Sunday, July 15, 2012

PPPoE (Point-to-Point Protocol over Ethernet)

What is the need of PPPoe? Why we use PPPoe? Suppose a DSL user want to communicate with the Service Provider (SP),  that user must be authenticated and we can do that by using PPPoe but we can do so by other ways also so what is the real need for PPPoe to be used ?  Many things we can do with PPPoe like to verify the user before it comes on a link. We can use OSPF or EIGRP for authentication but we need authentication before the routing process starts. So if you want to do the authentication on the link so PPPoe is the cool and right feature.
The DSL will dial ISP and will ask that I want to dial up.  The ISP will reply that let me check your credential like username and password. The DSL will say this is my username and password, the ISP will confirm through AAA or any other server and will allow DSL to communicate to the internet using the ISP backbone if request is successful.
In this lab to see the results we will be using two Cisco-7200 routers where one will act as ISP and other will act as DSL-Client.
First thing we need to do is the bba (Broadband Access group)
SP-SERVER SIDE CONFIGURATION
SP-Server (config)# bba-group pppoe TESTGROUP
SP-Server (config-bba-group)# do show ip int brief            =====> virtual group made
At this point we need to associate a virtual template to bba-group which we define (TESTGROUP). A Virtual Template is define so that any user who will come through the virtual interface (define later) so all parameters which are set in this Virtual Template will be apply on them. Blow is the definition of the virtual template which associate it to the bba-group.
SP-Server (config-bba-group)# virtual-template 1                =====> only this to associate with group
Now I will create the virtual interface and will associate to the virtual template that I define above.
SP-Server (config)# interface virtual-template 1                   ======> same no as defined above
SP-Server (config-if)#                                                               ========> now we are in template interface and what we define here will be for all those user who dial here in on this interface.
SP-Server (config-if)# do show ip int brief
Virtual-Access is the bba-group
Virtual-Template 1
SP-Server (config-if)# ip address 192.168.1.1 255.255.255.0
SP-Server (config)# default interface fast1/0
SP-Server (config)# int fas1/0
SP-Server (config-if)# pppoe enable group TESTGROUP
SP-Server#debug pppoe packet

CLIENT-SIDE CONFIGURATION
DSL-Client(config)# int fa0/0
DSL-Client (config-if)# pppoe-clinet dial-pool-number 10
DSL-Client (config-if)# do show ip int brief
Now we will create a Dialer Interface which is sued to dial virtually out to SP-Server.
DSL-Client (config)# interface dialer 1
NOTE: We can use DHCP or static ip here, i will show both methods here, first static IP
DSL-Client(config-if)# ip address 192.168.1.10 255.255.255.0
DSL-Client(config-if)# encapsulation ppp
Now we will associate this interface (Dialer) to the dial-pool (define above)
DSL-Client (config-if)# dialer pool 10
DSL-Client # debug ppoe packets
We have dialer interface here on DSL-Client and mean while see the debug on DSL-Client side which send the broadcast messages, mac-address, this is basically the DSL-Client is dialling the SP-Server.
DSL-Client#
*Jul 15 19:01:09.431: pppoe_send_padi:
         FF FF FF FF FF FF CA 01 01 FC 00 1C 88 63 11 09
         00 00 00 0C 01 01 00 00 01 03 00 04 64 56 34 5C ...
 
But when we enable the interface on SP-Server to allow the DSL request by unshut the interface so communication between SP and DSL stats as show in the below debug messages:


SP-Server(config-if)#
*Jul 15 19:01:57.927: PPPoE 0: I PADI  R:ca01.01fc.001c L:ffff.ffff
         FF FF FF FF FF FF CA 01 01 FC 00 1C 88 63 11 09
         00 00 00 0C 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:01:57.931: PPPoE 0: O PADO, R:ca00.01fc.001c L:ca01.01fc
*Jul 15 19:01:57.931:  Service tag: NULL Tag
         CA 01 01 FC 00 1C CA 00 01 FC 00 1C 88 63 11 07
         00 00 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:01:58.435: %LINK-3-UPDOWN: Interface FastEthernet1/0, ch
o up
*Jul 15 19:01:58.435: %ENTITY_ALARM-6-INFO: CLEAR INFO Fa1/0 Physic
istrative State Down
*Jul 15 19:01:59.435: %LINEPROTO-5-UPDOWN: Line protocol on Interfa
et1/0, changed state to up
*Jul 15 19:02:00.015: PPPoE 0: I PADR  R:ca01.01fc.001c L:ca00.01fc
         CA 00 01 FC 00 1C CA 01 01 FC 00 1C 88 63 11 19
         00 00 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:02:00.047: [1]PPPoE 1: O PADS  R:ca01.01fc.001c L:ca00.0
0
         CA 01 01 FC 00 1C CA 00 01 FC 00 1C 88 63 11 65
         00 01 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:02:03.183: [1]PPPoE 1: Vi1.1 O FS

