Page 1 Alteon OS Application Guide ® Nortel 10Gb Ethernet Switch Module for IBM BladeCenter Version 1.0 Part Number: 42C4911, January 2007 2350 Mission College Blvd. Suite 600 Santa Clara, CA 95054 www.bladenetwork.net...
Page 2 Technologies, Inc. The use and purchase of this product does not convey a license under any patent rights, trademark rights, or any other intellectual property rights of Blade Network Technologies, Inc. Originated in the USA. Alteon OS, and Alteon are trademarks of Nortel Networks, Inc. in the United States and certain other ® ®...
Page 3: Table Of Contents
Contents Preface 15 Who Should Use This Guide 15 What You’ll Find in This Guide 16 Typographic Conventions 18 How to Get Help 19 Part 1: Basic Switching 21 Chapter 1: Accessing the Switch 23 Management module setup 24 Factory-Default vs. MM assigned IP Addresses 24 Default Gateway 25 Configuring management module for switch access 25 External management port setup 28...
Page 4 Alteon OS Application Guide LDAP Authentication and Authorization 53 Secure Shell and Secure Copy 55 End User Access Control 61 Chapter 2: Port-based Network Access Control 67 Extensible Authentication Protocol over LAN 68 802.1x Authentication Process 69 802.1x Port States 71 Supported RADIUS Attributes 72 Configuration Guidelines 73 Chapter 3: VLANs 75...
Page 5 Alteon OS Application Guide Chapter 5: Spanning Tree Group 105 Overview 106 Bridge Protocol Data Units (BPDUs) 107 Determining the Path for Forwarding BPDUs 107 Spanning Tree Group configuration guidelines 108 Multiple Spanning Trees 110 Default Spanning Tree configuration 110 Why Do We Need Multiple Spanning Trees? 111 Switch-Centric Spanning Tree Group 111 VLAN Participation in Spanning Tree Groups 112...
Page 6 Alteon OS Application Guide Viewing ACL Statistics 131 ACL Configuration Examples 132 Using DSCP Values to Provide QoS 134 Differentiated Services Concepts 134 Using 802.1p Priorities to Provide QoS 139 802.1p Configuration Example 140 Queuing and Scheduling 140 Part 2: IP Routing 141 Chapter 8: Basic IP Routing 143 IP Routing Benefits 144 Routing Between IP Subnets 145...
Page 7 Alteon OS Application Guide Chapter 11: Border Gateway Protocol 171 Internal Routing Versus External Routing 172 Forming BGP Peer Routers 173 What is a Route Map? 174 Incoming and Outgoing Route Maps 175 Precedence 176 Configuration Overview 176 Aggregating Routes 178 Redistributing Routes 179 BGP Attributes 180 Local Preference Attribute 180...
Page 8 Alteon OS Application Guide OSPF Configuration Examples 204 Example 1: Simple OSPF Domain 205 Example 2: Virtual Links 207 Example 3: Summarizing Routes 211 Verifying OSPF Configuration 213 Part 3: High Availability Fundamentals 215 Chapter 13: High Availability 217 Layer 2 Failover 218 VLAN Monitor 218 Setting the Failover Limit 219 L2 Failover with Other Features 219...
Page 9 Alteon OS Application Guide Part 4: Appendices 243 Appendix A: Troubleshooting 245 Monitoring Ports 246 Port Mirroring behavior 247 Configuring Port Mirroring 251 Appendix B: RADIUS Server Configuration Notes 253 Glossary 255 Index 257 42C4911, January 2007...
Page 10 Alteon OS Application Guide 42C4911, January 2007...
Page 11 Figures Figure 1-1:Switch management on the BladeCenter management module 26 Figure 1-2:BOOTP Relay Agent Configuration 30 Figure 1-3:DHCP Relay Agent Configuration 31 Figure 2-1:Authenticating a Port Using EAPoL 69 Figure 3-1:Default VLAN settings 81 Figure 3-2:Port-based VLAN assignment 82 Figure 3-3:802.1Q tagging (after port-based VLAN assignment) 82 Figure 3-4:802.1Q tag assignment 83 Figure 3-5:802.1Q tagging (after 802.1Q tag assignment) 83 Figure 3-6:Example 1: Multiple VLANs with VLAN-Tagged Gigabit Adapters 85...
Page 12 Alteon OS Application Guide Figure 13-3:Two trunks, one Failover Trigger 222 Figure 13-4:A Non-VRRP, Hot-Standby Configuration 227 Figure 13-5:Active-Active Redundancy 228 Figure 13-6:Hot-Standby Redundancy 229 Figure 13-7:Active-Active High-Availability Configuration 233 Figure 13-8:Hot-Standby Configuration 239 42C4911, January 2007...
Page 13 Tables Table 1-1: GbESM IP addresses, based on switch-module bay numbers 24 Table 1-2: User Access Levels 47 Table 1-3: Alteon OS-proprietary Attributes for RADIUS 47 Table 1-4: Default TACACS+ Authorization Levels 49 Table 1-5: Alternate TACACS+ Authorization Levels 49 Table 4-1: Actor vs.
Page 14 Alteon OS Application Guide 42C4911, January 2007...
Page 15: Preface
Preface The Alteon OS Application Guide describes how to configure and use the Alteon OS software on the 10Gb Ethernet Switch Module for IBM BladeCenter. For documentation on installing the switch physically, see the Installation Guide for your GbE Switch Module (GbESM). Who Should Use This Guide This Application Guide is intended for network installers and system administrators engaged in configuring and maintaining a network.
Page 16: What You'll Find In This Guide
Alteon OS Application Guide What You’ll Find in This Guide This guide will help you plan, implement, and administer Alteon OS software. Where possible, each section provides feature overviews, usage examples, and configuration instructions. Part 1: Basic Switching Chapter 1, “Accessing the Switch,” describes how to access the GbE Switch Module to configure, view information and run statistics on the switch.
Page 17 Appendix B, “RADIUS Server Configuration Notes,” discusses how to modify RADIUS configuration files for the Nortel Networks BaySecure Access Control RADIUS server, to provide authentication for users of the GbE Switch Module. 42C4911, January 2007...
Page 18: Typographic Conventions
Alteon OS Application Guide Typographic Conventions The following table describes the typographic styles used in this book. Table 1 Typographic Conventions Typeface or Meaning Example Symbol This type is used for names of commands, View the readme.txt file. AaBbCc123 files, and directories used within the text. It also depicts on-screen computer output and Main# prompts.
Page 19: How To Get Help
Alteon OS Application Guide How to Get Help If you need help, service, or technical assistance, see the "Getting help and technical assistance" appendix in the Nortel 10Gb Ethernet Switch Module for IBM BladeCenter Installation Guide. 42C4911, January 2007 Preface...
Page 20 Alteon OS Application Guide Preface 42C4911, January 2007...
Page 21: Part 1: Basic Switching
Part 1: Basic Switching This section discusses basic switching functions. This includes how to access and manage the switch: Accessing the switch Port-Based Network Access Control VLANs Port Trunking Spanning Tree Protocol Rapid Spanning Tree and Protocol and Multiple Spanning Tree Protocol Quality of Service 42C4911, January 2007...
Page 22 Alteon OS Application Guide 42C4911, January 2007...
Page 23: Chapter 1: Accessing The Switch
HAPTER Accessing the Switch The Alteon OS software provides means for accessing, configuring, and viewing information and statistics about the GbE Switch Module. This chapter discusses different methods of accessing the switch and ways to secure the switch for remote administrators: “Management module setup”...
Page 24: Management Module Setup
Alteon OS Application Guide Management module setup The BladeCenter GbE Switch Module is an integral subsystem within the overall BladeCenter system. The BladeCenter chassis includes a management module as the central element for overall chassis management and control. You can use the management module to configure and manage the GbE Switch Module. The GbE Switch Module communicates with the management module(s) through its internal port 15 (MGT1) and port 16 (MGT2), which you can access through the 100 Mbps Ethernet port on each management module.
Page 25: Default Gateway
Alteon OS Application Guide – Before you install the GbESM in Bay 8 or Bay 10, confirm that your blade I/O Expansion adapter supports communication to these I/O bays. Default Gateway The default Gateway IP address determines where packets with a destination address outside the current subnet should be sent.
Page 26: Figure 1-1:Switch Management On The Bladecenter Management Module
Alteon OS Application Guide Figure 1-1 Switch management on the BladeCenter management module You can use the default IP addresses provided by the management module, or you can assign a new IP address to the switch module through the management module. You can assign this IP address through one of the following methods: Manually through the BladeCenter management module Automatically through the IBM Director Configuration Wizard (available in...
Page 27 Alteon OS Application Guide The default value is Disabled for both features. If these features are not already enabled, change the value to Enabled, then Save. – In Advanced Configuration > Advanced Setup, enable “Preserve new IP configura- tion on all switch resets,” to retain the switch’s IP interface when you restore factory defaults. This setting preserves the management port’s IP address in the management module’s memory, so you maintain connectivity to the management module after a reset.
Page 28: External Management Port Setup
Alteon OS Application Guide External management port setup In addition to the internal management ports (MGT1 and MGT2), the 10Gb Ethernet Switch Module (GbESM) also has an external management port (EXT7) to support out-of-band management traffic. Port EXT7 allows you to perform data transfers without taxing the data ports (EXT1-EXT6).
Page 29: Using Telnet
Alteon OS Application Guide Using Telnet Use the management module to access the GbE Switch Module through Telnet. Choose I/O Module Tasks > Configuration from the navigation pane on the left. Select a bay number and click Advanced Configuration > Start Telnet/Web Session > Start Telnet Session. A Telnet window opens a connection to the Switch Module (requires Java 1.4 Plug-in).
Page 30: Figure 1-2:Bootp Relay Agent Configuration
Alteon OS Application Guide Figure 1-2 shows a basic BOOTP network example. Boston Raleigh BladeCenter BladeCenter 20.1.1.1 10.1.1.2 BladeCenter BladeCenter acts as BOOT Client BOOTP Server BOOTP Relay Agent asks for IP from BOOTP server Figure 1-2 BOOTP Relay Agent Configuration The use of two servers provide failover redundancy.
Page 31: Dhcp Relay Agent
Alteon OS Application Guide DHCP Relay Agent DHCP is described in RFC 2131, and the DHCP relay agent supported on the GbESM is described in RFC 1542. DHCP uses UDP as its transport protocol. The client sends messages to the server on port 67 and the server sends messages to the client on port 68. DHCP defines the methods through which clients can be assigned an IP address for a finite lease period and allowing reassignment of the IP address to another client later.
Page 32 Alteon OS Application Guide In GbESM implementation, there is no need for primary or secondary servers. The client request is forwarded to the BOOTP servers configured on the switch. The use of two servers provide failover redundancy. However, no health checking is supported. Use the following commands to configure the switch as a DHCP relay agent: >>...
Page 33: Using The Browser-Based Interface
Alteon OS Application Guide Using the Browser-Based Interface Use the management module to access the GbE Switch Module through a Web session. Choose I/O Module Tasks > Configuration from the navigation pane on the left. Select a bay number and click Advanced Configuration > Start Telnet/Web Session > Start Web Session. A browser window opens a connection to the Switch Module.
Page 34 Alteon OS Application Guide Accessing the BBI via HTTPS requires that you generate a certificate to be used during the key exchange. A default certificate is created the first time HTTPS is enabled, but you can create a new certificate defining the information you want to be used in the various fields. >>...
