Download  Print this page

Dell Force10 S4810P Configuration Manual

High-density, 1ru 48-port 10gbe switch.
Hide thumbs
   
1
2
Table of Contents
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990

Advertisement

FTOS Configuration Guide for
the S4810 System
FTOS 9.1(0.0)
Publication Date: March 2013

Advertisement

Table of Contents

   Related Manuals for Dell Force10 S4810P

   Summary of Contents for Dell Force10 S4810P

  • Page 1 FTOS Configuration Guide for the S4810 System FTOS 9.1(0.0) Publication Date: March 2013...
  • Page 2 © 2013 Dell Force10. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell™, the DELL logo, Dell Precision™, OptiPlex™, Latitude™, PowerEdge™, PowerVault™, PowerConnect™, OpenManage™, EqualLogic™, KACE™, FlexAddress™...
  • Page 3: Table Of Contents

    1 About this Guide ..........29 Objectives .
  • Page 4 Configure Logging ............57 Log Messages in the Internal Buffer .
  • Page 5 Linktrace Message and Response .........82 Link Trace Cache .
  • Page 6 Configuration Task List for Prefix Lists ........123 ACL Resequencing .
  • Page 7 4-Byte AS Numbers ..........188 AS4 Number Representation .
  • Page 8 11 Content Addressable Memory (CAM) ....... . . 273 Content Addressable Memory ..........273 CAM Profiles .
  • Page 9 Enabling Data Center Bridging ......... . .306 QoS dot1p Traffic Classification and Queue Assignment .
  • Page 10 Buffer tuning ............362 Deciding to tune buffers .
  • Page 11 Managing ECMP Group Paths ......... . .400 17 Enabling FIPS Cryptography .
  • Page 12 Configuring GVRP ........... . .434 Related Configuration Tasks .
  • Page 13 Configuring IGMP Snooping ......... .468 Enabling IGMP Immediate-leave .
  • Page 14 Link Bundle Monitoring ..........505 Ethernet Pause Frames .
  • Page 15 Detection and Auto-configuration for Dell EqualLogic Arrays ....564 Detection and Port Configuration for Dell Compellent Arrays ....565 Synchronizing iSCSI Sessions Learned on VLT-Lags with VLT-Peer .
  • Page 16 Adjacencies ............574 Graceful Restart .
  • Page 17 Microsoft Clustering ........... .629 Default Behavior .
  • Page 18 Manage the Source-active Cache .........672 View the Source-active Cache .
  • Page 19 IPv4 Multicast Policies ..........712 IPv6 Multicast Policies .
  • Page 20 Assign IPv6 addresses on an interface ........757 Assign Area ID on interface .
  • Page 21 Private VLAN Configuration Example ........801 38 Per-VLAN Spanning Tree Plus (PVST+) ....... 805 Protocol Overview .
  • Page 22 Implementation Information ..........844 Configuration Information .
  • Page 23 Using SCP with SSH to copy a software image ......899 Secure Shell Authentication ......... .900 Troubleshooting SSH .
  • Page 24 Show sFlow on an Interface ......... .938 Show sFlow on a Line Card .
  • Page 25 MAC Addressing on S-Series Stacks ........974 Stacking LAG .
  • Page 26 Modifying Interface STP Parameters ........1010 Enabling PortFast .
  • Page 27 53 Virtual LANs (VLAN) ..........1053 Default VLAN .
  • Page 28 MIB Location ............1134 57 Index .
  • Page 29: About This Guide

    Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Force10 systems. For complete information on protocols, refer to other documentation including IETF Requests for Comment (RFCs). The instructions in...
  • Page 30: Information Symbols

    This symbol is a note associated with some other text on the page that is marked with an asterisk. Related Documents For more information about the Dell Force10 E-Series, C-Series, S-Series., and Z-Series refer to the following documents: • FTOS Command Reference •...
  • Page 31: Configuration Fundamentals

    Configuration Fundamentals The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes.
  • Page 32: Cli Modes

    CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command The do Command on page 36). You can set user access rights to commands and command modes using privilege levels;...
  • Page 33: Navigating Cli Modes

    Figure 2-2. CLI Modes in FTOS EXEC EXEC Privilege CONFIGURATION ARCHIVE AS-PATH ACL INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL SONET VLAN VRRP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE AUXILIARY CONSOLE VIRTUAL TERMINAL MAC ACCESS-LIST...
  • Page 34 Table 2-1. FTOS Command Modes Access Command CLI Command Mode Prompt FTOS> EXEC Access the router through the console or Telnet. FTOS# • From EXEC mode, enter the command enable. EXEC Privilege • From any other mode, use the command end. FTOS(conf)# •...
  • Page 35 Table 2-1. FTOS Command Modes (continued) Access Command CLI Command Mode Prompt STANDARD ACCESS- FTOS(config-std-macl)# mac access-list standard LIST EXTENDED ACCESS- FTOS(config-ext-macl)# mac access-list extended LIST MULTIPLE FTOS(config-mstp)# protocol spanning-tree mstp SPANNING TREE OPENFLOW FTOS(conf-of-instance of-id)# openflow of-instance of-id of-id represents the OpenFlow instance ID. Per-VLAN SPANNING FTOS(config-pvst)# protocol spanning-tree pvst...
  • Page 36: The Do Command

    The do Command Enter an EXEC mode command from any CONFIGURA TION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) without returning to EXEC mode by preceding the EXEC mode command with the command Figure 2-4 illustrates the command. Note: The following commands cannot be modified by the do command: enable, disable, exit, and configure.
  • Page 37: Obtaining Help

    Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the command: help • Enter at the prompt or after a keyword to list the keywords available in the current mode. •...
  • Page 38: Command History

    • The UP and DOWN arrow keys display previously entered commands (see Command History). • The BACKSPACE and DELETE keys erase the previous letter. • Key combinations are available to move quickly across the command line, as described in Table 2-2.
  • Page 39: Filtering Show Command Outputs

    Filtering show Command Outputs Filter the output of a command to display specific information by adding show except find grep | after the command. The variable is the text for which you are no-more | save specified_text specified_text filtering and it IS case sensitive unless the sub-option is implemented.
  • Page 40: Multiple Users In Configuration Mode

    % Warning: User "<username>" on line vty0 "10.11.130.2" is in configuration mode If either of these messages appears, Dell Force10 recommends that you coordinate with the users listed in the message so that you do not unintentionally overwrite each other’s configuration changes.
  • Page 41: Getting Started

    Getting Started This chapter contains the following major sections: • Default Configuration • Configure a Host Name • Access the System Remotely • Configure the Enable Password • Configuration File Management • File System Management When you power up the chassis, the system performs\ a Power-On Self Test (POST) during which Route Processor Module (RPM), Switch Fabric Module (SFM), and line card status LEDs blink green.The system then loads FTOS and boot messages scroll up the terminal window during this process.
  • Page 42: Default Configuration

    To access the console port, follow the procedures below. Refer to Table 3-1 for the console port pinout. Step Task Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S4810 console port to a terminal server. Connect the other end of the cable to the DTE terminal server.
  • Page 43: Configure A Host Name

    The S-Series (except the S4810) does not have a dedicated management port, but is managed from any port. It does not have a separate management routing table. • All Dell Force10 products can be managed via the front-end data ports as well. Access the C-Series, E-Series, S-Series, and the Z-Series Remotely Configuring the system for Telnet is a three-step process: 1.
  • Page 44: Configure A Management Route

    Note: Assign different IP addresses to each RPM’s management port. To configure the management port IP address: Step Task Command Syntax Command Mode Enter INTERFACE mode for the interface ManagementEthernet slot/port CONFIGURATION Management port. • slot range: 0 to 1 •...
  • Page 45: Access The S-series Remotely

    7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Force10 system. Access the S-Series Remotely The S-Series does not have a dedicated management port nor a separate management routing table.
  • Page 46: Configure The Enable Password

    Flash memory. It has a space limitation but does not limit the number of files it can contain. Note: Using flash memory cards in the system that have not been approved by Dell Force10 can cause unexpected system behavior, including a reboot.
  • Page 47: Copy Files To And From The System

    Table 3-2. file-destination • To copy a remote file to Dell Force10 system, combine the syntax for a remote file location file-origin with the syntax for a local file location shown in Table 3-2.
  • Page 48: Save The Running-configuration

    26292881 bytes successfully copied Save the Running-configuration The running-configuration contains the current system configuration. Dell Force10 recommends that you copy your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startup-configuration is stored in the internal flash on the primary RPM by default, but it can be saved onto an external flash (on an RPM) or a remote server.
  • Page 49: Configure The Overload Bit For Startup Scenario

    Task Command Syntax Command Mode Save the running-configuration to: the startup-configuration on the copy running-config startup-config internal flash of the primary RPM the internal flash on an RPM copy running-config rpm{0|1}flash://filename Note: The internal flash memories on the RPMs are synchronized whenever there is a change, but only if the RPMs are running the same version of FTOS.
  • Page 50: View Files

    View Files File information and content can only be viewed on local file systems. To view a list of files on the internal or external Flash: Step Task Command Syntax Command Mode View a list of files on: the internal flash of an RPM EXEC Privilege dir flash: the external flash of an RPM...
  • Page 51: File System Management

    --More-- File System Management The Dell Force10 system can use the internal Flash, external Flash, or remote devices to store files. It stores files on the internal Flash by default but can be configured to store files elsewhere. To view file system information:...
  • Page 52: View Command History

    To change the default storage location: Task Command Syntax Command Mode Change the default directory. EXEC Privilege cd directory In the example below, the default storage location is changed to the external Flash of the primary RPM. File management commands then apply to the external Flash rather than the internal Flash. FTOS#cd slot0: FTOS#copy running-config test FTOS#copy run test...
  • Page 53: Management

    Management e c sz Management is supported on platforms: This chapter explains the different protocols or services used to manage the Dell Force10 system including: • Configure Privilege Levels • Configure Logging • File Transfer Services • Terminal Lines •...
  • Page 54: Removing A Command From Exec Mode

    Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command from CONFIGURATION mode. In the command, specify a level greater privilege exec than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.
  • Page 55 Task Command Syntax Command Mode Allow access to INTERFACE, LINE, ROUTE-MAP, privilege configure level level CONFIGURATION and/or ROUTER mode. Specify all keywords in the interface line route-map command. ||...|| router command-keyword command-keyword Allow access to a CONFIGURATION, INTERFACE, privilege configure interface line CONFIGURATION...
  • Page 56: Apply A Privilege Level To A Username

    Exit from configuration mode exit Exit from configuration mode interface Select an interface to configure line Configure a terminal line linecard Set line card type FTOS(conf)#interface ? fastethernet Fast Ethernet interface gigabitethernet Gigabit Ethernet interface loopback Loopback interface managementethernet Management Ethernet interface null Null interface port-channel...
  • Page 57: Configure Logging

    Note: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configure Logging FTOS tracks changes in the system using event and error messages. By default, FT OS logs these messages •...
  • Page 58: Disable System Logging

    Disable System Logging By default, logging is enabled and log messages are sent to the logging buffer, all terminal lines, console, and syslog servers. Enable and disable system logging using the following commands: Task Command Syntax Command Mode Disable all logging except on the console. CONFIGURATION no logging on Disable logging to the logging buffer.
  • Page 59: Change System Logging Settings

    Change System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system messages. By changing the severity level in the logging commands, you control the number of system messages logged.
  • Page 60: Configure A Unix Logging Facility Level

    syslog logging: enabled Console logging: level Debugging Monitor logging: level Debugging Buffer logging: level Debugging, 40 Messages Logged, Size (40960 bytes) Trap logging: level Informational %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is transitioning to Primary RPM. %RPM-2-MSG:CP1 %POLLMGR-2-MMC_STATE: External flash disk missing in 'slot0:' %CHMGR-5-CARDDETECTED: Line card 0 present %CHMGR-5-CARDDETECTED: Line card 2 present %CHMGR-5-CARDDETECTED: Line card 4 present...
  • Page 61 To configure a UNIX logging facility level, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose logging facility [ CONFIGURATION Specify one of the following parameters. facility-type • auth (for authorization messages) • cron (for system scheduler messages) •...
  • Page 62: Synchronize Log Messages

    Synchronize log messages You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system. To synchronize log messages, use these commands in the following sequence starting in the CONFIGURATION mode: Step...
  • Page 63: File Transfer Services

    For more information on FTP, refer to 959, File Transfer Protocol. Note: To transmit large files, Dell Force10 recommends configuring the switch as an FTP server. Configuration Task List for File Transfer Services The following list includes the configuration tasks for file transfer services: •...
  • Page 64: Configure Ftp Client Parameters

    To configure FTP server parameters, use any or all of the following commands in the CONFIGURA TION mode: Command Syntax Command Mode Purpose CONFIGURATION Specify the directory for users using FTP to reach the ftp-server topdir system. The default is the internal flash directory. CONFIGURATION Specify a user name for all FTP users and configure either ftp-server username...
  • Page 65: Terminal Lines

    The auxiliary line (aux) connects secondary devices such as modems. Deny and Permit Access to a Terminal Line Dell Force10 recommends applying only standard ACLs to deny and permit access to VTY lines. • Layer 3 ACL deny all traffic that is not explicitly permitted, but in the case of VTY lines, an ACL with no rules does not deny any traffic.
  • Page 66 • —Prompt for the enable password. enable • —Prompt for the e password you assigned to the terminal line. You must configure a password for line the terminal line to which you assign a method list that contains the authentication method. line Configure a password using the command password from LINE mode.
  • Page 67: Time Out Of Exec Privilege Mode

    Time out of EXEC Privilege Mode EXEC timeout is a basic security feature that returns FTOS to the EXEC mode after a period of inactivity on terminal lines. To change the timeout period or disable EXEC timeout. Task Command Syntax Command Mode Set the number of minutes and seconds.
  • Page 68: Lock Configuration Mode

    Login: Login: admin Password: FTOS>exit FTOS#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.com) (ttyp1) login: admin FTOS# Lock CONFIGURATION mode FTOS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message A two types of locks can be set: auto and manual.
  • Page 69: Viewing The Configuration Lock Status

    Note: The CONFIGURATION mode lock corresponds to a VTY session, not a user. Therefore, if you configure a lock and then exit CONFIGURATION mode, and another user enters CONFIGURATION mode, when you attempt to re-enter CONFIGURATION mode, you are denied access even though you are the one that configured the lock.
  • Page 70: Recovering From A Forgotten Enable Password On The S4810

    Step Task Command Syntax Command Mode Save the running-config. copy running-config startup-config EXEC Privilege Set the system parameters to use the setenv stconfigignore false uBoot startup configuration file when the system reloads. Save the running-config. EXEC Privilege copy running-config startup-config Recovering from a Forgotten Enable Password on the S4810 If you forget the enable password: Step...
  • Page 71 Step Task Command Syntax Command Mode Assign the new location to the FTOS uBoot setenv [primary_image f10boot location | image to be used when the system secondary_image f10boot location | reloads. default_image f10boot location Assign an IP address to the uBoot ipaddre address setenv...
  • Page 72 Management...
  • Page 73: Ethernet Cfm

    802.1ag 802.1ag is available only on platform: Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2.
  • Page 74: Maintenance Domains

    There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly and easily , which reduces operational cost of running the network. OAM also increases availability and reduces mean time to recovery , which allows for tighter service level agreements, resulting in increased revenue for the service provider.
  • Page 75: Maintenance End Points

    MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP: monitors the forwarding path internal to an bridge on the customer or provider edge; on Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. •...
  • Page 76: Implementation Information

    Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: 1. Configure the ecfmacl CAM region using the command.
  • Page 77: Enable Ethernet Cfm

    Enable Ethernet CFM Task Command Syntax Command Mode Spawn the CFM process. No CFM configuration is CONFIGURATION ethernet cfm allowed until the CFM process is spawned. Disable Ethernet CFM without stopping the CFM ETHERNET CFM disable process. Create a Maintenance Domain Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in the illustration in Maintenance...
  • Page 78: Create A Maintenance Association

    MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP: monitors the forwarding path internal to an bridge on the customer or provider edge; on Dell Force10 systems the internal forwarding path is effectively the switch fabric and forwarding engine. •...
  • Page 79: Create A Maintenance Intermediate Point

    Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points local mep ------------------------------------------------------------------------------- MPID Domain Name Level Type Port CCM-Status MA Name VLAN ------------------------------------------------------------------------------- cfm0 Gi 4/10 Enabled test0 DOWN 00:01:e8:59:23:45 cfm1 Gi 4/10 Enabled test1 DOWN 00:01:e8:59:23:45 cfm2 Gi 4/10 Enabled test2 DOWN...
  • Page 80: Continuity Check Messages

    • MIP Database (MIP-DB): Every MIP must maintain a database of all other MEPs in the MA that have announced their presence via CCM Task Command Syntax Command Mode Display the MEP Database. EXEC Privilege show ethernet cfm maintenance-points remote detail active domain expired...
  • Page 81: Enable Ccm

    MEPs and MIPs filter CCMs from higher and lower domain levels as described in Table 5-1, "Continuity Check Message Processing," in 802.1ag. Table 5-1. Continuity Check Message Processing Frames at Frames from UP-MEP Action Down-MEP Action MIP Action Less than my level Bridge-relay side or Wire side Drop Drop...
  • Page 82: Enable Cross-checking

    Enable Cross-checking Task Command Syntax Command Mode Enable cross-checking. ETHERNET CFM mep cross-check enable Default: Disabled Start the cross-check operation for an MEP. ETHERNET CFM mep cross-check mep-id Configure the amount of time the system waits for a ETHERNET CFM mep cross-check start-delay number remote MEP to come up before the cross-check operation is started.
  • Page 83: Link Trace Cache

    Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]). The MPs on the path to the tar get MAC address reply to the L TM with an LTR, and relays the LTM towards the target MAC until the target MAC is reached or TTL equals 0.
  • Page 84: Enable Cfm Snmp Traps

    Enable CFM SNMP Traps. Task Command Syntax Command Mode Enable SNMP trap messages for CONFIGURATION snmp-server enable traps ecfm Ethernet CFM. A Trap is sent only when one of the five highest priority defects occur, as shown in Table 5-2, "ECFM SNMP Traps,"...
  • Page 85: Display Ethernet Cfm Statistics

    Display Ethernet CFM Statistics Task Command Syntax Command Mode Display MEP CCM statistics. EXEC Privilege show ethernet cfm statistics domain name level vlan-id vlan-id mpid mpid FTOS# show ethernet cfm statistics Domain Name: Customer Domain Level: 7 MA Name: My_MA MPID: 300 CCMs: Transmitted:...
  • Page 86 802.1ag...
  • Page 87: Protocol Overview

    (typically RADIUS) via a mandatory intermediary network access device, in this case, a Dell Force10 switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure. The network access device uses EAP over Ethernet (EAPOL) to communicate with the end-user device and EAP over RADIUS to communicate with the server.
  • Page 88: The Port-authentication Process

    The authenticator changes the port state to authorized if the server can authenticate the supplicant. In this state, network traffic can be forwarded normally. Note: The Dell Force10 switches place 802.1X-enabled ports in the unauthorized state by default. The Port-authentication Process...
  • Page 89: Eap Over Radius

    1. When the authenticator senses a link state change, it requests that the supplicant identify itself using an EAP Identity Request Frame. 2. The supplicant responds with its identity in an EAP Response Identity frame. 3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame, and forwards the frame to the authentication server.
  • Page 90: Configuring 802.1x

    (Supplicant Requested Credentials) 3: Access-Reject 11: Access-Challenge fnC0034mp RADIUS Attributes for 802.1 Support Dell Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages: • Attribute 31—Calling-station-id: relays the supplicant MAC address to the authentication server. • Attribute 41—NAS-Port-Type: NAS-port physical port type. 15 indicates Ethernet.
  • Page 91: Important Points To Remember

    Important Points to Remember • FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured.
  • Page 92: Configuring Request Identity Re-transmissions

    no ip address dot1x authentication no shutdown FTOS# View 802.1X configuration information for an interface using the command , as show dot1x interface shown in the example below. FTOS#show dot1x interface TenGigabitEthernet 2/1 802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable Port Control: AUTO...
  • Page 93: Configuring A Quiet Period After A Failed Authentication

    To configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame: Step Task Command Syntax Command Mode Configure the amount of time that the authenticator INTERFACE dot1x tx-period number waits before re-transmitting an EAP Request Identity Range: 1 - 65535 (1 year) frame.
  • Page 94: Forcibly Authorizing Or Unauthorizing A Port

    802.1x information on Te 2/1: ----------------------------- Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req:...
  • Page 95: Re-authenticating A Port

    802.1x information on Te 0/0: ----------------------------- Dot1x Status: Enable Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req:...
  • Page 96: Configuring Timeouts

    To configure a maximum number of re-authentications: Step Task Command Syntax Command Mode Configure the maximum number of INTERFACE dot1x reauth-max number times that the supplicant can be Range: 1-10 reauthenticated. Default: 2 FTOS(conf-if-Te-0/0)#dot1x reauthentication interval 7200 FTOS(conf-if-Te-0/0)#dot1x reauth-max 10 FTOS(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.1x information on Te 0/0: -----------------------------...
  • Page 97 To terminate the authentication process due to an unresponsive authentication server: Step Task Command Syntax Command Mode Terminate the authentication process due to an INTERFACE dot1x server-timeout seconds unresponsive authentication server. Range: 1-300 Default: 30 The example below shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds.
  • Page 98: Dynamic Vlan Assignment With Port Authentication

    RADIUS attribute 81, Tunnel-Private-Group-ID. Dynamic VLAN assignment uses the standard dot1x procedure: 1) the host sends a dot1x packet to the Dell Force10system, 2) the system forwards a RADIUS REQEST packet containing the host MAC address and ingress port number, and 3) the RADIUS server authenticates the request and returns a RADIUS ACCEPT message with the VLAN assignment using Tunnel-Private-Group-ID.
  • Page 99: Guest And Authentication-fail Vlans

    Guest and Authentication-fail VLANs Typically, the authenticator (Dell Force10 system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured, or the VLAN that the authentication server indicates in the authentication data.
  • Page 100: Configuring An Authentication-fail Vlan

    Configuring an Authentication-fail VLAN If the supplicant fails authentication, the authenticator re-attempts to authenticate after a specified amount of time (30 seconds by default, see Configuring a Quiet Period after a Failed Authentication). You can configure the maximum number of times the authenticator re-attempts authentication after a failure (3 by default), after which the port is placed in the Authentication-fail VLAN.
  • Page 101 Auth-Fail VLAN id: Auth-Fail Max-Attempts: Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: Supplicant Timeout: 15 seconds Server Timeout: 15 seconds Re-Auth Interval: 7200 seconds Max-EAP-Req: Auth Type: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize 802.1X | 101...
  • Page 102 802.1X...
  • Page 103: Access Control Lists (acls)

    Access Control Lists (ACLs) This chapter describes the Access Control Lists (ACLs), prefix lists, and route-maps. e c s z Access Control Lists (ACLs) are supported on platforms: e c s z Ingress IP and MAC ACLs are supported on platforms: e s z Egress IP and MAC ACLs are supported on platforms: Overview...
  • Page 104: Ip Access Control Lists (acls)

    IP Access Control Lists (ACLs) In the Dell Force10 switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet. An extended ACL filters traffic based on the following criteria (for more information on ACL supported options see the FTOS Command Reference): •...
  • Page 105 CAM Profiling CAM optimization is supported on platforms The default CAM profile has 1K Layer 2 ingress ACL entries. If you need more memory for Layer 2 ingress ACLs, select the profile l2-ipv4-inacl. When budgeting your CAM allocations for ACLs and QoS configurations, remember that ACL and QoS rules might consume more than one CAM entry depending on complexity.
  • Page 106: Cam Optimization

    • L3 ACL (ipv4acl): 6 • L2 ACL(l2acl): 5 • IPv6 L3 ACL (ipv6acl): 0 • L3 QoS (ipv4qos): 1 • L2 QoS (l2qos): 1 allocation must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use ipv6acl either even or odd numbered ranges.
  • Page 107: Implementing Acls On Ftos

    Implementing ACLs on FTOS One IP ACL can be assigned per interface with FTOS. If an IP ACL is not assigned to an interface, it is not used by the software in any other capacity. The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL.
  • Page 108: Ip Fragment Handling

    ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore, (without the keyword ) packets within the range 20.1.1.0/24 match positive against cmap1 order and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and be buffered in queue 4.
  • Page 109: Ip Fragments Acl Examples

    • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a loopback interface, the command is accepted, but the ACL entries are not actually installed the offending rule in CAM. IP fragments ACL examples The following configuration permits all packets (both fragmented &...
  • Page 110: Configure A Standard Ip Acl

    FTOS(conf-ext-nacl) Note the following when configuring ACLs with the keyword. fragments When an ACL filters packets it looks at the Fragment Offset (FO) to determine whether or not it is a fragment. • FO = 0 means it is either the first fragment or the packet is a non-fragment. •...
  • Page 111 Note: When assigning sequence numbers to filters, keep in mind that you might need to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number. When you use the keyword, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’...
  • Page 112 To configure a filter without a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose CONFIGURATION Create a standard IP ACL and assign it a ip access-list standard unique name.
  • Page 113: Configure An Extended Ip Acl

    Configure an extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Since traffic passes through the filter in the order of the filter’s sequence, you can configure the extended IP ACL by first entering the IP ACCESS LIST mode and then assigning a sequence number to the filter.
  • Page 114 TCP packets: To create a filter for TCP packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose CONFIGURATION Create an extended IP ACL and assign it a ip access-list extended unique name.
  • Page 115 The following example illustrates how the command orders the filters according to the sequence number assigned. In the example, filter 15 was configured before filter 5, but the command show config displays the filters in the correct order. FTOS(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log FTOS(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any FTOS(config-ext-nacl)#show confi ip access-list extended dilling...
  • Page 116: Established Flag

    FTOS(config-ext-nacl)#show config ip access-list extended nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0 FTOS(config-ext-nacl)# To view all configured IP ACLs and the number of packets processed through the ACL, use the show ip command in the EXEC Privilege mode as shown in the first example in Configure accounting access-list...
  • Page 117: Assign An Ip Acl To An Interface

    Table 7-2. L2 and L3 ACL Filtering on Switched Packets L2 ACL Behavior L3 ACL Behavior Decision on Targeted Traffic Permit Deny Denied by L3 ACL Permit Permit Permitted by L3 ACL Note: If an interface is configured as a vlan-stack access port, the packets are filtered by an L2 ACL only. The L3 ACL applied to such a port does not affect traffic.
  • Page 118: Counting Acl Hits

    Step Command Syntax Command Mode Purpose INTERFACE Apply an IP ACL to traffic entering or exiting an ip access-group access-list-name { in | out } [ implicit-permit ] [ vlan interface. • out: configure the ACL to filter outgoing vlan-range traffic.
  • Page 119: Configuring Ingress Acls

    Configuring Ingress ACLs Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. To create an ingress ACLs, use the command in the EXEC Privilege mode as shown ip access-group...
  • Page 120: Egress Layer 3 Acl Lookup For Control-plane Ip Traffic

    To create an egress ACLs, use the command in the EXEC Privilege mode as shown in the ip access-group example below. This example also shows viewing the configuration, applying rules to the newly created access group, and viewing the access list: FTOS(conf)#interface gige 0/0 FTOS(conf-if-gige0/0)#ip access-group abcd FTOS(conf-if-gige0/0)#show config...
  • Page 121: Configuring Acls To Loopback

    FTOS Behavior: VRRP hellos and IGMP packets are not affected when egress ACL filtering for CPU traffic is enabled. Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address. Configuring ACLs to Loopback ACLs can be supplied on Loopback interfaces supported on platform...
  • Page 122: Ip Prefix Lists

    To apply ACLs on loopback, use the command in the INTERFACE mode as shown in the ip access-group example below. This example also shows the interface configuration status, adding rules to the access group, and displaying the list of rules in the ACL: FTOS(conf)#interface loopback 0 FTOS(conf-if-lo-0)#ip access-group abcd FTOS(conf-if-lo-0)#show config...
  • Page 123: Configuration Task List For Prefix Lists

    • To deny only /8 prefixes, enter deny x.x.x.x/x ge 8 le 8 • To permit routes with the mask greater than /8 but less than /12, enter permit x.x.x.x/x ge 8 le 12 • To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24 •...
  • Page 124 Step Command Syntax Command Mode Purpose { deny | CONFIG-NPREFIXL Create a prefix list with a sequence number sequence-number permit } [ ge and a deny or permit action. The optional ip-prefix ] [ le parameters are: min-prefix-length • is the minimum max-prefix-length min-prefix-length: prefix length to be matched (0 to 32).
  • Page 125 Step Command Syntax Command Mode Purpose { deny | permit } [ ge CONFIG-NPREFIXL Create a prefix list filter with a deny or ip-prefix ] [ le permit action. The optional parameters are: min-prefix-length • is the minimum max-prefix-length min-prefix-length: prefix length to be matched (0 to 32).
  • Page 126: Use A Prefix List For Route Redistribution

    FTOS> FTOS>show ip prefix summary Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 FTOS> Use a prefix list for route redistribution To pass traffic through a configured prefix list, you must use the prefix list in a route redistribution command.
  • Page 127: Acl Resequencing

    Command Syntax Command Mode Purpose distribute-list CONFIG-ROUTER-OSPF Apply a configured prefix list to incoming prefix-list-name routes. You can specify an interface. interface If you enter the name of a non-existent prefix list, all routes are forwarded. CONFIG-ROUTER-OSPF Apply a configured prefix list to incoming distribute-list prefix-list-name [ connected | rip | static ]...
  • Page 128: Resequencing An Acl Or Prefix List

    Table 7-3. ACL Resequencing Example (Insert New Rules) seq 7 permit any host 1.1.1.3 seq 10 permit any host 1.1.1.4 Table 7-4. ACL Resequencing Example (Resequenced) seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs and prefix lists and MAC ACLs.
  • Page 129 ip access-list extended test remark remark this remark corresponds to permit any host 1.1.1.1 permit ip any host 1.1.1.1 remark this remark has no corresponding rule remark this remark corresponds to permit ip any host 1.1.1.2 permit ip any host 1.1.1.2 permit ip any host 1.1.1.3 permit ip any host 1.1.1.4 Remarks and rules that originally have the same sequence number have the same sequence number after...
  • Page 130: Route Maps

    Route Maps c e s z Route-maps are supported on platforms: Like ACLs and prefix lists, route maps are composed of a series of commands that contain a matching criterion and an action, yet route maps can change the packets meeting the criterion. ACLs and prefix lists can only drop or forward the packet or traffic.
  • Page 131: Create A Route Map

    Create a route map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters are do not contain the permit and deny actions found in ACLs and prefix lists. Route map filters match certain routes and set or specify values.
  • Page 132: Configure Route Map Filters

    FTOS#show route-map route-map zakho, permit, sequence 20 Match clauses: interface GigabitEthernet 0/1 Set clauses: level stub-area FTOS# The following text shows an example of a route map with multiple instances. The command show config displays only the configuration of the current route map instance. To view all instances of a specific route map, use the command.
  • Page 133 FTOS(config-route-map)#match metric 2000 In the above route-map, only if a route has both the characteristics mentioned in the route-map, it is matched. Explaining further, the route must have a tag value of 1000 and a metric value of 2000. Only then is there a match.
  • Page 134 Command Syntax Command Mode Purpose CONFIG-ROUTE-MAP Match routes whose next hop is a specific match interface interface interface. The parameters are: • For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/ port information. • For a 1-Gigabit Ethernet interface, enter the keyword gigabitEthernet followed by the slot/port information.
  • Page 135: Configure A Route Map For Route Redistribution

    Command Syntax Command Mode Purpose match tag CONFIG-ROUTE-MAP Match routes with a specific tag. tag-value To configure a set condition, use any or all of the following commands in the ROUTE-MAP mode: Command Syntax Command Mode Purpose [... CONFIG-ROUTE-MAP Add an AS-PATH number to the beginning of set as-path prepend as-number the AS-PATH...
  • Page 136: Configure A Route Map For Route Tagging

    Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistributing those routes. In the following example, the command calls the route map static ospf to redistribute redistribute only certain static routes into OSPF. According to the route map static ospf, only routes that have a next hop of Gigabitethernet interface 0/0 and that have a metric of 255 will be redistributed into the OSPF backbone area.
  • Page 137 Note: If the continue clause is configured without specifying a module, the next sequential module is processed. route-map test permit 10 match commu comm-list1 set community 1:1 1:2 1:3 set as-path prepend 1 2 3 4 5 continue 30! Access Control Lists (ACLs) | 137...
  • Page 138 Access Control Lists (ACLs)
  • Page 139: Bidirectional Forwarding Detection (bfd)

    BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Force10 routers, sessions are maintained by BFD Agents that reside on the line card, which frees resources on the RPM. Only session state changes are reported to the BFD Manager (on the RPM), which in turn notifies the routing protocols that are registered with it.
  • Page 140: How Bfd Works

    How BFD Works Two neighboring systems running BFD establish a session using a three-way handshake. After the session has been established, the systems exchange control packets at agreed upon intervals. In addition, systems send a control packet anytime there is a state change or change in a session parameter; these control packets are sent without regard to transmit and receive intervals.
  • Page 141 Figure 8-1. BFD in IPv4 Packet Format Bidirectional Forwarding Detection (BFD) | 141...
  • Page 142: Field Description

    Table 8-1. BFD Packet Fields Field Description Diagnostic Code The reason that the last session failed. State The current local session state. See sessions. Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval.
  • Page 143 • Active—The active system initiates the BFD session. Both systems can be active for the same session. • Passive—The passive system does not initiate a session. It only responds to a request for session initialization from the active system. A BFD session has two modes: •...
  • Page 144 4. The passive system receives the control packet, changes its state to Up. Both systems agree that a session has been established. However, since both members must send a control packet—that requires a response—anytime there is a state change or change in a session parameter , the passive system sends a final response indicating the state change.
  • Page 145: Configuring Bidirectional Forwarding Detection

    Important Points to Remember • BFD for line card ports is hitless, but is not hitless for VLANs since they are instantiated on the RPM. • FTOS supports a maximum of 100 sessions per BFD agent on C-Series and E-Series. Each linecard processor has a BFD Agent, so the limit translates to 100 BFD sessions per linecard (plus, on the E-Series, 100 BFD sessions on RP2, which handles LAG and VLANs).
  • Page 146 2. Establish a session with a next-hop neighbor. Related configuration tasks • Viewing physical port session parameters. • Disabling and re-enabling BFD. Enabling BFD globally BFD must be enabled globally on both routers, as shown in the illustration in Establishing a session on physical ports.
  • Page 147: Interface Configuration

    R2: ACTIVE Role R1: ACTIVE Role 4/24 FTOS(config)# bfd enable FTOSconfig)# interface gigabitethernet 2/1 FTOS(conf-if-gi-2/1)# ip address 2.2.2.2/24 FTOS(conf-if-gi-2/1)# bfd neighbor 2.2.2.1 FTOS(config)# bfd enable FTOS(config)# interface gigabitethernet 4/24 FTOS(conf-if-gi-2/1)# ip address 2.2.2.1/24 fnC0038mp FTOS(conf-if-gi-2/1)# bfd neighbor 2.2.2.2 To establish a session: Step Task Command Syntax...
  • Page 148 00:36:02: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Up for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) Viewing physical port session parameters BFD sessions are configured with default intervals and a default role (active). Dell Force10 recommends maintaining the default values. View session parameters using the command.
  • Page 149: Configuring Bfd For Static Routes

    Delete session on Down: False Client Registered: CLI Uptime: 00:09:06 Statistics: Number of packets received from neighbor: 4092 Number of packets sent to neighbor: 4093 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 7 Disabling and re-enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured.
  • Page 150: Configuring Bfd

    Configuring BFD for static routes is a three-step process: Enabling BFD globally. 2. On the local system, establish a session with the next hop of a static route. Refer to Configuring BFD for Static Routes. 3. On the remote system, establish a session with the physical port that is the origin of the static route. Refer to Establishing a session on physical ports.
  • Page 151: Configuring Bfd For Ospf

    - ISIS - OSPF - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 2.2.2.2 Gi 4/24 View detailed session information using the command , as shown in the example show bfd neighbors detail Verifying BFD sessions with BGP neighbors using show bfd neighbors detail.
  • Page 152: Command Syntax

    Configuring BFD for OSPF is a two-step process: Enabling BFD globally. Establishing sessions with OSPF neighbors. Related configuration tasks • Changing OSPF session parameters. • Disabling BFD for OSPF. Establishing sessions with OSPF neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface.
  • Page 153 To establish BFD for all OSPF neighbors on a single interface: Step Task Command Syntax Command Mode Establish sessions with all OSPF neighbors on a INTERFACE ip ospf bfd all-neighbors single interface. View the established sessions using the command , as shown in the example below. show bfd neighbors R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors...
  • Page 154: Configuring Bfd For Is-is

    Disabling BFD for OSPF If BFD is disabled globally, all sessions are torn down, and sessions on the remote system are placed in a Down state. If BFD is disabled on an interface, sessions on the interface are torn down, and sessions on the remote system are placed in a Down state (Message 3).
  • Page 155: Show Bfd Neighbors

