Friday, August 14, 2009

WVIC 1MFT-E1 back-to-back for frame relay labs

Hi all,
after my old post "WVIC 1MFT-E1 back-to-back" I've tryed to configure a back-to-back connection between two MFT-E1 in order to use it to emulate a serial connection for frame relay studies.

Obviously, you don't need crossover serial cables, but a crossover Pri cable (RJ-45) as described in the old post ("WVIC 1MFT-E1 back-to-back")
Quick refresh of pins:
1 RX Ring - -> 4 TX Ring -
2 RX Tip + -> 5 TX Tip +
4 TX Ring - -> 1 RX Ring -
5 TX Tip + -> 2 RX Tip +

Well, it was really hard (at least for me) to find how to configure it!

First, let's look on the default config of the MFT E1 controller:


R1#sh run | section controller
controller E1 1/0/0

R1#sh controller e1 1/0/0
E1 1/0/0 is up.
Applique type is Channelized E1 - balanced
No alarms detected.
alarm-trigger is not set
Version info Firmware: 20071129, FPGA: 20, spm_count = 0
Framing is CRC4, Line Code is HDB3, Clock Source is Line.
Data in current interval (89 seconds elapsed):
4 Line Code Violations, 3 Path Code Violations
23 Slip Secs, 0 Fr Loss Secs, 3 Line Err Secs, 0 Degraded Mins
25 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs

R1#show diag 1
Slot 1:
[...NM-HDV installed...]

WIC Slot 0:
E1 (1 Port) Multi-Flex Trunk WAN Daughter Card
Hardware revision 1.0 Board revision B0
Serial number 00000000 Part number 800-04475-03
FRU Part Number VWIC-1MFT-E1=

[....]

HDV firmware: Compiled Fri 19-Nov-04 14:23 by michen
HDV memory size 524280 heap free 193977


then, the necessary steps to configure it as a single E1 DATA connection are:
(this config has to be applied on BOTH sides)
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#controller
R1(config)#controller e1 1/0/0
R1(config-controller)#framing crc4 !-- optional, crc4 it's already the default
R1(config-controller)#linecode hdb3 !-- optional, hdb3 it's default too
R1(config-controller)#clock source internal
R1(config-controller)#channel-group 1 timeslots 1-31 speed 64
*Aug 14 19:16:16.119: %CONTROLLER-5-UPDOWN: Controller E1 1/0/0, changed state to up
*Aug 14 19:16:18.119: %LINK-3-UPDOWN: Interface Serial1/0/0:1, changed state to up
*Aug 14 19:16:19.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0/0:1, changed state to up

R1#sh run | section controller
controller E1 1/0/0
clock source internal
channel-group 1 timeslots 1-31

R1#sh controllers e1
E1 1/0/0 is up.
Applique type is Channelized E1 - balanced
No alarms detected.
alarm-trigger is not set
Version info Firmware: 20071129, FPGA: 20, spm_count = 0
Framing is CRC4, Line Code is HDB3, Clock Source is Internal.
Data in current interval (619 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
81 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
81 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 4 15 minute intervals):
5 Line Code Violations, 3294 Path Code Violations,
908 Slip Secs, 2 Fr Loss Secs, 3 Line Err Secs, 0 Degraded Mins,
909 Errored Secs, 0 Bursty Err Secs, 2 Severely Err Secs, 24 Unavail Secs

R1#sh run interface serial 1/0/0:1
Building configuration...

Current configuration : 46 bytes
!
interface Serial1/0/0:1
no ip address
end

R1#


As you can see, an interface Serial is created, then, you can use it as a traditional serial interface, bandwidth is 31 channels x 64k = 1984Kbps.

In addition, depending on how many NVRAM is allocated to your HDV (see show diag under "HDV memory size") you can create multiple serial interfaces by reducing the number of channels on channel-group.

eg:

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#controller e1 1/0/0
R1(config-controller)#no channel-group 1 timeslots 1-31
% Not all config may be removed and may reappear after reactivating the logical-interface/sub-interfaces
R1(config-controller)#channel-group 1 timeslots 1-8 speed 64
*Aug 14 19:35:29.475: %LINK-3-UPDOWN: Interface Serial1/0/0:1, changed state to up
*Aug 14 19:35:30.475: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0/0:1, changed state to up
R1(config-controller)#channel-group 2 timeslots 9-16 speed 64
R1(config-controller)#
*Aug 14 19:35:41.303: %LINK-3-UPDOWN: Interface Serial1/0/0:2, changed state to up
*Aug 14 19:35:42.303: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0/0:2, changed state to up

