Instruction/ maintenance manual of the product 42C4911 Nortel Networks
Go to page of 260
2350 Mission College Blvd. Suite 600 Santa Clara, CA 95054 ww w .bladenetwork.net Alteon OS Applica tion Guide Nor tel 10Gb Ethernet Switch Module f or IBM BladeCente r ® V ersion 1.
Alteon OS Application Guide 2 42C4911, January 2007 Copyright © 2007 Blade Network T echnologies, Inc., 2350 Mission College Blv d., Suite 600, Santa Clara, California, 95054, USA.
42C4911, January 2007 3 Co n t e n t s Preface 15 Who Should Use This Guide 15 What You’ll Find in This Guide 16 Typographic Conventions 18 How to Get Help 19 Part 1: Basic Switching 21 Chapter 1: Accessing the Switch 23 Management module setup 24 Factory-Default vs.
Alteon OS Application Guide 4 42C4911, January 2007 LDAP Authentication and Authorization 53 Secure Shell and Secure Copy 55 End User Access Control 61 Chapter 2: Port-based Network Access Control 67 Extensible Authentication Prot ocol over LAN 68 802.
Alteon OS Application Guide 5 42C4911, January 2007 Chapter 5: Spanning Tree Group 105 Overview 106 Bridge Protocol Data Units (BPDU s) 107 Determining the Path fo r Forwardi ng BPDUs 107 Spanning Tre.
Alteon OS Application Guide 6 42C4911, January 2007 Viewing ACL Statistics 131 ACL Configuration Examples 132 Using DSCP Values to Provide QoS 134 Differentiated Services Concepts 134 Using 802.
Alteon OS Application Guide 7 42C4911, January 2007 Chapter 11: Bord er Gateway Prot ocol 171 Internal Routing Versus External Routing 172 Forming BGP Peer Routers 173 What is a Route Map? 174 Incomin.
Alteon OS Application Guide 8 42C4911, January 2007 OSPF Configuration Examples 204 Example 1: Simple OSPF Domain 205 Example 2: Virtual Links 207 Example 3: Summarizing Routes 211 Verifying OSPF Conf.
Alteon OS Application Guide 9 42C4911, January 2007 Part 4: Appendices 243 Appendix A: Troubleshooting 245 Monitoring Ports 246 Port Mirroring behavior 247 Configuring Port Mirroring 251 Appendix B: R.
Alteon OS Application Guide 10 42C4911, January 2007.
42C4911, January 2007 11 Fi g u r e s Figure 1-1:Switch manage ment on the BladeCe nter management mo du le 26 Figure 1-2:BOOTP Relay Agent Configura tion 30 Figure 1-3:DHCP Relay Agent Configura tion 31 Figure 2-1:Authenticating a Port Using EAPoL 69 Figure 3-1:Default VLAN settings 81 Figure 3-2:Port-based VLAN assignment 82 Figure 3-3:802.
Alteon OS Application Guide 12 42C4911, January 2007 Figure 13-3:Two trunks, one Failover Trigge r 222 Figure 13-4:A Non-VRRP, Hot-Standby Config ura tion 227 Figure 13-5:Active-Active Redundancy 228 .
42C4911, January 2007 13 Ta b l e s Table 1-1: GbESM IP addresses, based on switch-module ba y numbers 24 Table 1-2: Use r Acces s Levels 47 Table 1-3: Alteon OS-proprieta ry Attributes for RADIUS 47 Table 1-4: Default TACACS+ Authorization Levels 49 Table 1-5: Alternate TACACS+ Authorization Levels 49 Table 4-1: Actor vs.
Alteon OS Application Guide 14 42C4911, January 2007.
42C4911, January 2007 15 Pref a ce The Alteon OS Applica tion Guid e describes how to co nfigure and use the A lteon OS software on the 10Gb Ethernet Switch Module for IBM Bl adeCenter . For documentation on installing the switch physically , see the Installation Guide for your GbE Swit ch M odul e (GbESM).
Alteon OS Application Guide 16 Preface 42C4911, January 2007 What Y ou’ll Find i n Th is G u i de This guide will help you plan, implement, and admin ister Alteon OS software. Where possible, each section provides feature overviews, usage examples, and configuration instructions.
Alteon OS Application Guide Preface 17 42C4911, January 2007 Chapter 1 1, “Border Gateway Protocol,” describes BGP concepts and BGP features sup- ported in Alteon O S. Chapter 12, “OSPF,” describes OSPF concepts, how OSPF i s implemented in Alteon OS, and examples of how to configure your switch for OSPF support.
Alteon OS Application Guide 18 Preface 42C4911, January 2007 T ypographic C onv entions The following table describes th e typog raphic styles used in this book. T able 1 T ypographic Conventions Ty p e f a c e o r Sym b ol Meaning Example AaBbCc123 This type is used for names of commands, files, and directories used within the te xt.
Alteon OS Application Guide Preface 19 42C4911, January 2007 How to Get Help If you need help, service, or technical assistance, see the "Getting help and technical assistance" appendix in the No rtel 10Gb Ethernet Switch Module for IBM BladeCenter Installation Guid e .
Alteon OS Application Guide 20 Preface 42C4911, January 2007.
42C4911, January 2007 P ar t 1: Basic S witching This section discusses basic switching function s. This includes how to access and manage the switch: Accessing the switch Port-Based Network A.
Alteon OS Application Guide 22 42C4911, January 2007.
42C4911, January 2007 23 C HAPTER 1 A c ce ssing the S witch The Alteon OS software provides means for accessing, configuring, an d viewing information and statistics about the GbE Switch Module.
Alteon OS Application Guide 24 Chapter 1: Accessing the Switch 42C4911, January 2007 Management module setup The BladeCenter GbE Switch Module is an inte gral subsystem within the overall BladeCenter system. The BladeCenter chassis includes a ma nagement module as th e central element for overall chassis management and control .
Alteon OS Application Guide Chapter 1: Accessing the Switch 25 42 C4911, Januar y 2007 N OTE – Before you install the GbESM in Bay 8 or Bay 10, confirm that your blade I/O Expansion adapter supports communicatio n to these I/O bays.
Alteon OS Application Guide 26 Chapter 1: Accessing the Switch 42C4911, January 2007 Figure 1- 1 Switch management on the BladeCenter managemen t mo dule 4. Y ou can use the default IP addr esses pr ovided by the management module, or you can assign a new IP address to the switch modu le through the management mod u le.
Alteon OS Application Guide Chapter 1: Accessing the Switch 27 42 C4911, Januar y 2007 The default value is Disabled for both features. If these f eatures are not already enabled, change the value to Enabled , then Save .
Alteon OS Application Guide 28 Chapter 1: Accessing the Switch 42C4911, January 2007 External management por t setup In addition to the internal management ports (MG T 1 and MG T2), th e 10Gb Ethernet Switch Module (GbESM) also has an extern al management port (EXT7) to support out-of-band management traffic.
Alteon OS Application Guide Chapter 1: Accessing the Switch 29 42 C4911, Januar y 2007 Us i n g T e l n et Use the management module to access the Gb E Switch Module through T elnet. Choose I/O Module T asks > Configuration from the navigation pane on the left.
Alteon OS Application Guide 30 Chapter 1: Accessing the Switch 42C4911, January 2007 Figure 1-2 shows a basic BOOTP network example. Figure 1-2 BOOTP Relay Agent Configuration The use of two servers provide failover redundancy . The client req uest is forwarded to both BOOTP servers configured on the switch.
Alteon OS Application Guide Chapter 1: Accessing the Switch 31 42 C4911, Januar y 2007 DHCP Relay A gent DHCP is described in RFC 2131, and the DHCP relay agent supp orted on the GbESM is described in RFC 1542. DHCP uses UDP as its tr ansport protocol.
Alteon OS Application Guide 32 Chapter 1: Accessing the Switch 42C4911, January 2007 In GbESM implementation, there is no need for primary or s econdary servers. The client request is forwarded to the BO OTP servers configured on the switch. The use of t wo servers provide failover redundancy .
Alteon OS Application Guide Chapter 1: Accessing the Switch 33 42 C4911, Januar y 2007 U sing the Brow ser-Based Inter fac e Use the management module to access the GbE Switch Module through a W eb session. Choose I/O Module T asks > Configuration from the navigation pane on the left.