DSL-Client(config-if)#
*Jul 15 19:01:57.879: pppoe_send_padi:
         FF FF FF FF FF FF CA 01 01 FC 00 1C 88 63 11 09
         00 00 00 0C 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:01:57.979: PPPoE 0: I PADO  R:ca00.01fc.001c L:ca01.01fc.001c Fa1/0
         CA 01 01 FC 00 1C CA 00 01 FC 00 1C 88 63 11 07
         00 00 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:01:59.943: OUT PADR from PPPoE Session
         CA 00 01 FC 00 1C CA 01 01 FC 00 1C 88 63 11 19
         00 00 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:02:00.139: PPPoE 1: I PADS  R:ca00.01fc.001c L:ca01.01fc.001c Fa1/0
         CA 01 01 FC 00 1C CA 00 01 FC 00 1C 88 63 11 65
         00 01 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:02:00.167: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Jul 15 19:02:00.267: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o up
*Jul 15 19:02:03.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Ac
cess1, changed state to up
*Jul 15 19:02:03.307: [0]PPPoE 1: Vi1 O FS
*Jul 15 19:02:13.555: [0]PPPoE 1: Vi1 O FS
*Jul 15 19:02:23.827: [0]PPPoE 1: Vi1 O FS 

We can also see the PPPoe session made between SP-Server and DSL-Client.
SP-Server#show pppoe session
*Jul 15 19:08:52.779: [1]PPPoE 1: Vi1.1 O FS
     1 session  in LOCALLY_TERMINATED (PTA) State
     1 session  total
Uniq ID  PPPoE  RemMAC          Port                    VT  VA         State
           SID  LocMAC                                      VA-st
      1      1  ca01.01fc.001c  Fa1/0                    1  Vi1.1      PTA
                ca00.01fc.001c                              UP

Using DHCP
I hope you all know about how to configure DHCP on Routers, if not Please see Cisco Router as DHCP Server.
Please remove manual IP address from interface fas1/0 and dialer on DSL-Client and make the method as DHCP and configure DHCP on SP-Server. The configuration is given below:
SP-Server:
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool POOLFORPPPOE
   network 192.168.1.0 255.255.255.0
interface Virtual-Template1
 ip address 192.168.1.1 255.255.255.0
 peer default ip address dhcp-pool POOLFORPPPOE
DSL-Client
DSL-Client(config)#interface fa1/0
DSL-Client(config-if)#no ip address
DSL-Client(config-if)#ip address dhcp                                               =====> Add this command
DSL-Client(config)#interface dialer 1
DSL-Client(config-if)#no ip address
DSL-Client(config-if)#ip address dhcp
 Verification
DSL-Client#show ip interface brief

Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0/0            unassigned      YES unset  administratively down down
FastEthernet1/0            unassigned      YES DHCP   up                    up
FastEthernet1/1            unassigned      YES unset  administratively down down
Virtual-Access1            unassigned      YES unset  up                    up
Dialer1                    192.168.1.13    YES DHCP   up                    up

DSL-Client#show pppoe session

     1 client session
Uniq ID  PPPoE  RemMAC          Port                    VT  VA         State
           SID  LocMAC                                      VA-st
    N/A      2  ca00.01fc.001c  Fa1/0                  Di1  Vi1        UP
                ca01.01fc.001c                              UP
 

I hope this will be informative for you !

