Network explorer: 2014

Monday, 15 September 2014

UCS deep dive

just a visual of the UCS B-series deep dive
this is what how i look at a low level of a B-series blade server.

Wednesday, 13 August 2014

Nexus FabricPath on nexus7k and nexus5k with fabricpath authentication

This is a config template for fabricpath configuration with fabricpath isis md5 Authentication

so i have configured the dual links in LACP port channeling and enabled fabricPath on the port-channel with authentication (md5 authentication with key-string as "fabmd5" )

Outputs/verifications after the config are down

Topology

7k-4:

feature lacp

feature-set fabricpath

vlan 100,200

mode fabricpath

fabricpath switch-id 4

key chain chain-name

key 0

key-string 7 fabmd5

interface Ethernet2/23

switchport mode fabricpath

channel-group 2324 mode active

no shutdown

interface Ethernet2/24

switchport mode fabricpath

channel-group 2324 mode active

no shutdown

interface Ethernet2/25

switchport mode fabricpath

channel-group 2526 mode active

no shutdown

interface Ethernet2/26

switchport mode fabricpath

channel-group 2526 mode active

no shutdown

interface port-channel2324

switchport

switchport mode fabricpath

fabricpath isis authentication-type md5

fabricpath isis authentication key-chain chain-name

interface port-channel2526

switchport

switchport mode fabricpath

fabricpath isis authentication-type md5

fabricpath isis authentication key-chain chain-name

7k-3:

feature lacp

feature-set fabricpath

vlan 100,200

mode fabricpath

fabricpath switch-id 3

key chain chain-name

key 0

key-string 7 fabmd5

interface Ethernet2/9

switchport mode fabricpath

channel-group 910 mode active

no shutdown

interface Ethernet2/10

switchport mode fabricpath

channel-group 910 mode active

no shutdown

interface Ethernet2/11

switchport mode fabricpath

channel-group 1112 mode active

no shutdown

interface Ethernet2/12

switchport mode fabricpath

channel-group 1112 mode active

no shutdown

interface port-channel910

switchport

switchport mode fabricpath

fabricpath isis authentication-type md5

fabricpath isis authentication key-chain chain-name

interface port-channel1112

switchport

switchport mode fabricpath

fabricpath isis authentication-type md5

fabricpath isis authentication key-chain chain-name

5k-1:

install feature-set fabricpath

feature-set fabricpath

feature lacp

fabricpath switch-id 1

vlan 100,200

mode fabricpath

key chain chain-name

key 0

key-string 7 fabmd5

interface Ethernet1/5

switchport mode fabricpath

channel-group 2526 mode active

interface Ethernet1/6

switchport mode fabricpath

channel-group 2526 mode active

interface Ethernet1/10

switchport mode fabricpath

channel-group 910 mode active

interface Ethernet1/11

switchport mode fabricpath

channel-group 910 mode active

interface port-channel910

switchport mode fabricpath

fabricpath isis authentication-type md5

fabricpath isis authentication key-chain chain-name

interface port-channel2526

switchport mode fabricpath

fabricpath isis authentication-type md5

fabricpath isis authentication key-chain chain-name

5K-2:

install feature-set fabricpath

feature-set fabricpath

feature lacp

fabricpath switch-id 2

vlan 100,200

mode fabricpath

key chain chain-name

key 0

key-string 7 fabmd5

interface Ethernet1/5

switchport mode fabricpath

channel-group 1112 mode active

interface Ethernet1/6

switchport mode fabricpath

channel-group 1112 mode active

interface Ethernet1/10

switchport mode fabricpath

channel-group 2324 mode active

interface Ethernet1/11

switchport mode fabricpath

channel-group 2324 mode active

interface port-channel1112

switchport mode fabricpath

fabricpath isis authentication-type md5

fabricpath isis authentication key-chain chain-name

interface port-channel2324

switchport mode fabricpath

fabricpath isis authentication-type md5

fabricpath isis authentication key-chain chain-name

OUTPUTS/Verifications

5K2# show port-channel summary

Flags: D - Down P - Up in port-channel (members)

I - Individual H - Hot-standby (LACP only)

s - Suspended r - Module-removed

S - Switched R - Routed

U - Up (port-channel)