R1#sh run int serial 1/0/0:1 | beg int
interface Serial1/0/0:1
no ip address
end

R1#sh run int serial 1/0/0:2 | beg int
interface Serial1/0/0:2
no ip address
end

R1#sh diag 1 | beg WIC
WIC Slot 0:
E1 (1 Port) Multi-Flex Trunk WAN Daughter Card
Hardware revision 1.0 Board revision B0
Serial number 00000000 Part number 800-04475-03
FRU Part Number VWIC-1MFT-E1=

[...]

HDV firmware: Compiled Fri 19-Nov-04 14:23 by michen
HDV memory size 524280 heap free 625

R1#


note the "HDV memory size 524280 heap free 625", displayed if the MFT is installed into a NM-HDV module, doesn't allow you to create more channel-groups (unless you have channels 17-31 unallocated) because your HDV free memory is insufficent.... it you try this, you'll receive an error message like:

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#controller e1 1/0/0
R1(config-controller)#channel-group 3 timeslots 17-31 speed 64
Channel setup failed!!! s:t:c 1:0:3
HDV slot 1 DRAM size 524280 free 625 need 124992

%Insufficient resources to create channel group
R1(config-controller)#



If the MFT-E1 is installed on a HVic standard slot, the error is similar:


R2(config)#controller e1 0/2/0
R2(config-controller)#channel-group 1 timeslots 1-8 speed 64
*Aug 14 19:37:25.797: %LINK-3-UPDOWN: Interface Serial0/2/0:1, changed state to up
*Aug 14 19:37:26.797: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/2/0:1, changed state to up
R2(config-controller)#channel-group 2 timeslots 9-16 speed 64
*Aug 14 19:37:32.937: %LINK-3-UPDOWN: Interface Serial0/2/0:2, changed state to up
*Aug 14 19:37:33.937: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/2/0:2, changed state to up
R2(config-controller)#channel-group 3 timeslots 17-24 speed 64
%Channel-groups per port limit exceeded
%Insufficient resources to create channel group


Now we have two serial interfaces on each router, we can use them for frame relay, even with the "trick" of creating two vrfs on one router, to simulate a point-to-point topology, with the router without vrfs acting as fr switch.

eg:
R1#sh run
[...]
!-- only relevant parts displayed...
!
ip vrf one
rd 1:1
!
ip vrf two
rd 2:2
!
controller E1 1/0/0
clock source internal
channel-group 1 timeslots 1-8
channel-group 2 timeslots 9-16
!
interface Serial1/0/0:1
ip vrf forwarding one
ip address 172.16.0.1 255.255.255.0
encapsulation frame-relay
frame-relay interface-dlci 102
!
interface Serial1/0/0:2
ip vrf forwarding two
ip address 172.16.0.2 255.255.255.0
encapsulation frame-relay
frame-relay interface-dlci 201
!
!
!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!-- on the other side, only relevant parts
!
R2#sh run
!
frame-relay switching
!
controller E1 1/0/0
clock source internal
channel-group 1 timeslots 1-8
channel-group 2 timeslots 9-16
!
!
interface Serial1/0/0:1
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay intf-type dce
clock rate 512000
frame-relay route 102 interface Serial1/0/0:2 201
!
interface Serial1/0/0:2
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
frame-relay intf-type dce
clock rate 512000
frame-relay route 201 interface Serial1/0/0:1 102


let's verify it:
R1#sh ip route | beg Gateway
Gateway of last resort is not set

!--global routing table is completely empty

R1#sh ip route vrf one | beg Gateway
Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, Serial1/0/0:1

R1#sh ip route vrf two | beg Gateway
Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets
C 172.16.0.0 is directly connected, Serial1/0/0:2

R1#ping vrf one 172.16.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms

R1#ping vrf two 172.16.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/16 ms
R1#


Now we can enjoy Frame Relay labs with cheap hand-made Rj-45 cables (but with expensive VWIC MFT-E1 cards ;-) )

Wednesday, August 12, 2009

Summer Lab 2009 vol.1

To prepare for vacations, what's better than a lab?

To refresh routing protocols, here is a new topology, named like a disco compilation ;-)

SummerLab 2009 vol.1



And here is the BGP part...