Cheers :)

Saturday, June 30, 2012

PW Down, VSI Down, Layer-2 Circuit Down

Migration of Cisco CRS-1 to Huawei NE40E-X16 was performed few days ago & all goes well. After a day we received complaint about few sites from customer that they are not able to reach our backbone :(, while checking the related configuration for that customer, we notice that the Pseduowire is down, although we notice that vsi is down for that customer. migration was done on aggregator node. You can issue following command to see the status:

PE-AggX16-RegionName-2222-1 -- display vsi name Vlan8888 verbose

***VSI Name : Vlan8888
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 28
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : ethernet
MTU : 1500
VSI State : down
..................................................output Omitted

VSI ID : 8888
*Peer Router ID : 192.168.98.21
primary or secondary : primary
ignore-standby-state : no
VC Label : 5461
Peer Type : dynamic
State : down
.................................................output Omitted

**PW Information:

*Peer Ip Address : 192.168.98.21
PW State : down
Local VC Label : 5461
Remote VC Label : 28751
PW Type : label
.................................................output Omitted

After checking the configuration and logs we find out that at Agg-222, PW under VSI Vlan8888 was down. We found vsi id under vsi Vlan8888 was 8888 while at the peer Edge-333 that VSI ID was configured under different VSI. So we changed VSI-id at aggregator to 1880. At edge there was no vsi Vlan8888, so we create it & define same vsi-id under it whis is 1880.

Second, We also notice that Interface vlan 8888 was not bind to Vsi Vlan8888 at both Agg-222 and Edge-333, so we bind it to the interface vlan 8888 and then VSI came up.

Configuration done on both Aggreegator and Edge are:

Edge - 2222 Configuration:
==========================

vsi Vlan1058 static
pwsignal ldp
vsi-id 1880
peer 192.168.xx.xx
encapsulation ethernet
tnl-policy loadbalance

#
interface Vlanif8888
l2 binding vsi Vlan8888
#


Agg-2222 Configuration:
=======================

vsi Vlan1058 static
pwsignal ldp
vsi-id 1880
peer 192.168.xx.xx
encapsulation ethernet
tnl-policy loadbalance
#
interface Vlanif8888
l2 binding vsi Vlan8888


Verification:

PE-AggX16-RegionName-2222-1 -- dis vsi name Vlan8888
Vsi Mem PW Mac Encap Mtu Vsi
Name Disc Type Learn Type Value State
--------------------------------------------------------------------------
Vlan1058 static ldp unqualify ethernet 1500 up


PE-AggX16-RegionName-2222-1 -- display vsi name Vlan8888 verbose

***VSI Name : Vlan8888
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 28
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : ethernet
MTU : 1500
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : 255
Domain Name :
Tunnel Policy Name : loadbalance
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 26 minutes, 18 seconds
VSI State : up

VSI ID : 1880
*Peer Router ID : 192.168.xx.xx
primary or secondary : primary
ignore-standby-state : no
VC Label : 5461
Peer Type : dynamic
Session : up
Tunnel ID : 0x60036ed9
Broadcast Tunnel ID : 0x60036ed9
Broad BackupTunnel ID : 0x0
CKey : 69
NKey : 66
StpEnable : 0
PwIndex : 0

Interface Name : Vlanif8888
State : up
Access Port : false
Last Up Time : 2012/06/26 21:04:41
Total Up Time : 0 days, 0 hours, 10 minutes, 33 seconds

**PW Information:

*Peer Ip Address : 192.168.xx.xx
PW State : up
Local VC Label : 5461
Remote VC Label : 28751
PW Type : label
Tunnel ID : 0x60036ed9
Broadcast Tunnel ID : 0x60036ed9
Broad BackupTunnel ID : 0x0
Ckey : 0x45
Nkey : 0x42
Main PW Token : 0x40007e66
Slave PW Token : 0x40007e67
Tnl Type : LSP
OutInterface : Tunnel0/0/3000
Backup OutInterface :
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2012/06/26 21:04:41
PW Total Up Time : 0 days, 0 hours, 10 minutes, 33 seconds

I Hope this will be informative for you !

Thursday, June 21, 2012

Multiprotocol Label Switching (MPLS) VPN

Yes Guys & Girls! Waiting for detail step wise configuration of Multiprotocol Label Switching Virtual Private Network (MPLS-VPN).

R1(config) # ip cef
R1(config) # mpls ldp router-id loopback 0
R1(config) # mpls label protocol ldp
R1(config) # mpls ip

Repeat same commands on router R2 & R3



We can divide the configuration phase into four steps:

1 - VRP related Configuration
2 - MP-BGP Related Configuration
3 - PE-CE Routing Protocol Configuration
4 - Redistribution

Step # 1 VRF Configuration

R1(config)# ip vrf test
R1(config-vrf)# rd 1:1
R1(config-vrf)# route-target 1:1

By using above command for RT it is defined automatically for both
importa and export, if you want to use seperate you can do so. Use
R1 # show running-config command to see that both import and export
RT is defined using above command.

