504 0959_05F9_c1
1
© 1999, Cisco Systems, Inc.
Deploying Campus-Based Protocols Session 504
504 0959_05F9_c1
© 1999...
18 downloads
607 Views
1MB Size
Report
This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Report copyright / DMCA form
504 0959_05F9_c1
1
© 1999, Cisco Systems, Inc.
Deploying Campus-Based Protocols Session 504
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
2
1
Agenda
• Intelligent Networking • Cisco’s Embedded Switch Protocols •Q&A
504 0959_05F9_c1
3
© 1999, Cisco Systems, Inc.
Part I Intelligent Networking
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
4
2
Evolving Campus Environment Client Server
Intranet Campus Evolution to Intranet Model Video Server
• Scale Performance • Application Awareness • Centralized Control and Visibility • Investment Protection • Directory Enabled • One-to-one communication • Multiprotocol traffic • Predictable workgroup traffic follows 80/20 rule • Many application interfaces 504 0959_05F9_c1
WWW Server
• Any-to-any communication • Exponential traffic growth • Unpredictable traffic patterns 80/20 rule no longer applies • Ubiquity of multimedia • Support for multicasting 5
© 1999, Cisco Systems, Inc.
Intelligent Agent Technologies • Industry standards SNMP: Device get and sets RMON1/2: Traffic monitoring
• Cisco extensions CDP: Adjacent neighbor discovery
Intelligent Agents
ISL/802.1Q: VLAN trunking DTP: Error free trunking enablement CGMP: Optimized multicast flooding Broadcast suppression Spanning tree convergence extensions 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
6
3
Cisco’s Key Campus Differentiator Linkages in Cisco IOS™ Cisco IOS VLANs
Routers
End-to-End Scalable Bandwidth
Switches
504 0959_05F9_c1
Network Multimedia/ Resilience Multicast
InterVLAN DHCP
EIGRP HSRP
RSVP/PIM Priority
Desktop VLANs DISL
STP UplinkFast CDP
IGMP/ CGMP
Campus Security
Traffic Monitoring Manageability
CBAC Accounting Lock and Netflow Key Access Lists Data Encryption Export
Port Lockdown
Embedded RMON
7
© 1999, Cisco Systems, Inc.
Part II Cisco’s Embedded Switch Protocols 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
8
4
Embedded Switch Protocols • CDP (Cisco Discovery Protocol) • ISL—802.1Q Interworking • DTP (Dynamic Trunk Protocol) • CGMP (Cisco Group Management Protocol) • Broadcast Suppression • Spanning Tree Extensions 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
9
Issue: Lack of Layer 2 to Layer 3 Perspectives
• NMS topology views extremely IP-centric • NMS views don’t reflect Layer 2 topology • NMS views unable to provide visibility and control in switched environments 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
10
5
Cisco Discovery Protocol (CDP)
• What is CDP?
Cisco Discovery Protocol
An advertisement protocol CDP is media independent CDP is protocol independent
Cisco Discovery Protocol
Visibility into network adjacencies On almost all Cisco devices 504 0959_05F9_c1
Cisco Discovery Protocol
Cisco Discovery Protocol
11
© 1999, Cisco Systems, Inc.
Cisco Discovery Protocol • CDP agent listens to neighboring devices • Device parameters periodically exchanged
Discovery Exchange • IP Address • Device Type • Software Revision • Device Name
Cisco Discovery Protocol
• Each device maintains “CDP” cache table Cisco and populates Discovery a CDP MIB Protocol • Tables can be read by management application • Applicable across all frame networks and for all media 504 0959_05F9_c1
Cisco Discovery Protocol
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Cisco Discovery Protocol
12
6
Cisco Discovery Protocol • Uses multicast address 01-00-0C-CC-CC-CC • Enabled by default • Selectively tuned by device/interface/sub-interface • Default advertisement interval is 60 seconds • Default time-to-live is 180 seconds • CDP time-to-live set to zero for interface down or disable • CDP packets redirected to supervisor, not flooded • IETF WG activity (http://www.ietf.org/html.charters/ptopomib-charter.html) 504 0959_05F9_c1
13
© 1999, Cisco Systems, Inc.