Page 35 Alteon OS Application Guide Switch Ports – configure each of the physical ports on the switch. Port-Based Port Mirroring – configure port mirroring and mirror port. Layer 2 – Configure Quality of Service (QoS) features for the switch. 802.1x Virtual LANs Spanning Tree Groups MSTP/RSTP Failover...
Page 36: Using Snmp
Alteon OS Application Guide Using SNMP Alteon OS provides SNMP v1.0 and SNMP v3.0 support for access through any network man- agement software, such as IBM Director or HP-OpenView. SNMP v1.0 To access the SNMP agent on the GbESM, the read and write community strings on the SNMP manager should be configured to match those on the switch.
Page 37: Default Configuration
Alteon OS Application Guide For more information on SNMP MIBs and the commands used to configure SNMP on the switch, see the Alteon OS Command Reference. Default configuration Alteon OS has two SNMP v3 users by default. Both of the following users have access to all the MIBs supported by the switch: 1) username 1: adminmd5/password adminmd5.
Page 38: View Based Configurations
Alteon OS Application Guide Assign the user to the user group. Use the group table to link the user to a particular access group. >> # /cfg/sys/ssnmp/snmpv3/group 5 >> SNMPv3 vacmSecurityToGroup 5# uname admin >> SNMPv3 vacmSecurityToGroup 5# gname admingrp If you want to allow user access only to certain MIBs, see the 'View based Configuration' sec- tion.
Page 39: Configuring Snmp Trap Hosts
Alteon OS Application Guide CLI oper equivalent (Configure the oper) /c/sys/ssnmp/snmpv3/usm 5 name "oper" /c/sys/ssnmp/snmpv3/access 4 (Configure access group 4) name "opergrp" rview "oper" wview "oper" nview "oper" (Assign oper to access group 4) /c/sys/ssnmp/snmpv3/group 4 uname oper gname opergrp (Create views for oper) /c/sys/ssnmp/snmpv3/view 20 name "usr"...
Page 40 Alteon OS Application Guide In the example below the user will receive the traps sent by the switch. /c/sys/ssnmp/snmpv3/access 10 (Define access group to view SNMPv1 traps) name "v1trap" model snmpv1 nview "iso" (Assign user to the access group) /c/sys/ssnmp/snmpv3/group 10 model snmpv1 uname v1trap gname v1trap...
Page 41: Snmpv2 Trap Host Configuration
Alteon OS Application Guide SNMPv2 trap host configuration The SNMPv2 trap host configuration is similar to the SNMPv1 trap host configuration. Wherever you specify the model, use snmpv2 instead of snmpv1. (Configure user named “v2trap”) c/sys/ssnmp/snmpv3/usm 10 name "v2trap" (Define access group to view SNMPv2 traps) /c/sys/ssnmp/snmpv3/access 10 name "v2trap"...
Page 42 Alteon OS Application Guide The following example shows how to configure a SNMPv3 user v3trap with authentication only: (Configure user named “v3trap”) /c/sys/ssnmp/snmpv3/usm 11 name "v3trap" auth md5 authpw v3trap (Define access group to view SNMPv3 traps) /c/sys/ssnmp/snmpv3/access 11 name "v3trap" level authNoPriv nview "iso"...
Page 43: Securing Access To The Switch
Alteon OS Application Guide Securing Access to the Switch Secure switch management is needed for environments that perform significant management functions across the Internet. The following are some of the functions for secured manage- ment: Authentication and authorization of remote administrators: see “RADIUS Authentication and Authorization”...
Page 44: Radius Authentication And Authorization
Alteon OS Application Guide RADIUS Authentication and Authorization Alteon OS supports the RADIUS (Remote Authentication Dial-in User Service) method authenticate and authorize remote administrators for managing the switch. This method is based on a client/server model. The Remote Access Server (RAS)—the switch—is a client to the back-end database server.
Page 45 Alteon OS Application Guide Turn RADIUS authentication on, then configure the Primary and Secondary RADIUS servers. (Select the RADIUS Server menu) >> Main# /cfg/sys/radius (Turn RADIUS on) >> RADIUS Server# on Current status: OFF New status: (Enter primary server IP) >>...
Page 46 Alteon OS Application Guide RADIUS Authentication Features in Alteon OS Alteon OS supports the following RADIUS authentication features: Supports RADIUS client on the switch, based on the protocol definitions in RFC 2138 and RFC 2866. Allows RADIUS secret password up to 32 bytes and less than 16 octets. Supports secondary authentication server so that when the primary authentication server is unreachable, the switch can send client authentication requests to the secondary authen- tication server.
Page 47: Table 1-2 User Access Levels
Alteon OS Application Guide Switch User Accounts The user accounts listed in Table 1-2 can be defined in the RADIUS server dictionary file. Table 1-2 User Access Levels User Account Description and Tasks Performed Password User The User has no direct responsibility for switch management. user He/she can view all switch status information and statistics but cannot make any configuration changes to the switch.
Page 48: Tacacs+ Authentication
Alteon OS Application Guide TACACS+ Authentication Alteon OS supports authentication and authorization with networks using the Cisco Systems TACACS+ protocol. The GbE Switch Module functions as the Network Access Server (NAS) by interacting with the remote client and initiating authentication and authorization sessions with the TACACS+ access server.
Page 49: Table 1-4 Default Tacacs+ Authorization Levels
Alteon OS Application Guide Authorization Authorization is the action of determining a user’s privileges on the device, and usually takes place after authentication. The default mapping between TACACS+ authorization levels and Alteon OS management access levels is shown in Table 1-4.
Page 50: Command Authorization And Logging
Alteon OS Application Guide Accounting Accounting is the action of recording a user's activities on the device for the purposes of billing and/or security. It follows the authentication and authorization actions. If the authentication and authorization is not performed via TACACS+, there are no TACACS+ accounting mes- sages sent out.
Page 51 Alteon OS Application Guide The following rules apply to TACACS+ command authorization and logging: Only commands from a Console, Telnet, or SSH connection are sent for authorization and logging. SNMP, BBI, or file-copy commands (for example, TFTP or sync) are not sent. Only leaf-level commands are sent for authorization and logging.
Page 52 Alteon OS Application Guide Configuring TACACS+ Authentication on the Switch Turn TACACS+ authentication on, then configure the Primary and Secondary TACACS+ servers. (Select the TACACS+ Server menu) >> Main# /cfg/sys/tacacs+ >> TACACS+ Server# on (Turn TACACS+ on) Current status: OFF New status: (Enter primary server IP) >>...
Page 53: Ldap Authentication And Authorization
Alteon OS Application Guide LDAP Authentication and Authorization Alteon OS supports the LDAP (Lightweight Directory Access Protocol) method authenti- cate and authorize remote administrators to manage the switch. LDAP is based on a client/ server model. The switch acts as a client to the LDAP server. A remote user (the remote admin- istrator) interacts only with the switch, not the back-end server and database.
Page 54 Alteon OS Application Guide Configuring LDAP Authentication on the Switch Turn LDAP authentication on, then configure the Primary and Secondary LDAP servers. (Select the LDAP Server menu) >> Main# /cfg/sys/ldap (Turn LDAP on) >> LDAP Server# on Current status: OFF New status: (Enter primary server IP) >>...
Page 55: Secure Shell And Secure Copy
Alteon OS Application Guide Secure Shell and Secure Copy Secure Shell (SSH) and Secure Copy (SCP) use secure tunnels to encrypt and secure messages between a remote administrator and the switch. Telnet does not provide this level of security. The Telnet method of managing a GbE Switch Module does not provide a secure connection. SSH is a protocol that enables remote administrators to log securely into the GbE Switch Mod- ule over a network to execute management commands.
Page 56 Alteon OS Application Guide Configuring SSH/SCP features on the switch Before you can use SSH commands, use the following commands to turn on SSH/SCP. SSH and SCP are disabled by default. To enable or disable the SSH feature: Begin a Telnet session from the console port and enter the following commands: (Turn SSH on) >>...
Page 57 Alteon OS Application Guide Configuring the SCP Administrator Password To configure the scpadm (SCP Administrator) password, first connect to the switch via the serial console port. For security reasons, the scpadm password may only be configured when connected through the console port. To configure the password, enter the following command via the CLI.
Page 58 Alteon OS Application Guide To upload the configuration to the switch: Syntax: scp <local filename> <username>@<switch IP address>:putcfg Example: >> # scp ad4.cfg scpadmin@205.178.15.157:putcfg To apply and save the configuration The apply and save commands are still needed after the last command, or use the following commands: >>...
Page 59 Alteon OS Application Guide Generating RSA Host and Server Keys for SSH Access To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key is 1024 bits and is used to identify the GbE Switch Module. The server key is 768 bits and is used to make it impossible to decipher a captured session by breaking into the GbE Switch Module at a later time.
Page 60 Alteon OS Application Guide SSH/SCP Integration with Radius Authentication SSH/SCP is integrated with RADIUS authentication. After the RADIUS server is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified RADIUS servers for authentication. The redirection is transparent to the SSH clients. SSH/SCP Integration with TACACS+ Authentication SSH/SCP is integrated with TACACS+ authentication.
Page 61: End User Access Control
Alteon OS Application Guide An SCP-only administrator’s password is typically used when SecurID is used. For exam- ple, it can be used in an automation program (in which the tokens of SecurID are not avail- able) to back up (download) the switch configurations each day. –...
Page 62: Strong Passwords
Alteon OS Application Guide Strong Passwords The administrator can require use of Strong Passwords for users to access the GbESM. Strong Passwords enhance security because they make password guessing more difficult. The following rules apply when Strong Passwords are enabled: Each passwords must be 8 to 14 characters Within the first 8 characters, the password: must have at least one number or one symbol...
Page 63 Alteon OS Application Guide Defining User Names and Passwords Use the User ID menu to define user names and passwords. (Assign name to user ID 1) >> User ID 1 # name user1 Current user name: New user name: user1 (Assign password to user ID 1) >>...
Page 64: Listing Current Users
Alteon OS Application Guide Listing Current Users command displays defined user accounts and whether or not each user is currently logged into the switch. # /cfg/sys/access/user/cur Usernames: user - Enabled - offline oper - Disabled - offline admin - Always Enabled - online 1 session Current User ID table: 1: name jane , ena, cos user...
Page 65 Alteon OS Application Guide 42C4911, January 2007 Chapter 1: Accessing the Switch...
Page 66 Alteon OS Application Guide Chapter 1: Accessing the Switch 42C4911, January 2007...
Page 67: Chapter 2: Port-Based Network Access Control
HAPTER Port-based Network Access Control Port-Based Network Access control provides a means of authenticating and authorizing devices attached to a LAN port that has point-to-point connection characteristics. It prevents access to ports that fail authentication and authorization. This feature provides security to ports of the GbESM that connect to blade servers.