Alteon OS Application Guide 34 Chapter 1: Accessing the Switch 42C4911, January 2007 Accessing the BBI via HTTPS requires that you ge nerate a certificate to be used during the key exchange.
Alteon OS Application Guide Chapter 1: Accessing the Switch 35 42 C4911, Januar y 2007 Switch Ports – configu re each of the physical ports on the switch. Port-Based Port Mirroring – configure port mirroring and mirror port. Layer 2 – Configure Quality of Service (QoS) features for the switch.
Alteon OS Application Guide 36 Chapter 1: Accessing the Switch 42C4911, January 2007 U sing SNMP Alteon OS provides SNMP v 1.0 and SNMP v3.0 support for access through any network man- agement software, such as IB M Director or HP-OpenV iew . SNMP v1.
Alteon OS Application Guide Chapter 1: Accessing the Switch 37 42 C4911, Januar y 2007 For more information on SNMP MIBs and the commands used to configu re SN MP on the switch, see the Alteon OS Comma nd Refer ence . Default configuration Alteon OS has two SNMP v3 users by default.
Alteon OS Application Guide 38 Chapter 1: Accessing the Switch 42C4911, January 2007 3. Assign the user to the user group. Use the gr oup table to link the user to a particular access group. If you want to allow user access only to certa in MIBs, see the 'V iew based Configuration' sec- tion.
Alteon OS Application Guide Chapter 1: Accessing the Switch 39 42 C4911, Januar y 2007 CLI oper equiva lent C onfiguring SNMP T rap Hosts SNMPv1 trap host 1. Configure a user wit h no authentication and password. 2. Configure an access gr oup an d group table entries for the user .
Alteon OS Application Guide 40 Chapter 1: Accessing the Switch 42C4911, January 2007 In the example below the user will r eceive the traps sent by the switch . 3. Configure an entry in the notify table. 4. Specify the IP address and other trap para meters in the targetAddr and targetParam tables.
Alteon OS Application Guide Chapter 1: Accessing the Switch 41 42 C4911, Januar y 2007 SNMPv2 trap host configuration The SNMPv2 trap host configuration is simi lar to the SNMPv1 trap host configuration . Wherever you specify the model, use snmpv2 instead of snmpv1 .
Alteon OS Application Guide 42 Chapter 1: Accessing the Switch 42C4911, January 2007 The following example shows how to configu re a SNMPv3 user v3trap with authentication only: /c/sys/ssnmp/snmpv.
Alteon OS Application Guide Chapter 1: Accessing the Switch 43 42 C4911, Januar y 2007 Securing Ac c ess to the S witch Secure switch managem ent is needed for environm ents that perfo rm significant manag ement functions across the Internet.
Alteon OS Application Guide 44 Chapter 1: Accessing the Switch 42C4911, January 2007 RADIUS Authentica tion and A uthorization Alteon OS supports the RADIUS (Remote Authentication Dial -in User Service) method to authenticate and authorize remo te administrators for managing the switch.
Alteon OS Application Guide Chapter 1: Accessing the Switch 45 42 C4911, Januar y 2007 1. T urn RADIUS authentication on, then configure the Pr imary and Secondary RADIUS servers. 2. Configure the RADIUS secr et. 3. If desired, you may change the default UDP port nu m ber used to list en to RADIUS.
Alteon OS Application Guide 46 Chapter 1: Accessing the Switch 42C4911, January 2007 RADIUS Authentication F eat ures in Alteo n OS Alteon OS supports the following RADIU S aut henti catio n features: Supports RADIUS client on the switch, ba sed on the protocol definitions in RFC 2138 and RFC 2866.
Alteon OS Application Guide Chapter 1: Accessing the Switch 47 42 C4911, Januar y 2007 Switch User Acco unt s The user accounts listed in T able 1 -2 can be defined in the RADIUS server dictionary file.
Alteon OS Application Guide 48 Chapter 1: Accessing the Switch 42C4911, January 2007 T ACA CS+ Authen tication Alteon OS supports authentication and authorization wi th netw orks using the Cisco Systems T ACACS+ protocol.
Alteon OS Application Guide Chapter 1: Accessing the Switch 49 42 C4911, Januar y 2007 Authorization Authorization is the action of determ inin g a user ’ s privileges on the devi ce, and usual ly tak es place after authentication.
Alteon OS Application Guide 50 Chapter 1: Accessing the Switch 42C4911, January 2007 Acc ounting Accounting is the action of recording a user's act ivities on the device for the purposes of billing and/or security . It follows th e authentication and au thorization actions.
Alteon OS Application Guide Chapter 1: Accessing the Switch 51 42 C4911, Januar y 2007 The following rules apply to T ACA CS+ command authorization and logg ing : Only commands from a Console, T elnet, or SSH connectio n are sent for au thorization and logging.
Alteon OS Application Guide 52 Chapter 1: Accessing the Switch 42C4911, January 2007 Configuring T ACACS+ A uthen tication on the Switch 1. T urn T ACACS+ authentication on, then configure the Primary and Secondary T ACACS+ servers. 2. Configure the T ACACS+ secr et and second secr et.
Alteon OS Application Guide Chapter 1: Accessing the Switch 53 42 C4911, Januar y 2007 LDAP A uthentica tion and A uthorization Alteon OS supports the LDAP (Lightweig ht Directory Access Protocol) method to authenti- cate and authorize remote admini strators to manage the sw itch.
Alteon OS Application Guide 54 Chapter 1: Accessing the Switch 42C4911, January 2007 Configuring LD AP Authentication on the S witch 1. T urn LDAP authentication on, then configure the Primary an d Secondary LDAP servers. 2. Configure the domain name.
Alteon OS Application Guide Chapter 1: Accessing the Switch 55 42 C4911, Januar y 2007 Secure Shell and Secure C opy Secure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encrypt and secure messages between a remote administrator and the switch.
Alteon OS Application Guide 56 Chapter 1: Accessing the Switch 42C4911, January 2007 Configuring SSH/SCP f eatures on the switch Before you can use SSH comman ds, use the follo wing commands to turn on SSH/SCP . SSH and SCP are disabled by default.
Alteon OS Application Guide Chapter 1: Accessing the Switch 57 42 C4911, Januar y 2007 Configuring the SCP A dministrator P assword T o configure the scpadm (SCP Administrator) password, fi rst connect to the switch via the serial console port.
Alteon OS Application Guide 58 Chapter 1: Accessing the Switch 42C4911, January 2007 T o upload the configuration to the switch: Syntax: Example: T o apply and save the configuration The ap ply an.
Alteon OS Application Guide Chapter 1: Accessing the Switch 59 42 C4911, Januar y 2007 Generating RSA Host and Ser ver Keys for SSH Acc ess T o supp ort the SSH server feature, tw o sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the GbE Switch Module.
Alteon OS Application Guide 60 Chapter 1: Accessing the Switch 42C4911, January 2007 SSH/SCP Integration with Radius Authentication SSH/SCP is integrated wi th RA DIUS authentication .
Alteon OS Application Guide Chapter 1: Accessing the Switch 61 42 C4911, Januar y 2007 An SCP-only administrator ’ s password is typi cally used when SecurI D is used. For exam- ple, it can be used in an automation program (in which the tokens of SecurID are not avail- able) to back up (download) the switch configur ations each day .
Alteon OS Application Guide 62 Chapter 1: Accessing the Switch 42C4911, January 2007 Strong P asswords The administrator can require use of Strong Pa sswords for users to access the G bESM. Strong Passwords enhance security because they make password guessing more dif ficult.
Alteon OS Application Guide Chapter 1: Accessing the Switch 63 42 C4911, Januar y 2007 Defining User Names and Passwords Use the User ID menu to define user names and passwords. Defining a User ’ s Ac cess L evel The end user is by default assigned to the user access level (also known as class of s ervice, or CoS).
Alteon OS Application Guide 64 Chapter 1: Accessing the Switch 42C4911, January 2007 Listing Curr ent Users The cur command displays defined user accounts an d whether or not each user is currently logged into the switch.
Alteon OS Application Guide Chapter 1: Accessing the Switch 65 42 C4911, Januar y 2007.
