Cisco Catalyst 6500
IOS Update
Chew Kin Pheng, Systems Engineer
(kchew@cisco.com)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Agenda
Introduction
Embedded Event Monitoring (EEM)
Generic Online Diagnostics (GOLD)
Smart Call Home (SCH)
Global Balancing Protocol (GLBP)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Wiring Closet
Backbone
Data Center
EWAN
Metro
NEW
SP
Network
Unified Network
Services
•
Non-Stop
Communication
 LLDP-MED
 IPv6 Innovations
 NAC Integration
 16 port 10G
linecard
 VS-S720-10G
 IPsec Leadership
 Multicast VPN
Inter-AS and
Extranet
 EnhancedSoftware
Object
 16-way SHIPPING!
 IOS Software
12.2(33)SXH
Tracking
Loadbalancing
Modularity
 IOS Modularity
 GOLD
 CPP
 HSRP and GLBP
SSO
 Fast Fabric
Switchover
 BFD with BGP
 Smart Call Home
 Multiple SPAN
Enhancements
 Smart Call-Home
 IP SLA
 EEM
 Smart Call-Home
 VRF Aware
Services
 MPLS (L2,
L3VPN, TE)
Innovations
 VRF Aware
Services
 LLDP-MED
 NAC Integration
 MPLS HA
 MPLS FRR link and
Node protection
 Multiplexed UNI
200+ Features with Full IOS Software Modularity
Operational
Manageability
 Smart-Ports
 EEMIOS Transition Release
CatOS to
 AutoSecure
 MPLS MIBs
 Multi-VRF with
 Smart Call Home
Multicast
 Smart-Ports,
 802.1x, MAC Auth, AutoQoS,
Web Auth for
AutoSecure
Access Control
 Private Hosts
Major
Virtualization
Application
Intelligence
Integrated
Security
Presentation_ID
 E-OAM (802.1ag
and 802.3ah)
Security Enhancements
(IBNS, 802.1x etc)
 L2, L3 VPN
Innovations
 Per interface
NDE Scalability
Virtual
& L2
Innovations
 NBARSwitching
on PISA
 NetFlow Top
 Sophisticated
 Sophisticated
 AutoQoS
 NetFlow Top
Talkers
 Multcast NDE
Talkers
 Per interface NDE
QOS support with
LLQ, cRTP, LFI,
MLPPP
QOS support for
optimized Triple
Play services
 16K IPSec tunnels
 DMVPN support
in HW
 Layer 3 NAC
 Address Spoofing
Prevention
Continued End-To-End Leadership
 FPM on PISA
 CIST, NAC,
IBNS Solution
Integration
© 2006 Cisco Systems, Inc. All rights reserved.
 Policy-Based
ACLs
 IGMP Filtering
Cisco Confidential
 Policy-Based
ACLs
 Multicast Router
Guard
 CoPP
3
Embedded Event
Management
(EEM) Overview
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
EEM – What is it?
 Embedded Event Manager (EEM) is a programmable subsystem
that is present in the IOS that runs on the Catalyst 6500
 It allows Network Administrators to automate responses to specific
events that occur on the switch
Simplified Operation - Embedded Event Manager provides a means to automate the operational
management in real time - EEM monitors for specific events on the switch and can invoke pre
defined actions to correct, take remedial action and report the event to network operations… 5
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
EEM - How does it work?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
EEM
Basic Architecture
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
EEM - Examples of its Use?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
EEM - Examples of its Use?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Catalyst 6500 Management
Simplified Operation - EEM Example
Automate switch configuration for
connected IP phones
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
EEM - The Hardware and Software it works with?
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Generic Online
Diagnostics For The
Catalyst 6500
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Generic Online Diagnostics
What is GOLD?
 GOLD defines a common framework for
diagnostics operations across Cisco platforms
running Cisco IOS Software.
 Goal: check the health of hardware components
and verify proper operation of the system data
plane and control plane at run-time and boottime.
 Provides a common CLI and scheduling for field
diagnostics including :
• Bootup tests (includes online insertion)
• Health monitoring tests (background non-disruptive)
• On-Demand tests (disruptive and non-disruptive)
• User scheduled tests (disruptive and non-disruptive)
• CLI access to data via management interface
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Generic Online Diagnostics
How does GOLD work?
