Ads 468x60px

Sunday, September 23, 2012

Maipu 1800 Testing Report for Load Balancing Scenario



Hi Friends, Below is testing report of Load balancing and back up scenario using Maipu 1800 Routers. 

Objective-
  •  Maipu 1800 CPE router need to perform load balancing in between two outgoing interfaces F0 and F1
  •  If one WAN link is down, then another wan link will be primary, vice versa.
  • As the faulty link is restored, Both WAN link should do load balancing for LAN traffic.


Topology –


Description –
Load Balancing
Load balancing is based on a combination of source and destination packet information; it allows you to optimize resources by distributing traffic over multiple paths for transferring data to a destination. You configure load balancing on outbound interfaces on a per-destination or per-packet basis.

Types Load balancing – Per destination load balancing and Per packet load balancing.

Per-Destination and Per-Packet

Per-destination load balancing allows the router to distribute packets based on the destination address, and uses multiple paths to achieve load sharing. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple paths are available. For example, given two paths to the same network, all packets for destination1 on that network go over the first path, all packets for destination2 on that network go over the second path, and so on. Per-destination load balancing is enabled by default when you start the router, and is the preferred load balancing for most situations.
Per-packet load balancing allows the router to send successive data packets over paths without regard to individual hosts or user sessions. It uses the round-robin method to determine which path each packet takes to the destination. With per-packet load balancing enabled, the router sends one packet for destination1 over the first path, the second packet for (the same) destination1 over the second path, and so on. Per-packet load balancing ensures balancing over multiple links.
Although path utilization with per-packet load balancing is beneficial, packets for a given pair of source-destination hosts might take different paths. This means that per-packet load balancing can introduce reordering of packets. This load balancing method would be inappropriate for certain types of data traffic (such as voice traffic over IP) that depend on packets arriving at the destination in sequence.
Use per-packet load balancing to ensure that a path for a single source-destination pair does not get overloaded. If the bulk of data passing through parallel links is for a single pair, per-destination load balancing overloads a single link while other links have very little traffic. Enabling per-packet load balancing allows you to use alternate paths to the same busy destination.

Devices used in Testing –
Maipu 1800-22-AC

IOS Details –

Main Configuration:

interface fastethernet0
 description ### ISP1 ###
 ip address 100.1.1.1 255.255.255.252
 keepalive gateway 100.1.1.2
 exit

interface fastethernet0
 description ### ISP2 ###
 ip address 200.1.1.1 255.255.255.252
 keepalive gateway 200.1.1.2
 exit



interface vlan1
 description ### LOCAL LAN ###
 ip address 201.1.1.1 255.255.255.0
 exit

ip route 0.0.0.0 0.0.0.0 100.1.1.2
ip route 0.0.0.0 0.0.0.0 200.1.1.2


Output –
Show ip route
router#sh ip route
S   0.0.0.0/0 [1/100] via 100.1.1.2, 0:01:10, fastethernet0
S   0.0.0.0/0 [1/100] via 200.1.1.2, 0:01:04, fastethernet1

Notes –
  • By default per destination load balancing will work.
  • To configure per packet load balancing
    • router(config)#ip load-sharing per-packet
  • After above configuration, load balancing will work per packet basis.
  • As F0 (ISP-1) link is down, all LAN traffic will take F1 as primary path, vice versa.
  • After faulty link restored, Traffic will be again go with configured load balancing algorithm. 
d    Hope this testing report will help you in live network implementations. 
      
     Thanks for reading ...
  

Posted by Uttamkumar at 7:27 PM 45 comments
Labels:

Monday, May 14, 2012

Maipu - IPSec Template



Hi All friends, Many time we came across requirement of IPSec configurations. Maipu every Router support IPSec. In this section, I will share IPSec Configuration template. It will help you to understand Maipu IPSec configuration steps.

Maipu IPSec configuration is having different command line than other vendors.

Before looking in details of IPSec template, let’s take a overview of IPSec working process -


IPSec working process –

IPSec works using IKE protocol (Internet Key Exchange).

IKE - When two devices communicate across the network to form secure tunnel. Both Routers/devices will negotiate on set of protocols, they are going to use for security, Encryption, Authentication and protection.

If both devices are using same set of protocols then only secure tunnel will form and data communication will start from secure tunnel or otherwise the secure tunnel will not be established.

