Archive

Archive for the ‘cisco’ Category

Debugging on Cisco Nexus

August 13, 2013 Leave a comment

I had an issue where I had a need to do some PIM debugging recently on the Nexus platform in an MPLS environment and there are some nice features that make it pretty handy to use.

First off I did what I usually do and forgot to specify the VRF I wanted to actually debug PIM in so received no log messages. I looked for a bit to see where I could specify the VRF but there wasn’t any option under the debug command:

n7k-dis2# debug ip pim ? assert PIM Assert packet events bidir PIM Bidir DF packet events data-register PIM data register packet events ha PIM system HA events hello PIM Hello packet events internal PIM system internal events join-prune PIM Join-Prune packet events mvpn MVPN related events null-register PIM Null Register packet events packet PIM header debugs policy PIM policy information rp PIM RP related events vpc VPC related events vrf PIM VRF creation/deletion events

That VRF option is not the one to specify the VRF, it debugs just what the description says it does.

Then I found you can specify debug-filters! Here is where you can specify which VRF to actually apply the debugging command to, along with alot of other filtering options:

n7k-dis2#debug-filter ip pim ? group Debug information for a particular Group interface Debug information for a particular Interface vrf Debug information for a particular VRF n7k-dis2# debug-filter ip pim vrf user

As you can see, you can filter your debugs to a specific multicast group and/or interface as well. Now that we have applied the debug filter to the user VRF, now we can turn on the specific PIM debugging we want to see:

n7k-dis2# debug ip pim join-prune 2013 Aug 13 13:04:18.022567 pim: [7034] (user-base) No (10.125.238.90/32, 224.125.238.90/32) route exists, not to us 2013 Aug 13 13:04:18.022615 pim: [7034] (user-base) No (10.193.48.160/32, 239.255.255.253/32) route exists, not to us 2013 Aug 13 13:04:18.022627 pim: [7034] (user-base) ----- 2013 Aug 13 13:04:18.084726 pim: [7034] (user-base) Received Join-Prune from 10.252.0.100 on mti5, length: 34, MTU: 1376, ht: 420 2013 Aug 13 13:04:18.084758 pim: [7034] (user-base) Upstream address: 10.252.0.146, group count: 1, holdtime: 420 2013 Aug 13 13:04:18.084770 pim: [7034] (user-base) Group: 239.255.255.253/32, join-list count: 1, prune-list count: 0 .....

Now this produced a lot of output so you could have applied another debug-filter to filter on a specific address, packet direction, interface, etc. It is pretty easy to extract exactly what you want to see in the debug output.

You can also send the output of a debug to a file like so (I named the file “test”):

n7k-dis2# debug logfile test size ? 4096-4194304 Enter the logfile size in bytes

Advertisements
Categories: cisco, nexus

Simplified QoS on 3850 with MQC

August 9, 2013 17 comments

Configuring QoS has been much improved in Cisco’s new 3850 line of switches thanks to its implementation of MQC (Modular QoS Cli) configuration instead of the old “mls qos” commands from the 3750 and 3560 lines of switches.  Here I will show just how easy it is to generate a simple QoS config to handle voice and video traffic.

First we define what traffic we would like to work with.  In this case it is voice traffic marked as dscp ef and video traffic marked as dscp af41.

class-map match-any VIDEO match ip dscp af41 class-map match-any VOICE match ip dscp ef

Easy enough. Now lets configure the policy maps to actually do something with this traffic. I will configure two separate policy maps. one for user facing ports and one for the uplinks to my distribution layer.

I would like to prioritize both voice and video traffic over everything else but I want voice to be prioritized over everything. The 3850 actually has 2 priority queues that enable me to do this, a level 1 and level 2 priority queue.

policy-map UPLINK class VOICE priority level 1 percent 10 police cir percent 10 conform-action transmit exceed-action drop class VIDEO priority level 2 percent 20 police cir percent 20 conform-action transmit exceed-action drop class class-default bandwidth remaining percent 100 policy-map USER class VOICE priority level 1 percent 1 police cir percent 1 conform-action transmit exceed-action drop class VIDEO priority level 2 percent 5 police cir percent 5 conform-action transmit exceed-action drop class class-default bandwidth remaining percent 100

Above I have separate policy maps based on if it’s a user or uplink port. For user ports, voice traffic is put in priority queue 1 and guaranteed 1% or 10Mbps of throughput. I also capped it at 10Mbps with the police command to prevent this queue from hogging bandwidth. Same process is followed for voice. It is placed in priority queue 2 and it is guaranteed 50Mbps throughput. On the uplinks, the only change is the percentages of guaranteed bandwidth has been increased.All other traffic gets 100% of the remaining bandwidth.

All that is left is to apply these policy maps to some interfaces.

interface GigabitEthernet1/0/1 switchport access vlan 302 switchport mode access switchport voice vlan 402 trust device cisco-phone spanning-tree portfast service-policy output USER interface GigabitEthernet1/1/1 description --- UPLINK --- switchport trunk allowed vlan 302,402 switchport mode trunk service-policy output UPLINK ip dhcp snooping trust

Done! We can even get some meaningful stats now as well. I haven’t pushed any traffic through this switch yet but you get the idea.