R1(config)# interface serial 1/1
R1(config-if)# ip vrf forwarding test

./. You will get Warning that IP Address 5.1.1.2 is removed due to
vrf configuration. Assign IP Address again.

R1(config)# interface serial 1/1
R1(config-if)# ip address 5.1.1.1 255.0.0.0

Note: Now when you check your routing table you will not see 5.0.0.0 network as it is removed and move to vrf table. you can confirm it using below command:

R1 # show ip route vrf test

R1 # ping vrf test 5.1.1.1

The result should be sucessfull :)


R3(config)# ip vrf test //The vrf name here can be differnt.
R3(config-vrf)# rd 1:1
R3(config-vrf)# route-target 1:1

R3(config)# interface serial 1/0
R3(config-if)# ip vrf forwarding test

./. You will get Warning that IP Address 5.1.1.2 is removed due to
vrf configuration. Assign IP Address again.

R3(config)# interface serial 1/0
R3(config-if)# ip address 3.1.1.1 255.0.0.0


Step # 2 MP-BGP Configuration

R1(config)# router bgp 1
R1(config-router)# bgp router-id 11.1.1.1
R1(config-router)# bgp auto-summary
R1(config-router)# no synchronization
R1(config-router)# neighbor 33.3.3.3 remote-as 1
R1(config-router)# neighbor 33.3.3.3 update-source loopback 0

R3(config-router)# router bgp 1
R3(config-router)# bgp router-id 33.3.3.3
R3(config-router)# bgp auto-summary
R3(config-router)# no synchronization
R3(config-router)# neighbor 11.1.1.1 remote-as 1
R3(config-router)# neighbor 11.1.1.1 update-source loopback 0

The above is basic BGP configuration. Now MP-BGP configuraiton (We used Multi-Protocol BGP (MP-BGP) because we need this to carry VPNv4, VPNv6, IPv6 & IPv4 Packets while BGP only carry IPv4 traffic.

R1(config) # router bgp 1
R1(config-router) # address-family vpnv4
R1(config-router-af) # neighbor 33.3.3.3 activate
R1(config-router-af) # neighbor 33.3.3.3 send-community both

R3(config) # router bgp 1
R3(config-router) # address-family vpnv4
R3(config-router-af) # neighbor 11.1.1.1 activate
R3(config-router-af) # neighbor 11.1.1.1 send-community both



Step # 3 PE-CE Configuration

Run OSPF between PE & CE but make sure to use different process-id from one which is already running on PE as you all routes will be in service provider area.

R1(config)# router ospf 10 vrf test
R1(config-vrf)# router-id 5.1.1.2
R1(config-vrf)# network 5.0.0.0 0.255.255.255 area 0

Note: We used different id other than loopback as that is already use by OSPF-1.

R5(config)# router ospf 1
R5(config-router)# router-id 55.5.5.5
R5(config-router)# network 55.5.5.5 0.0.0.0 area 0
R5(config-router)# network 50.1.1.1 0.0.0.0 area 0
R5(config-router)# network 5.1.1.1 0.0.0.0 area 0

R1# show ip route vrf test


R3(config)# router ospf 10 vrf test
R3(config-vrf)# router-id 3.1.1.1
R3(config-vrf)# network 3.0.0.0 0.255.255.255 area 0

R7(config)# router ospf 1
R7(config-router)# router-id 77.7.7.7
R7(config-router)# network 77.7.7.7 0.0.0.0 area 0
R7(config-router)# network 70.1.1.1 0.0.0.0 area 0

R3# show ip route vrf test

R3# ping 11.1.1.1


Step # 4 Redistribution

On R1, Routes which are learned via OSPF are now redistributed into BGP which is run in the MPLS domain.

R1(config)# router bgp 1
R1(config-router)# address-family ipv4 vrf test
R1(config-router)# redistribute ospf 10 match internal external

R3# show ip route vrf test

Now redistribute BGP into OSPF as routes reached to R3 but not R7 as on R7 we have OSPF, so redistribute BGP into OSPF.