 Diagnostic packet switching tests
verify that the system is operating
correctly:
– Is the supervisor control plane
and forwarding plane functioning
properly?
– Is the standby supervisor ready to
take over?
– Are linecards forwarding packets
properly?
– Are all ports working?
– Is the backplane connection
working?
 Other types of diagnostics tests
including memory and error
correlation tests are also available
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Forwarding
Engine
Line
card
Fabric
Forwarding
Engine
CPU
Active Supervisor
Standby Supervisor
Line
card
16
Generic Online Diagnostics
What type of failure does GOLD detect?
 Diagnostics capabilities built in
hardware
 Depending on hardware, GOLD can
catch:
–Port Failure
–Bent backplane connector
–Bad fabric connection
–Malfunctioning Forwarding engines
–Stuck Control Plane
–Bad memory
–…
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Generic Online Diagnostics
Diagnostic Integration
Configuration/reporting
Action
Boot-up diagnostics
Runtime diagnostics
Configure online diagnostics
and check diagnostics results
On-demand
Si
Scheduled
Health-monitoring
Provides generic diagnostics
framework
•Default corrective action
Supervisor reset
Supervisor switch-over
Fabric switch-over
Port shut down
Line card reset
Line card power down
Generate a call-home
message
•Trigger Syslog
•Trigger EEM policies
•Generate SNMP Trap
Automated action based on
diagnostics results
Verify hardware functionalities
Detect and identify problems before they result in network downtime!
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Generic Online Diagnostics
Diagnostic Operation
Boot-Up Diagnostics
Switch(config)#diagnostic bootup level complete
Run During System Bootup, Line
Card OIR or Supervisor Switchover
Makes Sure Faulty Hardware Is
Taken out of Service
Runtime Diagnostics
Health-Monitoring
Switch(config)#diagnostic monitor module 5 test 2
Switch(config)#diagnostic monitor interval module 5 test 2
00:00:15
Non-Disruptive Tests Run
in the Background
Serves as HA Trigger
On-Demand
Switch#diagnostic start module 4 test 8
Module 4: Running test(s) 8 may disrupt normal
system operation
Do you want to continue? [no]: y
Switch#diagnostic stop module 4
Scheduled
Switch(config)#diagnostic schedule module 4
test 1 port 3 on Jan 3 2005 23:32
Switch(config)#diagnostic schedule module 4
test 2 daily 14:45
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
All Diagnostics Tests Can Be Run
on Demand, for Troubleshooting
Purposes. It Can Also Be Used As
A Pre-deployment Tool
Schedule Diagnostics Tests, for
Verification and Troubleshooting
Purposes
19
Generic Online Diagnostics
View the GOLD Tests and Attributes
Switch#show diagnostic content mod 5
Module 5: Supervisor Engine 720 (Active)
<snip>
Testing Interval
ID
Test Name
Attributes
==== ================================== ============
(day hh:mm:ss.ms)
=================
1) TestScratchRegister -------------> ***N****A***
000 00:00:30.00
2) TestSPRPInbandPing --------------> ***N****A***
000 00:00:15.00
3) TestTransceiverIntegrity --------> **PD****I***
not configured
4) TestActiveToStandbyLoopback -----> M*PDS***I***
not configured
5) TestLoopback --------------------> M*PD****I***
not configured
6) TestNewIndexLearn ---------------> M**N****I***
not configured
7) TestDontConditionalLearn --------> M**N****I***
not configured
Diagnostics test suite attributes:
8) TestBadBpduTrap -----------------> M**D****I***
not configured
M/C/* - Minimal bootup level test / Complete bootup level
9) TestMatchCapture ----------------> M**D****I***
test /not
NA configured
10) TestProtocolMatchChannel --------> M**D****I***
B/* - not
Basic
configured
ondemand test / NA
11) TestFibDevices ------------------> M**N****I***
P/V/* -not
Perconfigured
port test / Per device test / NA
12) TestIPv4FibShortcut -------------> M**N****I***
D/N/* -not
Disruptive
configured
