Routing Enterasys
-
Upload
fernando-sanchez-ramirez -
Category
Documents
-
view
233 -
download
0
Transcript of Routing Enterasys
-
7/25/2019 Routing Enterasys
1/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
A Siemens Enterprise Communications Company
There is nothing more important than our customers
Enterprise Routing
Course Overview
Version 4.04
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 2
Enterprise Routing Course OverviewCourse Description
This course is designed to educate participants about Enterasys
routing products, including their features, functions andconfiguration.
The course includes technology summaries, product introduction
and overview, as well as, hands-on application via lab exercises.
During this course, you will learn how to setup and configureEnterasys Switches for various network topologies, explore different
router operating modes such as RIP, OSPF, PIM-SM, IGMP, LS-NAT,and VRRP, and gain experience in troubleshooting the Enterasysrouting product line.
-
7/25/2019 Routing Enterasys
2/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 3
Enterprise Routing Course OverviewCourse Outline
Day One
Module #1: Enterasys Routing Products Overview
Module #2: Basic Routing Configuration- Lab #1-Direct Routes, Static Routes, RIP,
DHCP/BootP Relay (IP-Helper)
Module #3: OSPF
- Lab #2-OSPF Basic and Advanced Configurations
Day Two
Module #4: LS-NAT
- Lab #3- LS-NAT Configuration
Module #5: TWCB
Module #6: ACLs
- Lab#4-ACL Lab
Day Three
Module #7: Multicast Routing
- Lab #5- PIM-SM Multicast Routing Configuration
Module #8: VRRP
- Lab #6- VRRP Configuration
Module #9: Troubleshooting
- Lab #7- System Troubleshooting
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 4
Enterprise Routing Course OverviewCourse Prerequisites
Student prerequisite knowledge/skills
Experienced PC user
Operational knowledge of
- Ethernet
- 802.1D standard
- 802.1Q standard
Understanding of TCP/IP protocol
Understanding of various types of routing andmulticast protocols, with specific knowledgein the following:
- OSPF
- PIM-SM- IGMP
- VRRP
- LS-NAT
- TWCB
Topics not covered in this course
In depth discussion of :
802.1D (STP)
TCP/IP
Network design
Wireless
NetSight NMS
Dragon
In depth discussion of the following Protocols,OSPF, PIM-SM, IGMP, and VRRP or otherrouting protocols.
-
7/25/2019 Routing Enterasys
3/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 5
Enterprise Routing Course Overview
Course Objectives
Enterasys Routing Products Overview
- Explain the differences and similarities between the B3/B5/C2/C3/C5, G-Series, N-Series DFEs, and S-Series routers forrouting.
Basic Router Overview
- Direct Routes
- Static Routes
- Rip Routing
- DHCP/BootP Relay (IP Helper)
OSPF
- Verify that basic OSPF network is configured correctly via various show commands. If not correct troubleshoot network.
- Configure static routes for redistribution into OSPF and verify network changes correctly, troubleshoot network if incorrect.
- Configure OSPF Areas for stub areas and NSSA, Authentication, and Summarization. Then verify network changes are correct,
troubleshoot network if in correct.
LS-NAT
- Configure LSNAT on routers/switches. Verify that the network is configured correctly via various show commands, troubleshootif incorrect.
- Implementation, send and Receive data traffic using LSNAT setup. Verify that traffic is being received and properly load
balanced over available servers, troubleshoot if incorrect
TWCB
- Review Transparent Web Cache Balancing feature on N & S-Series products, Discuss configuration related parameters forimplementing feature.
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 6
Enterprise Routing Course Overview
Course Objectives (continued)
ACLs
- Configuration
- Implementation
PIM-SM
- Configure PIM-SM & IGMP on routers/switches and verify that the multicast network is configured correctly via various show
commands, troubleshoot if incorrect.
- Send and Receive multicast traffic throughout the network, verify that traffic is being received over correct links and joins arecomplete, troubleshoot if incorrect.
- Stop receiving multicast, verify that prunes have halted traffic correctly, and troubleshoot if incorrect.
VRRP
- Configure a basic VRRP network and verify that it is configured correctly via various show commands. If not correcttroubleshoot network.
- Configure VRRP Critical IP; verify VRRP is configured correctly, if not troubleshoot.
- Disable Critical IP interface, verify VRRP switches to new master correctly, if not troubleshoot. Added multiple VRRP instancesto network, with load sharing of clients between instances. Verify that VRRP is correctly configured.
Troubleshooting
- Examine the commands and tools most commonly used to determine if a reported problem within a routed environment, isactually a network related issue.
- Implement the mechanisms used to isolate a problem down to a specific category.
-
7/25/2019 Routing Enterasys
4/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 7
Getting Started & Introductions
Sign the Attendance Form
Class Hours- 9:00 am to 5:00 pm
Instructor
- Nicols Martnez
Attendees
- Name?
- Company?
- Job Description?
- What is your experience with routing?
- Are you currently using Enterasys routing products? (Which?)
- What do you hope to learn about routing from this course?
A Siemens Enterprise Communications Company
There is nothing more important than our customers
Enterprise RoutingRouting Products Overview
Version 4.03
-
7/25/2019 Routing Enterasys
5/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products Overview
Routing Review- OSI Model
Application
Presentation
Session
Transport
Data Link
Physical
Application
Presentation
Session
Transport
PhysicalPhysical Physical
Router
Source System Destination System
Data LinkData Link Data Link
Routing FunctionNetwork Network
9
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products Overview
Routing Review
Routers / Layer 3 Switching:- Switch packets between different physical networks, based
upon Network-layer addressing
- Do not flood MAC-layer broadcasts from one attachednetwork to another
- Are protocol dependent (e.g., IPv4 routed to IPv4; IPv6routed to IPv6).
- Support packet fragmentation
- Support multiple Physical- and Mac-layer packetencapsulation types, and have the ability to t ranslate fromone type to another
Layer 2 Switching:- Switch frames within the same physi cal network, based
upon Data Link-layer (MAC) addressing
- Flood all MAC-layer broadcasts out all attached ports inthe same physical network
- Are protocol transparent (i.e. -- unaware of IP, IPX, etc.,protocols embedded in the datagrams)
- Do not support packet fragmentation
- Support multiple Physical- and Mac-layer packetencapsulation types, and have the ability to t ranslate fromone type to another
10
-
7/25/2019 Routing Enterasys
6/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products Overview WhenShould Routing be Implemented?
When communication is needed between VLANs
When MAC-layer multicast/broadcast traffic is adversely effectingnetwork performance
When packet switching based upon upper-layer protocols such as IPis desired
Where multiple active paths between systems is required
11
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products Overview RouterAdvantages
Isolation of MAC-layer broadcast traffic. Routers allow VLANs tocommunicate but prevent the flow of broadcast traffic from one
physical LAN to another
Path Selection. Routers can use the best path which physicallyexists between source and destination systems. Some routers
allow for load balancing over redundant paths
Flexibility. Routers can support any desired network topology
The total size of the network interconnected with routers is, for all
practical purposes, unlimited
12
-
7/25/2019 Routing Enterasys
7/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products Overview RouterDisadvantages
Protocol Dependence. Routers operate at the OSI Network layer andmust be aware of the protocol(s) they are configured to route. Arouter will ignore traffic it is not configured to handle
Configuration complexity, routers require more extensive setup and
provisioning
Cost, routers are typically more complex devices than switches andcan be more expensive
13
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 14
Enterprise Routing Routing Products OverviewEnterasys Routing Support
The following Enterasys switch products support both Layer 2 (theData Link layer of the OSI model) switching and Layer 3 (the network
layer) IP routing functionality:
- B3/B5/C2/C3/C5
- G Series
- N-Series DFE
- Gold
- Platinum
- Diamond
- S Series
-
7/25/2019 Routing Enterasys
8/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products OverviewB3/B5/C2/C3/C5
B3/B5 supports only basic IP routing functionality (i.e., directlyconnected routes, RIP routes, static routes, and standard ACLs)
C2/C3/C5 Series supports basic IP routing functionality (i.e., directlyconnected routes, RIP routes, static routes, and standard ACLs)
Additionally, via an optional advanced routing license (L3-LIC, Layer3 Routing License), the C2/C3/C5 supports- OSPF, PIM, DVMRP, VRRP and Extended ACLs.- License will need to be re-entered if configuration is cleared on C2
- License will NOT need to be re-entered if configuration is cleared C3/C5- Optional license C3 IPv6-LIC (IPv6 licenses) enables IPv6 functionality on the C3- IPv6 functionality is included in the advanced routing licenses for the C5.- Requires the purchase and activation of a advance routi ng license for each unit in a stack.