Alteon OS Application Guide 66 Chapter 1: Accessing the Switch 42C4911, January 2007.
42C4911, January 2007 67 C HAPTER 2 P or t-based Netw ork A cc ess C ontrol Port-Based Network Access cont rol provides a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connectio n characteristics. It prevents access to ports that fail authentica tion and authoriza tion.
Alteon OS Application Guide 68 Chapter 2: Port-based Networ k Access Control 42C4911, January 2007 Extensible Authentication P rot ocol o v er LAN Alteon OS can provide user-level security for its ports using the IEEE 802.1x protocol, which is a more secure alternative to other method s of port-based network access control.
Alteon OS Application Guide Chapter 2: Port-based Network Access Control 69 42C4911, January 2007 802.1x Authentica tion Process The clients and authenticators communicate using Extensible Authen tication Protocol (EA P), which was originally designed to run over PP P , and for which the IEEE 802.
Alteon OS Application Guide 70 Chapter 2: Port-based Networ k Access Control 42C4911, January 2007 EAP oL Message Exchange During authentication, EAPOL messages are exchanged be tween the client and the GbESM authenticator , while RADIUS-EAP messages are exchanged between the GbESM authentica- tor and the RADIUS server .
Alteon OS Application Guide Chapter 2: Port-based Network Access Control 71 42C4911, January 2007 802.1x P or t States The state of the port determines whether the client is granted access to the network, as follows: Unauthorized While in this state the port discards all ingress and egress traf fic except EAP packets.
Alteon OS Application Guide 72 Chapter 2: Port-based Networ k Access Control 42C4911, January 2007 Suppor ted RA DIUS A ttributes The Alteon 802.1x Authenticat or rel ies on external RADIUS servers for authentication with EAP .
Alteon OS Application Guide Chapter 2: Port-based Network Access Control 73 42C4911, January 2007 C onfiguration Guidelines When configuring EAPoL, consid er the following guidelines: The 802.
Alteon OS Application Guide 74 Chapter 2: Port-based Networ k Access Control 42C4911, January 2007.
42C4911, January 2007 75 C HAPTER 3 VLANs This chapter describes network design and topol o gy considerations for using V i r tu al L o ca l A re a Ne tw or k s (V L AN s) .
Alteon OS Application Guide 76 Chapter 3: VLANs 42C4911, January 2007 Ov ervie w Setting up virt ual LANs (VLANs) i s a way to segment n etworks to increase ne twork flexibility without changing the physical network topology . W ith network segmentation, each switch port connects to a segment that is a single broadcast domain.
Alteon OS Application Guide Chapter 3: VLANs 77 42C4911, January 2007 VLANs and P or t VL AN ID Numb ers VLAN Numbers Alteon OS supports up to 1024 VLANs per switch. Even though th e maximum number of VLANs supported at any gi ven time is 1024, each can be identified with any number between 1 and 4095.
Alteon OS Application Guide 78 Chapter 3: VLANs 42C4911, January 2007 Viewing and C onfiguring PVIDs Use the following CLI commands to view PVIDs: Port info rmation: N OTE – The sample screens that appear in this document mi ght differ slightly from t he screens displayed by your system.
Alteon OS Application Guide Chapter 3: VLANs 79 42C4911, January 2007 Each port on the switch can belong to one or more VLANs, and each VLAN can have any number of switch ports in its me mbership. Any po rt that belongs to multiple VLANs, however, must have VLAN tagging enabled (see “VLAN T aggin g” on page 80 ).
Alteon OS Application Guide 80 Chapter 3: VLANs 42C4911, January 2007 VLAN T aggi ng Alteon OS software supports 802.1 Q VLAN tagging, providin g standards-based VLAN sup- port for Ethernet systems. T agging places the VLAN identifi er in the frame header of a packet, allowing each port to belong to multiple VLANs.
Alteon OS Application Guide Chapter 3: VLANs 81 42C4911, January 2007 Figure 3-1 Default VLAN settings N OTE – The port numbers specified in these illustrations may not directly correspond to th e physical port configuration of your switch model.
Alteon OS Application Guide 82 Chapter 3: VLANs 42C4911, January 2007 N OTE – The port assignments in the following figures are not meant to match the GbE Switch Module.
Alteon OS Application Guide Chapter 3: VLANs 83 42C4911, January 2007 In Figure 3-4 , tagged incoming packets are assigned di rectly to VLAN 2 because of the tag assignment in the packet. Po rt 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2.
Alteon OS Application Guide 84 Chapter 3: VLANs 42C4911, January 2007 VLAN T opologies and Design C onsiderat ions By default, the Alteon OS software is configured so that tagging is disabled on all external ports and all internal ports. By default, the Alteon OS software is configur ed so that all internal ports are members of VLAN 1.
Alteon OS Application Guide Chapter 3: VLANs 85 42C4911, January 2007 Example 1: Multiple VLANs with T agging Adapters Figure 3-6 Example 1: Multiple VLANs with VL AN-T agged Gigabit Adapters The .
Alteon OS Application Guide 86 Chapter 3: VLANs 42C4911, January 2007 N OTE – VLAN tagging is required only on ports that are connected to other GbE Switch Modules or on ports that conn ect to tag-capable end-stations , such as servers with VLAN- tagging adapters.
Alteon OS Application Guide Chapter 3: VLANs 87 42C4911, January 2007 Pr otoc ol-based VLANs Protocol-based VLANs (PVLANs) allow you to segment network traf fic according to the net- work protocols in use. T raffic generated by supported network protocols can be confined to a particular port-based VLAN.
Alteon OS Application Guide 88 Chapter 3: VLANs 42C4911, January 2007 P ort-based vs. P rot ocol-based VLANs Each VLAN supports both port-based and pro t ocol-based association , as follows: The default VLAN configu ration is port-ba se d. All data ports are members of VLAN 1, with no PVLAN association.
Alteon OS Application Guide Chapter 3: VLANs 89 42C4911, January 2007 PVLAN C onfigura tion Guidelines Consider the following guidelin es when you con fig ure proto col-based VLANs: Each port can support up to 16 VLA N protocols. The GbESM can support up to 16 protocols simultaneously .
Alteon OS Application Guide 90 Chapter 3: VLANs 42C4911, January 2007 3. Add member ports for this PVLAN. 4. Configure VLAN tagging for ports. 5. Enable the PVLAN. >> VLAN 2 Protocol 1# add int1 Port INT1 is an UNTAGGED port and it s current PVID is 1.
Alteon OS Application Guide Chapter 3: VLANs 91 42C4911, January 2007 6. V erify PVLAN operation. >> /info/l2/vlan (V iew VLAN informati on) VLAN Name Stat us Ports ---- --------------------.
Alteon OS Application Guide 92 Chapter 3: VLANs 42C4911, January 2007.
42C4911, January 2007 93 C HAPTER 4 Po r t s a n d T r u n k i n g T runk groups can provide super-bandwidth, multi-link connecti ons between GbE Switch Mod- ules or other trunk-capable devices. A t runk group is a group of ports th at act together , combin- ing their bandwidth to create a si ngle, larger virtual link.
Alteon OS Application Guide 94 Chapter 4: Ports and Trunking 42C4911, January 2007 Ov ervie w When using port trunk gro ups between two switches, as shown in Figure 4-1 , you can create a virtual link between the switches, operating up to 60Gb p er second, depend ing on how man y physical ports are combined.
Alteon OS Application Guide Chapter 4: Ports and Trunking 95 42C4911, January 2007 Statistical L oad Distribution Network traffic is statistically d istributed between the p orts in a trun k group. The Alteon OS- powered switch uses the Layer 2 MAC address information present in each transmitted frame for determining load dist ribution.
Alteon OS Application Guide 96 Chapter 4: Ports and Trunking 42C4911, January 2007 T runk group configur ation rules The trunking feature operates acco rding to specific configuration rules.
Alteon OS Application Guide Chapter 4: Ports and Trunking 97 42C4911, January 2007 Po r t T r u n k i n g E x a m p l e In the example below , three ports ar e trunked between two switches.
Alteon OS Application Guide 98 Chapter 4: Ports and Trunking 42C4911, January 2007 1. Connect the switch port s that will be members in the tru nk group. 2. Follow these steps on the GbESM: (a) Define a trunk group. (b)Apply and ver ify the configur ation.
