Showing posts with label Layer-2. Show all posts
Showing posts with label Layer-2. Show all posts

Virtual Switching System - VSS

on Thursday, April 11 11 April , in , 4 Comments



Few Points to remember:

  • In Simple terms, VSS is to combine multiple Cisco Catalyst switches into one virtual Switch.
  • The data plane of both clustered switches is active at the same time in both chassis.
  • For Control plane only one switch will be active and other will be standby.
  • In VSS, If one Chassis fails, the other one will take overwithout any downtime.
  • It eliminates STP.
  • This is supported both in Catalyst 6500 and 4500 series switches.
  • Need to make sure that peer VSS switch needs to be same hardware and software version..


Click here to know the Hardware requirements

Below Diagram shows the traditional method (Without VSS):
Here we are running PVSTP and HSRP on both the Layer3 switches, where traffic is load balanced.
Example: Vlan10, Switch1 is Root bridge and all traffic is sent to switch1.
after which Switch1 is Active for HSRP vlan:10, it will route accordingly









We use VSL(dedicated 10Gig links)  is an Ether Channel interface which connects between the chassis.
This will transfer both data and control traffic.
This Link is responsible for Statefull switchover without any downtime.


Switch-1 Virtual Domain and Port Channel Configuration:

Switch-1(config)#switch virtual domain 100 --->The switch virtual domain number should be unique 
Switch-1(config-vs-domain)#switch 1
Switch-1(config-vs-domain)#exit
Switch-1(config)#interface port-channel 10
Switch-1(config-if)#switchport
Switch-1(config-if)#switch virtual link 1
Switch-1(config-if)#no shutdown
Switch-1(config-if)#exit
Configure Virtual Switch Link:
Switch-1(config)#interface range tenGigabitEthernet 1/1-2 ------>these links connects to Switch2
Switch-1(config-if)#channel-group 10 mode on
Switch-1(config-if)#no shutdown
Switch-1(config-if)#channel-group 10 mode on
WARNING: Interface TenGigabitEthernet1/1,2 placed in restricted config mode. All extraneous configs removed!
Switch-1(config)#exit
Switch-1#switch convert mode virtual ---->Execute the command, but do not reload until VSS configuration is completed on Switch 2

Switch 2 Virtual Domain and Port Channel Configuration:

Switch-2(config)#switch virtual domain 100
Switch-2(config-vs-domain)#switch 2
Switch-2(config-vs-domain)#exit
Switch-2(config)#interface port-channel 20
Switch-2(config-if)#switchport
Switch-2(config-if)#switch virtual link 2
Switch-2(config-if)#no shutdown
Switch-2(config-if)#exit
Configure Virtual Switch Link:
Switch-2(config)#interface range tenGigabitEthernet 1/1-2
Switch-2(config-if)#channel-group 20 mode on
Switch-2(config-if)#no shutdown
Switch-2(config-if)#channel-group 20 mode on
WARNING: Interface TenGigabitEthernet1/1,2 placed in restricted config mode. All extraneous configs removed!
Switch-2(config)#exit
Switch-2#switch convert mode virtual

At this point, console into Switch-1 . You will be prompted to save the work and confirm the switch reboot. Do the same for Switch-2.

After the reboot, verify the VSS configuration:


After the VSS configuration and restart, both switches start to function as one. One switch is designated as the Active and the other as the Standby switch

Switch-1#sh switch virtual

Executing the command on VSS member switch role = VSS Active, id = 1

Switch mode : Virtual Switch
Virtual switch domain number : 100
Local switch number : 1
Local switch operational role: Virtual Switch Active
Peer switch number : 2
Peer switch operational role : Virtual Switch Standby

Executing the command on VSS member switch role = VSS Standby, id = 2

Switch mode : Virtual Switch
Virtual switch domain number : 100
Local switch number : 2
Local switch operational role: Virtual Switch Standby
Peer switch number : 1
Peer switch operational role : Virtual Switch Active
Switch-1#

Commands:
redundancy reload shelf  --->to reload the switch after enter it asks whether switch 1 or switch 2 to be reloaded.
redundancy force-switchover ----->switchover from active to passove viceversa.
show run switch 1---> will show the part of the config that is specific to switch 1.
show run switch 2---> will show the part of the config that is specific to switch 2.
show switch virtual--->to verify status of VSS
mac-address-table synchronize--->this is by default turned on. else enable it
show redundancy---->to see redundancy
redundancy, mode sso--->make sure redundancy mode is SSO
If we need standby console then issue below command from active switch
SwitchVSS#(config)#redundancy
SwitchVSS#(config-red)#main-cpu
SwitchVSS#(config-r-mc)#standby console enable