R3(config)# router ospf 10
R3(config-router)# redistribute bgp 1 subnets

Now do the redistribution in reverse direction. Redistribute OSPF into BGP.

R3(config)# router bgp 1
R3(config-router)# address-family ipv4 vrf test
R3(config)# redistribute ospf 10 match internal external

R1(config)# router ospf 10
R1(config-router)#redistribute bgp 1 subnets


Verifications:

R5# ping 77.7.7.7
R5# traceroute 77.7.7.7

I hope this will be informative for you :)

Saturday, June 16, 2012

MPLS Traffic Engineering:: Part – 1 :: Theory

Whenever data is moved and we want the data not to follow the routing protocol dedicated path but to redirect to the path which we select for the traffic to follow. When we determined the path for traffic or data to follow so there are some concept on which Multiprotocol Label Switching - Traffic Engineering (MPLS-TE) is based:

When Routing Protocol is configured on a node it results about the interface parameters like Bandwidth information:

1. MPLS-TE also gives us some information like Bandwidth of the link, how much bandwidth is left (remaining) or Bandwidth is available. Basically it gives the link properties (all these are link constraints).

2. Protocol is needed which carry information and these information are carried by Link State Protocol either OSPF or IS-IS.

3. Constraint based SPF or Path Calculation algorithm is needed for the determination of best path to various routes. This CBSPF use many constraints for path selection other than bandwidth.

4. We have to make sure that the connectivity is available on that path which is selected for traffic. Resource Reservation Protocol (RSVP) is used to reserve bandwidth on the path. For example, we need 10 Mbps on a link, so RSVP ensures this much of bandwidth & RSVP also do the label, changing end-to-end changing (information).

Path Message: Which ensure Bandwidth?
Reserve Message: Confirmation of Bandwidth



In TE, the tunnel headed router decided which path the traffic should follow

a: The LSP Path/Tunnel is one way

b: TE Tunnel configuration is done on Head router, that’s why one way

c: We can use RSVP and LDP parallel like some traffic will pass through tunnel which will use Tunnel Label while some traffic will pass out of Tunnel which will use LDP Label.

d: We can have multiple Tunnels so we can have more than one label.



e: In MPLS TE we basically decided: How to allow the traffic in tunnel means How to route the traffic to the tunnel? & How to feed the traffic in Tunnel?

f: In TE we basically engineer, Like we select another path other than the path which is selected by routing protocols. Routing protocols select best path using only metric which TE use many other parameters for it.

I hope this will be informative for you !

Cheers :)

Interfac GigabitEthernet 2/9/1 :: Received Pause Frames Exceeded Threshold

At time something is not that big thing but live network is live which makes you so careful and conscious that you take care of each and every alarms of Router (NE40E). I saw the above alarms on my NE40E, when I try to troubleshoot so it was not that big problem. At time due to this may be some data services lost on that interface. You can get this due to some reasons which include “The receiving rate of pause frames exceeded the threshold” or it is receiving for continuous time.

Solution:

You just need to check the rate on the interface; if you see this alarm what you need is to reduce the traffic rate from neighbor node. In my case when I notice this so no high rate was noticed on the interface, it just appear for a while and then disappear.

I hope this will be informative for you.

Monday, May 14, 2012

Cisco Career Certification Complete Reference

A Complete Reference to Cisco Career Certification Tracks !

Which Track are you following ?




I hope this will be informative for you !

Cheers :)

Saturday, April 28, 2012

Power Sensor of Board 1220 Failed :: Huawei NE40E

Whenever there is problem with the physical entity or it goes failed so the board cannot work normal and it may results in services interruption. You will face such problem when the power-on sensor board is faulty.

I will talk about the troubleshooting process, how we can find out, where & what is the problem, here we go:

First Step, Login in to your NE40E and issue the following command to check whether “MonitorBus Version” is older than 19 or the softeware version is older than 3.6

display version

If it so then use the following commands to upgrade both

upgrade lpu 1 startup monitorbus // to upgrade s/w version
upgrade lpu by-testbus 1 startup mbus_epld // to upgrade the logical version

Now check the problem is resolve or not. If it is not resolve then perform the following task where we will turn-off and turn-on the power modules to check the master and slave behavior:

power off slot 1 //Power off the board
power on slot 1 //Power on the board

If you see that the problem is resolved means all the trap alarms are cleared in NE40E so this indicates that there is problem with the power supply which needs to be replaced but if still the trap alarms are there in NE40E then you have to send some detail information from NE40E like “display trapbuffer”, “terminal monitor” and “terminal trapping” which will be studied in detail to find the root cause for the problem.

