Kommentar verfassen

1.2 Routing Concepts

When we talk about IP-Routing we talk about forwarding packets to its destination based on different informations provided by the routing table (RIB). This table is composed of many things, but the most important is the destination and its next-hop. To know where the packet needs to be forwarded.

How is the information fed in the routing table?

There are three different sources where the information could come from.

Connected routes
These routes are networks configured on the interface of the device.

Static routes
This are manually configured routes that points to a specific network over a manually selected gateway.

Dynamic Routing protocols
Router has the ability to run specific protocols to exchange information between devices connected sharing the same segments. This protocols can forward information to its neighbors containing routes of devices that are not directly connected. Therefore the devices has a better connectivity by choosing a shorter path to a specific destination.

1.2.a Administrative distance

What happens if we received the same route we configured manually with the same prefix length coming from a dynamic routing protocol?

there is only space for one entry in the routing table for a network with same prefix length coming from different routing protocols. The decision is made first by the AD also called Administrative Distance. Every routing protocol has its own defined value for the administrative distance. For example, connected routes has an AD of 0, a static
route has an AD of 1 and OSPF has an AD of 110. The lower the value, the most preferred the route is.

Example:
If we configured manually a static route (AD: 10), telling the routing device that the network 192.168.1.0/24 is reached by the next-hop 10.10.10.2 and we receive the same network advertised by OSPF, a dynamic routing protocol (AD: 110), then the router will put the manually configured network in its routing table, since it has the lower AD.

Allgemein CCIE Journey CIsco Routing & Switching Switching
Kommentar verfassen

1.1.e Spanning Tree Protocol

Since Ethernet Frames do not have TTL (Time To Live) like a IP-Datagram, they will live forever till they are processed. This could lead to many issues in case there is a loop in the topology. The packet will ends into an endless loop and cause a possible saturation of the link and resources of the devices that are trying to process this data.

After a defined process of exchanging specific frames (BPDU, Bridge protocol Data Unit) spanning-tree protocol creates a Layer-2 Tree topology by placing a root switch on the top of the tree, that all the members agreed before. The loop will be blocked by putting links in the tree into a blocking state in order to have a free loop topology. In case an uplink fails, the recalculation will start again and the blocking links may be unblock to prevent connectivity between devices in the upper layers. There is a process to select which ports are in blocking or forwarding state.

By putting some links into the blocking state, spanning-tree impide us to use multipaths to reach to the destination. Which means, that this mechanism impide us to use the fully amount of bandwith offered by the topology. Different versions/standards of the spanning-tree has been developed in order to solve this kind of issues with small difference between eachother. Let us have a look to some of them.

Here are some terms that will be discussed in this post:

  • Primary Root Bridge
  • Secondary Root Bridge
  • Bridge
  • BPDU
  • TCN
  • STP Timers

BPDU (Bridge Protocol Data Unit)

A BPDU is a spanning-tree message containing certain information about a device. The information found in this frame is pasted in the output below, which is related to the commong spanning tree. This can be read in every BPDU under the ‚Protocol Version Identifier‘ and the value set to it, in this case Spanning Tree (0) . It contains its protocol version identifier, type of BPDU, its flags, and information about the root bridge and the local brige. We can say that root and bridge identifier are different (00:1c:0e:87:78:00 and 00:1c:0e:87:85:00) which means the BPDU generated was not sent from the root brdige. We also found information about its Max Age, Hello Time and Forward Delay

Allgemein CCIE Journey CIsco Design Routing & Switching Switching
Kommentar verfassen

1.1.d EtherChannel

The next topic in our serie is EtherChannel. CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

What is an EtherChannel?

Is a technique to bundle physical interfaces (Called members) into a logical one (Called Port-Channel) in order to increase the bandwidth and provide a certain redundancy in case a link fails. It also prevent the network to unused certain links to be blocked by Spanning-Tree Protocol, by acting as a single logical link.

Remark: EtherChannel offers more bandwidth, but not more throughput. The flows are always attached to one physical link, therefore the throughput of the phyisical links are the limitations for a flow.

