Page 1 Planning and Engineering — Network Design Avaya Ethernet Routing Switch 8800/8600 NN46205-200, 03.02 November 2010...
Page 2 Avaya fraud intervention the products, services, or information described or offered within them. Avaya does not guarantee that these links will work all the time and has If you suspect that you are being victimized by toll fraud and you need no control over the availability of the linked pages.
Page 3: Table Of Contents
Contents Chapter 1: Safety messages.....................9 Notices................................9 Attention notice............................9 Caution ESD notice..........................9 Caution notice............................10 Chapter 2: New in this release....................13 Features................................13 Other changes..............................13 Dual MLTs in SMLT..........................13 Chapter 3: Introduction......................15 Chapter 4: Network design fundamentals................17 Chapter 5: Hardware fundamentals and guidelines.............19 Chassis considerations...........................19 Chassis power considerations........................19 Power supply circuit requirements......................20...
Page 4 Chapter 7: Software considerations..................53 Operational modes............................53 Chapter 8: Redundant network design..................55 Physical layer redundancy..........................55 100BASE-FX FEFI recommendations....................55 Gigabit Ethernet and remote fault indication..................56 SFFD recommendations.........................56 End-to-end fault detection and VLACP....................57 Platform redundancy............................61 High Availability mode..........................62 Link redundancy..............................65 MultiLink Trunking...........................66 802.3ad-based link aggregation......................69 Bidirectional Forwarding Detection......................72 Multihoming............................73 Network redundancy............................74...
Page 5 Border Gateway Protocol..........................131 BGP scaling............................132 BGP considerations..........................132 BGP and other vendor interoperability....................133 BGP design examples..........................133 IPv6 BGP+............................137 Open Shortest Path First..........................138 OSPF scaling guidelines........................139 OSPF design guidelines........................140 OSPF and CPU utilization........................140 OSPF network design examples......................140 IP routed interface scaling..........................144 Internet Protocol version 6..........................144 IPv6 requirements..........................145 IPv6 design recommendations......................145 Transition mechanisms for IPv6......................145...
Page 6 PIM-SM receivers and VLANs......................187 PIM network with non-PIM interfaces....................188 Protocol Independent Multicast-Source Specific Multicast guidelines............189 IGMPv3 and PIM-SSM operation......................190 RP Set configuration considerations....................190 PIM-SSM design considerations......................190 MSDP................................191 Peers..............................192 MSDP configuration considerations.....................193 Static mroute..............................193 DVMRP and PIM comparison........................195 Flood and prune versus shared and shortest path trees..............195 Unicast routes for PIM versus DMVRP own routes................195 Convergence and timers........................196 PIM versus DVMRP shutdown......................196...
Page 7 Chapter 13: Layer 1, 2, and 3 design examples..............235 Navigation..............................235 Layer 1 examples............................235 Layer 2 examples............................238 Layer 3 examples............................242 RSMLT redundant network with bridged and routed VLANs in the core............247 Chapter 14: Network security....................249 DoS protection mechanisms.........................249 Broadcast and multicast rate limiting....................250 Directed broadcast suppression......................250 Prioritization of control traffic........................250 CP-Limit recommendations........................250...
Page 8 Network Management..........................299 Supported network management MIBs......................300 Appendix C: Customer service....................305 Navigation..............................305 Getting technical documentation........................305 Getting Product training..........................305 Getting help from a distributor or reseller......................305 Getting technical support from the Avaya Web site..................306 Planning and Engineering — Network Design November 2010...
Page 9: Chapter 1: Safety Messages
Chapter 1: Safety messages This section describes the different precautionary notices used in this document. This section also contains precautionary notices that you must read for safe operation of the Avaya Ethernet Routing Switch 8800/8600. Notices Notice paragraphs alert you about issues that require your attention. The following sections describe the types of notices.
Page 10: Caution Notice
Achtungshinweise bieten Informationen dazu, wie man mögliche Dienstunterbrechungen oder Schäden an Avaya-Produkten verhindert. Caution: PRECAUCIÓN Los avisos de Precaución brindan información acerca de cómo evitar posibles interrupciones del servicio o el daño a los productos Avaya. Caution: CUIDADO Planning and Engineering — Network Design November 2010...
Page 11 Notices Os avisos de cuidado oferecem informações sobre como evitar possíveis interrupções do serviço ou danos aos produtos da Avaya. Caution: ATTENZIONE Le indicazioni di attenzione forniscono informazioni per evitare possibili interruzioni del servizio o danni ai prodotti Avaya. Planning and Engineering — Network Design...
Page 12 Safety messages Planning and Engineering — Network Design November 2010...
Page 13: Chapter 2: New In This Release
Chapter 2: New in this release The following sections detail what’s new in Avaya Ethernet Routing Switch 8800/8600 Planning and Engineering — Network Design, NN46205-200 for Release 7.0. • Features on page 13 • Other changes on page 13 Features See the following sections for information about feature changes: •...
Page 14 New in this release Planning and Engineering — Network Design November 2010...
Page 15: Chapter 3: Introduction
Chapter 3: Introduction This document describes a range of design considerations and related information that helps you to optimize the performance and stability of your Avaya Ethernet Routing Switch 8800/8600 network. Important: This document describes the Avaya recommended best practices for network configuration. If your network diverges from the recommended best practices, Avaya cannot guarantee support for issues that arise.
Page 16 Introduction Planning and Engineering — Network Design November 2010...
Page 17: Chapter 4: Network Design Fundamentals
Chapter 4: Network design fundamentals To efficiently and cost-effectively use your Avaya 8000 Series routing switch, you must properly design your network. Use the information in this section to help you properly design your network. When you design networks, you must consider the following: •...
Page 18 Based on this model, one goal of network design is to off-load the interacting software level as much as possible to the other levels, especially to the hardware level. Therefore, Avaya recommends that you follow these generic rules when you design networks: •...
Page 19: Chapter 5: Hardware Fundamentals And Guidelines
You must install at least one power supply for each chassis. To determine the number of power supplies required for your switch configuration, use the Power Supply Calculator for Avaya ERS 8800/8600, NN48500-519. This is available at Planning and Engineering — Network Design...
Page 20: Power Supply Circuit Requirements
AC source Power Feed 1 to input 1 on the dual-input supply, and then connect the AC source Power Feed 2 to input 2 on the dual-input supply. Avaya recommends this configuration to provide full power feed redundancy. See the following figure.
Page 21: Chassis Cooling
Chassis cooling You can use two basic methods to determine the cooling capacity required to cool the switch. You can use the Avaya Power Supply Calculator Tool to determine power draw in watts, or you can use a worse-case power draw.
Page 22: Modules
Hardware fundamentals and guidelines Modules Use modules to interface the switch to the network. This section discusses design guidelines and considerations for Avaya Ethernet Routing Switch 8800/8600 modules. SF/CPU modules The switch fabric/CPU (SF/CPU) module performs intelligent switching and routing. Every chassis must have at least one SF/CPU;...
Page 23 Modules Figure 3: RS module usage The 8612XLRS, 8648GBRS, and 8634XGRS modules use a three-lane Distributed Processing Module (DPM) based on Route Switch Processor (RSP) 2.6 architecture. The 8648GTRS uses a two-lane DPM. The following table provides details about oversubscription rates for each module.
Page 24: R Modules
R modules provide support for a variety of technologies, interfaces, and feature sets and provide 1 and 10 Gbit/s port rates. The Avaya Ethernet Routing Switch 8800/8600 supports the following R modules, which require the use of the 8895 SF/CPU or 8692 SF/CPU with SuperMezz: •...
Page 25 (FDB) operations for R and RS series modules. The global FDB filter command for R and RS series modules is config fdb fdb-filter add <mac-address>. For more information about the FDB filters, see Avaya Ethernet Routing Switch 8800/8600 Configuration — VLANs and Spanning Tree, NN46205-517.
Page 26 • 10GBASE-ER/EW • 10GBASE-ZR/ZW • 10GBASE DWDM For more information about XFP specifications, see Avaya Ethernet Routing Switch 8800/8600 Installation — SFP, XFP, and GBIC and OADM Hardware Components, NN46205-320. 10 GbE clocking Whether you use internal or line clocking depends on the application and configuration.
Page 27: Features And Scaling
Features and scaling The following tables show scaling information and features available on the Avaya Ethernet Routing Switch 8800/8600. For the most recent scaling information, always consult the latest version of the Release Notes. Table 5: Supported scaling capabilities...
Page 28 Hardware fundamentals and guidelines Maximum supported 8692SF with SuperMezz or 8895SF (R or RS series modules) Aggregation groups 802.3ad aggregation NonR mode: 32 R mode: 128 groups Multi Link Trunking (MLT) group SMLT links R mode: 128 SLT (single link SMLT) VLANs on SMLT/IST link R mode with Max VLAN feature enabled: 2000 RSMLT per VLAN...
Page 29 Modules Maximum supported 8692SF with SuperMezz or 8895SF (R or RS series modules) Static route entries 2000 in a VRF 10 000 in the system OSPF instances for each switch on 64 VRFs (including GRT) OSPF areas for each switch 5 in a VRF 24 in the system OSPF adjacencies for each switch 80 200 in the system...
Page 30: Optical Device Guidelines
4590 memory Avaya supports only 25 spanning tree groups (STG). Although you can configure up to 64 STGs, configurations of more than 25 STGs are not supported. If you need to configure more than 25 STGs, contact your Avaya Customer Support representative for more information.
Page 31: Optical Power Considerations
Although the 10 GbE WAN module uses a 1310 nanometer (nm) transmitter, it uses a wideband receiver that allows it to interwork with products using 1550 nm 10 Gigabit interfaces. Such products include the Cross Connect DX and the Long Haul 1600G. The Avaya OM5200 10G optical transponder utilizes a 1310 nm client-side transmitter.
Page 32: Xfps And Dispersion Considerations
Hardware fundamentals and guidelines SFP/XFP/GBIC Maximum reach 1000BASE-XD Up to 40 km 1000BASE-ZX Up to 70 km 1000BASE-EX Up to 120 km 10GBASE-LRM Up to 220 m 10GBASE-SR Up to 300 m 10GBASE-LR/LW Up to 10 km 10GBASE-ER/EW Up to 40 km 10GBASE-ZR/ZW Up to 80 km XFPs and dispersion considerations...
Page 33 Optical device guidelines Table 7: Spectral width and link lengths assuming the maximum of 3.5 ps/(nm-km) Spectral width (nm) Maximum link length (km) 28.5 Table 8: Spectral widths and link lengths assuming an average fiber of 1.0 ps/(nm-km) Spectral width (nm) Maximum link length (km) 1000 If your fiber chromatic dispersion is over the limit, you can use chromatic dispersion...
Page 34: 10/100Base-X And 1000Base-Tx Reach
In this case, only the link speed is sensed; not the duplex mode. Avaya recommends the autonegotiation settings as shown in the following table, where A and B are two Ethernet devices.
Page 35: Cana
CANA Table 11: Recommended autonegotiation setting on 10/100BASE-TX ports Port on A Port on B Remarks Recommendations Autonegotiation Autonegotiation Ports negotiate on Recommended setting enabled enabled highest supported if both ports support mode on both sides. autonegotiation mode. Full-duplex Full-duplex Both sides require the Recommended setting same mode.
Page 36: Fefi And Remote Fault Indication