I Hope this will be informative for you.

Wednesday, April 25, 2012

8-Step Design Process

Link to my previous post of "Network Design" where i talk about the first 3-stpes and promise was done about the 4th-stpe where i will talk about the 8-stpe design process.

1. Recognize Customer Needs
2. Describe the Existing Network
3. Design Networking & Topology Solution
4. Plan the Network Implementation
5. Construct a Prototype Network
6. Fully Document the Design
7. Implement the Design
8. Verify, Monitor & Modify as Needed

1. Recognize Customer Needs
1.1 Scope Assessment
1.2Gathering the Necessary Data
1.3 Identifying Organizational Goals
1.4 Identifying Organizational Limits
1.5 Identifying Application & Services
1.6 Reaching Technical Goals
1.7 Identifying Technical Constraints

a) Scope
New v/s Existing
Entire or Subnet Modular
LAN, WAN, VoIP, Security
OSI, NAT, IP Addressing

b) Gathering the Necessary Data
Mostly we do from existing documents, anyhow we either ask for RFP or RFI.
RFP (Request for Proposal) – We normally request from vendor, companies etc while RFI (Request for Information) – When we want to install new product & we ask vendor for it. Meanwhile we can also use RFI and RFP to query for customer existing, draft documents.

c) Identifying Organizational Goals
Organizational long term, short term goals
Define Success
Lower expenses and more services
Gain competitive edge
Flexible & Reliable
Utilizing, Reducing, Increasing, Improve, Enhancing, Boosting and Broadening (Information for Stockholders)

d) Identifying Organizational Limits
Budget & Training, License, everything, Different Areas
People & Trained People Experts, If need additional Training – Contractor or Outsourcing
Policies – Vendor Policies used, Procedures
Time – You have good PM, Experience, time to meat, deadline etc

e) Identifying Application & Services
Application category, Application choice, Level etc
Like E-mail, Productivity, Voice, Web, DB, Customer Services, Security, QoS, IP Multicasting, Management etc

f) Reaching Technical Goals
Maximum Performance & Productivity
Enhance Security
Achieve Reliability for Critical Core Application
Reduce Downtime
Update Obsolete: Hardware &/or Software
Boost Network Scalability
Simple Network Management

g) Identifying Technical Constraints
Limitation of Existing Equipment
Availability of existing equipment
Compatibility of Application
Adequacy of Trained Personnel

2. Existing Network Topology
L-3 Topology & L-2 Topology - Check everywhere and documents this
Network Services – NAT, ACL, Protocol, Frame Relay/ATM, Backup Path, IP etc
Network Application – Web, FTP, Mail, Chat/IM, IP Telephony etc
Modular Map – Network Management, Internet Module, WAN, Internal Server Farm, Backbone etc
Collect Audit Report like Router Model, CPU Memory, Utilization, IOS Version, Router-Config, Routing Table, Module/slots, report etc. We can use below command, which will generate output of many commands almost:
Router # show tech-support

3. Designed Network & Topology Solution



4. Plan the Network Implementation
Have a step-by-step Procedure
Well documented & detailed
Include other staff and consultant
Consider Possible Pitfalls
Test at every step in the process
Break down complex procedure into chunks

5. Construct a Prototype Network
Pilot or Prototype - Pilot (From Scratch) & Prototype (Test, Verify and re-design)
Prototype is preferable
Bottom-Line: Test the Design
Two possible result: Success or Failure

6. Fully Document Outline

7. 8-Step Design Method

8. For Implementation, verify, monitor, & Modify - Further study at Routing and Switching (CCNP-CCIE) Level

I Hope this will be informative for you :)

Sunday, April 15, 2012

Bidirectional Forwarding Detection (BFD)

Bidirectional Forwarding Detection (BFD) is a network protocol used to detect link failure between two nodes. This is great features used for link detection as it even detect failure for you on Layer-1 where mostly detection is not possible like on VC, tunnels, MPLS-LSP, Ethernet etc.