CDP on Routers 802.10
MINERVA
LANE
802.10 FDDI VLAN Backbone
JUPITER ZEUS
JUNO
1
C1200
2/3
HERCULES 2/1 7513 3/1 3/3
CRONUS 2/2 RHEA 2/1 C5000 3/13/2 3/1 3/2 C5000
hercules#show cdp Global CDP Information:1010 Sending CDP Packets Every 60 Seconds Sending a Holdtime Value of 180 Seconds
S - Switch, H - Host, I - IGMP, r - Repeater Capability Platform Port ID TS WS-C5000 2/1-2 HADES 062015145(zeus) Fddi0 172 RS WS-C1202 1
Device ID 1/1 Local Intrfce Holdtme 003166185(apollo) Fddi0 APOLLO ATLAS 136
C5000
ADONIS C5000 504 0959_05F9_c1
003270690(rhea)
4/2 MIDAS C3200
1010
hercules#show cdp neighbor
2/1Capability Codes: 3/1 R - Router, T - Trans Bridge, B - Source Route Bridge
003292590(cronus)
4/1
1010
C5000
Fas 0 Fas 1
1/2
C3200
179
TS
WS-C5000
2/3
171
TS
WS-C5000
3/3
hercules# show cdp traffic VENUS CDP counters: Packets Output: 6769, Input:C5000 17316 Hdr Syntax: 0, Chksum Error: 0, Encaps Failed: 0 No Memory: 0, Invalid Packet: 0, Fragmented: 0
ISL
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
14
7
CDP on Switches 802.10
MINERVA
LANE
802.10 FDDI VLAN Backbone
JUPITER ZEUS
JUNO
1
C1200
1010
HERCULES
apollo_192.10.10.77> (enable) show cdp 2/1 [detail] 7513 Usage: show cdp neighbors [mod_num] 3/1 [detail] show cdp neighbors [mod_num/port_num] show cdp port [mod_num] 3/3 show cdp port 2/3 [mod_num/port_num]
1010 2/1
3/1 1/1
apollo_192.10.10.7> neighbor CRONUS (enable) 2/2 show cdp RHEA APOLLO my Port Device-ID Port-ID Platform Capability
2/1 C5000
1/1
3/13/2 3/1 3/2 C5000
003166175(venus)
2/1-2 062015145(zeus)
4/1
4/2
2/1-2 hercules 2/1-2 hercules 2/1-2 hercules ADONIS 3/1-2 jupiter 504 0959_05F9_c1
1010
1/2
WS-C5000
TS
1
WS-C1202
RS
Fddi0 cisco 7500 Fddi0.1 cisco 7500 Fddi0.2 MIDAS cisco 4500
ATM2/0/0.1 C5000
ATLAS
C5000
C5000
HADES C3200
1/2
R R R
VENUS C5000
cisco ASP C3200
ISL 15
© 1999, Cisco Systems, Inc.
CDP Details 802.10
802.10 FDDI VLAN Backbone
ZEUS
1
C1200
2/3
HERCULES 2/1 7513 3/1 3/3
CRONUS 2/2 RHEA 2/1 C5000 3/13/2 3/1 3/2 C5000
apollo_192.10.10.7> (enable) show cdp neighbor detail Device-ID: 003166175 (venus) MINERVA Device Addresses: IP Addresses: 192.10.10.2 Holdtime: 135 sec Capabilities: TRANSPARENT_BRIDGE SWITCH Version: JUPITER 1010 WS-C5000 Software, Version Mcp SW: 2.1(5) Nmp SW: 2.1(5) Copyright (c) 1995,1996 by Cisco Systems Platform: WS-C5000 JUNO Port-ID (Port on Device): 1-2 Port (Our Port): 1/1 1010
LANE
Device-ID: 062015145(zeus) Device Addresses: 1010 IP Address: 192.10.10.6 Holdtime: 2/1 3/1 151 sec Capabilities: ROUTER SWITCH Version: WS-C1202 Software, Ver Dmp SW: 4.21 Nmp SW: 4.21 1/1 1994,1995 by CiscoHADES Systems APOLLO Copyright (c) ATLAS DMP S/W Compiled on Aug 9 1996 10:54:03 C5000NMP S/W Compiled C5000 C3200 on Aug 9 1996 10:19:13
1/2 4/1
4/2
ADONIS C5000 504 0959_05F9_c1
VENUS C5000
MIDAS C3200
ISL
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
16
8
Embedded Switch Protocols • CDP (Cisco Discovery Protocol) • ISL—802.1Q interworking • DTP (Dynamic Trunk Protocol) • CGMP (Cisco Group Management Protocol) • Broadcast suppression • Spanning tree extensions 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
17
Issue: ISL—802.1Q Interworking
• Multitude of tagging approaches • Understanding 802.1Q standard • Understanding solved problem
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
18
9
VLAN Tagging Protocols
• 802.10 • ISL
VLAN Tag Added by Incoming Port
• 802.1Q
Which Tag and Which Protocol?