Page 68: Extensible Authentication Protocol Over Lan
Alteon OS Application Guide Extensible Authentication Protocol over LAN Alteon OS can provide user-level security for its ports using the IEEE 802.1x protocol, which is a more secure alternative to other methods of port-based network access control. Any device attached to an 802.1x-enabled port that fails authentication is prevented access to the network and denied services offered through that port.
Page 69: 802.1X Authentication Process
Alteon OS Application Guide 802.1x Authentication Process The clients and authenticators communicate using Extensible Authentication Protocol (EAP), which was originally designed to run over PPP, and for which the IEEE 802.1x Standard has defined an encapsulation method over Ethernet frames, called EAP over LAN (EAPOL). Figure 2-1 shows a typical message exchange initiated by the client.
Page 70 Alteon OS Application Guide EAPoL Message Exchange During authentication, EAPOL messages are exchanged between the client and the GbESM authenticator, while RADIUS-EAP messages are exchanged between the GbESM authentica- tor and the RADIUS server. Authentication is initiated by one of the following methods: GbESM authenticator sends an EAP-Request/Identity packet to the client Client sends an EAPOL-Start frame to the GbESM authenticator, which responds with an EAP-Request/Identity frame.
Page 71: 802.1X Port States
Alteon OS Application Guide 802.1x Port States The state of the port determines whether the client is granted access to the network, as follows: Unauthorized While in this state the port discards all ingress and egress traffic except EAP packets. Authorized When the client is successfully authenticated, the port transitions to the authorized state allowing all traffic to and from the client to flow normally.
Page 72: Supported Radius Attributes
Alteon OS Application Guide Supported RADIUS Attributes The Alteon 802.1x Authenticator relies on external RADIUS servers for authentication with EAP. Table 2 lists the RADIUS attributes that are supported as part of RADIUS-EAP authentication based on the guidelines specified in Annex D of the 802.1x standard and RFC 3580.
Page 73: Configuration Guidelines
Alteon OS Application Guide Configuration Guidelines When configuring EAPoL, consider the following guidelines: The 802.1x port-based authentication is currently supported only in point-to-point config- urations, that is, with a single supplicant connected to an 802.1x-enabled switch port. When 802.1x is enabled, a port has to be in the authorized state before any other Layer 2 feature can be operationally enabled.
Page 74 Alteon OS Application Guide Chapter 2: Port-based Network Access Control 42C4911, January 2007...
Page 75: Chapter 3: Vlans
HAPTER VLANs This chapter describes network design and topology considerations for using Virtual Local Area Networks (VLANs). VLANs are commonly used to split up groups of network users into man- ageable broadcast domains, to create logical segmentation of workgroups, and to enforce security policies among logical segments.
Page 76: Overview
Alteon OS Application Guide Overview Setting up virtual LANs (VLANs) is a way to segment networks to increase network flexibility without changing the physical network topology. With network segmentation, each switch port connects to a segment that is a single broadcast domain. When a switch port is configured to be a member of a VLAN, it is added to a group of ports (workgroup) that belong to one broadcast domain.
Page 77: Vlans And Port Vlan Id Numbers
Alteon OS Application Guide VLANs and Port VLAN ID Numbers VLAN Numbers Alteon OS supports up to 1024 VLANs per switch. Even though the maximum number of VLANs supported at any given time is 1024, each can be identified with any number between 1 and 4095.
Page 78: Viewing And Configuring Pvids
Alteon OS Application Guide Viewing and Configuring PVIDs Use the following CLI commands to view PVIDs: Port information: Alias Port Tag Fast PVID NAME VLAN(s) ----- ---- --- ---- ---- -------------- ---------------------------- INT1 1 INT1 INT2 1 INT2 INT3 1 INT3 INT4 1 INT4 INT5...
Page 79 Alteon OS Application Guide Each port on the switch can belong to one or more VLANs, and each VLAN can have any number of switch ports in its membership. Any port that belongs to multiple VLANs, however, must have VLAN tagging enabled (see “VLAN Tagging”...
Page 80: Vlan Tagging
Alteon OS Application Guide VLAN Tagging Alteon OS software supports 802.1Q VLAN tagging, providing standards-based VLAN sup- port for Ethernet systems. Tagging places the VLAN identifier in the frame header of a packet, allowing each port to belong to multiple VLANs. When you add a port to multiple VLANs, you also must enable tagging on that port.
Page 81: Figure 3-1:Default Vlan Settings
Alteon OS Application Guide Figure 3-1 Default VLAN settings 802.1Q Switch VLAN 1 Port 1 Port 2 Port 3 Port 4 Port 5 Port 6 Port 7 PVID = 1 Data Incoming Outgoing untagged untagged packet Data packet (unchanged) By default: All ports are assigned PVID = 1 All external ports are untagged members of VLAN 1 All internal server ports are untagged members of VLAN 1...
Page 82: Figure 3-2:Port-Based Vlan Assignment
Alteon OS Application Guide – The port assignments in the following figures are not meant to match the GbE Switch Module. Figure 3-2 Port-based VLAN assignment Port 1 Port 2 Port 3 Tagged member PVID = 2 of VLAN 2 Untagged packet 802.1Q Switch Data...
Page 83: Figure 3-4:802.1Q Tag Assignment
Alteon OS Application Guide Figure 3-4, tagged incoming packets are assigned directly to VLAN 2 because of the tag assignment in the packet. Port 5 is configured as a tagged member of VLAN 2, and port 7 is configured as an untagged member of VLAN 2. Figure 3-4 802.1Q tag assignment Port 1 Port 2...
Page 84: Vlan Topologies And Design Considerations
Alteon OS Application Guide VLAN Topologies and Design Considerations By default, the Alteon OS software is configured so that tagging is disabled on all external ports and all internal ports. By default, the Alteon OS software is configured so that all internal ports are members of VLAN 1.
Page 85: Example 1: Multiple Vlans With Tagging Adapters
Alteon OS Application Guide Example 1: Multiple VLANs with Tagging Adapters BladeCenter VLAN #1, 2, 3 VLAN #3 Switch Module Switch Module Figure 3-6 Example 1: Multiple VLANs with VLAN-Tagged Gigabit Adapters The features of this VLAN are described below: Component Description GbE Switch...
Page 86 Alteon OS Application Guide Component Description PCs #1 and #2 These PCs are attached to a shared media hub that is then connected to the switch. They belong to VLAN 2 and are logically in the same IP subnet as Server 2 and PC 5. The associated external switch port has tagging disabled.
Page 87: Protocol-Based Vlans
Alteon OS Application Guide Protocol-based VLANs Protocol-based VLANs (PVLANs) allow you to segment network traffic according to the net- work protocols in use. Traffic generated by supported network protocols can be confined to a particular port-based VLAN. You can give different priority levels to traffic generated by dif- ferent network protocols.
Page 88: Port-Based Vs. Protocol-Based Vlans
Alteon OS Application Guide Port-based vs. Protocol-based VLANs Each VLAN supports both port-based and protocol-based association, as follows: The default VLAN configuration is port-based. All data ports are members of VLAN 1, with no PVLAN association. When you add ports to a PVLAN, the ports become members of both the port-based VLAN and the PVLAN.
Page 89: Pvlan Configuration Guidelines
Alteon OS Application Guide PVLAN Configuration Guidelines Consider the following guidelines when you configure protocol-based VLANs: Each port can support up to 16 VLAN protocols. The GbESM can support up to 16 protocols simultaneously. Each PVLAN must have at least one port assigned before it can be activated. The same port within a port-based VLAN can belong to multiple PVLANs.
Page 90 Alteon OS Application Guide Add member ports for this PVLAN. >> VLAN 2 Protocol 1# add int1 Port INT1 is an UNTAGGED port and its current PVID is 1. Confirm changing PVID from 1 to 2 [y/n]: y Current ports for VLAN 2: empty Current ports for VLAN 1, Protocol 3: empty...
Page 91 Alteon OS Application Guide Verify PVLAN operation. (View VLAN information) >> /info/l2/vlan VLAN Name Status Ports ---- ------------------------ ------ ------------------------- Default VLAN INT1-INT14 EXT2-EXT6 VLAN 2 INT1 EXT1 4094 EXT-Mgmt VLAN EXT7 4095 Mgmt VLAN MGT1 MGT2 PVLAN Protocol FrameType EtherType Priority Status...
Page 92 Alteon OS Application Guide Chapter 3: VLANs 42C4911, January 2007...
Page 93: Chapter 4: Ports And Trunking
HAPTER Ports and Trunking Trunk groups can provide super-bandwidth, multi-link connections between GbE Switch Mod- ules or other trunk-capable devices. A trunk group is a group of ports that act together, combin- ing their bandwidth to create a single, larger virtual link. This chapter provides configuration background and examples for trunking multiple ports together: “...
Page 94: Overview
Alteon OS Application Guide Overview When using port trunk groups between two switches, as shown in Figure 4-1, you can create a virtual link between the switches, operating up to 60Gb per second, depending on how many physical ports are combined. Each GbESM supports up to 13 trunk groups, and each trunk group can contain up to six member ports.
Page 95: Statistical Load Distribution
Alteon OS Application Guide Statistical Load Distribution Network traffic is statistically distributed between the ports in a trunk group. The Alteon OS- powered switch uses the Layer 2 MAC address information present in each transmitted frame for determining load distribution. Each packet’s particular combination of source and destination MAC addresses results in selecting one line in the trunk group for data transmission.
Page 96: Trunk Group Configuration Rules
Alteon OS Application Guide Trunk group configuration rules The trunking feature operates according to specific configuration rules. When creating trunks, consider the following rules that determine how a trunk group reacts in any network topology: All trunks must originate from one device, and lead to one destination device. For exam- ple, you cannot combine a link from Server 1 and a link from Server 2, into one trunk group.
Page 97: Port Trunking Example
Alteon OS Application Guide Port Trunking Example In the example below, three ports are trunked between two switches. Alteon Applica tion Switch Trunk 3: Por t s 2, 12, and 22 Trunk 1: Por t s EXT1, EXT2, and EXT3 GbE Swit ch Module BladeCen ter...
Page 98 Alteon OS Application Guide Connect the switch ports that will be members in the trunk group. Follow these steps on the GbESM: (a) Define a trunk group. (Select trunk group 1) >> # /cfg/l2/trunk 1 (Add port EXT1 to trunk group 1) >>...
Page 99 Alteon OS Application Guide Examine the trunking information on each switch. (View trunking information) >> /info/l2/trunk Information about each port in each configured trunk group is displayed. Make sure that trunk groups consist of the expected ports and that each port is in the expected state. The following restrictions apply: Any physical switch port can belong to only one trunk group.
Page 100: Configurable Trunk Hash Algorithm
