fryguypa

Archive for April, 2011|Monthly archive page

Cisco Live 2011 Schedule

In Cisco Live on April 20, 2011 at 11:22

Schedule

Figured I would put up a quick post with my current Cisco Live class schedule. This is my schedule as of today and, as always, is subject to change.

All times are in Vegas time!

Saturday
Fly and check in at Mandalay Bay as well as register for the event
Sunday
8:00 – 17:00 TECDCT-8001 Next Generation Data Center Infrastructure
Monday 9:30 – 11:30 BRKARC-3470 Cisco Nexus 7000 Switch Architecture
12:30 – 14:30 BRKARC-3471 Cisco NXOS Software – Architecture
15:00 – 17:00 BRKRST-2335 IS-IS Network Design and Deployment
Tuesday 8:00 – 9:30 BRKRST-3045 LISP – A Next Generation Networking Architecture
10:00 – 11:00 GENKEY-4700 Keynote and Welcome Address
12:30 – 14:30 BRKCOM-1005 UCS Systems Architecture Overview
16:00 – 18:00 BRKCRS-3144 Troubleshooting Cisco Nexus 7000 Series Switches
Wednesday
8:00 – 10:00 BRKCOM-2006 UCS Reference Architecture for Enterprise Applications
10:30 – 11:30 GENKEY-4701 Cisco Technology Keynote
12:30 – 14:30 BRKDCT-2121 Virtual Device Context (VDC) Designing and Implementation Considerations with Nexus
16:00 – 18:00 BRKVIR-3013 Deploying and Troubleshooting the Nexus 1000V virtual switch
Thursday
8:00 – 10:00 BRKCOM-1002 Data Center Architectures and Virtual Private Data Centers with UCS
10:30 – 11:30 GENDCT-4642 Town Hall: Data Center
12:00 – 14:00 BRKARC-3472 NX-OS Routing & Layer 3 Switching
14:30 – 15:30 GENKEY-4702 Closing Keynote: William Shatner
16:00 – 17:30 BRKMPL-2108 Global WAN Redesign Case Study
Friday
Fly home!
Advertisements

Cisco Live 2011 – Why you should go. . .

In Cisco Live on April 14, 2011 at 08:06

July 10th – 14 – Las Vegas, NV

Well, it is almost that time a year when all the “Networkers” get together at the annual Cisco Live event. It is still a few months away when I am writing this – but as we all know – time slows down for no one.  I wanted to take a few moments and share with you why I attend as well as why you should consider attending.   Please keep in mind that my experience is a bit different from the normal attendee as I am considered a NetVet as well as a CCIE, and being that we get a few additional perks during the event.

When I first attended back in 2005, the event was actually called Cisco Networkers and had a primary focus on Cisco engineers at a technical level.  I think that most, if not all, the sessions where focused on technical training, knowledge, and open forums.  There were no managerial or executive level sessions, or if they where available, it was only in limited capacity.  Since then, Cisco has done more to address all the different levels of the corporate ladder. This change has probably been very good for the event as some of us who have attended for many years moved up the corporate ladder, this has helped the event to hold its value.  That being said, I still attend all the technical sessions as they help me to plan for the future and find solutions to projects that are forthcoming.

So what can you expect to do at Cisco Live if you where to attend?  Well, there are Technical Seminars (Techtorials), Labs, and Breakout Sessions available during the event; Pearson Vue testing center on-site; World of Solutions were vendors show their latest products; there is special party for the attending Cisco CCIE/CCDE certified people; and for everyone there is a Customer Appreciation Event at the end to celebrate.  That is just the official stuff – the chance to meet some of the smartest, nerdiest, as well as coolest people in the networking world is an opportunity not to be missed!

So lets cover some of the Technical Seminars (Techtorials) and Labs quickly.  These type of sessions are typically an additional item that you may choose to purchase during the event, and typically take place on the first two days of the event – in this case the 10th and 11th.  They are available in 4-hour or 8-hour sessions, dependent on the topic being discussed, and are well worth the addition cost.  I have personally attended the 8-hour sessions on SIP and CCIE Voice in the past, and 4 hour sessions on CCIE Labs, IPv6 labs, Nexus 7000 hands-on, and the CCDE practical.  Those session where given either by the proctors and authors of the labs, the people who wrote the RFCs for the protocols, or the people who wrote the code and designed the hardware.  These session are chances to get to talk to the people who are in the know on the products/technologies as well as a chance to be able to touch technology you might not normally have an opportunity to work on.  These sessions are easily identifiable in the scheduler as they are prefixed with either LRT or TEC.

Breakout Sessions

Now onto the Technical Breakout Sessions as these are really the meat of the whole event, at least in my opinion.  These are 90 minute seminars on the technologies of your scheduling and can range from basic fundamentals of a technology all the way to the architecture of a protocol on a piece of hardware.   The sessions identification and number scheme helps you to identify the tracks and levels of the session.  All breakout sessions begin with the prefix of BRK followed by a 3-technology abbreviation (except for CCIE) and a 4-digit number that equates to the level.  With the number, the higher the number the higher the level.  So if you look at 1xxx series number you can expect Introductory information; a 2xxx number will be Intermediate level information, and finally a 3xxx number is Advanced level of information.  The 3xxx level is drinking from a fire hose at times, the level of technical information that you gather is amazing as well as these are usually given by the engineers who designed or wrote the product they are talking about. Below is a chart of the different session abbreviation meanings.

APP Application Optimization Tech ARC Product Architecture
CCIE CCIE Certifications CCS Data Center Technologies (?)
CCT Contact Center Technologies CDN Cisco Developer Network
COL Collaboration COM Compute Platform
CRS Campus Routing and Switching CRT Certifications
DCT Data Center Technologies EVT Enterprise Video
EWN Enterprise Wireless IPM IP Multicast
MPL MPLS NMS Network Management Systems
OPT Optical, Carrier Ethernet RST Routing and Switching
SAN Storage Area Networks SEC Security
SPG Service Provider (General) SPM Service Provider (Mobility)
SPV Service Provider (Video) UCC Unified Communications
VIR Virtualization

Another great bonus of Cisco Live is the Perason/Vue testing center located on-site.  You are able to register for one FREE test on-site provided you did an advanced pre-registered (link) and additional tests are available for 50% off normal price.  These are all on a first-come-first schedule basis as well as seating availability, but to be honest they usually have about 100 – 200 testing seats at the location.  If you are curious about a test, say the CCIE R&S 350-001, but not sure if you are up to the task; this is a great chance to see what is on the test and how you fair, without being out the $300 for the test.  If you need to recert your CCxx, it is another great chance to do it for free – I cannot tell you how many CCIE take their re-certification test during this event, but I know many do!

CCIE NetVet Reception with John Chambers

Before I go on about the World of Solutions and the parties, let me take a moment and talk about NetVets.  Basically a NetVet is a person who has attended at least three of the previous Cisco Live events in the past 5 years.  That is attended, so if this is your third one in a row – you have one more year until you are a NetVet.  You can identify these people usually by a red lanyard that says NetVet, and these people tend to also be very helpful to anyone who has a questions during the event.  Some of the additional perks that a NetVet receives is a private lounge to relax in and unwind, a free book from Cisco Press, a special materials pickup line and priority session scheduling.    If you are a CCIE/CCDE and a NetVet, you get the special honor of a very small reception with John Chambers during the event.  If you look at the picture above, you can tell this is an intimate reception with a very small crowd.  It is an open forum for questions and feedback with John Chambers.

WoS

Cisco Live World of Solutions - Cisco Booth

So lets talk about the World of Solutions (WoS) and what it is.  Ultimately it is a place for vendors to showcase their latest gear and technologies; a place to see what is new and upcoming; as well as a place to get lots and lots of free stuff (shirts, nick knacks, gadgets, USB drives, etc).  You have a chance to see what vendors have that is new and see what products might help you in your job or business.   You have vendors from Network Management solutions, to vendors who can help you with terrestrial backup networks, to training companies.  There is usually something there for everyone, and to be honest it is a decent size – but not too over whelming.  As a great bonus, is the Welcome Reception that is held on the first day that the breakout sessions are available.  This is the official opening of the WoS and is a great place to get food and “beverages” as well as walk around and check things out.

Usually at the WoS there is also the Cert Lounge as well as the Cisco Store.  The Cert Lounge is the location where, if you are Cisco Certified, you can go in and relax for a bit.  They usually have some chairs there, food and beverages, and can usually find some of the more recognizable names in the Cisco certification world.  What is also there tends to be some educational information – such as the other year they had some of the CCDE beta questions available for anyone to try. Another thing about the Certification Lounge – this is the place where, if you are a Cisco CCIE/CCDE/CCAr, you can receive your ribbon for your attendance badge.