When BFD session is establishes between two nodes, & if there are more than twlo links exists b/w that two nodes so BFD can be used to monitor the session for these two nodes. BFD does not have a discovery mechanism, sessions must be explicitly configured between endpoints. For example, on Huawei NE40E, we can do like:

bfd to-NameOfNode-001 bind peer-ip default-ip interface GigabitEthernet1/1/1
discriminator local 809
discriminator remote 908
min-tx-interval 60
min-rx-interval 60
process-interface-status
commit


BFD may &/or can be used on many different transport mechanisms and layers. For this it needs to be encapsulated by whatever transport it uses. For example, MPLS-LSP, OSPF, IS-IS Protocols that support some form of adjacency setup.

BFD can be used in either asynchronous mode and demand mode.

I hope this will be informative for you.

Cheers :)

Wednesday, February 8, 2012

BFD Session status Changes to Down & Up

While working on DataCom Network (composed of hundreds of NE routers, configured with MPLS, IS-IS, QoS, MPLS-VPN, MPLS-TE, BGP and list goes on and on……..!, I saw this alarm “BFD Session status Changes to down” and “BFD Session status changes to up”. After doing some research, studying and help, I came to know about the root cause and main reason for this alarm.

There can be different reason for alarm to appear:

1. The status of the interface goes down on which the BFD session is established between the two peers.

2. The BFD peer session is deleted or shutdown explicitly.

3. The link is not able to forward packets because of congestion or may be the link status is down.

In my case it was NSA (Non-Service Affecting) and I just need to confirm the status so for that we need to remember few commands which are:


display interface [interface name]


display bfd session all

There are bundle of more commands, if you need any help regarding that please feel free to reach me.

Note: If you are not familiar about BFD? Wait for my next blog on BFD

I Hope this will be informative for you :)

Multiprotocol Label Switching Fast Reroute (MPLS FRR)

In actual MPLS FRR is a feature of RSVP-TE, it is also called MPLS local restoration or MPLS local protection. MPLS FRR gives protection to the LSP path in a network where each LSP is protected by backup path. The node which redirects traffic after path failure to the backup path is known as Point of Local Failure (PLR) and the node where backup LSP merger with primary LSP is called Merge Point (MP). This protection is purely local as compare to protection which is enable at IP Layer (Layer-3) which take a bit more time then this which is not acceptable in real time application (VoIP, Video Conferencing etc). This local protection takes even less than 50 ms.

There are two types of protection approaches:

1. One-to-One Local Protection

In one-to-one approach, PLR maintain a separate path for each LSP across the path or network. This method creates a detour LSP for each protected path at the point of each local failure. For more detail, study RFC 4090

2. Many-to-One Local Protection

In this method, PLR create a single path that can be used to protect multiple LSP. In this method a same tunnel can be used for multiple LSP which acts as a protected path for all links which face failure. See RFC 4090 for more details.




Refer to the figure above, we have Node-A and Node-E as the start and end point for which the primary path (LSP) is from Node-A to Node-E through Node-B and Node-D. While the secondary path for Node-A to reach Node-E is through Node-C. We assume that for primary path FRR is enabled & once it is enable all the remaining nodes on a network came to know about this feature. Assume the link between Node-D and Node-E is down by any means, so the first node who realize this breakdown is Node-D which immediately inform Node-B and Node-A. For Node-A to get the failure message it will take some time and Node-D already know about the link failure & FRR is enable for the LSP so Node-D will use the detour path for the communication (Node-D-C-E) to avoid any loss and get rid of the link failure which will carry the traffic to final destination. This whole process will take less than 50 ms. On the other hand when the backup path (secondary LSP) comes up, traffic will be switched to the secondary LSP and detour path will turn down.

I Hope this will be informative for you :)

Ref: RFC4090

Monday, February 6, 2012

DHCP Relay

Dynamic Host Configuration Protocol (DHCP) serves to provide configuration parameters in a client/server environment where the DHCP server maintain address pool and lease information which the server used at time of requesting for IP from client side. This concept of DHCP relay is used when client and server does not reside on the same subnet. Look at the figure below; where the DHCP relay agent acts as a middle-man between host and DHCP server. When the host boots up on the network, the DHCP lease process occurs between the DHCP server and host (client).

DHCP lease process involves the following steps:

1. DHCPDISCOVER
In this step the host (client) sends a broadcast message over the network to request for IP address lease. The DHCP relay agent forwards the request to DHCP server after receiving from host.

