switching. This is many times used in Enterprises network for trunking. Basically this will help to bind several physical links together to form a logical link and it can be used to increase link bandwidth for trunk. Meanwhile, each aggregation member link can achieve dynamic backup with each other to provide higher connection reliability.

This section describes the concept of the link aggregation. Main contents:
  • Terms of the link aggregation
  • Functions of the link aggregation
  • LACP protocol


Terms of the Link Aggregation

Link aggregation: multiple physical links are bound together to form a logical link, which expands the link bandwidth. At the same time, the member links of the aggregation are dynamic backup mutually. It provides higher reliability.

  • LAC: Link Aggregation Control
  • LACP: Link Aggregation Control Protocol, defined in IEEE802.3ad.
  • LACPDU: Link Aggregation Control Protocol Data Unit.
  • LAG: Link Aggregation Group.
  • LAG ID: Link Aggregation Group Identifier.
  • Key: 16-bit integer variable, for describing the aggregation capability of a port. It is composed of rate, duplex, and administrative key (aggregation group ID).
  • Administrative Key: The key used by the administrator for setting.
  • Operational Key: The key reflecting the port aggregation capability.


Functions of the Link Aggregation

The link aggregation is a aggregation group composed of multiple ports. The upper layer entities using the link aggregation service regard the multiple physical links in the same aggregation group as a logical link. The function of the link aggregation is to share the in/out load in each member port to increase the link bandwidth. At the same time, member ports of the aggregation group are dynamic backup mutually. It provides higher reliability.

LACP Protocol

IEEE802.3ad-based LACP is a protocol for implementing the link dynamic aggregation. The LACP protocol communicates with the opposite end through the Link Aggregation Control Protocol Data Unit (LACPDU). After the LACP protocol of a port is enabled, the port advertises the system priority, system MAC address, port priority, port number, and the operation key to the opposite end by sending LACPDU. After the opposite end receives the information, compare the information with the information saved in other ports to select port to aggregate. As a result, the two parties can agree with each other on joining or exiting a dynamic aggregation group. The operation key is a configuration combination generated by the LACP protocol according to the port configuration (rate, duplex, administrative key).

Classification of Link Aggregation

The link aggregation can be classified into two types according to the aggregation mode:
  • Manual aggregation
  •  LACP protocol aggregation

Below are configuration examples for both modes.

Configuration for Link Aggregation

Topology

LAC configuration

As figure above, ports 0/1-0/3 between two switches connect with each other. Local switch switch1 aggregates peer switch switch2; three ports of each side participate in the aggregation. Suppose that the numbers of the ports that participate in the aggregation at the two sides are all 0/1-0/3.

Mode 1: Manual Aggregation

switch1 configuration:

Command
Description
switch (config)#link-aggregation 1 mode manual
Create manual aggregation group 1
switch (config)#port 0/1-0/3
Enter the port mode
switch (config-port-range)#link-aggregation 1 manual
Add a port into aggregation group in manual mode

switch2 configuration:
Command
Description
switch (config)#link-aggregation 1 mode manual
Create manual aggregation group 1
switch (config)#port 0/1-0/3
Enter the port mode
switch (config-port-range)#link-aggregation 1 manual
Add a port into an aggregation group in manual mode

Mode 2: Protocol Aggregation

switch1 configuration

Command
Description
switch (config)#link-aggregation 1 mode lacp
Create protocol aggregation group 1
switch (config)#port 0/1-0/3
Enter the port mode
switch (config-port-range)#link-aggregation 1 active
Add a port into an aggregation group in protocol mode

switch2 configuration:

Command
Description
switch (config)#link-aggregation 1 mode lacp
Create protocol aggregation group 1
switch (config)#port 0/1-0/3
Enter the port mode
switch (config-port-range)#link-aggregation 1 active
Add a port into an aggregation group in protocol mode

Monitoring Commands

View Commands:

Command
Description
show link-aggregation group [agg-id]
Display the aggregation information of a specified aggregation group
show link-aggregation port [port_no]
Display the aggregation information of a port

Debugging Commands

Command
Description
(no) debug lac [pdu [rx|tx] | machine | event ] [port port-no]
Enable the debugging switch of the information about link aggregating process.

Hope this information will help you for understanding of Link aggregation concept and configuration in Maipu Switches for Cisco it’s same. Cisco is having PAGP propriety protocol for Link aggregation.