CCIE Flag for badge

When it comes to the Cisco Store, this is a great place to shop for Cisco branded gear as well Cisco Press books!  You can find just about everything there with a Cisco logo on it – from Shirts, Jackets, Pens, Caps, etc – great place to stock up and bring back items for your co-workers!  When it comes to the Cisco Press books, I think that they have just about every one of them there – and at a discount.  I do not know what the exact discount is or will be, but I have always received a respectable one when I purchase books there.  It nice to be able to flip through the books prior to purchasing, as well being able to check other books out you might not normally have the a chance to.  Cisco Press tends to also have some of the authors available at times time to sign the books, so if you want to meet some of the authors you might get your chance!

Key Note

The Keynotes are a great time to hear what John Chambers and others have to say about technology, where Cisco is going with it, as well as what Cisco sees as the future of the market play.  We always get a great live demonstration of some of their newest products – sometimes with technical issues – so they are real and not just videos!  It is always entertaining to watch the demonstration on stage, they do a great job.  During the main keynote, John Chambers is very interactive with the audience when he speaks as he moves around the place and engages the audience.  He does not stand behind a podium and speak to us, he looks at you; he talks to you; he makes you feel like you are the only person in a room (not just one of about 10,000).  You also get a keynote from Padmasree Warrior, Cisco CTO, and just like John Chambers – she engages you.  There is also a closing keynote where they also announce the next years location (San Diego, CA), and what is really cool this year – is that that keynote will be done William Shatner.  They know how to bring out the stars for this event!

Engage

The two last things I want to cover are the Customer Appreciation Event and the CCIE/CCDE Party.  The CCIE/CCDE  Party is a fun event and it is a great place to meet other people who share your certifications.  This event has taken place at the NASCAR Cafe during Cisco Live Orlando, Ghost Bar at the Palms in Vegas, and for 2010 it was at the VooDoo lounge at the Rio.  It is a fun time and just a great night out with peers and friends.  There is not much to say as this is the type of event that has to be experienced more than anything – if you are a CCIE and attending Cisco Live, you will have a great time!


So let us talk about Customer Appreciation Event.  This event, sometime good sometimes great, is the way that Cisco closes out Cisco Live.  They usually have some really funky hats – and every year they are different and something that is not officially known until the night of the event.  I have hats with stars, flames, blue hair caps, and energy dome, and a few others in my closet – they are just fun and funky!  This year, if I read into the literature, will be held at the Bellagio (dancing fountain pool spectacular is the official Cisco description) and will have Train and OK Go as some of the bands for the event.  There will be plenty of drink and food (drink is first for a reason), and it is a great night to hang out with everyone!  Not sure about the hats yet, but if Train is the headline – I might be able to guess the type of cap.  You never know though as they are great at surprising everyone! Here is some footage from Cisco Live! Anaheim with KISS from a few years back.

So, in closing I figure I would let some of my friends tell you why they go to Cisco Live and what the see for the future.  To be honest, I really go for two main reasons.

1) To learn

2) To see my friends who I have not seen since last Cisco Live ( we still talk, but work scheduled make visiting difficult at best)

Quick update – to see a current list of those of us on Twitter who will be attending Cisco Live, please take a look at Dane’s site at this link

Dane – Twitter @danedevalcourt

Tom – Twitter @NetworkingNerd

Brandon –  @brandoncarroll

And here is a very entertaining ( and honest ) montage

More LiSP – using it to enable IPv6 over IPv4

In Why not? on April 8, 2011 at 18:51


Ok, now that I have that basic LISP post out, you know this one LISP – Say What?!, I figured I would build upon that configuration. Today I will show you how to overlay IPv6 at your sites while keeping your core IPv4 only.  There is no IPv6 addressing nor routing configured on the core Routers and this post will continue where the other one left off, no configuration changes have been made prior to this post, except I did have to upgrade from a base image to an Enterprise image to support IPv6 on R2, R3, and R4.  R1 is still running an IOS that does not support LISP nor IPv6.  This post will focus on the configuration first and then the explanation of how last.

Below is the same topology I used in the other LISP post, just added some IPv6 addressing and routing protocols for Site-A and Site-B. I am going to build on what we have done in the other lab, so not all the necessary LISP configs are here for a scratch-built config.  I have included the full configs in the bottom of this post if you would like to look at them.

Quick rundown on color codes again:
Router Output
Notes
Commands

Lets start with R4, the LISP MS/MR device.  We will configure this to accept the IPv6 networks to the xTR routers at Site A and Site B

We need to enable IPv6 Routing on R4.  There will no no IPv6 interfaces, but it still needs to understand how to route IPv6 for when a request comes in
LISP_R4_MP_MR(config)# ipv6 unicast-routing
Now we need to enable the IPv6 address family under the VRF, just like we did for IPv4.
LISP_R4_MP_MR(config)# vrf definition lisp
LISP_R4_MP_MR(config-vrf)# rd 1:1
LISP_R4_MP_MR(config-vrf)# address-family ipv6
LISP_R4_MP_MR(config-vrf-af)# exit-address-family
Now enable LISP to be a map-server and resolver for IPv6
LISP_R4_MP_MR(config)# ipv6 lisp map-server
LISP_R4_MP_MR(config)# ipv6 lisp map-resolver
And just like IPv4, we need to add the IPv6 networks for the mappings for Site A and Site B
LISP_R4_MP_MR(config)# lisp site Site-A
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 2001:DB8:0:1::/64 accept-more-specifics
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 2001:DB8:0:2::/64 accept-more-specifics
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 2001:DB8:0:3::/64 accept-more-specifics
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 2001:DB8:0:25::/64 accept-more-specifics
LISP_R4_MP_MR(config)# lisp site Site-B
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 2001:DB8:0:1001::/64 accept-more-specifics
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 2001:DB8:0:1002::/64 accept-more-specifics
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 2001:DB8:0:1003::/64 accept-more-specifics
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 2001:DB8:0:1036::/64 accept-more-specifics

That is all that is necessary on R4 in order for LISP.  Just to prove there is no IPv6 configured:
LISP_R4_MP_MR# sh ipv int br
GigabitEthernet0/0         [up/up]
unassigned

Now, lets to the other two routers that are not part of LISP, namely R5 and R6.

R5 first

First we will enable IPv6 routing
LISP_R5(config)# ipv6 unicast-routing
Configure and enable IPv6 OSPF process 1
LISP_R5(config)# ipv6 router ospf 1
LISP_R5(config-rtr)# log-adjacency-changes
Now we can assign our IPv6 addresses to our existing Loopback addresses and place these interfaces into OSPF PID 1 Area 0
LISP_R5(config)# interface Loopback1
LISP_R5(config-if)# ipv6 address 2001:DB8:0:1::5/64
LISP_R5(config-if)# ipv6 ospf 1 area 0
LISP_R5(config)# interface Loopback2
LISP_R5(config-if)# ipv6 address 2001:DB8:0:2::5/64
LISP_R5(config-if)# ipv6 ospf 1 area 0
LISP_R5(config)#  interface Loopback3
LISP_R5(config-if)# ipv6 address 2001:DB8:0:3::5/64
LISP_R5(config-if)# ipv6 ospf 1 area 0
LISP_R5(config)# interface FastEthernet0/1
LISP_R5(config-if)# ipv6 address 2001:DB8:0:25::5/64
LISP_R5(config-if)# ipv6 ospf 1 area 0

That is all that is needed for R5.  The reason we created an OSPF process is so that we can learn an IPv6 default ( ::/0 ) route from R2

now R6

Just like R5, we will enable IPv6 routing.
LISP_R6(config)# ipv6 unicast-routing
Then create the IPv6 OSPF Process 1
LISP_R6(config)# ipv6 router ospf 1
LISP_R6(config-rtr)# log-adjacency-changes
Now we will assign the IPv6 addresses to the interfaces as well as place the interfaces in IPv6 OSPF Process ID 1, Area 0
LISP_R6(config)# interface Loopback1
LISP_R6(config-if)# ipv6 address 2001:DB8:0:1001::6/64
LISP_R6(config-if)# ipv6 ospf 1 area 0
LISP_R6(config)# interface Loopback2
LISP_R6(config-if)# ipv6 address 2001:DB8:0:1002::6/64
LISP_R6(config-if)# ipv6 ospf 1 area 0
LISP_R6(config)# interface Loopback3
LISP_R6(config-if)# ipv6 address 2001:DB8:0:1003::6/64
LISP_R6(config-if)# ipv6 ospf 1 area 0
LISP_R6(config)# interface GigabitEthernet0/1
LISP_R6(config-if)# ipv6 address 2001:DB8:0:1036::6/64
LISP_R6(config-if)# ipv6 ospf 1 area 0

Again, that is all for R6.  And just like R5, we created OSPF so that we can learn an IPv6 default ( ::/0 ) route from R3