• LANE
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
19
What Is a VLAN in 802.1Q? Two possible models • Access VLANs These VLANs are a way to specify filters to limit endstation-to-endstation connectivity
on a single, bridged LAN
• Independent VLANs These VLANs are a way to utilize one physical plant to carry multiple, independent bridged LANs 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
20
10
Access VLANs in 802.1Q
• It is a single bridged LAN, with filters • Access VLANs mandate a single spanning tree for the whole network, because they have one filtering database for all VLANs in each bridge
504 0959_05F9_c1
21
© 1999, Cisco Systems, Inc.
Access VLANs in 802.1Q • One-way VLANs Half-duplex conversations within different VLANs Bridge 1 never sees F’s source on yellow or blue, nor X’s or Y’s sources on green Filtering database must ignore “color”
X F
1
2
Y 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
22
11
Independent VLANs in 802.1Q • It is possible to build larger networks… If the scope of each VLAN is not global If routers terminating bridged LANs are used
• Per VLAN filtering database • Able to work with: A single spanning tree One spanning tree per VLAN Multiple VLANs in each of several spanning trees 504 0959_05F9_c1
23
© 1999, Cisco Systems, Inc.
Independent VLANs • They support duplicate MAC addresses E.g.
DECNet phase IV routers Dual-Ethernet Sun workstations Bridge protocols between VLANs Route IP
X
Bridge NetBEUI
Y R1
S1
X
X Y
S2
• When R1 bridges protocols between VLANs X and Y, S1 and S2 see duplicate MAC addresses for Y and X 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Y
24
12
Number of “Filtering Databases” • MFD/SE Multiple Filtering Database—Single Entry Natural solution for independent VLANs Compatible with multiple spanning trees
• SFD/ME Single Filtering Database—Multiple Entry Access VLAN method attempted to support duplicated MAC addresses Requires a single spanning tree Duplicate MAC addresses are common!!! 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
25
Internetworking between VLANs • Using routers Classical approach Scaling proven and understood
• Layer 2 shortcuts Switches create shortcuts between VLANs Limited scalability
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
26
13
IEEE 802 LMSC • 802 LAN/MAN standards committee 802.1: Higher layer interfaces (*) 802.1D (transparent bridging) 802.1D Reaffirmation 802.1p Priorities/GARP/GMRP 802.1Q VLANs/GVRP 802.3ac 802.3: CSMA/CD (Ethernet) 504 0959_05F9_c1
27
© 1999, Cisco Systems, Inc.
Frame Tagging • Contains VLAN membership information • Implicit tagging No tag is added to the frame Easy in connection-oriented approaches Difficult for multicast/broadcast frames
• Explicit tagging A tag is added to each frame The tag carries the VLAN membership information The tag may carry additional information 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
28
14
Explicit Tagging • Where to position the tag in the frame? • Two possibilities:
802.1Q
One level tagging Also called “Internal tagging”
ISL
Two level tagging Also called “External tagging”
• Both must be implemented in ASICs for wire speed performance 504 0959_05F9_c1
29
© 1999, Cisco Systems, Inc.
