Ads 468x60px

Showing posts with label Metro-E. Show all posts
Showing posts with label Metro-E. Show all posts

Sunday, July 31, 2011

Traffic Control Using ACL- Maipu Switches

As we use rate limit feature to restrict bandwidth in switch.Today we will see how to control bandwidth with ACL.

For this we need to understand some more related concepts with ACL.

Action Group –
  • To support the packet classification and traffic control, the switch extends the traditional ACL, so that the ACL and each permit rule in the ACL can be bound with one action group
  • It will take the corresponding action for the matching packet. The action group is the set of actions
  • One action group can contain packet mirroring, packet re-direction, packet modification, packet traffic control, and packet counting.
  • Each entry of the ACL can be bound to one action group. Execute the corresponding action for the matching packet.
  • The action group can only be bound with the IP ACL and can only be bound with the permit rule.

Hope now you have fair enough information about Action group used with ACL. Let’s see how to use it for our requirement.For that, need to understand Traffic meter.

Traffic Meter

It’s a traffic meter, which you define separately in global configuration in Maipu switch for bandwidth control and bind it with action group and then action group will be configured with permit ACL rule. So that as ACL will get match it should apply the action group for matched packets.  

Let’s start with some well known terms used in traffic meter.

Related Terms:

CIR: Committed Information Rate
CBS: Committed Burst Size
EBS: Excess Burst Size
PIR: Peak Information Rate
PBS: Peak Burst Size

SRTCM (Single Rate Three Color Marker): It is defined in RFC2697. Use the three parameters (CIR, CBS, and EBS) to realize the single rate control and packet coloring function. It includes color bind mode and color –sensing mode.

Details - The Single Rate Three Color Marker (srTCM) meters an IP packet stream and marks its packets either green, yellow, or red.  Marking is based    on a Committed Information Rate (CIR) and two associated burst sizes,   a Committed Burst Size (CBS) and an Excess Burst Size (EBS).  A   packet is marked green if it doesn't exceed the CBS, yellow if it    does exceed the CBS, but not the EBS, and red otherwise.  The srTCM    is useful, for example, for ingress policing of a service, where only  the length, not the peak rate, of the burst determines service  eligibility.

TRTCM (Two Rate Three Color Marker): It is defined in RFC2698. Use CIR, CBS, PIR, and PBS to realize the two rate control and the coloring for packets. It includes the color bind mode and color –sensing mode.

Details: The Two Rate Three Color Marker (trTCM) meters an IP packet stream and marks its packets either green, yellow, or red.  A packet is marked red if it exceeds the Peak Information Rate (PIR).  Otherwise it is marked either yellow or green depending on whether it exceeds or doesn't exceed the Committed Information Rate (CIR).  The trTCM is    useful, for example, for ingress policing of a service, where a peak rate needs to be enforced separately from a committed rate.

Working flow of Traffic meter:
  • To support the packet based traffic control, you can specify one meter name in the action group.
  • The meter supports two modes, including SRTCM and TRTCM. The function of the meter is to remark or drop the packet according to the traffic.
  • The meter has the processing action for the coloured packet. When being configured as drop the colored packet, it is used to complete the packet traffic limitation function; when being configured as remark the colored packet, it is used to complete the packet classification according to the traffic so that the user takes different QoS policies in the later data path.
  • After the meter is configured to color the packets, the counter in the action group can count the packets.

Below is one configuration example, It will help for better understanding...

Topology:

PC1 sender(192.168.1.9)------- port0/0 swtich port 0/1----------PC2 receiver (192.168.1.15)

Configuration:

Traffic meter: (It is configured with 5Mb)

traffic-meter TEST_VLAN100
 meter mode trtcm 5120 160000 5120 512000
 meter action red drop
 meter action yellow drop
 exit

l3-action-group TRAFFIC_LIMIT
 meter TEST_VLAN100
 exit

ip access-list extended MATCH_TRAFFIC
 10 permit ip any any l3-action-group TRAFFIC_LIMIT
 exit

vlan 100
 ip access-group MATCH_TRAFFIC in
 exit

Port  configuration:

port 0/0
 port-type uni
 uni-isolate community
 port access vlan 100
load-interval 30
 exit
port 0/1
 port-type uni
 uni-isolate community
 port access vlan 100
load-interval 30
 exit


You can see, the results in below screenshots.

Screenshots:

BEFORE APPLYING

PC-1 : (Sender- 192.168.1.9) – PC1 in sending 7 MB of traffic to PC 2.
Before Traffic meter:


PC-2 Receiver (192.168.1.15)

Before applying Traffic meter :




After applying traffic meter:
AFTER APPLYING

PC-1 (Sender - 192.168.1.9)
When you apply traffic meter, then also sender will not get affected, it will send the traffic as usual. But you can see the effects in receiver end.





PC-2 (Receiver – 192.168.1.15)
you can see here our ACL is working. After applying traffic meter, the receiver is only receiving 5 MB.



I was doing one testing, Where I used traffic meter. So I shared this testing and traffic meter concepts. 

