Fryguy

Archive for August, 2011|Monthly archive page

The Ultimate Cisco Live Attendee(s)

In Cisco Live on August 15, 2011 at 22:42

So who is the Ultimate Cisco Live Attendee?  That is simple – not me nor my good friend, Tom - but Carole Warner Reece – as has been announced on the Newsroom site at Cisco (LINK)

Denise, John, and Carole (da winner!)

To be honest, I have to agree with them on this one as Carole has been attending for over 10 years now, had had her CCIE for over 10 years, and works for a company that only continues to help the event with their quality employees.  I want to congratulate here and say WELL DESERVED!  She is more of a die hard fan then I am, heck she even wore a Star Trek shirt to the closing keynote with William Shatner, she has earned her title!

It looks like Tom and I made a nice showing and got some great press from Cisco for our submissions.  Me for my blog posts, and Tom for his uber nerdy video taken with his Cisco CIUS tablet. You can see his blog post on his feeling here.

Oh, if you just want to see the video – here you go!

Read the rest of this entry »

, , , , ,

Cisco 3750 Stack Member Recovery

In IOS, Problems on August 15, 2011 at 11:28

Interesting day today, that it was.  Well, I guess I should say that the weekend was interesting as we had some bad weather – and just by some random chance we lost a CoreWAN router and a Cisco 3750 Stack member.  So lets just say that I spent my morning recovering the WAN router by moving the circuits to another router and recovering a 3750 switch.  Since moving WAN circuits around is no big deal, lets talk about recovering a Cisco 3750 stack member switch.

I will assume you have identified the switch that is dead – no lights is a good indication – and have received your replacement switch from Cisco already. The first thing you should do is independently boot the new switch and check the IOS version and make sure that it is either the same or compatible.  For me, I prefer to make sure they are the same before adding a switch to the stack as I never trust “compatible” version of switch code.  If you have ever upgraded a 3750 stack, you know it can take some time for the stack to come back – over 10 minutes is not unheard of.

So what do you do if you lose a switch in your stack, and have the right replacement?  Amazingly enough, just swap it out and the stack will work as normal. Now, don’t we always wish life was that simple!

Read the rest of this entry »

, , , , ,

CatOS and IOS

In Data Center on August 15, 2011 at 08:05

Intranet Cats

Ahh, Catalyst OS – old skool Layer 2.  There is a dwindling number of engineer who have seen this code, let alone have ever used this code and understand it.  Since I am about to convert some of the CatOS switches at work to IOS, I figured I would share some of the basics and joys of CatOS with you. Ok, perhaps I am just reminiscing a bit here – but if this can help just one person, then all is good – right?

So, what is this thing called CatOS one might ask.  Well, in short it is Cisco OS that is Layer 2 only; there are no routed interfaces, no IP addresses on interfaces (well, there is SC0) or IPs for VLANS – just L2 VLANS and Ports.  When a Catalyst switch is running CatOS for Layer 2 it is called Hybrid mode – if the switch is running IOS for Layer 2 and Layer 3, it is called Native mode.  CatOS dates back to 1993 when Cisco acquired Crescendo Communications in 1993 and the Catalyst line – its first foray into Switching – and because of the wide acceptance of XDi/CatOS, the OS has lived on for many years.  As the Catalyst line moved forward from the 5000, to the 5500, and now the 6500 – CatOS has survived.  It is only recently ( Dec 2010 ) that Cisco is no longer fixing and producing CatOS code, and CatOS code will finally go End-Of-Support in December of 2014.

Read the rest of this entry »

, , , ,

DMVPN and Routing Protocols – CDP

In Cool Tech on August 7, 2011 at 09:39

This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations.  This is more of a Why?  What? Eh? type of post – hence the picture.  Here I will show how to use CDP for a routing protocol – yes, CDP.