Alteon OS Application Guide Chapter 4: Ports and Trunking 99 42C4911, January 2007 4. Examine the trunking inf o rmation on each switch. Information about each port in each configured tru nk group is displayed. Make sure that tru nk groups consist of the expected ports and th at each port is in the expected state.
Alteon OS Application Guide 100 Chapter 4: Ports and Trunking 42C4911, January 2007 C onfigurable T runk Hash Algorithm This feature allows you to co nfigure the particular parameters for the GbESM Trunk Hash algorithm instead of havi ng to utilize the d efaults.
Alteon OS Application Guide Chapter 4: Ports and Trunking 101 42C4911, January 2007 Link Aggr egation C ontrol P rotoc ol Link Aggregation Control Protocol (LACP) is an IEEE 802.
Alteon OS Application Guide 102 Chapter 4: Ports and Trunking 42C4911, January 2007 LACP automatically determi nes which member lin ks can be aggregated and then aggregates them. It provides for the co ntrolled addition and rem oval of physical links for t he link aggrega- tion.
Alteon OS Application Guide Chapter 4: Ports and Trunking 103 42C4911, January 2007 C onfiguring LACP Use the following procedure to configure LACP fo r port EXT1 and port EXT2 to participate in link aggregation. 1. Set the LACP mode on port EXT1.
Alteon OS Application Guide 104 Chapter 4: Ports and Trunking 42C4911, January 2007.
42C4911, January 2007 105 C HAPTER 5 Spanning T ree Gr oup When multiple paths exist on a network , Spanning Tree Group (STG) configures the network so that a switch uses only the most ef ficient pa th.
Alteon OS Application Guide 106 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Ov ervie w Spanning Tree Group (STG) detects and eliminates logical loops in a bridged or switched net- work. When multiple paths exist, Spanning Tree configures the network so that a switch uses only the most efficient path.
Alteon OS Application Guide Chapter 5: Spanning Tree Group 107 42C4911, January 2007 Bridge Pr otoc ol Data Units (BPDU s) T o create a Spanning Tr ee, the switch generates a configuration Bridge Protocol Data Unit (BPDU), which it then forwards out of its ports.
Alteon OS Application Guide 108 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Po r t Pa t h Co s t The port path cost assigns lower values to high-bandwid th po rts, such as Giga bit Ethernet , to encourage their use.
Alteon OS Application Guide Chapter 5: Spanning Tree Group 109 42C4911, January 2007 If ports are tagged, all trunked po rts can belong to multiple STGs. A port that is not a member of any VLAN can not be added to any STG . The port must be added to a VLAN, and that VLAN added to the desired STG .
Alteon OS Application Guide 110 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Multiple Spanning T rees Each GbE Switch Module supports a maximum of 128 Sp anning T ree Groups (STGs). Multi- ple STGs provide multiple data paths, whi ch can be used for load-balancing and redund ancy .
Alteon OS Application Guide Chapter 5: Spanning Tree Group 111 42C4911, January 2007 Wh y Do W e Need Multiple Spanning T rees? Figure 5-1 shows a simple example of why we n eed multiple Spanning Trees. T w o VLANs, VLAN 1 and VLAN 100 exist between applicati on switch A and GbE Switch Module B.
Alteon OS Application Guide 112 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Figure 5-2 Implementing M ultiple S panning T ree Groups VLAN Participation in Spanning T ree Groups The VLAN .
Alteon OS Application Guide Chapter 5: Spanning Tree Group 113 42C4911, January 2007 VLAN 3 Participation For VLAN 3 you can have GbE Switch Mod ule B or app licati on switch C to be the root bridge. If switch B is the root bridge for VLAN 3, Spannin g Tree Group 2, then switch B transmits the BPDU out from port 18.
Alteon OS Application Guide 114 Chapter 5: Spanning Tree G roup 42C4911, January 2007 N OTE – Each instance of Spanning Tree Group is enabled by defaul t. 3. Configure the following on application switch C: Add port 8 to VLAN 3 and define Spanning Tree Group 3 for VLAN 3.
Alteon OS Application Guide Chapter 5: Spanning Tree Group 115 42C4911, January 2007 P o rt F a s t F o rw a r di n g Port Fast For warding perm its a port t hat partic ipates in Spanning Tree to bypass the Listening and Learning states and enter dir ectly into the Forwarding state.
Alteon OS Application Guide 116 Chapter 5: Spanning Tree G roup 42C4911, January 2007 Fa s t U p l i n k C o n v e r g e n c e Fast Uplink Convergence enables the GbESM to quickly recover from the failure of the pri- mary link or trunk group in a Layer 2 network u sing Spanning Tree Protocol.
42C4911, January 2007 117 C HAPTER 6 Rapid Spanning T r ee Pr otoc ol/Multiple Spanning T ree Pr otocol IEEE 802.1w Rapid Spanning T ree Protocol enha nces the Spanning Tree Pr otocol to provide rapid convergence on Spanning Tree Group 1.
Alteon OS Application Guide 118 Chapter 6: Rapid Spanning Tree Protocol/M ultiple Spanning Tree Pr otocol 42C4911 , January 2007 Rapid Spanning T ree Pr otoc ol Rapid Spanning Tree Protocol (RSTP).
Alteon OS Application Guide Chapter 6: Rapid Spanning Tree Protoc ol/Multiple Spanning Tree Protocol 119 42C4911, January 2007 P ort T ype and Link T ype Spanning Tree configuration includes the following parameters to support RSTP and MSTP: edge port and link type.
Alteon OS Application Guide 120 Chapter 6: Rapid Spanning Tree Protocol/M ultiple Spanning Tree Pr otocol 42C4911 , January 2007 RSTP Co nfigura tion Example This section provides steps to configure Ra pid Spanning T ree on the GbE Switch Module, using the Command-Line Interface (CLI).
Alteon OS Application Guide Chapter 6: Rapid Spanning Tree Protoc ol/Multiple Spanning Tree Protocol 121 42C4911, January 2007 Multiple Spanning T ree P rot ocol IEEE 802.1s Multiple Spanning T ree extends the IEEE 802.1w Rapid Spanning T ree Protocol through multiple Spannin g Tree Groups.
Alteon OS Application Guide 122 Chapter 6: Rapid Spanning Tree Protocol/M ultiple Spanning Tree Pr otocol 42C4911 , January 2007 MSTP Co nfigura tion Guidelines This section provides important inf.
42C4911, January 2007 123 C HAPTER 7 Quality of Ser vice Quality of Service featur es allow you to allocat e network reso urces to mission-critical ap plica- tions at the expense of ap plications that are less sensitive to such fact ors as time del ays or net- work congestion.
Alteon OS Application Guide 124 Chapter 7: Quality of Service 42C4911, January 2007 Overview QoS helps you allocate gu aranteed bandwidth to the critical applications, and limit bandwi dth for less critical applications.
Alteon OS Application Guide Chapter 7: Quality of Service 125 42C4911, January 2007 The basic GbESM QoS model works as follows: Classify traffic: Read DSCP Read 802.
Alteon OS Application Guide 126 Chapter 7: Quality of Service 42C4911, January 2007 Us i n g ACL Fi l t e r s Access Control Lists are filters that allow you to classify and segment traffic, so you can pro- vide different levels of service to different traf fic typ es.
Alteon OS Application Guide Chapter 7: Quality of Service 127 42C4911, January 2007 Packet Format Ethernet format (eth2, SNAP , LLC) Ethernet tagging format IP format (IPv4, IPv6) .
Alteon OS Application Guide 128 Chapter 7: Quality of Service 42C4911, January 2007 Summar y of A CL Actions Actions determine how th e traffi c is treate d. The GbESM QoS actions include the following: Pass or Drop Re-mark a new Dif fServ Code Point (DSCP) Re-mark the 802.
Alteon OS Application Guide Chapter 7: Quality of Service 129 42C4911, January 2007 Usi n g ACL G ro u p s Access Control Lists (ACLs) allow you to classify packets according to a particular content in the packet header , such as the source addre ss, destination address, source port number , destina- tion port number , and others.