test / Non-disruptive test / NA
13) TestL3Capture2 ------------------> M**N****I***
S/* - not
Onlyconfigured
applicable to standby unit / NA
14) TestIPv6FibShortcut -------------> M**N****I***
X/* - not
Not configured
a health monitoring test / NA
15) TestMPLSFibShortcut -------------> M**N****I***
F/* - not
Fixed
configured
monitoring interval test / NA
16) TestNATFibShortcut --------------> M**N****I***
E/* - not
Always
configured
enabled monitoring test / NA
17) TestAclPermit -------------------> M**N****I***
A/I - not
Monitoring
configured
is active / Monitoring is inactive
18) TestAclDeny ---------------------> M**N****A***
R/* - 000
Power-down
00:00:05.00
line cards and need reset supervisor / NA
19) TestQoSTcam ---------------------> M**D****I***
K/* - not
Require
configured
resetting the line card after the test has
completed / NA
<snip>
T/* - Shut down all ports and need reset supervisor / NA
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Generic Online Diagnostics
GOLD Test Attributes (Con’t)
20) TestL3VlanMet -------------------> M**N****I***
not configured n/a
21) TestIngressSpan -----------------> M**N****I***
not configured n/a
22) TestEgressSpan ------------------> M**D****I***
not configured n/a
23) TestNetflowInlineRewrite --------> C*PD****I***
not configured n/a
24) TestFabricSnakeForward ----------> M**N****I***
not configured n/a
25) TestFabricSnakeBackward ---------> M**N****I***
not configured n/a
26) TestTrafficStress ---------------> ***D****I**T
not configured n/a
27) TestFibTcamSSRAM ----------------> ***D*X**IR**
not configured n/a
28) TestAsicMemory ------------------> ***D*X**IR**
not configured n/a
29) TestNetflowTcam -----------------> ***D*X**IR**
not configured n/a
30) ScheduleSwitchover --------------> ***D****I***
not configured n/a
31) TestFirmwareDiagStatus ----------> M**N****I***
not configured n/a
32) TestAsicSync --------------------> ***N****A*** 000 00:00:15.00 10
Diagnostics test suite attributes:
M/C/* - Minimal bootup level test / Complete bootup level
test / NA
B/* - Basic ondemand test / NA
P/V/* - Per port test / Per device test / NA
D/N/* - Disruptive test / Non-disruptive test / NA
Pay Extra Attention to Memory Tests:
Memory Tests Can Take Hours to
Complete and a Reset Is Required
After Running These Tests
S/* - Only applicable to standby unit / NA
X/* - Not a health monitoring test / NA
F/* - Fixed monitoring interval test / NA
E/* - Always enabled monitoring test / NA
A/I - Monitoring is active / Monitoring is inactive
R/* - Power-down line cards and need reset supervisor / NA
K/* - Require resetting the line card after the test has
completed / NA
T/* - Shut down all ports and need reset supervisor / NA
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Generic Online Diagnostics
An example: Supervisor datapath coverage
MSFC
PFC3
L3/4
Engine
L2 Engine
Port ASIC
RP CPU
SP CPU
Fabric
Interface/
Replication
Engine
Switch Fabric
DBUS
RBUS
EOBC
16 Gbps
Bus
Monitors forwarding path
between the Switch Processor,
Route Processor and Forwarding
Engine
Runs Periodically every 15
Seconds after System is Online
(Configurable)
10 Consecutive Failures is
treated as FATAL and will result
in supervisor switchover or
supervisor reset
Switch(config)#diagnostic monitor module 5 test 2
Switch(config)#diagnostic monitor interval module 5 test 2 00:00:15
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Generic Online Diagnostics
View GOLD Results
Switch#show diagnostic result mod 7
Current bootup diagnostic level: complete
Module 7: CEF720 24 port 1000mb SFP
Overall Diagnostic Result for Module 7 : MINOR ERROR
Diagnostic level at card bootup: complete
Test results: (. = Pass, F = Fail, U = Untested)
1) TestTransceiverIntegrity:
Port
1
2
3
4
5
6
7
8
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
---------------------------------------------------------------------------U
U
.
U
.
.
U
U
.
.
U
U
.
.