Having CP-Limit disable IST ports in this way can impair network traffic flow, as this is a critical port for SMLT configurations. Avaya recommends that an IST MLT contain at least two physical ports, although this is not a requirement. Avaya also recommends that you disable CP-Limit on all physical ports that are members of an IST MLT.
Page 37: Extended Cp-Limit
Extended CP-Limit Extended CP-Limit The Extended CP-Limit feature goes one step further than CP-Limit by adding the ability to read buffer congestion at the CPU as well as port level congestion on the I/O modules. This feature protects the CPU from any traffic hitting the CPU by shutting down the ports that are responsible for sending traffic to CPU at a rate greater than desired.
Page 38 For information about using CP-Limit and Extended CP-Limit with SLPP and VLACP, see SLPP, Loop Detect, and Extended CP-Limit on page 106. For more information about CP-Limit and Extended CP-Limit, see Avaya Ethernet Routing Switch 8800/8600 Administration, NN46205-605. Planning and Engineering — Network Design...
Page 39: Chapter 6: Optical Routing Design
Chapter 6: Optical routing design Use the Avaya optical routing system to maximize bandwidth on a single optical fiber. This section provides optical routing system information that you can use to help design your network. Navigation • Optical routing system components on page 39 •...
Page 40 Optical routing design Figure 6: Wavelength division multiplexing The Avaya optical routing system supports both ring and point-to-point configurations. The optical routing system includes the following parts: • CWDM GBICs • CWDM SFPs • Optical add/drop multiplexers (OADM) • Optical multiplexer/demultiplexers (OMUX) •...
Page 41 Optical routing system components Multiplexer part number Wavelength GBIC and SFP part numbers OADM OMUX-4 OMUX-8 1510 nm AA1419019-E5, up to 120 km AA1402004- Blue GBIC AA1419027-E5, up to 40 km SFP AA1419035-E5, up to 70 km SFP AA1419055- E6, up to 40 km DDI SFP AA1419063-E6, up to 70 km DDI SFP 1530 nm...
Page 42: Multiplexer Applications
Optical routing design For more information about multiplexers, SFPs, and GBICs, including technical specifications and installation instructions, see Avaya Ethernet Routing Switch 8800/8600 Installation — SFP, XFP, GBIC, and OADM Hardware Components, NN46205-320. Multiplexer applications Use OADMs to add and drop wavelengths to and from an optical fiber. Use multiplexers to combine up to eight wavelengths on a single fiber.
Page 43: Optical Multiplexer In A Point-To-Point Application
Multiplexer applications Figure 7: OADM ring configuration example For information about calculating network transmission distance, see Transmission distance on page 45. Optical multiplexer in a point-to-point application Point-to-Point (PTP) optical networks carry data directly between two end points without branching out to other points or nodes. Point-to-Point connections (see the following figure) are made between mux/demuxs at each end.
Page 44: Omux In A Ring
Optical routing design in a chassis. The OMUX on the left is called the east path, and the OMUX on the right is called the west path. Figure 8: OMUX point-to-point configuration example OMUX in a ring OMUXs are also used as the hub site in OMUX-based ring applications. (For more information, Figure 7: OADM ring configuration example on page 43.) Two OMUXs are installed in the optical shelf at the central site to create an east and a west fiber path.
Page 45: Transmission Distance
The examples assume the use of the values and information listed in the following table. Use the expected repair margin specified by your organization. For GBIC, SFP, XFP, and multiplexer specifications, see Avaya Ethernet Routing Switch 8800/8600 Installation — SFP, Planning and Engineering — Network Design...
Page 46 Optical routing design XFP, GBIC, and OADM Hardware Components, NN46205-320. Multiplexer loss values include connector loss. Attenuation of 0.25 dB/km is used, but the typical attenuation at 1550 nm is about 0.20 dB/ km. Be sure to use the appropriate value for your network. Table 13: Assumptions used in calculating maximum transmission distance Parameter Value...
Page 47 Transmission distance Figure 9: Point-to-point network configuration example The Ethernet switch does not have to be near the OMUX, and the OMUX does not regenerate the signal. Therefore, the maximum transmission distance is from GBIC to GBIC. The following table shows typical loss values used to calculate the transmission distance for the point-to-point network.
Page 48 Optical routing design Mesh ring reach example The transmission distance calculation for the mesh ring configuration shown in the following figure is similar to that of the point-to-point configuration, with some additional loss generated in the passthrough of intermediate OADM nodes. Figure 10: Mesh ring network configuration As the signal passes from point A to point B (the most remote points in the mesh ring network example), the signal loses intensity in the fiber optic cable, and in each connection between...
Page 49 Transmission distance The following table shows the typical loss values used to calculate the transmission distance for the mesh ring network example. Table 15: Mesh ring signal loss values Parameter Value Loss budget 30 dB OADM insertion loss for Add port 1.9 dB OADM insertion loss for Through port 2.0 dB...
Page 50 Optical routing design Figure 11: Hub and spoke network configuration As the signal passes from point A to point B (the most remote points), it loses intensity in the fiber optic cable, and in each connection between the individual OADMs, the OMUX-8, and the GBICs.
Page 51: Dwdm Xfps
30 – 20.4 – 3 = 6.6 dB Maximum reach = (6.6 dB) / (0.25 dB/km) = 26.4 km DWDM XFPs The Avaya Ethernet Routing Switch 8800/8600 provides support for DWDM XFP devices on all 10 Gigabit ports for R/RS modules (8683XLR, 8683XZR, 8612XLRS, 8634XGRS). The Ethernet Routing Switch 8800/8600 can support 10 Gigabit, frequency multiplexed, direct connections to Avaya CPL rings.
Page 52 Optical routing design Product number Centre wavelength (nm) Centre wavelength (THz) NTK587BEE5 1539.77 194.7 NTK587BGE5 1540.56 194.6 NTK587BJE5 1541.35 194.5 NTK587BLE5 1542.14 194.4 NTK587BNE5 1542.94 194.3 NTK587BQE5 1543.73 194.2 NTK587BSE5 1544.53 194.1 NTK587BUE5 1545.32 194.0 The following figure shows a sample network topology using DWDM XFPs in a large enterprise. Figure 12: DWDM XFPs for MSO/large enterprise Planning and Engineering —...
Page 53: Chapter 7: Software Considerations
53 Operational modes With Release 7.0 and later, the Avaya Ethernet Routing Switch 8800/8600 operates in R mode only. You cannot configure the switch to run in M mode. Similarly, enhanced operational mode configuration is not applicable as the system always operates in enhanced mode.
Page 54 Software considerations Planning and Engineering — Network Design November 2010...
Page 55: Chapter 8: Redundant Network Design
57 100BASE-FX FEFI recommendations The Avaya Ethernet Routing Switch 8800/8600 supports Far End Fault Indication (FEFI). FEFI ensures that link failures are reported to the switch. FEFI is enabled when the autonegotiation function is enabled. However, not all 100BASE-FX drivers support FEFI. Without FEFI support, if one of two unidirectional fibers forming the connection between the two switches fails, the Planning and Engineering —...
Page 56: Gigabit Ethernet And Remote Fault Indication
Figure 13: 100BASE-FX FEFI With Avaya-to-Avaya connections, to avoid loss of connectivity for devices that do not support FEFI, you can use VLACP as an alternative failure detection method. For more information, End-to-end fault detection and VLACP on page 57.
Page 57: End-To-End Fault Detection And Vlacp
A major limitation of the RFI and FEFI functions is that they terminate at the next Ethernet hop. Therefore, failures cannot be determined on an end-to-end basis over multiple hops. To mitigate this limitation, Avaya has developed a feature called Virtual LACP (VLACP), which provides an end-to-end failure detection mechanism. With VLACP, far-end failures can be detected.
Page 58 MLT to ensure both end devices are able to communicate. By using VLACP over SLT, enhanced failure detection is extended beyond the limits of the number of SMLT or LACP instances that can be created on an Avaya switch. VLACP trap messages are sent to the management stations if the VLACP state changes. If the failure is local, the only traps that are generated are port linkdown or port linkup.
Page 59 Figure 16: VLACP sub-100 millisecond convergence on page 60, is a core network of at least two Ethernet Routing Switch 8800/8600s (this feature works only between at least two Ethernet Routing Switch 8800/8600s equipped with the 8895 SF/CPU or with the 8692 SF/CPU with SuperMezz ).
Page 60 High Availability (HA) mode, and may not be stable in scaled networks. • Interswitch trunk (IST) links do not support VLACP with short timers. Use only long timers. For IST MLTs, Avaya recommends that you do not set the VLACP long periodic timer to less than 30 seconds.
Page 61: Platform Redundancy
• Switch fabric redundancy Avaya recommends that you use two SF/CPUs to protect against switch fabric failures. The two SF/CPUs load share and provide backup for each other. Using the 8006 or 8010 Planning and Engineering — Network Design...
Page 62: High Availability Mode
Card International Association (PCMCIA) storage. If you enable the system flag called save to standby, it ensures that configuration changes are always saved to both CPUs. When you use SMLT, Avaya recommends that you use VLACP to avoid packet forwarding to a failed switch that cannot process them. High Availability mode High Availability (HA) mode activates two CPUs simultaneously.
Page 63 Platform redundancy feature, supports the synchronization of VLAN and Quality of Service (QoS) software parameters, static and default route records, ARP entries, and LAN virtual interfaces. Specifically, Layer 3 (L3) redundancy passes table information and Layer 3 protocol-specific control packets to the Standby CPU. When using L2/L3 redundancy, the bootconfig file is saved to both the Master and the Standby CPUs, and the Standby CPU is reset automatically.
Page 64 A restart is necessary to make HA-CPU mode active. For information about configuring ARP, IP static routes, and IP dynamic routing protocols (OSPF and RIP), see Avaya Ethernet Routing Switch 8800/8600 Configuration — IP Routing, NN46205-523 and Avaya Ethernet Routing Switch 8800/8600 Configuration — OSPF and RIP, NN46205-522.
Page 65: Link Redundancy
Error messages can appear on the console. In HA mode, Avaya recommends that you do not configure the OSPF hello timers for less than one second, and the dead router interval for less for than 15 seconds.
Page 66: Multilink Trunking
Ensure that all ports that belong to the same MLT/LACP group use the same port speed, for example, 1 Gbit/s, even if autonegotiation is used. The software does not enforce this requirement. Avaya recommends that you use CANA to ensure proper speed negotiation in mixed-port type scenarios.
Page 67 • Connect port 3/1 on switch A to port 8/1 on switch B. Brouter ports and MLT In the Avaya Ethernet Routing Switch 8800/8600, brouter ports do not support MLT. Thus, you cannot use brouter ports to connect two switches with a MLT. An alternative is to use a VLAN.
Page 68 Redundant network design ID as its root port (ignoring the aggregate rate of the links), Avaya recommends that the following methods be used when you define path costs: • Use lower port numbers for multilink trunks so that the multilink trunks with the most active links gets the lowest port ID.
Page 69: 802.3Ad-Based Link Aggregation
Link redundancy 802.3ad-based link aggregation Link aggregation provides link layer redundancy. Use IEEE 802.3ad-based link aggregation (IEEE 802.3 2002 clause 43) to aggregate one or more links together to form Link Aggregation Groups (LAG) to allow a MAC client to treat the LAG as if it were a single link. Using link aggregation increases aggregate throughput of the interconnection between devices and provides link redundancy.
Page 70 SMLT-ID or SLT-ID are sent to the wiring closet switch. Avaya recommends that you configure the system ID to be the base MAC address of one of the aggregate switches along with its SMLT-ID. You must ensure that the same value for system ID is configured on both of the SMLT Core Aggregation Switches.
Page 71 LAG. The default MinLink value is 1, with a range of 1 to 8. If the number of active links in the LAG becomes less than the MinLink setting, the Avaya Ethernet Routing Switch 8800/8600 marks the LAG as down, and informs the remote end of the LAG state by using a Link Aggregation Protocol Data Unit (LACPDU).
Page 72: Bidirectional Forwarding Detection
Operation The Avaya Ethernet Routing Switch 8800/8600 uses one BFD session for all protocols with the same destination. For example, if a network runs OSPF and BGP across the same link Planning and Engineering — Network Design...
Page 73: Multihoming
AdminDown. BFD restrictions The Avaya Ethernet Routing Switch 8800/8600 supports up to 256 BFD sessions, however, the number of BFD sessions plus the number of VLACP sessions cannot exceed 256. The Ethernet Routing Switch 8800/8600 does not support the following IETF BFD options: •...
Page 74: Network Redundancy