So, now we can configure our xTR routers – R2 and R3.  R2 first

R2
Again, we need to enable IPv6 on these devices
LISP_R2(config)# ipv6 unicast-routing
Now we create the IPv6 OSPF process and configure it to generate the default route ( ::/0 ) to R5
LISP_R2(config)# ipv6 router ospf 1
LISP_R2(config-rtr)# default-information originate always
There are no configuration changes on G0/0, it maintains its IPv4 address – there is NO IPv6 configured on this interface.
LISP_R2(config)# interface GigabitEthernet0/0
Now we can configure the EID side of the network with IPv6 and place the interface into IPv6 OSPF PID 1, Area 0
LISP_R2(config)# interface GigabitEthernet0/1
LISP_R2(config-if)# ipv6 address 2001:DB8:0:25::2/64
LISP_R2(config-if)# ipv6 ospf 1 area 0
Now we can configure this device to be an xTR and the associated LISP map-resolver and LISP map-server
LISP_R2(config)# ipv6 lisp itr
LISP_R2(config)# ipv6 lisp itr map-resolver 10.1.14.4
LISP_R2(config)# ipv6 lisp etr
LISP_R2(config)# ipv6 lisp etr map-server 10.1.14.4 key Fryguy
Now we have to tell the MR/MS what EIDs are reachable via our RLOC interface
LISP_R2(config)# ipv6 lisp database-mapping 2001:DB8:0:1::/64 IPv4-interface GigabitEthernet0/0 priority 1 weight 100
LISP_R2(config)# ipv6 lisp database-mapping 2001:DB8:0:2::/64 IPv4-interface GigabitEthernet0/0 priority 1 weight 100
LISP_R2(config)# ipv6 lisp database-mapping 2001:DB8:0:3::/64 IPv4-interface GigabitEthernet0/0 priority 1 weight 100
LISP_R2(config)# ipv6 lisp database-mapping 2001:DB8:0:25::/64 IPv4-interface GigabitEthernet0/0 priority 1 weight 100

Now onto R3
R3
Like all the other routes, we will enable IPv6
LISP_R3(config)# ipv6 unicast-routing
…and configure OSPF PID 1. Again, configuring the router to generate the ::/0 route for R6
LISP_R3(config)# ipv6 router ospf 1
LISP_R3(config-rtr)# default-information originate always
Now we an configure the IPv6 side of the router, and as with all the other routers, place the interface into OSPF
LISP_R3(config)# interface GigabitEthernet0/0
LISP_R3(config-if)# ipv6 address 2001:DB8:0:1036::3/64
LISP_R3(config-if)# ipv6 ospf 1 area 0
Again, we do not make any changes to the LISP RLOC interface, no IPv6 on this interface!
LISP_R3(config)# interface GigabitEthernet0/1
Now we can configure the router to be an xTR with the MS/MR of 10.1.14.4
LISP_R3(config)# ipv6 lisp itr
LISP_R3(config)# ipv6 lisp itr map-resolver 10.1.14.4
LISP_R3(config)# ipv6 lisp etr
LISP_R3(config)# ipv6 lisp etr map-server 10.1.14.4 key Fryguy
And now all the database mappings for the EIDs that are reachable via the RLOC interface
LISP_R3(config)# ipv6 lisp database-mapping 2001:DB8:0:1000::/54 IPv4-interface GigabitEthernet0/1 priority 1 weight 100
LISP_R3(config)# ipv6 lisp database-mapping 2001:DB8:0:1001::/64 IPv4-interface GigabitEthernet0/1 priority 1 weight 100
LISP_R3(config)# ipv6 lisp database-mapping 2001:DB8:0:1002::/64 IPv4-interface GigabitEthernet0/1 priority 1 weight 100
LISP_R3(config)# ipv6 lisp database-mapping 2001:DB8:0:1003::/64 IPv4-interface GigabitEthernet0/1 priority 1 weight 100
LISP_R3(config)# ipv6 lisp database-mapping 2001:DB8:0:1036::/64 IPv4-interface GigabitEthernet0/1 priority 1 weight 100

So, now that everything is configured, lets do a PING from R5 Loopback1 to R6 Loopback1
LISP_R5# ping ipv6 2001:DB8:0:1001::6 source loopback 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1001::6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
LISP_R5#

There we go, it worked!  LISP allowed us to encapsulate the IPv6 packet within IPv4 without have to configure 6to4 tunnels and such.
Why?  Well, LISP encapsulate the original packet when it goes from one RLOC to the other RLOC 🙂

Now that we have that all configured and tested, lets look at the output from R4 using a the command sh lisp site summary. As you will see, we now have 4 configured networks for IPv6 and 4 registered.  Our IPv4 routes and networks are still there from before, none of that changed.
LISP_R4_MP_MR# sh lisp site summary

…………………….———– IPv4 ———–……….———– IPv6 ———–
Site name……….Configured Registered Incons Configured Registered Incons
Site-A…………………………2……………2……….0……………4…………….4……….0
Site-B…………………………2…………….2……….0…………..4…………….4……….0

Number of configured sites:……………………..2
Number of registered sites:………………………2
Sites with inconsistent registrations:………….0
IPv4
..Number of configured EID prefixes:…………..4
..Number of registered EID prefixes:……………4
IPv6
..Number of configured EID prefixes:…………..8
..Number of registered EID prefixes:……………8
LISP_R4_MP_MR#

Now we can look at the output from show lisp site to see what networks are registered.  As you can see, both IPv4 and Ipv6 networks are listed with their perspective RLOC routers.

LISP_R4_MP_MR# sh lisp site
LISP Site Registration Information

Site Name      Last      Up   Who Last             Inst     EID Prefix
Register       Registered           ID
Site-A         00:00:02  yes  10.1.12.2                     150.1.25.0/24
…………….00:00:02  yes  10.1.12.2                     150.1.125.0/24
……………. 00:00:07  yes  10.1.12.2                     2001:DB8:0:1::/64
……………. 00:00:07  yes  10.1.12.2                     2001:DB8:0:2::/64
……………. 00:00:07  yes  10.1.12.2                     2001:DB8:0:3::/64
……………. 00:00:07  yes  10.1.12.2                     2001:DB8:0:25::/64
Site-B         00:00:53  yes  10.1.13.3                     150.1.36.0/24
……………. 00:00:53  yes  10.1.13.3                     150.1.136.0/24
……………. 00:00:10  yes  10.1.13.3                     2001:DB8:0:1001::/64
……………. 00:00:10  yes  10.1.13.3                     2001:DB8:0:1002::/64
……………. 00:00:10  yes  10.1.13.3                     2001:DB8:0:1003::/64
……………. 00:00:10  yes  10.1.13.3                     2001:DB8:0:1036::/64
LISP_R4_MP_MR#

Now, just like I did for the IPv4 only lab, here is the debug output from debug lisp control-plane all. If you need an explanation, just refer to the prior post please.

LISP_R2# debug lisp control-plane all
LISP_R2#
*Apr  8 22:18:21.098: LISP: Processing data signal for EID prefix 2001:DB8:0:1001::6/128
*Apr  8 22:18:21.098: LISP: Remote EID prefix 2001:DB8:0:1001::6/128, Change state to incomplete (method: data-signal, state: unknown, rlocs: 0).
*Apr  8 22:18:21.098: LISP: Remote EID prefix 2001:DB8:0:1001::6/128, Scheduling map requests (incomplete) (method: data-signal, state: incomplete, rlocs: 0).
*Apr  8 22:18:21.130: LISP: Send map request for EID prefix 2001:DB8:0:1001::6/128
*Apr  8 22:18:21.130: LISP: Remote EID prefix 2001:DB8:0:1001::6/128, Send map request (1) (method: data-signal, state: incomplete, rlocs: 0).
*Apr  8 22:18:21.130: LISP: AF IPv6, Sending map-request from 2001:DB8:0:25::2 to 2001:DB8:0:1001::6 for EID 2001:DB8:0:1001::6/128, ITR-RLOCs 1, nonce 0xC4B2E8BE-0x4DCA442F (encap src 10.1.12.2, dst 10.1.14.4).
*Apr  8 22:18:21.130: LISP: Processing received Map-Reply message from 10.1.13.3 to 10.1.12.2
*Apr  8 22:18:21.130: LISP: Received map reply nonce 0xC4B2E8BE-
LISP_R2#0x4DCA442F, records 1
*Apr  8 22:18:21.130: LISP: Map Request prefix 2001:DB8:0:1001::6/128 remote EID prefix, Received reply with rtt 0ms.
*Apr  8 22:18:21.130: LISP: Processing mapping information for EID prefix 2001:DB8:0:1001::/64
*Apr  8 22:18:21.130: LISP: Remote EID prefix 2001:DB8:0:1001::/64, Change state to complete (method: map-reply, state: unknown, rlocs: 0).
*Apr  8 22:18:21.130: LISP: Remote EID prefix 2001:DB8:0:1001::/64, Starting idle timer (method: map-reply, state: complete, rlocs: 0).
*Apr  8 22:18:21.130: LISP: Remote EID prefix 2001:DB8:0:1001::6/128, Change state to deleted (method: data-signal, state: incomplete, rlocs: 0).
*Apr  8 22:18:21.134: LISP: Remote EID prefix 2001:DB8:0:1001::/64, Recalculated RLOC status bits from 0x0 to 0x1 (method: map-reply, state: complete, rlocs: 1).
*Apr  8 22:18:21.134: LISP RIB_RWATCH: (default:ipv4:base) T 10.1.13.3/32 EVENT Track start
*Apr  8 22:18:21.134: LISP RIB_RWATCH: (default:ipv4:base) N 10.1.13.3/32 Adding track
*Apr  8 22:18:21.134: LISP RIB_RWATCH: (default:ipv4:base) N 10.1.13.3/32 QP Schedule query
*Apr  8 22:18:21.134: LISP RIB_RWATCH: (default:ipv4:base) T 10.1.13.3/32 EVENT Query found route
*Apr  8 22:18:21.134: LISP RIB_RWATCH: (default:ipv4:base) R 10.0.0.0/8  d=1 p=1 -> 10.1.12.1 (base) 0 Updating
*Apr  8 22:18:21.134: LISP RIB_RWATCH: Adding to client notification queue
*Apr  8 22:18:21.134: LISP: Remote EID prefix 2001:DB8:0:1001::/64 locator 10.1.13.3 priority 1 weight 100, Added locator (method: map-reply, state: complete, rlocs: 1).
*Apr  8 22:18:21.134: LISP RIB_RWATCH: (default:ipv4:base) W 10.1.13.3/32 c=0x69B38AB8 Client notified reachable
LISP_R2#
LISP_R2#