M - Not in use. Min-links not met

--------------------------------------------------------------------------------

Group Port- Type Protocol Member Ports

Channel

--------------------------------------------------------------------------------

1112 Po1112(SU) Eth LACP Eth1/5(P) Eth1/6(P)

2324 Po2324(SU) Eth LACP Eth1/10(P) Eth1/11(P)

5K2# show fabricpath isis adjacency

Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:

System ID SNPA Level State Hold Time Interface

c067.xxxxxx N/A 1 UP 00:00:22 port-channel1112

c067.xxx.xxx N/A 1 UP 00:00:22 port-channel2324

5K2# show fabricpath isis interface port-channel 2324

Fabricpath IS-IS domain: default

Interface: port-channel2324

Status: protocol-up/link-up/admin-up

Index: 0x0002, Local Circuit ID: 0x01, Circuit Type: L1

Authentication type MD5

Authentication keychain is chain-name

Authentication check specified

Extended Local Circuit ID: 0x16000913, P2P Circuit ID: 0000.0000.0000.00

Retx interval: 5, Retx throttle interval: 66 ms

LSP interval: 33 ms, MTU: 1500

P2P Adjs: 1, AdjsUp: 1, Priority 64

Hello Interval: 10, Multi: 3, Next IIH: 00:00:03

Level Adjs AdjsUp Metric CSNP Next CSNP Last LSP ID

1 1 1 20 60 00:01:03 ffff.ffff.ffff.ff-ff

Topologies enabled:

Topology Metric MetricConfig Forwarding

0 20 no UP

Tuesday, 12 August 2014

python script to ssh and telnet and take input from Excel sheet

So this is a super cool script that i am going to share .

functions of the script

1. python script takes input from excel sheet cells for

IP address
username
password
transport type(ssh/telnet)
enable password

2. python script runs the functions defined and captures output of your choice and stores it in a file with the hostname/IP address of the router

assuming you have pre-installed the packages as shown in the previous script

import paramiko

import sys

import os

import xlrd

import unidecode

import telnetlib

import time

def sshCall(data1,data2,data3):

dssh = paramiko.SSHClient()

dssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

dssh.connect(data1.encode('ascii'),port=22, username=data2.encode('ascii'), password=data3.encode('ascii'))

dssh.exec_command('term len 0')

stdin, stdout, stderr = dssh.exec_command('show hostname')

bc=stdout.read()

b=bc.strip('\n')

stdin, stdout, stderr = dssh.exec_command('sh ver')

a= stdout.read()

print bc

f = open(b, 'a')

f.write(a)

f.close()

dssh.close()

def telNetCall(data1,data2,data3,data5):

hostlist= [ (data1),]

for host in hostlist:

print data1

user = (data2)

password = (data3)

ena = (data5)

telnet = telnetlib.Telnet(host)

telnet.read_until('Username: ', 3)

telnet.write(user.encode('ascii') + '\r')

telnet.read_until('Password: ', 3)

telnet.write(password.encode('ascii') + '\r')

telnet.write('enable' + '\r\n')

telnet.write(ena.encode('ascii') + '\r\n')

telnet.write('term len 0' + '\r\n')

telnet.write("show version"+ "\r\n")

telnet.write('exit' + '\r')

a=telnet.read_all()

f = open(host, 'w')

f.write(str(a))

os.chdir("C:/myscript/")

workbook = xlrd.open_workbook('Book1.xls')

worksheet = workbook.sheet_by_name('Sheet1')

for x in range(1,4):

data1 = (worksheet.cell(x,0).value).decode('ascii')

data2 = (worksheet.cell(x,1).value).decode('ascii')

data3 = (worksheet.cell(x,2).value).decode('ascii')

data4 = (worksheet.cell(x,3).value).decode('ascii')

data5 = (worksheet.cell(x,4).value).decode('ascii')

if data4 == 'telnet':

telNetCall(data1,data2,data3,data5)

else:

sshCall(data1,data2,data3)

Sunday, 10 August 2014

python script to ssh into cisco device

So this one had my head scratching not because the script was too complex , but the overall effort to run the script.