Alteon OS Application Guide 130 Chapter 7: Quality of Service 42C4911, January 2007 Access Control Groups An Access Control Group (ACL Group) is a collection of ACLs. For example: In the example above, each ACL defines a filter rule. ACL 3 has a higher precedence than ACL 1, based on its nu mb er .
Alteon OS Application Guide Chapter 7: Quality of Service 131 42C4911, January 2007 Meterin g QoS metering provides different levels of service to data streams th rou gh user-configurable parameters. A meter is used to measure the traf fic stream against a traf fic profile, which you create.
Alteon OS Application Guide 132 Chapter 7: Quality of Service 42C4911, January 2007 A CL C onfigurat ion Examples Example 1 Use this configuration to block traffic to a specifi c host. All traf fic that ingresses on port EXT1 is denied if it is destined for the host at IP address 100.
Alteon OS Application Guide Chapter 7: Quality of Service 133 42C4911, January 2007 3. Apply and save the configuration. Example 3 Use this configuration to block traffic from a netw ork that is destined for a specific egress port. All traffic that ingresses port EXT1 from the ne twork 100.
Alteon OS Application Guide 134 Chapter 7: Quality of Service 42C4911, January 2007 U sing DSCP V alues to Pro vide QoS The six most significant bits in the TOS byte of the IP header are defined as DiffServ Code Points (DSCP).
Alteon OS Application Guide Chapter 7: Quality of Service 135 42C4911, January 2007 The GbESM default settings are based on the following standard PHBs, as defined in the IEEE standards: Expedited Forwarding (EF)—T his PH B has the hi ghest egress priority and lowest drop precedence level.
Alteon OS Application Guide 136 Chapter 7: Quality of Service 42C4911, January 2007 QoS Lev els T abl e 7-5 shows the default service levels provided by the GbESM, listed from hig hest to lowest importance: T able 7-5 Default QoS Service Levels Service Level Default PHB 802.
Alteon OS Application Guide Chapter 7: Quality of Service 137 42C4911, January 2007 DSCP Re -mark ing and Mapping The GbESM can re-mark the DSCP value of ingress packets to a new value, and set the 802.1p priority val ue, based on the DSCP valu e.
Alteon OS Application Guide 138 Chapter 7: Quality of Service 42C4911, January 2007 DSCP Re-mark ing Confi guration Example 1. T urn DSCP re-mar king on globally , and define the DSCP -D SCP-802.1p ma pping. Y ou can use the default mapping, as shown in the cfg/qos/dscp/cur command ou tput.
Alteon OS Application Guide Chapter 7: Quality of Service 139 42C4911, January 2007 U sing 802.1p Priorities to Pr ovide QoS Alteon OS provides Quality of Service functi ons based on the priority bits in a packet’ s VLAN header . (The priority bits are defined by th e 802.
Alteon OS Application Guide 140 Chapter 7: Quality of Service 42C4911, January 2007 802.1p C onfiguration Example 1. Configure a port’ s default 802.1p priority . 2. Map the 802.1p priority value to a COS queue and set the COS queue scheduling weight.
42C4911, January 2007 P ar t 2: IP Routing This section discusses Layer 3 switching fun ctions. In addition to swit ching traffic at near line rates, the application switch can perform multi-pro toco l routing.
Alteon OS Application Guide 142 42C4911, January 2007.
42C4911, January 2007 143 C HAPTER 8 Basic IP Routing Th is c ha pt er provides configuration background and examples for using the GbE Switch Mod- ule to perform IP routing functions.
Alteon OS Application Guide 144 Chapter 8: Basic IP Routing 42C4911, January 2007 IP Routing Benefits The GbE Switch Module uses a combination of c onfigurable IP switch in terfaces and IP rout- ing options.
Alteon OS Application Guide Chapter 8: Basic IP Routing 145 42C4911, January 2007 Routing Betw een IP Subnets The physical layout o f most corp orate networks has evolved over time. Classi c hub/router topologies have given way to faster sw itched topologies, particularly now th at sw itches are increasingly intelligent.
Alteon OS Application Guide 146 Chapter 8: Basic IP Routing 42C4911, January 2007 Routers can be slower than switches. The cro ss-subnet side trip from the switch to the router and back again adds two hops for the data , slowi ng th roughput considerabl y .
Alteon OS Application Guide Chapter 8: Basic IP Routing 147 42C4911, January 2007 W ithout Layer 3 IP routing on the switch, cross-subnet com munication is relayed to the default gateway (in this case, the router) for the next level of routing intel ligence.
Alteon OS Application Guide 148 Chapter 8: Basic IP Routing 42C4911, January 2007 Example of Subnet Routing Prior to configuri ng, you must be connected to the sw itch Command Line Interface (CLI) as the administrator .
Alteon OS Application Guide Chapter 8: Basic IP Routing 149 42C4911, January 2007 IP interfaces are configured using the following comm ands at the CLI: 3. Set each server and workstation’ s default gatew ay to the appropriate switch IP interface (the one in the same subnet as the server or workstation).
Alteon OS Application Guide 150 Chapter 8: Basic IP Routing 42C4911, January 2007 Using VLANs to Segregat e Broadcast Domains In the previous example, devices that share a common IP network are all in the same broadcast domain. If you want to limit the broadcasts on your netwo rk, you could use VLANs to create distinct broadcast domains.
Alteon OS Application Guide Chapter 8: Basic IP Routing 151 42C4911, January 2007 Each time you add a port to a VLAN, you may get the follow ing prompt: Enter y to set the default Port VLAN ID (PVI D) for the port. 3. Add each IP interface to the appr opriate VLAN.
Alteon OS Application Guide 152 Chapter 8: Basic IP Routing 42C4911, January 2007 Dynamic Host C onfigura tion P rotoc ol Dynamic Host Configuration Protocol (D HCP) is a transport protocol that p.
Alteon OS Application Guide Chapter 8: Basic IP Routing 153 42C4911, January 2007 DHCP Relay A gent DHCP is described in RFC 2131, and the DHCP relay agent supp orted on GbE Switch Mod- ules is described in RFC 1542. DHCP uses UDP as its transport protocol.
Alteon OS Application Guide 154 Chapter 8: Basic IP Routing 42C4911, January 2007 DHCP Relay A gent C onfigura tion T o enable the GbE Switch Module to be the BOOTP forwarder, you n eed to configure the DHCP/BOOTP server IP addresses on the switch.
42C4911, January 2007 155 C HAPTER 9 Routing Informa t ion Pr otoc ol In a routed environment, rout ers communicate with one anothe r to keep track of available routes. Routers can learn about available rout es dynamically using the Ro uting Informat ion Protocol (RIP).
Alteon OS Application Guide 156 Chapter 9: Routing Inform ation Protocol 42C4911, January 2007 Routing Updates RIP sends routing-update messages at regular in tervals and when the network topolo gy changes. Each router “advertises ” routing information by sending a rou ting informatio n update every 30 seconds.
Alteon OS Application Guide Chapter 9: Routing Info rmation Protocol 157 42C4911, Januar y 2007 RIPv2 in RIPv1 compatibility mode Alteon OS allows you to configure RIPv2 in RIPv1com patibility mod e, for using both RIPv 2 and RIPv1 routers within a network.
Alteon OS Application Guide 158 Chapter 9: Routing Inform ation Protocol 42C4911, January 2007 Default The RIP router can listen and supply a default rout e, usually represented as 0.
Alteon OS Application Guide Chapter 9: Routing Info rmation Protocol 159 42C4911, Januar y 2007 1. Add VLANs for routing interfaces. 2. Add IP interfaces to VLANs. 3. T urn on RIP globally and enable RIP for each interface. Use the /maint/route/dump command to check th e current valid routes in the routing table of the switch.
Alteon OS Application Guide 160 Chapter 9: Routing Inform ation Protocol 42C4911, January 2007.
42C4911, January 2007 161 C HAPTER 10 IGMP Internet Group Management Protocol (IGMP) is used by IP Multicast routers to learn about the existence of host group members on their direct ly attached subnet (see RFC 2236).
Alteon OS Application Guide 162 Chapter 10: IGMP 42C4911, January 2007 IGMP Snooping IGMP Snooping allows the switch to fo rward mu lticast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports.
