Tuesday, August 26, 2008

Connecting a NetApp Fas3020 to Cisco 4948 switches

Well, today i'll consider the connection between two switches Cisco 4948 and two Storage Systems NetApp Fas3020.
This is a real situation happened during our recent switch migration....

we have:
2 storage systems:
Fas3020 A <-> Fas3020 B
and 2 Cisco 4948 dedicated to storage networking

Ok what happens when we must connect all toghether to provide the best redundancy as possible?
we follow the NetApp whitepapers and connect as follows:



So, two etherchannels for each switch, if a switch or a Fas3020 fails, we have full redundancy because each Fas3020 is configured with Active-Passive mode.

Fas3020 configuration is well documented by NetApp and obviously it's not my stuff, so i'll focus on Cisco 4948 Configuration.
There are two possible configurations for the switches etherchannels: Access mode if Fas3020 have only one vlan, Trunk mode if Fas3020 have multiple vlans configured on the same interfaces.

We have both configurations in our system, there are 4 Gi ports in access mode and 4 in trunk mode for each Fas3020.

The easiest configuration is for access mode,... [+/-]

we choosed to have an etherchannel with fixed "on" mode in our environment (lacp disabled).

i have configured something like this:

int gi 1/1
desc Fas3020A Vif n
switchport
switchport mode access
switchport access vlan 8
spanning-tree portfast
speed 1000
duplex full
channel-group 2 mode on
!
int gi 1/2
desc Fas3020A Vif n
switchport
switchport mode access
switchport access vlan 8
spanning-tree portfast
speed 1000
duplex full
channel-group 2 mode on
!
int portchannel 2
desc Fas3020A vif n etherchannel
switchport
switchport mode access
switchport access vlan 8
spanning-tree portfast
!


If you forget to enable portchannels and configure the ports simply in access mode... the Fas3020 doesn't matter, but the switch logs errors like "%C4K_EBM-4-HOSTFLAPPING: Host 02:A0:98:04:6F:0F in vlan 8 is flapping between port Gi1/2 and port Gi1/1".
No spanning tree issues and no blocked ports, the Fas3020 uses Active/Passive with his virtual MAC Address, so we can safely disable spanning tree on Fas ports ( spanning-tree portfast command )


For trunking mode i can't find (easly) NetApp configuration examples,... [+/-]


ok they made storage.. not switches, so i must try ;-)

First i tryed with a simple (ingenuous) trunk, but when ports joined ehterchannel, they transit all 802.1d states, aka spanning tree "freezes" trunk ports connected to Fas3020.
Not a funny stuff on a production system... and despite RSTP+ enabled globally on the switch, the Fas3020 it's simply a host...don't "understands" RSTP, so there are 48 seconds of fear ;-)
So i opened my BCMSN book and read about spanning-tree configurations... (this time testing on my lab before... ) ;-)

The well (un)documented command results to be "spanning-tree portfast trunk" that enables portfast even on a trunk port (or portchannel).

So my final configuration for trunking portchannels with fas was like this:


int gi 1/1
desc Fas3020A Vif n
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 23-26,66
switchport mode trunk
spanning-tree portfast trunk
speed 1000
duplex full
channel-group 2 mode on
!
int gi 1/2
desc Fas3020A Vif n
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 23-26,66
switchport mode trunk
spanning-tree portfast trunk
speed 1000
duplex full
channel-group 2 mode on
!
int portchannel 2
desc Fas3020A Vif n ehterchannel
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 23-26,66
switchport mode trunk
spanning-tree portfast trunk
!


bingooo, with this configuration trunks where up without waiting slow STP states and WOW... bulletproof!



Final considerations:
-try before on a testing env, 2 switches will be enough, just disable STP on one switch to simulate Fas3020... ("no spanning-tree vlan n" commands on the TEST switch)
-be careful with trunks betw switches and trunking hosts... hosts DOESN'T send out BPDUs!