Now from R5 I will ping the rest of the IPv6 interfaces on R6:

LISP_R5# ping ipv6 2001:DB8:0:1002::6 source loopback 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1002::6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
LISP_R5# ping ipv6 2001:DB8:0:1003::6 source loopback 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:0:1003::6, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
LISP_R5#

This way we can now look at the R2 LISP Map Cache

LISP_R2# sh ipv6 lisp map-cache
LISP IPv6 Mapping Cache, 4 entries

::/0, uptime: 00:11:01, expires: never, via static
Negative cache entry, action: send-map-request
2001:DB8:0:1001::/64, uptime: 00:10:50, expires: 23:49:02, via map-reply, complete
Locator    Uptime    State      Pri/Wgt
10.1.13.3 00:10:50  up           1/100
2001:DB8:0:1002::/64, uptime: 00:00:07, expires: 23:59:45, via map-reply, complete
Locator    Uptime    State      Pri/Wgt
10.1.13.3 00:00:07  up           1/100
2001:DB8:0:1003::/64, uptime: 00:00:02, expires: 23:59:50, via map-reply, complete
Locator    Uptime    State      Pri/Wgt
10.1.13.3 00:00:02  up           1/100
LISP_R2#

As you can see, all the IPv6 routes are reachable via 10.1.13.3 – an IPv4 address 🙂

Here are the configs for the routers

R1
R2
R3
R4
R5
R6

LISP – Locator Identifier Separation Protocol (Say what?)

In Why not? on April 7, 2011 at 10:57

Recently I have been working on a crazy busy project at work as well as preparing for the CCIE SP lab (did not pass).  Well now that is all behind me so I figured I would take some personal time and play with some technology that I have read about, talked about, and even sat through presentations at Cisco Live (aka Networkers) in the past.  What is this technology that has me so interested you might ask.  Well, its LISP – Locator Identifier Separation Protocol (ietf draft can be found here – http://tools.ietf.org/pdf/draft-ietf-lisp-11.pdf).  The next question you may have is why does this interest me?  To be honest, I have no idea – just thought it was a nifty idea.

So, what is LISP?  The easiest way to explain it is to give you a common analogy that we all understand, DNS.  When a user wants to access a website – in this case – blog.fryguy.net, they send a DNS query to the configured DNS server.  The DNS servers then resolves that DNS name to an IP address – 76.74.254.123 – and sends that back to the client.  The client web application then makes a connection to the web server and retrieves the website.

Well, in LISP a very similar thing happens.  If a router needs to send a packet to 76.74.254.123, and that route is not in the local routing table – it sends a query to the LISP Map Resolver.  The LISP Map Resolver then looks at its database and tells the router that the network can be reached via 4.71.170.2.  The router then sends a LISP encapsulated packet to 4.71.170.2 to be then forwarded onto its ultimate destination.

That is a very simple explanation on how it works, and one that I hope most networking folks should be able to understand.  Now lets take it a step further – and think about moving a device around, yet keeping the same IP address (think vmotion).  If you are registering a device location with a server, you can then move that device around and the mapping server will be able to redirect you to the correct site.  There are other things that LISP can do, but I will save the IPv6 one for a future post.

We have host 100.100.100.100/32, called an EID – Endpoint Identifier – that is sitting behind Router A. Router A will register that network, or host in this case, with the LISP Map Server.  It will say to get to the EID prefix of 100.100.100.100/32, send the packet to Router A.  We also have another EID at 200.200.200.200/32 that is sitting behind Router B.  Router B will also register  with the LISP Map Server that host 200.200.200.200/32 is reachable via Router B.  So if 200.200.200.200/32 wants to talk to 100.100.100.100/32, it will send the packet to Router B – Router B will then ask the LISP Mapping Server how to get to 100.100.100.100/32.  The LISP Map server will respond – to get to 100.100.100.100/32, send the packet to Router A.  Router B would then in turn send the packet to Router A, who will then process the packet and forward it onto 100.100.100.100/32.

Now what happens if we move 100.100.100.100/32 to Site C?  In a normal network, we would have to change the IP address of the host to a network that is reachable via Router C.  You typically cannot advertise the same network from two sites and expect things to work correctly.  But with LISP, you can move the host around and not change the IP address.  Why?  Well, the Mapping server is what tells the routers who want to talk to 100.100.100.100/32 how to get to the host.

So lets move 100.100.100.100/32 to a location in Site-C behind Router C.  Router C would then register with the LISP Map server that 100.100.100.100/32 is now reachable via Router C.  The next time that 200.200.200.200/32 goes to talk to 100.100.100.100/32, Router B will query the LISP Map Server who will then tell it, to get to 100.100.100.100/32, send the packet to Router C for processing.

Another use case could be with a multi-homed site, like the picture below.  Typically with BGP you can only “recommend” an ingress point into your network, you have no way of guaranteeing the traffic will only flow into Router B from your upstream ISP.  Sure, you can prepend AS numbers; tweak the mutli-exit discriminator (MED), etc – but it is only a suggestion to your upstream ISP. So what can LISP do for us here?  Easy, you can set a priority to the mapping on the LISP server.  You can say that Router A has a higher priority for ingress traffic then Router B.  The LISP server will then return the path with the lowest Priority listed is the preferred route.  This will help to make sure that the traffic is flowing inbound the way that you want it to.

So lets list out some of the components of a LISP environment:

  • ITR – Ingress Tunnel Router
  • ETR – Egress Tunnel Router
  • EID – End Point Identifier
  • RLOC – Routing Locator
  • MS – Map Server
  • MR – Map Resolver
  • DFZ – Default Free Zone
  • LISP-ALT – LISP – Alternative Logical Toplogy

The Ingress Tunnel Router (ITR) is a router that is deployed as a LISP edge device.  It receives packets from the internal hosts and encapsulates packets to remote LISP sites, or if necessary, forwards packets natively to non-LISP sites. The Egress Tunnel Router (ETR) is a router that is also deployed as a LISP edge device.  It receives packets from external hosts and decapsulates the LISP packets and delivers them to internal hosts (EID)s.  Typically the ITR and ETR are the same devices, so you will commonly see xTR listed for these devices.  An Endpoint Identifier is a host or network behind the xTR device.

The Routing Locator (RLOC) is the outside IP address of the ETR.  When the EID is registered with the mapping server, this is the address that is provided for reach-ability to the EID.  The Map Server (MS) is a critical component that learns EID-to-RLOC mappings, analogous to registering you FQDN and IP to a DNS server, from the ETR.  The Map Resolver (MR) is the server that handles the queries from the ETR for RLOC to EID mappings.  This, again, is analogous to DNS lookup for name to IP address mappings.  The last item I have in that list is DFZ .  The Default Free Zone (DFZ) is a network with no default-route in it, basically you can think of this as the Internet – there is no default route there, the only routes that are reachable are advertised. There are other components as well, but these are the ones that are typically mentioned.  If you can understand what these do, if we add a P for Proxy in front of some of the acronyms (PETR or PITR), you can probably figure out what it is doing and what it means.

When it comes to the LISP – Alternate Logical Topology (LISP-ALT), this is the mapping mechanism that Cisco is supporting.  It is a hybrid push/pull architecture that aggregates EID prefixes that are “pushed”, and may push that information to other ITR routers.  EID-to-RLOC mappings are “pulled” by the ITR when an explicit request is made or triggered.  Basically it seems to be a way to keep the cache on the xTRs up to date with changes.  At least that is what I gather from the information.
So that is a brief overview of what LISP is and does, now lets get to the fun part.  I did a lab based on the information found at lisp4.cisco.com, with some tweaks and plays.  Here is the topology that I am using:

Routers R1, R2, R3, and R4 are all Cisco 3845 ISR routers; R2, R3 and R5 running 15.1(1)XB3 IP BaseK9 code while R1 is running 12.4x code.  The reason R1 is not running 15.x code is insufficient memory and also 12.4 code does not have LISP support, so we can be sure that LISP is transparent to non-LISP devices.  R5 is a 2621XM and R6 is a 3825 router running 12.xIOS code.  The IOS code on these does not matter, for all intense purposes they can be computers, iDevices, etc as they are  the EIDs in this network.  For R1 I had limited Ethernet ports, so in order to save cabling, I trunked the VLANs for R2 and R3 onto the G0/0 interface.