Multihomed hosts can be connected to port-based, policy-based, and IP subnet-based VLANs. The IP addresses that you associate with a single MAC address on a host must be located in the same IP subnet. The Ethernet Routing Switch 8800/8600 supports multihomed hosts with up to 16 IP addresses per MAC address.
Page 75 Important: Avaya recommends that you do not directly connect servers and clients in core switches. If one IST switch fails, connectivity to the server is lost. Data center architecture The tiered network architecture also applies to a data center architecture.
Page 76 Redundant network design Figure 17: Three-tiered architecture plus data center Inmany cases, you can remove the distribution layer from the campusnetwork layout. This maintains functionality, but decreases cost,complexity, and network latency. The following figure shows a two-tieredarchitecture where the edge layer is connected directly into the core. Figure 18: Two-tiered architecture with four-switch core plus data center Thefollowing figure shows a two-tiered architecture with a two-switchcore.
Page 77: Network Edge Redundancy
If one edge layer switch fails, the other can maintain user services. Figure 20: Redundant network edge diagram Avaya recommends the network edge design shown in Figure 21: Recommended network edge design on page 78. This setup is simple to implement and maintain, yet still provides redundancy if one of the edge or distribution layer switches fails.
Page 78: Split Multi-Link Trunking
This permits the scaling of the number of split multilink trunks on a switch to the maximum number of available ports. For configuration procedures for the Avaya Split Multi-Link Trunking feature for the Ethernet Routing Switch 8800/8600, see Switch Clustering using Split-Multilink Trunking (SMLT) Technical Configuration Guide, NN48500-518 or Switch Clustering (SMLT/SLT) Configuration Tool , NN48500-536.
Page 79 Network redundancy • SMLT scalability on page 87 • SMLT topologies on page 87 • SMLT full-mesh recommendations with OSPF on page 89 SMLT redundancy The following figure shows an SMLT configuration that contains a pair of Ethernet Routing Switch acting as aggregation switches (E and F). Four separate wiring closet switches are shown, labeled A, B, C, and D (MLT-compatible devices).
Page 80 By using VLACP over SLT, enhanced failure detection is extended beyond the limits of the number of SMLT or LACP instances that can be created on an Avaya switch. For more information about VLACP, see End-to-end fault detection and VLACP on page 57.
Page 81 PIM-SM. In this case, you must enable PIM-SM on the IST VLAN. Avaya also recommends that you use low slot number ports for the IST, for example ports 1/1 and 2/1, because the low number slots boot up first.
Page 82 • 1 to 128 for MLT-based SMLTs in R-mode enabled chassis • 1 to 512 for SLTs Important: Avaya recommends to use SLT IDs of 129 to 512 and that you reserve the lower number IDs of 1 to 128 for SMLT only. Single Link Trunking (SLT) Use Single Link Trunking (SLT) to configure a split multilink trunk that uses a single port.
Page 83 On the edge switch, SMLT achieves load sharing by using the MLT path selection algorithm (for a description of the algorithm, see Avaya Ethernet Routing Switch 8800/8600 Configuration — Link Aggregation, MLT, and SMLT, NN46205-518. Usually, the algorithm operates on a source/destination MAC address basis or a source/destination IP address basis.
Page 84 Redundant network design from each of the switches to the exit router (the critical IP) fail. Avaya recommends that you do not configure VRRP critical IPs within SMLT or R-SMLT environments because SMLT operation automatically provides the same level of redundancy.
Page 85 SMLT and IEEE 802.3ad interaction The Avaya Ethernet Routing Switch 8800/8600 switch fully supports the IEEE 802.3adLink Aggregation Control Protocol (LACP) on MLT and distributed MLTlinks, and on a pair of SMLT switches.
Page 86 Prior to Release 4.1.1, if the SMLT core aggregation switches did not know and were unable to negotiate the LACP system ID, data could be lost. Avaya recommends that you configure the LACP SMLT system ID to be the base MAC address of one of the aggregate switches, and that you include the SMLT-ID.
Page 87 Multicast network design on page 147. For more information about VLAN scalability, see Avaya Ethernet Routing Switch 8800/8600 Configuration — VLANs and Spanning Tree, NN46205-517. SMLT topologies Several common network topologies are used in SMLT networks. These include the SMLT triangle, the SMLT square, and the SMLT full-mesh.
Page 88 Redundant network design 31 SMLT client switch connections, and up to 512 SLT connections. When you use the square design (Figure 23: SMLT square configuration on page 88), keep in mind that all links facing each other (denoted by the MLT ring on an aggregation pair) must use the same SMLT IDs. Figure 23: SMLT square configuration You can configure an SMLT full-mesh configuration as shown in Figure 24: SMLT full-mesh...
Page 89: Smlt Full-Mesh Recommendations With Ospf
In a full-mesh SMLT configuration between two clusters running OSPF (typically an RSMLT configuration), Avaya recommends that you place the MLT ports that form the square leg of the mesh (rather than the cross connect) on lower numbered slots/ports. This configuration is recommended because CP-generated traffic is always sent out on the lower numbered MLT ports when active.
Page 90 Redundant network design VLANs. RSMLT provides redundancy as well: if a core router fails, RSMLT provides packet forwarding, which eliminates dropped packets during convergence. Routing protocols used to provide convergence can be any of the following: IP unicast static routes, RIPv1, RIPv2, OSPF, or BGP. RSMLT navigation •...
Page 91 Network redundancy Figure 26: SMLT and RSMLT in Layer 3 environments The aggregation layer switches are routing-enabled and provide active-active default gateway functions through RSMLT. Routers R1 and R2 forward traffic for IP subnet A. RSMLT provides both router failover and link failover. For example, if the SMLT link in between R2 and R4 are broken, the traffic fails over to R1.
Page 92 R1 in the event of failure) to a time period greater than the routing protocol convergence or to indefinite (that is, the pair always routes for each other). Avaya recommends that you set the hold up and hold down timer to 1.5 times the convergence time of the network.
Page 93 If you use a Layer 3 SMLT client switch without a routing protocol, configure two static routes to point to both RSMLT switches or configure one static route. Set the RSMLT hold-up timer to 9999 (infinity). Avaya also recommends that you set the RSMLT hold-up timer to 9999 (infinity) for RSMLT Edge (Layer 2 RSMLT).
Page 94 Figure 28: VLAN edge configuration IPv6 RSMLT While Avaya’s Routed Split MultiLink Trunk (RSMLT) functionality originally provided sub- second failover for IPv4 forwarding only, the Avaya Ethernet Routing Switch 8800/8600 Planning and Engineering — Network Design November 2010...
Page 95 • IPv6 Static Routes • OSPFv3 IPv4 IST with IPv6 RSMLT The Avaya Ethernet Routing Switch 8800/8600 does not support the configuration of an IST over IPv6. IST is supported over IPv4 only. Example network The following figure shows a sample IPv6 RSMLT topology. It shows a typical redundant network example with user aggregation, core, and server access layers.
Page 96 Redundant network design Figure 29: IPv6 RSMLT network example In the VLAN 3 portion of the network shown in the preceding figure, routers R1 and R2 provide RSMLT-enabled IPv6 service to hosts H1 and H2. Router R1 can be configured as the default IPv6 router for H1 and R2 can be the default router for H2.
Page 97 Network redundancy When R2 detects that the RSMLT in R1 transitions to the DOWN state (for example, if R1 itself is down, or its SMLT links are down, or the IST link is down) R2 takes over IPv6 termination and IPv6 Neighbor Discovery functionality on behalf or R1’s IPv6 SMLT interface. Specifically: •...
Page 98: Switch Clustering Topologies And Interoperability With Other Products
Switch clustering topologies and interoperability with other products When the Avaya Ethernet Routing Switch 8800/8600 is used with other Avaya Ethernet Routing Switch products, the switch clustering bridging, unicast routing, and multicast routing configurations vary with switch type. Avaya recommends that you use the supported topologies and features when you perform inter-product switch clustering.
Page 99: Chapter 9: Layer 2 Loop Prevention
113 Spanning tree Spanning Tree prevents loops in switched networks. The Avaya Ethernet Routing Switch 8800/8600 supports several spanning tree protocols and implementations. These include the Spanning Tree Protocol (STP), Per-VLAN Spanning Tree Plus (PVST+), Rapid Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP).
Page 100 Layer 2 loop prevention STP and BPDU forwarding You can enable or disable STP at the port or at the spanning tree group (STG) level. If you disable the protocol at the STG level, Bridge Protocol Data Units (BPDU) received on one port in the STG are flooded to all ports of this STG regardless of whether the STG is disabled or enabled on a per port basis.
Page 101 Avaya provides multiple spanning tree group (STG) interoperability with single STG devices. When you connect the Avaya Ethernet Routing Switch 8800/8600 with Layer 2 switches, be aware of the differences in STG support between the two types of devices. Some switches support only one STG, whereas the Avaya Ethernet Routing Switch 8800/8600 supports 25 STGs.
Page 102 Ethernet Switch 8100. To create this configuration, you must configure STGs on the two Ethernet Routing Switch 8800/8600s, assign specific MAC addresses to the BPDUs created by the two new STGs, create VLANs 4002 and 4003 on the Layer 2 device, and create two new VLANs (VLAN 2 and VLAN 3) on all three devices.
Page 103 In the ACLI, the command is spanning-tree stp <1-64> create. On the Ethernet Routing Switch 8800/8600s (A8600 and B8600), configure A8600 as the root of STG2 and B8600 as the root of STG3. On the Ethernet Switch 8100 (Layer 2), configure Planning and Engineering —...
Page 104 Configure the four VLANs on the Layer 2 switch to include the tagged ports connected to the Ethernet Routing Switch 8800/8600. To ensure that the BPDUs from STG2 and STG3 are seen by the Layer 2 switch as traffic for the two VLANs, and not as BPDUs, give two of the VLANs the IDs 4002 and 4003.
Page 105: Per-Vlan Spanning Tree Plus
Use to configure multiple instances of RSTP on the same switch. Each RSTP instance can include one or more VLANs. The operation of the MSTP is similar to the current Avaya proprietary MSTP, except that the Avaya version has faster recovery time.
Page 106: Slpp, Loop Detect, And Extended Cp-Limit
The CP-Limit functionality only protects the switch from broadcast and control traffic with a QoS value of 7. Do not use only the CP-Limit for loop prevention. Avaya recommends the following loop prevention and recovery features in order of preference: •...
Page 107 SLPP, Loop Detect, and Extended CP-Limit such a configuration issue, whereas SLPP reacts and disables the malfunctioning links, minimizing the impact on the network. In addition to using SLPP for loop prevention, you can use the extended CP-Limit softdown feature to protect the SF/CPU against Denial of Service (DOS) attacks where required. The extended CP-Limit harddown option should only be used as a loop prevention mechanism in Software Release 3.7.x.
Page 108 • On SMLT switch B, the SLPP Rx threshold is set to 50 to avoid edge isolation in case of a network failure. In this scenario, Avaya recommends that you enable the untagged-frames-discard parameter on the SMLT uplink ports. SLPP configuration considerations and recommendations SLPP uses a per-VLAN hello packet mechanism to detect network loops.
Page 109 • Enable SLPP-Rx only on SMLT edge ports, and never on core ports. Do not enable SLPP- Rx on SMLT IST ports or SMLT square or full-mesh core ports. • In an SMLT Cluster, Avaya recommends an SLPP Packet-RX Threshold of 5 on the primary switch and 50 on the secondary switch.
Page 110: Extended Cp-Limit
To enable this functionality and set its general parameters, configuration must take place at the chassis level first. After you enable this functionality at the chassis level, configure each port individually to make use of it. The following table provides the Avaya recommended Extended CP-Limit values. Table 23: Extended CP-Limit recommended values Setting Value SoftDown –...
Page 111: Loop Detect
Primary (P) – primary target for convergence Secondary (S) – secondary target for convergence Tertiary (T) – third target for convergence Quarternary (Q) – fourth target for convergence Avaya does not recommend the Ext CP-Limit HardDown option for software Release 4.1 or later. Only use this option if SLPP is not available.
Page 112: Loop Prevention Recommendations
2) Note 1: SF/CPU protection mechanism; do not enable on IST links. Note 2: With Release 4.1.1.0 and later, Avaya recommends that you use the Soft Down option versus Hard Down. Note 3: Do not enable SLPP on IST links.
Page 113: Sf/Cpu Protection And Loop Prevention Compatibility