CSMA/CD (Carrier Sense Multiple Access/Collision Detection)

on Monday, May 21 21 May , in , 0 Comments

The first Ethernet standards were 10Base5 and 10Base2.
Initially there were no hubs, switches.
the only things which is there is coaxial cable and the Computers NIC card.
all are connected in a shared bus topology.

++If one host send data--no problem.
++If two hosts sent data--Collision will Occur.
===>to over come these collisions we use CSMA/CD

CSMA/CD:-
it is Rules that all PC has to listen.

Rule1)Computer has to listen to Ethernet if any hosts are sending any frame, if no one then it will send
Rule2)After sending the frame also it will still continiously listen if there is any collisions.
Rule3)If collision heard, Both senders send JAM signals to all Hosts telling not to send any packets.
and a BACKOFF algorithm is calculated
backoff algorithm:- telling other computers not to transmit new data for a random amount of time..
When BACKOFF TIMER is expired then it willl again send the data.process is  REPEATED...


REASON FOR MINIMUM ETHERNET HEADER:-
DMAC + SMAC + EtherType + Payload + CRC 
 6   +  6   +     2     +    46   +  4  = 64
++The reason for minimum length because of collision-detect mechanism.
Reason:-(collision-detect mechanism.)
++anything lesser than 64bytes then rex will treat it as a collision.
Example:-we don't allow bicycles on high-speed highways (national highways)
tx---sending signals ----to --->RX
basically at head of the packets it adds 0's and sends into the wire.
if the  collision occurs then how TX knows?
all Rx'ers will send JAM signal to TX, thats how TX knows there is collision happened.
so TX will receive this JAM before it actually transmits the first 64bytes...

Frames below 64bytes==RUNT

POINTS:-
++switches with full-duplex links do not perform collision detection
++Wireshark doesn't show this, wireshark will capture before padding.
++Needed 64bytes only in full duplex, as in half duplex it uses CSMA/CD.

Halfduplex and Fullduplex

21 May , in , 0 Comments

Simplex:-
One way Communication
Example:- RADIO, TV receiver, SMS, etc.


HALF DUPLEX:-
++can send and receive but not at a time.
++this was originally used on coaxial cables(10BASE5, 10Base2)
and For ethernet HUBS. because these cannot use fullduplex.
++it uses CSMA/CD method.
CSMA/CD:-
Rule1)Computer has to listen to Ethernet if any hosts are sending any frame, if no one then it will send
Rule2)After sending the frame also it will still continiously listen if there is any collisions.
Rule3)If collision heard, Both senders send JAM signals to all Hosts telling not to send any packets.
and a BACKOFF algorithm is calculated
backoff algorithm:- telling other computers not to transmit new data for a random amount of time..
When BACKOFF TIMER is expired then it willl again send the data.process is  REPEATED...

FULL DUPLEX:-
++can send and receive at same time.
++copper twisted pair used in Full duplex.
++NO need of CSMA/CD
++No COLLISION.

HUB(half)-------(full)Switch====>HALF-DUPLEX
 
T” stands for Twisted Pair.
2 and -5 which indicate Coaxial wiring with maximum ranges of 200~ and 500 meters,

100 BASE-T4:-
8 wires= 4 pairs
1st pair=TX signals
2nd pait=RX signals
remaining 2=either TX or RX to negotialte which wire to use TX and RX

100 BASE-TX:- commonly used for Fast ethernet.
8 wires= 4 pairs
1st pair=TX signals 
2nd pait=RX signals 
remaining 2=UNUSED

1000 BASE-TX:- commonly used for Fast ethernet.
8 wires= 4 pairs
2 pairs=TX signals 
2 pairs=RX signals 

FOR MDI-NIC CARDS(Media dependent interface)
---------------------------------------------
uses opposite
PC1_TX(pin 1&2)
PC1_RX(pin 3&6)