15
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterasys G Series
- Multi-user policy per port
- Up to eight policy users per port
- Individual policy capabilities identical to C3 Release 1.1 at initial shipment
- Routing features
- Basic routing (RIP v1/v2) included
- Advanced routing option (OSPF, DVMRP, PIM-SM, VRRP)- IPv6 management and IPv6 routing (option)
- Hot swapping of IOMs
- Front panel push button
- Safely remove IOM with power applied with no impact on the rest of the switch
- Install new IOM in any empty slot
- No impact on running switch
- IOM not recognized by the switch until next reboot16
-
7/25/2019 Routing Enterasys
9/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products OverviewN-Series Gold/ Platinum
17
The N-Series is a modular design chassis. Four models, the N1, N3, N5, and the N7 with
granular Layer 2/3/4 classification
Support advanced Layer 3 IP routing
Three product lines:Distributed Forwarding Engines (DFEs), Diamond:Significant Processing Enhancements over Platinum DFEs,plus increased Security, Routing & Policy Scalability.DFEs, Platinum: optimized for more features and higherperformance
Designed for wiring closets, server farm
aggregations, and distribution switching.
Platinum DFE modules can support up to 256routing interfaces and can be configured for RIP
and/or OSPF routing protocols
OSPF support on the N-Seriesrequires the purchaseand activation of an advancedrouting license.
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 18
Enterprise Routing Routing Products OverviewN DFE Limits
N7 Platinum(su)->show router limits
| Entries | Memory (bytes)
(256 MgB) Resource | Max-InUse=Avail | *Each ~= Max InUse
======== | ===== ===== ===== | ===== ======= =======
Dynamic ARPs * | 32768 3 32765 | 92 3014656 276
Static ARPs * | 1024 0 1024 | 92 94208 0
Routing Table | 12277 7 12270 | 288 3535776 2016
Static Routes | 1024 0 1024 | 44 45056 0
IP Helper | 5120 0 5120 | 12 61440 0
LSA type 1 * | 512 4 508 | 1672 856064 6688
LSA type 2 * | 512 2 510 | 1596 817152 3192
LSA type 3 * | 3000 0 3000 | 248 744000 0LSA type 4 * | 3000 0 3000 | 324 972000 0
LSA type 5 * | 4000 0 4000 | 428 1712000 0
LSA type 7 * | 4000 0 4000 | 444 1776000 0
LSA type 9 * | 512 0 512 | 1548 792576 0
LSA type 10 * | 64 0 64 | 1548 99072 0
LSA type 11 * | 512 0 512 | 1548 792576 0
The show limits command can be used to determine Layer 3related system limits for N-Series routers
-
7/25/2019 Routing Enterasys
10/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 19
Enterprise Routing Routing Products OverviewN-Series DFE Limits (contd)
| Entries | Memory (bytes)(256 MgB)
Resource | Max-InUse=Avail | *Each ~= Max InUse
======== | ===== ===== ===== | ===== ======= =======
DVMRP Routes | 10000 0 10000 | 124 1240000 0
Interfaces | 277 3 274 | 1072 296944 3216
Secondary Addresses | 2000 0 2000 | 0 0 0
Configured Rip Nets | 300 0 300 | 12 3600 0
Rip Routes | 3000 0 3000 | 32 96000 0
VRRP Entries | 1024 0 1024 | 724 741376 0
PBR Entries | 5000 1 4999 | 120 600000 120
LSNAT Virtual Server Cfg * | 50 0 50 | 19696 984800 0
LSNAT Global Binding * | 32000 0 32000 | 340 10880000 0
LSNAT Cache Binding * | 2000 0 2000 | 212 424000 0
Dhcp Leases | 1024 0 1024 | 172 176128 0
Total: | 31435424 15508
PreAllocated *: | 25295104
Total Avail Mem (Appx): | 124556808
* Indicates PreAllocated Memory Elements
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 20
Enterprise Routing Routing Products OverviewWhat is the N-Series Standalone Switch?
The N-Series Standalone or 2G Systems aretwo new small fixed form factor Platinum
products created to complement the N-SeriesChassis Products
- Memory upgrade DFE-256MB-UGK & N-EOS-L3(advance routing license) are included.
-
7/25/2019 Routing Enterasys
11/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 21
Enterprise RoutingS-Series Routing Products
The S-Series routing products comes in multiple chassis sizesand standalone
I/O modules with option module slots are available forunparalleled configuration flexibility
- Highest combined port density per rack unit in the industry
Highest performance in its class
- Future proofed to >6 Tbps* Backplane capacity
- 1.28 Tbps, 950 Mpps Load sharing I/O fabric pair
Connectivity
- Triple speed with PoE Gigabit SFP
- 10 Gigabit Ethernet SFP+
- Support for future 40/100 Gigabit Ethernet
Maximum port capacities
- 576 Triple Speed ports, 576- Gigabit SFP ports
- 128 10 Gigabit Ethernet SFP+ ports
Builds upon N Series technology- Flow based switching architecture
- Secure Networks policy embedded with deep packet inspection
- Based on N Series firmware
S8
S4
S3
SSA
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products Overview
Deployment Flexibility
SSA
S4 S8S4
SSA
S3 S8
Edge/AccessEdge/Access CoreCoreDistribution/Data
Center
Distribution/Data
Center
22
-
7/25/2019 Routing Enterasys
12/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products OverviewS-Series System Architecture
Fabric-based architecture in S4 and S8
- Load sharing I/O fabric modules provide highly scalable
inter module connectivity while also providing a fullcompliment of front panel connectivity
Fabric-less architecture in S3 chassis
- Backplane uses mesh architecture to interconnect I/O
modules
- I/O modules contain fabric elements for module to modulecommunication
- S3 provides a cost optimized approach to deploying premiumfeatures to the network edge
Multiple host CPUs for maximum resiliency
- Switching and routing applications are distributed
throughout the system providing industry leading scalability
and resiliency
23
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products OverviewS4 / S8 Fabric Modules
Load-sharing fabrics
- I/O Fabrics contain the crossbar fabric circuitry
- Provide the data-plane connectivity to all other slots
- An I/O fabric module is required for chassis operation
Crossbar work in unison to provide maximum system throughput
- Fabric pair provides 1.28 Tbps in an S8 chassis and 640 Gbps in an S4 Chassis (Real)
Third fabric capability in S8 chassis for full performance redundancy(N+1)
Full 160Gbps front panel I/O support
All I/O fabric and I/O modules include a high performance host CPU
- Distributed switching and routing across all modules that provides scalability andenhanced resiliency
24
-
7/25/2019 Routing Enterasys
13/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Routing Products OverviewS Series Limits
The show router limits command can be used to determine Layer 3 related system limitsfor S-Series routers
25
S Chassis(rw-config)->show router limitsChassis limits:Application Limit In use Entry size Total Memory-------------------------------- --------- --------- - ----------- ------------
access-list-entries 5000 0 - -access-lists 1000 0 - -applied-access-lists-ipv4-in 256 0 - -applied-access-lists-ipv4-out 256 0 - -applied-access-lists-ipv6-in 256 0 - -
applied-access-lists-ipv6-out 256 0 - -appsvc-ftp-alg-entries 4000 0 40B 156.3Kappsvc-global-bindings 32768 0 100B 3.1Mbgp-limits 262144 0 1B 25M
dhcp-leases 1000 0 56B 54.7Kdvmrp-limits 26214400 0 1B 25Mentries-per-access-list 5000 0 - -ip-addresses 4373 - - -ip-interfaces 256 - - -
ip-interface-addresses 128 - - -lo-interfaces 8 - - -lpbk-interfaces 21 - - -multicast-flows 4096 0 148B 592K
nat-global-bindings 32768 0 12B 384Knat-ip-addresses 1000 0 36B 35.2Knat-pools 10 0 280B 2.7Knat-portmapped-addresses 10 0 8.6K 85.9Knat-static-rules 500 0 96B 46.9K
nd-dynamic-entries 32768 2 48B 1.5M
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 26
Enterprise Routing Routing Products OverviewOverview of Routing Support
Routing Functionality N-series (DiamondPlatinum and Gold)
S Series B3/B5/C2/C3/C5&
G-Series
RIP v1/v2
OSPF * *
BGP ****
IS-IS ****
DVMRP * **** *
PIM-SM * ** *
IPv6 ***
IRDP
VRRP *
LSNAT * **
Standard ACLs
Extended ACLs * *
PBR
DoS Prevention
DHCP Server
* Requires advanced routing license *** Supported only the C3/C5, G-Series & S Series
** Requires extended memory of 256 MB **** 7.21 code release Note: PIM-SM is not supported on B-Series Switches
Summary of routing support on Enterasys platforms:
-
7/25/2019 Routing Enterasys
14/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 27
Enterprise Routing Routing Products OverviewStatic and Dynamic Routing Support
Routers use routing protocols to maintain their routing tables. Routing tables can be maintainedeither statically or dynamically.
Static Routes
- Static routes are manually configured and entered into a switchs routing table. Static routes take default precedenceover routes chosen by dynamic routing protocols.
Dynamic Routes
- Dynamic routes are learned when routers send routing table information to each other.
- The two forms of dynamic routing that are most commonly used are Distance Vector and Link State. The specifi cDistance Vector and Link State protocols used on Enterasys products are discussed below.
Switch Router FamilyDynamic Routes Static Routes IP Interfaces
S-Series~262k 1,024 256
N-Series Diamond / Platinum12,276/25,000 1,024 256
N-Series Gold10,117 512 96
C55000 128 48
B3/B5/C2/C3/G-Series2,500 64 24
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.28
Enterprise Routing Routing Products OverviewInternal Route Precedence
Route Type N S B3/B5/C2/C3/C5 G-Series
Directly connected 0 0 0 0
OSPF 110 110 110 110
ISIS n/a 115 n/a n/a
Static 1 1 1 1
RIP 120 120 120 120
EBGP n/a 20 n/a n/a
IBGP n/a 200 n/a n/a
Internal Route Precedence:
-
7/25/2019 Routing Enterasys
15/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 29
Enterprise Routing Routing Products OverviewInternal Route Precedence
N3 (su)->show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interareaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2* - candidate default, U - per user static route
C 1.1.1.1/32 [0/1] directly connected, Loopback 1
O 2.2.2.2/32 [110/10] via 10.1.1.2, Vlan 10C 10.1.1.0/24 [0/1] directly connected, Vlan 10
R 11.1.1.0/24 [120/2] via 10.1.1.2, Vlan 10
S 12.1.1.0/24 [1/0] via 10.1.1.2, Vlan 10
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 30
Enterprise Routing Routing Products Overview
Static and Dynamic Routing Support, ECMP
Equal Cost Multi-Path with load sharing
- The DFE-Diamond/Platinum, and S-Series support up to 8 equal cost paths.- DFE-Gold, C2/C3/C5 and X Series support 4 equal cost paths.
- Round Robin algorithm ensures uniform load balancing across all paths
- Hashing algorithm ensures sequential delivery of all packets
- DFE can use a flow based round robin algorithm to combine features
- Hashing algorithm is the default when both are available
Switch router Family Maximumpaths
RoundRobin
Hashing RIP OSPF Static Routes
S-Series 8
N-Series Platinum/Diamond 8
N-Series Gold 4
C2 /C3/C5/G3 4
-
7/25/2019 Routing Enterasys
16/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
A Siemens Enterprise Communications Company
There is nothing more important than our customers
Enterprise Routing
Basic Routing ConfigVersion 4.03
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Basic Routing Config
Routing Review
32
-
7/25/2019 Routing Enterasys
17/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 33
Enterprise Routing Basic Routing Config
Pre-routing Considerations: Switching Features
1. Disable Spanning Tree
2. Disable GVRP
C3(su)->set gvrp disable
C3(su)->set gvrp disable
C3(su)->set spantree disable
C3(su)->set spantree portadmin disable
PortString
PortString
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 34
Enterprise Routing Basic Routing Config
Pre-routing Considerations: Switching Features
SwitchedX
-
7/25/2019 Routing Enterasys
18/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 35
Enterprise Routing Basic Routing ConfigPre-routing Considerations: VLAN Review
1. Create the VLAN used for IP routing from the switch CLI
C3(su)-> set vlan create 5
2. Assign ports to the VLAN
C3(su)-> set port vlan fe.1.6 5
Then answer Y to add port to the egress list and clear the existing PVID
C3(su)-> set port vlan fe.1.6 5
OR
3. Assign ports to the VLAN
C3(su)-> set port vlan fe.1.6 5
Then answer N to not add port to the egress list and not clear the PVID
4. Assign ports to the VLANs egress list
C3(su)-> set vlan egress 5 fe.1.6 untagged
VLANid
PortString
PortString
VLANid
VLAN id
VLANid
PortString
VLANid
PortString
modify-egress
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 36
Enter Router Mode
Enter Router Privileged Mode
Enter Configuration Mode
Enter Interface Configuration Mode
VLAN 5 VLAN 10
As soon as 2 or more Routing interfaces
are created, routing between VLANs isavailable.
(su)->router(Config)# interface vlan 5(su)->router(Config-if(Vlan 5)#ip address 192.168.5.1 255.255.255.0(su)->router(Config-if(Vlan 5))#no shutdown
(su)->router(Config)# interface vlan 10(su)->router(Config-if(Vlan 10)#ip address 192.168.10.1 255.255.255.0(su)->router(Config-if(Vlan10))#no shutdown
(su)->router#configure
(su)->router>enable
C3(su)->router
Enterprise Routing Basic Routing Config
Router Configuration B,C,G Series
-
7/25/2019 Routing Enterasys
19/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 37
Enterprise Routing Basic Routing Config
Router Configuration S and N-Series Version 7.11
Unified CLI:
Prior to firmware 7.0, when logging in to an NSeries device, the users was first placed in
system or switch command mode of the CLI
This command mode provided access to all nonrouting device configuration (e.g., STP, LACP,VLAN creation, LACP, etc)
Entering a completely different CLI mode was required to configure or monitor routing levelfunctionality
Once in routing mode, switch related configuration and monitoring was no longer available.
Switch and routing configuration and monitoring took place within separate, distinct CLIsubsystems between which there was no communication
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 38
Enterprise Routing Basic Routing Config
Router Configuration S and N-Series Version 7.11
Unified CLI (continued):
Each subsystem had its own rules, behaviors, tools, and command history. In release 7.0 orgreater, this is no longer the case
Release 7.0 operates within a single CLI subsystem, and both switch and routing commands areaccessible within the single CLI subsystem
This implementation is described as the unified CLI
In the following CLI example, the configure command enters routing configuration mode and ACL10 is created.
Additionally, while in ACL 10 configuration mode, the date is set to 04/15/2009 using the systemlevel command set time without ever leaving the router ACL configuration command mode.
NChassis(rw)->N Chassis(rw)->configureN Chassis(rw-config)->ip access-list standard 10N Chassis(rw-cfg-std-acl)->set time 04/15/2009N Chassis(rw-cfg-std-acl)->Apr 14 09:07:56 0.0.0.0 System[1]Time and Date set(by user) to: WED APR 15 09:07:56 2009N Chassis(rw-cfg-std-acl)->
-
7/25/2019 Routing Enterasys
20/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 39
Enterprise Routing Basic Routing Config
Router Configuration S and N-Series Version 7.11
Create a vlan interface
Enter configuration mode
Enter Router interface and protocol configuration modes
VLAN 10 VLAN 5
As soon as 2 or more Routing interfaces arecreated, routing between VLANs is
available.
N3 (su-config)->interface vlan.0.10
N3(su-config-intf-vlan.0.10)-> no shutdownN3(su-config-intf-vlan.0.10)-> ip forwarding
N3 (su-config)->router ripN3(su-config-rip)->network 192.168.1.0 255.255.255.0
N3 (su)->configure
N3 (su)->set ip address 192.168.1.2 mask 255.255.255.0 interface vlan.0.10
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 40
A loopback is an internal interface not associated with any physical port
When creating an IP interface on a loopback the following steps are required:
By default, when IP interfaces on a loopback is created the interface is in a down
state.
- Therefore, no shutdownmust be entered to bring up the loopback.
Loopback interfaces are not associated with any VLAN.
The loopback can be used for remote administration of the router in lieu of the host
interface.
The loopback interface must be reachable via standard routing methods, (i.e.,
through a static, or dynamic route).
Enterprise Routing Basic Routing Config
Loopback Interface Configuration
N3(su)->config
N3(su-config)->loopback 2
N3(su-config-intf-loop.0.2)->ip address 2.2.2.2 255.255.255.255
N3(su-config-intf-loop.0.2)->no shutdown
-
7/25/2019 Routing Enterasys
21/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 41
Enterprise Routing Basic Routing Config
Static and Dynamic Routing Support
Routers use routing protocols to maintain their routing tables. Routing tables canbe maintained either statically or dynamically.
Static Routes
- Static routes are manually configured and entered into a switchs routing table. Static
routes take default precedence over routes chosen by dynamic routing protocols.
Dynamic Routes
- Dynamic routes are learned when routers send routing table information to each other.
- The three forms of dynamic routing that are most commonly used are Distance Vector,Link State and Path vector protocols.- Distance Vector Protocols
- RIPv1 and RIPv2
- DVMRP
- Link State Protocols
- OSPFv2
- IS-IS- Path Vector Protocols
- BGP4
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 42
Configuring Static Routes- Static routes are manually configured and entered into a devices routing table
R1(su-config)->ip route 10.10.1.0 255.255.255.0 192.168.5.2
Enterprise Routing Basic Routing Config
Static Route Provisioning
Destination Prefix Mask Next-Hop
Router 192.168.5.2
10.10.1.1 Network
Router 192.168.5.1
R1 R2
R1(su)->show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2
* - candidate default, U - per user static route
C 192.168.5.0/24 [cost 0] directly connected, Vlan 5
S 10.10.1.0/24 [cost 1] via 192.168.5.2, Vlan 5
-
7/25/2019 Routing Enterasys
22/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 43
Enterprise Routing Basic Routing Config
RIP Overview
RIP is a standard-based form of distance-vector routing protocol.
Two versions of RIP are available for routing IPv4:- RIP version 1, defined by RFC 1058 (STD 34) 6/88
- RIP version 2, defined by RFC 2453 (STD 56) 8/99
Routing decision is select shortest path based on hop count.
- Each router is one hop.
- RIP has a 15 hop-count limitation.
RIP updates occur every 30 seconds and sends the entire routing tablecontents.
- IP/UDP port 520
- Up to 25 routes per packet
Subsequent to topology change, convergence time increases significantlywith network size
RIPv2 Differences from RIPv1:
- Includes the network mask which supports variable-length subnet masking.
- Transmits RIPv2 updates as multicast, rather than broadcast (both are supported).
- Provides an authentication mechanism not supported by RIPv1.
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 44
Enterprise Routing Basic Routing ConfigRIP Configuration
Steps to configure RIP:
Create IP Interfaces
Add IP Address to IP interfaces
Create RIP Instance
Add RIP Networks
Enable RIP
-
7/25/2019 Routing Enterasys
23/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Basic Routing Config
Dynamic Routing (RIPv2)
R1 (su-config)-> router ripR1 (su-config-rip)-> network 192.168.5.0 0.0.0.255R1(su-config-rip)-> network 192.168.10.0 0.0.0.255R1(su-config-rip)-> exit
Note: N & S-series Routers running 7.x firmware run RIPv2by default , therefore, they do not require RIPv2 to be
enabled at the interfacelevel
N Series Config
R2>Router(config)# router ripR2>Router(config-router)# exitR2>Router(config)# interface vlan 4R2>Router(config-if(Vlan4))# ip rip enableR2>Router(config-if(Vlan4))# ip rip receive version 2R2>Router(config-if(Vlan4))# ip rip send version 2R2>Router(config)# interface vlan 5R2>Router(config-if(Vlan5))# ip rip enableR2>Router(config-if(Vlan5))# ip rip receive version 2R2>Router(config-if(Vlan5))# ip rip send version 2
C Series Config
192.168.10.0/24 192.168.4.0192.168.5.0
.1 .2R1 R2
45
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Basic Routing Config
Dynamic Routing (RIP)
46
R1(su)->show ip route
Codes: C - connected, S -static, R - RIP, O - OSPF, IA -OSPF interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2
* - candidate default, U - per user static route
C 192.168.5.0/24 [cost 0] directly connected, Vlan 5
C 192.168.10.0/24 [cost 0] directly connected, Vlan 6
R 192.168.4.0/24 [cost 1] via 192.168.5.2, Vlan 5
R2(su)->router> show ip route
Codes: C - connected, S - static, R - RIP, O -OSPF, IA - OSPFinterarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA externaltype 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGP, i - IS-IS, L1 - IS-IS level-1, LS -IS-IS level-2
* - candidate default, U - per user static route
C 192.168.5.0/24 [cost 0] directly connected, Vlan 5
C 192.168.4.0/24 [cost 0] directly connected, Vlan 4
R 192.168.10.0/24 [cost 1] via 192.168.5.1, Vlan 5
192.168.10.0/24 192.168.4.0192.168.5.0
.1 .2R1 R2
-
7/25/2019 Routing Enterasys
24/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 47
Routing ConfigurationConnected, Static, & Dynamic Routes
R1(su)->show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2
* - candidate default, U - per user static route
C 192.168.5.0/24 [cost 0] directly connected, Vlan 5
C 192.168.10.0/24 [cost 0] directly connected, Vlan 6
S 10.10.1.0/24 [cost 1] via 192.168.5.2, Vlan 5
R 192.168.4.0/24 [cost 1] via 192.168.5.2, Vlan 5
192.168.10.0/24 192.168.4.0192.168.5.0
.1 .2R1 R2
10.10.1.0
RIPEnabled
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Basic Routing ConfigDHCP/BootP Relay
DHCP/BOOTP relay functionality is used to assist a host device in obtaining
an IP address.
A typical situation occurs when a host requests an IP address with no DHCP
server located on the directly connected LAN segment.
Using DHCP/BOOTP relay, a router interface can forward the DHCP requestto a server located on another network if, the IP forwardprotocol is enabled
for UDP and the address of the DHCP server is configured as a helper
address ip helper on the receiving interface of the router.
48
-
7/25/2019 Routing Enterasys
25/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Basic Routing ConfigDHCP/BootP Relay
The DHCP/BOOTP relay function will detect the DHCP request and make the
necessary changes to the IP packet header, replacing the destination IPaddress with the address of the DHCP server, and the source IP address with
the address configured on the receiving interface.
The router then sends the DHCP request to the DHCP server identified by theip helper address.
When the response is returned from the DHCP server, the DHCP/ BOOTP
relay function sends it to the host, allowing the host to obtain its IP address
49
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing Basic Routing ConfigDHCP/BootP Relay Configuration
Use the ip forward-protocol {udp [port]} command to enable UDP broadcastforwarding and specify which protocols will be forwarded. This is a global
level command.
The example below shows how to enable forwarding of UDP datagrams carrying DHCP requests (port 67):
Note: use of the ip forward-protocolcommand is required only on S & N Series Routers NOT on C Series devices.
Use the ip helper-address address command to enable DHCP/BOOTP relay and the
forwarding of local UDP broadcasts. This is an interface level command
The configuration below permits UDP broadcasts from hosts on the 1.35.11.0/24 network to reach a DHCPserver (1.35.0.1) on the 1.35.0.0 network
50
Router(su-config)-> ip forward-protocol udp 67
Router(su-config)-> interface vlan 3511
Router(su-config-intf)-> ip address 1.35.11.254 255.255.255.0
Router(su-config-intf)->ip helper-address 1.35.0.1
Router(su-config-intf)->no shutdown
-
7/25/2019 Routing Enterasys
26/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 51
ARP Configuration
- Displaying the ARP cache for host
C2(su)-> show arp
- Displaying the ARP cache for all VLAN IPinterfaces
C2(su)->router> show ip arp
- Adding a static ARP cache entry
C2(su)->router(Config)# arp
- Changing the ARP cache timeout
C2(su)->router(Config)# arp
timeout seconds
- Clearing the ARP cache usually resolvesproblems created with changing ipaddresses
C2(su)->router# clear arp-cache[ ]
Configuration Limits- ARP cache timeout defaults to 4 hours on the N, S, G,
and C2/C3/C5
Enterprise Routing Basic Routing ConfigARP Configuration and Display
C2(su)-> show arp
LINK LEVEL ARP TABLEIP Address Phys Address Flags
Interface------------------------------------------------------10.1.204.17 00-01-f4-5f-49-c5 S host.0.110.1.204.65 00-01-f4-5f-49-c5 S host.0.110.1.204.97 00-01-f4-5f-49-c5 S host.0.110.1.204.98 00-00-00-00-00-00 host.0.110.1.204.2 00-00-00-00-00-00 host.0.110.1.204.15 00-00-00-00-00-00 host.0.110.1.204.17 00-01-f4-5f-49-c5 S host.0.110.1.204.20 00-00-00-00-00-00 host.0.110.1.204.21 00-00-00-00-00-00 host.0.110.1.204.22 00-00-00-00-00-00 host.0.110.1.204.34 00-00-00-00-00-00 host.0.110.1.204.65 00-01-f4-5f-49-c5 S host.0.110.1.204.66 00-00-00-00-00-00 host.0.110.1.204.67 00-00-00-00-00-00 host.0.110.1.204.97 00-01-f4-5f-49-c5 S host.0.110.1.204.98 00-00-00-00-00-00 host.0.1------------------------------------------------------
C2(su)->router> show ip arp
Protocol Address Age(min) Hardware Addr Interface---------------------------------------------------Dynamic 10.1.204.2 0m 000D:883C:5A4B VLAN1Dynamic 10.1.204.15 0m 000D:883E:10E3 VLAN1Internet 10.1.204.17 - 0001:F45F:49C5 VLAN1Dynamic 10.1.204.20 0m 0011:1136:6B0B VLAN1Dynamic 10.1.204.21 0m 0009:6B99:814D VLAN1Dynamic 10.1.204.31 141m 00D0:B7B6:6597 VLAN1Dynamic 10.1.204.32 0m 00D0:B7A7:7159 VLAN1Dynamic 10.1.204.34 0m 0006:1BDA:A1A6 VLAN1
Internet 10.1.204.65 - 0001:F45F:49C5 VLAN1Dynamic 10.1.204.66 0m 0010:A4E6:513B VLAN1Dynamic 10.1.204.67 0m 000D:883C:97CC VLAN1Internet 10.1.204.97 - 0001:F45F:49C5 VLAN1Dynamic 10.1.204.98 3m 0002:B32F:B563 VLAN1
Arp entry count = 13.
* - Static
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 52
Enterprise Routing Basic Routing ConfigFile Management
write file This command saves the router configuration (N Series 6.12)
The write file command is not required when using 7.xx f irmware
-
7/25/2019 Routing Enterasys
27/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 53
Multiple IP Interface Configuration:
On B, C, and G-Series routers, there are two IP subsystems. A system layer IPsubsystem used to configure the single host management IP interface and a
routing layer IP subsystem used to configure routing IP interfaces.
The hostinterface acts as a non-routed management IP interface, and must be
assigned to a VLAN (VLAN 1 is the default).
The hostinterface is always up and utilizes an ARP cache and route table
independent from the ARP cache and route table used by the routing layer IPsubsystem
The C2/C3/C5 host interface address can not be assigned to the same network asthe local routed VLAN interface.
To assign host interface address to a VLAN other than 1, for C-Series, usecommand:
Enterprise Routing Basic Routing Config
Additional Information
C-Series> set host vlan vlan-id
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 54
IP Interface Configuration N & S-Series
In release 7.0 the concept of a system IP address is no longer valid.
The ability to set a unique IP address on each VLAN configured on the switch means that host managementcan be accessed from any VLAN configured with its own IP
The ability to assign an IP subnet to an interface that is separate from a subnet which is passing data throughthe switch allows the network administrator to create an outofband management subnet designed to onlypass network management data
Use the set ip address command to create a nonrouting host management IP interface for a VLAN:
Use the ip forwarding command is used to enable or disable IP forwarding:
Enterprise Routing Basic Routing Config
Additional Information (continued)
S Chassis(rw)->set ip address 125.100.10.1 mask 255.255.0.0 interface vlan.0.5
N3 Chassis(su)->show running-configinterface vlan.0.5ip address 125.100.10.1 255.255.0.0 primaryno ip proxy-arpno ip forwardingno ipv6 forwardingno shutdown
N3 Chassis(rw-config)->interface vlan.0.5SN3Chassis(rw-config-intf-vlan.0.5)-> ip forwarding
-
7/25/2019 Routing Enterasys
28/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 55
Router functionality is enabled by default across the product line
To disable routing, issue the following command on B, C, and G-Series Routers
- RouterA>(config)# no ip routing
On the N & S-series Routers running 7.x firmware, use the clear router all commandto remove all routing configuration from a system
- RouterA>(config)# clear router all
Each VLAN allows the assignment of a primary IP address/mask and a number of
secondary IP addresses/masks
Each routed VLAN interface must be assigned to its own subnet
By default, when VLAN IP interfaces are created on the N, S, & C2/C3/C5, they are
administratively DOWN
- Therefore a, no shutdown command mustbe entered after an IP interface is created- Configuration changes take effect immediately
Enterprise Routing Basic Routing Config
Additional Information (continued)
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 56
Enterprise Routing Basic Routing ConfigRouting Table Overview B,C,G and N-series 6.12
There are two show ip route commands, one in switch mode and one in router
mode
Switch mode- show ip route command shows Host routes:
The host interface maintains a separate routing table from the VLAN interfaces
Each can be separately viewed and maintained
Each can have a separate and distinct default route
C2(su)->show ip route
ROUTE TABLE
Destination Gateway Mask Tos Flags Refcnt Use Interface
-----------------------------------------------------------------------------
default 192.168.0.1 00000000 0 UGC 0 0 host
127.0.0.1 127.0.0.1 00000000 0 UH 0 0 loopback
192.168.0.0 192.168.0.2 ffffff00 0 UC 1 0 host
-----------------------------------------------------------------------------
-
7/25/2019 Routing Enterasys
29/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 57
Enterprise Routing Basic Routing ConfigRouting Table overview
Routing Mode- show ip route shows all static and dynamic routes
To see the routing table for the Routed IP interfaces, you must be in router mode
for B, C, and G-Series routers.
C2(su)->router> show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF, IA - OSPF interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2
* - candidate default, U - per user static route
C 10.1.50.0/24 [cost 0] directly connected, Vlan 5
C 10.1.100.0/24 [cost 0] directly connected, Vlan 10
C 10.1.150.0/24 [cost 0] directly connected, Vlan 15
C 172.16.0.0/24 [cost 0] directly connected, Vlan 123
S 192.168.1.0/24 [cost 0] via 172.16.0.51, Vlan 123
S 192.168.100.0/24 [cost 0] via 172.16.0.37, Vlan 123
A Siemens Enterprise Communications Company
There is nothing more important than our customers
Enterprise RoutingOSPF Configurations
Version 4.03
-
7/25/2019 Routing Enterasys
30/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 59
Enterprise Routing - OSPFOverview of OSPF Routing Protocol
OSPF primary characteristics:
- It is open in that its specification is in the public domain
- It is based on Dijkstras Shortest Path First algorithm
Developed by the Interior Gateway Protocol (IGP) working group of the IETF
(mid-1980s)
- RFC 2328
- RFC 1583
OSPF was created because RIP was increasingly unable to serve large,heterogeneous networks
- Routing loops occurred with sudden topology changes
- Using distance metric to determine reachability resulted in count to Infinity delays
- Slow convergence
Uses the best effort transport mechanism of IP
- Protocol number 89
- Uses both IP Unicast and Multicast addresses
- 224.0.0.5 (AllSPFRouters)
- 224.0.0.6 (AllDRRouters)
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 60
Enterprise Routing - OSPFOverview of OSPF Routing Protocol
Faster convergence than distance vector algorithms
A more descriptive routing metric
- Configurable per outbound interface
- Interface value between 1 and 65,535
Equal-cost multipath
- If multiple equal cost paths to a destination exist, the paths are inserted in routing table
- Load balancing among the routes
- Default path costs are 10
Routing Hierarchy
- Routing domain can be divided into areas for ease of management and control- Support for route summarization and aggregation by area
Security
- Simple or MD5 Authentication
-
7/25/2019 Routing Enterasys
31/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 61
Enterprise Routing - OSPFOverview of OSPF Routing Protocol
Link State Advertisements (LSAs)
- Describe local piece of routing topology
- As accumulated from all routers in area/domain, form a link state database
Link State Database
- Describes complete routing topology
- Identical for all the routers within the same area, when a network has converged
- Distributed, replicated database model
- Routing table is re-computed from database only when topology changes occur
Distribution of LSAs uses reliable flooding
- Link State Updates advertise topology changes and keep entries up-to-date
- Large RIP update packets advertise entire route table every 30 seconds age out in 90 sec
- Individual entries are refreshed every 30 minutes age out after 60 minutes
- Uses multicasting to minimize network disruption- Has its own acknowledgement protocol to ensure reliable packet delivery
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 62
Enterprise Routing - OSPFOverview of OSPF Routing Protocol
The network topology must appear consistent - the link state database must be
identical on all routers
All entities in the routing domain use unique 32 bit numbers for identification
- Routers are assigned a router ID normally based on their IP address
- Networks either use their network id or IP address of a router interface on that network
- Areas are strictly administratively assigned
Routers use OSPF Hello protocol to identify neighbors and maintain neighbor
relationships
Only Routers in an adjacency state of are permitted to exchange link state
information- The necessity of ensuring consistency in the LSDB prohibits simple broadcasting on route
information.
- Flooding information uses a split horizon technique
In multi-access networks, a Designated Router (DR) is elected to ensurereliable distribution of LSAs.
- Backup Designated Router (BDR) is also elected
-
7/25/2019 Routing Enterasys
32/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 63
Enterprise Routing - OSPFOverview of OSPF Routing Protocol
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing - OSPF
The OSPF Area - Definition
Definition of an OSPF area
- Consists of a collection of network segments and interconnected routers
- Identified by area Id using dotted-decimal format (Ex: 0.0.0.1)
- ID has no association with IPv4 addresses of IPv4 nodes in the area
- When an IPv4 interface is enabled with OSPF, it is associated with an area
- Each routers interface belongs to only 1 area; therefore,
- Each network belongs to only 1 area
- A router may belong to mult iple areas having interfaces in different areas
- Multiple networks and router interfaces may belong to a single area
Example:
10.10.10.1/24
20.30.20.1/24 20.30.20.2/24 50.30.20.2/24
10.10.10.0/24 20.30.20.0/24 50.30.20.0/24
AREA 0.0.0.34 AREA 0.0.0.0
10.10.10.2/24AREA: 0.0.0.34
AREA: 0.0.0.34
AREA: 0.0.0.0 AREA: 0.0.0.0 AREA: 0.0.0.0
88
-
7/25/2019 Routing Enterasys
33/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing - OSPFThe OSPF Area - Implications
OSPF Router Classification:
- Area Border Router (referred to as ABRs)
- Router that has interfaces in at least two different areas
- Autonomous System Border Router (referred to as ASBRs)
- Router that has interface running a different routing protocol
- Internal Router:
- Routers interfaces completed contained within an OSPF area
Example:
10.10.10.1/24AREA: 0.0.0.34 20.30.20.1/24
AREA: 0.0.0.020.30.20.2/24AREA: 0.0.0.0
50.30.20.2/24AREA: 0.0.0.0
10.10.10.0/24
20.30.20.0/24
50.30.20.0/24
OSPF IGP Domain
BGP IGP Domain
AREA 0.0.0.34
10.10.10.2/24
AREA: 0.0.0.34
AREA 0.0.0.0
89
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing - OSPF
Inter-Area Routing Example
Intra-AreaRoutes
Inter-AreaRoutes
40.0.0.0/24 10.0.0.0/24
30.0.0.0/24 20.0.0.0/24
50.0.0.0/24
60.0.0.0/24
Intra-AreaRoutes
Inter-AreaRoutes
50.0.0.0/24 10.0.0.0/24
60.0.0.0/24 20.0.0.0/24
30.0.0.0/24
40.0.0.0/24
BackboneArea 0.0.0.0
Area 0.0.0.1
Area 0.0.0.2
Area Border Routers
A
B
C D
E
F
G
10.0.0.0/24
20.0.0.0/24
30.0.0.0/24
40.0.0.0/24
50.0.0.0/24
60.0.0.0/24
Intra-AreaRoute
Inter-AreaRoute
10.0.0.0/24 30.0.0.0/24
20.0.0.0/24 40.0.0.0/24
50.0.0.0/24
60.0.0.0/24
Area 0.0.0.2
Area 0.0.0.0
Area 0.0.0.1
66
-
7/25/2019 Routing Enterasys
34/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 67
Enterprise Routing - OSPFStub Areas
A dead-end area
There are no other ways to enter
or exit the stub area except via the ABR
The reason for building stub areas is
to further reduce the size of routing tables
AS-external-LSAs are not flooded into Stub Areas
Routing to external designations from Stub Areas are
based on Default Routes originated by a Stub Areas ABR.
Summary LSAs can also use the Default Route for Inter-area routing.
Criteria:
- Stub areas must not have an ASBR- Stub areas should have one ABR
- Or, if more than one, accept non-optimal routing paths to the External AS
- No Virtual Links allowed in a stub area
ASBR
Normal Stub
ASBR
Summaries
from Area
0.0.0.1
Summaries
from Area
0.0.0.0
A
Default
Route
0.0.0.0 0.0.0.1
ABR
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 68
Enterprise Routing - OSPFStub Areas
Totally Stubby Area (TSA)
- TSA differ from Stub areas in that there are not even summary routes injected into theTSA.
- The only route that is injected by the ABR is the default route.
- All inter-area routes follow the default for all destinations both internal and external tothe OSPF domain.
Not-So-Stubby Areas (NSSA)
- NSSA is defined in RFC 1587
- Similar to existing OSPF stub area configuration
- Capability to importing AS external routes in a limited fashion
- An ASBR in the NSSA will inject Externals using Type 7 LSA
-
7/25/2019 Routing Enterasys
35/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 69
Enterprise Routing - OSPFOSPF Features
Common OSPF Features Supported on
S Series, DFE, C2/C3 /C5, & G3
- ECMP
- Authentication
- Simple
- MD5
- Redistribution
- Static
- Rip
- Direct
- BGP **
- IS-IS **
- OSPF
- Route Administrative Distance
- Specify Neighbor router
- Not supported in C2/C3/C5
- Passive Interface
- Timers
Hello
Dead
Retransmit Interval
Transmit del ay
spf
- Cost
- Priority
- Stub
NSSA
Totally Stub
- Virtual Links
- Summarization
**Supported on the S Series Router 7.21firmwareand above
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 70
Enterprise Routing - OSPFOSPF Features
OSPF Equal Cost Multiple Path (ECMP)
- S = 8
- N (Platinum/ Diamond) = 8
- N (Gold) = 4
- G = 4
- C2/C3/C5 = 4
-
7/25/2019 Routing Enterasys
36/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing - OSPFECMP
71
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Router#showip route
Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF interarea
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - 0SPF external type 1, E2 - 0SPF external type 2
E - EGP, i - IS-IS, L1 - IS-IS level-1, LS -IS-IS level-2
* - candidate default, U - per-user static route, o - ODR
C 1.1.1.0/24 [0/1] directly connected, Vlan 10
C 2.2.2.0/24 [0/1] directly connected, Vlan 20
C 3.3.3.0/24 [0/1] directly connected, Vlan 30
O 4.4.4.0./24 [110/20] via 2.2.2.2, Vlan 20
O 5.5.5.0./24 [110/20] via 3.3.3.2, Vlan 30
O 6.6.6.0/24 [110/30] via 3.3.3.2, Vlan 30
via 2.2.2.2, Vlan 20
C 127.0.0.0/24 [0/1] directly connected, Lo
72
Enterprise Routing - OSPFECMP
-
7/25/2019 Routing Enterasys
37/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 73
Enterprise Routing - OSPFSimple Configuration Process
OSPF Process
Disable GVRP and spanning tree
Create VLANs and assign ports to VLANs
Configure VLAN interfaces
Create an OSPF instance
Configure OSPF networks and areas
Ensure the advanced routing license is setup
Enable OSPF at VLAN interface level
Create Router ID (must be done before enablingOSPF at global level).
VLAN setup
OSPF
Configuration
C2/C3/C5additional
OSPF steps
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing OSPFOSPF config C2/C3/C5 & G-Series only
From router config mode:
Create an OSPF instance
- router ospf 10
Create a Router ID
- Router id 5.5.5.5
From each vlan interface (C2/C3/C5)
Associate the vlan to an area
- ip ospf areaid 0.0.0.0
Be sure to enable OSPF on each VLAN
- ip ospf enable
Note: The C2/C3/C5 & G3 requires an advanced license to Route OSPF
74
-
7/25/2019 Routing Enterasys
38/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing - OSPFCreate an OSPF Config
N & S Series OSPF configuration
From config mode, create an OSPF instance
- router ospf 10
Use network command and reverse mask to associate subnets with OSPF
instance. Set area that subnet is a part of.
- network 20.1.2.0 0.0.0.255 area 0.0.0.0
- network 20.1.3.0 0.0.0.255 area 1
Note: The N & Series require an advanced license to Route OSPF
75
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 76
Enterprise Routing - OSPFSimple Configuration Process
Examining OSPF Information
Show ip route
Show ip ospf
Show ip ospf interface
Show ip ospf neighbor
Show ip ospf area 0.0.0.0
Show ip ospf database
-
7/25/2019 Routing Enterasys
39/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 77
Enterprise Routing - OSPFSimple Configuration Process
Show ip route
Codes: C-connected, S-static, R-RIP, B-BGP, O-OSPF, IA-OSPF interareaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - 0SPF external type 1, E2 - 0SPF external type 2E - EGP, i - IS-IS, L1 - IS-IS level-1, LS - IS-IS level-2* - candidate default, U - per-user static route, o - ODR
S 111.1.3.0/24 [20/0] via 10.1.1.2, Vlan 11S 111.1.2.0/24 [20/0] via 10.1.1.2, Vlan 11S 111.1.1.0/24 [20/0] via 10.1.1.2, Vlan 11O IA 30.1.3.0/24 [110/40] via 10.1.2.2, Vlan 12O IA 30.1.2.0/24 [110/40] via 10.1.2.2, Vlan 12O IA 30.1.1.0/24 [110/40] via 10.1.2.2, Vlan 12C 20.1.3.0/24 [0/1] directly connected, Vlan 11C 20.1.2.0/24 [0/1] directly connected, Vlan 11C 20.1.1.0/24 [0/1] directly connected, Vlan 11O IA 10.3.2.0/24 [110/30] via 10.1.2.2, Vlan 12
O IA 10.2.1.0/24 [110/20] via 10.1.2.2, Vlan 12O IA 10.3.1.0/24 [110/40] via 10.1.2.2, Vlan 12C 10.1.2.0/24 [0/1] directly connected, Vlan 12C 10.1.1.0/24 [0/1] directly connected, Vlan 11
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 78
Enterprise Routing - OSPFSimple Configuration Process
Show ip ospf
Routing Process "ospf 10 " with ID 10.1.1.1Supports only single TOS(TOS0) route
It is an internal router.Summary Link update interval is 0 seconds.
External Link update interval is 0 seconds.Redistributing External Routes from,
Number of areas in this router is 1Area 0.0.0.1
Number of interfaces in this area is 2Area has no authenticationSPF algorithm executed 2 times
Area ranges are
Link State Update Interval is 0:30:00 and due in 0:16:38.Link State Age Interval is 0:00:00 and due in 0:00:00.
-
7/25/2019 Routing Enterasys
40/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 79
Enterprise Routing - OSPFSimple Configuration Process
Show ip ospf interface
R1(su)->show ip ospf interface vlan.0.10Internet Address 192.168.1.5 Mask 255.255.255.0, Area 0.0.0.0Router ID 192.168.1.5, Cost: 10 (computed)Transmit Delay is 1 sec, State other-designated-router, Priority 10Designated Router id 192.168.1.1, Interface Addr 192.168.1.5Backup Designated Router id 192.168.1.2,Timer intervals configured, Hello 10, Dead 40, Retransmit 5
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 80
Enterprise Routing - OSPFSimple Configuration Process
Show ip ospf area 0.0.0.0
Router4(su)->router>show ip ospf area 0AreaID 0.0.0.0Link State Age Interval 10External Routing Import External LSAsSpf Runs 10Area Border Router Count 0Area LSA Count 0Area LSA Checksum 0Stub Mode DisableImport Summary LSAs Enable
-
7/25/2019 Routing Enterasys
41/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 81
Enterprise Routing - OSPFSimple Configuration Process
Show ip ospf database
OSPF Router with ID(10.1.1.1)
Displaying Net Link States(Area 0.0.0.1)LinkID ADV Router Age Seq# Checksum10.1.2.2 10.1.2.2 102 0x80000005 0x4ecd
Displaying Router Link States(Area 0.0.0.1)LinkID ADV Router Age Seq# Checksum LinkCount10.1.1.1 10.1.1.1 123 0x80000009 0xa93b 510.1.2.2 10.1.2.2 92 0x80000009 0x53b1 1
Displaying Summary Net Link States(Area 0.0.0.1)LinkID ADV Router Age Seq# Checksum10.3.1.0 10.1.2.2 142 0x80000005 0x62bb10.3.2.0 10.1.2.2 142 0x80000005 0xf234
10.2.1.0 10.1.2.2 142 0x80000005 0xa58d30.1.1.0 10.1.2.2 1114 0x80000005 0x759630.1.2.0 10.1.2.2 1104 0x80000005 0x6aa030.1.3.0 10.1.2.2 1094 0x80000005 0x5faa
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 82
Enterprise Routing OSPFAdvanced Configuration Process
Advanced OSPF configuration
Redistribute Routes
Setting the Router ID to the loopback address
Set the Designated Router
Setup Stub Areas
Stub
NSSA
Configure summarization
Setup Authentication
Simple
MD5
-
7/25/2019 Routing Enterasys
42/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 83
Enterprise Routing - OSPFAdvanced Configuration Process
Redistribute Routes
New Path Cost
Include all subnets
Router1 (su-config)->Router1 (su-config)-> router ospf 10
Router1 (su-config-ospf-10)-> redistribute static metric 22 subnets
Router1 (su-config-ospf-10)-> redistribute connected subnetsRouter1 (su-config-ospf-10)-> exit
Router1 (su-config)->
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 84
Enterprise Routing - OSPFSimple Configuration Process
Setting the Router ID to the loopback address
Router1 (su-config)->Router1 (su-config)->interface loopback 1Router1 (su-config -intf-loop.0.1)-> ip address 1.1.1.1 255.255.255.255Router1 (su-config -intf-loop.0.1)-> no shutdownRouter1 (su-config -intf-loop.0.1)-> exitRouter1 (su-config)-> Router OSPF 10Router1 (su-config-ospf-10))-> router-id 1.1.1.1
Router1 (su-config)-> show running-configrouter ospf 10
router-id 1.1.1.1log-adjacencyexit
-
7/25/2019 Routing Enterasys
43/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 85
Enterprise Routing - OSPFSimple Configuration Process
Set the Designated Router priority
N & S-Series
C & G Series:
Router2>Router(config)# interface vlan 12Router2>Router(config-if(Vlan 12))#ip ospf priority 100Router2>Router(config-if(Vlan 12))#exit
Router1 (su-config)-> interface vlan 11Router1 (su-config- intf-vlan.0.11)-> ip ospf priority 100Router1 (su-config- intf-vlan.0.11)-> exit
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 86
Enterprise Routing - OSPFSimple Configuration Process
Setup Stub Areas
Stub
Router1 (su-config)-> router ospf 10Router1 (su-config-ospf-10)-> area 0.0.0.1 stubRouter1 (su-config-ospf-10)->exit
NSSA
Router2(su)->Router(config)#router ospf 10Router2(su)->Router(config-router)#area 0.0.0.2 nssa default-information-originateRouter2(su)->Router(config-router)#exit
-
7/25/2019 Routing Enterasys
44/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 87
Enterprise Routing - OSPFAdvanced Configuration Process
Summarization
Router1 (su-config)-> router ospf 10Router1 (su-config-ospf-10)-> area 0.0.0.1 range 20.1.0.0 255.255.0.0Router1 (su-config-ospf-10)-> exit
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 88
Enterprise Routing - OSPFSimple Configuration Process
Setup Authentication (Simple)
C2/C3/C5 & G Series
Router2>Router(config)# interface vlan 12Router2>Router(config-if(Vlan 12))#ip ospf authentication-key redsox
S & N SeriesRouter1 (su-config)-> router ospf 10Router1 (su-config-ospf-10)-> area 0.0.0.1 authentication simpleRouter1 (su-config-ospf-10)-> exit
Router1 (su-config) interface vlan 12Router1 (su-config-intf-vlan.0.12) ip ospf authenticationkey redsoxRouter1 (su-config-intf-vlan.0.12) exit
-
7/25/2019 Routing Enterasys
45/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 89
Enterprise Routing - OSPFSimple Configuration Process
Setup Authentication (MD5)
C2/C3/C5 & G Series
Router2(su)->Router(config)#interface vlan 32Router2(su)->Router(config-if(Vlan 32))#ip ospf message-digest-key 22 md5 pats05Router2(su)->Router(config-if(Vlan 32))#exit
S & N-series
Router1(su-config)->router ospf 10Router1 (su-config-ospf-10)->area 0.0.0.2 authentication message-digestRouter1 (su-config-ospf-10)->exit
Router1 (su-config)->interface vlan 32
Router1 (su-config-intf-vlan.0.32)ospf message-digest-key 22 md5 pats05Router1 (su-config-intf-vlan.0.32)->exit
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 90
Enterprise Routing - OSPF
Multi-Area Configuration Example
OSPF Configuration Lab
- Create IP Interfaces
- Add IP Address to IP interfaces
- Add Secondary IP Addresses
- Add Static Routes
- Set the Router ID to Loopback Interface
- Create OSPF Instance
- Add IP OSPF Networks and Areas
- Set the Designated Router
- Redistribute Static Routes
- Setup Summarization
- Setup Authentication
Simple
MD5
RID 1.1.1.1 RID 2.2.2.2
RID 3.3.3.3
-
7/25/2019 Routing Enterasys
46/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
A Siemens Enterprise Communications Company
There is nothing more important than our customers
Enterprise RoutingLSNAT Configuration
Version 4.03
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LSNAT
LSNAT Overview: What is LSNAT?