Right from the Cisco kool-aid website: On-Demand Routing (ODR) is an enhancement to Cisco Discovery Protocol (CDP), a protocol used to discover other Cisco devices on either broadcast or non-broadcast media. With the help of CDP, it is possible to find the device type, the IP address, the Cisco IOS® version running on the neighbor Cisco device, the capabilities of the neighbor device, and so on. In Cisco IOS software release 11.2, ODR was added to CDP to advertise the connected IP prefix of a stub router via CDP. This feature takes an extra five bytes for each network or subnet, four bytes for the IP address, and one byte to advertise the subnet mask along with the IP. ODR is able to carry Variable Length Subnet Mask (VLSM) information.
.
In order to get this lab to work I had to tweak a few configs on the routers, namely I had to remove the 0/0 route I had pointing to the ISP and make it a more specific – 150.0.0.0/8 pointing to the “ISP” router as the next hop.  With ODR only a default route (0/0) is passed from the hub to the spokes, so no other default route can exist.

Quick note:  When I am posting the configurations for the sites I will only notate the routing protocol additions.  If you need information on DMVPN configuration, see my previous post.

Read the rest of this entry »

, ,

DMVPN and Routing Protocols – BGP

In Cool Tech on August 6, 2011 at 17:52

This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations.  I will break out each protocol into a separate post in order to help keep things straight, putting them all together has the potential to get confusing (for both you and me!).   The routing protocol options I will document are OSPF, RIPv2, EIGRP, and BGP and   each has some unique features and quirks, so I will try and point them out where necessary.

The only problem that BGP introduces here is that it is a bit higher-touch for routing.  You will need to configure the spoke as well as the HUB to support the new neighbor relationship.  This might not be a big deal, but if you have quite a few of these sites, this means every add will require you to modify the hub router.  Guess we could call it job security :)

Quick note:  When I am posting the configurations for the sites I will only notate the routing protocol additions.  If you need information on DMVPN configuration, see my previous post.

Router/Switch Output
Commands
Notes

Lets start with the DMVPN hub.

First, lets get that loopoback created so we have something to advertise.
Rack1DMVPN(config)#interface Loopback0
Rack1DMVPN(config-if)#  ip address 100.100.100.100 255.255.255.255

Read the rest of this entry »

, , , ,

DMVPN and Routing Protocols – RIP

In Cool Tech on August 5, 2011 at 08:46

This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations.  I will break out each protocol into a separate post in order to help keep things straight, putting them all together has the potential to get confusing (for both you and me!).   The routing protocol options I will document are OSPF, RIPv2, EIGRP, and BGP and   each has some unique features and quirks, so I will try and point them out where necessary.

One of the joys of RIPv2 in a DMVPN network is Split-Horizon.  Just a quick refersher on Split Horizon – it is the rule that prohibits a router from advertising a route through an interface that the router itself uses to reach the destination.   This is done in order to prevent loops in the network, but with DMVPN we need to disable this feature via the no split-horizon command.

Quick note:  When I am posting the configurations for the sites I will only notate the routing protocol additions.  If you need information on DMVPN configuration, see my previous post.

Router/Switch Output
Commands
Notes

First up, the DMVPN hub.

Read the rest of this entry »

, , ,

DMVPN and Routing Protocols – EIGRP

In Cool Tech on August 5, 2011 at 08:12

This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations.  I will break out each protocol into a separate post in order to help keep things straight, putting them all together has the potential to get confusing (for both you and me!).   The routing protocol options I will document are OSPF, RIPv2, EIGRP, and BGP and   each has some unique features and quirks, so I will try and point them out where necessary.

One of the joys of EIGRP in a DMVPN network is Split-Horizon.  Just a quick refresher on Split Horizon – it is the rule that prohibits a router from advertising a route through an interface that the router itself uses to reach the destination.   This is done in order to prevent loops in the network, but with DMVPN we need to disable this feature via the no split-horizon EIGRP AS# command.

Quick note:  When I am posting the configurations for the sites I will only notate the routing protocol additions.  If you need information on DMVPN configuration, see my previous post.