So lets start the fun stuff, the configuration!

Router/Switch Output
Commands
Notes

We will start with R1 as it is the core of the network in the diagram. Nothing fancy going on here, just basic router interface config.  No routing protocols, no default routes, just interfaces with IP addresses. From there we will continue onto R5 and R6 as these are just EID devices – they have no LISP configurations on them, just simple routers.

First R1:
LISP_R1# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
LISP_R1(config)# interface GigabitEthernet0/0
LISP_R1(config-if)# desc [—-[ Connection to R2 and R3 via dot1q ]—-]
LISP_R1(config-if)# no ip address
LISP_R1(config-if)# no shut
LISP_R1(config)# interface GigabitEthernet0/0.12
LISP_R1(config)# desc [—-[ Connection to R2 via VLAN 12 ]—-]
LISP_R1(config-if)# encapsulation dot1Q 12
LISP_R1(config-if)# ip address 10.1.12.1 255.255.255.0
LISP_R1(config)# interface GigabitEthernet0/0.13
LISP_R1(config-if)# desc [—-[ Connection to R3 via VLAN 13 ]—-]
LISP_R1(config-if)# encapsulation dot1Q 13
LISP_R1(config-if)# ip address 10.1.13.1 255.255.255.0
LISP_R1(config)# interface GigabitEthernet0/1
LISP_R1(config-if)# desc [—-[ Connection to R4 – LISP MR-MS Server ]—-]
LISP_R1(config-if)# ip address 10.1.14.1 255.255.255.0
LISP_R1(config-if)# no shut
LISP_R1(config)# exit
LISP_R1#

As you can see with R1, there is nothing fancy here at all.  Just a basic router config with a dot1q trunk (due to limited interfaces :)).  There are no dynamic or static routes, only connected:
LISP_R1# sh ip route

Gateway of last resort is not set
10.0.0.0/24 is subnetted, 3 subnets
C       10.1.14.0 is directly connected, GigabitEthernet0/1
C       10.1.13.0 is directly connected, GigabitEthernet0/0.13
C       10.1.12.0 is directly connected, GigabitEthernet0/0.12
LISP_R1#

Now, we can do R5:
LISP_R5#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
LISP_R5(config)# interface Loopback1
LISP_R5(config-if)# ip address 150.1.125.1 255.255.255.255
LISP_R5(config)# interface Loopback2
LISP_R5(config-if)# ip address 150.1.125.2 255.255.255.255
LISP_R5(config)# interface Loopback3
LISP_R5(config-if)# ip address 150.1.125.3 255.255.255.255
LISP_R5(config)# interface FastEthernet0/1
LISP_R5(config-if)# ip address 150.1.25.5 255.255.255.0
LISP_R5(config)# no shut
LISP_R5(config)# router ospf 1
LISP_R5(config-router)# network 150.1.25.0 0.0.0.255 area 0
LISP_R5(config-router)# network 150.1.125.0 0.0.0.255 area 0
LISP_R5(config)# exit
LISP_R5#

Now with R5 we have a few loopback interafces configured as well.  These loopback interfaces as the EID devices for this lab so that we can demonstrate connectivity.  We have configured a dynamic routing protocol, OSPF, so that this router can learn a default route from R2. Since R2 is not configured yet, we are not learning the default route from R2.

LISP_R5# sh ip route
Gateway of last resort is not set

150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       150.1.25.0/24 is directly connected, FastEthernet0/1
C       150.1.125.2/32 is directly connected, Loopback2
C       150.1.125.3/32 is directly connected, Loopback3
C       150.1.125.1/32 is directly connected, Loopback1
LISP_R5#

and finally R6:
LISP_R6# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
LISP_R6(config)# interface Loopback1
LISP_R6(config)# ip address 150.1.136.1 255.255.255.255
LISP_R6(config)# interface Loopback2
LISP_R6(config)# ip address 150.1.136.2 255.255.255.255
LISP_R6(config)# interface Loopback3
LISP_R6(config)# ip address 150.1.136.3 255.255.255.255
LISP_R6(config)# interface GigabitEthernet0/1
LISP_R6(config)# ip address 150.1.36.6 255.255.255.0
LISP_R6(config)# router ospf 1
LISP_R6(config)# network 150.1.36.0 0.0.0.255 area 0
LISP_R6(config)# network 150.1.136.0 0.0.0.255 area 0
LISP_R6(config)# exit
LISP_R6#

Now with R6, like R5, we have a few loopback interafces configured as well.  These loopback interfaces as the EID devices for this lab so that we can demonstrate connectivity.  We have configured a dynamic routing protocol, OSPF, so that this router can learn a default route from R3. Since R3 is not configured yet, we are not learning the default route from R3.

LISP_R6# sh ip route
Gateway of last resort is not set

150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       150.1.136.3/32 is directly connected, Loopback3
C       150.1.136.2/32 is directly connected, Loopback2
C       150.1.136.1/32 is directly connected, Loopback1
C       150.1.36.0/24 is directly connected, GigabitEthernet0/1
LISP_R6#

So that covers all the non-LISP routers in the diagram, now lets move onto R4, the LISP Mapping server in this topology and I will discuss the configuration in-line with the config.

R4:
LISP_R4_MP_MR# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
First we can configure the interface that connects R4 to R1
LISP_R4_MP_MR(config)# interface GigabitEthernet0/0

LISP_R4_MP_MR(config-if)# ip address 10.1.14.4 255.255.255.0
LISP_R4_MP_MR(config-if)# no shut
We will add a route to 10.0.0.0/8 network so R4 knows how to talk to R2 and R3.  We are only doing this because we are not running BGP in our core and we need to tell R4 how to talk to the other routers in its network.
LISP_R4_MP_MR(config)# ip route 10.0.0.0 255.0.0.0 10.1.14.1

Now we can configure a VRF for the LISP routes.  If you are wondering why the command is vrf definition, that is because 15.x the command changed from ip vrf. Since we are also only dealing with IPv4 (for now), we need to define the ipv4 address family.
LISP_R4_MP_MR(config)# vrf definition lisp
LISP_R4_MP_MR(config-vrf)# rd 1:1

LISP_R4_MP_MR(config-vrf-af)# address-family ipv4
LISP_R4_MP_MR(config-vrf)# exit-address-family
Now we will define our first LISP site, Site-A.  We will configure our authentication key as well as what EID prefixes are associated with that location.  Here we are configuring some mappings for Site-A as 150.1.25.0/24 and 150.1.125.0/24.
LISP_R4_MP_MR(config)# lisp site Site-A

LISP_R4_MP_MR(config-lisp-site)# description R2 and R5
LISP_R4_MP_MR(config-lisp-site)# authentication-key Fryguy
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 150.1.25.0/24
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 150.1.125.0/24
Now we will define our second LISP site, Site-B.  We will configure our authentication key as well as what EID prefixes are associated with that location.  Here we are configuring some mappings for Site-A as 150.1.36.0/24 and 150.1.136.0/24
LISP_R4_MP_MR(config)# lisp site Site-B
LISP_R4_MP_MR(config-lisp-site)# description R3 and R6
LISP_R4_MP_MR(config-lisp-site)# authentication-key Fryguy
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 150.1.36.0/24
LISP_R4_MP_MR(config-lisp-site)# eid-prefix 150.1.136.0/24
Now we can define this device as a LISP Map Server and Map Resolver
LISP_R4_MP_MR(config)# ip lisp map-server

LISP_R4_MP_MR(config)# ip lisp map-resolver
Now we can enable the ALT service on this router, we just need to tell it what VRF this data will reside in – hence the reason we created the LISP VRF before.
LISP_R4_MP_MR(config)# ip lisp alt-vrf lisp

Now that we have everything configured on R4, we can look at the lisp site summary and check the site configuration.
LISP_R4_MP_MR# sh lisp site summary
———– IPv4 ———–                                              ———– IPv6 ———–
Site name            Configured Registered Incons Configured Registered Incons
Site-A                                       2 0            0                     0                    0          0
Site-B                                        2 0            0                    0                     0         0

Number of configured sites:                     2
Number of registered sites:                     0
Sites with inconsistent registrations:          0
IPv4
Number of configured EID prefixes:            4
Number of registered EID prefixes:            0
LISP_R4_MP_MR#

As you can see, we have 4 EID prefixes configured, but none registered.  There are none registered because R2 and R3 have not been setup yet.  But once they are, R4 will accept the registrations and the numbers will change accordingly. Also notice that the only address family currently listed is IPv4- we have not done any configuration for IPv6 yet under the VRF.