Alteon OS Application Guide Configurable Trunk Hash Algorithm This feature allows you to configure the particular parameters for the GbESM Trunk Hash algorithm instead of having to utilize the defaults. You can configure new default behavior for Layer 2 traffic and Layer 3 traffic using the CLI menu cfg/l2/thash. You can select a minimum of one or a maximum of two parameters to create one of the following configura- tions: Source IP (SIP)
Page 101: Link Aggregation Control Protocol
Alteon OS Application Guide Link Aggregation Control Protocol Link Aggregation Control Protocol (LACP) is an IEEE 802.3ad standard for grouping several physical ports into one logical port (known as a dynamic trunk group or Link Aggregation group) with any device that supports the standard. Please refer to IEEE 802.3ad-2002 for a full description of the standard.
Page 102 Alteon OS Application Guide LACP automatically determines which member links can be aggregated and then aggregates them. It provides for the controlled addition and removal of physical links for the link aggrega- tion. Each port in the GbESM can have one of the following LACP modes. off (default) The user can configure this port in to a regular static trunk group.
Page 103: Configuring Lacp
Alteon OS Application Guide Configuring LACP Use the following procedure to configure LACP for port EXT1 and port EXT2 to participate in link aggregation. Set the LACP mode on port EXT1. (Select port EXT1) >> # /cfg/l2/lacp/port EXT1 >> LACP port EXT1# mode active (Set port EXT1 to LACP active mode) Define the admin key on port EXT1.
Page 104 Alteon OS Application Guide Chapter 4: Ports and Trunking 42C4911, January 2007...
Page 105: Chapter 5: Spanning Tree Group
HAPTER Spanning Tree Group When multiple paths exist on a network, Spanning Tree Group (STG) configures the network so that a switch uses only the most efficient path. The following topics are discussed in this chapter: “Overview” on page 106 “Bridge Protocol Data Units (BPDUs)”...
Page 106: Overview
Alteon OS Application Guide Overview Spanning Tree Group (STG) detects and eliminates logical loops in a bridged or switched net- work. When multiple paths exist, Spanning Tree configures the network so that a switch uses only the most efficient path. If that path fails, Spanning Tree automatically sets up another active path on the network to sustain network operations.
Page 107: Bridge Protocol Data Units (Bpdus)
Alteon OS Application Guide Bridge Protocol Data Units (BPDUs) To create a Spanning Tree, the switch generates a configuration Bridge Protocol Data Unit (BPDU), which it then forwards out of its ports. All switches in the Layer 2 network participat- ing in the Spanning Tree gather information about other switches in the network through an exchange of BPDUs.
Page 108: Spanning Tree Group Configuration Guidelines
Alteon OS Application Guide Port Path Cost The port path cost assigns lower values to high-bandwidth ports, such as Gigabit Ethernet, to encourage their use. The cost of a port also depends on whether the port operates at full-duplex (lower cost) or half-duplex (higher cost). For example, if a 100-Mbps (Fast Ethernet) link has a “cost”...
Page 109: Adding And Removing Ports From Stgs
Alteon OS Application Guide If ports are tagged, all trunked ports can belong to multiple STGs. A port that is not a member of any VLAN cannot be added to any STG. The port must be added to a VLAN, and that VLAN added to the desired STG. Rules for VLAN Tagged ports Tagged ports can belong to more than one STG, but untagged ports can belong to only one STG.
Page 110: Multiple Spanning Trees
Alteon OS Application Guide Multiple Spanning Trees Each GbE Switch Module supports a maximum of 128 Spanning Tree Groups (STGs). Multi- ple STGs provide multiple data paths, which can be used for load-balancing and redundancy. You enable load balancing between two GbE Switch Modules using multiple STGs by config- uring each path with a different VLAN and then assigning each VLAN to a separate STG.
Page 111: Why Do We Need Multiple Spanning Trees
Alteon OS Application Guide Why Do We Need Multiple Spanning Trees? Figure 5-1 shows a simple example of why we need multiple Spanning Trees. Two VLANs, VLAN 1 and VLAN 100 exist between application switch A and GbE Switch Module B. If you have a single Spanning Tree Group, the switches see an apparent loop, and one VLAN may become blocked, affecting connectivity, even though no actual loop exists.
Page 112: Vlan Participation In Spanning Tree Groups
Alteon OS Application Guide Switch B Switch B 18 18 BladeCenter Figure 5-2 Implementing Multiple Spanning Tree Groups VLAN Participation in Spanning Tree Groups The VLAN participation for each Spanning Tree Group in Figure 5-2 on page 112 is discussed in the following sections: VLAN 1 Participation If application switch A is the root bridge, then application switch A will transmit the...
Page 113: Configuring Multiple Spanning Tree Groups
Alteon OS Application Guide VLAN 3 Participation For VLAN 3 you can have GbE Switch Module B or application switch C to be the root bridge. If switch B is the root bridge for VLAN 3, Spanning Tree Group 2, then switch B transmits the BPDU out from port 18.
Page 114 Alteon OS Application Guide – Each instance of Spanning Tree Group is enabled by default. Configure the following on application switch C: Add port 8 to VLAN 3 and define Spanning Tree Group 3 for VLAN 3. (Select VLAN 3 menu) >>...
Page 115: Port Fast Forwarding
Alteon OS Application Guide Port Fast Forwarding Port Fast Forwarding permits a port that participates in Spanning Tree to bypass the Listening and Learning states and enter directly into the Forwarding state. While in the Forwarding state, the port listens to the BPDUs to learn if there is a loop and, if dictated by normal STG behavior (following priorities, etc.), the port transitions into the Blocking state.
Page 116: Fast Uplink Convergence
Alteon OS Application Guide Fast Uplink Convergence Fast Uplink Convergence enables the GbESM to quickly recover from the failure of the pri- mary link or trunk group in a Layer 2 network using Spanning Tree Protocol. Normal recovery can take as long as 50 seconds, while the backup link transitions from Blocking to Listening to Learning and then Forwarding states.
Page 117: Chapter 6: Rapid Spanning Tree Protocol/Multiple Spanning Tree Protocol
HAPTER Rapid Spanning Tree Protocol/Multiple Spanning Tree Protocol IEEE 802.1w Rapid Spanning Tree Protocol enhances the Spanning Tree Protocol to provide rapid convergence on Spanning Tree Group 1. IEEE 802.1s Multiple Spanning Tree Protocol extends the Rapid Spanning Tree Protocol, to provide both rapid convergence and load balanc- ing in a VLAN environment.
Page 118: Rapid Spanning Tree Protocol
Alteon OS Application Guide Rapid Spanning Tree Protocol Rapid Spanning Tree Protocol (RSTP) provides rapid convergence of the spanning tree and provides for fast re-configuration critical for networks carrying delay-sensitive traffic such as voice and video. RSTP significantly reduces the time to reconfigure the active topology of the network when changes occur to the physical topology or its configuration parameters.
Page 119: Port Type And Link Type
Alteon OS Application Guide Port Type and Link Type Spanning Tree configuration includes the following parameters to support RSTP and MSTP: edge port and link type. Although these parameters are configured for Spanning Tree Groups 1-128 (/cfg/l2/stg x/port x), they only take effect when RSTP/MSTP is turned on.
Page 120: Rstp Configuration Example
Alteon OS Application Guide RSTP Configuration Example This section provides steps to configure Rapid Spanning Tree on the GbE Switch Module, using the Command-Line Interface (CLI). Configure Rapid Spanning Tree Configure port and VLAN membership on the switch. Disable and clear STP groups 2 through 126. >>...
Page 121: Multiple Spanning Tree Protocol
Alteon OS Application Guide Multiple Spanning Tree Protocol IEEE 802.1s Multiple Spanning Tree extends the IEEE 802.1w Rapid Spanning Tree Protocol through multiple Spanning Tree Groups. MSTP maintains up to 32 spanning-tree instances, that correspond to STP Groups 1-32. For more information about Spanning Tree Protocol, see Chapter 5, “Spanning Tree Group.”...
Page 122: Mstp Configuration Guidelines
Alteon OS Application Guide MSTP Configuration Guidelines This section provides important information about configuring Multiple Spanning Tree Groups: When you enable MSTP, you must configure the Region Name, and a default version number of 1 is configured automatically. Each bridge in the region must have the same name, version number, and VLAN mapping. MSTP Configuration Example This section provides steps to configure Multiple Spanning Tree Protocol on the GbE Switch Module, using the Command-Line Interface (CLI).
Page 123: Chapter 7: Quality Of Service
HAPTER Quality of Service Quality of Service features allow you to allocate network resources to mission-critical applica- tions at the expense of applications that are less sensitive to such factors as time delays or net- work congestion. You can configure your network to prioritize specific types of traffic, ensuring that each type receives the appropriate Quality of Service (QoS) level.
Page 124: Overview
Alteon OS Application Guide Overview QoS helps you allocate guaranteed bandwidth to the critical applications, and limit bandwidth for less critical applications. Applications such as video and voice must have a certain amount of bandwidth to work correctly; using QoS, you can provide that bandwidth when necessary. Also, you can put a high priority on applications that are sensitive to timing out or cannot toler- ate delay by assigning that traffic to a high-priority queue.
Page 125 Alteon OS Application Guide The basic GbESM QoS model works as follows: Classify traffic: Read DSCP Read 802.1p Priority Match ACL filter parameters Meter traffic: Define bandwidth and burst parameters Select actions to perform on in-profile and out-of-profile traffic Perform actions: Drop packets Pass packets Mark DSCP or 802.1p Priority...
Page 126: Using Acl Filters
Alteon OS Application Guide Using ACL Filters Access Control Lists are filters that allow you to classify and segment traffic, so you can pro- vide different levels of service to different traffic types. Each filter defines the conditions that must match for inclusion in the filter, and also the actions that are performed when a match is made.
Page 127: Table 7-2 Well-Known Application Ports
Alteon OS Application Guide Table 7-2 Well-Known Application Ports Number TCP/UDP Number TCP/UDP Number TCP/UDP Application Application Application ftp-data finger http pop2 imap3 telnet pop3 ldap smtp sunrpc https time nntp name rtsp whois imap 1645, 1812 Radius domain news 1813 Radius Accounting tftp...
Page 128: Summary Of Acl Actions
Alteon OS Application Guide Summary of ACL Actions The GbESM QoS actions include the following: Actions determine how the traffic is treated. Pass or Drop Re-mark a new DiffServ Code Point (DSCP) Re-mark the 802.1p field Set the COS queue Understanding ACL Precedence Each ACL has a unique precedence level, based on its number.
Page 129: Using Acl Groups
Alteon OS Application Guide Using ACL Groups Access Control Lists (ACLs) allow you to classify packets according to a particular content in the packet header, such as the source address, destination address, source port number, destina- tion port number, and others. Packet classifiers identify flows for more processing. You can define a traffic profile by compiling a number of ACLs into an ACL Group, and assigning the ACL Group to a port.
Page 130: Acl Metering And Re-Marking
Alteon OS Application Guide Access Control Groups An Access Control Group (ACL Group) is a collection of ACLs. For example: ACL Group 1 ACL 1: VLAN = 1 SIP = 10.10.10.1 (255.255.255.0) Action = permit ACL 2: VLAN = 2 SIP = 10.10.10.2 (255.255.255.0) Action = deny ACL 3:...