In above discussion I used secure tunnel term, The secure tunnel is IPSec tunnel.

IPSec stands for IP packets security.

IPSec is having two modes of communications in Network – Transport and Tunnel Mode…

Some are well known types of VPN – Site to Site VPN, Easy VPN, Point to Multipoint VPN.

VPN -stands for Virtual Private Network, VPN tunnel means creating a private tunnel in public network. IPSec protocols are used to secure VPN tunnel. Data transfer will happen  securely from IPSec VPN.  

IPSec VPN Establishment process –
  • The Routers receives traffic considered "Intresting traffic" from LAN Network towards WAN for establishing a VPN connection.
  • IKE Phase 1 Negotiated and Security Association (SA) established.
  • IKE Phase 2 Negotiated and Security ASsociation (SA) established.
  • Data Transmitted thru IPSec Tunnel
  • Once Transmission is complete , Then IPSec tunnel torn down.


Configuration Steps for Maipu Router IPSec Configurations –
  • Set up Ike Proposal [ For IKE Phase I ]
  • Set up IPSec proposal[ For IKE Phase II ]
  • Define interesting traffic - flow
  • Set up crypto tunnel –include local wan interface
  • Map flow to crypto tunnel


Maipu IPSec Configuration Template –

crypto ike key pplhkhqtodel address x.x.x.x
### Define Crypto key ####
### Define Crypto IKE Phase 1 proposal ###
crypto ike proposal 1
 encryption 3des
 group group2
integrity sha1
 lifetime 28800
 exit

### Define Crypto IKE Phase 2 proposal ###
crypto ipsec proposal 1
 esp 3des
 ah sha1
 lifetime 28800
 exit

### Create IPSec Tunnel Interface ###
crypto tunnel t1
 local interface f0
 peer any
 set authentication preshared
 set ike proposal 1
 set ipsec proposal 1
set auto-up
 exit

### Create Interesting traffic rule, like ACL. Match source and destination traffic ####
crypto policy p1
 flow x.x.x.x x.x.x.x (local lan ip) x.x.x.x x.x.x.x (remote lan) ip tunnel t1
crypto policy p2
 flow x.x.x.x x.x.x.x (local lan ip) x.x.x.x x.x.x.x (remote lan) ip tunnel t1
exit

ex:
crypto policy p1
 flow 10.1.1.0 255.255.255.0 (local lan ip) 172.16.1.0 255.255.255.0 (remote lan) ip tunnel t1
crypto policy p2
 flow 10.1.1.0 255.255.255.0 (local lan ip) 192.168.1.0 255.255.255.0 (remote lan) ip tunnel t1
exit
crypto policy p3
flow 10.1.1.0 255.255.255.0 (local lan ip) 10.1.1.0 255.255.255.0 (local lan ip ) ip permit


Hope this template will help you in IPSec configuration in Maipu Routers.
Thanks for reading…

For feedback. Plz comment with Name and Mail ID..
Posted by Uttamkumar at 10:23 PM 27 comments
Labels: ,

Monday, May 7, 2012

Maipu Support - DDMI



Hi Friends, Many times I came across requirement about DDMI feature from many engineers. Maipu support DDMI (Digital Diagnostics Monitoring Interface) features in many aggregation switches on Fiber interfaces like SM3900, SM 4200, 6800, etc. 


Below commands are used for DDMI -


show optical all
show optical all detail


Show Output - 



6800-2#show optical all  detail 


port 2/0 optical information
        Device Name          : XFP
        Connector Name       : LC
        Vendor OUI           : 00-17-6a
        Vendor Name          : OEM             
        Part Number          : XFP-10G-SR      
        Revision Number      : A Bh
        Serial Number        : GM1201104103    
        Production Date      : 12/04/23(y/m/d)
        Laser WaveLength     : 850(nm)
        Vendor Specific      : ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
        Monitor Parameters   : 
                                                                         T - ThresHold, S - Status
  Type                                          Value           Alarm-High(T/S)     Alarm-Low(T/S)         Warning-High(T/S)           Warning-Low(T/S)
  ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  Temperature(C)              19.273438       85.000000(N)           -10.000000(N)            80.000000(N)                        -5.000000(N)
  Voltage(V)                           0.000000         1.536000(N)                1.408000(N)               0.000000(N)                         0.128000(N)
  Tx Bias(mA)                        5.562000         12.000000(N)              1.000000(N)            10.000000(N)                         2.000000(N)
  Rx Power(dBm)                -14.100504         0.000000(N)             -13.001623(Y)              -1.000154(N)                      -11.999706(Y)
  Tx Power(dBm)                   -2.503410          2.000019(N)           -10.000000(N)               0.999912(N)                       -8.999743(N)