Vlan- TAG and UNTAGG All you need to know

21 May , in , 0 Comments

Tagged




Native Vlan(UNTAGGED)
NORMAL TRUNK:
===========

NATIVE VLAN:
=========

From router=Untagged frame====================18 Bytes
From PC=Untagged frame=======================0 Bytes


TRUNK==ALWAYS TAGGS
access ports will always untagg the packets
asoon as a accessport receives a pakcet then it will untagg and sends it to other access port



Trunk ports are always tagged



============================================== 
R2 trying to communicate with R1





Private-Vlan (PVLAN)

21 May , in , 0 Comments

Hosts(SWITCH)promiscuous

PRIMARY VLAN:-
-----------------
1)Promiscuous:-
this is associated to Internet facing
Hosts-------to----> promiscuous  ===> WORK
promiscuous---to--->Host          ===> WORK

2)HOST:-
(a)ISOLATED:- in isolated we can only talk to ourselfs

ISOLATED VLAN 10 --to--->ISOLATED VLAN 10 ===> DOESN'T WORKS
ISOLATED VLAN --to--->Promiscuous VLAN===>WORKS

(b)COMMUNITY:-in community we can talk to everyone
COMMUNITY VLAN 10 --to--->COMMUNITY VLAN 10 ===>WORKS
COMMUNITY VLAN 10 --to--->COMMUNITY VLAN 20 ===> DOESN'T WORKS
COMMUNITY VLAN --to--->Promiscuous VLAN===>WORKS


configuration:-
Primary VLAN=10

#int range f0/1-3 , f0/22 , f0/5 , f0/24 , f0/20
sw mode acc 
sw acc vlan 10

(a)configure community and isolated vlans:-
#vlan 10
     private-vlan primary
#vlan 100
     private-vlan community
#vlan 200
     private-vlan community
#vlan 500
     private-vlan isolated

vlan 10
     private-vlan association add 100,200,500

(b)configure promiscuous vlans:-
int f0/20
     sw mode private-vlan promiscous 
     sw private-vlan association mapping 10 100,200,500
     (sw private-vlan association mapping <primary vlan> <secondary vlan>)

(a)configure community and isolated vlans to its interfaces:-
int range f1/1-2
     sw mode private-vlan host
     sw private-vlan host-association 10 100 
     (sw private-vlan host-association <primary vlan> <secondary vlan>)

int range  f1/3 , f0/22
     sw mode private-vlan host
     sw private-vlan host-association 10 500
     (sw private-vlan host-association <primary vlan> <secondary vlan>)

EtherChannel

21 May , in , 0 Comments

Etherchannel:-
++increases BW load balances traffic overall all links
++upto 8 links can be used
++can use L3 and L2
++Two negotiation protocols i.e; Pagp and LACP

PAGP(port agg protocol):-
++cisco proprietary
++port modes= AUTO,DESIRABLE,ON
Auto:-doest not initiate negotiation. but responds to pagp packets.
Desirable:-initiates negotiation and responds.
ON:-no negotiation, other end should also be in ON mode.

LACP(Link agg protocol):-
++can used for other vendor
++port modes= ACTIVE,PASSIVE,ON
Active:-initiates negotiation and resoponds.
Passive:-does not initiate negotiation. but responds to pagp packets.
ON:-no negotiation, other end should also be in ON mode.

STP-Full

21 May , in , 0 Comments

Root Bridge Election Process:
++Hello BPDU
Each BPDU carries
1.Root Bridge ID
2.Cost to the Root Bridge(cost between this switch and the current root)

#show spanning-tree VLAN 10:-


NOTE:-BY default Cisco IOS runs PVST+. That means your switch will run the STP instance for each VLANs

Bridge Identifier= (Bridge Priority + MAC address)  MAC add=mac address of the switch you are on.
                             Bridge Priority=(switch Priority+ Extended system Id) (32768+10) ==32778 lowest priority is Preferred as ROOT
                                                 switch priority= it should be increments of 4096
% Allowed values are:
0 4096 8192 12288 16384 20480 24576 28672
32768 36864 40960 45056 49152 53248 57344 61440


ROOT Identifier=same as above (Bridge Priority + MAC address)  MAC add=mac address of the ROOT Switch.
If the bridge ID and root ID are the same then you are on the root bridge for that vlan.