Page 131: Viewing Acl Statistics
Alteon OS Application Guide Metering QoS metering provides different levels of service to data streams through user-configurable parameters. A meter is used to measure the traffic stream against a traffic profile, which you create. Thus, creating meters yields In-Profile and Out-of-Profile traffic for each ACL, as follows: In-Profile–If there is no meter configured or if the packet conforms to the meter, the packet is classified as In-Profile.
Page 132: Acl Configuration Examples
Alteon OS Application Guide ACL Configuration Examples Example 1 Use this configuration to block traffic to a specific host. All traffic that ingresses on port EXT1 is denied if it is destined for the host at IP address 100.10.1.1 Configure an Access Control List. (Define ACL 1) >>...
Page 133 Alteon OS Application Guide Apply and save the configuration. >> Port EXT2 ACL# apply >> Port EXT2 ACL# save Example 3 Use this configuration to block traffic from a network that is destined for a specific egress port. All traffic that ingresses port EXT1 from the network 100.10.1.0/24 and is destined for port INT1 is denied.
Page 134: Using Dscp Values To Provide Qos
Alteon OS Application Guide Using DSCP Values to Provide QoS The six most significant bits in the TOS byte of the IP header are defined as DiffServ Code Points (DSCP). Packets are marked with a certain value depending on the type of treatment the packet must receive in the network device.
Page 135 Alteon OS Application Guide The GbESM default settings are based on the following standard PHBs, as defined in the IEEE standards: Expedited Forwarding (EF)—This PHB has the highest egress priority and lowest drop precedence level. EF traffic is forwarded ahead of all other traffic. EF PHB is described in RFC 2598.
Page 136: Table 7-5 Default Qos Service Levels
Alteon OS Application Guide QoS Levels Table 7-5 shows the default service levels provided by the GbESM, listed from highest to lowest importance: Table 7-5 Default QoS Service Levels Service Level Default PHB 802.1p Priority Critical Network Control Premium EF, CS5 Platinum AF41, AF42, AF43, CS4 Gold...
Page 137 Alteon OS Application Guide DSCP Re-marking and Mapping The GbESM can re-mark the DSCP value of ingress packets to a new value, and set the 802.1p priority value, based on the DSCP value. You can view the default settings by using the cfg/qos/dscp/cur command, as shown below.
Page 138 Alteon OS Application Guide DSCP Re-marking Configuration Example Turn DSCP re-marking on globally, and define the DSCP-DSCP-802.1p mapping. You can use the default mapping, as shown in the cfg/qos/dscp/cur command output. (Turn on DSCP re-marking) >> Main# cfg/qos/dscp/on (Define DSCP re-marking) >>...
Page 139: Using 802.1P Priorities To Provide Qos
Alteon OS Application Guide Using 802.1p Priorities to Provide QoS Alteon OS provides Quality of Service functions based on the priority bits in a packet’s VLAN header. (The priority bits are defined by the 802.1p standard within the IEEE 802.1q VLAN header.) The 802.1p bits, if present in the packet, specify the priority that should be given to packets during forwarding.
Page 140: 802.1P Configuration Example
Alteon OS Application Guide 802.1p Configuration Example Configure a port’s default 802.1p priority. (Select port) >> Main# cfg/port EXT1 (Set port’s default 802.1p priority) >> Port EXT1# 8021ppri Current 802.1p priority: 0 Enter new 802.1p priority [0-7]: 1 >> Port EXT1# ena >>...
Page 141: Part 2: Ip Routing
Part 2: IP Routing This section discusses Layer 3 switching functions. In addition to switching traffic at near line rates, the application switch can perform multi-protocol routing. This section discusses basic routing and advanced routing protocols: Basic Routing Routing Information Protocol (RIP) Internet Group Management Protocol (IGMP) Border Gateway Protocol (BGP) Open Shortest Path First (OSPF)
Page 142 Alteon OS Application Guide 42C4911, January 2007...
Page 143: Chapter 8: Basic Ip Routing
HAPTER Basic IP Routing This chapter provides configuration background and examples for using the GbE Switch Mod- ule to perform IP routing functions. The following topics are addressed in this chapter: “IP Routing Benefits” on page 144 “Routing Between IP Subnets” on page 145 “Example of Subnet Routing”...
Page 144: Ip Routing Benefits
Alteon OS Application Guide IP Routing Benefits The GbE Switch Module uses a combination of configurable IP switch interfaces and IP rout- ing options. The switch IP routing capabilities provide the following benefits: Connects the server IP subnets to the rest of the backbone network. Provides another means to invisibly introduce Jumbo frame technology into the server- switched network by automatically fragmenting UDP Jumbo frames when routing to non- Jumbo frame VLANs or subnets.
Page 145: Routing Between Ip Subnets
Alteon OS Application Guide Routing Between IP Subnets The physical layout of most corporate networks has evolved over time. Classic hub/router topologies have given way to faster switched topologies, particularly now that switches are increasingly intelligent. GbE Switch Modules are intelligent and fast enough to perform rout- ing functions on a par with wire speed Layer 2 switching.
Page 146: Figure 8-2:Switch-Based Routing Topology
Alteon OS Application Guide Routers can be slower than switches. The cross-subnet side trip from the switch to the router and back again adds two hops for the data, slowing throughput considerably. Traffic to the router increases, increasing congestion. Even if every end-station could be moved to better logical subnets (a daunting task), competi- tion for access to common server pools on different subnets still burdens the routers.
Page 147 Alteon OS Application Guide Without Layer 3 IP routing on the switch, cross-subnet communication is relayed to the default gateway (in this case, the router) for the next level of routing intelligence. The router fills in the necessary address information and sends the data back to the switch, which then relays the packet to the proper destination subnet using Layer 2 switching.
Page 148: Example Of Subnet Routing
Alteon OS Application Guide Example of Subnet Routing Prior to configuring, you must be connected to the switch Command Line Interface (CLI) as the administrator. – For details about accessing and using any of the menu commands described in this example, see the Alteon OS Command Reference.
Page 149 Alteon OS Application Guide IP interfaces are configured using the following commands at the CLI: (Select IP interface 1) >> # /cfg/l3/if 1 (Assign IP address for the interface) >> IP Interface 1# addr 205.21.17.3 (Enable IP interface 1) >> IP Interface 1# ena >>...
Page 150: Table 8-3 Subnet Routing Example: Optional Vlan Ports
Alteon OS Application Guide Using VLANs to Segregate Broadcast Domains In the previous example, devices that share a common IP network are all in the same broadcast domain. If you want to limit the broadcasts on your network, you could use VLANs to create distinct broadcast domains.
Page 151 Alteon OS Application Guide Each time you add a port to a VLAN, you may get the following prompt: Port 4 is an untagged port and its current PVID is 1. Confirm changing PVID from 1 to 2 [y/n]? Enter y to set the default Port VLAN ID (PVID) for the port. Add each IP interface to the appropriate VLAN.
Page 152: Dynamic Host Configuration Protocol
Alteon OS Application Guide Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) is a transport protocol that provides a frame- work for automatically assigning IP addresses and configuration information to other IP hosts or clients in a large TCP/IP network. Without DHCP, the IP address must be entered manually for each network device.
Page 153: Dhcp Relay Agent
Alteon OS Application Guide DHCP Relay Agent DHCP is described in RFC 2131, and the DHCP relay agent supported on GbE Switch Mod- ules is described in RFC 1542. DHCP uses UDP as its transport protocol. The client sends messages to the server on port 67 and the server sends messages to the client on port 68. DHCP defines the methods through which clients can be assigned an IP address for a finite lease period and allowing reassignment of the IP address to another client later.
Page 154: Dhcp Relay Agent Configuration
Alteon OS Application Guide DHCP Relay Agent Configuration To enable the GbE Switch Module to be the BOOTP forwarder, you need to configure the DHCP/BOOTP server IP addresses on the switch. You generally configure the IP interface on the client side to match the client’s subnet, and configure VLANs to separate client and server subnets.
Page 155: Chapter 9: Routing Information Protocol
HAPTER Routing Information Protocol In a routed environment, routers communicate with one another to keep track of available routes. Routers can learn about available routes dynamically using the Routing Information Protocol (RIP). Alteon OS software supports RIP version 1 (RIPv1) and RIP version 2 (RIPv2) for exchanging TCP/IP route information with other routers.
Page 156: Routing Updates
Alteon OS Application Guide Routing Updates RIP sends routing-update messages at regular intervals and when the network topology changes. Each router “advertises” routing information by sending a routing information update every 30 seconds. If a router doesn’t receive an update from another router for 180 seconds, those routes provided by that router are declared invalid.
Page 157: Ripv2 In Ripv1 Compatibility Mode
Alteon OS Application Guide RIPv2 in RIPv1 compatibility mode Alteon OS allows you to configure RIPv2 in RIPv1compatibility mode, for using both RIPv2 and RIPv1 routers within a network. In this mode, the regular routing updates use broadcast UDP data packet to allow RIPv1 routers to receive those packets. With RIPv1 routers as recip- ients, the routing updates have to carry natural or host mask.
Page 158: Rip Configuration Example
Alteon OS Application Guide Default The RIP router can listen and supply a default route, usually represented as 0.0.0.0 in the rout- ing table. When a router does not have an explicit route to a destination network in its routing table, it uses the default route to forward those packets.
Page 159 Alteon OS Application Guide Add VLANs for routing interfaces. (Enable VLAN 2) >> Main# cfg/l2/vlan 2/ena >> VLAN 2# add ext2 (Add port EXT2 to VLAN 2) Port EXT2 is an UNTAGGED port and its current PVID is 1. Confirm changing PVID from 1 to 2 [y/n]: y (Enable VLAN 3) >>...
Page 160 Alteon OS Application Guide Chapter 9: Routing Information Protocol 42C4911, January 2007...
Page 161: Chapter 10: Igmp
HAPTER IGMP Internet Group Management Protocol (IGMP) is used by IP Multicast routers to learn about the existence of host group members on their directly attached subnet (see RFC 2236). The IP Multicast routers get this information by broadcasting IGMP Membership Queries and listen- ing for IP hosts reporting their host group memberships.
Page 162: Igmp Snooping
Alteon OS Application Guide IGMP Snooping IGMP Snooping allows the switch to forward multicast traffic only to those ports that request it. IGMP Snooping prevents multicast traffic from being flooded to all ports. The switch learns which server hosts are interested in receiving multicast traffic, and forwards it only to ports connected to those servers.
Page 163: Igmp Snooping Configuration Example