port 2/1 optical information
        Device Name          : XFP
        Connector Name       : LC
        Vendor OUI           : 00-00-00
        Vendor Name          : OEM             
        Part Number          : 10GB-XFP-LR-F   
        Revision Number      : 1 fX
        Serial Number        : FXF96L042       
        Production Date      : 12/04/24(y/m/d)
        Laser WaveLength     : 1310(nm)
        Vendor Specific      : 000000000000000000000000000000000000000000000000000000000000000
        Monitor Parameters   : 
                                                                         T - ThresHold, S - Status
          Type                          Value                  Alarm-High(T/S)     Alarm-Low(T/S)     Warning-High(T/S)   Warning-Low(T/S)
          ------------------------------------------------------------------------------------------------------------------------------------------------------------------------
          Temperature(C)       34.824219        80.000000(N)         -10.000000(N)       75.000000(N)                -5.000000(N)
          Voltage(V)                 3.254800           3.500000(N)               3.080000(N)          3.480000(N)                  3.100000(N)
          Tx Bias(mA)             37.240002         90.000000(N)            2.000000(N)          80.000000(N)               4.000000(N)
          Rx Power(dBm)       -1.408016           0.000000(N)           -20.000000(N)          -1.000154(N)               -18.996294(N)
          Tx Power(dBm)       -2.301060           0.000000(N)             -7.999707(N)          -1.000154(N)                 5.999804(N)


6800-2#  




Hope this commands will help you for fiber port monitoring and troubleshooting...


Thanks for reading...


For feedback. Plz comment with Name and Mail ID.. 
Posted by Uttamkumar at 3:22 PM 10 comments
Labels: ,

Monday, April 16, 2012

Maipu - Outside Destination NAT Testing



Dear All, I came across one testing for Outside destination NAT. In this post I am sharing this report. Hope it will help in real time installation using Maipu Routers.
Normally we do inside NAT, But some time as per requirement we have to do outside Destination NAT. 

Topology details - 



Objective - CPE LAN network 192.168.115.155/24 will access 192.168.115.150 to access 207.67.x.x server. LAN network should not directly access public server. 

Solution - Outside Destination NAT 

Configuration template:

MP801E:

ip access-list extended 1001
 10 permit ip any any
 exit

interface fastethernet0
 description ###MPLS_WAN_LINK###
 ip address 10.205.29.9 255.255.255.252
 ip nat outside
 exit

interface fastethernet1
 description ###LAN_network###
 ip address 192.168.115.155 255.255.255.0
 ip nat inside
 exit
                                 
ip nat outside source static 207.67.74.x 192.168.115.150
ip nat inside source list 1001 interface fastethernet0 overload

ip route 0.0.0.0 0.0.0.0 10.205.29.10

Testing result:

From PC to ping 192.168.115.150:



On MAIPU 801E can take the debug information when PC ping server:

 

And the debugs on MP801E:
MP801E#
01:12:39: %NAT-7-TRANS: input from fastethernet1, proto=1, src=192.168.115.200:58760, dst=192.168.115.150: 0, vrf=0.
01:12:39: %NAT-7-TRANS: create translation record, 192.168.115.150:0-->207.67.74. x :58760, proto=1, vrf=0.
01:12:39: %NAT-7-TRANS: destination translation, dst=207.67.74.x :58760.
01:12:39: %NAT-7-TRANS: forwarded.
01:12:39: %NAT-7-TRANS: output to fastethernet0, proto=1, src=192.168.115.200:58760, dst=207.67.74. x: 0, vrf=0.
01:12:39: %NAT-7-TRANS: create translation record, 192.168.115.200:58760-->10.205.29.9:58760, proto=1, vrf=0.
01:12:39: %NAT-7-TRANS: source translation, src=10.205.29.9:58760.
01:12:39: %NAT-7-TRANS: forwarded.
MP801E#

Description -  You can see when PC-192.168.115.200 is trying to access public server. PC is accessing 192.168.115.150 and the request is forwarded to Public server 207.67.74.x

Hope this testing report will help you ...