Monday, August 25, 2008

connecting Cisco 7911G into the wiring closet for initial configuration

Today's work in a shot:

Here the 7911(s) are connected into the wiring closet to provide initial configuration, after this step, we distributed the phones into their respective offices/desks.

Installed and configured:
2 x 3560G PoE 24 ports switches
1 x 3560G 48 ports switch
unpacked and configured about 30 x 7911G ip phones.

just
a
funny
work
;-)

Monday, August 18, 2008

Reusing OLD DCE-3 for Lab serials



For my lab, i've finished the DCE-female serial cables. I think to buy another 3, but first i tryed to reuse-recycle old Teleco's DCE-3.
Italian Telecom always leaves by customers the dismissed line's equipment, specifically the old 2Mbps DCE-3 modems.
During the years we have collected about 15 Old Dce-3s... so i tryed with the most "new" and used the following models:
Teleco TD 604T Modem DCE-3
Teleco TD 603T Modem DCE-3

On Teleco's site there is an Italian/English documentation page with the command reference and the "dedicated" terminal software for configuration ( HERE for TD 604T model, but 603T is the same).

For a DCE-3 back-to-back connection i used:
2 x DCE-3 TD 603T
2 x Rj11 to Microcoax Adapters (so cossing Rx with TX is more simple, see "accessories" on Teleco's site)
2 x Microcoax cables (old cables for dce to line connection)
2 x V.36 male to V.35 Female adapters (see "accessories" too)
2 x V35 male <-> DB60 male cables (for Dce to router connection)
1 x Cisco Console cable
2 x DB9 Adapters for Cisco Console Cable
1 x Serial DB9 male - male "gender changer" adapter, DCE-3 ACD port is female, Db9 adapter is female...


When you connect on ACD (console) on DCE-3 you can use the Telco terminal software or another terminal emulator (parameters: baud rate=600, data bits=7, parity=Even, stop bits=1, Flow control=XON/XOFF ) , you must use the following commands for bringin'up your "line":

  • AT&Z0 <-- Resets to default configuration, useful before other commands, resets the DCE-3
  • ATF31 <-- sets line speed: 31 channels x 64k bps (don't try to use all 32 channels if you don't want crc errors on router's interface!)
  • AT&N0 <-- "e" bit CRC CCITT line side
  • AT&N7 <-- "e" bit CRC CCITT user side
  • ATU2 <-- bit 4 TS0B line side report loop 3C
  • ATV1 <-- bit 5 TS0B line side fixed to 1
  • ATX0 <-- bit 6 TS0B line side fixed to 0
  • ATY3 <-- bit 7 TS0B line side used for HDLC
  • ATD1 <-- bit 8 TS0B line side fixed to 1
  • AT&L0 <-- User interface X/V active
  • AT&I1 <-- V.13 disabled
  • AT&K1 <-- V.38 disabled
  • AT&R0 <-- C105 forced to ON
  • AT&C0 <-- C107 forced to ON
  • AT&S1 <-- C140 disabled
  • AT&P1 <-- C141 disabled
  • AT&B0 <-- DCE-3 connected to MUX-F
Useful commands also:
  • AT*C <-- List of current configuration end errors
  • AT&W <-- writes configuration to Dce's nvram (DON'T FORGET IT!)

Use the same configuration on both DCE-3, connect serial DTE cables to routers and... that's all with 3 simple commands you
have:
-saved to buy new serial DCE cables
-recycled/reused trash Dce-3
-saved some quantity of CO2 (don't know how much ;-) )

NOTE: this is a theorical example only, used for examining the possibility of a communication equipment. It's provided "as-is" without any warranty. Don't try this lab on DCE's that are property of Telco ... they aren't your own! ;-)))

Thursday, August 14, 2008

Expanding my lab

Well, during those hot summer days, i've decided to expand my lab with additionals old-fashioned Cisco Routers, so i go down at work, finding ANY dismissed material.
The result is this expanded lab (now something about 18 Rack U) ;-)



Old 2601s with only one Ethernet are not so useful for routing labs, but i'll use for tunnels and as mpls "customers" ;-)

Tuesday, August 12, 2008

Switch migration continues...