U
U
U
U
U
U
U
U
U
U
5
6
7
8
9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
2) TestLoopback:
Port
1
2
3
4
---------------------------------------------------------------------------.
.
.
.
.
.
.
.
.
.
.
.
F
.
.
.
.
.
.
.
.
.
.
.
3) TestScratchRegister -------------> .
4) TestSynchedFabChannel -----------> .
<snip>
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
GOLD
Operation Example
GOLD generic Syslog messages start with the string “DIAG”;
CONST_DIAG”
messages platform specific…
Bootup Test Failure:
%CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 2: TestL3VlanMet failed
Health Monitoring Test Failure:
%CONST_DIAG-SP-3-HM_TEST_FAIL: Module 5 TestSPRPInbandPing consecutive
failure count:10
%CONST_DIAG-SP-6-HM_TEST_INFO: CPU util(5sec): SP=3% RP=12% Traffic=0%
%CONST_DIAG-SP-4-HM_TEST_WARNING: Sup switchover will occur after 10
consecutive failures
On Demand Diagnostics Test Failure:
%DIAG-SP-3-TEST_FAIL: Module 5: TestTrafficStress{ID=24} has failed.
Error code = 0x1
Scheduled Diagnostics Test Failure:
%DIAG-SP-3-TEST_FAIL: Module 3: TestLoopback{ID=1} has failed. Error code
= 0x1
Generic Minor and Major Failure:
%DIAG-SP-3-MINOR: Module 3: Online Diagnostics detected a Minor Error.
Please use 'show diagnostic result <target>' to see test results.
%DIAG-SP-3-MAJOR: Module 6: Online Diagnostics detected a Major Error.
Please use 'show diagnostic Module 6' to see test results.
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Reducing Downtime Thru Automation
GOLD Integration With EEM and Call Home
 Automates problem diagnosis
and information gathering
Configure User Policies
EEM applets and scripts can
initiate GOLD tests
 Automates corrective actions
and notifications
GOLD events can trigger EEM
scripts
Gather Information &
Diagnose Known Issues
Beginning in release
12.2(33)SXH GOLD corrective
actions are configured via EEM
scripts
 Automates result notification
GOLD events are monitored by
Call Home diagnostics profile
group
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Take Corrective Actions
Dispatch & Repair
25
Embedded Event Manager Supports Event
Detector for GOLD
 EEM can be used
to track and
perform corrective
actions for GOLD
 Beginning in
release
12.2(33)SXH all
GOLD corrective
actions are scripted
using EEM
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Core1# show event manager policy register detail
Mandatory.go_unusedportlpbk.tcl
::cisco::eem::event_register_gold card all testing_type
monitoring test_name TestUnusedPortLoopback action_notify TRUE
consecutive_f
ailure 10 platform_action 0 queue_priority last
#
# GOLD TestUnusedPortLoopback Test TCL script
#
# April 2006, Sifang Li
#
# Copyright (c) 2005-2007 by cisco Systems, Inc.
# All rights reserved.
#
#
# Register for TestUnusedPortLoopback test event
# the elements for register the event
# card [all | card #]
# sub_card [all | sub_card #]
# severity_major | severity_minor | severity_normal default :
severity_normal
# new_failure [true | false] default: dont_care
# testing_type [ondemand | schedule | monitoring]
# test_name [ test name ]
# test_id [ test # ]
# consecutive_failure [ consecutive_failure # ]
# platform_action [action_flag]
# action_flag [ 0 | 1 | 2 ]
# queue_priority [ normal | low | high | last]
default:
normal
#
#....