Alteon OS Application Guide IGMP Snooping Configuration Example This section provides steps to configure IGMP Snooping on the GbESM, using the Command- Line Interface (CLI). Configure IGMP Snooping Configure port and VLAN membership on the switch. Turn on IGMP. >> /cfg/l3/igmp/on (Turn on IGMP) Add VLANs to IGMP Snooping and enable the feature.
Page 164: Static Multicast Router
Alteon OS Application Guide These commands display information about IGMP Groups and Mrouters learned through IGMP Snooping. Static Multicast Router A static multicast router (Mrouter) can be configured for a particular port on a particular VLAN. A static Mrouter does not have to be learned through IGMP Snooping. A total of 16 static Mrouters can be configured on the GbESM.
Page 165: Igmp Relay
Alteon OS Application Guide IGMP Relay The GbESM can act as an IGMP Relay (or IGMP Proxy) device that relays IGMP multicast messages and traffic between an Mrouter and end stations. IGMP Relay allows the GbESM to participate in network multicasts with no configuration of the various multicast routing proto- cols, so you can deploy it in the network with minimal effort.
Page 166: Configure Igmp Relay
Alteon OS Application Guide Configure IGMP Relay Use the following procedure to configure IGMP Relay. Configure an IP interface and assign VLANs. (Select IP interface 2) >> /cfg/l3/if 2 (Configure IP address for IF 2) >> IP Interface 2# addr 10.10.1.1 (Configure mask for IF 2) >>...
Page 167 Alteon OS Application Guide Apply and save the configuration. (Apply the configuration) >> Multicast router 2# apply >> Multicast router 2# save (Save the configuration) 42C4911, January 2007 Chapter 10: IGMP...
Page 168: Additional Igmp Features
Alteon OS Application Guide Additional IGMP Features The following topics are discussed in this section: “FastLeave” on page 168 “IGMP Filtering” on page 168 FastLeave In normal IGMP operation, when the receives an IGMPv2 leave message, it sends a Group- Specific Query to determine if any other devices in the same group (and on the same port) are still interested in the specified multicast group traffic.
Page 169: Configuring The Action
Alteon OS Application Guide Each IGMP Filter allows you to set a start and end point that defines the range of IP addresses upon which the filter takes action. Each IP address in the range must be between 224.0.1.0 and 239.255.255.255.
Page 170 Alteon OS Application Guide Assign the IGMP filter to a port. (Select IGMP Filtering menu) >> /cfg/l3/igmp/igmpflt (Select port EXT3) >>IGMP Filter# port EXT3 (Enable IGMP Filtering on the port) >>IGMP Port EXT3# filt ena Current port EXT3 filtering: disabled New port EXT3 filtering: enabled (Add IGMP Filter 1 to the port)
Page 171: Chapter 11: Border Gateway Protocol
HAPTER Border Gateway Protocol Border Gateway Protocol (BGP) is an Internet protocol that enables routers on a network to share and advertise routing information with each other about the segments of the IP address space they can access within their network and with routers on external networks. BGP allows you to decide what is the “best”...
Page 172: Internal Routing Versus External Routing
Alteon OS Application Guide Internal Routing Versus External Routing To ensure effective processing of network traffic, every router on your network needs to know how to send a packet (directly or indirectly) to any other location/destination in your network. This is referred to as internal routing and can be done with static routes or using active, inter- nal dynamic routing protocols, such as RIP, RIPv2, and OSPF.
Page 173: Forming Bgp Peer Routers
Alteon OS Application Guide Typically, an AS has one or more border routers—peer routers that exchange routes with other ASs—and an internal routing scheme that enables routers in that AS to reach every other router and destination within that AS. When you advertise routes to border routers on other autono- mous systems, you are effectively committing to carry data to the IP space represented in the route being advertised.
Page 174: What Is A Route Map
Alteon OS Application Guide What is a Route Map? A route map is used to control and modify routing information. Route maps define conditions for redistributing routes from one routing protocol to another or controlling routing informa- tion when injecting it in and out of BGP. Route maps are used by OSPF only for redistributing routes.
Page 175: Incoming And Outgoing Route Maps
Alteon OS Application Guide Route Maps Network Filter (rmap) (nwf) Access Lists (alist) Route Map 1 Route Map 2 ----- ----- ----- ----- ----- ----- ----- Route Map 32 Figure 11-2 Distributing Network Filters in Access Lists and Route Maps Incoming and Outgoing Route Maps You can have two types of route maps: incoming and outgoing.
Page 176: Precedence
Alteon OS Application Guide Precedence You can set a priority to a route map by specifying a precedence value with the following command: /cfg/l3/rmap <x>/pre >> (Specify a precedence) The smaller the value the higher the precedence. If two route maps have the same precedence value, the smaller number has higher precedence.
Page 177 Alteon OS Application Guide (Optional) Configure the attributes in the AS filter menu. cfg/l3/rmap 1/aspath 1 (Specify the attributes in the filter) >> # as 1 (Specify the AS number) >> AS Filter 1# action deny (Specify the action for the filter) >>...
Page 178: Aggregating Routes
Alteon OS Application Guide Aggregating Routes Aggregation is the process of combining several different routes in such a way that a single route can be advertised, which minimizes the size of the routing table. You can configure aggregate routes in BGP either by redistributing an aggregate route into BGP or by creating an aggregate entry in the BGP routing table.
Page 179: Redistributing Routes
Alteon OS Application Guide Redistributing Routes In addition to running multiple routing protocols simultaneously, Alteon OS software can redistribute information from one routing protocol to another. For example, you can instruct the switch to use BGP to readvertise static routes. This applies to all of the IP-based routing protocols.
Page 180: Bgp Attributes
Alteon OS Application Guide BGP Attributes The following two BGP attributes are discussed in this section: Local preference and metric (Multi-Exit Discriminator). Local Preference Attribute When there are multiple paths to the same destination, the local preference attribute indicates the preferred path. The path with the higher preference is preferred (the default value of the local preference attribute is 100).
Page 181: Selecting Route Paths In Bgp
Alteon OS Application Guide Selecting Route Paths in BGP BGP selects only one path as the best path. It does not rely on metrics attributes to determine the best path. When the same network is learned via more than one BGP peer, BGP uses its policy for selecting the best route to that network.
Page 182: Bgp Failover Configuration
Alteon OS Application Guide BGP Failover Configuration Use the following example to create redundant default gateways for a GbE Switch Module at a Web Host/ISP site, eliminating the possibility, should one gateway go down, that requests will be forwarded to an upstream router unknown to the switch. As shown in Figure 11-3, the switch is connected to ISP 1 and ISP 2.
Page 183 Alteon OS Application Guide Define the VLANs. For simplicity, both default gateways are configured in the same VLAN in this example. The gateways could be in the same VLAN or different VLANs (Select VLAN 1) >> # /cfg/l2/vlan 1 >> vlan 1# add <port number> (Add a port to the VLAN membership) Define the IP interfaces.
Page 184 Alteon OS Application Guide Configure BGP peer router 1 and 2. Peer 1 is the primary gateway router. Peer 2 is configured with a metric of “3.” The metric option is key to ensuring gateway traffic is directed to Peer 1, as it will make Peer 2 appear to be three router hops away from the switch.
Page 185: Default Redistribution And Route Aggregation Example
Alteon OS Application Guide Default Redistribution and Route Aggregation Example This example shows you how to configure the switch to redistribute information from one routing protocol to another and create an aggregate route entry in the BGP routing table to min- imize the size of the routing table.
Page 186 Alteon OS Application Guide Configure internal peer router 1 and external peer router 2. (Select internal peer router 1) >> # /cfg/l3/bgp/peer 1 >> BGP Peer 1# ena (Enable this peer configuration) (Set IP address for peer router 1) >> BGP Peer 1# addr 10.1.1.4 (Set remote AS number) >>...
Page 187: Chapter 12: Ospf
HAPTER OSPF Alteon OS supports the Open Shortest Path First (OSPF) routing protocol. The Alteon OS implementation conforms to the OSPF version 2 specifications detailed in Internet RFC 1583. The following sections discuss OSPF support for the GbE Switch Module: “OSPF Overview”...
Page 188: Ospf Overview
Alteon OS Application Guide OSPF Overview OSPF is designed for routing traffic within a single IP domain called an Autonomous System (AS). The AS can be divided into smaller logical units known as areas. All routing devices maintain link information in their own Link State Database (LSDB). The LSDB for all routing devices within an area is identical but is not exchanged between different areas.
Page 189: Figure 12-1:Ospf Area Types
Alteon OS Application Guide Transit Area—an area that allows area summary information to be exchanged between routing devices. The backbone (area 0), any area that contains a virtual link to connect two areas, and any area that is not a stub area or an NSSA are considered transit areas. Backbone Area 0 (Also a Transit Area)
Page 190: Types Of Ospf Routing Devices
Alteon OS Application Guide Types of OSPF Routing Devices As shown in Figure 12-2, OSPF uses the following types of routing devices: Internal Router (IR)—a router that has all of its interfaces within the same area. IRs main- tain LSDBs identical to those of other routing devices within the local area. Area Border Router (ABR)—a router that has interfaces in multiple areas.
Page 191: Neighbors And Adjacencies
Alteon OS Application Guide Neighbors and Adjacencies In areas with two or more routing devices, neighbors and adjacencies are formed. Neighbors are routing devices that maintain information about each others’ health. To establish neighbor relationships, routing devices periodically send hello packets on each of their inter- faces.
Page 192: The Shortest Path First Tree
Alteon OS Application Guide The Shortest Path First Tree The routing devices use a link-state algorithm (Dijkstra’s algorithm) to calculate the shortest path to all known destinations, based on the cumulative cost required to reach the destination. The cost of an individual interface in OSPF is an indication of the overhead required to send packets across it.
Page 193: Ospf Implementation In Alteon Os
Alteon OS Application Guide OSPF Implementation in Alteon OS Alteon OS supports a single instance of OSPF and up to 4 K routes on the network. The follow- ing sections describe OSPF implementation in Alteon OS: “Configurable Parameters” on page 193 “Defining Areas”...
Page 194: Defining Areas
Alteon OS Application Guide Defining Areas If you are configuring multiple areas in your OSPF domain, one of the areas must be desig- nated as area 0, known as the backbone. The backbone is the central OSPF area and is usually physically connected to all other areas.
Page 195: Attaching An Area To A Network
Alteon OS Application Guide Using the Area ID to Assign the OSPF Area Number The OSPF area number is defined in the areaid <IP address> option. The octet format is used in order to be compatible with two different systems of notation used by other OSPF net- work vendors.
Page 196: Interface Cost