One Level Tagging
• Tag added inside of original frame • The tagged frame is a valid format for “VLAN unaware” devices MAC SA and DA are unchanged An exception: it may be a baby giant! (>1518B) 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
30
15
Baby Giants
• Addition of extra tag bytes creates “Baby Giants” • How to accommodate the extra bytes for the tag in the frame? 802.1 is persuading 802.3 to increase the maximum frame size from 1518 to 1522 (four extra bytes) 504 0959_05F9_c1
31
© 1999, Cisco Systems, Inc.
IEEE 802.3ac • IEEE standards for local and metropolitan area networks: Supplement to Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access Method and Physical Layer Specification Frame Extension for Virtual Bridged Local Area Networks (VLAN) Tagging on 802.3 Networks
• Approved—Sept 1998 • Main topic: Extend maximum frame size from 1518 to 1522 octets 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
32
16
IEEE 802.1Q • IEEE standards for local and metropolitan area networks: Virtual bridged local area network
• Draft 11—approved • Two main topics: Bridged/switched networks VLANs (Virtual LANs) 504 0959_05F9_c1
33
© 1999, Cisco Systems, Inc.
Example of One Level Tagging Tagging Ethernet—IEEE 802.3 New Field Ethernet v2.0 PREAM. SFD Octets 7
1
PREAM. SFD
DA
SA
TAG
PT
DATA
FCS
6
6
4
2
From 46 to 1500
4
DA
SA
TAG
PT
DATA
FCS
IEEE 802.3 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
34
17
802.1Q Tagging Scheme 6
Destination Address
6
Source Address
2
EtherType = TPID
3
1
User CFI Priority VID (VLAN ID) —12 Bits
2 Tag Control Information 2
MAC Length/Type
• IEEE 802.3ac
MAC DATA
42 1500
• IEEE 802.1Q PAD
• IEEE 802.1p
FCS
4 504 0959_05F9_c1
Used in:
35
© 1999, Cisco Systems, Inc.
802.1p/Q Tags Dest
Src
6
6
Dest
Src
Len/Etype 2
Data
2
Recompute FCS
FCS
2
…
E/type p/Q Label
Len/Etype
VLAN-ID
Priority
4 Data
FCS
VLAN-ID and T-R Encaps Flag Are .1Q, not .1p
Token-Ring Encapsulation Flag 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
36
18
IEEE 802.1p • IEEE standards for local and metropolitan area networks: Supplement to Media Access Control (MAC) bridges: Traffic class expediting and dynamic multicast filtering
• Draft 11—approved—part of revised 802.1D • Two main topics: Expedited traffic capabilities Filtering services to support the dynamic use of Group MAC addresses 504 0959_05F9_c1
37
© 1999, Cisco Systems, Inc.
Two-Level Tagging • Original frame is left unchanged • New header is added to original frame New SA, DA, (RIF), Ethertype, and VLAN-ID It is possible to support giant frames
• The RIF works better Two-level tagging is a tunneling mechanism It is unclear how source routing works in 1Q
• FCS fix-up in new header allows original frame FCS to be retained 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
38
19
Inter-Switch Link (ISL) • Two-level tagging scheme • Original frame is encapsulated with ISL header and FCS, i.e. two level tagging • Initial support of up to 1,024 VLANs • Implemented in ASICs provides wire speed performance ISL Header 26 Bytes 504 0959_05F9_c1
Encapsulated Frame 1... 1...24.5 24.5 KBytes
FCS 4 Bytes
39
© 1999, Cisco Systems, Inc.