Cisco Confidential
26
Call Home Service Monitors GOLD Status
 Automates the
notification process
 Allows customization
via profiles
Severity levels
Who gets notified
Which transport
method
call-home
alert-group configuration
alert-group diagnostic
alert-group environment
alert-group inventory
alert-group syslog
profile "CiscoTAC-1"
no active
no destination transport-method http
destination transport-method email
destination address email callhome@cisco.com
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
subscribe-to-alert-group diagnostic severity minor
subscribe-to-alert-group environment severity minor
subscribe-to-alert-group syslog severity major pattern ".*"
subscribe-to-alert-group configuration periodic monthly 8 16:34
subscribe-to-alert-group inventory periodic monthly 8 16:19
 Initially supported in
IOS 12.2(33)SXH
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
27
Generic Online Diagnostics
Recommendations
 Bootup diagnostics:
Set level to complete
 On demand diagnostics:
Use as a pre-deployment tool: run complete diagnostics
before putting hardware into production environment
Use as a troubleshooting tool when suspecting
hardware failure
Si
 Scheduled diagnostics:
Schedule key diagnostics tests periodically
Schedule all non-disruptive tests periodically
 Health-monitoring diagnostics:
Key tests running by default
Enable additional non-disruptive tests for specific functionalities enabled
in your network: IPv6, MPLS, NAT
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
28
Generic Online Diagnostics Summary
 Provides a common framework to configure, view
and schedule diagnostics across Cisco IOS based
switches and routers
 GOLD functional tests verify both the data path
and control path of the device, can be run during
bootup and during runtime
 When combined with other features such as
Embedded Event Manger and Call Home the
MTTR, mean time to repair, can be dramatically
lowered via process automation
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
Smart
Call Home
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
30
Catalyst 6500 Management
Simplified Operation - Smart Call Home
Cisco TAC investigates
problem and suggests
remediation including
shipping replacement
parts if necessary
Customer implements
remediation and replaces
faulty part (if applicable)
Sends message to Cisco
TAC with precise
information and
diagnostics
Detects GOLD events and sends to Call Home
GOLD runs diags, isolates fault and precise location
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
31
What Is Smart Call Home?
Interactive Technical Services
Unique Catalyst 6500 Differentiator
Customer
Internet
 Customer Notification
 Device and Message Reports
 Exceptions/Fault Analysis
TAC
3
Secure Transport*
Messages Received:




Call Home
Diagnostics
Environmental
Syslog
Inventory and
Configuration
Automated
Diagnosis
Capability
2
Call
Home DB
IOS 12.2(33)SXH
1
Service Request
Tracking System
*Ensures data protection
HTTPS Encryption
Certificate-based authentication
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
32
The Smart Call Home Difference
Before
45 min
Minor hardware
failure—undetected
P3 Service
Request opened
Customer’s Ops
team discovers IP
multicast
configuration
problem
Cisco RP team
checks
IP Multicast
configuration
3.75 hrs
12 hrs
Problem
narrowed to
specific Cat
6500 ports
Look into various
known issues and
bugs on WSX6548-GE-TX.
Re-queued to
LAN SW team
Find nothing.
Request logs from
customer
25 hours
Logs received
and analyzed
Identify online
diagnostics
failure for test
TestL3VlanMet
29 hours
Replacement part
received (4 –hour
replacement
coverage)
RMA created
After
12 min
Minor hardware
failure—detected
and Service
Request
automatically
generated
Presentation_ID
P3 SR opened
due to GOLD
failure. Diag.
info attached
Cisco LAN SW
team takes
ownership
© 2006 Cisco Systems, Inc. All rights reserved.
42 min
Informs
customer of
problem and
confirms
hardware
fault
Cisco Confidential
1.2 hrs
RMA created and
part dispatched.