Port Aggregation Protocol (PAGP)
  • Cisco Proprietary
  • Port Modes : Auto , Desirable , On


If Both side you set as a Auto mode then it will not become Ether Channel

  • Auto Means : It will say u want to be a Ether channel
  • Desirable Mode: It will u r Ether channel the I will be.
  • On: No Negotiating -- He will be only Ether channel and Destination Switch should be configured as a Ether channel. [ Better One ]

 PagP Configuration Example :-

SwitchA(config)# int range fastethernet 0/23 - 24
SwitchA(config- if)# channel-protocol PagP
SwitchA(config- if)# channel-group 1 mode desirable

SwitchB(config)# int range fastethernet 0/23 - 24
SwitchB(config- if)# channel-protocol PagP
SwitchB(config- if)# channel-group 1 mode auto

Thanks for reading , Hope this post is informative for you. For any feedback and queries Plz comment with your Name and Mail id. For easy options use Name/URL option. 

Posted by Uttamkumar at 12:35 AM 11 comments
Labels: , , ,

Wednesday, July 13, 2011

E-LAN services using QinQ-Maipu

In this section, I will share one testing report. This will help you to configure E-LAN services over Maipu Metro Ethernet switch network.

In this scenario, We are using Maipu 3400 switches and enabled QinQ technology in all switches to achieve ELAN and make reachable all connected routers. There is one more way of configuration using evc commands. But I feel this is easy to configure.

So I prefer this way.
Here is topology:

Topology


VLAN200 is used as outer vlan (ISP inside VLAN)in the backbone network. We are using QinQ tunnel technology to achieve ELAN services.

Objective - The requirement is Router-B can communicate with Router-A, Router-C can communicate with Router-A, and Router-B can’t communicate with Router-C.

Configurations:

Switch-A:

hostname SW-A

vlan 1      
 exit

vlan 100
 description ###control_VLAN###
 exit

vlan 200
 description ###outer_tag###
 exit

!slot_0_SM3400-24FET4GEFA
!slot 0
port 0/0
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/1
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/2
 port-type nni
 port mode hybrid
 port hybrid untagged vlan 1,200
 port hybrid pvid vlan 1
 vlan dot1q-tunnel enable
 vlan dot1q-tunnel drop
 vlan dot1q-tunnel 20,30 200
 exit

interface vlan1
 ip address 1.1.1.1 255.255.255.0
 exit

eips ring 1 master segment
 control vlan 100
 instance 0
 primary port 0/0
 secondary port 0/1
 eips start
 exit

Switch-B:

hostname SW-B

vlan 1      
 exit

vlan 100
 description ###control_VLAN###
 exit

vlan 200
 description ###outer_tag###
 exit

!slot_0_SM3400-24FET4GEFA
!slot 0
port 0/0
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/1
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/2
 port-type nni
 port mode hybrid
 port hybrid untagged vlan 1,200
 port hybrid pvid vlan 1
 vlan dot1q-tunnel enable
 vlan dot1q-tunnel drop
 vlan dot1q-tunnel 20 200
 exit

interface vlan1
 ip address 1.1.1.2 255.255.255.0
 exit

eips ring 1 transit segment
 control vlan 100
 instance 0
 primary port 0/0
 secondary port 0/1
 eips start
 exit

Switch-C:

hostname SW-C

vlan 1      
 exit

vlan 100
 description ###control_VLAN###
 exit

vlan 200
 description ###outer_tag###
 exit

!slot_0_SM3400-24FET4GEFA
!slot 0
port 0/0
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/1
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/2
 port-type nni
 port mode hybrid
 port hybrid untagged vlan 1,200
 port hybrid pvid vlan 1
 vlan dot1q-tunnel enable
 vlan dot1q-tunnel drop
 vlan dot1q-tunnel 30 200
 exit

interface vlan1
 ip address 1.1.1.3 255.255.255.0
 exit

eips ring 1 transit segment
 control vlan 100
 instance 0
 primary port 0/0
 secondary port 0/1
 eips start
 exit

Router-A:

interface fastethernet0.20
 ip address 20.1.1.1 255.255.255.0
 encapsulation dot1q 20
 exit

interface fastethernet0.30
 ip address 30.1.1.1 255.255.255.0
 encapsulation dot1q 30
 exit

Router-B:

interface fastethernet0.20
 ip address 20.1.1.2 255.255.255.0
 encapsulation dot1q 20
 exit

Router-C:

interface fastethernet0.30
 ip address 30.1.1.2 255.255.255.0
 encapsulation dot1q 30
 exit

Result:

On the router A, router A can ping to router B and router C both


But router B can’t communicate with Router-C because they are in different VLAN:



Check the switch:



IOS version:

sp1-g-6.2.19.pck
size: 7979128bytes




Hope this configuration will help you in deployment of ELAN.
For any queries and feedback, Plz comment with your Name and mail id, you can use NAME/URL option.
  

Posted by Uttamkumar at 9:52 PM 14 comments
Labels: , , ,
Subscribe to: Posts (Atom)
Related Posts Plugin for WordPress, Blogger...