November 2017 Extreme Fabric connect Lab Agenda 2 Lab Enabling SPB on the Switch Creating and testing SPB NNI links Creating and testing Layer 2 VSNs Creating and testing IP Shortcuts Creating and testing Layer 3 VSNs Overall LAB Deployment LAB 4 VSP 4K4 1/49 LAB 1 VSP 4K1 1/49 LAB 5 VSP 4K5 1/49 1/7 LAB 2 VSP 4K2 1/6 1/6 1/7 1/49 LAB 6 VSP 4K6 1/7 1/8 VSP 8K1 VSP 8K2 1/9 1/8 1/49 LAB 3 VSP 4K3 LAB 7 VSP 4K7 1/49 1/49 VLAN Port Layout VSP 4000 All Labs 1/49 NNI Port BVLAN 4051, 4052 1/5‐1/6 1/7‐1/9 1/10‐1/12 VLAN 100 VLAN 20X All Switches VLAN 30X All Switches All Switches Console 9600‐8‐N‐1 Instructions • Carefully check each command to ensure you are entering the specific information (VLAN ID, IP address, etc.) for your switch, rather than the example indicated. LAB specific information is denoted in red. • Tables are contained in the LAB Cut‐Sheet’s specific to your LAB indicate your specific SPB parameter, VLAN and IP address assignments. • Stop at the end of each section and check with your neighbors to discuss results (adjacencies, entries in LSDB, IP reachability, etc.) Configuring VSP4k/VSP 8K Device Access • Enable the Configuration Interface: • • • • VSP-4850GTS-PWR+:1>ena VSP-4850GTS-PWR+:1#config t VSP-4850GTS-PWR+:1(config)# Industry accepted Command Line. • Note – Take notice of the command level shown by the system prompt • Set the System Name: • VSP-4850GTS-PWR+:1(config)#sys name vsp4kX X=Lab, • vsp4k1-1:1(config)# • Note – System Name will be used automatically for the ISIS System Name Enabling SPB on the Switch 7 Enabling SPB on the VSP4k/VSP8k Overview of Configuring IS‐IS/SPBM Global Switch items • Objective • This is the general process flow for enabling SPB on the VSP 4000/8000. Specific instructions begin on the following slide • Global settings • Configuring SPBM • Enabling SPBM • Creating SPBM instance • SPBM nick‐name • Configuring SPBM BVLAN • Configuring IS‐IS • IS‐IS area • IS‐IS sys‐name (SNMP System name used by default) • System ID (Unit base MAC address used by default) • Enabling IS‐IS Enabling SPB on the VSP4k/VSP8k – Step 1 of 2 • Enable SPBM globally: • vsp4k1-1:1(config)#spbm • Enables the SPBM Protocol for your switch node globally. • Enter the ISIS Router Configuration mode: • vsp4k1-1:1(config)#router isis • Places you in the router isis context. • Create the SPBM instance: • vsp4k1-1:1(config-isis)#spbm 1 • Note – Currently only one SPBM instance is supported • Establishes SPBM Domain 1 within your node. This domain value is common for your entire SPBM cloud. We are configuring the SPBM 1 Domain. • Create the ISIS area • vsp4k1-1:1(config-isis)#manual-area 49.0001 • Establishes the SPBM Area for your cloud. This area value is common for our entire SPBM cloud. • Add the SPBM B‐VLANs (Backbone VLANs) to the SPBM instance: • vsp4k1-1:1(config-isis)#spbm 1 b-vid 4051,4052 primary 4051 • Defines the Backbone Control VLAN Identifiers for the entire cloud. Today, Avaya supports two Backbone VLAN IDs (Primary and Secondary) for a deployed SPBM Solution. This configuration defines 4051 and 4052 as the Backbone VLAN IDs with 4051 defined as the primary B‐VID for the entire SPBM Cloud. The B‐VID values along with the designated Primary B‐VID are common for our entire SPBM cloud. • vsp4k1-1:1(config-isis)#exit • Note – B‐VLAN’s will be used by SPB to carry traffic across the network • Create the SPB Backbone VLANs • vsp4k1-1:1(config)#vlan create 4051 name BVID1 type spbm-bvlan • Creates Backbone VLAN (B‐VLAN) #1 within the node and defines it as an SPBM Backbone VLAN. This VLAN along with B‐VLAN #2 will be the only VLANs seen on the NNI connections within the SPBM Cloud. • vsp4k1-1:1(config)#vlan create 4052 name BVID2 type spbm-bvlan • Creates B‐VLAN #2 within the node and defines it as an SPBM Backbone VLAN. This VLAN along with B‐VLAN #1 will be the only VLANs seen on the NNI connections within the SPBM Cloud • Note – While only a single backbone VLAN is required, two should be used for load‐balancing • Note – Naming the VLAN is purely optional and is not a requirement Enabling SPB on the VSP4k/VSP 8k – Step 2 of 2 • Configure the ISIS nick‐name (a.k.a. Shortest Path Source Name) : • vsp4k1-1:1(config)#router isis • • Moves our configuration efforts to the router isis context. vsp4k1-1:1(config-isis)#spbm 1 nick-name 1.00.0x x=lab • Note – The nick‐name is a 2.5 byte field (x.xx.xx) that must be globally unique • Defines the unique SPBM Nickname for this node. ENTER THIS VALUE CAREFULLY and ACCURATELY. Re‐enter it now if you mistyped it; it is important that you make any necessary changes to this parameter prior to enabling router isis. • Enable ISIS • vsp4k1-1:1(config-isis)#router isis enable • • Enable Connectivity Fault Management (CFM) • vsp4k1-1:1(config)#cfm spbm enable • • This enables and activates your ISIS node. Note – CFM offers troubleshooting capabilities at Layer 2 (Allows SPB OAM features like L2 ping, L2 traceroute, L2 tracemroute, L2 tracetree). While merely a footnote here, this capability is extremely significant (IEEE 802.1ag) as there is no Layer 2 OAM today Core SPBM Configuration Complete! Enabling SPB on the VSP4k/VSP8k – Verification Show Commands for ISIS/SPB Basic – take a look to get a feel for what’s there • show isis • show isis spbm • show isis lsdb • show isis interface – couple of entries at this point – nothing yet • show isis adjacencies – nothing yet • show isis system‐id • show isis manual‐area • show isis spbm unicast‐fib – couple of entries at this point • show isis spbm unicast‐fib vlan <xxxx> (BVID) – ditto • show isis spbm unicast‐tree <xxxx> (BVID) – nothing yet • show isis spbm multicast‐fib – nothing yet • show isis spbm ip‐unicast‐fib – nothing yet • show isis spbm ? [For Additional Commands] Creating and testing IP Shortcut 12 Creating and testing IP Shortcuts • Objectives • IP Shortcuts are redistribution of routes into ISIS in order to allow ISIS/SPB to “route” across the fabric at Layer 2 by Ethernet forwarding or switching. This causes the entire fabric to appear as a single router hop from the perspective of the client (apparent when you do a traceroute from Windows). • You will configure a Loopback Address on your switch that will become routable across the fabric. In a later lab, you’ll see additional routes advertised via IP Shortcuts. Establishing IP Shortcuts LAB 4 VSP 4K4 1/49 LAB 1 VSP 4K1 GRT 1/49 LAB 5 VSP 4K5 GRT 1/49 GRT LAB 2 VSP 4K2 1/6 1/6 1/7 1/7 1/49 LAB 6 VSP 4K6 1/7 GRT 1/8 VSP 8K1 VSP 8K2 1/9 1/8 1/49 GRT LAB 3 VSP 4K3 LAB 7 VSP 4K7 1/49 GRT 1/49 GRT • • Creating and testing IP Shortcuts – Step 1 of 2 Configure CLIP address and ISIS Source IP address • vsp4k1-1:1(config)#interface loopback 1 • Selects the loopback 1 context. • vsp4k1-1:1(config-if)#ip address 10.10.11.x/32 x=Lab • Assigns the Circuitless IP Address to this node’s Loopback one interface. This loopback will be used as the node’s IP Source Address used for IP Shortcuts. The IP Address has a 32‐Bit mask assigned to it. • vsp4k1-1:1(config-if)#exit • vsp4k1-1:1)#router isis • Enters the router isis context. • vsp4k1-1:1(config-isis)#ip-source-address 10.10.11.x • Assigns the newly configured Loopback 1 IP Address to the Source IP Address parameter. • vsp4k1-1:1(config-isis)#spbm 1 ip enable • Enables IP Shortcuts as part of SPBM Domain 1. • vsp4k1-1:1(config-isis)#exit • Note – CLIP is required for IP Shortcuts and Multicast over SPB Configure IP Route Redistribution into ISIS • vsp4k1-1:1(config)#router isis • Enters the router isis context. • vsp4k1-1:1(config-isis)#redistribute direct • WARNING: Routes will not be injected until apply command is issued after enabled • Initiates the redistribution of directly connected routes to the Global Routing Table. • vsp4k1-1:1(config-isis)#redistribute direct enable • Enables the redistribution of direct routes locally. • vsp4k1-1:1(config-isis)#isis apply redistribute direct • Activates the redistribution of direct routes as part of the Global Routing Table(GRT). • vsp4k1-1:1(config-isis)#exit • (Now as you create VLAN’s and give them IP addresses, they will be reachable via ISIS*) • * At least one end station needs to be attached to the VLAN to populate ISIS GRT • Creating and testing IP Shortcuts – Step 2 of 2 Configure CLIP address and ISIS Source IP address • vsp4k1-1:1(config)#vlan create 20X type port-mstprstp 1 • • • • • • • • • • Note x=lab vsp4k1-1:1(config)#vlan members remove 1 1/7-1/9 vsp4k1-1:1(config)#vlan members add 20X 1/7-1/9 vsp4k1-1:1(config)#interface vlan 20X vsp4k1-1:1(config-if)#ip address 10.11.1X.1 255.255.255.0 Note x=lab vsp4k1-1:1(config-if)#exit vsp4k1-1:1(config)#interface gigabitethernet 1/7-1/9 vsp4k1-1:1(config-if)#no shutdown vsp4k1-1:1(config-if)#exit vsp4k1-1:1(config)#save config Creating and testing IP Shortcuts – Verification • Ping the Loopback Addresses of other LAB’s • Show Commands • vsp4k1-1:1(config)#show ip route • Note route entries for other LAB’s VLAN ´s • Note Loopback addresses of other LAB’s as advertised by assigning IP to ISIS. • vsp4k1-1:1(config)#show ip isis redistribute • In this lab, we are just redistributing direct (local VLAN) interfaces • OSPF, RIP, Static and BGP can be redistributed as well. Establishing High Availability Access Layer Connectivity • Objective • Configure Aggregation/Site Core Layer for SMLT/RSMLT to the Access Layer • Create an MLT between VSP4k pairs for the vIST • Configure the vIST • Configure MLT for the Access Layer • Configure the Access Layer • Create an MLT between ERS3k/4k and the Core VSP4k’s All lab group switches: Port 1/50 NNI MLT from Edge RSMLT to Edge HA Peers w/ vIST HA Peers w/ vIST RSMLT to Edge MLT from Edge Configuring Access Layer HA Aggregation Be sure to Write Mem or Save Config often! Configure VSP4k Pairs for SMLT/RSMLT – Step 1 of 2 • Disable ISIS • vsp4k1-1:1(config)#no router isis enable • Do you want to continue (y/n) ? Y • Configure the SMLT Peer System‐ID • • • • vsp4k1-1:1(config)#router isis vsp4k1-1:1(config-isis)#spbm 1 smlt-peer-system-id xxxx.xxxx.xxxx xxxx.xxxx.xxxx=Peer System-ID (Default Base MAC of Peer) vsp4k1-1:1(config-isis)#exit Note – Use ‘show isis system‐id’ on the Peer Switch to locate the System ID • Create a vIST MLT (Link Aggregation Group) Between Individual LAB VSP4k Pairs: • • • • vsp4k1-1:1(config)#mlt 512 enable vsp4k1-1:1(config)#mlt 512 member 1/1-1/2 vsp4k1-1:1(config)#mlt 512 encapsulation dot1q Note – This is not strictly necessary since the vIST can run over any SPB connection between two VSP’s. However, if near each other physically, a direct connection is recommended • Enable SPB on the MLT • • • • • vsp4k1-1:1(config)#interface mlt 512 vsp4k1-1:1(config-mlt)#isis vsp4k1-1:1(config-mlt)#isis spbm 1 vsp4k1-1:1(config-mlt)#isis enable vsp4k1-1:1(config-mlt)#exit Configure VSP4k Pairs for SMLT/RSMLT – Step 2 of 2 • Create a VLAN to Carry the vIST Traffic • vsp4k1-1:1(config)#vlan create 4000 name IST type port-mstprstp 0 • vsp4k1-1:1(config)#vlan i-sid 4000 x04000 x=Clúster • Configure an IP Address for the vIST VLAN • • • vsp4k1-1:1(config)#interface vlan 4000 vsp4k1-1:1(config-if)#ip address 192.168.x.y 255.255.255.0 x=Lab, y=Unit Note – Notice the subnet mask usage. While the VSP supports CIDR prefix or dotted decimal notations, other products may require the full subnet mask (i.e. ERS series) • Configure the IP Address of the VSP4k Peer vIST Member • vsp4k1-1:1(config-if)#virtual-ist peer-ip 192.168.x.z vlan 4000 x=Lab, z=Unit Number of LAB Peer • Enable ISIS • vsp4k1-1:1(config)#router isis enable • Enable the Interfaces Comprising the vIST MLT • • • • • vsp4k1-1:1(config)#interface gigabitEthernet 1/1-1/2 vsp4k1-1:1(config-if)#no spanning-tree mstp force-port-state enable Are you sure you want to continue (y/n) ? y vsp4k1-1:1(config-if)#no shutdown vsp4k1-1:1(config-if)#exit Configure VSP4k Pairs for SMLT/RSMLT –VerifyVerification vIST Operation and SMLT Peer Info • show virtual‐ist State should be up • show isis spbm Verifty SMLT Peer info • show isis adjacencies two adjacencies up • show isis interface two interfaces up • show isis lsdb • show isis spbm ? [For Additional Commands] more entries (neighbors) Configure VSP4k SMLT Uplinks to Access Layer • Globally Enable VLACP • vsp4k1-1:1(config)#vlacp enable • Note – VLACP is not required but is recommended to avoid traffic loss due to cable issues • Create an MLT (Link Aggregation Group) to the Access Layer • vsp4k1-1:1(config)#mlt 1 enable • vsp4k1-1:1(config)#mlt 1 member 1/3 • vsp4k1-1:1(config)#mlt 1 encap dot1q • Configure MLT as an SMLT • vsp4k1-1:1(config)#interface mlt 1 • vsp4k1-1:1(config-mlt)#smlt • vsp4k1-1:1(config-mlt)#exit • Enable the Interface Comprising the Access Layer MLT & Enable VLACP • • • • vsp4k1-1:1(config)#interface gigabitEthernet 1/3 vsp4k1-1:1(config-if)#no spanning-tree mstp force-port-state enable vsp4k1-1:1(config-if)#vlacp fast-periodic-time 500 vsp4k1-1:1(config-if)#vlacp timeout short timeout-scale 5 funcmacaddr 180.c200.f • vsp4k1-1:1(config-if)#vlacp enable • vsp4k1-1:1(config-if)#no shutdown • vsp4k1-1:1(config-if)#exit Configure VSP4k SMLT Uplinks to Access Layer – Verification Verify MLT and SMLT State • show mlt Note MLT Admin vs. MLT Current • show smlt mlt Note Admin vs. Current The current state of an SMLT link will show ‘norm’ if the other side of the link is down, hasn’t yet been configured or is misconfigured. Since we haven’t configured the ERS3k/4k, the current state will show ‘norm’. Note – The state of the vIST will show ‘norm’ for both Admin and Current. This is expected as it’s a normal MLT. Unlike some earlier products, the vIST functions are handled within SPB and not the underlying MLT aggregation group. Hence, you wouldn’t see the MLT state for the IST showing ‘IST’ as you would with other products. Using the ‘show virtual‐ist’ will give you configuration and current state information. Configure ERS3k/4k Uplinks to Aggregation/Core Layer • Access the ERS3k/4k Console • Configure MLT Group for the Uplinks to the Core VSP4k’s • ers4k1(config)#mlt 1 name AggBlock1 member 1-2 learning disable • ers4k1(config)#mlt 1 enable • Note – “learning disable “ disables Spanning Tree on the MLT ports • Configure the VLACP MAC and enable VLACP globally. • ers4k1(config)#vlacp macaddress 180.c200.f • ers4k1(config)#vlacp enable • Note – The VLACP MAC Address MUST match on both sides of the connection. Otherwise, the MLT will not be formed. • Enable VLACP on the Uplink Ports • • • • • • ers4k1(config)#interface FastEthernet all ers4k1(config-if)#vlacp port 1-2 timeout short ers4k1(config-if)#vlacp port 1-2 fast-periodic-time 500 ers4k1(config-if)#vlacp port 1-2 timeout-scale 5 ers4k1(config-if)#vlacp