Again as i am new to python it took a while to get on with installing the correct packages and loading the right binaries.

so i will go step by step first on what is needed to run the ssh script in python 2.7

step1: installing the paramiko package

go to this link and download the paramiko package and unzip it in the python 2.7 folder
https://pypi.python.org/pypi/paramiko/1.14.0

now install it as show below

step2: intalling the ecdsa0.11 package

go to this link and download the ecdsa0.11 package and unzip it in the python 2.7 folder

https://pypi.python.org/pypi/ecdsa

now install it as show below

step3: download the relevant pre built pycrypto binaries for windows machine from link below

http://www.voidspace.org.uk/python/modules.shtml#pycrypto

step4: so finally the script

import paramiko
import sys
import os

dssh = paramiko.SSHClient()
dssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
dssh.connect('10.95.34.104',port=22, username='admin', password='Cisc0123')
dssh.exec_command('term len 0')
stdin, stdout, stderr = dssh.exec_command('sh ver')
a= stdout.read()
print a
f = open('testing.txt', 'a')
f.write(a)
f.close()
dssh.close()

Saturday, 9 August 2014

simple python script to telnet into cisco IOS device

I am no expert in python but just trying to share , something i used recently. its helpful if you want to telnet to IOS devices and get some output. using python scripts

i am using python version 2.7
you can download it from here
https://www.python.org/download/releases/2.7/

Script:

import os
import telnetlib

def telNetCall():
host = "xx.xx.xx.xx"
user = "username"
password = "password"
telnet = telnetlib.Telnet(host)
telnet.read_until('Username: ', 3)
telnet.write(user + '\r')
telnet.read_until('Password: ', 3)
telnet.write(password + '\r')
telnet.write('enable' + '\r\n')
telnet.write('enable_password' + '\r\n')
telnet.write('term len 0' + '\r\n')
telnet.write("show version"+ "\r\n")
telnet.write('exit' + '\r')
a=telnet.read_all()
f = open(host, 'w')
f.write(str(a))
telNetCall()

the script will telnet to the device and write the show version (or anything you define) into a file with the name as the host IP address.
f = open(host, 'w')

so lets run the script now for a small demo, but before that make sure you saved your script with proper indentation and file extension as .py

step1: in your command prompt change your directory to the python27 directory

step2: execute the script by just typing the script file name with the extension as shown above

step3: done !!! your output file should be created in the python directory as show below with the file name as the host IP address

Friday, 8 August 2014

why vPC+ in fabric path

vPC and vPC+ at edge, understanding the differences

vPC is a technology that is around for a long time now and is a very intelligent (MLAG) solution for the nexus product line.
With Cisco FabricPath's introduction vPC+ was also introduced.
lets see how different vPC+ is and how vPC+ overcomes some problems that vPC has in a fabricpath environment.

Below is a diagram where standard vPC is configured in a fabricpath environment.

Server A with MAC (aaa.aaa.aaa) is connected to nexus 5k-1 and 5k-2 in a vPC.

so lets take it step wise:

Server A sends traffic to Server B
Server A can use either of the links in vPC depending on the hashing
lets say Server A takes outgoing path via 5k-1 (using switch ID of 5k-1)
5k-1 sends traffic to 7k-4 via fabricpath
7k-4 sends traffic to 5k-3 and finally Server B receives the frame as classical ethernet

now the problem arises in the reverse path

5k-3 has to send traffic back to Server A , so MAC(aaa.aaa.aaa) is behind which Switch ID. 5k-1 or 5k-2 ??? so it send back to 5k-1 and we do not achieve multipathing

This problem is resolved by using vPC+

Below is an example of vPC+ with Fabric path domain

So lets take it step wise:

Server A sends traffic to Server B with source MAC(aaa.aaa.aaa)
Server A uses either links in vPC+ depending on hashing
say 5k-1 receives the frame , it encapsulates the frame in cisco Fabric path header with source switch-id 12(emulated switch ID)
5k-1 forwards the frame to 5k-3 via 7k-4 (basically the best fabric path SPT)
5k-3 forwards the frame as classical Ethernet to the host server B

So now in reverse path the frame from 5k-3 will be sent to emulated switch ID-12 which is physically either 5k-1 or 5k-2 , thus achieving true Multipathing

So now lets talk about the benefits of using vPC+ at edge

Functions that are enabled by vPC+ at the edge include:

• attach servers to edge switches with port-channel teaming

• attach additional Classic Ethernet switches in vPC mode

• attach Cisco Fabric Extenders in FEX Active/Active mode.