Happy labbing! ,-)

Wednesday, August 5, 2009

Today's work in a shot

Hi all, today's work included the configuration of two brand new 2960 PoE-24.

Here's the shot on my office desk ;-)


They are really quiet!

Here the final impact, not bad, but without a vertical cabling management system ;-)



Tuesday, August 4, 2009

Configuring Server Load Balancing

Hi all, at my workplace, we're considering the purchase of a load balancer to provide better redundancy and services availability to our customers.
Well, a load balancer with decent performances will cost a lot!
So my attention it's focused on the ip slb feature that it's present on 12.1 and 12.2 Ios.

First read the IOS "Server Load Balancing Feature in IOS Release 12.2(18)SXF" document on cisco site

Second, I'll try it in my lab, with an old 3660, simulating two web servers with routers ;--)

Let's take a look to the testing topology:


As we can read on the document above, there are several mode for slb, depending on what service is hosted on real servers: a simple one is slb for http servers

After configuring basic ip addressing and ip routing for this topology, we can try to assign a virtual server ip address to the slb router:


!-- configure first the real server farm
ip slb serverfarm HTTPSERVERS
nat server !-- notes on nat below...
predictor leastconns
real 10.0.0.2
weight 2
faildetect numconns 3 !-- note: this means something line "3 failed conns from 3 different clients"
inservice
real 10.0.0.3
weight 3
faildetect numconns 3
inservice

!-- then configure the virtual server
ip slb vserver 10.5.5.5
virtual 10.5.5.5 tcp www !-- it balances only for www port
serverfarm HTTPSERVERS !-- associates the real server farm to this virtual server
sticky 180 !-- same client will use the same real server for 180 secs
inservice


SLB_ROUTER#sh ip route 10.5.5.5
Routing entry for 10.5.5.5/32
Known via "static", distance 1, metric 0 (connected)
Redistributing via eigrp 35
Advertised by eigrp 35
Routing Descriptor Blocks:
* 10.5.5.5, via Null0
Route metric is 0, traffic share count is 1

SLB_ROUTER#


Here I used the server NAT feature, so web servers are completely unaware of the load balancer, and they can be several hops away from slb....
If you don't use server NAT, the load balance acts only at L2 level, on MAC addresses, so you have to configure a loopback with the virtual server ip on real servers in order to accept L3 packets with dest address the virtual ip.
A static route pointing to null0 interface is automatically added for each vserver.

Verify if the slb is up and running:

SLB_ROUTER#sh ip slb vservers

slb vserver prot virtual state conns
-------------------------------------------------------------------
10.5.5.5 TCP 10.5.5.5:80 INSERVICE 0

SLB_ROUTER#sh ip slb serverfarms

server farm predictor nat reals bind id
---------------------------------------------------
HTTPSERVERS LEASTCONNS S 2 0

SLB_ROUTER#sh ip slb reals

real server farm weight state conns
-------------------------------------------------------------------
10.0.0.2 HTTPSERVERS 2 OPERATIONAL 0
10.0.0.3 HTTPSERVERS 3 OPERATIONAL 0

The state of real servers is "OPERATIONAL" after a try, or "READY_TO_TEST" before the first connection is received.

On real "servers" I have configured only "ip http server" and the necessary route to reach clients.... let's try from client perspective....


Client#telnet 10.5.5.5 80
Trying 10.5.5.5, 80 ... Open

...and then...

[Connection to 10.5.5.5 closed by foreign host]
Client#

and on the slb router you can see:

SLB_ROUTER#sh ip slb conns

vserver prot client real state nat
-------------------------------------------------------------------------------
10.5.5.5 TCP 172.17.0.25:14455 10.0.0.3 ESTAB S

SLB_ROUTER#sh ip slb sticky

client netmask group real conns
-----------------------------------------------------------------------
172.17.0.25 255.255.255.255 4097 10.0.0.3 1

SLB_ROUTER#sh ip slb reals detail
10.0.0.2, HTTPSERVERS, state = OPERATIONAL
conns = 0, dummy_conns = 0, maxconns = 4294967295
weight = 2, weight(admin) = 2, metric = 0, remainder = 0
reassign = 3, retry = 60
failconn threshold = 3, failconn count = 0
failclient threshold = 2, failclient count = 0
total conns established = 0, total conn failures = 0
server failures = 0

