Step-by-Step Note on how to perform Classless Addressing

A Very good document that I obtained from Scribd by a student on Classless networks:

• Note: This document is for absolute beginners and may be too simple for others

More on IP Routing

Static IP Routing:

• What will happen two static routes for same IP address?

• http://www.brocade.com/content/html/en/configuration-guide/FI_08030_L3/GUID-01C97118-4521-4599-8ACD-134E7FD30124.html
• If administrative distance are not same, it always go through the route with the lower administrative distance.
• If two routes are there, it uses ECMP (Equal Cost MultiPath Routing)  always. Half of the traffic will go through one route and the other half will go through the other link.
• Eg) #ip route 6.6.6.0/24 1.1.1.2 20 we give the administrative distance as 20 and #ip route 6.6.6.0/24 3.3.3.2 10 we give administrative distance as 10. In this case, the 20 ad (administrative distance) route will not even be taken into the routing table. But, if the first interface of ad 10 goes down, the route with ad 10 comes up in routing table automatically.
• Thus, routing table will always have only the best path.

• STATIC IP ROUTING:

• See the below example to clear doubts about static IP Routing
• Look at details like the next hop ip address
• Format is

#ip route <ip address> <subnet mask> <next hop ip or exit interface>^[d]

Router0(config)#ip route 20.0.0.0 255.0.0.0 192.168.0.254

Router1(config)#ip  route 10.0.0.0 255.0.0.0 192.168.0.253
Router1(config)#ip  route 20.0.0.0 255.0.0.0 192.168.0.250

Router2(config)#ip  route 10.0.0.0 255.0.0.0 192.168.0.249
Router2(config)#ip  route 20.0.0.0 255.0.0.0 192.168.0.246

Router3(config)#ip  route 10.0.0.0 255.0.0.0 192.168.0.245^[e]

• RECURSIVE LOOKUP:

• A Recursive lookup refers to routes for which the router must look up the connected route to a next-hop gateway in order to route the packet to its ultimate destination.
• In recursive lookup, in router 1 itself we give the next hop for reaching 20.1.1.0 is 192.168.2.2. But, even 192.168.2.0 is not there, so it checks its entry for route to reach 192.168.2.0. Thus, it uses the 192.168.1.2 as the next hop to reach 192.168.2.0
• Thus, finally, it uses 192.168.1.2 is chosen as the next hop
• Advantage is that using this we can not only reach the destination networks but also the intermediate networks since we already know the route to them also.
• You should avoid recursive routing in static routing,as it increases complexity and decreases the router’s performance.

• Even if many entries are there in routing table, it takes the closest subnet and that subnet must include the IP address

• Eg) Among the routes 4.4.4.2/32 , 4.4.4.2/28 and 4.4.4.0/24, it takes the 4.4.4.4/32

• NOTE:

• If we use exit interfaces instead of next hop ip address, we need to enable proxy arp on all the exit interfaces.

--------------------------------------------------------------------------------------------------------------------------------

• OSPF vs RIP- which is better-????

• Scalability

• RIPv1 floods routes frequently (every 30 seconds), which introduces large CPU loads as the size of the routing table increases. This is compounded by the reality that RIP recalculates metrics for every route, every time it floods the route out a new interface. This is prevents RIP from scaling as well as other protocols as the number of routes increases. RIPv1 is classful. RIP is only good for 16 hops and anything after that you get Network is unreachable.
• OSPF floods routes infrequently, and performs distributed metric calculations at end nodes (instead of at every flooding router, as RIP does). Distributed route calculations, on LSAs which are flooded infrequently, make OSPF scale well. OSPF is a classless protocol, which supports CIDR, which also makes it a more scalable protocol than RIPv1

• Convergence time

• RIP is a routing protocol that converges so slowly that even a network of a few routers can take a couple of minutes to converge. In case of a new route being advertised, triggered updates can speed up RIP's convergence but to flush a route that previously existed takes longer due to the holddown timers in use.
• OSPF is an example of a fast-converging routing protocol. A network of a few routers can converge in a matter of seconds.

• Trust
• Control Traffic

• Control Traffic or Control Packet is more important than data packets since if the control packets are dropped, then, mostly, even the data packets will get dropped because control packets is responsible for proper sending of the data packets.

--------------------------------------------------------------------------------------------------------------------------------

Loopbacks:

• It creates a different broadcast domain.
• It is a virtual/software interface in a router which can be used to emulate a physical interface. (earlier we use physical loopbacks where we connect one port to another of same switch. Thus, ports are wasted)
• Loopback interfaces are treated similar to physical interfaces in a router and we can assign IP addresses to them. (so a user cannot know whether it is loopback or actual address)
• A loopback interface is always up.
• By default, router doesn’t have any loopback interfaces.
• A loopback interface has many uses:

• Loopback interface’s IP Address determines a router’s OSPF Router ID.
• It is useful in BGP neighborship even if physical interfaces go down

IP Routing

IP Routing:

• Routing is needed to go to a different broadcast domain

• Factors affecting path taken:

• Number of hops
• Congestion
• Bandwidth- Cost/Metric
• Link/Node failure
• Multiple Links

• For choosing the least cost path:        

• Administrative Distance
• Cost/Metric

• STATIC ROUTING:

• Manual configuration
• Routes must be configured both the ways .ie. for both sending data and receiving data
• Static has a lower administrative distance of 1. Thus, static route will be preferred.
• If any router fails, then, there will be no path. Thus, static fails
• Also, congestion will happen on a specific route if lot of traffic is being sent. Still, static route is taken
• In Production, static routes are used as backup

• DYNAMIC ROUTING:

• Automatic selection of routes using algorithms
• Algorithms may be dynamic, where the routers make decisions based on information they gather, and the routes change over time, adaptively.
• Default route means we just send all traffic to the default router which becomes the next hop. Using default route is useful since it saves memory (instead of giving a next router for all routes) and also it helps to send packets to unknown router using the default router

--------------------------------------------------------------------------------------------------------------------------------

IP Addressing

• Why we need IP Address?

• We need it to send information to devices throughout the world

• Qualities:

• It is 32-bit binary number (same length)
• Dotted decimal system
• Division based on size- Class A, B, C, D, E

• To find the device: we need identification and location. The identification is the host id. The location is the network id.
• If we have more users, we need more host bits.

• Class A- 8 n/w bits and 24 host bits  (0-126) (127 is used for loopback, so can’t be used for hosts)
• Class B- 16 n/w bits and 16 host bits (128-191)
• Class C- 24 n/w bits and 8 host bits (192-223)
• Class D-multicast (224-239)
• Class E- experimental (240-255)^[a]

• Class:

• Class A: We have 8 n/w bits. But, the first bit is fixed as 0. Thus, we have only (2^7) networks possible. No of hosts= (224)-2 .
• Class B: We have 16 n/w bits. But, the first bit is fixed as 10. Thus, we have only (2^14) networks possible. No of hosts= (216)-2
• Class C: We have 24 n/w bits. But, the first bit is fixed as 110. Thus, we have only (2^21) networks possible. No of hosts= (28)-2^[b]

Note: the (-2) in no. of hosts is because one address is for n/w address and another one is for broadcast address

• Subnet Mask is used to tell the number of bits for network part.
• Eg) 10.0.0.0?-  is class A. Therefore, subnet mask is 255.0.0.0. The first host address is 10.0.0.1 and the last host address is 10.255.255.254.
• Eg) 172.16.0.0 ?- Class B therefore subnet mask is 255.255.0.0 . First host address is 172.16.0.1 and last is 172.16.255.254
• Eg) 192.168.1.0 ?-is class C. hence, subnet mask is /24. First host ID is 192.168.1.1 and last is 192.168.1.254. The broadcast address is 192.168.1.255
• Each Class has some range for private IP address:

• Class A- 10.0.0.0 to 10.255.255.255
• Class B- 172.16.0.0 - 172.31.255.255
• Class C- 192.168.0.0 - 192.168.255.255^[c]

• Zero Subnet:It is the first subnet obtained when subnetting the network address. Eg) 192.168.1.0/24 is the zero subnet for class C. Nowadays, we can assign this IP address to hosts also since we use classless IP instead of classful IP addressing.
• Public IP address must be unique and is assigned by the ISP

--------------------------------------------------------------------------------------------------------------------------------

Subnetting:

• If we use only classes, then, either we have a lot of hosts or a lot of networks. Thus, IP addresses are wasted. Hence, we use variable length subnets.
• In subnetting, we borrow the bits from the host part.
• Eg) 10.0.0.0/8.

• Here, the n/w part is 10.
• Host part is 0.0.0. We borrow bits from here. Let us take 2 bits. SO, host part starts with (XX000000.)b
• Thus, we get 4 subnets 10.0.0.0/10, 10.64.0.0/10, 10.128.0.0/10, 10.192.0.0/10

• Hint: The subnets will be in multiples of the first subnet. Eg) 64*1=61, 64*2=128, 64*3=192
• If we use /31, then, we will have only one host in the subnet (if we consider broadcast address) or 2 hosts if we don’t consider broadcast.  Since a point to point (between 2 routers on end of the n/w) doesn't really need a  broadcast address, /31 can be used here.
• CIDR- using only subnets instead of classes

Link Aggregation(LAG) and LACP Protocol:

LAG (Link Aggregation):

• It is a virtual concept

Thus, the LAG makes two links appear as one in STP

• The basic concept of LAG is that multiple physical links are combined into one logical bundle. This provides two major benefits, depending on the LAG configuration:
  • Increased capacity – traffic may be balanced across the member links to provide aggregated throughput
  • Redundancy – the LAG bundle can survive the loss of one or more member link

• LAG makes two connections appear as one to STP, so the second connection won’t be blocked.
• Load sharing among the LAG links: Traffic from each flow of packets goes through a single link. So, even if we get a flow of 20G, it will go via a single link only. So, the throughput is limited to the bandwidth of the single link only (here: 10G).

Note: The physical type (SFP,...) and speeds(10G,...) of all links in a port-channel should be the same.

#int et 17-18

#channel-group mode on //static configuration of link aggregation

Where channelgroupnumber = 1

#show span //we can see the port channel 1 in show spanning-tree

#show int port-Channel 1 (OR) #show port-channel

• Now, if we make the port-channel of et17 and 18 in vlan 51. And now, if we make individual et17 and et 18 in van 30. Then, even then the port-channel only will take effect as it will act as a single interface. Thus, ALWAYS port-channel configuration overrides any interface specific configuration.
• Even after link aggregation, show lldp nei will show the individual interfaces only, since lldp considers only the physical topology.
• If we tcpdump on int et 17, we can only see the lldp protocols. If we do tcpdump on port-channel 1, we can see all other protocols like STP, etc

#tcpdump int po1

• If we use link aggregation on one side (MT701) and stop link aggregation on other side (MT703), then:In EOS,

• On MT701, the STP will not even consider the individual ports. It only considers the port-channel as an interface and it only has the port channel’s state.
• On MT703, the interfaces are considered different. So, if any ARP request broadcast comes from the port-channel on MT701, then, MT703 receives it on both the interfaces and floods it again via the other link.

• RTAG 7:

• • RTAG7 is a hashing algorithm that load balances the traffic.
  • Hash engine comes out with a number for each flow.
  • Using the number, the flow is sent through that port.
  • This ensures that the flows are distributed among all the links
  • #show port-channel load-balance trident fields //we can see which all fields of a packet participate in the hashing.
  • #port-channel load-balance trident fields ? //we can configure which all fields we can disable or enable to influence the hashing.

• Why is the spanning tree cost of port channel comes down? (et 18, 19 have cost of 2000 each but if we use port-channel the cost of port-channel becomes 1999)

• • Because of bandwidth since cost depends on bandwidth
  • 10G links have cost of 2000 by default. Higher the bandwidth, lower is the cost.
  • But, if another 10G link is there, cost will be 2000, so STP may consider that link. So, we use cost of 1999 on the port-channel link.

• • If any speed mismatch is there among the links in a port channel, then, only the higher bandwidth link is active.

DYNAMIC LINK AGGREGATION:

• LACP (Link Aggregation Control Protocol)
• #int et 17-18

#channel-group mode active //dynamic lacp active

(OR)

#channel-group mode passive //dynamic lacp passive

• If both the sides are configured as active, then, both sides can start LACP transmission. If one side is configured as passive, then, it can only receive lacp, not send. (both sides cannot be passive, since both sides will only be waiting for lacp)

• Passive LACP: the port prefers not transmitting LACPDUs. The port will only transmit LACPDUs when its counterpart uses active LACP (preference not to speak unless spoken to).
• Active LACP: the port prefers to transmit LACPDUs and thereby to speak the protocol, regardless of whether its counterpart uses passive LACP or not (preference to speak regardless).

• In L2 header, the type will be a Slow Protocol and the subtype in slow protocols will be LACP. It is a slow protocol since if one side LACP is configured, then, it will keep sending LACP PDUs every 30 seconds.
• The LACP rate fast feature is used to set the rate (once every second) at which the LACP control packets are sent to an LACP-supported interface. The normal rate at which LACP packets are sent is 30 seconds.

#lacp rate fast //1 seconds

(OR)

#lacp rate normal //30 seconds

• The above timeout is used to configure the timeout for the partner. If we use rate fast, then, within 3 seconds if it doesn’t get a reply, it knows that the link is not active. It tears down the port-channel.

(OR)

In the rate fast timeout configuration, an LACPDU is sent every second. If no response comes from its partner after 3 LACPDUs are sent, a timeout event occurs and the port channel is removed.

• If switch A is set to fast timeout and switch B is set to normal timeout. Then, switch A sends LACPDU every 30 seconds to B and the switch B sends LACPDU every 1 second to A. This information is shared in the timeout flag of LACPDU flags.
• The LACP sender is called actor and the receiver is called partner. (For each switch, it will be the actor and the other side will be the partner)
• Fields in LACP:        http://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-lacp-interfaces.html

• • Key: Tells the port-channel number (there are two separate fields for both the actor and partner)
  • Port: tells the port number .eg. et 17 (there are two separate fields for both the actor and partner)
  • Actor State:

• • • LACP Activity: tells whether the actor is in active (1) or passive state (0)
    • LACP Timeout: tells whether the timeout is normal (1) or fast (0)
    • Aggregation: 1 tells whether the port is a part of port channel. 0 tells that it is operating as a single link.
    • Synchronization: the flag is set when we get back a LACPDU from the partner.

(1 Means it has been allocated to the correct link aggregation group, the group has been associated with a compatible aggregator, and the identity of the link aggregation group is consistent with the system ID and operational key information transmitted. If the value is 0, the link is not synchronized .ie. it is currently not in the right aggregation.)

• • • Collecting: after sync, if we receiver data from partner, accept it.
    • Distributing: after sync, even send data.
    • Default: 1 indicates that the actor’s receive machine is using the default operational partner information, administratively configured for the partner. 0 indicates the operational partner information in use has been received in an LACP PDU.
    • Expired: 1 indicates the actor or partner is in an expired state. 0 indicates the actor or partner is not in an expired state .ie. no lacpdu received within timeout

• Now, a case when we aggregate many links into a port channel but the links are connected to different switches. Then, when the actor sends out a LACPDU, whichever partner sends the first reply, that link will become active. The other links connected to different partners will get inactive state.
• #show lacp internal detailed //shows the current switch’s details. Also we can see all the flags which are set and not set. We can also see the port-priorities, so that we choose which link should come up in case of mismatched-aggregate
• #show lacp neighbor detailed  //shows the system id, port number and key of the neighbor
• #show port-channel //in this itself we can see the reason for the port channel not active
• #show lacp neighbor all-port //shows details about the neighbour for each of the physical port. We can then use the oper-key value to know if the port-channel link is connected to same port-channel on other side also.

• • If oper-key is different and admin-key is same, then, this port channel is connected to 2 different port-channels on the other side. But, they are in same switch
  • If oper-key and admin-key are both different, then, this port-channel is connected to 2 different switches.

• #show lacp interface all-port //shows details for lacp not working...If the partner’s sys-id is same and oper-key is different, then, it means same port channel on our side is connected to two port-channels to same partner on other side. (mismatched-aggregate)
• NOTE: Oper-key is the number assigned to port-channel. For eg, if I give my channel-group 100, then, port channel number is 100 and oper-key will be shown as 64 (since: 100 in decimal is 64 in hex)
• #show lacp interface detailed all-ports and #show etherchannel detailed all-ports are two ultimate troubleshooting commands if we can’t find out issue

STP (Spanning Tree Protocol)

INTRO TO SPANNING TREE:

• To see current STP configuration: #show run section span
• To configure STP, #spanning-tree mode rstp

• • There are many modes of spanning tree but legacy is unsupported. Only rapid STP is supported
  • To use STP per vlan, #spanning-tree mode r-pvst //don’t use this, use rstp itself

• #show spanning-tree detail
• If we tcpdump the interface (et 18) , we see some frames having same source mac address (this mac address is the physical interface’s mac address...not the Switch’s MAC. Thus the interface mac address is used for L2 communications) and a multicast destnation MAC address (that are assigned for Spanning Tree as per wireshark). These frames are called BPDU (Bridge Protocol Data Unit)

• • BPDU stands for bridge protocol data unit. BPDUs are data messages that are exchanged across the switches within an extended LAN that uses a spanning tree protocoltopology. BPDU packets contain information on ports, addresses, priorities and costs and ensure that the data ends up where it was intended to go. BPDU messages are exchanged across bridges to detect loops in a network topology. The loops are then removed by shutting down selected bridge interfaces and placing redundant switch ports in a backup, or blocked, state.

• To see port mac address, use (config)#show interface et 19
• The format of BDPU is:

• • Protocol Identifier: STP
  • Version: Rapid
  • BDPU flags: “tell whether it is a forwarding or blocked port”
  • Root Identifier: “It is the system MAC of the switch that is taken as the root for STP calculation”
  • Root Path Cost: “tells the cost to the root switch to the current switch that is sending the configuration message”
  • Bridge Identifier: “tells the mac address of the current switch”
  • Port Identifier: “tells the current port from which the configuration message was sent. Eg) et 18”

• Each link has a cost. Higher the Bandwidth, lower is the cost.
• Steps:

• • First each switch sees it own mac address and sends a BPDU by taking its own mac address as root Identifier and as bridge Identifier
  • Then, with all the BPDUs from all the switches, the switch that has a lower mac address is taken as root. This information is shared to all the switches and they change their root identifier if a lower mac address is there in BPDU of another switch. For example, in figure, the switch A is taken as root identifier as it has a lower mac.
  • Also, when B sends BPDUs with B as root identifier, the cost will be 0. Then, after it gets to know that A is the root bridge, it sends cost as 10. Also, it will send in other directions other than the direction of root bridge (this is compulsory for all the switches).
  • Note: The order in which the port to be blocked is decided:

• • • 1. Higher cost path is blocked
    • 2. Higher Uplink- MAC address port is blocked
    • 3. Higher Uplink- Port Number port is blocked.

• To check current spanning-tree root bridge. (conf)#show spanning-tree
• To force a switch to become root, set the priority to zero: (conf)#spanning-tree priority 0. The max value is 65536. The default value is 32768 (half of max priority).
• Reason of why the priority should be multiple of 16?

• • Initially, we had 1 Byte for Port number and 1 byte for Priority.
  • But, the 256 ports were not enough after some time. SO, we borrowed 4 bits from priority for port number.
  • So, we have only 4 bits left in priority and the 4th bit is 16. Hence, any change should be in multiple of 16.

PORT IDENTIFIER FORMAT:

• • Similarly, for the same reason, the max number of vlans can be 4096 due to similar format in the BRIDGE IDENTIFIER format where

Legacy STP or Common STP:

• Older version, not used much now.
• There are 3 timers- Hello (2 sec), Forward Delay (15 sec) , Max. Age (20 sec).

Thus, minimum of 32 seconds is taken to create a converged topology.

• There are 3 states-

• • Blocking—The interface does not participate in frame forwarding.
  • Listening—The first transitional state after the blocking state when the spanning tree determines that the interface should participate in frame forwarding.
  • Learning—The interface prepares to participate in frame forwarding.
  • Forwarding—The interface forwards frames to other switches.
• Once a topology is converged and then there is a change in topology of one switch, then, that particular switch sends a TCN (Topology Change BPDU). This TCN is sent continuously every 2 sec till it receives an acknowledgement from its root.

• In CSTP, only the root bridge can generate a BPDU. Others will only relay it. Thus, it is called relayed.
• We can see the no. of topology changes in last X seconds using (config)#show spanning-tree detail
• To stop this unnecessary TCN and flushing process, we can configure spanning-tree port-fast on the ports where the hosts are connected. Since, the hosts do not participate in STP, there is no need to send TCN for connection and removal of hosts.
• Even if we port fast the ports where switch is connected, then, even then since both the switches will send BPDU, it will get converged and automatically the command is overridden. But, during the convergence, we will have a loop for sometime.
• If we enable BPDU guard and, if we get a BPDU on a FastPort, it immediately error disables that port. #show interface status error-disabled to see the reason why a port was disabled.
• BPDU filter is used to control the BPDU in and out. For eg, if we don’t want to show the BPDU to other connected devices on a port.
• The root guard feature provides a way to enforce the root bridge placement in the network.

• • The root guard ensures that the port on which root guard is enabled is the designated port. Normally, root bridge ports are all designated ports, unless two or more ports of the root bridge are connected together.
  • If the bridge receives superior STP Bridge Protocol Data Units (BPDUs) on a root guard-enabled port, root guard moves this port to a root-inconsistent STP state. This root-inconsistent state is effectively equal to a listening state. No traffic is forwarded across this port. In this way, the root guard enforces the position of the root bridge.

RSTP:

• http://www.cisco.com/c/en/us/td/docs/switches/metro/me1200/controller/guide/b_nid_controller_book/b_nid_controller_book_chapter_0111.html
• http://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/24062-146.html#topchng - Recommended by Vijay
• https://eos.arista.com/how-rapid-spanning-tree-protocol-rstp-handles-topology-changes/
• In CSTP, the disadvantage is that it is very slow (50 sec) in re-converging after topology change due to link failure, etc…
• SO, Cisco brought many features in CSTP. In RSTP, all these features are built in.
• In RSTP, all switches can generate a BPDU.
• ALso, there is no Hello timer. SO, immediately after a Proposal is sent by a switch, it gets back an Agreement.
• RSTP mode is backward compatible with CSTP. So, if any CSTP switch is connected to a port of an RSTP switch, then, it puts only that port in CSTP mode.
• In RSTP, a switch will send BPDU (2 sec). If within 3 BPDUs (6 sec), it doesn’t get back a BPDU it assumes that a host is connected and makes it as EDGEport. Similar to FastPort
• See here for RSTP Sync Process: https://ccieblog.co.uk/spanning-tree/rstp-a-detailed-guide
• In RSTP, when a port transitions into the forwarding state, it means there has been a topology change. In RSTP, the topology change process is generated only when a port moves into forwarding mode.
• There are 4 port roles:

• • EDGE- connected to a host
  • ALTERNATE- state is discarding. .ie. blocked (alternate path to root)
  • BACKUP- state is discarding..ie. blocked (backup path to designated)
  • ROOT- connected to root bridge
  • DESIGNATED- connected to non-root bridge

• If any topology changes after convergence,

• • We don’t have a TCN BPDU in RSTP.
  • Here, we use the normal BPDU by setting the TC (Topology Change) bit and send to other switches.
  • Note that the BPDU is sent only by the switch that notices the topology change on all the forwarding ports (.ie. both root and designated) to other switches.
  • After this, the entire mac address table is NOT cleared. Only the designated port on that mac address table is cleared and relearnt.

• To set the max time interval for a BPDU to be valid : #span max-age <time in sec. Eg:10> . Similarly, we have max-hops which is the max hops the bpdu can travel (max- hops is shown in wireshark as message age).
• Indicators to notice a loop:

• One is seeing the mac flap in #show mac-address table
• Another is checking an interface #show interface et19 status . If we see very high no. of broadcasts than unicasts, then, looping is happening.

• Note: One easy way to make a switch as the root is by changing priority. It can be done automatically using the command #span root primary (OR) #span priority <priority_number>

(Q) Configuring MT701 to MT705.

Mn431        #int et 43

#ip addresss 10.1.10.1/24

MT701        #span mode rstp

        #span priority 0 //setting it as root bridge

        

------------

MT702        #int et 1/1, 1/2, 1/3

        #span cost 8000   //If it checks the cost, then, et ¼ will have the lowest cost. Hence, it will become root port

-----

MT702# terminal monitor //use this on the switch where we are going to configure BPDU guard

        #show log

        

MT701        #int et 20

        #span bpdufilter enable

MN701        #ping  //to send broadcasts

MT702        #watch diff show int et ⅓ //we see that there is very high broadcast which shows that there is looping

        (OR) #watch diff show int et ⅓ counters //this command shows unicast, multicast and broadcasts separately

        #int et ⅓

        #span bpduguard enable //enabling the BPDU guard

MT701        #int et 20

        #no span bpdufilter enable //disabling BPDU filter on port 20 of MT701

MT702         #show int status //we will see that the interface et ⅓ will be shown as error-disabled due to BPDU guard which disables it due to the broadcasts

        #show int et ⅓ status error //we can see the reason for the error-disabled- shown as bpduguard

-------

MT704        #int et 19         #shutdown         #no shutdown

In another computer, MT704   #watch diff show span \\we can see how fast an port is changing from alternate to root and to original again MT704   #watch diff show span detail \\we can the number of topology changes and the time

In another computer, MT704   #tcpdump int et 20

------

MT701        #watch diff show mac add //we will see that only the mac addresses on designated ports are cleared. The mac addresses on root port are unaffected.

MT702        #int et1/1

#shut //we will see that the mac table on MT701 is cleared for the interface et 19 (since et 19 is connected to 1/1)

#no shut

-------

MT702        #int et ½

        #span guard root

MT704        #span priority 0

//thus, now for MT702, it gets a superior BPDU to a root bridge MT704. But, already it thinks MT701 is the root bridge

MT702        #show span //it shows inconsistent state on et ½ since we have configured root guard. If we had not configured, then, this port would have become root port and MT704 would have become the root bridge.

-------

MT701        #int et23

        #span fastport auto

        

MN431        #ping 10.1.10.2

In another computer first type this and watch, MT701  #logging console 7              #logging monitor debugging              #terminal monitor //this command displays the debugging and changes on the monitor (no need to use show logging separately)

MT701        #int et 23         #shut         #no shut

        

//we will see that in debugging, it takes around 20 seconds to move the port to listening port and then to designated port.

MT701        #int et23

        #span fastport edge

 & repeat the above steps   // we will see that the moving only takes 1 second.

--------

ASSIGNMENT QUESTIONS:

1. Diameter of spanning tree= 7 (by using the default configurations of IEEE802.1D). If we tune the timers, then, it is possible to increase the diameter.

2. Problem with RSTP:

Counting to Infinity http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

3. RSTP Sync Process:

Proposal and Agreement

http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

4) Difference b/w STP and RSTP:

https://cciethebeginning.wordpress.com/2008/11/20/differences-between-stp-and-rstp/

(Q) Configuring MT701 to MT705.

Mn431        #int et 43

#ip addresss 10.1.10.1/24

MT701        #span mode rstp

        #span priority 0 //setting it as root bridge

        

------------

MT702        #int et 1/1, 1/2, 1/3

        #span cost 8000   //If it checks the cost, then, et ¼ will have the lowest cost. Hence, it will become root port

-----

MT702# terminal monitor //use this on the switch where we are going to configure BPDU guard

        #show log

        

MT701        #int et 20

        #span bpdufilter enable

MN701        #ping  //to send broadcasts

MT702        #watch diff show int et ⅓ //we see that there is very high broadcast which shows that there is looping

        (OR) #watch diff show int et ⅓ counters //this command shows unicast, multicast and broadcasts separately

        #int et ⅓

        #span bpduguard enable //enabling the BPDU guard

MT701        #int et 20

        #no span bpdufilter enable //disabling BPDU filter on port 20 of MT701

MT702         #show int status //we will see that the interface et ⅓ will be shown as error-disabled due to BPDU guard which disables it due to the broadcasts

        #show int et ⅓ status error //we can see the reason for the error-disabled- shown as bpduguard

-------

MT704        #int et 19         #shutdown         #no shutdown

In another computer, MT704   #watch diff show span \\we can see how fast an port is changing from alternate to root and to original again MT704   #watch diff show span detail \\we can the number of topology changes and the time

In another computer, MT704   #tcpdump int et 20

------

MT701        #watch diff show mac add //we will see that only the mac addresses on designated ports are cleared. The mac addresses on root port are unaffected.

MT702        #int et1/1

#shut //we will see that the mac table on MT701 is cleared for the interface et 19 (since et 19 is connected to 1/1)

#no shut

-------

MT702        #int et ½

        #span guard root

MT704        #span priority 0

//thus, now for MT702, it gets a superior BPDU to a root bridge MT704. But, already it thinks MT701 is the root bridge

MT702        #show span //it shows inconsistent state on et ½ since we have configured root guard. If we had not configured, then, this port would have become root port and MT704 would have become the root bridge.

-------

MT701        #int et23

        #span fastport auto

        

MN431        #ping 10.1.10.2

In another computer first type this and watch, MT701  #logging console 7              #logging monitor debugging              #terminal monitor //this command displays the debugging and changes on the monitor (no need to use show logging separately)

MT701        #int et 23         #shut         #no shut

        

//we will see that in debugging, it takes around 20 seconds to move the port to listening port and then to designated port.

MT701        #int et23

        #span fastport edge

 & repeat the above steps   // we will see that the moving only takes 1 second.

--------

ASSIGNMENT QUESTIONS:

1. Diameter of spanning tree= 7 (by using the default configurations of IEEE802.1D). If we tune the timers, then, it is possible to increase the diameter.

2. Problem with RSTP:

Counting to Infinity http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

3. RSTP Sync Process:

Proposal and Agreement

http://blog.ine.com/wp-content/uploads/2011/11/understanding-stp-rstp-convergence.pdf

4) Difference b/w STP and RSTP:

https://cciethebeginning.wordpress.com/2008/11/20/differences-between-stp-and-rstp/

Data Plane (or) Forwarding Plane

DATA PLANE:

• As for the data plane, sometimes called the Forwarding Plane, this is basically anything that goes *through* the router, and not *to* the router.
• The data plane is the workhorse of the switching elements in our networks.
• It has the responsibility of parsing packet headers (or cells, SONET) in high speed search ASICs. It manages QOS, filtering, encapsulations, Queuing, Policing all of the reasons we had and still do in many cases purpose built silicon or custom ASIC designs.
• The data/forwarding plane must do those operations in the “Fast Path” to keep up with performance needs in data centers and core networks.  (https://en.wikipedia.org/wiki/Fast_path)
• A case here could be Arista’s 7124FX switch that have low latency as well FPGA for programming the data plane
• The functions of data plane are:

• Also known as Forwarding Plane
• Forwards traffic to the next hop along the path to the selected destination network according to control plane logic
• Data plane packets go through the router
• The routers/switches use what the control plane built to dispose of incoming and outgoing frames and packets

• Forwarding data planes typically come either centralized or distributed. This means the forwarding engine is either centrally located across the ethernet fabric/crossbar or pushed all the way to the edge. The more performance required the more that distributed forwarding is pushed to the edge.
• For example - when a LAN switch receives a frame in an interface in VLAN 3, the switch makes a forwarding decision based on the VLAN 3 entries in the MAC address table, and forwards the packet. All this logic focuses on forwarding the user's data, so it is part of a switch's data plane processing.

Control Plane

CONTROL PLANE:

• Control plane packets are destined to or locally originated by the router itself.
• Management protocols, like Telnet, SSH, SNMP, etc. could be considered part of the control plane, but are more properly considered part of the Management Plane, which is a specific subset of the control plane.
• The Routing Information (data)Base (RIB) and Label Information Base (LIB) are processed in software and used to populate FIB(forwarding information base) and the LFIB.
• The Control plane feeds the forwarding/data plane with what it needs to create its forwarding tables and updates topology changes as they occur. The number of control packets is very very small even in a very large network. This is the reason the control plane can often be thought of as the “slow path” in legacy route once-switch-many-packet switching architectures.
• In distributed architecture platforms, routing protocols, and most other protocols, always run on the core CPU. But, there are other control plane protocols such as ARP, BFD, and ICMP that in some distributed architecture platforms have now been offloaded to the line card CPU.
• A list of functions performed in control plane are:

• Makes decisions about where traffic is sent
• Control plane packets are destined to or locally originated by the router itself
• The control plane functions include the system configuration, management, and exchange of routing table information
• The route controller exchanges the topology information with other routers and constructs a routing table based on a routing protocol, for example, RIP, OSPF or BGP
• Control plane packets are processed by the router to update the routing table information.
• It is the Signalling of the network
• Since the control functions are not performed on each arriving individual packet, they do not have a strict speed constraint and are less time-critical

• For example: STP and any IP routing protocol are examples.......