SF/CPU protection and loop prevention compatibility SF/CPU protection and loop prevention compatibility Avaya recommends several best-practice methods for loop prevention, especially in any Avaya Ethernet Routing Switch 8800/8600 Switch cluster environment. For more information about loop detection and compatibility for each software release, see Converged Campus Technical Solution Guide —...
Page 114 Layer 2 loop prevention Planning and Engineering — Network Design November 2010...
Page 115: Chapter 10: Layer 3 Network Design
Configuration — IP Routing, NN46205-523. VRF Lite route redistribution Using VRF Lite, the Avaya Ethernet Routing Switch 8800/8600 can function as many routers; each Virtual Router and Forwarder (VRF) autonomous routing engine works independently. Planning and Engineering — Network Design...
Page 116: Vrf Lite Capability And Functionality
Layer 3 network design Normally, no route leak occurs between different VRFs. Sometimes users may have to redistribute OSPF or RIP routes from one VRF to another. The route redistribution option facilitates the redistribution or routes. If you enable route redistribution between two VRFs, ensure that the IP addresses do not overlap.
Page 117 VRF Lite Figure 36: VRF Lite example The following figure shows how VRF Lite can be used in an SMLT topology. VRRP is used between the two bottom routers. Figure 37: VRRP and VRF in SMLT topology The following figure shows how VRF Lite can be used in an RSMLT topology. Planning and Engineering —...
Page 118 Layer 3 network design Figure 38: Router redundancy for multiple routing instances (using RSMLT) The following figure shows how VRFs can interconnect through an external firewall. Figure 39: Inter-VRF forwarding based on external firewall Although customer data separation into Layer 3 virtual routing domains is usually a requirement, sometimes customers must access a common network infrastructure.
Page 119: Virtual Router Redundancy Protocol
Virtual Router Redundancy Protocol The following figure shows inter-VRF forwarding. In this solution, routing policies can be used to leak IP subnets from one VRF to another. Filters can be used to restrict access to certain protocols. This enables hub-and-spoke network designs for, for example, VoIP gateways. Figure 40: Inter VRF communication, internal inter-VRF forwarding Virtual Router Redundancy Protocol The Virtual Router Redundancy Protocol (VRRP) provides a backup router that takes over if...
Page 120 Layer 2 switching on the IST to deliver traffic to the VRRP master for routing. To allow both VRRP switches to route traffic, Avaya has created an extension to VRRP, BackupMaster, that creates an active-active environment for routing. With BackupMaster enabled on the backup router, the backup router no longer switches traffic to the VRRP Master.
Page 121: Vrrp And Stg
In some cases, setting the VRRP hold down timer to a minimum of 1.5 times the IGP convergence time is sufficient. For OSPF, Avaya recommends that you use a value of 90 seconds if using the default OSPF timers.
Page 122: Vrrp And Icmp Redirect Messages
45 seconds. After spanning tree reconvergence, VRRP can take a few more seconds to failover. Rather than configuring STG with VRRP, Avaya recommends that you enable SMLT with VRRP to simplify the network configuration and reduce the failover time. For more information about...
Page 123: Ipv6 Vrrp
To avoid excessive ICMP redirect messages if network clients do not recognize ICMP redirect messages, Avaya recommends the network design shown in the following figure. Ensure that the routing path to the destination through both routing switches has the same metric to the destination.
Page 124 ND traffic. This is especially so when there are many hosts all trying to determine the reachability of one of more routers. To provide fast failover of a default router for IPv6 LAN hosts, the Avaya Ethernet Routing Switch 8800/8600 supports the Virtual Router Redundancy Protocol (VRRP v3) for IPv6 (defined in draft-ietf-vrrp-ipv6-spec-08.txt).
Page 125: Vrrp Versus Rsmlt For Default Gateway Resiliency
A better alternative than VRRP with BackupMaster is to use RSMLT L2 Edge. For Release 5.0 and later, Avaya recommends that you use an RSMLT L2 Edge configuration, rather than VRRP with BackupMaster, for those products that support RSMLT L2 Edge.
Page 126: Subnet-Based Vlan Guidelines
Layer 3 network design RSMLT L2 Edge provides: • Greater scalability—VRRP scales to 255 instances, while RSMLT scales to the maximum number of VLANs. • Simpler configuration—Simply enable RSMLT on a VLAN; VRRP requires virtual IP configuration, along with other parameters. For connections in pure Layer 3 configurations (using a static or dynamic routing protocol), a Layer 3 RSMLT configuration is recommended over VRRP.
Page 127: Pppoe-Based Vlan Design Example
8800/8600). • Each user is assigned their own VLAN. • Each user has two VLANs when directly connected to the Avaya Ethernet Routing Switch 8800/8600: one for IP traffic and the other for PPPoE traffic. • PPPoE bridged traffic preserves user VLANs.
Page 128 • The connection between the Layer 2 switch and the Ethernet Routing Switch 8800/8600 can be a single port connection or a MultiLink Trunk (MLT) connection. • Ethernet Routing Switch 8800/8600 ports connected to the user side (Users 1, 2, and 3) and the routed network are routed ports.
Page 129: Indirect Connections
PPPoE-based VLAN design example Indirect connections The following figure shows a switch using routable port-based VLANs for indirect connections. When configured in this way: • Port P1 provides a connection to the Layer 2 switch. Port P1 is configured for tagging. All P1 ingress and egress packets are tagged (the packet type can be either PPPoE or IP).
Page 130: Direct Connections
Figure 47: Indirect PPPoE and IP configuration Direct connections To directly connect to the Avaya Ethernet Routing Switch 8800/8600, a user must create two protocol-based VLANs on the port: one for PPPoE traffic and one for IP traffic (see the following figure).
Page 131: Border Gateway Protocol
Border Gateway Protocol For the direct connections, protocol-based VLANs (IP and PPPoE) are required to achieve traffic separation. The disabling of routing on each port is not required because routed IP VLANs are not configured on port 2 (they are for indirect connections). Figure 48: Direct PPPoE and IP configuration Border Gateway Protocol Use Border Gateway Protocol (BGP) to ensure that the switch can communicate with other...
Page 132: Bgp Scaling
Layer 3 network design To use BGP, you must have Ethernet Routing Switch 8800/8600 software version 3.3 or later installed. BGP is supported on all interface modules. For large BGP environments, Avaya recommends that you use the 8692 SF/CPU. BGP Equal-Cost Multipath (ECMP) allows a BGP speaker to perform route balancing within an AS by using multiple equal-cost routes submitted to the routing table by OSPF or RIP.
Page 133: Bgp And Other Vendor Interoperability
By using BGP, you can perform Internet peering directly between the Avaya Ethernet Routing Switch 8800/8600 and another edge router. In such a scenario, you can use each Avaya Ethernet Routing Switch 8800/8600 for aggregation and peer it with a Layer 3 edge router, as shown in the following figure.
Page 134 Figure 49: BGP and Internet peering In cases where the Internet connection is single-homed, to reduce the size of the routing table, Avaya recommends that you advertise Internet routes as the default route to the IGP. Routing domain interconnection with BGP You can implement BGP so that autonomous routing domains, such as OSPF routing domains, are connected.
Page 135 Border Gateway Protocol Figure 51: BGP and edge aggregation BGP and ISP segmentation You can use the switch as a peering point between different regions or ASs that belong to the same ISP. In such cases, you can define a region as an OSPF area, an AS, or a part of an AS. You can divide the AS into multiple regions that each run different Interior Gateway Protocols (IGP).
Page 136 Layer 3 network design Figure 52: Multiple regions separated by IBGP In this figure, consider the following: • The AS is divided into three regions that each run different and independent IGPs. • Regions are logically interconnected via a full-mesh IBGP, which also provides Internet connectivity.
Page 137: Ipv6 Bgp
IPv6 routes using BGPv4 peering. BGP+ is an extension of BGPv4 for IPV6. Note that the Ethernet Routing Switch 8800/8600 BGP+ support is not an implementation of BGPv6. Native BGPv6 peering uses the IPv6 Transport layer (TCPv6 ) for establishing the Planning and Engineering —...
Page 138: Open Shortest Path First
This section describes some general design considerations and presents a number of design scenarios for OSPF. For more information about OSPF and a list of OSPF commands see Avaya Ethernet Routing Switch 8800/8600 Configuration — OSPF and RIP, NN46205-522.
Page 139: Ospf Scaling Guidelines
OSPF scaling guidelines For information about OSPF scaling numbers, see Table 5: Supported scaling capabilities page 27 and Avaya Ethernet Routing Switch 8800/8600 Release Notes, NN46205-402. The Release Notes take precedence over this document. OSPF LSA limits To determine OSPF link state advertisement (LSA) limits: 1.
Page 140: Ospf Design Guidelines
The enabling of ICMP unreachable message generation on the switch may result in a high CPU utilization rate. To avoid high CPU utilization, Avaya recommends that you use a black hole static route configuration. The black hole static route is a route (equal to the OSPF summary route) with a next-hop of 255.255.255.255.
Page 141 Open Shortest Path First Figure 55: Example 1: OSPF on one subnet in one area The routers in example 1 have the following settings: • S1 has an OSPF router ID of 1.1.1.1, and the OSPF port is configured with an IP address of 192.168.10.1.
Page 142 Layer 3 network design Figure 56: Example 2: OSPF on two subnets in one area The routers in example 2 have the following settings: • S1 has an OSPF router ID of 1.1.1.1, and the OSPF port is configured with an IP address of 192.168.10.1.
Page 143 IP address, subnet mask, and VLAN ID for the OSPF port, and enable OSPF on the port. The three switches exchange Hello packets. In an environment with a mix of Cisco and Avaya switches/routers, you may need to manually modify the OSPF parameter RtrDeadInterval to 40 seconds. Planning and Engineering — Network Design...
Page 144: Ip Routed Interface Scaling
Layer 3 network design IP routed interface scaling The Avaya Ethernet Routing Switch 8800/8600 supports up to 1972 IP routed interfaces using SF/CPUs that have 256 MB of memory. You can upgrade SF/CPUs that do not have 256 MB by using the memory upgrade kit (Part # DS1404015).
Page 145: Ipv6 Requirements
27. Transition mechanisms for IPv6 The Avaya Ethernet Routing Switch 8800/8600 helps networks transition from IPv4 to IPv6 by using three primary mechanisms: • Dual Stack mechanism, where the IPv4 and IPv6 stacks can communicate with both IPv6 and IPv4 devices •...
Page 146 IPv6 address prefix for your site. Your ISP also provides you with the required destination IPv4 address for the exit point of the tunnel. The following figure shows a manually-configured tunnel. For more information, see Avaya Ethernet Routing Switch 8800/8600 Configuration — IPv6 Routing Operations, NN46205-504. Figure 58: IPv6 tunnels Because each tunnel exists between only two routing switches and is independently managed, additional tunnels are required whenever you add new routing switches.
Page 147: Chapter 11: Multicast Network Design
Use multicast routing protocols to efficiently distribute a single data source among multiple users in the network. This section provides information about designing networks that support IP multicast routing. For more information about multicast routing, see Avaya Ethernet Routing Switch 8800/8600 Configuration — IP Multicast Routing Protocols, NN46205-501.
Page 148: Multicast And Vrf-Lite
Multicast network design General multicast considerations navigation • Multicast and VRF-lite on page 148 • Multicast and Multi-Link Trunking considerations on page 152 • Multicast scalability design rules on page 154 • IP multicast address range restrictions on page 155 •...
Page 149 General multicast considerations Requirements To support multicast virtualization, the Avaya Ethernet Routing Switch 8800/8600 must be equipped with the following: • Release 5.1 (or later) software • Premier Software License • R/RS modules • 8692 SF/CPU with SuperMezz CPU-Daughter card or 8895 SF/CPU Multicast virtualization network scenarios The following figure shows an example of multicast virtualization in an RSMLT topology.
Page 150 Multicast network design Figure 60: Multicast virtualization for Enterprise/Metro network The following figure shows an example of multicast virtualization supporting an end-to-end triple play solution for an MSO/Large Enterprise. Planning and Engineering — Network Design November 2010...
Page 151 General multicast considerations Figure 61: End-to-end triple play solution for MSO/Large Enterprise The following figure shows an example of multicast virtualization in a data center. Planning and Engineering — Network Design November 2010...
Page 152: Multicast And Multi-Link Trunking Considerations