10.0.0.3, HTTPSERVERS, state = OPERATIONAL
conns = 1, dummy_conns = 0, maxconns = 4294967295
weight = 3, weight(admin) = 3, metric = 0, remainder = 1
reassign = 3, retry = 60
failconn threshold = 0, failconn count = 0
failclient threshold = 0, failclient count = 0
total conns established = 2, total conn failures = 0
server failures = 0


Now, if a server fails, what's happening? Let's try to shut down a "server" interface:

Real-Web-Server2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Real-Web-Server2(config)#int eth 0/0
Real-Web-Server2(config-if)#shut
Real-Web-Server2(config-if)#shutdown
Real-Web-Server2(config-if)#end
Real-Web-Server2#


SLB_ROUTER#debug ip slb all
SLB All debugging is on
SLB_ROUTER#
4w3d: SLB_CONN_DEBUG: TCP event= SYN_CLIENT, state= INIT -> SYNCLIENT
4w3d: v_ip= 10.5.5.5:80 ( 3), real= 10.0.0.3, NAT(S)
4w3d: client= 172.17.0.25:21706
4w3d: SLB_CONN_DEBUG: TCP event= SYN_CLIENT, state= SYNCLIENT -> SYNCLIENT
4w3d: v_ip= 10.5.5.5:80 ( 3), real= 10.0.0.3, NAT(S)
4w3d: client= 172.17.0.25:21706
4w3d: SLB_CONN_DEBUG: TCP event= SYN_CLIENT, state= SYNCLIENT -> SYNCLIENT
4w3d: v_ip= 10.5.5.5:80 ( 3), real= 10.0.0.3, NAT(S)
4w3d: client= 172.17.0.25:21706
4w3d: SLB_CONN_DEBUG: TCP event= SYN_CLIENT, state= SYNCLIENT -> SYNCLIENT
4w3d: v_ip= 10.5.5.5:80 ( 3), real= 10.0.0.3, NAT(S)
4w3d: client= 172.17.0.25:21706
4w3d: SLB_REAL_DEBUG: 10.0.0.3 (HTTPSERVERS) event = SLB_CONN_FAIL state= OPERATIONAL -> OPERATIONAL
4w3d: SLB_REAL_DEBUG: 10.0.0.3 (HTTPSERVERS) event = SLB_REAL_FAILURE state= OPERATIONAL -> FAILED
4w3d: SLB_CONN_DEBUG: TCP event= SYNACK_SERVER, state= SYNCLIENT -> ESTAB
4w3d: v_ip= 10.5.5.5:80 ( 3), real= 10.0.0.2, NAT(S)
4w3d: client= 172.17.0.25:21706
4w3d: SLB_CONN_DEBUG: TCP event= DATA_CLIENT, state= ESTAB -> ESTAB
4w3d: v_ip= 10.5.5.5:80 ( 3), real= 10.0.0.2, NAT(S)
4w3d: client= 172.17.0.25:21706
4w3d: SLB_CONN_DEBUG: TCP event= DATA_CLIENT, state= ESTAB -> ESTAB
4w3d: v_ip= 10.5.5.5:80 ( 3), real= 10.0.0.2, NAT(S)
4w3d: client= 172.17.0.25:21706
SLB_ROUTER#
SLB_ROUTER#sh ip slb reals detail
10.0.0.2, HTTPSERVERS, state = OPERATIONAL
conns = 1, dummy_conns = 0, maxconns = 4294967295
weight = 2, weight(admin) = 2, metric = 0, remainder = 1
reassign = 3, retry = 60
failconn threshold = 3, failconn count = 0
failclient threshold = 2, failclient count = 0
total conns established = 3, total conn failures = 0
server failures = 0

10.0.0.3, HTTPSERVERS, state = FAILED
conns = 0, dummy_conns = 0, maxconns = 4294967295
weight = 3, weight(admin) = 3, metric = 0, remainder = 0
reassign = 3, retry = 60
failconn threshold = 0, failconn count = 1
failclient threshold = 0, failclient count = 1
total conns established = 2, total conn failures = 2
server failures = 1

SLB_ROUTER#

!-- after 60 sec the failed server is placed in "READY_TO_TEST" state
SLB_ROUTER#
4w3d: SLB_REAL_DEBUG: 10.0.0.3 (HTTPSERVERS) event = SLB_REAL_TIMEOUT state= FAILED -> READY_TO_TEST
SLB_ROUTER#





As next step I'll test it on my production 6509...