ISL Header Format Destination MAC Address DA
Type
User
SA
LEN AAAA03 HSA VLAN BPDU INDEX RES
01-00-0c-00-00
• The higher 40 bit—multicast destination address • Lowest 8 bits used by type and user field 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
40
20
ISL—Multiple Spanning Trees
• All links in the network are simultaneously used by engineering spanning tree parameters
S1
S2
S3 Red STP Green STP
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
41
Spanning Tree Issues • 802.1Q specifies one spanning tree per bridge cloud, but it does not preclude multiple spanning trees in later revisions of the specification • Cisco uses ‘n’ spanning trees per ‘m’ VLANs, n £ m 802.1Q is therefore the special case n = 1 Current Cisco solution is n = m
• One spanning tree doesn’t allow for load-sharing 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
42
21
802.1Q/ISL • ISL capabilities are superset of 802.1Q ISL also has the user priority field
• Interoperability between SFD and MFD: Yes in simple topologies No in corner cases Yes in a hierarchical manner
• VLAN range of ISL hardware maps to VLAN range of 802.1Q 504 0959_05F9_c1
43
© 1999, Cisco Systems, Inc.
Trunk Types • In Cisco’s VLAN architecture 802.1Q is just another trunk type: ISL, LANE, IEEE 802.1Q, IEEE 802.10 Any mix of these in one VLAN is allowed
• Line cards support ISL, 802.1Q, or both • DISL is extended (DTP) to negotiate ISL vs IEEE 802.1Q 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
44
22
Embedded Switch Protocols • CDP (Cisco Discovery Protocol) • ISL—802.1Q Interworking • DTP (Dynamic Trunk Protocol) • CGMP (Cisco Group Management Protocol) • Broadcast Suppression • Spanning Tree Extensions 504 0959_05F9_c1
45
© 1999, Cisco Systems, Inc.
Problem: Auto-Configuration of VLAN Trunking • IEEE 802.1Q standard approved • Need to automate ISL/.1Q trunk configuration
Non-Trunk
Trunk
• Possible loss in network connectivity due to configuration inconsistencies 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
46
23
Dynamic Trunk Protocol (DTP)
What is DTP? • Is a point-to-point protocol • Automates ISL/.1Q configuration
DTP
DTP
• Operates between switches DTP 504 0959_05F9_c1
47
© 1999, Cisco Systems, Inc.
DTP DTP Negotiation
• DTP synchronizes the trunking mode on link ends
• What State Are You in? • BTW My State Is…
• DTP prevents the need for management intervention on both sides • DTP state on ISL/1Q trunking-capable port can be set to “Auto”, “On”, “Off” or “Desirable” 504 0959_05F9_c1
DTP
DTP
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
DTP 48
24
DTP • Administrator set states NEGOTIATE—Negotiate for ISL or 1Q NATIVE—Non trunk ISL—All frames transmitted and received are ISL tagged; DTP packets are sent out both tagged and untagged 802.1Q—All frames transmitted and received are (802.1Q) tagged except for those on the native VLAN; Frames on the native VLAN are always transmitted untagged and are normally received untagged but will also be received tagged; DTP packets are transmitted untagged on native VLAN 504 0959_05F9_c1
49
© 1999, Cisco Systems, Inc.
DTP • Administrator set states ON
I want to be a trunk and I don’t care what you think! (Used when the other end does not understand DTP)
OFF
I don’t want to be a trunk and I don’t care what you think! (Used when the other end cannot do ISL or .1Q)
Desirable
I’m willing to become a VLAN trunk. Are you interested? (Used when you are interested in being a trunk)
Auto
I’m willing to go with whatever you want! (Used as the default mode for plug-and-play)
Nonegotiate I want to trunk, and this is what kind of trunk I will be! (Used when you want a specific type of trunk ISL or .1Q)
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
50
25
DTP • Uses destination multicast address of 01-00-0C-CC-CC-CC HDLC protocol type 0x2004 • DTP by default in “Auto” state • DTP can pass through ports in spanning tree blocked state
DTP
• For ISL trunking, DTP packets sent on Vlan1—For .1Q on native VLAN • During DTP negotiations the port does not participate in STP • DTP Packets not flooded, but redirected to NMP 504 0959_05F9_c1
DTP 51
© 1999, Cisco Systems, Inc.