Alteon OS Application Guide Interface Cost The OSPF link-state algorithm (Dijkstra’s algorithm) places each routing device at the root of a tree and determines the cumulative cost required to reach each destination. Usually, the cost is inversely proportional to the bandwidth of the interface. Low cost indicates high bandwidth. You can manually enter the cost for the output route with the following command: OSPF interface number cost value (1-65535)
Page 197: Default Routes
Alteon OS Application Guide Default Routes When an OSPF routing device encounters traffic for a destination address it does not recog- nize, it forwards that traffic along the default route. Typically, the default route leads upstream toward the backbone until it reaches the intended area or an external router. Each GbE Switch Module acting as an ABR automatically inserts a default route into each attached area.
Page 198: Virtual Links
Alteon OS Application Guide The OSPF default route configuration can be removed with the command: /cfg/l3/ospf/default none >> # Virtual Links Usually, all areas in an OSPF AS are physically connected to the backbone. In some cases where this is not possible, you can use a virtual link. Virtual links are created to connect one area to the backbone through another non-backbone area (see Figure 12-1 on page 189).
Page 199: Router Id
Alteon OS Application Guide Router ID Routing devices in OSPF areas are identified by a router ID. The router ID is expressed in IP address format. The IP address of the router ID is not required to be included in any IP inter- face range or in any OSPF area.
Page 200: Figure 12-4:Ospf Authentication
Alteon OS Application Guide Figure 12-4 shows authentication configured for area 0 with the password test. Simple authen- tication is also configured for the virtual link between area 2 and area 0. Area 1 is not config- ured for OSPF authentication. Application Application Switch 3...
Page 201 Alteon OS Application Guide Enable OSPF authentication for Area 2 on switch 4. /cfg/l3/ospf/aindex 2/auth password >> # (Turn on OSPF password authenti- ation) Configure a simple text password up to eight characters for the virtual link between Area 2 and Area 0 on switches 2 and 4. /cfg/l3/ospf/virt 1/key >>...
Page 202: Host Routes For Load Balancing
Alteon OS Application Guide Assign MD5 key ID to OSPF virtual link on switches 2 and 4. /cfg/l3/ospf/virt 1/mdkey 2 >> # Host Routes for Load Balancing Alteon OS implementation of OSPF includes host routes. Host routes are used for advertising network device IP addresses to external networks, accomplishing the following goals: ABR Load Sharing As a form of load balancing, host routes can be used for dividing OSPF traffic among mul-...
Page 203: Ospf Features Not Supported In This Release
Alteon OS Application Guide OSPF Features Not Supported in This Release The following OSPF features are not supported in this release: Summarizing external routes Filtering OSPF routes Using OSPF to forward multicast routes Configuring OSPF on non-broadcast multi-access networks (such as frame relay, X.25, and ATM) 42C4911, January 2007 Chapter 12: OSPF...
Page 204: Ospf Configuration Examples
Alteon OS Application Guide OSPF Configuration Examples A summary of the basic steps for configuring OSPF on the GbE Switch Module is listed here. Detailed instructions for each of the steps is covered in the following sections: Configure IP interfaces. One IP interface is required for each desired network (range of IP addresses) being assigned to an OSPF area on the switch.
Page 205: Example 1: Simple Ospf Domain
Alteon OS Application Guide Example 1: Simple OSPF Domain In this example, two OSPF areas are defined—one area is the backbone and the other is a stub area. A stub area does not allow advertisements of external routes, thus reducing the size of the database.
Page 206 Alteon OS Application Guide Define the backbone. The backbone is always configured as a transit area using areaid 0.0.0.0. (Select menu for area index 0) >> Open Shortest Path First # aindex 0 (Set the ID for backbone area 0) >>...
Page 207: Example 2: Virtual Links
Alteon OS Application Guide Example 2: Virtual Links In the example shown in Figure 12-6, area 2 is not physically connected to the backbone as is usually required. Instead, area 2 will be connected to the backbone via a virtual link through area 1.
Page 208 Alteon OS Application Guide Define the backbone. (Select menu for area index 0) >> Open Shortest Path First # aindex 0 (Set the area ID for backbone area 0) >> OSPF Area (index) 0 # areaid 0.0.0.0 (Define backbone as transit type) >>...
Page 209 Alteon OS Application Guide Configuring OSPF for a Virtual Link on Switch #2 Configure IP interfaces on each network that will be attached to OSPF areas. Two IP interfaces are needed on Switch #2: one for the transit area network on 10.10.12.0/24 and one for the stub area network on 10.10.24.0/24.
Page 210: Other Virtual Link Options
Alteon OS Application Guide Define the stub area. (Select the menu for area index 2) >> OSPF Area (index) 1 # ../aindex 2 (Set the area ID for OSPF area 2) >> OSPF Area (index) 2 # areaid 0.0.0.2 (Define area as stub type) >>...
Page 211: Example 3: Summarizing Routes
Alteon OS Application Guide Example 3: Summarizing Routes By default, ABRs advertise all the network addresses from one area into another area. Route summarization can be used for consolidating advertised addresses and reducing the perceived complexity of the network. If the network IP addresses in an area are assigned to a contiguous subnet range, you can con- figure the ABR to advertise a single summary route that includes all the individual IP addresses within the area.
Page 212 Alteon OS Application Guide Follow this procedure to configure OSPF support as shown in Figure 12-7: Configure IP interfaces for each network which will be attached to OSPF areas. (Select menu for IP interface 1) >> # /cfg/l3/if 1 (Set IP address on backbone network) >>...
Page 213: Verifying Ospf Configuration
Alteon OS Application Guide Configure route summarization by specifying the starting address and mask of the range of addresses to be summarized. (Select menu for summary range) >> OSPF Interface 2 # ../range 1 (Set base IP address of summary range) >>...
Page 214 Alteon OS Application Guide Chapter 12: OSPF 42C4911, January 2007...
Page 215: Part 3: High Availability Fundamentals
Part 3: High Availability Fundamentals Internet traffic consists of myriad services and applications which use the Internet Protocol (IP) for data delivery. However, IP is not optimized for all the various applications. High Availability goes beyond IP and makes intelligent switching decisions to provide redundant network configurations.
Page 216 Alteon OS Application Guide 42C4911, January 2007...
Page 217: Chapter 13: High Availability
HAPTER High Availability GbE Switch Modules support high-availability network topologies through an enhanced implementation of the Virtual Router Redundancy Protocol (VRRP). The following topics are discussed in this chapter: “Layer 2 Failover” on page 218. This section discusses trunk failover without using VRRP.
Page 218: Layer 2 Failover
Alteon OS Application Guide Layer 2 Failover The primary application for Layer 2 Failover is to support Network Adapter Teaming. With Network Adapter Teaming, the NICs on each server all share the same IP address, and are configured into a team. One NIC is the primary link, and the other is a standby link. For more details, refer to the NetXen 10 Gb Ethernet Adapter documentation.
Page 219: Setting The Failover Limit
Alteon OS Application Guide Setting the Failover Limit The failover limit lets you specify the minimum number of operational links required within each trigger before the trigger initiates a failover event. For example, if the limit is two (/cfg/l2/failovr/trigger x/limit 2), a failover event occurs when the number of operational links in the trigger is two or fewer.
Page 220: Configuration Guidelines
Alteon OS Application Guide Configuration Guidelines This section provides important information about configuring L2 Failover: A failover trigger can monitor multiple static trunks or a single LACP key, but not both. With VLAN Monitor on, the following additional guidelines apply: All external ports in all trunks that are added to a single failover trigger must have the same VLAN membership and have the same PVID.
Page 221: Figure 13-2:Two Trunks, Each In A Different Failover Trigger
Alteon OS Application Guide Figure 13-2 shows a configuration with two trunks, each in a different Failover Trigger. GbESM 1 is the primary switch for Server 1 and Server 2. GbESM 2 is the primary switch for Server 3 and Server 4. VLAN Monitor is turned on. STP is turned off. If all links go down in trigger 1, GbESM 1 disables all internal ports that reside in VLAN 1.
Page 222 Alteon OS Application Guide Figure 13-3 shows a configuration with two trunks. VLAN Monitor is turned off, so only one Failover Trigger is configured on each switch. GbESM 1 is the primary switch for Server 1 and Server 2. GbESM 2 is the primary switch for Server 3 and Server 4. STP is turned off. If all links in trigger 1 go down, GbESM 1 disables all internal links to server blades.
Page 223: Configuring Trunk Failover
Alteon OS Application Guide Configuring Trunk Failover The following procedure pertains to example 1, as shown in Figure 13-1. Configure Network Adapter Teaming on the servers. Define a trunk group on the GbESM. (Select trunk group 1) >> # /cfg/l2/trunk 1 >>...
Page 224: Vrrp Overview
Alteon OS Application Guide VRRP Overview In a high-availability network topology, no device can create a single point-of-failure for the network or force a single point-of-failure to any other part of the network. This means that your network will remain in service despite the failure of any single device. To achieve this usually requires redundancy for all vital network components.
Page 225: Master And Backup Virtual Router
Alteon OS Application Guide There is no requirement for any VRRP router to be the IP address owner. Most VRRP installa- tions choose not to implement an IP address owner. For the purposes of this chapter, VRRP routers that are not the IP address owner are called renters. Master and Backup Virtual Router Within each virtual router, one VRRP router is selected to be the virtual router master.
Page 226: Vrrp Operation
Alteon OS Application Guide VRRP Operation Only the virtual router master responds to ARP requests. Therefore, the upstream routers only forward packets destined to the master. The master also responds to ICMP ping requests. The backup does not forward any traffic, nor does it respond to ARP requests. If the master is not available, the backup becomes the master and takes over responsibility for packet forwarding and responding to ARP requests.
Page 227: Failover Methods
Alteon OS Application Guide Failover Methods With service availability becoming a major concern on the Internet, service providers are increasingly deploying Internet traffic control devices, such as application switches, in redun- dant configurations. Traditionally, these configurations have been hot-standby configurations, where one switch is active and the other is in a standby mode.
Page 228: Active-Active Redundancy
Alteon OS Application Guide Active-Active Redundancy In an active-active configuration, shown in Figure 13-5, two switches provide redundancy for each other, with both active at the same time. Each switch processes traffic on a different sub- net. When a failure occurs, the remaining switch can process traffic on all subnets. For a configuration example, see “Active-Active Configuration”...
Page 229: Hot-Standby Redundancy