Single links vs EtherChannel

Multi Chassis Etherchannel

Allgemein CCIE Journey CIsco Routing & Switching Switching
Kommentar verfassen

1.1.c VLAN technologies

The next topic in our serie are VLAN Technologies. CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

1.1.c vi Normal range and extended range VLANs

Whenever we talk about VLANs we must understand that the amount of possible used values are limited. The VLAN Identifier field (VID) offers 12 bit space within a frame to be tagged with a specific VLAN. The maximal amount of values within 12 bit is 4096.

That means that we can choose VLANs between 1 – 4094 Depending of the model used they may be some reserved IDs for internal use within the switch system. Why not 0 and 4095? 0x000 and 0xFFF are reserved for other purposes.

The normal range VLANs are 1-1005. Starting with 1006 and ending in 4094 inclusive, these VLANs are called extended range VLANs. Under Cisco the extended range can only be used, if we enable VTP.

Can I use all of them?

The answer is no, there are some reservations. Depending on the model you are currently using it is possible that there are more VLANs reserved for internal purposes. As an example on a Nexus 9k switch the system reserves a block of 128 VLANs between 3968-4092. The IDs 4093 – 4095 are reserved for other purposes. The block mentioned before can be changed by issuing the command ’system vlan 500 reserve‘, is is gonna reserve vlan 500 – 627 instead of the oters mentioned aboved.

1.1.c v VLAN database

Allgemein CCIE Journey CIsco Home Routing & Switching Switching
Kommentar verfassen

1.1.b ii UDLD

The fifth post in this serie about CCIE EI. CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

Mostly of the time features are being developed in order to solve a problem. This is also the case for UDLD.

What happens if in a triangle topology with three switches interconnected by a fiber cable one of the forwarding ports stop sending BPDUs to its neighbor? Well, the answer is pretty simple the switch that stop receiving information will eventually goes from blocking to forwarding causing an inintentionally loop.

Unidirectional Link Detection (or UDLD) is a layer-2 protocol that help us to prevent undesired unidirectional communication over a link. The way this protocol works is simple, it sends probes to a wellknown MAC-Address (01:00:0C:CC:CC:CC), for discovery purposes, across Tx link, containing it own device information and port-id, and waits for an echo on the Rx link. Is this the case, then the switch suspect that something is wrong with this link. A prequisite for this feature is that both end of the media shared supports UDLD functionallity.

Two modes

Allgemein CCIE Journey CIsco Home Routing & Switching Switching
Kommentar verfassen

1.1.b i CDP, LLDP

fourth post in this serie. CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

Which problems do these features solved?

These two features help on one side to extend the visibility of the the network topology, their sharing media and capabilities of its members by exchanging information on the control plane.

On the other side both protocols help devices to obtain vital information about the way they have to work, like VoIP phones obtaining the VLAN-ID they need to use in order to communicate.

CDP

It is a Cisco propieatary layer-2 protocol that allows to exchange information about neighbors sharing a media and their capabilities. A simple CDP Frame can contain a lot of useful information for a network administrator. This feature is enabled globally by default and can be disabled and be enabled on port basis.

Since CDP is by default on, we can it disabled it globally or on a specific interface.

Switch(config)#int e0/1
Switch(config-if)#no cdp enable
Switch(config-if)#

Console output

By issuing the following to commands we can see information about the global CDP settings and the neighbors on that switch.

Switch#show cdp
Global CDP information:
        Sending CDP packets every 60 seconds
        Sending a holdtime value of 180 seconds
        Sending CDPv2 advertisements is  enabled
Switch#
Switch#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Switch           Eth 0/0           159             R S I  Linux Uni Eth 0/0
Switch           Eth 0/1           144             R S I  Linux Uni Eth 0/0

Total cdp entries displayed : 2
Switch#

Lets have a deeper look into the CDP frame captured by wireshark on a test switch.

Allgemein CCIE Journey CIsco Home Routing & Switching Switching
Kommentar verfassen

1.1.a iii L2 MTU vs. L3 MTU

Third post in this serie. Based on CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com)

When we talk about Maximum Transmission Unit, MTU for short, we talk about two different types of values. The one defining the largest size in bytes for frames traveling through an interface and the second the biggest IP packet that an interface can handle before fragmentation.

The standard MTU value for L3 packets is 1500 bytes, whereas the standard size for MTU L2 frames is 1514 (1518 if we consider dot1q-tagging).

Nowdays normally we would see something like this in our networks travelling around:

  • 1460 bytes of payload for TCP.
  • 20 bytes for the TCP header.
  • 20 bytes for the IP header.
  • 14 bytes for the Ethernet header.