DTP • DTP management messages from another VTP management domain are ignored • DTP packets typically sent out every 30 seconds except in the “OFF” state • DTP syntax set trunk <mod/port> [on|off|desirable|auto|nonegotiate] [vlan range] [trunk_type]
• DTP available on Catalyst™ switches supporting ISL/.1Q 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
52
26
DTP on Catalyst Switches cronus_192.10.10.3> (enable) set trunk Usage: set trunk <mod_num/port_num> [on|off|desirable|auto] [vlans] (vlans = 1..1000 An example of vlans is 2-10,1000) cronus_192.10.10.3> (enable) set trunk 2/3 on 1-1000 Port 2/3 allowed vlans modified to 1-1000. Port 2/3 mode set to on. cronus_192.10.10.3> (enable) Port Mode Status ------ ---------- ------------1/1 auto trunking 1/2 auto not-trunking 2/1 auto not-trunking Configured DISL 2/2 on not-trunking Mode 2/3 on trunking
HERCULES 2/1 3/1 2/3 CRONUS 2/2 2/1
4/1
C5000
3/1
RHEA 3/2 C5000 X-Pont_ X-Pont_ ISL_Serv1 ISL_Serv1
4/2
ADONIS
MIDAS
C5000
504 0959_05F9_c1
7513
3/3
C3200 FDX_FEProbe1
Port -----1/1 1/2 2/1 2/2 2/3
VLANs allowed -------------------1-1000 1-1000 1-1000 1-1000 1-1000
Port -----1/1 1/2 2/1 2/2 2/3
VLANs active -----------------1-4 1 1 1 1-4
DISL State After Negotiation VLANs 1-4 Active on Trunks Only ATP Entries Exist for These VLANs (sh VLAN)
© 1999, Cisco Systems, Inc.
53
Embedded Switch Protocols • CDP (Cisco Discovery Protocol) • ISL—802.1Q Interworking • Dynamic Trunk Protocol (DTP) • CGMP (Cisco Group Management Protocol) • Broadcast Suppression • Spanning Tree Extensions 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
54
27
Problem: Preventing IP Multicast Flooding • Switches treat multicasts as broadcasts unless entered in the CAM tables • Need to administer multicast flood entries • Multicasting becoming more prevalent in the campus
Layer 2 Switch
• Scalability of multicasting in the campus an issue 504 0959_05F9_c1
55
© 1999, Cisco Systems, Inc.
Solution: Multilayer Switches IP Multicast Extensions
Layer 2 Switch
504 0959_05F9_c1
Multilayer Switch
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
56
28
Cisco Group Management Protocol (CGMP) • What is CGMP? CGMP is a derivative of IGMP Enables intelligent setup of multicast trees Runs in conjunction with Cisco routers running multicast routing protocols
504 0959_05F9_c1
Multilayer Switch
57
© 1999, Cisco Systems, Inc.
IP Multicast Elements Multicast Server
Multicast Client IGMP Requester
Network DA 224.1.1.1 MAC DA 01-00-5E-0101-01
DVMRP MOSPF PIM
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
CGMP
58
29
CGMP Details • Runs on both switches and routers PIM
• IGMP packets forwarded only to the router port and the NMP • Router sends CGMP multicast packets to switches at well known address: 01-00-0c-dd-dd-dd • CGMP packet contains: Type field—Join or leave MAC address of the IGMP client Multicast address of the group
CGMP IGMP
• Switch uses CGMP packet info to add or remove the CAM entry for that particular multicast address 504 0959_05F9_c1
59
© 1999, Cisco Systems, Inc.