Device used: Maipu 3400 switch
IOS: sp1-g-6.2.17.pck

Plz check the command explanations: 

meter mode srtcm cir cbs ebs

meter mode trtcm cir cbs bps pir




Command
Description
meter mode srtcm
Configure the traffic meter as srtcm mode. The configuration is colored according to the metering result of the traffic meter.
meter mode trtcm
Configure the traffic meter as trtcm mode. The configuration is colored according to the metering result of the traffic meter.
Cir
Commitment information rate
Cbs
Commitment burst size
Ebs
Exceeding burst size
Pbs
Peak burst size
Pir
Peak information rate


You can use this feature for VLAN based traffic control using ACL.

Hope this information is informative for you.
For feedback, Plz comment with your name and mail id. For new users you can use Name/URL option.

Thanks for reading… 

Wednesday, July 20, 2011

Link Aggregation - Maipu and Cisco

Today we will discuss about Link aggregation, This is very important topic in switching. This is many times used in Enterprises network for trunking. Basically this will help to bind several physical links together to form a logical link and it can be used to increase link bandwidth for trunk. Meanwhile, each aggregation member link can achieve dynamic backup with each other to provide higher connection reliability.

This section describes the concept of the link aggregation. Main contents:
  • Terms of the link aggregation
  • Functions of the link aggregation
  • LACP protocol


Terms of the Link Aggregation

Link aggregation: multiple physical links are bound together to form a logical link, which expands the link bandwidth. At the same time, the member links of the aggregation are dynamic backup mutually. It provides higher reliability.

  • LAC: Link Aggregation Control
  • LACP: Link Aggregation Control Protocol, defined in IEEE802.3ad.
  • LACPDU: Link Aggregation Control Protocol Data Unit.
  • LAG: Link Aggregation Group.
  • LAG ID: Link Aggregation Group Identifier.
  • Key: 16-bit integer variable, for describing the aggregation capability of a port. It is composed of rate, duplex, and administrative key (aggregation group ID).
  • Administrative Key: The key used by the administrator for setting.
  • Operational Key: The key reflecting the port aggregation capability.


Functions of the Link Aggregation

The link aggregation is a aggregation group composed of multiple ports. The upper layer entities using the link aggregation service regard the multiple physical links in the same aggregation group as a logical link. The function of the link aggregation is to share the in/out load in each member port to increase the link bandwidth. At the same time, member ports of the aggregation group are dynamic backup mutually. It provides higher reliability.

LACP Protocol

IEEE802.3ad-based LACP is a protocol for implementing the link dynamic aggregation. The LACP protocol communicates with the opposite end through the Link Aggregation Control Protocol Data Unit (LACPDU). After the LACP protocol of a port is enabled, the port advertises the system priority, system MAC address, port priority, port number, and the operation key to the opposite end by sending LACPDU. After the opposite end receives the information, compare the information with the information saved in other ports to select port to aggregate. As a result, the two parties can agree with each other on joining or exiting a dynamic aggregation group. The operation key is a configuration combination generated by the LACP protocol according to the port configuration (rate, duplex, administrative key).

Classification of Link Aggregation

The link aggregation can be classified into two types according to the aggregation mode:
  • Manual aggregation
  •  LACP protocol aggregation

Below are configuration examples for both modes.

Configuration for Link Aggregation

Topology

LAC configuration

As figure above, ports 0/1-0/3 between two switches connect with each other. Local switch switch1 aggregates peer switch switch2; three ports of each side participate in the aggregation. Suppose that the numbers of the ports that participate in the aggregation at the two sides are all 0/1-0/3.

Mode 1: Manual Aggregation

switch1 configuration:

Command
Description
switch (config)#link-aggregation 1 mode manual
Create manual aggregation group 1
switch (config)#port 0/1-0/3
Enter the port mode
switch (config-port-range)#link-aggregation 1 manual
Add a port into aggregation group in manual mode

switch2 configuration:
Command
Description
switch (config)#link-aggregation 1 mode manual
Create manual aggregation group 1
switch (config)#port 0/1-0/3
Enter the port mode
switch (config-port-range)#link-aggregation 1 manual
Add a port into an aggregation group in manual mode

Mode 2: Protocol Aggregation

switch1 configuration

Command
Description
switch (config)#link-aggregation 1 mode lacp
Create protocol aggregation group 1
switch (config)#port 0/1-0/3
Enter the port mode
switch (config-port-range)#link-aggregation 1 active
Add a port into an aggregation group in protocol mode

switch2 configuration:

Command
Description
switch (config)#link-aggregation 1 mode lacp
Create protocol aggregation group 1
switch (config)#port 0/1-0/3
Enter the port mode
switch (config-port-range)#link-aggregation 1 active
Add a port into an aggregation group in protocol mode

Monitoring Commands

View Commands:

Command
Description
show link-aggregation group [agg-id]
Display the aggregation information of a specified aggregation group
show link-aggregation port [port_no]
Display the aggregation information of a port

Debugging Commands

Command
Description
(no) debug lac [pdu [rx|tx] | machine | event ] [port port-no]
Enable the debugging switch of the information about link aggregating process.