Thanks for reading.. 

For feedback. Plz comment with Name and Mail ID.. 




Posted by Uttamkumar at 9:43 AM 14 comments
Labels: ,

Friday, April 13, 2012

Maipu LACP Manual Mode and Cisco ON Mode Testing

As discussed in last post of LACP configurations, We will see Maipu LACP Manual mode and Cisco ON mode configurations in this post. This is testing report for inter-operability between Maipu and Cisco Switches.



Maipu Manual Link Aggregation Manual mode- Cisco ON mode


Objective – To test the compatibility of Cisco and Maipu switch for Link aggregation in Cisco ON mode and Maipu Manual Mode. 

Cisco Configuration –
!
port-channel load-balance src-dst-mac
interface Port-channel1
 switchport trunk native vlan 2
 switchport mode trunk
 load-interval 30
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/23
 switchport trunk native vlan 2
 switchport mode trunk
 load-interval 30
 channel-group 1 mode on
!
interface FastEthernet0/24
 switchport trunk native vlan 2
 switchport mode trunk
 load-interval 30
 channel-group 1 mode on
!

Maipu Configuration -

link-aggregation 1 mode manual
link-aggregation 1 load-balance src-dst-mac
vlan 1
 exit

vlan 2,10
port 0/0/14
 duplex full
 speed 100
 link-aggregation 1 manual
load-interval 30
 exit
port 0/0/15
 duplex full
 speed 100
 link-aggregation 1 manual
load-interval 30
 exit

link-aggregation 1
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 2
load-interval 30
 exit


Show Outputs
Screenshots –

Cisco Screenshots

Cisco Port channel status -



Port-Channel Interface output –


Interface Fa0/23 -


 Interface Fa0/24 -

 Maipu Screenshots –


Maipu Link Aggregation Output -


Maipu Port 0/0/14 -


 Maipu Port 0/0/15 -





Test Conclusion- Link Aggregation is working properly between Maipu and Cisco. Bandwidth is load-balancing between two trunk links.


Device IOS details - 

Maipu IOS details - 




Cisco IOS details - 



Hope this information will help you. 

Thanks for reading.. 

For feedback. Plz comment with Name and Mail ID.. 




Posted by Uttamkumar at 12:57 PM 20 comments
Labels: ,

Sunday, March 18, 2012

LACP Configurations - Maipu and Cisco Switches



Hi All, I was doing a inter-operability testing for Maipu ME switches and Cisco 2960 and ME switches for LACP features (on mode and LACP mode).  It is working absolutely fine, In case any body is having any issues in configuration, They can refer this testing process and do it. 
I want to share testing report with you. It will help you in any future deployments.  This post is for LACP mode. In next post, I will share ON mode.

Maipu and Cisco LACP testing

Objective -  To test Maipu and Cisco LACP interoperability.

Cisco configuration -
port-channel load-balance src-dst-mac
interface Port-channel1
 switchport trunk native vlan 2
 switchport mode trunk
 load-interval 30
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/2
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/23
 switchport trunk native vlan 2
 switchport mode trunk
 load-interval 30
 channel-group 1 mode passive
!
interface FastEthernet0/24
 switchport trunk native vlan 2
 switchport mode trunk
 load-interval 30
 channel-group 1 mode passive
!

Maipu Configuration –
link-aggregation 1 mode lacp
link-aggregation 1 load-balance src-dst-mac


vlan 1
 exit
port 0/0/14
 duplex full
 speed 100
 link-aggregation 1 active
 exit
port 0/0/15
 duplex full
 speed 100
 link-aggregation 1 active
 exit
link-aggregation 1
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 2
 exit


Show Outputs
Cisco outputs
Port Channel status-


Port Channel interface - 



Interface fa0/23



Fa0/24


Show version



Maipu outputs –
Link aggregation output -


Port 0/0/14 -

Port 0/0/15 -




Test Conclusion - Maipu and Cisco LACP is properly working fine and bandwidth is load-balancing on both links. 

Hope this information will help you. 

Thanks for reading.. 

For feedback. Plz comment with Name and Mail ID..  
Posted by Uttamkumar at 7:12 PM 14 comments
Labels: ,
Subscribe to: Posts (Atom)
Related Posts Plugin for WordPress, Blogger...