Additional headers

Allgemein CCIE Journey CIsco Home Routing & Switching Switching
Kommentar verfassen

1.1.a ii Errdisable recovery

This is my second post for CCIE Enterprise Study

Whenever a switch discovers an error condition on a port, it will automatically disable the port. In this state the port is basically shut down and there is no traffic passing through the interface neither Rx nor Tx.

How to recognize it? by issuing the command „show interface Gi0/1“ you will see the port in „err-disabled“ state. If you are not in front of the CLI you may also be able to recognize it by looking at the LED on the interface… it should be orange. In case you are in front of the CLI while a port goes down due an error condition, you will see a message appearing with a description why the port went down. You can also have a look later by looking into the logs (show logging).

Very important to mention here is, that an error is not necessary a permanent issue, it can be also be temporary like a flapping link, or an user plugging in a wrong device on the port. It would be very bad if the port remains down, imagine the uplink to a management switch, in a remote branch far away, going err-disabled only because of a misconfiguration of the port by enabling „BPDU Guard“. You will lose management access to all devices connected to this switch. To avoid this issue Cisco switches provide a feature called „errdisabled recovery“, which will re-enable the interface after 300 seconds (configurable value) it went down in order to see if the issue has been resolved or not. This function needs to be enabled for different cases.

First of all let us see the situations where a port will go into err-disabled state.

Allgemein CCIE Journey CIsco Home Routing & Switching Switching
Kommentar verfassen

1.1.a i Managing MAC-Address Table

This is my first post in this serie/category. I will try to work every single point on the official CCIE Enterprise Blueprint in order to learn on first place for the exam and in second place to become a better engineer. I am also happy to share information with other people.

The official blueprint can be found on the official Cisco website CCIE+Enterprise+Infrastructure+(v1.0+RevA)+Exam+Topics.pdf (cisco.com).

The first topic is regarding how to manage the MAC-Address Table. Before we start managing the MAC-Address Table we will need to understand how MAC-Addresses are being added to the table.

For efficiently delivery of frames, a switch mantains an internal table where it associates a media access control (MAC) address to a port and a vlan or interface. How is this table feeded? Whenever a switch receives a frame it takes note about the port where the frame arrived and the source MAC-Address of it. The switch uses the information stored in the table to forward the frame to the correct port. If the destination MAC-Address is not present in the table, the switch will flood this single frame to all the ports on the switch except the one where the original frame came from. So the game starts again, at some point the machine representing the destination MAC-Address will answer to the request and at soons the frame arrives to the switch, it will take note of the MAC-Address and its port. Next time, whenenver another host on that switch will need to send a frame to the same MAC-Address the switch wont need to flood the frame in all directions, because it will use first the entry located in the MAC-Address table.

The table can be displayed by issuing the following command on the CLI.

SW1#show mac address-table
Mac Address Table

Vlan Mac Address Type Ports
---- ----------- -------- -----
1 aabb.cc00.0200 DYNAMIC Et0/2
1 aabb.cc00.0300 DYNAMIC Et0/1
1 aabb.cc00.0400 DYNAMIC Et0/0
Total Mac Addresses for this criterion: 3
SW1#
Allgemein CCIE Journey CIsco Home Routing & Switching Switching
Kommentar verfassen

Eliminating Spanning-tree with FabricPath (MAC-in-MAC Routing)

Hello everyone out there. It’s me again.

For more than 30 years the Spanning-Tree Protocol accompanied us through thick and thin along the datacenters. Network requirements also increased together with business requirements, and they become very high. So high that a loss of connectivity of a few seconds (due Spanning-Tree convergence) may have a huge impact in the productivity of our environment. We also should not forget about the ports in blocking state becomming an unused port of bandwidth within the network.

This is how Spanning-Tree helped us to solve many of the problems we had in the network.

In the picture below you can see 15 links accross the network. But only five are being used, the rest of the links will be in blocking state at one end of the connection.

Therefore a few new drafts (Around 2010) has been increated in order to overcome this difficulties. One of them is FabricPath.

Some of the befenits of FP:

  • ECMP
  • No bandwidth restrictions due a sub-optimal path
  • more granular traffic engineering
Allgemein CCIE Journey Design Home Routing Routing & Switching Switching