CGMP—Joining a Group Multicast Client
• Hosts send IGMP reports for groups they wish to join • Catalyst forwards report to router • Router builds CGMP Join message and multicasts it to switches • Switch searches MAC entries in EARL table to identify what port (if any) the MAC is resident
CGMP
• If MAC is on a port, switch places that port into the required multicast group 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
60
30
CGMP—Leaving a Group • Router periodically sends general query • IGMP version 1 hosts signal active multicast groups • If router detects no members left in a multicast group, sends a CGMP-remove to all switches • IGMP version 2 hosts send a specific leave message to 224.0.0.2 for groups they leave • Switches handle version 2 host leaves by sending group specific query • Queries for ports with more than one host present within that group 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
61
CGMP—Router Commands • ip cgmp Enables cgmp for IP Multicast on LANs • ip cgmp proxy Enables cgmp and the proxy function for DVMRP • debug ip cgmp Logs cgmp packets and activity • show ip cgmp interface Displays on what interfaces cgmp is enabled • clear ip cgmp [interface] Clears all switch group entries 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
62
31
CGMP—Switch Commands (1) • set cgmp enable, disable Enables cgmp processing • set multicast router 3/1 Sets ports that have CGMP capable routers • show multicast router 3/1 Shows the ports enabled for CGMP capable routers • show multicast router cgmp 5 Shows the router ports on VLAN 5 • show multicast group cgmp 5 Shows all multicast groups/members within a VLAN 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
63
CGMP—Switch Commands (2)
• show multicast group 01-00-5e-02-00-015 Shows specific multicast groups on VLAN 5 • show cgmp statistics 5 Show statistics on VLAN 5 • clear cgmp statistics Clear all statistics
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
64
32
IGMP Snooping • Switch “watches” IGMP communications on the VLANs to do constrained L2 multicast forwarding • Will also dynamically learn about various multicast routers and multicast sources • Can be done in hardware on the Catalyst series Snooping operations performed in hardware
• IGMP-snooping supported on:
504 0959_05F9_c1
Catalyst 6000 family Catalyst 5000 and 5500 families with Sup-III and NFFC-I/II Catalyst 2926 and 2926G © 1999, Cisco Systems, Inc.
65
IGMP-Snooping Switch Commands (1) • set igmp enable, disable Enables igmp-snooping processing • set multicast router 3/1 Sets ports that have IGMP-enabled routers • show multicast router 3/1 Shows the ports that have IGMP-enabled routers • show multicast router igmp 5 Shows the IGMP router ports on VLAN 5 • show multicast group 5 Shows all multicast groups/members within a VLAN 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
66
33
IGMP-Snooping Switch Commands (2)
• show multicast group 01-00-5e-02-00-015 Shows specific multicast groups on VLAN 5 • show igmp statistics 5 Show statistics on VLAN 5 • clear igmp statistics Clear all statistics
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
67
Embedded Switch Protocols • CDP (Cisco Discovery Protocol) • ISL—802.1Q Interworking • Dynamic Trunk Protocol (DTP) • CGMP (Cisco Group Management Protocol) • Broadcast Suppression • Spanning Tree Extensions 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
68
34
The Broadcast Storm • Problem: Broadcasts generated at extreme rates by a misbehaving workstation or STP looping state Malfunctioning STP process Malfunctioning learning process Corrupted BPDU reception Faulty hardware Broadcast-intensive application Faulty NIC or workstation 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
69
Broadcast Suppression
What is Broadcast Suppression? • Reduces effects of broadcast storm • Filtering mechanism to reduce traffic • Measures broadcast/multicasts activity over time • Suppresses broadcasts and multicasts • Can be implemented in hardware or software • Disabled by default 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
70
35
How Does it Work? Two Methods for Measurement • Packet-based—measures number of broadcasts/multicasts received over 1st period Implemented in software • Bandwidth-based—measures amount of bandwidth for broadcasts/multicasts over 1st period Implemented in hardware • Filtering mechanism to reduce traffic • Suppresses broadcasts and multicasts • Disabled by default 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
71
Broadcast Suppression Example
• Example of packet-based measurement • Filtering occurs at T1-T2 and T4-T5 • Bandwidthbased over packet-based
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
72
36
Broadcast Suppression Commands • set port broadcast 3/1 70% Enables broadcast suppression (bandwidth-based) • set port broadcast 3/1 10000 Enables broadcast suppression (packet-based) • show port broadcast 3/1 Shows the broadcast statistics for port 3/1 • clear port broadcast 3/1 Disable broadcast suppression for port 3/1
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
73
Broadcast Suppression Availability Available on: • Catalyst 6000 family (hw) • Catalyst 5000 and 5500 families with Sup-III and NFFC-I/II (hw and sw) • Catalyst 2926 and 2926G (hw and sw)
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
74
37
Embedded Switch Protocols • CDP (Cisco Discovery Protocol) • ISL—802.1Q Interworking • Dynamic Trunk Protocol (DTP) • CGMP (Cisco Group Management Protocol) • Broadcast Suppression • Spanning Tree Extensions 504 0959_05F9_c1
75
© 1999, Cisco Systems, Inc.