Alteon OS Application Guide Chapter 10: IGMP 163 42C4911, January 2007 IGMP Snooping Co nfigura tion Example This section provides steps to configure IGMP Snooping on the GbESM, using the Command- Line Interface (CLI). Configure IGMP Snooping 1. Configure port and VLAN membership on the switch.
Alteon OS Application Guide 164 Chapter 10: IGMP 42C4911, January 2007 These commands display information abou t IGMP Groups and Mrouters learned through IGMP Snooping. Static Multicast Router A static multicast router (Mrou t er) can be configured for a par ticular port on a particular VLAN.
Alteon OS Application Guide Chapter 10: IGMP 165 42C4911, January 2007 IGMP Relay The GbESM can act as an IGMP Relay (or IGMP Proxy) device that relays IGMP multicast messages and traffic between an Mrouter and en d stations.
Alteon OS Application Guide 166 Chapter 10: IGMP 42C4911, January 2007 C onfigure IGMP Relay Use the following procedure to configure IGMP Relay . 1. Configure an IP interfa ce and assign VLANs. 2. T urn IGMP on. 3. Enable IGMP Relay and add VLANs to the downstr eam network.
Alteon OS Application Guide Chapter 10: IGMP 167 42C4911, January 2007 5. Apply and save the configuration. >> Multicast router 2# apply (Apply the configuration) >> Multicast router 2.
Alteon OS Application Guide 168 Chapter 10: IGMP 42C4911, January 2007 A dditional IGMP F eatures The following topics are discussed in this section: “FastLeave” on page 168 “IGMP Fi.
Alteon OS Application Guide Chapter 10: IGMP 169 42C4911, January 2007 Each IGMP Filter allows you to set a st art and e nd point that defines the range of IP addresses upon which the filter takes action. Each IP address in the range must be between 224.
Alteon OS Application Guide 170 Chapter 10: IGMP 42C4911, January 2007 3. Assign the IGMP filter to a port. >> /cfg/l3/igmp/igmpflt (Select IGMP Filtering menu) >>IGMP Filter# port EXT.
42C4911, January 2007 171 C HAPTER 11 Border Gate wa y Pr otocol Border Gateway Protocol (BGP) is an Internet protocol that enab les routers on a network to share and advertise routing info rmation with each other about th e segments of the IP address space they can access within their network and with routers on external networks.
Alteon OS Application Guide 172 Chapter 11: Border Gateway Protocol 42C4911, January 2007 Internal Routing V ersus Ex ternal Routing T o ensure effective processing of network traffi c, every router on your network needs to know how to send a packet (d irectly or i ndirectly) to any other lo catio n/destination in your net work.
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 17 3 42C4911, January 2007 T ypically , an AS has one or more bo rd e r ro u t e r s —peer routers that exchan ge routes with other ASs—and an internal rou ting scheme that enables routers in that AS to reach every other router and destination within that AS.
Alteon OS Application Guide 174 Chapter 11: Border Gateway Protocol 42C4911, January 2007 Wha t is a Route Map? A route map is used to control and modify routing informati on.
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 17 5 42C4911, January 2007 Figure 1 1-2 Distributing Network Filters in Access List s and Route Maps Incoming and Outgoing Route Maps Y o u can have two ty pes of route maps: incoming and outgoing.
Alteon OS Application Guide 176 Chapter 11: Border Gateway Protocol 42C4911, January 2007 Prec edenc e Y o u can set a priority to a route map by specifying a precedence valu e with the following command: The smaller the value the higher the precedence.
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 17 7 42C4911, January 2007 3. (Optional) Configur e the attrib utes in the AS filter menu.
Alteon OS Application Guide 178 Chapter 11: Border Gateway Protocol 42C4911, January 2007 A ggregating Rout es Aggregation is the process of co mbining several different routes in such a way that a single route can be advertised, which minimizes the size of the routing tabl e.
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 17 9 42C4911, January 2007 Redistributing Routes In addition to running mult iple routi ng prot ocols simu ltan eously , Alteon OS software can redistribute informatio n from one routing protocol to another .
Alteon OS Application Guide 180 Chapter 11: Border Gateway Protocol 42C4911, January 2007 BGP A ttributes The following two BGP attributes are discussed in this section: Local preference and metric (Multi-Exit D iscriminator).
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 18 1 42C4911, January 2007 Selec ting Route Pa ths in BGP BGP selects only on e path as the b est path.
Alteon OS Application Guide 182 Chapter 11: Border Gateway Protocol 42C4911, January 2007 BGP F ailover C onfiguration Use the following example to create redundant default gateways for a GbE Swit.
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 18 3 42C4911, January 2007 1. Define the VLANs. For simplicity , both default gatew ays are configur ed in the same VLAN in this example. The gateways could be in the same VLA N or different VLANs .
Alteon OS Application Guide 184 Chapter 11: Border Gateway Protocol 42C4911, January 2007 4. Configure BGP peer r outer 1 and 2. Peer 1 is the primary gateway router .
Alteon OS Application Guide Chapter 11: Bord er Gateway Pro tocol 18 5 42C4911, January 2007 Default Redistribution and Route A ggrega tion Example This example shows you how to configure the sw i.
Alteon OS Application Guide 186 Chapter 11: Border Gateway Protocol 42C4911, January 2007 3. Configure internal peer r outer 1 and external peer router 2. 4. Configure r edistribution for Peer 1. 5. Configure aggr egation policy control. Configure the routes that you want aggregated.
42C4911, January 2007 187 C HAPTER 12 OSPF Alteon OS supports the Open Shortest Path First (OSPF) routin g protocol. The Alteon OS implementation conforms to the OSPF versio n 2 specifications detailed in Internet RFC 1583. The following sections discuss OSPF support for the GbE Switch Module: “OSPF Overview” on page 188 .
Alteon OS Application Guide 188 Chapter 12: OSPF 42C4911, January 2007 OSPF Over view OSPF is designed for routing traffic within a single IP domain called an Autonomou s System (AS). The AS can be divided into smaller logical units kn own as ar eas .
Alteon OS Application Guide Chapter 12: OSPF 189 42 C4911, Januar y 2007 T ransit Area—an area that allows area summ ary information to be exchanged between routing devices. Th e backbone (a rea 0), any area that contains a virtual link to connect two areas, and any area that is no t a stub area or an NSSA ar e considered transit areas.
Alteon OS Application Guide 190 Chapter 12: OSPF 42C4911, January 2007 T ypes of OSPF Routing Devices As shown in Figure 12-2 , OSPF uses the followin g types of routing devices: Internal Router (IR)—a router that has all of its inte rfaces within the same area.
Alteon OS Application Guide Chapter 12: OSPF 191 42 C4911, Januar y 2007 Neighbors and Adjac encies In areas with two or more routin g devi ces, neigh bors and adjacencies are formed. Neighbors are routing devices that ma intain information about each others’ health.
Alteon OS Application Guide 192 Chapter 12: OSPF 42C4911, January 2007 The Shortest Path F irst T ree The routing devices use a link-state algorithm (Dijk stra’ s algori thm ) to calculate the shortest path to all known destinations, based on the cumu lati ve cost required to reach the destination.
Alteon OS Application Guide Chapter 12: OSPF 193 42 C4911, Januar y 2007 OSPF Implementation in A lteon OS Alt eon O S supports a single instance of OSPF and up to 4 K routes on the network.
Alteon OS Application Guide 194 Chapter 12: OSPF 42C4911, January 2007 Defining Areas If you are configuring multiple areas in yo ur OSPF domain, one of the areas must be desig- nated as area 0, known as the backbone . The backbone is the central OSPF area and is usually physically connected to al l other areas.
Alteon OS Application Guide Chapter 12: OSPF 195 42 C4911, Januar y 2007 Using the Area ID to A ssi gn the OSPF Area Number The OSPF area number is defined in the areaid <IP addr ess> option. The octet format is used in order to be compatible with two different systems of notation used by other OSPF net- work vendors.
Alteon OS Application Guide 196 Chapter 12: OSPF 42C4911, January 2007 Inter face C ost The OSPF link-state algorithm (Dij kstra’ s algorithm) places each ro uting device at the root of a tree and determines the cumulative cost required to reach each destination.
Alteon OS Application Guide Chapter 12: OSPF 197 42 C4911, Januar y 2007 Default Routes When an OSPF routi ng device encounters traffic for a destin ation address it does not recog- nize, it forwards that traffic along the default r oute .