Hope this information will help you for understanding of Link aggregation concept and configuration in Maipu Switches for Cisco it’s same. Cisco is having PAGP propriety protocol for Link aggregation.

Port Aggregation Protocol (PAGP)
  • Cisco Proprietary
  • Port Modes : Auto , Desirable , On


If Both side you set as a Auto mode then it will not become Ether Channel

  • Auto Means : It will say u want to be a Ether channel
  • Desirable Mode: It will u r Ether channel the I will be.
  • On: No Negotiating -- He will be only Ether channel and Destination Switch should be configured as a Ether channel. [ Better One ]

 PagP Configuration Example :-

SwitchA(config)# int range fastethernet 0/23 - 24
SwitchA(config- if)# channel-protocol PagP
SwitchA(config- if)# channel-group 1 mode desirable

SwitchB(config)# int range fastethernet 0/23 - 24
SwitchB(config- if)# channel-protocol PagP
SwitchB(config- if)# channel-group 1 mode auto

Thanks for reading , Hope this post is informative for you. For any feedback and queries Plz comment with your Name and Mail id. For easy options use Name/URL option. 

Wednesday, July 13, 2011

E-LAN services using QinQ-Maipu

In this section, I will share one testing report. This will help you to configure E-LAN services over Maipu Metro Ethernet switch network.

In this scenario, We are using Maipu 3400 switches and enabled QinQ technology in all switches to achieve ELAN and make reachable all connected routers. There is one more way of configuration using evc commands. But I feel this is easy to configure.

So I prefer this way.
Here is topology:

Topology


VLAN200 is used as outer vlan (ISP inside VLAN)in the backbone network. We are using QinQ tunnel technology to achieve ELAN services.

Objective - The requirement is Router-B can communicate with Router-A, Router-C can communicate with Router-A, and Router-B can’t communicate with Router-C.

Configurations:

Switch-A:

hostname SW-A

vlan 1      
 exit

vlan 100
 description ###control_VLAN###
 exit

vlan 200
 description ###outer_tag###
 exit

!slot_0_SM3400-24FET4GEFA
!slot 0
port 0/0
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/1
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/2
 port-type nni
 port mode hybrid
 port hybrid untagged vlan 1,200
 port hybrid pvid vlan 1
 vlan dot1q-tunnel enable
 vlan dot1q-tunnel drop
 vlan dot1q-tunnel 20,30 200
 exit

interface vlan1
 ip address 1.1.1.1 255.255.255.0
 exit

eips ring 1 master segment
 control vlan 100
 instance 0
 primary port 0/0
 secondary port 0/1
 eips start
 exit

Switch-B:

hostname SW-B

vlan 1      
 exit

vlan 100
 description ###control_VLAN###
 exit

vlan 200
 description ###outer_tag###
 exit

!slot_0_SM3400-24FET4GEFA
!slot 0
port 0/0
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/1
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/2
 port-type nni
 port mode hybrid
 port hybrid untagged vlan 1,200
 port hybrid pvid vlan 1
 vlan dot1q-tunnel enable
 vlan dot1q-tunnel drop
 vlan dot1q-tunnel 20 200
 exit

interface vlan1
 ip address 1.1.1.2 255.255.255.0
 exit

eips ring 1 transit segment
 control vlan 100
 instance 0
 primary port 0/0
 secondary port 0/1
 eips start
 exit

Switch-C:

hostname SW-C

vlan 1      
 exit

vlan 100
 description ###control_VLAN###
 exit

vlan 200
 description ###outer_tag###
 exit

!slot_0_SM3400-24FET4GEFA
!slot 0
port 0/0
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/1
 port-type nni
 port mode trunk
 port trunk allowed vlan all
 port trunk pvid vlan 1
 no spanning-tree enable
 exit
port 0/2
 port-type nni
 port mode hybrid
 port hybrid untagged vlan 1,200
 port hybrid pvid vlan 1
 vlan dot1q-tunnel enable
 vlan dot1q-tunnel drop
 vlan dot1q-tunnel 30 200
 exit

interface vlan1
 ip address 1.1.1.3 255.255.255.0
 exit

eips ring 1 transit segment
 control vlan 100
 instance 0
 primary port 0/0
 secondary port 0/1
 eips start
 exit

Router-A:

interface fastethernet0.20
 ip address 20.1.1.1 255.255.255.0
 encapsulation dot1q 20
 exit

interface fastethernet0.30
 ip address 30.1.1.1 255.255.255.0
 encapsulation dot1q 30
 exit

Router-B:

interface fastethernet0.20
 ip address 20.1.1.2 255.255.255.0
 encapsulation dot1q 20
 exit

Router-C:

interface fastethernet0.30
 ip address 30.1.1.2 255.255.255.0
 encapsulation dot1q 30
 exit

Result:

On the router A, router A can ping to router B and router C both


But router B can’t communicate with Router-C because they are in different VLAN:



Check the switch:



IOS version:

sp1-g-6.2.19.pck
size: 7979128bytes




Hope this configuration will help you in deployment of ELAN.
For any queries and feedback, Plz comment with your Name and mail id, you can use NAME/URL option.
  

Related Posts Plugin for WordPress, Blogger...