What uptime!

DIT_s.Macchine_2970#sh ver
Cisco IOS Software, C2970 Software (C2970-LANBASE-M), Version 12.2(25)SEB4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 30-Aug-05 12:19 by yenanh

ROM: Bootstrap program is C2970 boot loader
BOOTLDR: C2970 Boot Loader (C2970-HBOOT-M) Version 12.1(14r)EA1a, RELEASE SOFTWARE (fc1)

DIT_s.Macchine_2970 uptime is 2 years, 6 days, 56 minutes
System returned to ROM by power-on
System restarted at 15:02:44 MEST Mon Aug 7 2006
System image file is "flash:c2970-lanbase-mz.122-25.SEB4/c2970-lanbase-mz.122-25.SEB4.bin"

cisco WS-C2970G-24TS-E (PowerPC405) processor (revision L0) with 118784K/12280K bytes of memory.
Processor board ID CAT0944N332
Last reset from power-on
2 Virtual Ethernet interfaces
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.


Ok, 2 years aren't so much... but this 24 ports gigabit switch still works fully loaded and connected to a Netapp Fas3020 without problems. Not Bad! How we can call it... "affordable"? ,-)

Wednesday, August 6, 2008

Spaghetti Connection(s)

Lol! today's reportage is a spaghetti connection...
in the next weeks we must replace all the switches...
but first we must find them! ;-)




Friday, August 1, 2008

New Lab today: OSPF + IS-IS + EIGRP + OSPFv3 + NAT-PT

Here is a new lab topology:


Steps are:
  1. configure all point-to-point links, where i have a double link, i'll use L3 portchannel.
  2. configure all routing protocols for IPv4 networks
  3. configure Loopback 0 redistribution into all protocols for every router using route maps
  4. configure protocols redistribution betw OSPF, IS-IS and EIGRP avoiding loops and using tags
  5. configure all IPv6 networks and configure OSPFv3
  6. configure NAT-PT
  7. configure BGP AS 65065 and AS 64806, use Lo0 address for Ibgp and p2p address for Ebgp
Ok, i try to configure it and for each step i'll write a comment about problems.


Step1: configure all point-to-point links, where i have a multiple link, use L3 portchannel.
No problems here, i configured the two portchannels as follow, using PAGP and LACP:

Portchannels Configuration [+/-]

CON3#
interface Port-channel1
description Portchannel CON3 <-> CON2
no switchport
ip address 172.32.0.26 255.255.255.252
!
interface Port-channel2
description Portchannel CON3 <-> CON4
no switchport
no ip address
ipv6 address 2001:3434::1/64
!
interface FastEthernet1/0/1
description Portchannel CON3 <-> CON2
no switchport
no ip address
channel-group 1 mode passive
!
interface FastEthernet1/0/2
description Portchannel CON3 <-> CON2
no switchport
no ip address
channel-group 1 mode passive
!
interface FastEthernet1/0/11
description Portchannel CON3 <-> CON4
no switchport
no ip address
channel-group 2 mode auto
!
interface FastEthernet1/0/12
description Portchannel CON3 <-> CON4
no switchport
no ip address
channel-group 2 mode auto
!
CON2#
interface Port-channel1
description Portchannel CON2 <-> CON3
no switchport
ip address 172.32.0.25 255.255.255.252
!
interface FastEthernet0/3
description Portchannel CON2 <-> CON3
no switchport
no ip address
channel-group 1 mode active
!
interface FastEthernet0/4
description Portchannel CON2 <-> CON3
no switchport
no ip address
channel-group 1 mode active
!
CON4#
interface Port-channel1
description Portchannel CON4 <-> CON3
no switchport
no ip address
ipv6 address 2001:3434::2/64
!
interface FastEthernet1/0/11
description Portchannel CON4 <-> CON3
no switchport
no ip address
channel-group 1 mode desirable
!
interface FastEthernet1/0/12
description Portchannel CON4 <-> CON3
no switchport
no ip address
channel-group 1 mode desirable
2. configure all routing protocols for IPv4 networks
No problems here, i configured authentication on OSPF, EIGRP and IS-IS

