Cisco nexus vpc example

Nexus_vpc

Advertisements

Cisco ISATAP example

en
conf t
host R1
int s1/2
ip add 16.16.16.1 255.255.255.0
no shut
int loop0
ip add 129.53.1.1 255.255.255.0
router rip
ver 2
network 0.0.0.0
no auto
int loop1
ipv6 address 2001:db8:1::1/64
!
interface tunnel 126
tunnel source loop0
tunnel mode ipv6ip isatap
ipv6 address 2001:DB8:126::/64 eui-64
!
ipv6 route ::/0 2001:DB8:126::5EFE:8135:606

en
conf t
host R2
int s1/2
ip add 26.26.26.2 255.255.255.0
no shut
int loop0
ip add 129.53.2.2 255.255.255.0
router rip
ver 2
network 0.0.0.0
no auto
int loop2
ipv6 address 2001:db8:2::2/64
!
!
interface tunnel 126
tunnel source loop0
tunnel mode ipv6ip isatap
ipv6 address 2001:DB8:126::/64 eui-64
!
ipv6 route ::/0 2001:DB8:126::5EFE:8135:606

en
conf t
host R6
int s2/2
ip add 26.26.26.6 255.255.255.0
no shut
int s2/1
ip add 16.16.16.6 255.255.255.0
no shut
int loop0
ip add 129.53.6.6 255.255.255.0
router rip
ver 2
network 0.0.0.0
no auto
!
ipv6 unicast-routing
!
interface tunnel 126
tunnel source loop0
tunnel mode ipv6ip isatap
ipv6 address 2001:DB8:126::/64 eui-64
!
ipv6 route 2001:db8:1::/64 2001:DB8:126::5EFE:8135:101
ipv6 route 2001:db8:2::/64 2001:DB8:126::5EFE:8135:202

Screenshot 2014-03-28 06.59.10

Juniper example configuration mpls ldp ospf

set version 8.4R4.2
set system host-name JUNOS1
set system root-authentication encrypted-password “$1$xJ9Ff2ab$AOypQANxk3VEx30Hft94Y1”
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any

set interfaces em0 unit 0 family inet address 21.21.21.1/24
set interfaces em0 unit 0 family mpls
set interfaces em5 unit 0 family inet address 51.51.51.1/24
set interfaces em5 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 11.11.11.11/32

set routing-options router-id 11.11.11.11
set routing-options autonomous-system 1

set protocols ospf traffic-engineering
set protocols ospf area 0.0.0.0 interface em0.0
set protocols ospf area 0.0.0.0 interface lo0.0
set protocols ospf area 0.0.0.0 interface em5.0

set protocols ldp interface em0.0
set protocols ldp interface em5.0

Using NetFlow to isolate packet drops or blocks

Must have netflow configured ingress or egress ‘ip flow ingress/egress’

Use command:

R3#sh ip cache 1.1.1.1 255.255.255.255 flow
IP packet size distribution (86 total packets):
1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
.000 .534 .000 .465 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes
1 active, 65535 inactive, 14 added
180 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 533256 bytes
0 active, 16384 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 2 chunks added
last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
——–         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-Telnet           6      0.0         7    43      0.0       1.9       8.6
ICMP                 7      0.0         5   100      0.0       0.1      15.4
Total:              13      0.0         6    67      0.0       0.9      12.3

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Fa0/1         1.1.1.1         Local         100.100.100.100 01 0000 0800     5

Null DstIf, ACL blocking traffic

R3#sh ip cache flow
IP packet size distribution (952 total packets):
1-32   64   96  128  160  192  224  256  288  320  352  384  416  448  480
.018 .263 .399 .318 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

512  544  576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .000 .000 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 4456704 bytes
7 active, 65529 inactive, 216 added
7632 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 533256 bytes
0 active, 16384 inactive, 0 added, 0 added to flow
0 alloc failures, 0 force free
1 chunk, 1 chunk added
last clearing of statistics never
Protocol         Total    Flows   Packets Bytes  Packets Active(Sec) Idle(Sec)
——–         Flows     /Sec     /Flow  /Pkt     /Sec     /Flow     /Flow
TCP-BGP            125      0.0         2    51      0.0       6.5      14.7
UDP-other           18      0.0         1    28      0.0       0.0      15.5
ICMP                63      0.0         4    98      0.0       0.8      15.4
IP-other             3      0.0        65    79      0.0     599.3      11.2
Total:             209      0.0         3    76      0.1      12.7      15.0