The Avaya Ethernet Routing Switch 8800/8600 can distribute IP multicast streams over links of a multilink trunk. If you need to use several links to share the load of several multicast streams between two switches, use one of the following: •...
Page 153 General multicast considerations Figure 63: Traffic distribution for multicast data The multicast sources S1 to S4 are on different subnets; use different links for every set of sources to send their multicast data. In this case, S1 and S2 send their traffic on a common link (L1) and S3 and S4 use another common link (L2).
Page 154: Multicast Scalability Design Rules
• Whenever possible, group sources should send to the same group in the same subnet. The Avaya Ethernet Routing Switch 8800/8600 uses a single egress forwarding pointer for all sources in the same subnet sending to the same group. Be aware that these streams have separate hardware forwarding records on the ingress side.
Page 155: Ip Multicast Address Range Restrictions
IP. For more information, see Circuitless IP for PIM-SM on page 181. • For faster convergence, Avaya recommends using a static Rendezvous Point (RP) router. IP multicast address range restrictions IP multicast routers use D class addresses, which range from 224.0.0.0 to 239.255.255.255.
Page 156: Multicast Mac Address Mapping Considerations
Multicast network design forwarded by multicast-capable routers. For example, OSPF uses 224.0.0.5 and 224.0.0.6, and VRRP uses 224.0.0.18 to communicate across local broadcast network segments. IANA has also reserved the range of 224.0.1.0 through 224.0.1.255 for well-known applications. These addresses are also assigned by IANA to specific network applications. For example, the Network Time Protocol (NTP) uses 224.0.1.1, and Mtrace uses 224.0.1.32.
Page 157 This increases the load on both the hosts and the switch. To avoid this extra load, Avaya recommends that you manage the IP multicast group addresses used on the network.
Page 158: Dynamic Multicast Configuration Changes
Protocol version 2 mode (IGMPv2) and another router is discovered on the same subnet in IGMPv1 mode, the router must back down to IGMPv1 mode. When the Avaya Ethernet Routing Switch8800/ 8600 detects an IGMPv1-only router, it automatically downgrades from IGMPv2 to IGMPv1 mode.
Page 159: Ttl In Ip Multicast Packets
TTL of 1. Avaya recommends using a TTL value of 33 or 34 to minimize the effect of looping in an unstable network.
Page 160: Multicast Mac Filtering
At a minimum, map the multicast MAC address to a set of ports within the VLAN. In addition, if traffic is routed on the local Avaya Ethernet Routing Switch 8800/8600, you must configure an Address Resolution Protocol (ARP) entry to map the shared unicast IP address to the shared multicast MAC address.
Page 161: Split-Subnet And Multicast
General multicast considerations • Receive access policies are initiated when reports are received with addresses that match the filter criteria. • Transmit access policies are applied when the first packet of a multicast stream is received by the switch. Multicast access policies can be applied to a DVMRP or PIM routed interface if IGMP reports the reception of multicast traffic.
Page 162: Layer 2 Multicast Features
On a Layer 2 VLAN, if at least one host on the VLAN specifies that it is a member of a multicast group, by default, the Avaya Ethernet Routing Switch 8800/8600 forwards to that VLAN all datagrams bearing the multicast address of that group. All ports on the VLAN receive the traffic for that group.
Page 163: Multicast Vlan Registration (Mvr)
8800/8600 Configuration — IP Multicast Routing Protocols (NN46205-501). Multicast VLAN Registration (MVR) On Layer 2 VLANs, the Avaya Ethernet Routing Switch 8800/8600 uses IGMP Snoop to listen for report, leave and query packets, and then creates or deletes multicast groups for receiver ports to receive multicast data streams.
Page 164: Pragmatic General Multicast Guidelines
PGM guarantees that a receiver in a multicast group can receive all data from transmissions and retransmissions or can detect unrecoverable packet loss. The Avaya Ethernet Routing Switch 8800/8600 implements the Network Element part of PGM. Hosts running PGM implement the other PGM features. PGM operates on a session basis, so every session requires state information.
Page 165: Distance Vector Multicast Routing Protocol Guidelines
DVMRP uses the Internet Group Management Protocol (IGMP) to exchange routing packets. For more information about DVMRP, see Avaya Ethernet Routing Switch 8800/8600 Configuration — IP Multicast Routing Protocols, NN46205-501.
Page 166: Dvmrp Design Guidelines
The recommended maximum number of active multicast source/group pairs (S,G) is 2000. Avaya recommends that the number of source subnets multiplied by the number of receiver groups not exceed 500. If you need more than 500 active streams, group senders into the same subnets to achieve higher scalability.
Page 167: Dvmrp Timer Tuning
For faster network convergence in the case of failures or route changes, you may need to change the default values of these timers. If so, Avaya recommends that you follow these rules: • Ensure that all timer values match on all switches in the same DVMRP network. Failure to do so may result in unpredictable network behavior and troubleshooting difficulties.
Page 168 Multicast network design use DVMRP for routing. The goal is to receive and distribute public multicast streams on the private network, while not forwarding private multicast streams to the public network. Given the topology, an appropriate solution is to use an announce policy on the public network interface of Router A.
Page 169 Distance Vector Multicast Routing Protocol guidelines Figure 70: Accept policy on a border router Accept policies are useful when you cannot control routing updates on the neighboring router. For example, a service provider cannot directly control the routes advertised by its neighboring router, so the provider can configure an accept policy to only accept certain agreed-on routes.
Page 170 Multicast network design Do not advertise self policy examples Do not advertise self policies are easier to configure than regular announce policies, while providing a commonly-used policy set. When you enable this feature, DVMRP does not advertise any local interface routes to its neighbors. However, it still advertises routes that it receives from neighbors.
Page 171 Router A. Figure 73: Default route Avaya recommends that you configure announce policies on Routers A and B to suppress the advertisement of all other routes to Router C. Alternatively, you can configure accept policies on Router C to prevent all routes from Router A and Router B, other than the default, from installation in the routing table.
Page 172: Protocol Independent Multicast-Sparse Mode Guidelines
Multicast network design If you must support more than 512 potential sources on separate local interfaces, configure the vast majority as passive interfaces. Ensure that only 1 to 5 total interfaces are active DVMRP interfaces. You can also use passive interfaces to implement a measure of security on the network. For example, if an unauthorized DVMRP router is attached to the network, a neighbor relationship is not formed, and thus, no routing information from the unauthorized router is propagated across the network.
Page 173: Pim General Requirements
171. Important: Avaya does not support more than 80 interfaces and recommends the use of not more than 10 PIM active interfaces in a large-scale configuration of more than 500 VLANs. If you configure more interfaces, they must be passive.
Page 174 Multicast network design • As a redundancy option, you can configure several RPs for the same group in a PIM domain. • As a load sharing option, you can have several RPs in a PIM-SM domain map to different groups. •...
Page 175 Protocol Independent Multicast-Sparse Mode guidelines Figure 74: Example 1 Planning and Engineering — Network Design November 2010...
Page 176: Pim And Shortest Path Tree Switchover
Other vendors may offer a configurable threshold, such as a certain bit rate at which the SPT switch-over occurs. Regardless of their implementation, no interoperability issues with the Avaya Ethernet Routing Switch 8800/8600 result. Switching to and from the shared and shortest path trees is independently controlled by each downstream router. Upstream routers relay Joins and Prunes upstream hop-by-hop, building the desired tree as they go.
Page 177: Pim Traffic Delay And Smlt Peer Reboot
Protocol Independent Multicast-Sparse Mode guidelines PIM traffic delay and SMLT peer reboot PIM uses a Designated Router (DR) to forward data to receivers on the DR VLAN. The DR is the router with the highest IP address on a LAN. If this router is down, the router with the next highest IP address becomes the DR.
Page 178 Multicast network design Figure 76: MBR configuration With the Avaya Ethernet Routing Switch 8800/8600 implementation you can place the RP anywhere in the network. The following figure shows a redundant MBR configuration, where two MBR switches connect a PIM to a DVMRP domain. This configuration is not a supported configuration; MBRs that connect two domains should not span the same VLAN on the links connected to the same domain.
Page 179 Protocol Independent Multicast-Sparse Mode guidelines Figure 77: Redundant MBR configuration For a proper redundant configuration, ensure that the links use two separate VLANs (see the following figure). Ensure that the unicast routes and DVMRP routes always point to the same path.
Page 180 Multicast network design Figure 78: Redundant MBR configuration with two separate VLANs The following paragraphs describe a failure scenario possible with this configuration. Assume that switch A has a multicast sender, and switch C has a receiver. The RP is at D. Then, suppose that the unicast route on C allows data to reach source A through B, and that DVMRP tells upstream switch B to reach the source on A.
Page 181: Circuitless Ip For Pim-Sm
If DVMRP and unicast routes diverge while traffic flows, the same problem may occur. As a result, for safe MBR network operation, Avaya recommends that you use the simple design proposed in PIM-SM to DVMRP connection: MBR. MBR and path cost considerations When using the MBR to connect PIM-SM domains to DVMRP domains, ensure that the unicast path cost metric is not greater than 32, or issues may occur in the network.
Page 182 Avaya Ethernet Routing Switch 8800/8600 PIM-SM RP and BSR. You can use the static RP feature to interoperate in this environment. For example, in a mixed-vendor network, you can use auto- RP among routers that support the protocol, while other routers use static RP.
Page 183 For quick convergence, Avaya recommends that you use a link state protocol, such as OSPF. For example, if you are using RIP as the routing protocol, an RP failure may take minutes to detect. Depending on the application, this situation can be unacceptable.
Page 184 Multicast network design Avaya recommends that you always enable the specific route option for any SMLT/RSMLT cluster running PIM-SM with static RPs because of the implementation of the internal-only default static route on the IST. This resolution applies only to static RP configurations, not to C-RP configurations.
Page 185: Rendezvous Point Router Considerations
You can place an RP on any switch when VLANs extend over several switches. Indeed, you can place your RP on any switch in the network. However, when using PIM-SM, Avaya recommends that you not span VLANs on more than two switches.
Page 186 Multicast network design complex redundancy and failure scenarios, where each group address has three or more CRPs. • Allow the hash algorithm to assign the blocks of addresses on the network and then view the results using the command show ip pim active-rp Use the command output to assign multicast group addresses to senders that are located near the indicated RP.
Page 187: Pim-Sm Receivers And Vlans
Protocol Independent Multicast-Sparse Mode guidelines hash mask of 255.255.255.252 is used. Static RP configurations do not use the BSR hash mask; they use the default hash mask. For example: RP1 = 128.10.0.54 and RP2 = 128.10.0.56. The group prefix for both RPs is 238.0.0.0/255.0.0.0.
Page 188: Pim Network With Non-Pim Interfaces
B to A. Switch A discards the data on the second path (assuming the upstream source is A to C). To avoid this waste of resources, Avaya recommends that you do not place receivers on V1. This guarantees that no traffic flows between B and A for receivers attached to A. In this case, the existence of the receivers is only learned through PIM Join messages to the RP [for (*,G)] and of the source through SPT Joins.
Page 189: Protocol Independent Multicast-Source Specific Multicast Guidelines
Protocol Independent Multicast-Source Specific Multicast guidelines If the shortest path from C to the source is through switch B, and the interface between C and B does not have PIM-SM enabled, then C cannot switch to the SPT. C discards data that comes through the shared path tree (that is, through A).
Page 190: Igmpv3 And Pim-Ssm Operation