Now R2:
LISP_R2# conf t
Enter configuration commands, one per line.  End with CNTL/Z.
We can start by configuring the ITR and ETR interfaces on the router.  G0/0 is the ETR and G0/1 is the ITR interface.
LISP_R2(config)# interface GigabitEthernet0/0
LISP_R2(config)# desc [—-[ ETR Interface ]—–]
LISP_R2(config-if)# ip address 10.1.12.2 255.255.255.0
LISP_R2(config-if)# no shut
LISP_R2(config)# interface GigabitEthernet0/1
LISP_R2(config)# desc [—-[ ITR Interface ]—–]
LISP_R2(config-if)# ip address 150.1.25.2 255.255.255.0
LISP_R2(config-if)# no shut
Now we can configure a routing protocol (OSPF here) for the ITR side of the network.  This will allow R2 to send R5 a default route via the default-information originate always command.  This is necessary because R5, the EID, does not know about LISP.
LISP_R2(config)# router ospf 1

LISP_R2(config-router)# network 150.1.25.0 0.0.0.255 area 0
LISP_R2(config-router)# default-information originate always
We will now add a static route for the 10/8 network.  This is being added so the router knows how to route to other 10/8 networks. Notice this is not a default route.
LISP_R2(config-router)# ip route 10.0.0.0 255.0.0.0 10.1.12.1

Now we can configure our LISP database mappings, assign the priority for ingress traffic, as well as any weights for load balancing we would like.
LISP_R2(config)# ip lisp database-mapping 150.1.25.0/24 10.1.12.2 priority 1 weight 100
LISP_R2(config)# ip lisp database-mapping 150.1.125.0/24 10.1.12.2 priority 1 weight 100
Next we can configure the LISP map resolver, here it is R4 – 10.1.14.4
LISP_R2(config)# ip lisp itr map-resolver 10.1.14.4

…and we can configure the router as an ingress LISP router (ITR)
LISP_R2(config)# ip lisp itr
Once you enter that command (or if you enter the etr command first), the router will create a LISP interface automagically

*Apr  7 13:07:01.127: %LINEPROTO-5-UPDOWN: Line protocol on Interface LISP0, changed state to up
Now we can configure the egress map-server so we know who to register with, again R4 at 10.1.14.4 and the appropriate password.
LISP_R2(config)# ip lisp etr map-server 10.1.14.4 key Fryguy

…and finally enable this router as an egress router for LISP (ETR)
LISP_R2(config)# ip lisp etr

and finally R3:
We will configure this just like R2, just change the networks where necessary.
R3_LISP# conf t

Enter configuration commands, one per line.  End with CNTL/Z.
R3_LISP(config)# interface GigabitEthernet0/0
LISP_R3(config)#
desc [—-[ ITR Interface ]—–]
LISP_R3(config-if)# ip address 150.1.36.3 255.255.255.0
LISP_R3(config-if)# no shut
LISP_R3(config)# interface GigabitEthernet0/1
LISP_R3(config)#
desc [—-[ ETR Interface ]—–]
LISP_R3(config-if)# ip address 10.1.13.3 255.255.255.0
LISP_R3(config-if)# no shut
LISP_R3(config)# router ospf 1
LISP_R3(config-router)# network 150.1.36.3 0.0.0.0 area 0
LISP_R3(config-router)# default-information originate always
LISP_R3(config)# ip route 10.0.0.0 255.0.0.0 10.1.13.1
LISP_R3(config)# ip lisp database-mapping 150.1.36.0/24 10.1.13.3 priority 1 weight 100
LISP_R3(config)# ip lisp database-mapping 150.1.136.0/24 10.1.13.3 priority 1 weight 100
LISP_R3(config)# ip lisp itr map-resolver 10.1.14.4
LISP_R3(config)# ip lisp itr
*Apr  7 13:08:01.127: %LINEPROTO-5-UPDOWN: Line protocol on Interface LISP0, changed state to up
LISP_R3(config)# ip lisp etr map-server 10.1.14.4 key Fryguy

LISP_R3(config)# ip lisp etr

Ok, whew, configs are done.  So, now what does all this actually look like?  First we can take a look at the routing tables on R5 and R6

R5:
LISP_R5# sh ip route
Gateway of last resort is 150.1.25.2 to network 0.0.0.0

150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       150.1.25.0/24 is directly connected, FastEthernet0/1
C       150.1.125.2/32 is directly connected, Loopback2
C       150.1.125.3/32 is directly connected, Loopback3
C       150.1.125.1/32 is directly connected, Loopback1
O*E2 0.0.0.0/0 [110/1] via 150.1.25.2, 00:12:37, FastEthernet0/1
LISP_R5#

R6:
LISP_R6# sh ip route
Gateway of last resort is 150.1.36.3 to network 0.0.0.0

150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       150.1.136.3/32 is directly connected, Loopback3
C       150.1.136.2/32 is directly connected, Loopback2
C       150.1.136.1/32 is directly connected, Loopback1
C       150.1.36.0/24 is directly connected, GigabitEthernet0/1
O*E2 0.0.0.0/0 [110/1] via 150.1.36.3, 00:01:18, GigabitEthernet0/1
LISP_R6#

As we can see, they both have only the locally connected routes (C) as well as a default route from R2 and R3 prospectively.  The default route is only being propagated as these are EID devices, so they are not aware of anything outside their routing domain.

So lets take a look at the routing table on R2:
LISP_R2# sh ip route
Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S        10.0.0.0/8 [1/0] via 10.1.12.1
C        10.1.12.0/24 is directly connected, GigabitEthernet0/0
L        10.1.12.2/32 is directly connected, GigabitEthernet0/0
150.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
C        150.1.25.0/24 is directly connected, GigabitEthernet0/1
L        150.1.25.2/32 is directly connected, GigabitEthernet0/1
O        150.1.125.1/32 [110/11] via 150.1.25.5, 02:51:12, GigabitEthernet0/1
O        150.1.125.2/32 [110/11] via 150.1.25.5, 02:51:12, GigabitEthernet0/1
O        150.1.125.3/32 [110/11] via 150.1.25.5, 02:51:12, GigabitEthernet0/1
LISP_R2#

So we see we do not have a default route (default-free zone – DFZ), we have learned the EID routes from R5, we have a static for the 10/8 network that we configured, and we know about the connected routes.  That is all that we have.  There are no routes for R6 on this router.

Now lets look at R3’s routing table as well:
R3_LISP# sh ip route
Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S        10.0.0.0/8 [1/0] via 10.1.13.1
C        10.1.13.0/24 is directly connected, GigabitEthernet0/1
L        10.1.13.3/32 is directly connected, GigabitEthernet0/1
150.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
C        150.1.36.0/24 is directly connected, GigabitEthernet0/0
L        150.1.36.3/32 is directly connected, GigabitEthernet0/0
O        150.1.136.1/32 [110/11] via 150.1.36.6, 1d03h, GigabitEthernet0/0
O        150.1.136.2/32 [110/11] via 150.1.36.6, 1d03h, GigabitEthernet0/0
O        150.1.136.3/32 [110/11] via 150.1.36.6, 1d03h, GigabitEthernet0/0
R3_LISP#

Again, do not have a default route (default-free zone – DFZ), we have learned the EID routes from R6, we have a static for the 10/8 network that we configured, and we know about the connected routes.  That is all that we have.  There are no routes for R5 on this router.

So, by all logical means R5 and R6 should NOT have connectivity.  Well, we can test that by PINGing R6 from R5’s loopback 1 IP address:
LISP_R5# ping 150.1.136.1 source loopback 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.136.1, timeout is 2 seconds:
Packet sent with a source address of 150.1.125.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
LISP_R5#

Hey, it worked!  How does that happen? Did that route show up in R2 suddenly? Let’s check:

LISP_R2# sh ip route 150.1.136.1
% Subnet not in table
LISP_R2#

Nope, not there! So how did that work? Well, lets turn on a debug on R2 and try that again

LISP_R2# debug lisp control-plane all

LISP_R5# ping 150.1.136.1 source loopback 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.136.1, timeout is 2 seconds:
Packet sent with a source address of 150.1.125.1
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/2/4 ms
LISP_R5#

…and scrolled on the R2 console we see a whole bunch of the messages that are displayed below. I have commented on about the interesting lines and put in appropriate explanations.