Thursday, 7 August 2014

vPC+ and EvPC

vPC+ configuration template on nexus 5k(N5K-C5596UP-SUP) with nexus 2k A.K.A FEX , and EvPC

The following post shows how to configure vPC+ and EvPC on nexus 5k and nexus 2k. Before we start just a few points to remember:

I have only covered the configuration for nexus 5k and fex for this post. my next post for fabricpath will have configurations for nexus 7k as well

The following list provides the reference terminology for vPC+ components:

vPC+: The functionality enabled on two independent upstream devices to make them appear as a single logical device to the downstream switches, allowing the establishment of PortChannel connections. All the MAC addresses learned from devices locally attached to downstream devices are advertised to the FabricPath domain as "connected" to the defined emulated switch.
vPC+ peer device: One of a pair of devices that are connected with the special port channel known as the vPC+ peer link.
vPC+ peer link: The link used to synchronize states between the vPC+ peer devices. Both ends must be on 10 Gigabit Ethernet interfaces.
vPC+ domain: This domain is formed by the two vPC+ peer link devices. It is also a configuration mode for configuring some of the vPC+ peer link parameters.
vPC+ peer-keepalive link: The peer-keepalive link, a Layer 3 link between the vPC+ peer devices, is used to ensure that both devices are up. The peer-keepalive link sends periodic keepalive messages between the vPC peers on an out-of-band path.
vPC+ member port: Interface that belongs to the vPC+

reference link: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/guide_c07-690079.html

5K-1:

feature vpc

install feature-set fabricpath

feature-set fabricpath

feature fex

vlan 3

mode fabricpath

vlan 4

mode fabricpath

fex 100

pinning max-links 1

description "FEX0100"

fex 200

pinning max-links 1

description "FEX0200"

vpc domain 1

role priority 1

peer-keepalive destination 10.95.34.104 source 10.95.34.103

fabricpath switch-id 512

interface Ethernet1/14

channel-group 12 mode active

interface Ethernet1/15

channel-group 12 mode active

interface port-channel 12

switchport mode fabricpath

speed 10000

vpc peer-link

interface Ethernet1/17

channel-group 100

interface Ethernet1/16

channel-group 200

interface port-channel100

switchport mode fex-fabric

switchport trunk allowed vlan none

fex associate 100

vpc 100

interface port-channel200

switchport mode fex-fabric

switchport trunk allowed vlan none

fex associate 200

vpc 200

5K-2:

feature vpc

install feature-set fabricpath

feature-set fabricpath

feature fex

vlan 3

mode fabricpath

vlan 4

mode fabricpath

fex 100

pinning max-links 1

description "FEX0100"

fex 200

pinning max-links 1

description "FEX0200"

vpc domain 1

role priority 1

peer-keepalive destination 10.95.34.103 source 10.95.34.104

fabricpath switch-id 512

interface Ethernet1/14

channel-group 12 mode active

interface Ethernet1/15

channel-group 12 mode active

interface port-channel 12

switchport mode fabricpath

speed 10000

vpc peer-link

interface Ethernet1/17

channel-group 200

interface Ethernet1/16

channel-group 100

interface port-channel100

switchport mode fex-fabric

switchport trunk allowed vlan none

fex associate 100

vpc 100

interface port-channel200

switchport mode fex-fabric

switchport trunk allowed vlan none

fex associate 200

vpc 200

after this point your vPC+ peer link and member links should be up , as well as FEX(nexus 2k) should be online

OUTPUTS:

5K2# show fex

FEX FEX FEX FEX

Number Description State Model Serial

------------------------------------------------------------------------

100 FEX0100 Online N2K-C2232TM-E-10GE SSI1xxxxx

200 FEX0200 Online N2K-C2232TM-E-10GE SSI1xxxxx

5K1# show fex

FEX FEX FEX FEX

Number Description State Model Serial

------------------------------------------------------------------------

100 FEX0100 Online N2K-C2232TM-E-10GE SSI1xxxxxx

200 FEX0200 Online N2K-C2232TM-E-10GE SSI1xxxxxx

5K1# show vpc

Legend:

(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 1

vPC+ switch id : 512

Peer status : peer adjacency formed ok

vPC keep-alive status : peer is alive

vPC fabricpath status : peer is reachable through fabricpath

Configuration consistency status : success

Per-vlan consistency status : success

Type-2 consistency status : success

vPC role : primary

Number of vPCs configured : 67

Peer Gateway : Disabled

Dual-active excluded VLANs : -

Graceful Consistency Check : Enabled

Auto-recovery status : Disabled

vPC Peer-link status

---------------------------------------------------------------------

id Port Status Active vlans

-- ---- ------ --------------------------------------------------

1 Po12 up 3,4

vPC status

---------------------------------------------------------------------------

id Port Status Consistency Reason Active vlans vPC+ Attrib

-- ---------- ------ ----------- ------ ------------ -----------

100 Po100 up success success - DF: Partial,

FP MAC:

512.0.0

100 Po200 up success success - DF: Partial,

FP MAC:

512.0.0

Now lets configure EvPC. a very simple configuration that can be done on the newly discovered FEX ports .

5K1:

interface E100/1/1,E200/1/1

channel-group 300

interface port-channel 300

switchport mode trunk

switchport trunk allowed vlan 3,4

spanning-tree port type edge trunk

5K2:

interface E100/1/1,E200/1/1

channel-group 300

interface port-channel 300

switchport mode trunk

switchport trunk allowed vlan 3,4

spanning-tree port type edge trunk

OUTPUT:

5K1# show vpc

Legend:

(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 1

vPC+ switch id : 512

Peer status : peer adjacency formed ok

vPC keep-alive status : peer is alive

vPC fabricpath status : peer is reachable through fabricpath

Configuration consistency status : success

Per-vlan consistency status : success

Type-2 consistency status : success

vPC role : primary

Number of vPCs configured : 67

Peer Gateway : Disabled

Dual-active excluded VLANs : -

Graceful Consistency Check : Enabled

Auto-recovery status : Disabled

vPC Peer-link status

---------------------------------------------------------------------

id Port Status Active vlans

-- ---- ------ --------------------------------------------------

1 Po12 up 3,4

vPC status

---------------------------------------------------------------------------

id Port Status Consistency Reason Active vlans vPC+ Attrib

-- ---------- ------ ----------- ------ ------------ -----------

100 Po100 up success success - DF: Partial,

FP MAC:

512.0.0

100 Po200 up success success - DF: Partial,

FP MAC:

512.0.0

264143 Po300 up success success 3,4 DF: Partial,

FP MAC:

512.0.0

>>>>>>>>>>>output snipped in above<<<<<<<<<<<<<<<<<<<<<

OTV multicast mode

OTV multicast mode configuration example.

So this post gives a switch wise configuration for multicast mode OTV. I have tried to make it as simple as possible and publish the config step wise on the switches.