SSM channels table, the switch drops the report. RP Set configuration considerations When you configure RP sets (C-RPs or static RPs), Avaya recommends as best practice not to configure multiple entries that each specify a unique group, but instead specify a range of groups when possible, thereby decreasing the number of entries required.
Page 191: Msdp
MSDP • One group in the SSM range can have a single source for a given SSM group. • You can have different sources for the same group in the SSM range (different channels) if they are on different switches. Two different devices in a network may want to receive data from a physically closer server for the same group.
Page 192: Peers
Multicast network design Figure 84: MSDP operation between peers MSDP routers cache SA messages by default. The cache reduces join latency for new receivers and reduces storms by advertising from the cache at a period of no more than twice for the SA advertisement timer interval and not less than once for the SA advertisement period.
Page 193: Msdp Configuration Considerations
(MIB) as described in RFC 4624. Static mroute The Avaya Ethernet Routing Switch 8800/8600 supports a static IP route table to separate the paths for unicast and multicast streams. Only multicast protocols use this table. Adding a route to this table does not affect the switching or routing of unicast packets.
Page 194 Multicast network design Figure 85: Static mroute The system does not advertise or redistribute routes from the multicast-static IP route table. The system uses these routes only for RPF calculation. The system uses the following rules to determine RPF: • Direct or local routes for a destination take precedence over a route for the same destination in the static route table.
Page 195: Dvmrp And Pim Comparison
DVMRP and PIM comparison DVMRP and PIM comparison DVMRP and PIM have some major differences in the way they operate and forward IP multicast traffic. Choose the protocol that is better adapted to your environment. If necessary, you can use a mix of the two protocols in different sections of the network and link them together with the MBR feature.
Page 196: Convergence And Timers
Multicast network design unicast routing protocols to build its routing table, so its paths are always linked to unicast paths. In DVMRP, multicast route policies can be applied regardless of any existing unicast route policies. PIM must follow unicast routing policies, which limits flexibility in tuning PIM routes. PIM-SM can scale to the unicast routing protocol limits (several thousand), whereas DVMRP has limited route scaling (two to three thousand) because of the nature of its RIPv2-based route exchange.
Page 197: Igmp And Dvmrp Interaction
IGMP and routing protocol interactions IGMP and routing protocol interactions navigation • IGMP and DVMRP interaction on page 197 • IGMP and PIM-SM interaction on page 198 IGMP and DVMRP interaction This section describes a possible problem that can arise when IGMP Snoop and DVMRP interact.
Page 198: Igmp And Pim-Sm Interaction
The following sections provide configuration guidelines for multicast SMLT networks. For more information about SMLT topologies, see SMLT topologies on page 87 or Avaya Ethernet Routing Switch 8800/8600 Configuration — Link Aggregation, MLT, and SMLT, NN46205-518. Multicast and SMLT guidelines navigation •...
Page 199: Triangle Topology Multicast Guidelines
To avoid using an external querier to provide correct handling and routing of multicast traffic to the rest of the network, Avaya recommends that you use the triangle design with IGMP Snoop at the client switches. Then use multicast routing (DVMRP or PIM) at the aggregation switches as shown in the following figure.
Page 200: Square And Full-Mesh Topology Multicast Guidelines
IST. Although, in general, routing protocols should not run overan IST, multicast routing protocols are an exception. In a single PIM domain with an MBR (Multicast Border Router), Avaya does not support a configuration of DVMRP in a triangle SMLT and PIM-SM in a square SMLT.
Page 201 Multicast and SMLT guidelines Figure 88: Unicast route example In this example, the unicast route table on 8600A learns the BSR on 8600B through VLAN 102 via OSPF. The BSR is either not learned or does not provide the RP to 8600A. Another traffic issue can occur when the path to a source network on the aggregation switches is the same for both switches.
Page 202 Multicast network design Figure 89: Multicast and SMLT design that avoids duplicate traffic Assume that the source network is 10.10.10.0/24, switches A and B know the DVMRP metric for the IST interface, the interfaces towards NETWORK are all configured as 10, and the total cost to the source is the same.
Page 203: Pim-Ssm Over Smlt/Rsmlt
The following figure shows a triangle topology in which all the Ethernet Routing Switch 8800/8600s are running PIM-SSM at the core, and the Ethernet Routing Switch 8300 and the stackable Ethernet Routing Switches (5xxx/4500/2500) are also running PIM-SSM at the edge.
Page 204 Ethernet Routing Switches (5xxx/4500/2500) running PIM-SSM at the edge. In this case, however, the Ethernet Routing Switch 8800/8600s are running PIM-SM in the core. With the extended VLANs from the SSM edge to the SM core, the operating version of the interfaces in the core must be IGMPv2.
Page 205 The following figure shows a square or full mesh topology in which one Ethernet Routing Switch 8800/8600 IST pair is running PIM-SSM in the core, and the other IST pair is running Layer 2 IGMP. The Ethernet Routing Switch 8300 and the stackable Ethernet Routing Switches (5xxx/ 4500/2500) are also running Layer 2 IGMP at the edge.
Page 206 The following figure shows a square or full mesh topology in which both Ethernet Routing Switch 8800/8600 IST pairs are running PIM-SSM and RSMLT in the core. The Ethernet Routing Switch 8300 and the stackable Ethernet Routing Switches (5xxx/4500/2500) are running Layer 2 IGMP at the edge.
Page 207 The following figure shows a square or full mesh topology in which both Ethernet Routing Switch 8800/8600 IST pairs are running PIM-SSM and RSMLT in the core. The Ethernet Routing Switch 8300 and the stackable Ethernet Routing Switches (5xxx/4500/2500) are running PIM-SSM at the edge.
Page 208: Static-Rp In Smlt Using The Same Clip Address
Multicast network design Figure 94: Square/full mesh topology with PIM-SSM edge and PIM-SSM core with RSMLT Static-RP in SMLT using the same CLIP address In a normal PIM SMLT network, in the event of a failed or unreachable RP, all (S,G) entries are deleted from the network because of the unreachable RP.
Page 209 Multicast and SMLT guidelines Figure 95: Static-RP in SMLT using the same CLIP address In the preceding figure, the multicast traffic flows as follows: 1. The multicast server sends multicast data towards the Source DR (SDR) SW_A. 2. The SDR sends register messages with encapsulated multicast data towards the 3.
Page 210: Multicast For Multimedia
For TV applications, you can attach several TV sets directly, or through Business Policy Switch 2000, to the Avaya Ethernet Routing Switch 8800/8600. Base this implementation on IGMP; the set-top boxes use IGMP reports to join a TV channel and IGMP Leaves to exit the channel.
Page 211: Fast Leave
Multicast for multimedia Important: For IGMPv3, Avaya recommends that you ensure a Join rate of 250 per second or less. If the Avaya Ethernet Routing Switch 8800/8600 must process more than 250 Joins per second, users may have to resend Joins.
Page 212: Internet Group Membership Authentication Protocol
Test that value to ensure that it provides the best performance. Important: In networks that have only one user connected to each port, Avaya recommends that you use the Fast Leave feature instead of LMQI, since no wait is required before the stream stops.
Page 213: Igap And Mlt
The following figure shows an IGAP member connected to an Avaya Ethernet Routing Switch 8800/8600 edge switch (R1) that has two MLT links. The MLT links provide alternative routes to the RADIUS authentication server and the Content Delivery Network (CDN) server.
Page 214 Multicast network design Figure 96: Avoiding an interruption of IGAP traffic The following scenario shows how a potential traffic interruption can occur: 1. An authenticated IGAP member receives multicast traffic. Accounting starts. 2. R1 uses MLT1 to transfer data and accounting messages. 3.
Page 215 Internet Group Membership Authentication Protocol To avoid traffic loss if you must disable an MLT link, use the following workaround: • Enable Equal Cost Multicast Protocol (ECMP) on the edge switch (R1) and on both of the CDN switches (R2 and R3). •...
Page 216 Multicast network design Planning and Engineering — Network Design November 2010...
Page 217: Chapter 12: Mpls Ip Vpn And Ip Vpn Lite
Chapter 12: MPLS IP VPN and IP VPN Lite The Avaya Ethernet Routing Switch 8800/8600 supports Multiprotocol Label Switching (MPLS) and IP Virtual Private Networks (VPN) to provide fast and efficient data communications. In addition, to support IP VPN capabilities without the complexities associated with MPLS deployments, the Ethernet Routing Switch 8800/8600 supports IP VPN Lite.
Page 218: Mpls Overview
(that is, each label corresponds to a FEC). Operation of MPLS IP VPN MPLS IP-VPN enabled routers use two labels as shown in the following figure. The Avaya Ethernet Routing Switch 8800/8600 uses LDP for IP VPN. LDP generates and distributes an outer label referred as a tunnel label, which is in fact the LSP.
Page 219 To support this capability, the PE router must maintain separate forwarding routing tables. To provide multiple independent IPv4 routing and forwarding tables, the Ethernet Routing Switch 8800/8600 supports a default routing instance (VRF0) and up to 255 Virtual Routing and Forwarding (VRF) instances (VRF1 to VRF255).
Page 220 MPLS IP VPN and IP VPN Lite still ensuring that routes from different customers and IP VPNs are kept separate and any identical IPv4 routes originating from two different customers can both be advertised and kept separate. This is achieved through the use of iBGP peering between the PE nodes. These iBGP sessions are terminated on a single circuitless IP (CLIP) interface (belonging to the Backbone Global Routing Table (GRT) on the PE nodes.
Page 221: Route Distinguishers
Route distinguishers Route distinguishers PE routers use BGP to allow distribution of VPN routes to other PE routers. BGP Multiprotocol Extensions (BGP-MP) allows BGP to forward routes from multiple address families, in this case, VPN-IPv4 addresses. The BGP-MP address contains a 12-byte VPN-IPv4 address which in turn contains an 8-byte Route Distinguisher (RD) and a 4-byte IPv4 address.
Page 222: Route Targets
MPLS IP VPN and IP VPN Lite Route targets When an VPN-IPv4 route advertised from a PE router is learned by a given PE router, it is associated with one or more Route Target (RT) attributes. The RT, which is configured on the PE router as either import, export, or both, is the glue which determines whether a customer VPN-IPv4 route being advertised by one PE router can be accepted by another remote PE router resulting in the formation of a logical IP VPN end to end.
Page 223: Ip Vpn Requirements And Recommendations
VPN tunnel dampening is not supported. The Ethernet Routing Switch 8800/8600 requires that a unique VRF be associated with a unique VPN in a single PE device. This means that no two VRFs are attached to the same VPN, thus requiring forwarding between VRFs in single PE. All the CE devices that belong to a single VPN in a single PE device must be part of a single VRF.
Page 224: Ip Vpn Prerequisites
IP VPN deployment scenarios When the Avaya Ethernet Routing Switch 8800/8600 is used as a PE device, the following are the means by which a CE device can connect to PE device: •...
Page 225: Mpls Interoperability
MPLS interoperability When the Ethernet Routing Switch 8800/8600 is used as a PE device, the following are the means by which a PE device can connect to a provider core device: • One PE connect to a single provider core router using a single GbE, 10 GbE, or 10/100/1000 Mbit/s port.
Page 226: Ip Vpn Lite
When this second CLIP address is configured it must also be enabled for IP VPN services. With Avaya IP VPN-Lite, the RD is now used to convey one extra piece of information over and above its intended use within the RFC 4364 framework. In the RFC, the only purpose of the RD is to ensure that identical IPv4 routes from different customers are rendered unique so that BGP can treat them as separate VPN-IPv4 routes.
Page 227 While MPLS struggles to achieve these goals and only does so by bringing in exponential complexity, Avaya IP VPN-Lite can simply leverage these capabilities from either a pure IP OSPF routed core where ECMP is enabled or a network core designed with Avaya SMLT/RSMLT clustering.
Page 228: Ip Vpn Lite Deployment Scenarios
• the forwarding plane to encapsulate the customer IP packet into the revise IP header IP VPN Lite deployment scenarios The following sections describe how you can use the IP VPN Lite capability on the Avaya Ethernet Routing Switch 8800/8600 to design a sample network interconnecting five separate sites while meeting the following requirements: •...
Page 229: Smlt Design
To meet the design requirements, an Avaya Ethernet Routing Switch 8800/8600 is deployed at each site. As shown in the following figure, the five Ethernet Routing Switch 8800/8600s are interconnected using 10 gigabit Ethernet links in an SMLT cluster configuration. The Ethernet...