LISP_R2# debug lisp control-plan all
All LISP control debugging is on
So here we get a request to connect to 150.1.136.1/32.
*Apr  7 03:29:33.571: LISP: Processing data signal for EID prefix 150.1.136.1/32

We notice that we do not have a route (incomplete),
*Apr  7 03:29:33.571: LISP: Remote EID prefix 150.1.136.1/32, Change state to incomplete (method: data-signal, state: unknown, rlocs: 0).
…so we schedule and send a map request.
*Apr  7 03:29:33.571: LISP: Remote EID prefix 150.1.136.1/32, Scheduling map requests (incomplete) (method: data-signal, state: incomplete, rlocs: 0).
..and we send that request to 10.1.14.4
*Apr  7 03:29:33.607: LISP: Send map request for EID prefix 150.1.136.1/32

*Apr  7 03:29:33.607: LISP: Remote EID prefix 150.1.136.1/32, Send map request (1) (method: data-signal, state: incomplete, rlocs: 0).
*Apr  7 03:29:33.607: LISP: AF IPv4, Sending map-request from 150.1.25.2 to 150.1.136.1 for EID 150.1.136.1/32, ITR-RLOCs 1, nonce 0xFE068986-0xFE4F94B7 (encap src 10.1.12.2, dst 10.1.14.4).
We received a Map-Reply message that tells us to talk to 10.1.13.3 for that route
*Apr  7 03:29:33.607: LISP: Processing received Map-Reply message from 10.1.13.3 to 10.1.12.2

*Apr  7 03:29:33.607: LISP: Received map reply nonce 0xFE068986-0xFE4F94B7, records 1
*Apr  7 03:29:33.607: LISP: Map Request prefix 150.1.136.1/32 remote EID prefix, Received reply with rtt 0ms.
*Apr  7 03:29:33.607: LISP: Processing mapping information for EID prefix 150.1.136.0/24
*Apr  7 03:29:33.607: LISP: Remote EID prefix 150.1.136.0/24, Change state to complete (method: map-reply, state: unknown, rlocs: 0).
*Apr  7 03:29:33.607: LISP: Remote EID prefix 150.1.136.0/24, Starting idle timer (method: map-reply, state: complete, rlocs: 0).
*Apr  7 03:29:33.607: LISP: Remote EID prefix 150.1.136.1/32, Change state to deleted (method: data-signal, state: incomplete, rlocs: 0).
*Apr  7 03:29:33.607: LISP: Remote EID prefix 150.1.136.0/24, Recalculated RLOC status bits from 0x0 to 0x1 (method: map-reply, state: complete, rlocs: 1).
*Apr  7 03:29:33.607: LISP RIB_RWATCH: (default:ipv4:base) T 10.1.13.3/32 EVENT Track start
*Apr  7 03:29:33.607: LISP RIB_RWATCH: (default:ipv4:base) N 10.1.13.3/32 Adding track
*Apr  7 03:29:33.607: LISP RIB_RWATCH: (default:ipv4:base) N 10.1.13.3/32 QP Schedule query
*Apr  7 03:29:33.607: LISP RIB_RWATCH: (default:ipv4:base) T 10.1.13.3/32 EVENT Query found route
*Apr  7 03:29:33.607: LISP RIB_RWATCH: (default:ipv4:base) R 10.0.0.0/8  d=1 p=1 -> 10.1.12.1 (base) 0 Updating
*Apr  7 03:29:33.607: LISP RIB_RWATCH: Adding to client notification queue
..and now we add it to our LISP cache on the router so we do not have to requery (think DNS caching)
*Apr  7 03:29:33.607: LISP: Remote EID prefix 150.1.136.0/24 locator 10.1.13.3 priority 1 weight 100, Added locator (method: map-reply, state: complete, rlocs: 1).
*Apr  7 03:29:33.607: LISP RIB_RWATCH: (default:ipv4:base) W 10.1.13.3/32 c=0x705AAD20 Client notified reachable
LISP_R2#

As you can see, all that took place in less then a second!

Now if we go back to R2 and look at the lisp map-cache we will see what we have an entry for the 150.1.136.0/24 network that tells us to talk to 10.1.13.3
LISP_R2# sh ip lisp map-cache
LISP IPv4 Mapping Cache, 2 entries

0.0.0.0/0, uptime: 00:07:08, expires: never, via static
Negative cache entry, action: send-map-request
150.1.136.0/24, uptime: 00:06:56, expires: 23:52:56, via map-reply, complete
Locator    Uptime    State      Pri/Wgt
10.1.13.3  00:06:56  up           1/100
LISP_R2#

And on R3 we will see a similar output from the show ip lisp map-cache command:
R3_LISP# sh ip lisp map-cache
LISP IPv4 Mapping Cache, 2 entries

0.0.0.0/0, uptime: 00:07:59, expires: never, via static
Negative cache entry, action: send-map-request
150.1.125.0/24, uptime: 00:07:53, expires: 23:51:59, via map-reply, complete
Locator    Uptime    State      Pri/Wgt
10.1.12.2  00:07:53  up           1/100
R3_LISP#

Now lets go to R4 (Mapping Server/Resolver) and see what is there via the show lisp site and show lisp site summary:
LISP_R4_MP_MR# sh lisp site
LISP Site Registration Information

Site Name      Last      Up   Who Last             Inst     EID Prefix
Register          Registered           ID
Site-A              00:00:37  yes  10.1.12.2                     150.1.25.0/24
………………..00:00:37  yes  10.1.12.2                     150.1.125.0/24
Site-B               00:00:01  yes  10.1.13.3                     150.1.36.0/24
………………..00:00:01  yes  10.1.13.3                     150.1.136.0/24
LISP_R4_MP_MR#
LISP_R4_MP_MR#

LISP_R4_MP_MR# sh lisp site summary
———– IPv4 ———–              ———– IPv6 ———–
Site name            Configured Registered Incons Configured Registered Incons
Site-A                                       2                    2             0                    0                     0        0
Site-B                                        2                   2              0                    0                     0        0

Number of configured sites:                     2
Number of registered sites:                     2
Sites with inconsistent registrations:          0
IPv4
Number of configured EID prefixes:            4
Number of registered EID prefixes:            4
LISP_R4_MP_MR#

That is a basic overview of LISP and how it works.  I will admit that I did not talk about LISP encapsulation within the communication between the RLOCs and such, but below is a diagram (from the IETF Draft) of the header packet for the communication.  Since we do need some tunnel headers, and they are prepended to the original packet, so one may need to be cautious of MTU issues.   If you want the details on that, I suggest you read the IETF document as it has all the information contained within it.


Configuration Files for the routers are below, I have tweaked some configs in this blog (Interface descriptions) that are not referenced in the config files below.  Besides that, these are the configs that are on these routers as I write this blog. I suggest your right-click and do Save As as they are all text files.
LISP_R1
LISP_R2
LISP_R3
LISP_R4
LISP_R5
LISP_R6

The Nexus 7009 – and what is this, Nexus 7006?!??!?!?!

In Nexus on April 4, 2011 at 08:00

Since Cisco posted that picture the other day, you know this one:

Well, since that picture was posted there has been some buzz around the chassis in the twitter feeds.  Not much is officially know about this box – but the picture above proves it does exist.  Not only that, I recall seeing a picture from Cisco Live 2011 – London where the EMC booth had one of these Nexus 7009 looking switches in their booth.  Well here is some additional information that I have located using the assumed part number of N7K-C7009

On Cisco’s website they have a MIB posted called CISCO-ENTITY-VENDORTYPE-OID-MIB.my (clicking on that MIB will allow you to view/download it – original link here ).  From what I can gather in the MIB – the Nexus 7009 will have the new Fabric-2 cards, no Fab-1 cards are even listed for this chassis.  When you search the MIB, you can find the following information:

cevChassisN7Kc7009              OBJECT IDENTIFIER ::= { cevChassis 932 }  — N7K-C7009 nexus-9-slot chassis
cevBackplaneN7Kc7009                    OBJECT IDENTIFIER ::= { cevBackplane 57 }       — MosPort9 N7K-C7009 Nexus-9-slot-backplane
cevFanN7Kc7009FanTray           OBJECT IDENTIFIER ::= { cevFan 129 } — N7K-C7009-FAN  Trinacria-fan-nexus9slot
cevN7Kc7009Fab2         OBJECT IDENTIFIER ::= { cevModuleN7KType 14 }           — dijon9 N7K-C7009-FAB2 Fabric for Nexus7000 9slot boxster

Bonus information contained within the MIB is information on the, yet unannounced, Nexus 7006!
Granted, this is only speculation and such – but the MIB information matches what the 7009 has as well.  Only time will tell if this is true.
cevChassisN7Kc7006              OBJECT IDENTIFIER ::= { cevChassis 1054 } — Nexus7000 6slot elsie n7k chassis N7K-C7006
cevBackplaneN7Kc7006                    OBJECT IDENTIFIER ::= { cevBackplane 60 }       — Nexus7000 6slot elsie n7k backplane N7K-C7006
cevFanN7Kc7006FanTray           OBJECT IDENTIFIER ::= { cevFan 147 } — N7K-C7006-FAN  fan for nexus 6slot-chassis

I also did some searching and found this list of Nexus 7009 Part Numbers, and my assumed descriptions (in blue) of what they are.