3850#sh policy-map int gig 1/1/1 GigabitEthernet1/1/1 Service-policy output: UPLINK queue stats for all priority classes: Queueing priority level 1 (total drops) 0 (bytes output) 0 queue stats for all priority classes: Queueing priority level 2 (total drops) 0 (bytes output) 0 Class-map: VOICE (match-any) Match: ip dscp ef (46) Priority: 10% (100000 kbps), burst bytes 2500000, Priority Level: 1 police: cir 10 % cir 100000000 bps, bc 3125000 bytes conformed 0 bytes; actions: transmit exceeded 0 bytes; actions: drop conformed 0000 bps, exceed 0000 bps Class-map: VIDEO (match-any) Match: ip dscp af41 (34) Priority: 20% (200000 kbps), burst bytes 5000000, Priority Level: 2 police: cir 20 % cir 200000000 bps, bc 6250000 bytes conformed 0 bytes; actions: transmit exceeded 0 bytes; actions: drop conformed 0000 bps, exceed 0000 bps Class-map: class-default (match-any) Match: any Queueing (total drops) 0 (bytes output) 0 bandwidth remaining 100%

As you can see pretty painless QoS implementation. Of course you can get much more complicated if needed with nested policy-maps, table maps etc. Here is the IOS-XE QoS documentation if you want to delve further into QoS IOS XE QoS Config Guide”

Categories: 3850, cisco, qos

Cisco 3850 Fails to Boot

August 8, 2013 Leave a comment

While working on some QoS configuration, I hit a strange issue with some Cisco 3850 switches. I saved my config and shut down the switch only to have it boot into rommon the next day when powered back on

@++@@++@@++@@++@@++@@++@@++@@++@@++@@++@@++@@done. Memory Test Pass! Base ethernet MAC Address: 20:37:06:cf:d4:00 Interface GE 0 link down***ERROR: PHY link is down Initializing Flash... flashfs[7]: 0 files, 1 directories flashfs[7]: 0 orphaned files, 0 orphaned directories flashfs[7]: Total bytes: 6784000 flashfs[7]: Bytes used: 1024 flashfs[7]: Bytes available: 6782976 flashfs[7]: flashfs fsck took 1 seconds....done Initializing Flash. : no such device : no such device Error loading "" Interrupt within 5 seconds to abort boot process. Boot process failed... The system is unable to boot automatically. The BOOT environment variable needs to be set to a bootable image. switch:

Hmmm, not what I expected. I looked in the directory to try and find the .bin file to boot the switch byt was presented with some .pkg files instead.

switch: dir flash: Directory of flash:/ 7745 drwx 4096 . 2 drwx 4096 .. 7746 -rwx 2097152 nvram_config 7747 -rwx 74410468 cat3k_caa-base.SPA.03.02.00SE.pkg 7748 -rwx 2773680 cat3k_caa-drivers.SPA.03.02.00.SE.pkg 7749 -rwx 32478044 cat3k_caa-infra.SPA.03.02.00SE.pkg 7750 -rwx 30393116 cat3k_caa-iosd-universalk9.SPA.150-1.EX.pkg 7751 -rwx 18313952 cat3k_caa-platform.SPA.03.02.00.SE.pkg 7752 -rwx 63402700 cat3k_caa-wcm.SPA.10.0.100.0.pkg 7753 -rwx 1218 packages.conf 7754 -rwx 156 express_setup.debug 7755 -rw- 684 vlan.dat

Hmm, no .bin file here. After some digging, you actually boot with the packages.conf file which then invokes the necessary .pkg files and off you go.

switch: boot flash:packages.conf Getting rest of image Reading full image into memory....done Reading full base package into memory...: done = 74410468 .....

This behavior is actually a documented bug in the 3.2.0SE code. The bug ID is CSCue76684. The workaround for this is to manually specify the packages.conf file in the boot statement in the config.

boot system switch all flash:packages.conf

This bug is fixed in 3.2.1SE. Hopefully this saves someone some time when deploying these switches.

Categories: 3850, bug, cisco

Multicast, MPLS and MDT’s, oh my!

Here, as promised, is my first post of real substance!  I’ve been building a new core network for the health system I work at and one of the requirements was to enable multicast across the wired as well as wireless network.  Seems fairly straightforward at first, enable PIM on all interfaces that could potentially carry multicast traffic, set up your RP’s (auto-rp, bsr, or manually) and off you go.

Well, the new core network is MPLS based, and has a set of firewalls filtering traffic between VRF’s so there is a bit more to getting multicast to work which I will walk through here.  I also have a mix of Cisco Nexus 7k’s in my core and 6500’s in my distribution layers and there is a caveat that needs to be addressed which I will go over as well.

The network is a pair of Nexus 7k’s as the core of the MPLS network with 6509’s hung off of them acting as building distribution PE’s.  Routing between VRF’s is handled by an “Interchange” router that is northbound of the core switches and an ASA in transparent mode, sits in between the core and interchange routers handing firewall duties for each VRF:

network overview
Read more…

Categories: cisco Tags: ,

CCIE Lab equipment

January 19, 2012 Leave a comment

So I am one of the fortunate souls that has enough spare equipment at work to build my own CCIE lab rack to study on.  Just thought I’d show a picture and list the contents.  I based my topology off of INE’s lab topology as I plan to use their workbooks to study.  I have also booked the 5 day R/S bootcamp that Narbik teaches so I will probably re-cable what is in the picture to  match his topology for the time being since I will be attending that class in Feb.

 

In the picture we have:

3 – Cisco 2611XM routers used as my back bone routers

6 – Cisco 2811 routers

3 – Cisco 3560-24 switches

1 – Cisco 3560-48 switch

1 – Cisco 2950 for management access to the routers/switches.  I may get a couple of octal cables for the async card in one of the 2611’s for out of band management instead though.

Categories: CCIE, cisco, lab