Alteon OS Application Guide 198 Chapter 12: OSPF 42C4911, January 2007 The OSPF default route configuration can be removed with the command: V irtual Links Usually , all areas in an OSPF AS are physical ly connected to the backbone. In some cases where this is not possible, you can use a virtual link .
Alteon OS Application Guide Chapter 12: OSPF 199 42 C4911, Januar y 2007 Router ID Routing devices in OSPF areas are identified by a router ID. The router ID is expressed in IP address format. The IP address of the router ID is not required to be included in any IP inter- face range or in any OSPF area.
Alteon OS Application Guide 200 Chapter 12: OSPF 42C4911, January 2007 Figure 12-4 shows authentication config ured for area 0 with the pa ssword test. Simple authen- tication is also con figured for the virt ual link between area 2 and area 0. Area 1 is not config- ured for OSPF authentication.
Alteon OS Application Guide Chapter 12: OSPF 201 42 C4911, Januar y 2007 3. Enable OSPF authenti ca tion for Ar ea 2 on switch 4. 4. Configure a simple t ext passwor d up to eight charac ters for the virtual link between Area 2 and Area 0 on switches 2 and 4.
Alteon OS Application Guide 202 Chapter 12: OSPF 42C4911, January 2007 6. Assign MD5 key ID to OSPF virt ual link on switches 2 and 4. Host Routes for Lo ad Balancing Alteon OS implementati on of OSPF includes host rout es.
Alteon OS Application Guide Chapter 12: OSPF 203 42 C4911, Januar y 2007 OSPF F eatur es Not Suppor ted in This Release The following OSPF features are not supported in this release: Summarizi.
Alteon OS Application Guide 204 Chapter 12: OSPF 42C4911, January 2007 OSPF C onfiguration Examples A summary of the basic steps for configuring OSPF on the GbE S wit ch Mod ule is listed here. Detailed instructions for each of the step s is covered in the following sections : 1.
Alteon OS Application Guide Chapter 12: OSPF 205 42 C4911, Januar y 2007 Example 1: Simple OSPF Domain In this example, two OSPF areas are defined—one area is the backbone and the other is a stub area. A stub area does not allow advertisements of exte rnal routes, thus reducing the size of the database.
Alteon OS Application Guide 206 Chapter 12: OSPF 42C4911, January 2007 3. Define the backbone. The backbone is always confi gured as a transit area using areaid 0.0.0.0 . 4. Define the stub ar ea. 5. Attach the network int e rface to the backbone.
Alteon OS Application Guide Chapter 12: OSPF 207 42 C4911, Januar y 2007 Example 2: V irtual Links In the example shown in Figure 12-6 , area 2 is not physically connect ed to the backbone as is usually required. Instead, area 2 will be connected to the backbo ne via a virtual link through area 1.
Alteon OS Application Guide 208 Chapter 12: OSPF 42C4911, January 2007 4. Define the backbone. 5. Define the transit area. The area that contains the virtual link must be configured as a transit area. 6. Attach the network int e rface to the backbone.
Alteon OS Application Guide Chapter 12: OSPF 209 42 C4911, Januar y 2007 Configuring OSPF f or a V ir tual Link on Switch #2 1. Configure IP interfaces on each network that will be attached to OSP F areas. T wo IP interfaces are needed on Switch #2: one for the transit area ne twork on 10.
Alteon OS Application Guide 210 Chapter 12: OSPF 42C4911, January 2007 6. Define the stub ar ea. 7. Attach the network int e rface to the backbone.
Alteon OS Application Guide Chapter 12: OSPF 211 42 C4911, Januar y 2007 Example 3: Summarizing Routes By default, ABRs advertise all the network a ddresses from one area into another area. Route summarization can be used for consolidating advertised addres ses and reducin g the percei ved complexity of the network.
Alteon OS Application Guide 212 Chapter 12: OSPF 42C4911, January 2007 Follow this procedure to config ure OSPF support as shown in Figure 12-7 : 1. Configure IP interfaces for each network which will be attached to OSPF ar eas. 2. Enable OSPF . 3.
Alteon OS Application Guide Chapter 12: OSPF 213 42 C4911, Januar y 2007 7. Configure r oute summariza tion by specifying the starting address and mask of the range of addres ses to be summarized. 8. Use the hide command to preven t a range of addr es ses fr om advertising to the backbone.
Alteon OS Application Guide 214 Chapter 12: OSPF 42C4911, January 2007.
42C4911, January 2007 Pa r t 3 : H i g h A v a i l a b i l i t y Fu n d a m e n t a l s Internet traffic consists of my riad services and applications which use the Internet Protocol (IP) for data delivery . However , IP is not optimized for all the various application s .
Alteon OS Application Guide 216 42C4911, January 2007.
42C4911, January 2007 217 C HAPTER 13 High A vailability GbE Switch Modules support high-availabil ity network top ologies through an en hanced implementation of the V irtual Router Redund ancy Prot ocol (VRRP). The following topics are discussed in this chapter: “Layer 2 Failover” on page 218 .
Alteon OS Application Guide 218 Chapter 13: High Availability 42C4911, January 2007 Lay er 2 F ailov er The primary application for Layer 2 Failover is to support Network Adapter T eaming. W i th Network Adapter T eaming, the NICs on each server all share th e same IP address, and are configured into a team.
Alteon OS Application Guide Chapter 13: High Availability 2 19 42C4911, January 2007 Setting the F ailover Limit The failover limit lets you specify the minimum num ber of operational links required within each trigger before the trigger initiates a failover event.
Alteon OS Application Guide 220 Chapter 13: High Availability 42C4911, January 2007 C onfiguration Guidelines This section provides important inform ation about configuri ng L2 Fai lover: A failover trigger can monitor multiple static trunks or a single LACP key , but not both.
Alteon OS Application Guide Chapter 13: High Availability 2 21 42C4911, January 2007 Figure 13-2 shows a configuration with two trunks, each in a di fferent Failover T r igger . GbESM 1 is the primary switch for Server 1 and Server 2. GbESM 2 is the primary switch for Server 3 and Server 4.
Alteon OS Application Guide 222 Chapter 13: High Availability 42C4911, January 2007 Figure 13-3 shows a config urat ion with two trunks. VLA N Moni tor is tu rned off, so only one Failover T rigger is configured on each switch. GbESM 1 is the primary s witch for Server 1 and Server 2.
Alteon OS Application Guide Chapter 13: High Availability 2 23 42C4911, January 2007 C onfiguring T runk F ailover The following procedure pertains to example 1, as shown in Figure 1 3-1 . 1. Configure Network Adapter T eaming on the servers. 2. Define a trunk gr oup on the GbESM.
Alteon OS Application Guide 224 Chapter 13: High Availability 42C4911, January 2007 VRRP Overview In a high-availabili ty netw ork topology , no de vice can create a si ngl e point-of-failure fo r the network or force a single point-of-failure to a ny other part of the netw ork.
Alteon OS Application Guide Chapter 13: High Availability 2 25 42C4911, January 2007 There is no requirement for any VRRP router to be the IP addr ess owner . Most VRRP installa- tions choose not t o implement an IP address owne r . For the purposes of this chapter , VRRP routers that are not the IP address owner are called re n t e r s .
Alteon OS Application Guide 226 Chapter 13: High Availability 42C4911, January 2007 VRRP Operation Only the virtual router master responds to ARP req uests. Therefore, the upst ream routers only forward packets destined to the master . The mast er also responds to ICMP ping requests.
Alteon OS Application Guide Chapter 13: High Availability 2 27 42C4911, January 2007 Fa i l o v e r M e t h o d s W ith service availability becomi ng a major concern on the In ternet, service providers are increasingly deploying Internet traffic control devices, such as application switche s, in red un- dant configurations.
Alteon OS Application Guide 228 Chapter 13: High Availability 42C4911, January 2007 Active-Ac tive Redundancy In an active-active conf iguration, shown in Figur e 13-5 , two switches provide redundancy fo r each other , with both active at the same time.
Alteon OS Application Guide Chapter 13: High Availability 2 29 42C4911, January 2007 Hot-Standby Redundancy The primary application for VRRP-based hot-standby is to support Server Load Balanc ing when you have configured Network Adapter T eam ing on your server blades.
