Thursday, May 10, 2012

Making Changes to MST Config with Care

Multiple Spanning Tree (MST) is great for VLAN spanning tree management and load-balancing. In concept, you can have multiple VLANs and group them up into 2 regions. Instead of managing every individual VLAN spanning tree, you would just need to manage the two MST regions regardless of the number of VLANs.

However, for two or more switches to be in the same MST region, they must have the identical MST name,
VLAN-to-instance mapping, and MST revision number. Any changes applied to existing MST configuration on one switch but not on others would cause network disruptions. To minimize such disruptions, learn to make MST changes but only commit them until all switches are 'standardized' in the new MST configuration.

This is how to enter MST configuration sub-mode on the switch:
switch# configure terminal
switch(config)# spanning-tree mst configuration

This shows how to leave MST-submode configuration on the switch without committing the
changes:
switch(config-mst)# abort

This shows how to commit the changes and leave MST configuration sub-mode on the switch:
switch(config-mst)# exit

For more information, download this Cisco "Configuring MST" doc.

Tuesday, May 8, 2012

How to add new interfaces on Juniper SRX chassis cluster

There are many good JUNOS articles on setting up the Juniper SRX chassis. But I just want to summarize the steps on how to add new interfaces to existing chassis cluster. In other words, the following pre-requites are complete as follows:
  1. Configuring Chassis Cluster information on both nodes e.g. set chassis cluster-id 1 node 0 
  2. Configuring Redundancy Groups (RG) and specify which node should be the primary node for each RG. e.g. set chassis cluster redundancy-group 1 node 0 priority 200. This is also where you determine whether it is a Active-Passive or Active-Active setup
  3. Configuring Out-of-Band management interface for fxp0 - optional
  4. Configuring Virtual Routing instances (a.k.a VRF-lite in Cisco networking) - optional 
  5. Configure the number of Redundant Interfaces using "set chassis cluster reth-count n" where n is the number of reth.
  6. Configuring Redundant Interface (reth) using at least one interface from each node
  7. Configuring control link using fxp1 interface where configuration synchronization takes place between 2 nodes 
  8. Configuring fabric interface (fabn where n denotes the node id) consisting of at least one ethernet interface from each node
  9. Successful cluster setup!
After you have established the cluster successfully, you may wish to add more interfaces to it. The additional steps are as follows:

Step1: Increase the reth count by using
  • set chassis cluster reth-count n where n is the new number of reth interfaces
Step 2: Identify 2 similar interfaces (one from each node e.g. ge-0/0/2 and ge-8/0/2) to form a new reth. e.g. 
  • set interfaces ge-0/0/2 gigether-options redundant-parent reth2
  • set interfaces ge-8/0/2 gigether-options redundant-parent reth2
Step 3: Configure new reth2 by heading to "edit interfaces reth2"
  • Enable VLAN tagging if you intend to use VLAN: "set vlan-tagging"
  • Create new sub-interface: "set unit nnn vlan-id " where nnn is any sub-interface number.
  • Assign IP address to sub-interface: "set unit nnn family inet address 1.1.1.1/24" 
  • Return to top level edit: "top"
Step 4: Assign this interface to the virtual routing instance
  • set routing-instances interface reth2.nnn
Step 5: Assign this interface to the appropriate security zone
  • set security zones security-zone interfaces reth2.nnn
Step 6: Check new configurations and commit
  • top
  • show | compare rollback 0
  • commit

Monday, May 7, 2012

Ethernet over MPLS (EoMPLS) Cisco Configuration Makes Simple

Ethernet over MPLS (EoMPLS) is part of Cisco's Any Transport over MPLS to provide L2 connectivity (pseudo-wire) over MPLS cloud. If you wish to extend EoMPLS on L3 VLAN interface (SVI-based EoMPLS or SwEoMPLS), you must have an OSM or an Enhanced FlexWAN module on the MPLS core-facing interface. Otherwise, you can configure PFC-based EoMPLS on a physical interface or sub-interface. In this example, we would use PFC-based EoMPLS on Cisco IOS 15.x, as I believe most of us won't have any special interface cards. Consider this network diagram below. We'll extend L2 connectivity on VLAN 10 to connect both servers over the MPLS cloud.



Here, we assume that basic MPLS configuration has been put in place. Configuring EoMPLS would be pretty straightforward.

On both PE1 and PE2 routers:
!

interface GigabitEthernet0/1.10
encapsulation dot1Q 10
xconnect 10.1.1.x 10 encapsulation mpls
no shut

!
Replace above 'x' with the peer PE router ID i.e. on PE1 x = 2 and on PE2 x = 1. The router ID is determined by the "mpls ldp router-id" command on the router.

On both CE1 and CE2 switches, let's assume Gi0/1 switch interface is used to connect to their respective PE routers.
!
Vlan 10
  name EoMPLS
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1Q
switchport mode trunk
!
interface GigabitEthernet0/2
description Host port
switchport mode access
switchport access vlan 10
!

To verify the EoMPLS connectivity, enter "show mpls l2transport vc" on both PE routers. The status should indicate UP. You can also perform "show spanning tree vlan 10" on both CE switches to ensure the sanity of spanning tree i.e. only one of the switches should be the root. And finally, both hosts should be able to ping each other on same IP subnet. For further details, refer to this Cisco article.