OTV-VDC-DC-A

vlan 100

name extended-vlan

vlan 200

name site-vlan

feature ospf

interface loopback0

ip address 10.0.1.2/32

router ospf 1

router-id 10.0.1.2

interface Ethernet4/11

mtu 9100

ip address 10.4.1.18/30

ip ospf network point-to-point

ip router ospf 1 area 0.0.0.1

ip igmp version 3

no shutdown

interface Ethernet4/9

switchport

switchport mode trunk

switchport trunk allowed vlan 100,200

no shutdown

feature otv

otv site-vlan 200

interface Overlay1

otv join-interface Ethernet4/11

otv control-group 239.1.1.1

otv data-group 232.1.1.0/28

otv extend-vlan 100

no shutdown

otv site-identifier 0x1

OTV-VDC-DC-B

vlan 100

name extended-vlan

vlan 200

name site-vlan

interface loopback0

ip address 10.0.2.2/32

feature ospf

router ospf 1

router-id 10.0.2.2

interface Ethernet1/18

switchport

switchport mode trunk

switchport trunk allowed vlan 100,200

no shutdown

interface Ethernet1/20

mtu 9100

ip address 10.4.1.22/30

ip ospf network point-to-point

ip router ospf 1 area 0.0.0.2

ip igmp version 3

no shutdown

feature otv

otv site-vlan 200

interface Overlay1

otv join-interface Ethernet1/20

otv control-group 239.1.1.1

otv data-group 232.1.1.0/28

otv extend-vlan 200

no shutdown

otv site-identifier 0x2

AGG-VDC-DC-A

vlan 100

name extended-vlan

vlan 200

name site-vlan

interface loopback0

ip address 10.0.1.3/32

feature ospf

router ospf 1

router-id 10.0.1.3

interface Ethernet4/7

mtu 9100

ip address 10.4.1.17/30

ip ospf network point-to-point

ip router ospf 1 area 0.0.0.1

ip pim sparse-mode

ip igmp version 3

no shutdown

interface Ethernet4/5

switchport

switchport mode trunk

switchport trunk allowed vlan 100,200

no shutdown

interface Vlan100

no shutdown

ip address 100.100.100.1/24

interface Ethernet4/1

!!!!WAN facing interface

mtu 9100

ip address 10.10.13.1/24

ip ospf network point-to-point

ip router ospf 1 area 0.0.0.1

ip pim sparse-mode

no shutdown

AGG-VDC-DC-B

vlan 100

name extended-vlan

vlan 200

name site-vlan

interface loopback0

ip address 10.0.2.3/32

interface Ethernet1/12

switchport

switchport mode trunk

switchport trunk allowed vlan 100,200

no shutdown

interface Ethernet1/14

mtu 9100

ip address 10.4.1.21/30

ip ospf network point-to-point

ip router ospf 1 area 0.0.0.2

ip pim sparse-mode

ip igmp version 3

no shutdown

interface Vlan100

no shutdown

ip address 100.100.100.2/24

interface Ethernet1/10

!!!!WAN facing interface

mtu 9100

ip address 10.10.23.1/24

ip ospf network point-to-point

ip router ospf 1 area 0.0.0.2

ip pim sparse-mode

no shutdown

OUTPUTS

OTV-VDC-DC-B# show otv overlay 1

OTV Overlay Information

Site Identifier 0000.0000.0002

Overlay interface Overlay1

VPN name : Overlay1

VPN state : UP

Extended vlans : 200 (Total:1)

Control group : 239.1.1.1

Data group range(s) : 232.1.1.0/28

Join interface(s) : Eth1/20 (10.4.1.22)

Site vlan : 200 (up)

AED-Capable : Yes

Capability : Multicast-Reachable

OTV-VDC-DC-A# show otv overlay 1

OTV Overlay Information

Site Identifier 0000.0000.0001

Overlay interface Overlay1

VPN name : Overlay1

VPN state : UP

Extended vlans : 100 (Total:1)

Control group : 239.1.1.1

Data group range(s) : 232.1.1.0/28

Broadcast group : 239.1.1.1

Join interface(s) : Eth4/11 (10.4.1.18)

Site vlan : 200 (up)

AED-Capable : Yes

Capability : Multicast-Reachable

Thursday, 31 July 2014

vPC

Why vPC ?

vPC or virtual port channel allows links that are physically connected to two different Cisco Nexus Series devices to appear as a single PortChannel to the third device.

In my opinion vPC technology is a smart way for MLAG (multichassis link aggregation) designed for the nexus product line.

VSS on the other hand for cisco 6500 product line has its own limitations:

Control plane in VSS:

VSS can have maximum of two switches. The two switches are mamaged by one active switch and all configuration and state is synchronized to the standby switch over the VSL link. All control plane processing is handled by the CPU on the active switch.

Control plane in vPC:

In vPC control plane is separate. Nexus switches are managed separately and have individual processing of control information. States are exchanged through the vpc peer-link.

some reasons why would I want to go with nexus ?

Throughput and performance problems with the 6500 product line
High port density and port speeds that can go till 100G
Next generation platform with enhanced features and protocols
vPC

Wednesday, 30 July 2014

CCIE DC

In stealth mode. stay tuned for some CCIE Data center posts !!!