Alteon OS Application Guide 230 Chapter 13: High Availability 42C4911, January 2007 Alteon OS extensions to VRRP This section describes the following VRRP enha ncements that are implemented in Alt.
Alteon OS Application Guide Chapter 13: High Availability 2 31 42C4911, January 2007 V ir tual Router Deplo yment C onsiderations Review the following issues described in this section to prevent n.
Alteon OS Application Guide 232 Chapter 13: High Availability 42C4911, January 2007 The user can implement this behavior by config uri ng the swit ch for tracking as follows: 1. Set the priority for switch 1 to 101. 2. Leave the priority for switch 2 at the default value of 100.
Alteon OS Application Guide Chapter 13: High Availability 2 33 42C4911, January 2007 High A vailability C onfigurat ions GbE Switch Modules offer flexibility in implementin g redundant configuratio ns.
Alteon OS Application Guide 234 Chapter 13: High Availability 42C4911, January 2007 T ask 1: Configure GbESM 1 1. Configure clien t and server interfaces. 2. Configure th e defa ult gat e ways. Each default gateway points to a Layer 3 rou t e r . /cfg/l3/if 1 (Select interf ace 1) >> IP Interface 1# addr 192.
Alteon OS Application Guide Chapter 13: High Availability 2 35 42C4911, January 2007 3. T urn on VRRP and configure tw o V irtual Interface Routers. 4. Enable tracking on ports. Set the priority of V irtual Router 1 to 101, so that it becomes the Master .
Alteon OS Application Guide 236 Chapter 13: High Availability 42C4911, January 2007 T ask 2: Configure GbESM 2 1. Configure clien t and server interfaces. 2. Configure th e defa ult gat e ways. Each default gateway points to a Layer 3 rou t e r . /cfg/l3/if 1 (Select interf ace 1) >> IP Interface 1# addr 192.
Alteon OS Application Guide Chapter 13: High Availability 2 37 42C4911, January 2007 3. T urn on VRRP and configure tw o V irtual Interface Routers. 4. Enable tracking on ports. Set the priority of V irtual Router 2 to 101, so that it becomes the Master .
Alteon OS Application Guide 238 Chapter 13: High Availability 42C4911, January 2007 Hot-Standby C onfigura tion The primary application for VRRP-based hot-sta ndby is to support Network Adapter T eaming on your server blades. W ith Network Adapter T eaming, the NICs on each server share the same IP address, and are configured into a t eam.
Alteon OS Application Guide Chapter 13: High Availability 2 39 42C4911, January 2007 Figure 13-8 illustrates a com mon hot-standby implementat ion on a singl e blade server . Noti ce that the BladeCenter server NICs are configured into a team th at shares the same IP address across both NICs.
Alteon OS Application Guide 240 Chapter 13: High Availability 42C4911, January 2007 2. Configure V irtual Interface Routers. 3. Enable VRRP Hot S t andby . 4. Configure VRRP Group parameters. Set the VRRP priority to 101, so that this switch is the Master .
Alteon OS Application Guide Chapter 13: High Availability 2 41 42C4911, January 2007 T ask 2: Configure GbESM 2 1. On GbESM 1, configure the int erfaces for clients (174.14.20. 1 1 1) and serv ers (10.1.1. 1 1 1 ). 2. Configure V irtual Interface Routers.
Alteon OS Application Guide 242 Chapter 13: High Availability 42C4911, January 2007 5. T urn off Spanning T ree Protocol gl obally . Apply and save changes.
42C4911, January 2007 P ar t 4: Appendices This section describes the following topi cs: T roubleshooting RADIUS Server Configuration N otes Glossary.
Alteon OS Application Guide 244 42C4911, January 2007.
42C4911, January 2007 245 A PPENDIX A T roubleshooting This section discusses some tools to help you troubleshoo t com mon problems on the GbE Switch Modul e: “Monitoring Ports” on page 246.
Alteon OS Application Guide 246 Appendix A: Troubles hooting 42C4911, January 2007 Monitoring P or ts The port mirroring feature in the Alteon O S allows you to attach a sniffer to a monitoring port that is configured to receive a copy of all p ackets that are forwarded from the mirrored port.
Alteon OS Application Guide Appendix A: Troubleshooting 247 42C4911, January 2007 N OTE – T raffic on VLAN 4095 is not mirrored to the external ports. P ort Mirroring behavior This section describes the compo sition of monitored p ackets in the GbE Switch Module, based on the configuration of the ports.
Alteon OS Application Guide 248 Appendix A: Troubles hooting 42C4911, January 2007 Lay er 3 P ort M irroring (Monitoring Port and Egress P or t in the same GEA) In this scenario, you observe Layer 3 port mirroring on an egress port, and both the egress port and the monitoring port are in the same Gigabit Eth ernet Aggregator (GEA) unit.
Alteon OS Application Guide Appendix A: Troubleshooting 249 42C4911, January 2007 Laye r 3 P or t Mirroring (Both P orts in Different GEAs) In this scenario, you ob serve Layer 3 port mirroring on an egress port, but the egress port and the monitoring port reside on different Gigabit Ethernet Aggregato r (GEA) units.
Alteon OS Application Guide 250 Appendix A: Troubles hooting 42C4911, January 2007 Lay er 3 P ort M irroring (MP P ackets, Both P or ts in the Same GEA) MP packets are generated by the management pr ocessor , such as routing packets between direct interfaces.
Alteon OS Application Guide Appendix A: Troubleshooting 251 42C4911, January 2007 C onfiguring P or t Mirroring T o configu re port mi rrori ng for the example sho wn in Figure A-1 , 1. Specify the monitoring port. 2. Select the ports that you want to mirror .
Alteon OS Application Guide 252 Appendix A: Troubles hooting 42C4911, January 2007 5. V iew the curr ent configuration. >> PortMirroring # cur (Display the current settings) Port mirroring i.
42C4911, January 2007 253 A PPENDIX B RADIUS S er v er C onfiguration Not es Use the following informatio n to modify your RADIUS configuration files for the Nortel Networks BaySecure Access Cont rol RADIUS server , to provide authenti cation for users of the GbE Switch Modul e.
Alteon OS Application Guide 254 Appendix B: RADIUS Server Configuration Notes 42C4911, January 2007 2. Open the dictiona.dcm file, and add the following line (as in the example): @alteon.
42C4911, January 2007 255 Glossar y DIP (Destination IP Addr ess) The destination IP address of a frame. Dport (Destination Po r t ) The destination port (applic ation socket: for example, http-80/htt.
Alteon OS Application Guide 256 Glossary 42C4911, January 2007 Vi r t u a l R o u te r A shared address between two devices utiliz ing VRRP , as defined in RFC 2338. One vir- tual router is associa ted with a n IP interfa ce. This is one of t he IP in terfaces t hat the switch is assigned.
42C4911, January 2007 257 Inde x Symbols ............. .............. .............. .............. ............ ..... 161 [ ] ........................ ........... ............... .............. ....... 18 Numerics 802.1Q VLAN tagging ................
Alteon OS Application Guide 258 Index 42C4911, January 2007 F Failover ......................... .............. .............. ........218 failover overview ................... .............. .............. .....227 fault tolerance port trunking .
Alteon OS Application Guide Index 259 42C4911, January 2007 O OSPF area types .................... .............. .............. ... 188 authentication ...... .............. .............. ........... 199 configuration examples .................. .
Alteon OS Application Guide 260 Index 42C4911, January 2007 segments. See IP subnets. service ports ..................... .............. ........... ........127 SNMP ................ .............. .............. .............36, 193 HP-OpenView .
An important point after buying a device Nortel Networks 42C4911 (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought Nortel Networks 42C4911 yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data Nortel Networks 42C4911 - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, Nortel Networks 42C4911 you will learn all the available features of the product, as well as information on its operation. The information that you get Nortel Networks 42C4911 will certainly help you make a decision on the purchase.
If you already are a holder of Nortel Networks 42C4911, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime Nortel Networks 42C4911.
However, one of the most important roles played by the user manual is to help in solving problems with Nortel Networks 42C4911. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device Nortel Networks 42C4911 along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