SW2#spanning-tree vlan 10 Priority 4096
SW1(BP=32768)------SW2(BP=4096)
SW2=ROOT

STP TIMERS:-
Hello time:-2sec, sends hello every 2sec
MAX age:-10*(hellotime)=20sec
Forward delay Time:- (15sec)(listening=15,lerning=15)
If a LINK/PORT IS DOWN or if it receiving a NEW BPDU packets then ELECTION HAPPEN like below.

STP Logs without Backbone fast:-
*Mar  1 02:24:30.557: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:32.402: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:34.407: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:36.412: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:38.417: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:40.422: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:42.427: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:44.440: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:46.436: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:48.441: STP: VLAN0001 heard root 32769-0012.0100.4d00 on Gi1/0/1
*Mar  1 02:24:48.550: STP: VLAN0001 Gi1/0/1 -> listening
*Mar  1 02:24:49.599: STP: VLAN0001 Topology Change rcvd on Gi1/0/1
*Mar  1 02:24:49.599: STP: VLAN0001 sent Topology Change Notice on Gi1/0/2
*Mar  1 02:25:03.558: STP: VLAN0001 Gi1/0/1 -> learning
*Mar  1 02:25:18.565: STP: VLAN0001 sent Topology Change Notice on Gi1/0/2
*Mar  1 02:25:18.565: STP: VLAN0001 Gi1/0/1 –> forwarding
TOTAL TIME=20+15+15=50SEC
MAX AGE(20)+FORWARD DELAY(30)

STP Logs with Backbone fast:- In backbonefast it bypasses Maxage(20sec) Time.
*Mar  1 03:20:32.795: STP: VLAN0001 heard root 32769-000d.2818.af00 on Fa1/0/2
*Mar  1 03:20:32.795: STP: VLAN0001 Fa1/0/2 -> listening
*Mar  1 03:20:33.801: STP: VLAN0001 Topology Change rcvd on Fa1/0/2
*Mar  1 03:20:33.801: STP: VLAN0001 sent Topology Change Notice on Fa1/0/40
*Mar  1 03:20:47.802: STP: VLAN0001 Fa1/0/2 -> learning
*Mar  1 03:21:02.809: STP: VLAN0001 sent Topology Change Notice on Fa1/0/40
*Mar  1 03:21:02.809: STP: VLAN0001 Fa1/0/2 -> forwarding
TOTAL TIME=0+15+15=30SEC




Proxy ARP

21 May , in , 0 Comments

By default ARP cache timeout for PC=10 Minutes
By default ARP cache timeout for Router=4 Hours


ARP is a BROADCAST

ROUTER DROPS  all BROADCAST request.

if we ping to a different network always it will reach-out to its default gateway.
NO matter if proxy arp is enabled or disabled.

PROXY arp:
=======
ENABLED===>PROXY ARP
PC will think 10.1.11.1 is in same subnet and wil send a Broadcast packet to Router
Router Will now do a PROXY


DISABLED==>PROXY ARP


GARP

21 May , in , 0 Comments

1)Both source and destination IP in the packet are the IP of the host issuing the gratuitous ARP
2)The destination MAC address is the broadcast MAC address (ff:ff:ff:ff:ff:ff)
This means the packet will be flooded to all ports on a switch
    No reply is expected

Gratuitous ARP is used for some reasons:

     1)Update ARP tables after a MAC address for an IP changes (failover, new NIC, etc.)
     2)Update MAC address tables on L2 devices (switches) that a MAC address is now on a different port
     3)Send gratuitous ARP when interface goes up to notify other hosts about new MAC/IP bindings in advance so that they don't have to use ARP requests to find out

PC-----10.10.10.100(PA)


GARP request:-<-----BROADCAST


    No reply is expected
If reply comes then it means  that you have an IP address conflict in your network

GARP reply<----UNICAST

source and destination IP are both set to the IP of the machine, which is issuing the packet and the target MAC is the sender MAC.



ARP

21 May , in , 0 Comments

PALOALTO(20.128.1.1)------------------------------(20.128.1.2)PC

PC(10.10.10.5)--------------(10.10.10.100)PALOALTO

ARP size=28 BYTES
TOTAL=28+14=42 Bytes

By default ARP cache timeout for PC=10 Minutes
By default ARP cache timeout for Router=4 Hours


ARP request sent by PC=====>BROADCAST:
==============================



ARP Reply sent by PALOALTO=====UNICAST:
===============================

Subscribe to: Posts (Atom)
Powered by Blogger