3. configure Loopback 0 redistribution into all protocols for every router using route maps
Here i used a route map as follows:

Route-map for Lo0 redistribution [+/-]

route-map Redistr_Lo0 permit 10
match interface Loopback0
set tag 0
!
route-map Redistr_Lo0 deny 20


4. configure protocols redistribution betw OSPF, IS-IS and EIGRP avoiding loops and using tags
This is a difficult step: first of all, we must consider the Administrative Distance of the different protocols, here we have:
EIGRP 90
OSPF 110
ISIS 115
EIGRP-Ext 170
So we can modify default administrative distance when redistributing routes, or use tags to avoiding loops.
After i read here this Cisco
Document ID: 49111 I realized that IS-IS doesn't support route tags, so we must use Administrative Distance instead.

Loop example: [+/-]

CON1# traceroute 22.0.0.1

Type escape sequence to abort.
Tracing the route to 22.0.0.1

1 172.32.0.2 0 msec 0 msec 0 msec
2 172.32.0.10 0 msec 0 msec 4 msec
3 172.32.0.5 0 msec 0 msec 4 msec
4 172.32.0.2 0 msec 4 msec 0 msec
5 172.32.0.10 4 msec 4 msec 0 msec
6 172.32.0.5 4 msec 0 msec 4 msec
7 172.32.0.2 0 msec 4 msec 4 msec
8 172.32.0.10 0 msec 0 msec 4 msec
9 172.32.0.5 4 msec 0 msec 4 msec
10 172.32.0.2 4 msec 0 msec 0 msec
11 172.32.0.10 4 msec 4 msec 4 msec
12 172.32.0.5 4 msec 4 msec 0 msec
13 172.32.0.2 4 msec 4 msec 4 msec
14 172.32.0.10 4 msec 4 msec 4 msec
15 172.32.0.5 4 msec 4 msec 4 msec
16 172.32.0.2 4 msec 4 msec 4 msec
17 172.32.0.10 4 msec 8 msec 4 msec
18 172.32.0.5 4 msec 4 msec 4 msec
19 172.32.0.2 4 msec 4 msec 4 msec
20 172.32.0.10 8 msec 4 msec 4 msec
21 172.32.0.5 8 msec 4 msec 4 msec
22 172.32.0.2 4 msec 4 msec 4 msec
23 172.32.0.10 4 msec 8 msec 4 msec
24 172.32.0.5 8 msec 4 msec 4 msec
25 172.32.0.2 8 msec 4 msec 4 msec
26 172.32.0.10 4 msec 8 msec 4 msec
27 172.32.0.5 8 msec 4 msec 8 msec
28 172.32.0.2 4 msec 8 msec 8 msec
29 172.32.0.10 8 msec 8 msec 4 msec
30 172.32.0.5 8 msec 4 msec 8 msec
What a loop! Here CON1 sends traffic for 22.0.0.0/24 to CON5,
CON1#sh ip route 22.0.0.0
Routing entry for 22.0.0.0/24, 1 known subnets
O E1 22.0.0.0 [110/126] via 172.32.0.2, 19:34:32, FastEthernet0/24
CON5 sends to CON6
CON5#sh ip route 22.0.0.0
Routing entry for 22.0.0.0/24, 1 known subnets
Redistributing via ospf 1, isis
i L2 22.0.0.0 [115/89] via 172.32.0.10, Serial1/0
and CON6 sends back to CON1 ;-(
CON6#sh ip route 22.0.0.0
Routing entry for 22.0.0.0/24, 1 known subnets
Redistributing via eigrp 33
O E1 22.0.0.0 [110/127] via 172.32.0.5, 19:36:39, FastEthernet0/1


to understand why this happens, we must analyze every router and consider who advertise this prefix and the reason why it's placed into the routing table.