port 1-2 enable ers4k1(config-if)#exit Configure VSP4k SMLT Uplinks to Access Layer – Verification On the VSP4k ‐ Verify MLT & SMLT State • show mlt Note MLT Admin vs. MLT Current • show smlt mlt Note Admin vs. Current Has the current state changed? If the Admin State shows ‘smlt’, yet the Current state shows ‘norm’ (instead of ‘smlt’): ‐ Is your peer configured yet? ‐ Are the interfaces enabled? ‐ Is the Access Layer switch MLT enabled? ‐ Is VLACP configured correctly and enabled? On the ERS3k/4k ‐ Verify MLT Status • show mlt Note the Status Verify VLACP Status (ERS & VSP) • ERS & VSP: show vlacp Note the Status • ERS: show vlacp interface x Note the ADMIN & OPER state & values • VSP Switch: show vlacp interface gigabit x/y Note the ADMIN & OPER state & values Stop Here Lab Flow • • • • • • • • • • • VSP 4000/8000 Accessing and Basics Review VSP 4000/8000 Software Upgrades and Licenses Enabling SPB on the switch Creating and testing SPB NNI links Creating and testing Layer 2 VSNs Creating and testing IP Shortcuts Establishing High Availability Access Layer Connectivity Creating Routed VLAN’s for the Access Layer Configuring Access Layer Best Practices Configuring Multicast Services Configuring and testing Layer 3 VSNs Creating Routed VLAN’s for the Access Layer • Objective • Configure Routed Data & Voice VLAN’s on the VSP4k’s • Create VLAN’s and Assign IP Addresses • Configure VLAN’s for RSMLT Operation • Assign VLAN’s to Access Layer Uplinks • Configure Data, Voice & Management VLAN’s on the ERS • Create and assign the Management VLAN & IP • Configure VLAN’s • Assign VLAN’s to Aggregation/Core Layer Uplinks • IP Subnets of Other LAB’s Will be Learned via IP Shortcuts Create Routed VLAN’s for RSMLT Operation – Step 1 of 2 • Access the VSP4k • Enable RSMLT Edge Support • vsp4k1-1:1(config)#ip rsmlt edge-support • Note – RSMLT Edge Support will save the RSMLT peer IP/MAC in the config file in the event the peer doesn’t restore after a simultaneous restart of both RSMLT systems • Create VLAN’s for Data and Voice • • • • vsp4k1-1:1(config)#vlan vsp4k1-1:1(config)#vlan vsp4k1-1:1(config)#vlan vsp4k1-1:1(config)#vlan create 10 name Data type port-mstprstp 0 i-sid 10 x00010 x=lab number create 20 name Voice type port-mstprstp 0 i-sid 20 x00020 x=lab number • Assign IP Address to the Data VLAN, Configure RSMLT and DHCP‐Relay • • • • • • • • vsp4k1-1:1(config)#interface vlan 10 vsp4k1-1:1(config-if)#ip address 10.1x.10.y/24 x=lab number y=unit number vsp4k1-1:1(config-if)#ip rsmlt vsp4k1-1:1(config-if)#ip rsmlt holdup-timer 9999 vsp4k1-1:1(config-if)#ip dhcp-relay vsp4k1-1:1(config-if)#ip dhcp-relay fwd-path 135.20.74.30 vsp4k1-1:1(config-if)#ip dhcp-relay fwd-path 135.20.74.30 enable vsp4k1-1:1(config-if)#exit Create Routed VLAN’s for RSMLT Operation – Step 2 of 2 • Assign IP Address to the Voice VLAN, Configure RSMLT and DHCP‐Relay • • • • • • • • vsp4k1-1:1(config)#interface vlan 20 vsp4k1-1:1(config-if)#ip address 10.1x.20.y/24 x=lab number y=unit number vsp4k1-1:1(config-if)#ip rsmlt vsp4k1-1:1(config-if)#ip rsmlt holdup-timer 9999 vsp4k1-1:1(config-if)#ip dhcp-relay vsp4k1-1:1(config-if)#ip dhcp-relay fwd-path 135.20.74.30 vsp4k1-1:1(config-if)#ip dhcp-relay fwd-path 135.20.74.30 enable vsp4k1-1:1(config-if)#exit • Configure Existing Management VLAN 100 for RSMLT Operation • • • • vsp4k1-1:1(config)#interface vlan 100 vsp4k1-1:1(config-if)#ip rsmlt vsp4k1-1:1(config-if)#ip rsmlt holdup-timer 9999 vsp4k1-1:1(config-if)#exit • Assign VLAN 10, 20 and 100 to the Access Layer MLT • vsp4k1-1:1(config)#vlan members add 10 1/3 • vsp4k1-1:1(config)#vlan members add 20 1/3 • vsp4k1-1:1(config)#vlan members add 100 1/3