Alteon OS Application Guide Hot-Standby Redundancy The primary application for VRRP-based hot-standby is to support Server Load Balancing when you have configured Network Adapter Teaming on your server blades. With Network Adapter Teaming, the NICs on each server share the same IP address, and are configured into a team.
Page 230: Alteon Os Extensions To Vrrp
Alteon OS Application Guide Alteon OS extensions to VRRP This section describes the following VRRP enhancements that are implemented in Alteon OS: Tracking VRRP Router Priority Tracking VRRP Router Priority Alteon OS supports a tracking function that dynamically modifies the priority of a VRRP router, based on its current state.
Page 231: Virtual Router Deployment Considerations
Alteon OS Application Guide Virtual Router Deployment Considerations Review the following issues described in this section to prevent network problems when deploying virtual routers: Assigning VRRP Virtual Router ID Configuring the Switch for Tracking Assigning VRRP Virtual Router ID During the software upgrade process, VRRP virtual router IDs will be automatically assigned if failover is enabled on the switch.
Page 232 Alteon OS Application Guide The user can implement this behavior by configuring the switch for tracking as follows: Set the priority for switch 1 to 101. Leave the priority for switch 2 at the default value of 100. On both switches, enable tracking based on ports (ports), interfaces (ifs), or virtual routers (vr).
Page 233: High Availability Configurations
Alteon OS Application Guide High Availability Configurations GbE Switch Modules offer flexibility in implementing redundant configurations. This section discusses the more useful and easily deployed configurations: “Active-Active Configuration” on page 233 “Hot-Standby Configuration” on page 238 Active-Active Configuration Figure 13-7 shows an example configuration where two GbE Switch Modules are used as VRRP routers in an active-active configuration.
Page 234 Alteon OS Application Guide Task 1: Configure GbESM 1 Configure client and server interfaces. (Select interface 1) /cfg/l3/if 1 (Define IP address for interface 1) >> IP Interface 1# addr 192.168.1.100 (Assign VLAN 10 to interface 1) >> IP Interface 1# vlan 10 (Enable interface 1) >>...
Page 235 Alteon OS Application Guide Turn on VRRP and configure two Virtual Interface Routers. (Turn VRRP on) /cfg/l3/vrrp/on >> Virtual Router Redundancy Protocol# vr 1(Select virtual router 1) (Set VRID to 1) >> VRRP Virtual Router 1# vrid 1 (Set interface 1) >>...
Page 236 Alteon OS Application Guide Task 2: Configure GbESM 2 Configure client and server interfaces. (Select interface 1) /cfg/l3/if 1 (Define IP address for interface 1) >> IP Interface 1# addr 192.168.1.101 (Assign VLAN 10 to interface 1) >> IP Interface 1# vlan 10 (Enable interface 1) >>...
Page 237 Alteon OS Application Guide Turn on VRRP and configure two Virtual Interface Routers. (Turn VRRP on) /cfg/l3/vrrp/on >> Virtual Router Redundancy Protocol# vr 1(Select virtual router 1) (Set VRID to 1) >> VRRP Virtual Router 1# vrid 1 (Set interface 1) >>...
Page 238: Hot-Standby Configuration
Alteon OS Application Guide Hot-Standby Configuration The primary application for VRRP-based hot-standby is to support Network Adapter Teaming on your server blades. With Network Adapter Teaming, the NICs on each server share the same IP address, and are configured into a team. One NIC is the primary link, and the others are backup links.
Page 239 Alteon OS Application Guide Figure 13-8 illustrates a common hot-standby implementation on a single blade server. Notice that the BladeCenter server NICs are configured into a team that shares the same IP address across both NICs. Because only one link can be active at a time, the hot-standby feature con- trols the NIC failover by having the Standby switch disable its internal ports (holding down the server links).
Page 240 Alteon OS Application Guide Configure Virtual Interface Routers. (Turn on VRRP) /cfg/l3/vrrp/on >> Virtual Router Redundancy Protocol# vr 1(Select Virtual Router 1) (Enable VR 1) >> VRRP Virtual Router 1# ena (Select the Virtual Router ID) >> VRRP Virtual Router 1# vrid 1 (Select interface for VR 1) >>...
Page 241 Alteon OS Application Guide Task 2: Configure GbESM 2 On GbESM 1, configure the interfaces for clients (174.14.20.111) and servers (10.1.1.111). /cfg/l3/if 1 (Define IP address for interface 1) >> IP Interface 1# addr 174.14.20.111 (Enable interface 1) >> IP Interface 1# ena >>...
Page 242 Alteon OS Application Guide Turn off Spanning Tree Protocol globally. Apply and save changes. (Turn off Spanning Tree) /cfg/l2/stg 1/off >> Spanning Tree Group 1# apply (Apply changes) >> Spanning Tree Group 1# save Chapter 13: High Availability 42C4911, January 2007...
Page 243: Part 4: Appendices
Part 4: Appendices This section describes the following topics: Troubleshooting RADIUS Server Configuration Notes Glossary 42C4911, January 2007...
Page 244 Alteon OS Application Guide 42C4911, January 2007...
Page 245: Troubleshooting
PPENDIX Troubleshooting This section discusses some tools to help you troubleshoot common problems on the GbE Switch Module: “Monitoring Ports” on page 246 42C4911, January 2007...
Page 246: Appendix A: Troubleshooting
Alteon OS Application Guide Monitoring Ports The port mirroring feature in the Alteon OS allows you to attach a sniffer to a monitoring port that is configured to receive a copy of all packets that are forwarded from the mirrored port. Alteon OS enables you to mirror port traffic for all layer 2 and layer 3.
Page 247: Port Mirroring Behavior
Alteon OS Application Guide – Traffic on VLAN 4095 is not mirrored to the external ports. Port Mirroring behavior This section describes the composition of monitored packets in the GbE Switch Module, based on the configuration of the ports. If a tagged port's PVID is the same as its VLAN ID, then the egress traffic on that port is untagged.
Page 248 Alteon OS Application Guide Layer 3 Port Mirroring (Monitoring Port and Egress Port in the same GEA) In this scenario, you observe Layer 3 port mirroring on an egress port, and both the egress port and the monitoring port are in the same Gigabit Ethernet Aggregator (GEA) unit. To find out which GEA unit each port resides on, use the /info/geaport command.
Page 249 Alteon OS Application Guide Layer 3 Port Mirroring (Both Ports in Different GEAs) In this scenario, you observe Layer 3 port mirroring on an egress port, but the egress port and the monitoring port reside on different Gigabit Ethernet Aggregator (GEA) units. To find out which GEA unit each port resides on, use the /info/geaport command.
Page 250 Alteon OS Application Guide Layer 3 Port Mirroring (MP Packets, Both Ports in the Same GEA) MP packets are generated by the management processor, such as routing packets between direct interfaces. In this scenario, the mirrored port and the monitoring port reside on the same Gigabit Ethernet Aggregator (GEA) unit.
Page 251: Configuring Port Mirroring
Alteon OS Application Guide Configuring Port Mirroring To configure port mirroring for the example shown in Figure A-1, Specify the monitoring port. (Select port EXT3 for monitoring) monport EXT3 >> # /cfg/pmirr/ Select the ports that you want to mirror. (Select port EXT1 to mirror) >>...
Page 252 Alteon OS Application Guide View the current configuration. (Display the current settings) >> PortMirroring# cur Port mirroring is enabled Monitoring Ports Mirrored Ports none INT1 none INT2 none INT3 none INT4 none INT5 ----- ----- ----- none EXT1 none EXT2 (EXT1, in) (EXT2, out) EXT3 none...
Page 253 PPENDIX RADIUS Server Configuration Notes Use the following information to modify your RADIUS configuration files for the Nortel Networks BaySecure Access Control RADIUS server, to provide authentication for users of the GbE Switch Module. Create a dictionary file called alteon.dct, with the following content: ################################################################### # alteon.dct - RADLINX Alteon dictionary...
Page 254: Appendix B: Radius Server Configuration Notes
Alteon OS Application Guide Open the dictiona.dcm file, and add the following line (as in the example): @alteon.dct ################################################################### # dictiona.dcm ################################################################### # Generic Radius @radius.dct # Specific Implementations (vendor specific) @pprtl2l3.dct @acc.dct @accessbd.dct @alteon.dct ################################################################## # dictiona.dcm ################################################################## Open the vendor file (vendor.ini), and add the following data to the Vendor-Product identification list: vendor-product = Alteon Blade-server module...
Page 255: Glossary
Glossary DIP (Destination IP The destination IP address of a frame. Address) Dport (Destination The destination port (application socket: for example, http-80/https-443/DNS-53) Port) NAT (Network Address Any time an IP address is changed from one source IP or destination IP address to another Translation) address, network address translation can be said to have taken place.
Page 256 Alteon OS Application Guide Virtual Router A shared address between two devices utilizing VRRP, as defined in RFC 2338. One vir- tual router is associated with an IP interface. This is one of the IP interfaces that the switch GbE Switch Modules is assigned.
Page 257: Index
Index Symbols ................ 161 ........96, 99 Cisco EtherChannel ............... 18 ..............121 CIST ........140 Class of Service queue .......... 18 command conventions Numerics ........193 Command Line Interface ......... 80 802.1Q VLAN tagging configuration rules ..........96 port mirroring ..........
Page 258 Alteon OS Application Guide IP routing ........145 cross-subnet example .............218 Failover ....... 149 default gateway configuration failover ..... 148, 151 IP interface configuration ............227 overview ..........145 IP subnets fault tolerance ......... 145 network diagram ..........95 port trunking ....... 148 subnet configuration example ......144, 147 fragmenting jumbo frames...
Page 259 Alteon OS Application Guide OSPF RADIUS ........... 188 ..........44 area types authentication ..........199 ........127 authentication port 1812 and 1645 ......205 to ?? ........... 127 configuration examples port 1813 ..........197 ............. 60 default route SSH/SCP ..........203 ......
Page 260 Alteon OS Application Guide segments. See IP subnets............127 service ports ..............126 ............36, 193 SNMP ....147 jumbo frame traffic fragmentation ..........36 HP-OpenView ............47 user account spanning tree .........96 configuration rules Spanning-Tree Protocol ........111 multiple instances ......224 virtual interface router (VIR) ..........

This manual is also suitable for:

Alteon os

Nortel Alteon OS 42C4911 Application Manual

Preface

Part 1: Basic Switching

Chapter 1: Accessing the Switch

Chapter 2: Port-Based Network Access Control

Chapter 3: Vlans

Chapter 4: Ports and Trunking

Chapter 5: Spanning Tree Group

Chapter 6: Rapid Spanning Tree Protocol/Multiple Spanning Tree Protocol

Chapter 7: Quality of Service

Part 2: IP Routing

Chapter 8: Basic IP Routing

Chapter 9: Routing Information Protocol

Chapter 10: IGMP

Chapter 11: Border Gateway Protocol

Chapter 12: OSPF

Part 3: High Availability Fundamentals

Chapter 13: High Availability

Part 4: Appendices

Appendix A: Troubleshooting

Appendix B: RADIUS Server Configuration Notes

Glossary

Index

Quick Links

Troubleshooting

Related Manuals for Nortel Alteon OS 42C4911

Summary of Contents for Nortel Alteon OS 42C4911