Router/Switch Output
Commands
Notes

First up, the DMVPN hub:

First thing we should do is create a loopback interface and address so we have something to see and ping.
Rack1DMVPN(config)# int l0
Rack1DMVPN(config-if)# ip address 100.100.100.100 255.255.255.255
Read the rest of this entry »

, , ,

DMVPN and Routing Protocols – OSPF

In Cool Tech on August 4, 2011 at 09:43

This post will build off my last one, DMVPN, and here we will discuss the routing protocol options as well as each of their configurations.  I will break out each protocol into a separate post in order to help keep things straight, putting them all together has the potential to get confusing (for both you and me!).   The routing protocol options I will document are OSPF, RIPv2, EIGRP, and BGP and   each has some unique features and quirks, so I will try and point them out where necessary.

Quick note:  When I am posting the configurations for the sites I will only notate the routing protocol additions.  If you need information on DMVPN configuration, see my previous post.

Router/Switch Output
Commands
Notes

OSPF

What one needs to keep in mind here is that mGRE is a non-broadcast multi-access network (NBMA) how OSPF works. In order for OSPF to operate properly, the DMVPN hub router must be the OSPF DR and all the other routers should not be allowed to be a DR/BDR.  The only way you could have a DR/BDR design if this was a multi-hub DMVPN network – and that is beyond the scope of this post (due to hardware limitation in my lab). Also, the mGRE tunnel on the hub router must be set to a OSPF broadcast network via the ip ospf network broadcast command.

So, let’s get on with the configuration – DMVPN Hub first.

Read the rest of this entry »

, , ,

DMVPN

In Cool Tech on August 3, 2011 at 08:53

So let me talk a moment and talk about DMVPN – Dynamic Multipoint VPN technology.

Currently I am working on a project to test the viability of a DMVPN network as well as help bring the team up to speed on this technology.  Since I am doing that I figured it would be a good idea to share some of what I have learned with others – plus blogging it like this helps me to review the material at a later date. :roll:

So the first thing that probably should be answered – What is DMVPN?  It is a solution for building a scalable IPsec VPN network utilizing the Internet (or other public network – say MPLS) for the WAN backbone.   DMVPN takes advantage of another protocol, Next Hop Resolution Protocol (NHRP) and a Multipoint GRE tunnel interface.  With NHRP the router will query the Next Hop Server (NHS) to find out a mapping for a network.  Once it finds out the remote IP, the Multipoint GRE will build a dynamic tunnel between the two routers.  It will then place that network in its NHRP mapping table.

DMVPN can provide a full-mesh topology with a simplified configuration.  You only need to have all the spokes communicate with the hub initially, and then from there the spokes can learn the outside IP of the other routers and build dynamic tunnels when they need to communicate.  What is nice with this is that if you add a new spoke to the network, there are neither changes on the hub nor any other spoke – only the new spoke needs to be configured.

What are some of the uses for DMVPN?  Work at home workers, remote working locations via cellular, backup to a private WAN, and those are just to name a few.  I am sure you can come up with some of you own based on your experiences. (continued)

Read the rest of this entry »

, , , , ,

Future Nexus 7000 Line Cards (Sup2/ASA/NAM/WAN)

In Data Center, Nexus on August 2, 2011 at 08:09

Let me preface this post with a quick word – all the information presented here is pure speculation with a little bit of evidence to back up my speculation.  By no means is any of this a guarantee nor a near-time release for any of these modules.  This is me just presenting the information that I am able to find and sharing it with you.  Now, I am excited for some of this – and it definitely shows where the Nexus 7000 is going – so I hope that this type of information can help keep you informed on where this platform is going.  The future looks bright.

While I was doing the research on the track names for the Nexus line cards I came across a few things.  Things that we have all either assumed or have heard rumors of, but I guess now we know what is coming in the future for the Nexus 7000. First this is a listing for Silverstone – Supervisor 2 module, a little curious for sure.

The second thing that I came across was a bit more interesting to me – its a Service Module – N7K-SVC-APP-HW-1 – named after the Indian God, Agni.  What is curious is that Agni is a messenger from and to the other gods (modules), so it is aptly named.  I am guessing that this will be a 2-port module (Agni has 2-heads) similar to what the WS-X6582-2PA adapter is to the 6500. @matthewnorwood just also suggested perhaps this is an Application Load Balancer similar to the ACE30 on the Cat6k, I actually think that might be a more realistic option.(continued)

Read the rest of this entry »