N7K-C7009-ACC-KIT    Nexus 7009 Accessory Kit
N7K-C7009-BSK             Nexus 7009 Bottom Support Kit
N7K-C7009-CAB-TOP    Nexus 7009 Top section Cable Management?
N7K-C7009-CM-BLK      Nexus 7009 Cable Management Blank?  Unknown
N7K-C7009-F-BLANK  Nexus 7009 Fabric Blank Interface ?
N7K-C7009-FAB-2        Nexus 7009 Fabric 2 Card
N7K-C7009-FAN            Nexus 7009 Fan Tray
N7K-C7009-FD-MB       Nexus 7009 Front Dook Kit
N7K-C7009-L                  Nexus 7009 License
N7K-C7009-RMK           Nexus 7009 Rack Mount Kit
N7K-C7009-SHPPKG    Nexus 7009 Shipping package
N7K-C7009-XL               Nexus 7009 XL
L-N7K-C7009-XL           Nexus 7009 Scalable Feature License (allows XL featuers without requiring a hardware module change)

Another part-number that I have found that is NOT referenced on the Cisco site is this 5.6KW power supply. Wonder if the 7009 can support a smaller power supply, or this is for the Nexus 7006
N7K-AC-5.6KW         5.6kW AC Power Supply

Drobo – My Impression

In Tech Field Day on April 1, 2011 at 22:07

The other week (week when I stared this post, now its a month!) I attended Tech Field Day #5 in San Jose, CA.  During this event, Drobo presented their technology to us – what it is – how it works – and where it is aimed.  I have to admit that I have been looking at a Drobo for a few years now and never pulled the trigger – until now.  Let me preface that by saying I did purchase a Netgear ReadyNAS NV+ a few years ago instead of a Drobo – and I do still have the Netgear – but am glad that I have added the Drobo to my home storage solution.  I purchased this unit from Drobo directly, using my own funds, and did use a publicly available discount code of BESTDEALEVER

What is a Drobo, in case you are wondering – well – let me let Cali Lewis explain and demonstrate:

Ok, so now that I have shown the obligatory video that everyone has probably already seen, I can continue.  There are a few differences in the unit that I purchased, Drobo FS, and the one in the video.  The two big differences are that the Drobo FS holds 5 drives and also has a built-in Gigabit Ethernet port.  No USB or other connectivity required, just plug it into the network and go!

Why did I chose to buy a Drobo when I already have a ReadyNAS from Netgear?  It comes down to the simplicity of the Drobo and how it works.  The Drobo is very simple, there are no drive carriers, the lights are very easy to understand (green, red, yellow), the web interface is simple and direct, and you do not have to be a Computer person to really use it.  I felt that this last piece of information is key – if ever I lost a drive when I was traveling  it would be easy to walk any member of my family through the process of replacing a the bad drive.

While looking at the Drobo you can quickly gauge the health of the unit. In the picture below you can see that all the drives are healthy (Green lights on the right) and the utilization is about 30% or so (Blue lights across the bottom).  What is really nice about this is that you do not need to look at the control panel software to see what is going on with the system.  You can just look at the unit and know that you have space and all the drives are good.  Heck, even a cell phone photo like the one below lets you know the health of the unit just by looking!

So, what do you do if a light is not green, or even worse, flashing?  That is easy, just pop off the magnetic front cover and look at the inside of it.  This little chart is part of the charm of this unit – and one of the reasons that I think it is so easy to use.  If you are wondering about any light, you can just look at this chart.  It is very easy to read, easy for someone non-technical to understand, and best of all, tells the person reading it what is going on.    So if a light is RED because of a drive failure or yellow because you are running out of space, it is easy to identify and replace.

If you look at the unit with the cover off, below is what you will see. As you can tell, there are no carriers for the drives – they just insert and lock in.  Again, that is part of the beauty in the simplicity of this design.  In order to do anything on my current NAS, I need to:
1) remove the carrier with the drive
2) unscrew the drive from the carrier and hope I do not drop a screw
3) install the new drive in the carrier and re-secure it with screws
and then finally
4) re-insert the drive into the unit.

With the Drobo, just pop out the old drive and insert the new drive into the unit.  As I said, this simple approach makes me more comfortable knowing I can rely on others to replace drives.

So lets talk  about the Drobo Dashboard (management console)  before I go onto the installation of the unit.  I am doing this because many of my next series of screen shots are all from that application so I am hoping that the information on the screen will even more sense. When you load the Drobo Dashboard you are presented with a simple pie chart that shows you the current used and free space.  It also shows you any drive mappings that you may have or are available under the Mount section.  If you want to mount a drive (assign it a drive letter), all you have to do is click the check box and the drive will be mounted.  As you can see below, the Public share has been mounted as drive letter W:

If you click on the arrow next to How is my storage being used?, you will see greater details on your storage.  Here you can see all the detail about the Drobo with regards what drives are installed, to total storage, protection, and whatever overhead is being used.  Here you can see that I have 5 1.5TB drives installed for a total storage space of 6.82 TB, 5.39TB is available for data, 1.43 TB is used for protection ( parity ), and there is about 10G of overhead on the system.  If I had odd size drives installed, you would see some Reserved for Expansion space there – that is space that is available for future use, but only after you add more drives.

If you go to the following page on Drobo’s website – Click Here – they have a great explanation of how the system is expandable.  The below picture is taken from that page and, as you can see, it uses as much space as it can and still keep the data redundant.  What is not usable in a redundant fashion, is reserved until you add more space.  If you where to add another 2 TB drive to the system, the space in Blue would then be free to use for storage as it can create the necessary redundancy via the new drive.

So, lets cover the setup of the unit, adding drives, and the rest of the management console.  When I first received the Drobo unit I had a few drives lying around, so I figured I might as well throw them in! Below is a screen shot of the drives (this is also the Advanced Controls section of the Drobo Dashboard) and you can see that I installed two 1.5TB drives, a 500GB drive, and a 250GB drive – within a few minutes all the drives where online and ready to go!  I had about 2TB of available protected storage, just like that.

Once I had the unit up and running, I decided to order 3 more of the Seagate 1.5 TB drives from NewEgg. Figured I might as well fill up the unit and max out the drives (not the capacity as this unit supports up to a 3TB drive), so I quickly added another 1.5 TB drive to the unit, and within a few minutes I had more space!

Now is where the beauty of this unit begins – I removed the 250GB drive and installed another 1.5 TB drive in its place.  No data was lost in this action, the unit did not care as it is based on of RAID and can support the loss of a drive.  But with RAID, you usually cannot take advantage of new space if the new drive is bigger – but with Drobo you can!  So, instead of having 3.34TB of space, I suddenly had 4.48 TB of space!

What is neat about the Drobo Dashboard, it actually starts to flash to alert you to the status.  My data was deemed At Risk due to the drive that I removed (nature of RAID), but what is also nice is that there is a Progress indicator telling you how long until the Drobo data storage is rebuilt.  This is very handy to know as if you choose to expand your data store with larger drives, you know about how long it will take.

Even the main dashboard shows me something is wrong, so no matter what screen you are in you can instantly see the health of the unit.  In the How is my storage being used, it even tells you that Data Protection is in progress.  You know what is going on, no matter what screen you are in.

So after that drive was rebuilt with storage as the RAID was finished expanding, I decided to remote the last 500 GB drive and replace it with another 1.5 TB drive.  It followed all the same processes as when I replaced the 250 GB drive, nice and simple.  So, as you can see below, I now have 5.39TB of usable, protected storage in the unit.

And when you look back at the Drobo Dashboard, you can see how the storage space is being used easily by looking at the pie chart.

So as you can see, adding and expanding capacity is as easy as adding and removing drives.  Just need to remember to replace your smallest drive first, that is the way that you can ensure you will maximize your storage capacity.   One other nice thing about the Drobo FS with 5-drives, you can also create a “hot spare” drive using the Dual Disk Redundancy option.  This will allow you to have one drive that is not used, but doubles the parity in case two drives fail. This is a GREAT option if your data is super critical and vital.  The reason that I am not doing this is because I actually bought a spare 1.5 TB drive, they are the same drives I have in my other NAS solution.  Easier for me to keep a spare on the shelf then to have a spare drive in each unit.

So, with all this positive things – are there any negatives?  Yes, I see one – the power supply.  With the Drobo it is an external power pack, whereas with my other NAS it is integrated to the unit.  Now this is not a huge deal, but I prefer to keep my cords to a minimum where possible.  To be honest though, that is my only issue with the whole unit – everything else is perfect.

So – you might wonder why do I still have the NetGear running, that is simple – it is a good box as well.  I used to use the Netgear for everything – Music, Files, Pictures, and Video media – but have since decided to make that a Media only box.  I now keep mostly my TiVo and iTunes backups there.  The NetGear box is great as it integrates into my TiVo because the Netgear supports DLNA .  This allows me to share any movies, tv shows, recorded programs, etc with my TiVo in a nice, simple fashion.

Disclaimer

Drobo was a sponsor for Tech Field Day #5, and as such they were responsible for paying a portion of my travel expenses and hotel accommodations.   At no time did they ask for nor were they promised any kind of consideration in this review.  The analysis and opinions here are mine and mine alone.  They are given freely and without reservation.

%d bloggers like this: