CCIE Help: February 2016

Sunday, February 28, 2016

NEXUS VPC

Multi Chassis Port-Channel
2 active control planes
2 active configuration
CFS- Cisco Fabric Services- Used for Synchronization, MAC address advertisement ARP forwarding, State synchronization and configuration validation
Peer-Link- Link between the pairs (Port-Channel)
- Layer 2 traffic, BPDUs(Only Primary will send on VPC links), on orphan ports Secondary will send BPDU
- Runs STP, but not block any ports
Primary and Secondary (Priority+MAC)- lower is better, if any misconfiguration or issue Secondary will always suspend its ports
Keepalive Link- Hello from one VPC Peer to another Peer using IP(default Management Interface), Messages sent 2 sec, 3 sec hold timeout
VPC Member Port- port in VPC
Orphan Port- Not VPC port

Required
2 Nexus devices- 5k or 7k
One VPC domain and Two VPC peers
Need to match on hardware, should be identical

peer-gateway: - VMAC, VIP + Phy MAC
peer-switch:- both primary and secondary VPC peer will send the BPDU

# feature VPC
# vpc domain 99
# role priority 1
peer-keepalive destination 12.1.1.1

#int e1/5-6
channel-group 99 mode active

#int po99
switchport mode trunk
vpc peer-link
Spanning-tree bridge assurance in auto enabled and also jumbo frames

#show vpc role
#show vpc consistency-parameters global

Configure interface in VPC
#int e1/13
channel-group 13 mode on

#int po13
switchport mode fex-febric
fex associate 113
vpc 13

OSPF-Open Shortest Path First

RFC 2328
area range 32 bit
notation by 1 or 0.0.0.1
LSA- link state advertisement
Multiaccess
- broadcast- DR BDR election
- non broadcast
use Dijkstra SPF algorithm

RID-Router ----->loopback IP----->highest phyisical IP

DR election
1. priority default 1 (0-255)
2. highest RID

BDR-Backup DR

Packets
- Hello
- DBD- brief description of LAS
- LSR
- LSU
- LSA

Condition for neighbor
MTU
area ID
subnet mask
Stub area flag
unique RID
Match authentication

Authentication three types
0=null
1=clear text
2=MD5

hello discover neighbor
Down- no ospf
attempt- hello sent not received
init- hello received
to-way- condition of neighbor is ok(DR/BDR election)
extart- Master/Slave based in RID
exchange- DBD
loading- LSR/LSU
full- complete database exchange

Network Type
Broadcast
- form DR/BDR, multicast 224.0.0.5-All SPF routers 224.0.0.6 All DR/BDR
- DR Other will be in Two-way state
Non Broadcast-DR/BDR
- hello 30 sec

Point-To-Point- Hello 10sec
Point-To-MultiPoint- No DR/BDR election

Point-To-Point non-broadcast
loopback

LSA1- Router Link State
- generated by every router for each area connected
- full update 30 min
- keeps in database 60 min
Sequence No- 0x 80000001
age- value is maximum to withdraw the route
CRC- cycliy redudancy check
Link Count- only shown in case of LSA1, total no of link in that area

LSA2-Network Link State
- generated for every multiaccess segment
- Link ID- contains the IP of the DR router connected to that link

LSA3- Network Summary
- generated by ABR
- generate no of network that needs to advertised to other router
- originator -ABR
- Link ID- network that is carried
- going from one ares to another summarize the topology information

LSA4
- Contains the IP of ASBR

LSA5
- any route that is redistributed
- ASBR generates

LSA7
-NSSA

Path Selection
Cost= 100Mbps/link BW
Intera area(o)
Inter area (OIA)
External type1 (E1)
External type2 (E2)-Metric 20 default for redistribution
NSSA type 1 (N1)
NSSA type 2 (N2)

Stub area
- No LSA 5 also removes LSA 4
- ABR generate Inter-Area default routes LSA3

Totally Stub
- No LSA5,4 and 3

NSSA
- Removes LSA5,4 but allow LSA 7

Not So Totally stub area
- Removes LSA 5,4,3
- allows LSA 7
- ABR will originate inter-area default route

*Dec 1 06:35:33.107: OSPF-10 EVENT: Config: network 0.0.0.0 0.0.0.0 area 1

*Dec 1 06:35:33.107: OSPF-10 ADJ Lo0: Interface going Down

*Dec 1 06:35:33.109: OSPF-10 ADJ Lo0: 1.1.1.1 address 1.1.1.1 is dead, state DOWN

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Interface going Down

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: 1.1.1.1 address 31.31.31.1 is dead, state DOWN

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Neighbor change event

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: DR/BDR election

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Elect BDR 0.0.0.0

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Elect DR 0.0.0.0

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Elect BDR 0.0.0.0

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Elect DR 0.0.0.0

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: DR: none

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: BDR: none

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Flush network LSA immediately

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Remember old DR 1.1.1.1 (id)

*Dec 1 06:35:33.109: OSPF-10 ADJ Gi1: Interface going Up

*Dec 1 06:35:33.109: OSPF-10 PAK : Gi1: OUT: 31.31.31.1->224.0.0.5: ver:2 type:1 len:44 rid:1.1.1.1 area:0.0.0.1 chksum:EA9B auth:0

*Dec 1 06:35:33.110: OSPF-10 ADJ Lo0: Interface going Up

*Dec 1 06:35:33.110: %OSPF-6-AREACHG: 0.0.0.0/0 changed from area 0 to area 1

*Dec 1 06:35:33.116: OSPF-10 PAK : Gi1: IN: 31.31.31.3->31.31.31.1: ver:2 type:1 len:48 rid:3.3.3.3 area:0.0.0.1 chksum:A66F auth:0

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: 2 Way Communication to 3.3.3.3, state 2WAY

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: Backup seen event before WAIT timer

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: DR/BDR election

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: Elect BDR 1.1.1.1

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: Elect DR 3.3.3.3

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: Elect BDR 1.1.1.1

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: Elect DR 3.3.3.3

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: DR: 3.3.3.3 (Id)

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: BDR: 1.1.1.1 (Id)

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: Nbr 3.3.3.3: Prepare dbase exchange

*Dec 1 06:35:33.116: OSPF-10 ADJ Gi1: Send DBD to 3.3.3.3 seq 0xDC8 opt 0x52 flag 0x7 len 32

*Dec 1 06:35:33.116: OSPF-10 PAK : Gi1: OUT: 31.31.31.1->31.31.31.3: ver:2 type:2 len:32 rid:1.1.1.1 area:0.0.0.1 chksum:962F auth:0

*Dec 1 06:35:33.116: OSPF-10 PAK : Gi1: OUT: 31.31.31.1->31.31.31.3: ver:2 type:1 len:48 rid:1.1.1.1 area:0.0.0.1 chksum:684F auth:0

*Dec 1 06:35:33.122: OSPF-10 PAK : Gi1: IN: 31.31.31.3->31.31.31.1: ver:2 type:2 len:32 rid:3.3.3.3 area:0.0.0.1 chksum:923C auth:0

*Dec 1 06:35:33.177: OSPF-10 ADJ Gi1: Rcv DBD from 3.3.3.3 seq 0xDB7 opt 0x52 flag 0x7 len 32 mtu 1500 state EXSTART

*Dec 1 06:35:33.177: OSPF-10 ADJ Gi1: NBR Negotiation Done. We are the SLAVE

*Dec 1 06:35:33.177: OSPF-10 ADJ Gi1: Nbr 3.3.3.3: Summary list built, size 0

*Dec 1 06:35:33.177: OSPF-10 ADJ Gi1: Send DBD to 3.3.3.3 seq 0xDB7 opt 0x52 flag 0x0 len 32

*Dec 1 06:35:33.177: OSPF-10 PAK : Gi1: OUT: 31.31.31.1->31.31.31.3: ver:2 type:2 len:32 rid:1.1.1.1 area:0.0.0.1 chksum:9647 auth:0

*Dec 1 06:35:33.185: OSPF-10 PAK : Gi1: IN: 31.31.31.3->31.31.31.1: ver:2 type:2 len:112 rid:3.3.3.3 area:0.0.0.1 chksum:DEB1 auth:0

*Dec 1 06:35:33.185: OSPF-10 ADJ Gi1: Rcv DBD from 3.3.3.3 seq 0xDB8 opt 0x52 flag 0x1 len 112 mtu 1500 state EXCHANGE

*Dec 1 06:35:33.185: OSPF-10 ADJ Gi1: Exchange Done with 3.3.3.3

*Dec 1 06:35:33.185: OSPF-10 ADJ Gi1: Send LS REQ to 3.3.3.3 length 72

*Dec 1 06:35:33.185: OSPF-10 ADJ Gi1: Send DBD to 3.3.3.3 seq 0xDB8 opt 0x52 flag 0x0 len 32

*Dec 1 06:35:33.185: OSPF-10 PAK : Gi1: OUT: 31.31.31.1->31.31.31.3: ver:2 type:3 len:72 rid:1.1.1.1 area:0.0.0.1 chksum:BFC5 auth:0

*Dec 1 06:35:33.185: OSPF-10 PAK : Gi1: OUT: 31.31.31.1->31.31.31.3: ver:2 type:2 len:32 rid:1.1.1.1 area:0.0.0.1 chksum:9646 auth:0

*Dec 1 06:35:33.191: OSPF-10 PAK : Gi1: IN: 31.31.31.3->31.31.31.1: ver:2 type:4 len:160 rid:3.3.3.3 area:0.0.0.1 chksum:FBDB auth:0

*Dec 1 06:35:33.191: OSPF-10 ADJ Gi1: Rcv LS UPD from Nbr ID 3.3.3.3 length 160 LSA count 4

*Dec 1 06:35:33.192: OSPF-10 ADJ Gi1: Synchronized with 3.3.3.3, state FULL

*Dec 1 06:35:33.192: %OSPF-5-ADJCHG: Process 10, Nbr 3.3.3.3 on GigabitEthernet1 from LOADING to FULL, Loading Done

Wednesday, February 24, 2016

HSRP In Detail

The Hot Standby Router Protocol, HSRP, provides a mechanism which is designed to support non-disruptive failover of IP traffic. In particular, the protocol protects against the failure of the first hop router when the source host cannot learn the IP address of the first hop router dynamically. The protocol is designed for use over multi-access, multicast or broadcast capable LANs. A single router elected from the group is responsible for forwarding the packets that hosts send to the virtual router. This router is known as the active router. Another router is elected as the standby router.

Only the active and the standby routers send periodic HSRP messages once the protocol has completed the election process. If the active router fails, the standby router takes over as the active router. If the standby router fails or becomes the active router, another router is elected as the standby router.

Opcode

	Description
0	Hello. The router is running and is capable of becoming the active or standby router.
1	Coup. The router wishes to become the active router.
2	Resign. The router no longer wishes to be the active router.

State

	Description
0	Initial. This is the starting state and indicates that HSRP is not running. This state is entered via a configuration change or when an interface first comes up.
1	Learn. The router has not determined the virtual IP address, and not yet seen an authenticated Hello message from the active router. In this state the router is still waiting to hear from the active router.
2	Listen. The router knows the virtual IP address, but is neither the active router nor the standby router. It listens for Hello messages from those routers.
4	Speak. The router sends periodic Hello messages and is actively participating in the election of the active and/or standby router. A router cannot enter Speak state unless it has the virtual IP address.
8	Standby. The router is a candidate to become the next active router and sends periodic Hello messages. Excluding transient conditions, there MUST be at most one router in the group in Standby state.
16	Active. The router is currently forwarding packets that are sent to the group's virtual MAC address. The router sends periodic Hello messages. Excluding transient conditions, there MUST be at most one router in Active state in the group.

Hellotime. 8 bits. Default = 3 seconds
Holdtime. 8 bits. Default = 10 seconds.
Priority. 8 bits. Group. 8 bits. Reserved. 8 bits.
Authentication Data. 8 bytes.
Virtual IP Address. 32 bits.

R1(config-if)#do show run int f0/0
interface FastEthernet0/0
ip address 123.1.1.1 255.255.255.0
duplex auto
speed auto
standby ip 123.1.1.12
end
R2(config-if)#do show run int f0/0
interface FastEthernet0/0
ip address 123.1.1.2 255.255.255.0
duplex auto
speed auto
standby ip 123.1.1.12
end

R2 is elected as the active router, to happen the failover now we shut the R2 F0/0 link

ARP learning

R1 is selected as the active router once failover process is complete

R2(config)#int f0/0
R2(config-if)#no shut
R2(config-if)#
*Mar 1 00:37:17.695: HSRP: Fa0/0 API 123.1.1.2 is not an HSRP address
*Mar 1 00:37:17.699: HSRP: Fa0/0 API MAC address update
*Mar 1 00:37:17.703: HSRP: Fa0/0 API Software interface coming up
*Mar 1 00:37:17.707: HSRP: Fa0/0 Interface up
*Mar 1 00:37:17.707: HSRP: Fa0/0 Starting minimum interface delay (1 secs)
*Mar 1 00:37:17.707: HSRP: Fa0/0 API Software interface coming up
*Mar 1 00:37:17.711: HSRP: Fa0/0 API Add active HSRP addresses to ARP table
*Mar 1 00:37:17.715: HSRP: Fa0/0 API Add active HSRP addresses to ARP table
*Mar 1 00:37:17.803: HSRP: Fa0/0 Grp 0 Hello in 123.1.1.1 Active pri 100 vIP 123.1.1.12
*Mar 1 00:37:17.807: HSRP: Fa0/0 Grp 0 Active router is 123.1.1.1
*Mar 1 00:37:18.707: HSRP: Fa0/0 Interface min delay expired
*Mar 1 00:37:18.707: HSRP: Fa0/0 Grp 0 Init: a/HSRP enabled
*Mar 1 00:37:18.707: HSRP: Fa0/0 Grp 0 Init -> Listen
*Mar 1 00:37:18.707: HSRP: Fa0/0 Redirect adv out, Passive, active 0 passive 1
*Mar 1 00:37:18.711: HSRP: Fa0/0 Grp 0 Redundancy "hsrp-Fa0/0-0" state Init -> Backup
*Mar 1 00:37:19.699: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 00:37:19.699: HSRP: API Hardware state change
*Mar 1 00:37:20.699: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 00:37:21.275: HSRP: Fa0/0 Grp 0 Hello in 123.1.1.1 Active pri 100 vIP 123.1.1.12
*Mar 1 00:37:24.531: HSRP: Fa0/0 Grp 0 Hello in 123.1.1.1 Active pri 100 vIP 123.1.1.12
*Mar 1 00:37:27.467: HSRP: Fa0/0 Grp 0 Hello in 123.1.1.1 Active pri 100 vIP 123.1.1.12
*Mar 1 00:37:28.707: HSRP: Fa0/0 Grp 0 Listen: d/Standby timer expired (unknown)
*Mar 1 00:37:28.707: HSRP: Fa0/0 Grp 0 Listen -> Speak
*Mar 1 00:37:28.707: HSRP: Fa0/0 Grp 0 Redundancy "hsrp-Fa0/0-0" state Backup -> Speak
*Mar 1 00:37:28.707: HSRP: Fa0/0 Grp 0 Hello out 123.1.1.2 Speak   pri 100 vIP 123.1.1.12
*Mar 1 00:37:30.443: HSRP: Fa0/0 Grp 0 Hello in 123.1.1.1 Active pri 100 vIP 123.1.1.12
*Mar 1 00:37:31.711: HSRP: Fa0/0 Grp 0 Hello out 123.1.1.2 Speak   pri 100 vIP 123.1.1.12
*Mar 1 00:37:33.895: HSRP: Fa0/0 Grp 0 Hello in 123.1.1.1 Active pri 100 vIP 123.1.1.12
*Mar 1 00:37:34.711: HSRP: Fa0/0 Grp 0 Hello out 123.1.1.2 Speak   pri 100 vIP 123.1.1.12
*Mar 1 00:37:36.987: HSRP: Fa0/0 Grp 0 Hello in 123.1.1.1 Active pri 100 vIP 123.1.1.12
*Mar 1 00:37:37.711: HSRP: Fa0/0 Grp 0 Hello out 123.1.1.2 Speak   pri 100 vIP 123.1.1.12
*Mar 1 00:37:38.707: HSRP: Fa0/0 Grp 0 Speak: d/Standby timer expired (unknown)
*Mar 1 00:37:38.707: HSRP: Fa0/0 Grp 0 Standby router is local
*Mar 1 00:37:38.707: HSRP: Fa0/0 Grp 0 Speak -> Standby
*Mar 1 00:37:38.707: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 0 state Speak -> Standby
*Mar 1 00:37:38.711: HSRP: Fa0/0 Grp 0 Redundancy "hsrp-Fa0/0-0" state Speak -> Standby
*Mar 1 00:37:38.711: HSRP: Fa0/0 Grp 0 Hello out 123.1.1.2 Standby pri 100 vIP 123.1.1.12
*Mar 1 00:37:39.587: HSRP: Fa0/0 Grp 0 Hello in 123.1.1.1 Active pri 100 vIP 123.1.1.12
*Mar 1 00:37:41.711: HSRP: Fa0/0 Grp 0 Hello out 123.1.1.2 Standby pri 100 vIP 123.1.1.12