Page 230: Layer 2 Vpn Design
Please note that any Layer 2 VLANs that are added to this design must always be configured on both main sites 1 and 2 (the SMLT IST cluster) but only on the Avaya Ethernet Routing Switch 8800/8600 SMLT edge switches that require the VLANs. In this example, VLAN 12 is added to the SMLT IST cluster switches at sites 1 and 2 and then added at Sites 3 and 5.
Page 231: Inter-Site Igp Routing Design
As shown in the following figure, Layer 3 IGP connectivity between all five sites is provided using two routed VLANs where an OSPF backbone area is enabled on all five Avaya Ethernet Routing Switch 8800/8600s. This routing instance constitutes the default routing instance of the Avaya Ethernet Routing Switch 8800/8600 platform which is know as the Global Routing Table (GRT) or VRF0.
Page 232: Layer 3 Vpn Design
The Layer 3 VPNs are implemented using Avaya IP VPN Lite. To provide address space for the IPinIP encapsulation, each Avaya Ethernet Routing Switch 8800/8600 is also configured with a second CLIP network address (the Service IP) which is created using a 24-bit mask rather than a host 32-bit mask.
Page 233: Internet Layer 3 Vpn Design
Internet Layer 3 VPN design The two Avaya Ethernet Routing Switch 8800/8600s in the main sites 1 and 2 also have a third CLIP address (also a Service IP) which is made the same at both sites. This CLIP address also uses a 24-bit mask and is only used for IPinIP encapsulated Layer 3 VPN traffic destined for the Internet.
Page 234 MPLS IP VPN and IP VPN Lite Planning and Engineering — Network Design November 2010...
Page 235: Chapter 13: Layer 1, 2, And 3 Design Examples
This section provides examples to help you design your network. Layer 1 examples deal with the physical network layouts; Layer 2 examples map Virtual Local Area Networks (VLAN) on top of the physical layouts; and Layer 3 examples show the routing instances that Avaya recommends to optimize IP for network redundancy.
Page 236 Layer 1, 2, and 3 design examples Figure 109: Layer 1 design example 1 All the Layer 1 redundancy mechanisms are described in example 2. Planning and Engineering — Network Design November 2010...
Page 237 Layer 1 examples Figure 110: Layer 1 design example 2 Planning and Engineering — Network Design November 2010...
Page 238: Layer 2 Examples
Layer 1, 2, and 3 design examples Figure 111: Layer 1 design example 3 Layer 2 examples The following figures are a series of Layer 2 network design examples that map VLANs over the physical network layout. Example 1 shows a redundant device network that uses one VLAN for all switches. To support multiple VLANs, 802.1Q tagging is required on the links with trunks.
Page 239 Layer 2 examples Figure 112: Layer 2 design example 1 Example 2 depicts a redundant network using Split MultiLink Trunking (SMLT). This layout does not require the use of Spanning Tree Protocol: SMLT prevents loops and ensures that all paths are actively used. Each wiring closet (WC) can have up to 8 Gbit/s access to the core. This SMLT configuration example is based on a three-stage network.
Page 240 Layer 1, 2, and 3 design examples Figure 113: Layer 2 design example 2 Planning and Engineering — Network Design November 2010...
Page 241 Layer 2 examples Figure 114: Layer 2 design example 3 In Example 3, a typical SMLT ID setup is shown. Because SMLT is part of MLT, all SMLT links have an MLT ID. The SMLT and MLT ID can be the same, but this is not necessary.
Page 242: Layer 3 Examples
Figure 115: Layer 2 design example 4 Layer 3 examples The following figures are a series of Layer 3 network design examples that show the routing instances that Avaya recommends you use to optimize IP for network redundancy. Planning and Engineering — Network Design November 2010...
Page 243 Layer 3 examples Figure 116: Layer 3 design example 1 Planning and Engineering — Network Design November 2010...
Page 244 Layer 1, 2, and 3 design examples Figure 117: Layer 3 design example 2 In the following figures, DGW denotes Data GateWay. Planning and Engineering — Network Design November 2010...
Page 245 Layer 3 examples Figure 118: Layer 3 design example 3 Planning and Engineering — Network Design November 2010...
Page 246 Layer 1, 2, and 3 design examples Figure 119: Layer 3 design example 4 Planning and Engineering — Network Design November 2010...
Page 247: Rsmlt Redundant Network With Bridged And Routed Vlans In The Core
RSMLT redundant network with bridged and routed VLANs in the core RSMLT redundant network with bridged and routed VLANs in the core In some networks, it is required or desired that a VLAN be spanned through the core of a network (for example, a VoIP VLAN or guest VLAN) while routing other VLANs to reduce the amount of broadcasts or to provide separation.
Page 248 To reduce network convergence time in case of a failure in a network with multiple IP client stations, Avaya recommends that you distribute the ARP request/second load to multiple IP routers/switches. Enabling routing at the access layer distributes the ARP load, which reduces the IP subnet sizes.
Page 249: Chapter 14: Network Security
55. Without redundancy, all services can be brought down. To provide additional network security, you can use the Avaya Contivity VPN product suite, the Shasta 5000 BSN, or the Ethernet Routing Switch Firewall and Intrusion Sensor. They offer differing levels of protection against Denial of Service (DoS) attacks through either third party IDS partners, or through their own high-performance stateful firewalls.
Page 250: Broadcast And Multicast Rate Limiting
Directed broadcast suppression protects hosts from possible DoS attacks. To prevent the flooding of other networks with DoS attacks, such as the Smurf attack, the Avaya Ethernet Routing Switch 8800/8600 is protected by directed broadcast suppression. This feature is enabled by default.
Page 251: Arp Request Threshold Recommendations
To avoid excessive amounts of subnet scanning caused by a virus (like Welchia), Avaya recommends that you change the ARP request threshold to a value between 100 to 50. This helps to protect the CPU from causing excessive ARP requests, helps to protect the network, and lessens the spread of the virus to other PCs.
Page 252: Multicast Learning Limitation
From Release 3.5.0 and later, you can access the ARP request threshold feature through the CLI. For more information about the config ip arp arpreqthreshold command, see Avaya Ethernet Routing Switch 8800/8600 Configuration — IP Routing Operations, NN46205-523. Multicast Learning Limitation The Multicast Learning Limitation feature protects the CPU from multicast data packet bursts generated by malicious applications.
Page 253: Packet Spoofing
Damage prevention Packet spoofing You can stop spoofed IP packets by configuring the switch to only forward IP packets that contain the correct source IP address of your network. By denying all invalid source IP addresses, you minimize the chance that your network is the source of a spoofed DoS attack. A spoofed packet is one that comes from the Internet into your network with a source address equal to one of the subnet addresses used on your network.
Page 254: High Secure Mode
8800/8600 Configuration — QoS and IP Filtering for R and RS Modules, NN46205-507. High Secure mode To ensure that the Avaya Ethernet Routing Switch 8800/8600 does not route packets with an illegal source address of 255.255.255.255 (in accordance with RFC 1812 Section 4.2.2.11 and RFC 971 Section 3.2), you can enable High Secure mode.
Page 255: Security And Redundancy
Configuration — VLANs and Spanning Tree (NN46205-517). Security and redundancy Redundancy in hardware and software is one of the key security features of the Avaya Ethernet Routing Switch 8800/8600. High availability is achieved by eliminating single points of failure in the network and by using the unique features of the Avaya Ethernet Routing Switch 8800/8600 including: •...
Page 256: Eap
This adds additional security based on a logon and password. The Avaya Optivity Policy Server supports 802.1x EAP authentication against RADIUS and other authentication, authorization, and accounting (AAA) repositories. This support helps authenticate the user, grants access to specific applications, and provides real time policy provisioning capabilities to mitigate the penetration of unsecured devices.
Page 257: Vlans And Traffic Isolation
The Sygate LAN Enforcer or the Avaya VPN TunnelGuard enables the Avaya Ethernet Routing Switch 8800/8600 to use the 802.1x standard to ensure that a user connecting from inside a corporate network is legitimate. The LAN Enforcer/TunnelGuard also checks the endpoint security posture, including anti-virus, firewall definitions, Windows registry content, and specific file content (plus date and size).
Page 258: Dhcp Snooping
Network security DHCP snooping Dynamic Host Configuration Protocol (DHCP) snooping provides security to the network by preventing DHCP spoofing. DHCP spoofing refers to an attacker’s ability to respond to DHCP requests with false IP information. DHCP snooping acts like a firewall between untrusted hosts and the DHCP servers so that DHCP spoofing cannot occur.
Page 259: Dynamic Arp Inspection (Dai)
• port You can also configure static DHCP binding entries. Dynamic binding entries are lost after a restart. For more information about DHCP snooping, see Avaya Ethernet Routing Switch 8800/8600 Security (NN46205-601). Dynamic ARP Inspection (DAI) Dynamic ARP Inspection (DAI) is a security feature that validates ARP packets in the network.
Page 260: Ip Source Guard
DHCP snooping and untrusted for Dynamic ARP Inspection. IP Source Guard cannot be enabled on MLT/SMLT ports. For more information about IP Source Guard, see Avaya Ethernet Routing Switch 8800/8600 Security (NN46205-601). Security at layer 2...
Page 261: Security At Layer 3: Filtering
At Layer 3 and above, the Avaya Ethernet Routing Switch 8800/8600 provides enhanced filtering capabilities as part of its security strategy to protect the network from different attacks. You can configure two types of Classic filters on the Avaya Ethernet Routing Switch 8800/8600: global filters and source/destination address filters.
Page 262: Routing Protocol Security
MD5 keys per interface. You can also use multiple MD5 key configurations for MD5 transitions without bringing down an interface. For more information, see Avaya Ethernet Routing Switch 8800/8600 Configuration — OSPF and RIP, NN46205-522 and Avaya Ethernet Routing Switch 8800/8600 Configuration — BGP Services, NN46205-510.
Page 263: Management Port
Control plane security Management port The Avaya Ethernet Routing Switch 8800/8600 provides an isolated management port on the switch fabric/CPU. This separates user traffic from management traffic in highly sensitive environments, such as brokerages and insurance agencies. By using this dedicated network (see the following figure) to manage the switches, and by configuring access policies (when routing is enabled), you can manage the switch in a secure fashion.
Page 264: Management Access Control
Network security Figure 124: Terminal servers/modem access When it is an absolute necessity for you to access the switch, Avaya recommends that you use this configuration. The switch is always reachable, even if an issue occurs with the in- band network management interface.
Page 265: High Secure Mode
High Secure mode Use High Secure to disable all unsecured application and daemons, such as FTP, TFTP, and rlogin. Avaya recommends that you not use any unsecured protocols. For more information, see High Secure mode. Use Secure Copy (SCP) rather than FTP or TFTP. For more information, see SSHv1/v2 page 270.
Page 266: Radius Authentication
You can configure a list of up to 10 RADIUS servers on the client. If the first server is unavailable, the Avaya Ethernet Routing Switch 8800/8600 tries the second, and then attempts each server in sequence until it establishes a successful connection.
Page 267 Avaya recommends that you use the default value in the attribute-identifier field. If you change the set default value, you must alter the dictionary on the RADIUS server with the new value. To configure the RADIUS feature, you require Read-Write-All access to the switch.
Page 268: Radius Over Ipv6
RADIUS over IPv6 The Avaya Ethernet Routing Switch 8800/8600 supports RADIUS over IPv6 networks to provide security against unauthorized access. For more information about RADIUS over IPv6, see Avaya Ethernet Routing Switch 8800/8600 Security, NN46205-601. TACACS+ Terminal Access Controller Access Control System (TACACS+) is a security application implemented as a client/server-based protocol that provides centralized validation of users attempting to gain access to a router or network access server.
Page 269: Encryption Of Control Plane Traffic
AV pairs. The accounting records are stored on the security server. The accounting data can then be analyzed for network management and auditing. The Avaya Ethernet Routing Switch 8800/8600 supports eight users logged in to the chassis simultaneously with TACACS+.
Page 270: Snmp Header Network Address