    Figure 8-2. Establishing Sessions with IS-IS Neighbors FTOS(conf )# router isis FTOS(conf-router_isis)# net 02.1921.6800.2002.00 FTOS(conf-router_isis)# interface gigabitethernet 2/1 FTOS(conf-router_isis)# interface gigabitethernet 2/2 FTOS(conf-if-gi-2/2)#ip address 2.2.3.1/24 FTOS(conf-if-gi-2/1)#ip address 2.2.2.2/24 FTOS(config-if-gi-2/2)# ip router isis FTOS(config-if-gi-2/1)# ip router isis FTOS(config-if-gi-2/1)# exit FTOS(config-if-gi-2/2)# exit FTOS(conf )# router isis FTOS(conf )# router isis FTOS(conf-router_isis)# bfd all-neighbors...
  • Page 156 Changing IS-IS session parameters BFD sessions are configured with default intervals and a default role. The parameters that can be configured are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all IS-IS sessions or all IS-IS sessions out of an interface; if you change a parameter globally, the change affects all IS-IS neighbors sessions.
  • Page 157: Configuring Bfd For Bgp

    To disable BFD sessions with all IS-IS neighbors out of an interface: Step Task Command Syntax Command Mode Disable BFD sessions with all IS-IS INTERFACE isis bfd all-neighbors disable neighbors out of an interface. Configuring BFD for BGP BFD for BGP is only supported on platforms: In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence.
  • Page 158 Interior BGP Interior BGP Router 2 Router 1 2.2.4.3 2.2.4.2 Exterior BGP AS 1 AS 2 FTOS(conf )# bfd enable FTOS(conf )# bfd enable FTOS(conf )# router bgp 1 FTOS(conf )# router bgp 2 FTOS(conf-router-bgp)# neighbor 2.2.4.3 remote-as 2 FTOS(conf-router-bgp)# neighbor 2.2.4.2 remote-as 1 FTOS(conf-router-bgp)# neighbor 2.2.4.3 no shutdown FTOS(conf-router-bgp)# neighbor 2.2.4.2 no shutdown FTOS(conf-router-bgp)# bfd all-neighbors interval 200 min_rx 200...
  • Page 159 As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies. If a BFD for BGP neighbor does not receive a control packet within the detection interval, the router informs any clients of the BFD session (other routing protocols) about the failure.
  • Page 160 To remove the disabled state of a BFD for BGP session with a specified neighbor, enter the no neighbor command in configuration mode. The BGP link {ip-address | peer-group-name} bfd disable ROUTER BGP with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the command or configured for the peer group to which the neighbor belongs.
  • Page 161 Verifying a BFD for BGP Configuration R2# show running-config bgp router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown bfd all-neighbors Verifying BFD sessions with BGP neighbors using show bfd neighbors R2# show bfd neighbors - Active session role Ad Dn...
  • Page 162 Delete session on Down: True Client Registered: BGP Uptime: 00:07:55 Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11...
  • Page 163 Protocol BGP Messages: Registration De-registration Init Down Admin Down Interface TenGigabitEthernet 6/2 Protocol BGP Messages: Registration De-registration Init Down Admin Down Displaying BFD for BGP status R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor...
  • Page 164 Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Neighbor is using BGP global mode BFD configuration For address family: IPv4 Unicast BGP table version 0, neighbor version 0 Prefixes accepted 0 (consume 0 bytes), withdrawn 0 by peer, martian prefixes ignored 0 Prefixes advertised 0, denied 0, withdrawn 0 from peer Connections established 1;...
  • Page 165: Configuring Bfd For Vrrp

    Configuring BFD for VRRP BFD for VRRP is only supported on platforms: When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the VRRP protocol that a link state change occurred.
  • Page 166 VIRTUAL IP Address: 2.2.5.4 R1: BACKUP R2: MASTER 4/25 FTOS(config-if-range-gi-4/25)# ip address 2.2.5.1/24 FTOS(conf-if-gi-2/3)#ip address 2.2.5.2/24 FTOS(config-if-range-gi-4/25)# no shutdown FTOS(config-if-gi-2/3)# no shutdown FTOS(config-if-range-gi-4/25)# vrrp-group 1 FTOS(config-if-range-gi-4/25)# vrrp-group 1 FTOS(config-if-range-gi-4/25)# virtual-address 2.2.5.4 FTOS(config-if-range-gi-4/25)# virtual-address 2.2.5.4 IP Address: 2.2.5.3 FTOS(config-if-range-gi-4/25)# vrrp bfd all-neighbors FTOS(config-if-range-gi-4/25)# vrrp bfd all-neighbors Gateway: 2.2.5.1 FTOS(config-if-range-gi-4/25)# vrrp bfd neighbor 2.2.5.2...
  • Page 167 - CLI - ISIS - OSPF - Static Route (RTM) - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1 2.2.5.2 Gi 4/25 Down 1000 1000 Session state information is also shown in the command output, as shown in the following show vrrp example.
  • Page 168: Configuring Bfd For Vlans

    Configuring BFD for VLANs is supported on platforms BFD on Dell Force10 systems is a Layer 3 protocol. Therefore, BFD is used with routed VLANs. BFD on VLANs is analogous to BFD on physical ports. If no routing protocol is enabled, and a remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet.
  • Page 169: Configuring Bfd For Port-channels

    Related configuration tasks • Establishing sessions with OSPF neighbors. Establishing sessions with VLAN neighbors To establish a session, BFD must be enabled at interface level on both ends of the link, as shown in the illustration below. The session parameters do not need to match. VLAN 200 4/25 FTOS(config-if-gi-4/25)# switchport...
  • Page 170 Configuring BFD for port-channels is a two-step process: Enabling BFD globally. Establishing sessions on port-channels. Related configuration tasks • Disabling BFD for port-channels. Establishing sessions on port-channels To establish a session, BFD must be enabled at interface level on both ends of the link, as shown in the example below.
  • Page 171: Configuring Protocol Liveness

    Configuring Protocol Liveness Protocol Liveness is a feature that notifies the BFD Manager when a client protocol is disabled. When a client is disabled, all BFD sessions for that protocol are torn down. Neighbors on the remote system receive an Admin Down control packet and are placed in the Down state (Message To enable Protocol Liveness: Step...
  • Page 172 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00:34:14 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 The output for the command is the same as the log messages that appear on the console by debug bfd event default.
  • Page 173: Border Gateway Protocol

    Border Gateway Protocol Platforms support BGP according to the following table: FTOS version Platform support IPv4: 8.3.11.2 Z9000 IPv6: 9.0.0.0 8.3.7.0 S4810 8.1.1.0 E-Series ExaScale 7.8.1.0 S-Series 7.7.1.0. C-Series pre-7.7.1.0 E-Series TeraScale This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Force10 Operating System (FTOS).
  • Page 174: Autonomous Systems (as)

    • Multiprotocol BGP • Implementing BGP with FTOS • Additional Path (Add-Path) support • Advertise IGP cost as MED for redistributed routes • Ignore Router-ID for some best-path calculations • 4-Byte AS Numbers • AS4 Number Representation • AS Number Migration •...
  • Page 175 A multihomed AS is one that maintains connections to more than one other AS. This allows the AS to remain connected to the internet in the event of a complete failure of one of their connections. However, this type of AS does not allow traffic from one AS to pass through on its way to another AS. A simple example of this is seen in Figure 9-1.
  • Page 176: Sessions And Peers

    Since each BGP router talking to another router is a session, a BGP network needs to be in “full mesh”. This is a topology that has every router directly connected to every other router . Each BGP router within an AS must have iBGP sessions with all other BGP routers in the AS.
  • Page 177: Establishing A Session

    Establishing a session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established.
  • Page 178: Route Reflectors

    Route Reflectors Route Reflectors reorganize the iBGP core into a hierarchy and allows some route advertisement rules. Note: Route Reflectors (RRs) should not be used in the forwarding path. In iBGP, hierarchal RRs maintaining forwarding plane RRs could create routing loops. Route reflection divides iBGP peers into two groups: client peers and nonclient peers.
  • Page 179: Confederations

    Confederations Communities BGP communities are sets of routes with one or more common attributes. This is a way to assign common attributes to multiple routes at the same time. BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination.
  • Page 180 Note: In 8.3.11.4, the bgp bestpath as-path multipath-relax command is disabled by default, preventing BGP from load-balancing a learned route across two or more eBGP peers. To enable load-balancing across Syste different eBGP peers, enable the bgp bestpath as-path multipath-relax command. A system error will result if the bgp bestpath as-path ignore command and the bgp bestpath as-path multipath-relax command are configured at the same time.
  • Page 181 Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a command, command or network redistribute command. aggregate-address • Routes originated with the commands are preferred over routes originated network...
  • Page 182: Weight

    11. Prefer the external path originated from the BGP router with the lowest router ID. If both paths are external, prefer the oldest path (first received path). For paths containing a Route Reflector (RR) attribute, the originator ID is substituted for the router ID. 12.
  • Page 183: Multi-exit Discriminators (meds)

    Figure 9-5. LOCAL_PREF Example Set Local Preference to 100 Router A AS 100 T1 Link Router C AS 200 Router B Router E Set Local Preference to 200 OC3 Link Router E Router D AS 300 Router F Multi-Exit Discriminators (MEDs) If two Autonomous Systems (AS) connect in more than one place, a Multi-Exit Discriminator (MED) can be used to assign a preference to a preferred path.
  • Page 184: Origin

    Figure 9-6. MED Route Example Set MED to 100 Router A AS 100 T1 Link Router C AS 200 Router B Router E OC3 Link Router D Set MED to 50 Note: With FTOS Release 8.3.1.0, configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes.
  • Page 185 Figure 9-7. Origin attribute reported FTOS#show ip bgp BGP table version is 0, local router ID is 10.101.15.13 Status codes: s suppressed, d damped, h history, * valid, > best Path source: I - internal, a - aggregate, c - confed-external, r - redistributed, n - network Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop...
  • Page 186: Next Hop

    Next Hop The Next Hop is the IP address used to reach the advertising router. For EBGP neighbors, the Next-Hop address is the IP address of the connection between the neighbors. For IBGP, the EBGP Next-Hop address is carried into the local AS. A Next Hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS.
  • Page 187: Advertise Igp Cost As Med For Redistributed Routes

    Advertise IGP cost as MED for redistributed routes When using multipath connectivity to an external AS, you can advertise the MED value selectively to each peer for redistributed routes. For some peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value.
  • Page 188: Byte As Numbers

    4-Byte AS Numbers FTOS Version 7.7.1 and later support 4-Byte (32-bit) format when configuring Autonomous System Numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from another speaker, all the messages will be 4-octet.
  • Page 189 ASDOT+ representation splits the full binary 4-byte AS number into two words of 16 bits separated by a decimal point (.): <high-order 16 bit value>.<low-order 16 bit value>. Some examples are shown in Table 9-2. • All AS Numbers between 0-65535 are represented as a decimal number, when entered in the CLI as well as when displayed in the show command outputs.
  • Page 190 Figure 9-9. Dynamic changes of the bgp asnotation command in the show running config ASDOT FTOS(conf-router_bgp)#bgp asnotation asdot FTOS(conf-router_bgp)#show conf router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> FTOS(conf-router_bgp)#do show ip bgp BGP table version is 24901, local router ID is 172.30.1.57 <output truncated>...
  • Page 191: As Number Migration

    Figure 9-10. Dynamic changes when bgp asnotation command is disabled in the show running config AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057 <output truncated> FTOS(conf-router_bgp)#do sho ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS4 SUPPORT DISABLED FTOS(conf-router_bgp)#no bgp four-octet-as-support...
  • Page 192: Before Migration

    Figure 9-11. Local-AS Scenario Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 Router C AS 100 AS 300 Router B Local AS After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature.
  • Page 193: Bgp4 Management Information Base (mib)

    SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Force10 website, www.force10networks.com. Note: See the Dell Force10 iSupport webpage for the Force10-BGP4-V2-MIB and other MIB documentation. Important Points to Remember •...
  • Page 194: Configuration Information

    To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Force10 recommends setting the timeout and retry count values to a relatively higher number. e.g. t = 60 or r = 5.
  • Page 195: Bgp Configuration

    BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the command is not enabled).
  • Page 196: Configuration Task List For Bgp

    Configuration Task List for BGP The following list includes the configuration tasks for BGP: • Enable BGP • Configure AS4 Number Representations • Configure Peer Groups • BGP fast fall-over • Configure passive peering • Maintain existing AS numbers during an AS migration •...
  • Page 197 In BGP, neighbor routers or peers can be classified as internal or external. External BGP peers must be connected physically to one another (unless you enable the EBGP multihop feature), while internal BGP peers do not need to be directly connected. The IP address of an EBGP neighbor is usually the IP address of the interface directly connected to the router .
  • Page 198 Step Command Syntax Command Mode Purpose You must Configure Peer Groups before assigning it a remote AS. neighbor {ip-address | CONFIG-ROUTER-BGP Enable the BGP neighbor. peer-group-name} no shutdown Note: When you change the configuration of a BGP neighbor, always reset it by entering the clear ip bgp command in EXEC Privilege mode.
  • Page 199 Figure 9-13. Command example: show ip bgp summary (4-Byte AS Number displayed) R2#show ip bgp summary 4-Byte AS Number BGP router identifier 192.168.10.2, local AS number 48735.59224 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 1 paths using 72 bytes of memory BGP-RIB over all using 73 bytes of memory 1 BGP path attribute entrie(s) using 72 bytes of memory...
  • Page 200 Figure 9-14. Command example: show ip bgp neighbors FTOS#show ip bgp neighbors External BGP neighbor BGP neighbor is 10.114.8.60, remote AS 18508, external link BGP version 4, remote router ID 10.20.20.20 BGP state ESTABLISHED, in this state for 00:01:58 Last read 00:00:14, hold time is 90, keepalive interval is 30 seconds Received 18552 messages, 0 notifications, 0 in queue Sent 11568 messages, 0 notifications, 0 in queue Received 18549 updates, Sent 11562 updates...
  • Page 201 Figure 9-15. Command example: show running-config bgp R2#show running-config bgp router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown...
  • Page 202 Only one form of AS Number Representation is supported at a time. You cannot combine the types of representations within an AS. Task Command Syntax Command Mode Enable ASPLAIN AS Number CONFIG-ROUTER-BGP bgp asnotation asplain representation. Figure 9-16 Note: ASPLAIN is the default method FTOS uses and does not appear in the configuration display.
  • Page 203 Figure 9-18. Command example and output: bgp asnotation asdot+ FTOS(conf-router_bgp)#bgp asnotation asdot+ FTOS(conf-router_bgp)#sho conf router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i Configure Peer Groups...
  • Page 204 Step Command Syntax Command Mode Purpose CONFIG-ROUTER-BGP Add an enabled neighbor to the peer group. neighbor ip-address peer-group peer-group-name neighbor {ip-address | peer-group CONFIG-ROUTER-BGP Add a neighbor as a remote AS. name} remote-as as-number Formats: IP Address A.B.C.D Peer-Group Name16 characters AS-number: 0-65535 (2-Byte) or 1-4294967295 | 0.1- 65535.65535 (4-Byte) or 0.1-65535.65535 (Dotted format)
  • Page 205 Figure 9-19. Command example: show config (creating peer-group) Configuring neighbor zanzibar FTOS(conf-router_bgp)#neighbor zanzibar peer-group FTOS(conf-router_bgp)#show conf router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown FTOS(conf-router_bgp)# Use the...
  • Page 206 Figure 9-21. Command example: show ip bgp peer-group FTOS>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1...
  • Page 207 BGP fast fall-over By default, a BGP session is governed by the hold time. BGP routers typically carry lar ge routing tables, so frequent session resets are not desirable. The BGP fast fall-over feature reduces the convergence time while maintaining stability. The connection to a BGP peer is immediately reset if a link to a directly connected external peer fails.
  • Page 208 Figure 9-22. Command example: show ip bgp neighbors FTOS#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.5 BGP state ESTABLISHED, in this state for 00:19:15 Last read 00:00:15, last write 00:00:06 Hold time is 180, keepalive interval is 60 seconds Received 52 messages, 0 notifications, 0 in queue...
  • Page 209 Figure 9-23. Command example: show ip bgp peer-group FTOS#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test Number of peers in this group 1 Peer-group members (* - outbound optimized): 100.100.100.100* FTOS#...
  • Page 210 Use these commands in the following sequence, starting in the CONFIGURATION ROUTER BGP mode to configure passive peering. Step Command Syntax Command Mode Purpose CONFIG-ROUTER-BGP Configure a peer group that does not initiate TCP neighbor peer-group-name connections with other peers. Enter the limit peer-group passive limit keyword to restrict the number of sessions accepted.
  • Page 211 Disable this feature, using the command in CONFIGURATION ROUTER BGP no neighbor local-as mode. Figure 9-24. Local-as information shown R2(conf-router_bgp)#show conf router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123...
  • Page 212 Figure 9-25. Allowas-in information shown R2(conf-router_bgp)#show conf router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500...
  • Page 213 • Save all FIB and CAM entries on the line card and continue forwarding traffic while the secondary RPM is coming online. • Advertise to all BGP neighbors and peer-groups that the forwarding state of all routes has been saved. This prompts all peers to continue saving the routes they receive from your E-Series and to continue forwarding traffic.
  • Page 214 Command Syntax Command Mode Purpose neighbor {ip-address | CONFIG-ROUTER-BGP Set maximum time to retain the restarting neighbor’s or peer-group’s stale paths. Default peer-group-name} graceful-restart [ stale-path-time time-in-seconds] is 360 seconds. Filter on an AS-Path attribute The BGP attribute, AS_PATH, can be used to manipulate routing policies. The AS_PATH attribute contains a sequence of AS numbers representing the route’s path.
  • Page 215 Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an AS-PATH ACL to filter a specific AS_PATH value. Step Command Syntax Command Mode Purpose ip as-path access-list CONFIGURATION Assign a name to a AS-PATH ACL and enter AS-PATH ACL mode.
  • Page 216 Figure 9-27. Filtering with Regular Expression FTOS(config)#router bgp 99 FTOS(conf-router_bgp)#neigh AAA peer-group FTOS(conf-router_bgp)#neigh AAA no shut FTOS(conf-router_bgp)#show conf router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown FTOS(conf-router_bgp)#neigh 10.155.15.2 filter-list 1 in FTOS(conf-router_bgp)#ex Create the Access List and Filter FTOS(conf)#ip as-path access-list Eagle...
  • Page 217: Redistribute Routes

    Table 9-4. Regular Expressions Regular Expression Definition + (plus) Matches 1 or more sequences of the immediately previous character or pattern. ? (question) Matches 0 or 1 sequence of the immediately previous character or pattern. ( ) (parenthesis) Specifies patterns for multiple use when followed by one of the multiplier metacharacters: asterisk *, plus sign +, or question mark ? [ ] (brackets) Matches any enclosed character;...
  • Page 218 Command Syntax Command Mode Purpose ROUTER BGP or Include specific OSPF routes in IS-IS. Configure redistribute ospf process-id [ match external { 1 | 2 } | match CONF-ROUTER_BGPv6_AF the following parameters: internal ] [ metric-type { external | • process-id range: 1 to 65535 internal }] [ route-map •...
  • Page 219 • All routes with the NO_EXPORT_SUBCONFED (0xFFFFFF03) community attribute are not sent to CONFED-EBGP or EBGP peers, but are sent to IBGP peers within CONFED-SUB-AS. • All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised. • All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers.
  • Page 220 Step Command Syntax Command Mode Purpose { permit | deny } {{ rt | soo } CONFIG-COMMUNITY- Two types of extended communities are {ASN:NN | IPADDR:N} | LIST supported. Filter routes based on the type of regex REGEX-LINE} extended communities they carry using one of the following keywords: •...
  • Page 221 Use these commands in the following sequence, starting in the CONFIGURATION mode, To use an IP Community list or Extended Community List to filter routes, you must apply a filter to match community a route map and then apply that route map to a BGP neighbor or peer group. Step Command Syntax Command Mode...
  • Page 222 If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group.
  • Page 223 Figure 9-29. Command example: show ip bgp community (Partial) FTOS>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric...
  • Page 224 Change MED attribute By default, FTOS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. Use any or all of the following commands in the CONFIGURA TION ROUTER BGP mode to change how the MED attribute is used. Command Syntax Command Mode Purpose...
  • Page 225 Step Command Syntax Command Mode Purpose set local-preference value CONFIG-ROUTE-MAP Change LOCAL_PREF value for routes meeting the criteria of this route map. exit CONFIG-ROUTE-MAP Return to the CONFIGURATION mode. router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. neighbor {ip-address | CONFIG-ROUTER-BGP Apply the route map to the neighbor or peer peer-group-name} route-map...
  • Page 226 Use the command in CONFIGURATION ROUTER BGP mode or the show config show running-config command in EXEC Privilege mode to view BGP configuration. You can also use route maps to change this and other BGP attributes. For example, you can include the following command in a route map to specify the next hop address: Command Syntax Command Mode...
  • Page 227 • AS-PATH ACLs (using command) neighbor filter-list • route maps (using command) neighbor route-map Prior to filtering BGP routes, you must create the prefix list, AS-PATH ACL, or route map to be used. Refer to Chapter 6, “Access Control Lists (ACLs),” on page 89 for configuration information on prefix lists, AS-PATH ACLs, and route maps.
  • Page 228 To view the BGP configuration, use the command in the ROUTER BGP mode. To view a show config prefix list configuration, use the commands in show ip prefix-list detail show ip prefix-list summary EXEC Privilege mode. Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using a route map.
  • Page 229 Step Command Syntax Command Mode Purpose neighbor {ip-address | CONFIG-ROUTER-BGP Filter routes based on the criteria in the configured route map. Configure the following peer-group-name} filter-list as-path-name { in | out } parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name.
  • Page 230 When you enable a route reflector, FTOS automatically enables route reflection to all clients. To disable route reflection between all clients in this reflector, use the command in no bgp client-to-client reflection CONFIGURATION ROUTER BGP mode. All clients should be fully meshed before you disable route reflection.
  • Page 231 Configure BGP confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, BGP confederations are recommended only for IBGP peering involving a large number of IBGP peering sessions per router. Basically, when you configure BGP confederations, you break the AS into smaller sub-AS, and to those outside your network, the confederations appear as one AS.
  • Page 232 When dampening is applied to a route, its path is described by one of the following terms: • history entry—an entry that stores information on a downed route • dampened path—a path that is no longer advertised • penalized path—a path that is assigned a penalty The CLI example below shows configuring values to start reusing or restarting a route, as well as their default values.
  • Page 233 To view the BGP configuration, use in the CONFIGURATION ROUTER BGP mode or show config in EXEC Privilege mode. show running-config bgp To set dampening parameters via a route map, use the following command in CONFIGURATION ROUTE-MAP mode: Command Syntax Command Mode Purpose set dampening half-life reuse...
  • Page 234 To view which routes are dampened (non-active), use the command in show ip bgp dampened-routes EXEC Privilege mode. Use the following command in EXEC Privilege mode to clear information on route dampening and return suppressed routes to active state. Command Syntax Command Mode Purpose clear ip bgp dampening...
  • Page 235 Change BGP timers Use either or both of the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP timers. Command Syntax Command Mode Purpose neighbors {ip-address | CONFIG-ROUTER-BGP Configure timer values for a BGP neighbor or peer group. peer-group-name} timers •...
  • Page 236 Use the command in EXEC Privilege mode at the system prompt to reset a BGP connection clear ip bgp using BGP soft reconfiguration. Command Syntax Command Mode Purpose EXEC Privilege Clear all information or only specific details. clear ip bgp {* | neighbor-address | AS Numbers *: Clear all peers | ipv4 | peer-group-name } [soft...
  • Page 237 Route map continue The BGP route map feature (in ROUTE-MAP mode) allows movement from one route-map continue entry to a specific route-map entry (the ). If the sequence number is not specified, the sequence number continue feature moves to the next sequence number (also known as an implied continue). If a match clause exists, the feature executes only after a successful match occurs.
  • Page 238: Mbgp Configuration

    MBGP Configuration MBGP for IPv6 unicast is supported on platforms MBGP for IPv4 Multicast is supported on platform MBGP is not supported on the E-Series ExaScale x platform. Multiprotocol BGP (MBGP) is an enhanced BGP that carries IP multicast routes. BGP carries two sets of routes: one set for unicast routing and one set for multicast routing.
  • Page 239: Bgp Regular Expression Optimization

    BGP Regular Expression Optimization BGP policies that contain regular expressions to match against as-paths and communities might take a lot of CPU processing time, thus affect BGP routing convergence. Also, commands that get filtered show bgp through regular expressions can to take a lot of CPU cycles, especially when the database is large. FTOS optimizes processing time when using regular expressions by caching and re-using regular expression evaluated results, at the expense of some memory in RP1 processor.
  • Page 240: Storing Last And Bad Pdus

    to disable all BGP debugging. no debug ip bgp to disable all debugging. undebug all Storing Last and Bad PDUs FTOS stores the last notification sent/received, and the last bad PDU received on per peer basis. The last bad PDU is the one that causes a notification to be issued. These PDUs are shown in the output of the command , as shown in Figure...
  • Page 241: Capturing Pdus

    Capturing PDUs Capture incoming and outgoing PDUs on a per-peer basis using the command capture bgp-pdu neighbor Disable capturing using the no form of this command. direction. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction.
  • Page 242: Pdu Counters

    • New PDU are captured and there is no more space to store them • The max buffer size is reduced. (This may cause PDUs to be cleared depending upon the buffer space consumed and the new limit.) With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs, as shown in Figure 9-36.
  • Page 243 Figure 9-37 is a graphic illustration of the configurations shown on the following pages. These configurations show how to create BGP areas using physical and virtual links. They include setting up the interfaces and peers groups with each other. Figure 9-37. Sample Configuration Illustration Physical Links AS 99 Virtual Links...
  • Page 244 Figure 9-38. Enable BGP - Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config interface GigabitEthernet 1/21 ip address 10.0.1.21/24 no shutdown R1(conf-if-gi-1/21)#int gig 1/31...
  • Page 245 Figure 9-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 R2(conf-if-gi-2/11)#ip address 10.0.1.22/24 R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#show config interface GigabitEthernet 2/11 ip address 10.0.1.22/24 no shutdown R2(conf-if-gi-2/11)#int gig 2/31...
  • Page 246 Figure 9-40. Enable BGP - Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int gig 3/11 R3(conf-if-gi-3/11)#ip address 10.0.3.33/24 R3(conf-if-gi-3/11)#no shutdown R3(conf-if-gi-3/11)#show config interface GigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int gig 3/21...
  • Page 247 Figure 9-41. Enable Peer Group - Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# neighbor AAA peer-group R1(conf-router_bgp)# neighbor AAA no shutdown R1(conf-router_bgp)# neighbor BBB peer-group R1(conf-router_bgp)# neighbor BBB no shutdown R1(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA R1(conf-router_bgp)# neighbor 192.168.128.3 peer-group BBB R1(conf-router_bgp)# R1(conf-router_bgp)#show config router bgp 99...
  • Page 248 Figure 9-42. Enable Peer Groups - Router 1 continued Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer...
  • Page 249 Figure 9-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA R2(conf-router_bgp)# neighbor 192.168.128.1 no shut R2(conf-router_bgp)# neighbor 192.168.128.3 peer BBB R2(conf-router_bgp)# neighbor 192.168.128.3 no shut R2(conf-router_bgp)#show conf...
  • Page 250 Figure 9-44. Enable Peer Group - Router 3 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3(conf-router_bgp)# neighbor 192.168.128.1 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.1 no shutdown R3(conf-router_bgp)#...
  • Page 251 Figure 9-45. Enable Peer Groups - Router 3 continued Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 2, neighbor version 2 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer...
  • Page 252 Border Gateway Protocol...
  • Page 253: Bare Metal Provisioning 3.0 (bmp 3.0)

    Bare Metal Provisioning 3.0 (BMP 3.0) Bare Metal Provisioning 3.0 (BMP 3.0) is included as part of the FTOS image. It is supported on platforms Overview Bare Metal Provisioning (BMP) is a feature that improves operational efficiency to the system by automatically loading pre-defined configurations and FTOS images using standard protocols such as DHCP and common file transfer mechanisms.
  • Page 254: Prerequisites

    Configuration Tasks • Script Examples Prerequisites Before you use BMP 3.0 to auto-configure a supported Dell Force10 switch, you must first configure: • An external Dynamic Host Configuration Protocol (DHCP) server (required) - a network device offering configuration parameters •...
  • Page 255: Preparing Bmp

    1. Current (new) FTOS build image. 2. Configuration file or pre-configuration script (ZSH, TCL, or Expect script). 3. A list of checksums for all these components. Note: The configuration file is to maintain normal BMP functionality when a pre-configuration script is not sent.
  • Page 256 • User port stacking Note: BMP will eventually exit when the timeout occurs. DHCP Retry Mechanism BMP requests a different DHCP offer in the following scenarios: • If the command is enabled, the DHCP offer specifies both reload-type config-scr-download enable the boot image and the configuration file.
  • Page 257: File Server

    FTP URL with IP address option configfile "ftp://admin:admin@30.0.0.1/pt-s4810-12"; HTTP URL with DNS option configfile "http://Guest-1/pt-s4810-12"; TFTP option configfile "pt-s4810-12"; ##### bootfile-name could be given in the following way FTP URL with DNS option bootfile-name “ftp://admin:admin@Guest-1/ FTOS-SE-8.3.10.1.bin”; HTTP URL with IP address option bootfile-name "http://30.0.0.1/FTOS-SE-8.3.10.1.bin”;...
  • Page 258: Bmp Mode

    BMP mode is the default boot mode configured for a new system arriving from Dell Force10. This mode obtains the FTOS image and configuration file from a network source (DHCP and file servers). Use Normal mode to boot the switch up with the management port in a no shutdown mode. If the management IP address is present in the start-up configuration file, it will be assigned.
  • Page 259: Normal Mode

    Normal Mode When reloaded in Normal mode, the switch boots up with the management port in a no shutdown mode. If the management IP address is present in the start-up configuration file, it will be assigned. If the management IP address is not present in the start-up configuration file, no IP address will be assigned to the management interface.
  • Page 260: Post-configuration Scripts

    Post-configuration Scripts In BMP 3.0, after the pre-configuration script has completed and the configuration is loaded, you can run a post-configuration script if one is present in the configuration file. Use the post-configuration script to check the status of configured ports or protocols which can then be sent as a status report to a central repository for your network administrators.
  • Page 261: Configuration Tasks

    Configuration Tasks When the system boots up in BMP mode all ports, including management ports, are placed in L3 mode in state. The system acts as a DHCP client on these ports for a period of time (dhcp-timeout). This no shut allows the system time to send out a DHCP DISCOVER on all the ports to the DHCP Server interface up...
  • Page 262: System Boot And Set-up Behavior In Bmp Mode

    System boot and set-up behavior in BMP Mode 1. System begins boot up process in BMP mode (default mode). 2. The system sends DHCP Discover on all the interface up ports. 00:01:31: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Ma 0/0. 00:01:31: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Te 0/0.
  • Page 263: Bmp Mode: Boot And Set-up Behavior

    • If there is a mismatch between the build images, the system upgrades to the downloaded version and reloads. 00:03:06: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_RELEASE_HEADER_INFO: Downloaded Image Major Version 00:03:06: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_RELEASE_HEADER_INFO: Downloaded Image Minor Version 00:03:06: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_RELEASE_HEADER_INFO: Downloaded Image Main Version 00:03:06: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_RELEASE_HEADER_INFO: Downloaded Image Patch Version 00:03:06: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_RELEASE_HEADER_INFO:...
  • Page 264 Reload without a DHCP Server Offer A switch configured to reload in BMP mode and if the DHCP server cannot be reached, the system keeps on sending DISCOVER messages. 00:01:44: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Te 0/50. 00:01:44: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Te 0/51. 00:01:44: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent on Ma 0/0.
  • Page 265 2. The system receives a DHCP offer from a DHCP server with the following parameters: 13:23:47: %STKUNIT0-M:CP %JUMPSTART-5-BOOT_OFFER: DHCP acquired IP 10.16.134.167 mask 255.255.0.0 server IP 10.16.134.207. 13:23:48: %STKUNIT0-M:CP %JUMPSTART-5-BOOT_OFFER: DHCP tftp IP NIL sname NIL dns IP NIL router IP NIL. 13:23:48: %STKUNIT0-M:CP %JUMPSTART-5-BOOT_OFFER: DHCP image file tftp://10.16.127.53/mxl.bin.
  • Page 266 The first line of the script must contain one of the following: #!/usr/bin/expect #!/usr/bin/tclsh #!/usr/bin/zsh 2. After the first line, but before the actual start of the script, the script must contain the signature “#/ DELL-FORCE10”. Bare Metal Provisioning 3.0 (BMP 3.0)
  • Page 267: Reload Using The Auto-execution Script (normal Mode Only)

    The auto-execution script can be written in Expect, TCLSH, or ZSH. If the SmartScripts package is already installed, the post-configuration script can also be written in PERL or Python. • No restraints are required for the auto-execution script, such as the signature “#/DELL-FORCE10” that is required for the pre-configuration script. •...
  • Page 268: Script Examples

    /f10 (mfs:21)... unmounting /kern (kernfs)... unmounting / (/dev/md0a)... done rebooting þ Starting Dell Force10 application 00:00:13: %STKUNIT1-M:CP %RAM-6-ELECTION_ROLE: Stack unit 1 is transitioning to Management unit. 00:00:15: %STKUNIT1-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present Bare Metal Provisioning 3.0 (BMP 3.0)
  • Page 269 Dell Force10 Real Time Operating System Software Dell Force10 Operating System Version: 2.0 Dell Force10 Application Software Version: 1-0(0-338) Copyright (c) 1999-2012 by Dell Inc. All Rights Reserved. Build Time: Thu Dec 27 21:32:28 2012 Build Path: /sites/sjc/work/build/buildSpaces/build06/FIT-INDUS-1-0-0/SW/SRC System image file is "dt-maa-s4810-72"...
  • Page 270 The following line indicates the successful completion of the auto-execution script. 00:00:49: %STKUNIT1-M:CP %JUMPSTART-5-AUTOEXEC_SUCCESS: The AutoExec Script execution returned Success. The following line indicates that the Configuration file is loaded into the switch. FTOS#00:00:51: %STKUNIT1-M:CP %SYS-5-CONFIG_LOAD: Loading configuration file 00:00:52: %STKUNIT1-M:CP %IFMGR-5-ASTATE_UP: Changed interface Admin state to up: Te 0/36 00:00:53: %STKUNIT1-M:CP %IFMGR-5-ASTATE_DN: Changed interface Admin state to down: Ma 0/0 Bare Metal Provisioning 3.0 (BMP 3.0)
  • Page 271: Pre-configuration Script - Bmp Mode

    Pre-configuration Script - BMP Mode #! /usr/bin/expect #/DELL-FORCE10 # Execute F10do and Print proc print_f10do {cmd_str} { set str [exec f10do "$cmd_str"] set tmp_str [string map {\n \r\n} $str ] puts $tmp_str set ftp_ip "20.0.0.1" set ftp_username "lab" set ftp_passwd "lab"...
  • Page 272 after 5000 puts "Download Complete !!!\r\n" if {[file exists $config_file]} { puts "Config File: $config_file downloaded successfully\r\n" } else { puts "ERROR: Config File: $config_file - Not Found\r\n" if {[file exists $post_conf]} { puts "Post Config Script: $post_conf downloaded successfully\r\n" } else { puts "ERROR: Post Config Script: $post_conf - Not Found\r\n"...
  • Page 273: Content Addressable Memory

    Content Addressable Memory (CAM) is a type of memory that stores information in the form of a lookup table. On Dell Force10 systems, the CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACL), flows, and routing policies. On Dell Force10 systems, there are one or two CAM (Dual-CAM) modules per port-pipe depending on the type of line card.
  • Page 274: Cam Profiles

    Either ExaScale 10G or 40G CAM line cards can be used in a system. CAM Profiles Dell Force10 systems partition each CAM module so that it can store the different types of information. The size of each partition is specified in the CAM profile. A CAM profile is stored on every card, including each RPM.
  • Page 275: Microcode

    Microcode Microcode is a compiled set of instructions for a CPU. On Dell Force10 systems, the microcode controls how packets are handled. There is a default microcode, and several other microcodes are available, so that you can adjust packet handling according to your application.
  • Page 276: Cam Profiling For Acls

    Table 11-3. Microcode Descriptions Microcode Description default Distributes CAM space for a typical deployment For applications that require the same hashing for bi-directional traffic (for lag-hash-align example, VoIP call or P2P file sharing). For port-channels, this microcode maps both directions of a bi-directional flow to the same output link. lag-hash-mpls For hashing based on MPLS labels (up to five labels deep).
  • Page 277: Boot Behavior

    You can re-configure the amount of space, in percentage, allocated to each sub-partition As with the IPv4Flow partition, you can configure the Layer 2 ACL partition from EXEC Privilege mode or CONFIGURATION mode. The amount of space that you can distribute to the sub-partitions is equal to the amount of CAM space that the selected CAM profile allocates to the Layer 2 ACL partition.