2. DHCPOFFER
This can be a response from different server. This includes configuration parameters like IP, Lease information, MAC address, domain name etc as a unicast message to the host (client)

3. DHCPREQUEST
This is in response from the DHCP server to client who sends the initial DHCP server request, message means the client is requesting for IP address lease.

4. DHCPACK
This is sent by DHCP server to DHCP client which is the confirmation of assigning IP lease to the client.

As DHCPDISCOVER message is a broadcast over the network and you need a proper routing to route this message across the other segments where it has to be routed. For this you need to configure this on router interface so that it can forward your request to your DHCP server.

NOTE: In a routed network, you would need DHCP Relay Agents if you plan to implement only one DHCP server.



All clients on a network should be able to contact DHCP server. For this your server should be on the network topology and relied on by all TCP/IP based hosts with your environment. If your network is composed of different segments then we have to perform any of the following tasks:

a) Place a DHCP Relay agent on each segment
b) Place a DHCP server on each segment
c) Configure your router to forward a broadcast message


Configuration on Router

HUAWEI

You just need to configure a single command under the interface

[HUAWEI] interface GigabitEthernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] dhcp select {global | interface | relay}
[HUAWEI-GigabitEthernet1/0/1] dhcp select relay
[HUAWEI-GigabitEthernet1/0/1] ip relay address 192.168.20.20

Verification:

display dhcp relay statistics
display dhcp relay server {all | interface | vlan}

CISCO

Router # ip dhcp relay enable
Router # ip dhcp relay server 192.168.20.20 //Specify DHCP server address

Verification


Router# show ip dhcp relay conf
Router# show ip dhcp relay statistics

I Hope this will be informative for you :)

Friday, February 3, 2012

Network Design

Designing Network involves different steps, procedure and methods. I will talk about the first two section in this post, see other following post for the renaming:

1. Organizational Policies & Procedures
2. Essential of a Flexible Network
3. Network Design Method (PDIOO)
4. Design Process – 8 Steps

Organization Policy Cycle

An organizational policy and procedure is a collection of specific guidelines and rules in written form that are understood, implemented and maintained at every level of the organization for the purpose of reaching well-defined goals.



Guidelines for Organizational Model

Logical
– Mirror the ecosystem.
Incremental – start small but think big
Horizontal – Get constant input from stakeholders
Manageable – Implement Control and access mechanism
Critical – Implement core application first
Exceptional – look for cutting edge solution


Network Infrastructure Essential


1. Availability: This means there should be Resiliency in your network, Redundant and 24/7 available
2. Efficiency: Best equipment, Services, Software, AAA, Queuing etc
3. Functionality: Like .net – so we have sufficient bandwidth for the application
4. Manageability: e.g. SNMP, Maintain performance, Security etc
5. Performance: you get what needed
6. Scalability: Future expansion

Designing: Access Layer – Distribution Layer & Campus Backbone

While preparing for my CCDA and CCDP, I came across with these information. I hope it will help you :)

Access Layer


1. Current & future needs for users or node ports
2. Can your company or client afford modular Cisco units
3. Is the existing cabling UTP adequate?
4. Can you afford to move to MM fiber?
5. Performance and Bandwidth requirement
6. Redundancy? & up to which level it is needed &/or Required
7. VLAN, VTP, STP or RSTP support requirement?
8. Layer-2 traffic pattern, Multicasting & QoS?

Distribution Layer


1. Layer-2 switch adequate? A Layer-3 switch?
2. Total user do you support? Or have to?
3. Do you need high availability?
4. Do you need distribution switches, modular & scalable?
5. What type of intelligence service like QoS, Security, IP Multicasting etc
6. Are you prepare for manageability and configurability
7. Are advance features need to be implemented like RSTP, MSTP, Backbone fast or Uplink fast.

Campus Backbone

1. Do you have three or more building connected through enterprise campus infrastructure?
2. Is your solution L2, L2/L3 or L3 throughout the network?
3. Are you read for high performance, multilayer switching?
4. Does your customer want to simplify and lower the number of links between distribution layer switches and server farm/edge distribution modules?
5. What are the performance needs?
6. How many high capacity links/ports do you need?
7. What are the high availability/redundancy needs?

I Hope this will be informative for you :)