SrcIf         SrcIPaddress    DstIf         DstIPaddress    Pr SrcP DstP  Pkts
Fa0/0         34.34.34.4      Null          8.8.8.8         01 0000 0800     5
Fa0/0         34.34.34.4      Fa1/1*        1.1.1.1         01 0000 0800     5
Fa0/0         34.34.34.4      Fa1/1         1.1.1.1         01 0000 0800     5
Fa0/0         34.34.34.4      Null          224.0.0.5       59 0000 0000   178
Fa1/1         1.1.1.1         Fa0/0         34.34.34.4      01 0000 0000     5
Fa1/1         1.1.1.1         Fa0/0*        34.34.34.4      01 0000 0000     5
R3#sh ip access-lists
Standard IP access list 1
10 deny   8.8.8.8
20 permit any
Extended IP access list EIGHT
10 deny ip any host 8.8.8.8 (5 matches)
20 permit ip any any (19 matches)

en
conf t
host R1
int f0/0
ip add 12.12.12.1 255.255.255.0
no shut
int loop 0
ip add 1.1.1.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 12.12.12.2

en
conf t
host R2
int f0/0
ip add 12.12.12.2 255.255.255.0
no shut
int f1/0
ip add 23.23.23.2 255.255.255.0
no shut
int loop 0
ip add 2.2.2.2 255.255.255.0
ip route 1.1.1.1 255.255.255.255 12.12.12.1
ip route 3.3.3.3 255.255.255.255 23.23.23.3
ip route 100.100.100.100 255.255.255.255 23.23.23.3

en
conf t
host R3
int f0/1
ip add 23.23.23.3 255.255.255.0
ip flow ingress
no shut
int loop 0
ip add 3.3.3.3 255.255.255.0
interface Loopback100
ip address 100.100.100.100 255.255.255.0
ip route 0.0.0.0 0.0.0.0 23.23.23.2

Nexus Static vs Dynamic Pinning

“As these examples show, the choice of pinning mode depends to a large extent on the way that servers are connected to the access switches. For dual-homed servers, static pinning results in more deterministic oversubscription ratios. However, for single-homed servers, dynamic pinning provides increased availability.”

Tiso, John (2011-10-31). Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide: (CCDP ARCH 642-874) (3rd Edition) (Foundation Learning Guides) (Kindle Locations 5819-5821). Pearson Education. Kindle Edition.

Debug to see solicited-node multicast address

R1 = 2001::1/64

R2= 2001::222:22FF:FE22:2222

 

R2#debug ipv6 icmp
  ICMP Packet debugging is on

R2#ping 2001::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:

*Aug  8 16:57:43.463: ICMPv6: Sent echo request, Src=2001::222:22FF:FE22:2222, Dst=2001::1
*Aug  8 16:57:43.467: ICMPv6: Sent N-Solicit, Src=2001::222:22FF:FE22:2222, Dst=FF02::1:FF00:1
*Aug  8 16:57:43.539: ICMPv6: Received N-Advert, Src=2001::1, Dst=2001::222:22FF:FE22:2222
*Aug  8 16:57:43.611: ICMPv6: Checksum error.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 16/22/40 ms
R2#
*Aug  8 16:57:45.463: ICMPv6: Sent echo request, Src=2001::222:22FF:FE22:2222, Dst=2001::1
*Aug  8 16:57:45.507: ICMPv6: Received echo reply, Src=2001::1, Dst=2001::222:22FF:FE22:2222
*Aug  8 16:57:45.511: ICMPv6: Sent echo request, Src=2001::222:22FF:FE22:2222, Dst=2001::1
*Aug  8 16:57:45.527: ICMPv6: Received echo reply, Src=2001::1, Dst=2001::222:22FF:FE22:2222
*Aug  8 16:57:45.531: ICMPv6: Sent echo request, Src=2001::222:22FF:FE22:2222, Dst=2001::1
*Aug  8 16:57:45.547: ICMPv6: Received echo reply, Src=2001::1, Dst=2001::222:22FF:FE22:2222
*Aug  8 16:57:45.547: ICMPv6: Sent echo request, Src=2001::222:22FF:FE22:2222, Dst=2001::1
R2#
*Aug  8 16:57:45.563: ICMPv6: Received echo reply, Src=2001::1, Dst=2001::222:22FF:FE22:2222
R2#
*Aug  8 16:57:48.559: ICMPv6: Received N-Solicit, Src=FE80::211:11FF:FE11:1111, Dst=2001::222:22FF:FE22:2222
*Aug  8 16:57:48.567: ICMPv6: Sent N-Advert, Src=2001::222:22FF:FE22:2222, Dst=FE80::211:11FF:FE11:1111
R2#
*Aug  8 16:57:53.571: ICMPv6: Sent N-Solicit, Src=FE80::222:22FF:FE22:2222, Dst=FE80::211:11FF:FE11:1111
*Aug  8 16:57:53.595: ICMPv6: Received N-Advert, Src=FE80::211:11FF:FE11:1111, Dst=FE80::222:22FF:FE22:2222
R2#
*Aug  8 16:57:58.595: ICMPv6: Received N-Solicit, Src=FE80::211:11FF:FE11:1111, Dst=FE80::222:22FF:FE22:2222
*Aug  8 16:57:58.603: ICMPv6: Sent N-Advert, Src=FE80::222:22FF:FE22:2222, Dst=FE80::211:11FF:FE11:1111
R2#
*Aug  8 16:59:32.423: ICMPv6: Sent R-Advert, Src=FE80::222:22FF:FE22:2222, Dst=FF02::1