End-to-End Network Resilience Problem
Providing Resilience across Campus
Solution
Path and Device Resilience
• Wiring closet resilience: Multiple links— load-sharing Spanning tree/VLAN Uplink fast Fast-EtherChannel
• Data center resilience: HSRP router resilience Routing protocol tuning 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
76
38
Spanning Tree Port Types Root Ports: Port with Least Cost Path to the Root Bridge
500 :000000000001
A Root 1 2
DP
Core RP
DP
B Peer 2
RP
1
1
DP
C Peer 2 DP
32768:000000000002
Distribution
Non-Designated Ports: Ports in Blocking
32768:000000000003
RP NDP 1
Designated Ports: Ports Selected for Forwarding
2 D Peer
32768:000000000003
504 0959_05F9_c1
Direction of BPDU Flow 77
© 1999, Cisco Systems, Inc.
Distributing VLANs Using STP With Default Settings all VLAN Traffic Goes down One Path
B
X
X
A Root
By Administering Portvlanpriority Settings on Equal Cost Paths to Root VLAN Traffic now has Redundancy as Well as Distribution X
B
X
A Root
Port Priority Reduced from Default of 32 to 16 to Make this Preferred for the RED VLAN 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
78
39
Distributing VLANs Using STP Backup Root—VLAN VLAN Green Root—VLAN VLAN Red
Backup Root—VLAN VLAN Red Root—VLAN VLAN Green
B
A
X
X C
Blocking Ensured at the Access by Letting the Roots and Backup Roots be at the Distribution Switches (A and B) 504 0959_05F9_c1
79
© 1999, Cisco Systems, Inc.
Spanning Tree Protocol Timer IEEE 802.1D Defaults • Hello 2 seconds (min 1)
Time Blocking
20 Sec
Max–Age
• Forward delay 15 seconds (min 4)
Listening
15 Sec
Pre-Forwarding 1 Learning
• Max age
15 Sec
20 seconds (min 6)
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Pre-Forwarding 2 Forwarding
80
40
VLAN Distribution and Fast Convergence Using Uplink Fast Root—VLAN VLAN Red Backup Root—VLAN VLAN Green
Root—VLAN VLAN Green Backup Root—VLAN VLAN Red
A
B
• Enable on access switches • Fast cutover (2-4 seconds)
X
• Faster re-learning process
1
2
X
C C
• Use your available bandwidth! • Uplinks can be EtherChannel® • Available across catalyst Line 504 0959_05F9_c1
81
© 1999, Cisco Systems, Inc.
Uplinkfast Protocol Timers (Worst Case Values) • Link failure detection (2–3 seconds) • Transition from blocking to forwarding (1 second) • Re-learning (1–2 seconds)
504 0959_05F9_c1
Time Blocking 2–3 Sec
Link Failure Detection Listening
1 Sec
Transition Learning
1–2 Sec
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
Re-Learning Forwarding
82
41
STP Designs—General Rules (1) • Use default timer values for most networks • Reducing STP values to bare minimum can cause lots of data forwarding issues • Reduce hops to root • Keep network diameter small for tuning • Take advantage of uplink-fast for fast convergence on wiring closet switches 504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
83
STP Designs—General Rules (2)
• Root switch for VLAN dictates STP timers; set similar values at backup root device • Minimize blocking at a single switch in the distribution or core • Setting portvlanpri on Catalyst only on ports with equal cost paths to the root and connected to the same switch
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
84
42
Part III Q&A
504 0959_05F9_c1
85
© 1999, Cisco Systems, Inc.
Please Complete Your Evaluation Form Session 504
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
86
43
504 0959_05F9_c1
© 1999, Cisco Systems, Inc.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr
87
44