Load Sharing Network Address Translation
LSNAT is a load balancing routing feature designed to provide load sharingnetwork services between multiple servers grouped into server farms
It can be tailored to an individual server service without requiring any
modification to clients or servers.
Examples of wellknown services are HTTP on port 80, SMTP (email) on
port 25, or FTP on port 21.
92
-
7/25/2019 Routing Enterasys
47/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LSNAT
LSNAT Overview: LSNAT Configuration Components
There are three LSNAT configuration components:
- The client that is requesting a service from the server
- The virtual server, configured on the LSNAT router. The virtual server intercepts theservice request from the client and determines the physical (real) server the requestwill be forwarded to
- The server farm which is a logical entity containing the multiple real servers, one ofwhich will service the clients request
93
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LSNAT
LSNAT Overview: How Does It Work?
A request for service is sent by the client to the server farm. The destination
address for the service request is the virtual servers unique Virtual IP(VIP)address.
A VIP address can be an IP address or an IP address and port address
combination. The same IP address can be used for multiple virtual servers ifa different port address is used.
The LSNAT configured router recognizes the VIP address and knows thatLSNAT must select a real server to forward the request to.
Before forwarding the request, based upon the server load balancing
process configured, LSNAT selects the real server for this request.
94
-
7/25/2019 Routing Enterasys
48/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LS-NAT
LSNAT Overview: How Does It Work (continued)?
LSNAT changes the destination IP address from the VIP address to theaddress of the selected real server member of the server farm associatedwith the VIP address.
The packet is then forwarded to the selected real server.
The real server sends a service response back to the client with its addressas the response source address.
At the router, LSNAT sees the real server address and knows it must firsttranslate it back to the VIP address before forwarding the packet on to the
client.
95
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LSNAT
LSNAT Overview: How Does It Work (continued)?
96
-
7/25/2019 Routing Enterasys
49/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LSNAT
LSNAT Overview: Why Would I Use LSNAT?
Server Load Sharing
- When a single server is not able to cope with the demands of mult iple client sessions
Reliability
- Server reliability is increased by allowing you to take individual servers offline without without ongoing service operations
Redundancy
- Load sharing also provides redundancy in the case of a server failure. LSNATautomatically removes the failed server from the select ion process.
Security
- Security is improved since only the VIP is known, not the real server IP addresses
Performance
- LSNAT improves network performance by leveling traffic over many systems
- Using LSNAT in conjunction with Aggregate Links removes the performance bottleneckconcerns of one physical link to a server by bundling multiple switch to server links
97
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LSNAT
Implementing LSNAT
1. Configure one or more server farms by:
- Specifying a server farm name
- Configuring real servers as members of the server farm
- Specifying a load balancing algorithm for each server farm
2. Configure each real server by:
- Enabling the real server for service
- Optionally specifying a round robin weight value for this real server
3. Configure a virtual server by:
- Specifying a virtual server name
- Associating a virtual server with a server farm
- Configuring a virtual server IP address (VIP)
- Enabling a virtual server for service
98
-
7/25/2019 Routing Enterasys
50/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LSNAT
LSNAT Configuration Considerations
The following considerations must be taken into account when configuringLSNAT:
- Supported on N & S-Series Routers
- ALL modules in the chassis must have upgraded memory to 256 MB, and must have anadvanced license activated. (N-Series Only)
- A server farm cannot be shared by different virtual servers.
- In order to edit or delete a virtual server or real server (serverfarm) configuration, thedevices must be first configured out of service, using the no inservice command, beforethe changes will be allowed.
99
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing LSNAT
LSNAT Configuration
100
-
7/25/2019 Routing Enterasys
51/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
A Siemens Enterprise Communications Company
There is nothing more important than our customers
Enterprise RoutingTransparent Web Cache Balancing(TWCB)
Version 4.03
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing TWCB
TWCB Overview: What is TWCB?
Transparent Web Cache Balancing (TWCB)
TWCB provides for the storing of frequently accessed web objects on acache of local servers
Each HTTP request is transparently redirected by an N/SSeries router to a
configured cache server.
When a user first accesses a web object, the object is stored on a cache
server. Each subsequent request for the object uses the cached object,avoiding the need to access the host web site.
102
-
7/25/2019 Routing Enterasys
52/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing TWCB
TWCB Overview: Why Would I Use TWCB?
Web caching reduces network traffic and aides in optimizing bandwidth usage by localizing webtraffic patterns
Web caching allows endusers to access web objects stored on local cacheservers with a muchfaster response time than accessing the same objects over an internet connection or through adefault gateway
Transparency, TWCB is transparent to the user, web traffic is automatically rerouted to the web-cache server
Load balancing, TWCB provides for load balancing across all cacheservers of a given serverfarm. The farm can be configured so heavy webusers can be distributed across server resourcesusing a predictor roundrobin algorithm.
Scalability, TWCB provides by the ability to associate up to 128 cacheservers with the web-cache.
103
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing TWCB
Implementing TWCB
Implementing TWCB requires a routed network with IP interfaces that allowthe N or SSeries router to send requests for the internet to the correct web
caching device
There are five aspects to TWCB configuration:
1. Creating the Server Farm which is used to cache the web objects and populate themwith cacheservers.
2. Associating heavy webusers with a roundrobin list which caches those users webobjects across all servers associated with the configured server farm.
3. Specifying the hosts whose HTTP requests will or will not be redirected to the
cacheservers.
4. Creating a webcache that the server farms will be associated with
5. Apply the caching policy
104
-
7/25/2019 Routing Enterasys
53/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing TWCB
TWCB Configuration
A TWCB configuration is made up of one or more cacheservers that are
logically grouped in a server farm and one or more server farms that areassociated with a webcache
There are four TWCB configuration components:
1. The server farm: Consists of a logical grouping of cacheservers. Each server farmbelongs to a webcache.
2. The cache server: A physical server on which an enduser cache resides. Each cacheserver belongs to a server farm. You can configure up to 128 cache servers perwebcache
3. The webcache: A logical entity in which all server farms reside. The current TWCBimplementation supports a single webcache. You create a webcache by naming it inrouter configuration command mode.
4. The outbound interface: Typically an interface that connects to the internet. It is theinterface that will be used for redirecting web objects from the host web site to thecache server
105
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing TWCB
TWCB Configuration (continued)
106
-
7/25/2019 Routing Enterasys
54/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing TWCB
TWCB Configuration (continued)
1. Configure one or more Server Farms by:- Specifying a server farm name
- Associating cache servers with the server farm
- Optionally, configuring a predictor round-robin list
2. Configure the Cache Servers by:
- Assigning each server a cache ip-address
- Setting the cache server fail detecti on method
- Placing the cache server in service
3. Configure the Web-Cache by:
- Specifying a web-cache name
- Adding the specified server farm to the web-cache
- Placing the web-cache in service.
4. Configure the Outbound Interface by:- Setting the redirect for outbound HTTP traffic from this outbound interface to the cache servers
107
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved.
Enterprise Routing TWCB
TWCB Configuration Considerations
The following considerations must be taken into account when configuringTWCB:
- Supported on N & S-Series Routers
- TWCB is an advanced routing feature. It is standard on the S, and requires a license onthe N.
- A minimum of 256 MB of memory is required on all DFE modules in order to enableTWCB. (N-Series Only)
- In order to edit or delete a cache server configuration, the server must be first configuredout of service, using the no inservice command, before the changes will be allowed
- The cacheservers should have a webbased proxy cache running. The Squid applicationis an example of a webbased proxy cache
108
-
7/25/2019 Routing Enterasys
55/100
7/2
2011 Enterasys Networks, Inc. Allhts reserved Enterasys Confidential
A Siemens Enterprise Communications Company
There is nothing more important than our customers
Enterprise RoutingACL Configurations
Version 4.03
2011 Enterasys Networks, Inc., A Siemens Enterprise Communications Company Al l rights reserved. 110
Access Control Lists filter IP packets based upon specified characteristics
Depending on the product ACLs may be applied to router interfaces as access
groups, either inbound, outbound or both
Enterasys routers support the configurat