SSH guarantees that data is transmitted from the sender to the receiver without any alteration. If any third party captures and modifies the traffic, SSH detects this alteration. The Avaya Ethernet Routing Switch 8800/8600 supports: • SSH version 1, with password and Rivest, Shamir, Adleman (RSA) authentication •...
Page 271: Snmpv3 Support
VPN technology employs IP Security (IPSec) and Secure Sockets Layer (SSL) services. Several Avaya products support IPSec and SSL. Contivity and the Services Edge Router support IPSEC. Contivity supports up to 5000 IPSEC tunnels, and scales easily to support operational requirements.
Page 272: For More Information
Network security For SSL needs, Avaya offers the Integrated Service Director (iSD) SSL Accelerator Module (SAM). The SAM is used by the Web Switching Module (WSM) to decrypt sessions and to make encrypted cookies and URLs visible to the WSM. The SAM offers: •...
Page 273: Chapter 15: Qos Design Guidelines
(latency), and packet delay variation (jitter). For more information about fundamental QoS mechanisms, and how to configure QoS, see Avaya Ethernet Routing Switch 8800/8600 Configuration — QoS and IP Filtering for R and RS Modules, NN46205-507. Navigation •...
Page 274: Qos Classification And Mapping
An internal QoS level is assigned to each packet that enters an Ethernet Routing Switch 8800/8600 port. Once the QoS level is set, the egress queue is determined and the packet is transmitted. The mapping of QoS levels to queue is a hard-coded 1-to-1 mapping.
Page 275 The Avaya QoS strategy simplifies QoS implementation by providing a mapping of various traffic types and categories to a Class of Service. These service classes are termed Avaya Data Solutions Service Classes (ADSSC). The following table provides a summary of the mappings and their typical traffic types.
Page 276: Qos And Queues
The egress priority and discard priority are commonly referred to as latency and drop precedence, respectively. Each port on the Avaya Ethernet Routing Switch 8800/8600 has eight (or 64, depending on the module) egress queues. Each queue is associated with an egress priority. Some queues are designated as Strict Priority queues, which means that they are guaranteed service, and some are designated as Weighted Round Robin (WRR) queues.
Page 277 QoS mechanisms This decision-making process is outlined in the following figure. Figure 129: Filter decision-making process R series module filters Advanced filters are provided for R series modules through the use of Access Control Templates (ACT), Access Control Lists (ACL), and Access Control Entries (ACE), which are implemented in software.
Page 278: Policing And Shaping
QoS design guidelines You can configure a maximum of 1000 ACEsper port for ingress and egress. The Avaya Ethernet Routing Switch 8800/8600 supports a maximum of 4000 ACEs. For each ACL, a maximum of 500 ACEsare supported. When you configure R series module filters, keep the following scaling limits in mind.
Page 279: Provisioning Qos Networks Using R Series Modules
Rate metering can only be performed on a Layer 3 basis. Traffic shapers buffer and delay violating traffic. These operations occur at the egress queue set level. The Ethernet Routing Switch 8800/8600 supports traffic shaping at the port level and at the per-transmit-queue level for outgoing traffic.
Page 280: Trusted And Untrusted Interfaces
QoS design guidelines Trusted and untrusted interfaces You can set an interface as trusted (core) or untrusted (access). Use a trusted interfaces (core) to mark traffic in a specific way, and to ensure that packets are treated according to the service level of those markings. Use a core setting when control over network traffic prioritization is required.
Page 281: Bridged And Routed Traffic
Figure 131: Access port QoS actions Bridged and routed traffic In a service provider network, access nodes use the Avaya Ethernet Routing Switch 8800/8600 configured for bridging. In this case, the Ethernet Routing Switch 8800/8600 uses DiffServ to manage network traffic and resources, but some QoS features are unavailable in the bridging mode of operation.
Page 282: Network Congestion And Qos Design
The Avaya Ethernet Routing Switch 8800/8600 has sufficient queue capacity and an efficient queue scheduler to handle bursts of congestion in a seamless and transparent manner. Traffic can burst to over 100% within the...
Page 283: Qos Examples And Recommendations
DiffServ or 802.1p settings. The following cases describe sample QoS design guidelines you can use to provide and maintain high service quality in an Avaya Ethernet Routing Switch 8800/8600 network. Bridged trusted traffic When you set the port to core, you assume that, for all incoming traffic, the QoS setting is properly marked.
Page 284 QoS design guidelines Figure 132: Trusted bridged traffic The following figure shows what happens inside an Ethernet Routing Switch 8800/8600 access node. Packets enter through a tagged or untagged access port, and exit through a tagged or untagged core port.
Page 285 QoS examples and recommendations Figure 133: QoS actions on bridged access ports The following figure shows what happens inside an Ethernet Routing Switch 8800/8600 core node. Packets enter through a tagged or untagged core port, and exit through a tagged or untagged core port.
Page 286: Routed Traffic
When you route traffic over the core network, VLANs are not kept separate. The following case describes QoS design guidelines you can use to provide and maintain high service quality in an Avaya Ethernet Routing Switch 8800/8600 network. Routed trusted traffic When you set the port to core, you assumethat, for all incoming traffic, the QoS setting is properly marked.All core switch ports simply read and forward packets.
Page 287 Figure 136: Trusted routed traffic Routed untrusted traffic The following figure shows what happens inside an Avaya Ethernet Routing Switch 8800/8600 access node. Packets enter through a tagged or untagged access port and exit through a tagged or untagged core port.
Page 288 QoS design guidelines Figure 137: QoS actions on routed access ports Planning and Engineering — Network Design November 2010...
Page 289: Appendix A: Hardware And Supporting Software Compatibility
Appendix A: Hardware and supporting software compatibility The following table describes Avaya Ethernet Routing Switch 8800/8600 hardware and the minimum software version required to support the hardware. EUED RoHS compliancy: Beginning July 1, 2006, products can be ordered with European Union Environmental Directive (EUED) Restriction of Hazardous Substances (RoHS) (EUED RoHS) compliancy.
Page 290 DS1405018-E6 8005DI DC 1462 W Dual input DC DS1405017-E5 8005DC 1462 W DC 4.0.x DS1405011 Table 33: Ethernet Routing Switch 8800/8600 modules and components Minimum Part number Module or component software version Ethernet R modules 8630GBR 30-port Gigabit Ethernet SFP 4.0.0...
Page 291 Minimum Part number Module or component software version 1000BASE-T Category 5 copper 3.5.0 AA1419041-E5 unshielded twisted pair (UTP) SFPs 1000BASE-XD CWDM 1470 nm to 1610 nm AA1419025-E5 to AA1419032-E5 1000BASE-ZX CWDM 1470 nm to 1610 nm AA1419033-E5 to AA1419040-E5 1000BASE-T CAT 5 UTP PAM-5 AA1419043-E6 1000BASE-SX...
Page 292 Hardware and supporting software compatibility Minimum Part number Module or component software version 10GBASE DWDM 1531.12 nm (195.80 THz) 5.1.0 NTK587AGE5 10GBASE DWDM 1531.90 nm (195.70 THz) 5.1.0 NTK587AJE5 10GBASE DWDM 1532.68 nm (195.60 THz) 5.1.0 NTK587ALE5 10GBASE DWDM 1533.47 nm (195.50 THz) 5.1.0 NTK587ANE5 10GBASE DWDM...
Page 293: Appendix B: Supported Standards, Rfcs, And Mibs
Appendix B: Supported standards, RFCs, and MIBs This section identifies the IEEE standards, RFCs, and network management MIBs supported in this release. IEEE standards The following table lists supported IEEE standards. Table 34: Supported IEEE standards Supported standard Description EEE 802.1D (2001 standard) Spanning Tree Protocol IEEE 802.1p Priority Queues IEEE 802.1Q...
Page 294: Ietf Rfcs
Supported standards, RFCs, and MIBs Supported standard Description IEEE 802.3 10BASE-T Ethernet IEEE 802.3u 100BASE-TX Fast Ethernet (ISO/IEC 8802-3,Clause 25) IEEE 802.3u 100BASE-FX IEEE 802.3u Autonegotiation on Twisted Pair (ISO/IEC 8802-3,Clause IEEE 802.3x Flow Control on the Gigabit Uplink port IEEE 802.3z Gigabit Ethernet 1000BASE-SX and LX IETF RFCs...
Page 295 IETF RFCs Supported standard Description RFC 1027 Using ARP to implement transparent subnet gateways/ Avaya Subnet based VLAN RFC 1058 RIPv1 Protocol RFC 1112 IGMPv1 RFC 1253 OSPF RFC 1256 ICMP Router Discovery RFC 1305 Network Time Protocol v3 Specification, Implementation...
Page 296 Supported standards, RFCs, and MIBs Supported standard Description RFC 2211 Specification of the Controlled-Load Network Element Service RFC 2236 IGMPv2 for snooping RFC 2270 BGP-4 Dedicated AS for sites/single provide RFC 2283 Multiprotocol Extensions for BGP-4 RFC 2328 OSPFv2 RFC 2338 VRRP: Virtual Redundancy Router Protocol RFC 2362 PIM-SM...
Page 297: Ipv4 Multicast
IETF RFCs Supported standard Description RFC 3376 Internet Group Management Protocol, v3 RFC 3392 Capabilities Advertisement with BGP-4 LSP-Tunnels RFC 3443 Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks RFC 3569 An overview of Source-Specific Multicast (SSM) RFC 3917 Requirements for IP Flow Information Export (IPFIX) RFC 4364...
Page 298: Ipv6
Supported standards, RFCs, and MIBs IPv6 The following table describes the supported IETF RFCs for IPv6. Table 37: IPv6 RFCs Supported standard Description RFC 1881 IPv6 Address Allocation Management RFC 1886 DNS Extensions to support IP version 6 RFC 1887 An Architecture for IPv6 Unicast Address Allocation RFC 1981 Path MTU Discovery for IP v6...
Page 299: Platform
IETF RFCs Supported standard Description RFC 3587 IPv6 Global Unicast Address Format RFC 3590 Source Address Selection for the Multicast Listener Discovery (MLD) Protocol RFC 3596 DNS Extensions to support IP version 6 RFC 3810 IPv6 Multicast capabilities SSH/SCP, Telnet, Ping, CLI, EDM support for IPv6 Platform The following table describes the supported IETF platform RFCs.
Page 300: Supported Network Management Mibs
Industry Standard MIBs, as well as private MIB extensions, which ensure compatibility with existing network management tools. All these MIBs are included with any software version that supports them. Consult the Avaya Web site for a file called mib.zip, which contains all MIBs, and a special file called manifest.
Page 301 Supported network management MIBs The following tables list the network management MIBs and standards that this release supports. Table 41: Standard IEEE MIBs Protocol IEEE standard File name LACP 802.3ad ieee802-lag.mib EAPoL 802.1x ieee8021x.mib Table 42: Standard MIBs (RFC) RFC number MIB name RFC 1212 Concise MIB definitions...
Page 302 Supported standards, RFCs, and MIBs RFC number MIB name RFC 1658 Definitions of Managed Objects for Character Stream Devices using SMIv2.) RFC 1696 Modem Management Information Base (MIB) using SMIv2 RFC 1724 RIP v2 MIB Extension RFC 1850 OSPF MIB RFC 2021 RMON MIB using SMIv2 RFC 2037...
Page 303 SynOptics Root MIB synro.mib Other SynOptics definitions s5114roo.mib Other SynOptics definitions s5tcs112.mib Other SynOptics definitions s5emt103.mib Avaya RSTP/MSTP proprietary MIBs nnrst000.mib, nnmst000.mib Avaya IGMP MIB rfc_igmp.mib Avaya IP Multicast MIB ipmroute_rcc.mib Avaya DVMRP MIB dvmrp_rcc.mib Avaya PIM MIB pim-rcc.mib Avaya MIB definitions wf_com.mib...
Page 304 Protocol – Avaya Proprietary The Definitions of Managed Objects for the rfc1473rcc.mib IP Network Control Protocol of the Point-to- Point Protocol – Avaya Proprietary The Definitions of Managed Objects for the rfc1474rcc.mib Bridge Network Control Protocol of the Point- to-Point Protocol Definitions of Managed Objects for the rfc1595rcc.mib...
Page 305: Appendix C: Customer Service
Appendix C: Customer service Visit the Avaya Web site to access the complete range of services and support that Avaya provides. Go www.avaya.com or go to one of the pages listed in the following sections. Navigation • Getting technical documentation on page 305 •...
Page 306: Getting Technical Support From The Avaya Web Site
Customer service Getting technical support from the Avaya Web site The easiest and most effective way to get technical support for Avaya products is from the Avaya Technical Support Web site at www.avaya.com/support. Planning and Engineering — Network Design November 2010...

This manual is also suitable for:

8600

Avaya 8800 Planning And Engineering

Chapter 1: Safety Messages

Chapter 2: New in this Release

Chapter 3: Introduction

Chapter 4: Network Design Fundamentals

Chapter 5: Hardware Fundamentals and Guidelines

Chapter 6: Optical Routing Design

Chapter 7: Software Considerations

Chapter 8: Redundant Network Design

Chapter 9: Layer 2 Loop Prevention

Chapter 10: Layer 3 Network Design

Chapter 11: Multicast Network Design

Chapter 12: MPLS IP VPN and IP VPN Lite

Chapter 13: Layer 1, 2, and 3 Design Examples

Chapter 14: Network Security

Chapter 15: Qos Design Guidelines

Appendix A: Hardware and Supporting Software Compatibility

Appendix B: Supported Standards, Rfcs, and Mibs

Appendix C: Customer Service

Quick Links

Need help?

Questions and answers

Related Manuals for Avaya 8800

Summary of Contents for Avaya 8800