5.5 hrs
Replacement part
received (4 –hour
replacement
coverage)
35
Increased Value Proposition
for Cisco Customers
Proactive, fast issue resolution
Higher
Network
Availability
 Devices continually monitored with secure,
connected service
 Real-time alerts for early detection of potential
network problems
 Automatic, accurate fault diagnosis
Smart
Call
Home
Increased
Operational
Efficiency
Fast
Access to
Information
Less time troubleshooting
 Automated Service Request (SR) creation
 Detailed diagnostics attached to SR
 Routed to correct TAC team
Fast, web-based access to information
 Call Home messages, diagnostics and
recommendations
 Inventory and configuration for all Call Home devices
 Security alerts, Field and End-of-life Notices
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
37
Global Load
Balancing Protocol
(GLBP)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
38
First Hop Routing Protocols
 Hot Standby Router Protocol (HSRP)
Cisco informational RFC 2281 ( March 1998)
Patented: US Patent 5,473,599, December 5, 1995
 Virtual Router Redundancy Protocol (VRRP)
IETF Standard RFC 2338 (April 1998)
Now made obsolete by www.ietf.org/rfc/rfc3768.txt
 Gateway Load Balancing Protocol (GLBP)
Cisco innovation, load sharing, patent pending
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
39
GLBP Business Benefit
Suppose a network
with dual routers and Standby
links, with HSRP
Active
GLBP allows use of
all available paths
GLBP cuts useable
bandwidth costs in half
$648 vs. $1295
6 x T1 = 9.264 Mbps
T1 Costs $1000
$6000 / 9.264 = $648/Mb
WAN or MAN
Only using 4.632Mbps
Active
$1295/Mb
Active
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
But really only
half the links in
use,
these are idle
Standby Standby
Cisco Confidential
42
The Enterprise Premise Edge:
Greater Efficiency at Same Cost
 With Active/Standby
Packet
rate
Buffer
threshold
Packet
rate
Buffer
Load balancing improves
threshold
throughput & reduces
potential of packet loss
Single buffer pool, single set
of queues
Packet
loss
Higher risk of packet loss
 With GLBP
Load is shared
More available resources
GLBP improvements over
HSRP/VRRP
•Simplified provisioning
•Improved redundancy
model
•Superior throughput
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
43
How GLBP Works
R1—AVG; R1, R2, R3 All Forward Traffic
GLBP AVG/AVF,SVF
IP:
10.0.0.254
MAC: 0000.0c12.3456
vIP: 10.0.0.10
vMAC: 0007.b400.0101
AVG
GLBP AVF,SVF
IP:
10.0.0.253
MAC: 0000.0C78.9abc
vIP: 10.0.0.10
vMAC: 0007.b400.0102
R1
R2
ARP
ARP
IP:
MAC:
GW:
ARP:
Presentation_ID
R3
Gateway Routers
ARP
ARP
Reply
ARP
Reply
Clients
GLBP AVF,SVF
IP:
10.0.0.252
MAC: 0000.0cde.f123
vIP: 10.0.0.10
vMAC: 0007.b400.0103
CL1
ARP
Reply
10.0.0.1
aaaa.aaaa.aa01
10.0.0.10
0007.B400.0101
© 2006 Cisco Systems, Inc. All rights reserved.
CL2
IP:
MAC:
GW:
ARP:
Cisco Confidential
10.0.0.2
aaaa.aaaa.aa02
10.0.0.10
0007.B400.0102
CL3
IP:
MAC:
GW:
ARP:
10.0.0.3
aaaa.aaaa.aa03
10.0.0.10
0007.B400.0103
44
How GLBP Works
R1—AVG; R1, R2, R3 All Forward Traffic
GLBP AVG/AVF,SVF
IP:
10.0.0.254
MAC: 0000.0c12.3456
vIP: 10.0.0.10
vMAC: 0007.b400.0101
AVG
Clients
IP:
MAC:
GW:
ARP:
Presentation_ID
GLBP AVF,SVF
IP:
10.0.0.253
MAC: 0000.0C78.9abc
vIP: 10.0.0.10
vMAC: 0007.b400.0102
R1
GLBP AVF,SVF
IP:
10.0.0.252
MAC: 0000.0cde.f123
vIP: 10.0.0.10
vMAC: 0007.b400.0103
R2
CL1
10.0.0.1
aaaa.aaaa.aa01
10.0.0.10
0007.B400.0101
© 2006 Cisco Systems, Inc. All rights reserved.
R3
CL2
IP:
MAC:
GW:
ARP:
Cisco Confidential
10.0.0.2
aaaa.aaaa.aa02
10.0.0.10
0007.B400.0102
Gateway Routers
CL3
IP:
MAC:
GW:
ARP:
10.0.0.3
aaaa.aaaa.aa03
10.0.0.10
0007.B400.0103
45
GLBP – Protocol Details
 ‘Hello’ messages are exchanged between group members
AVG election by priority
vMAC distribution, learning of VF instances
 GLBP will use the following multicast destination for packets sent
to all GLBP group members:
224.0.0.102, UDP port 3222
 Virtual MAC addresses will be of the form:
0007.b4yy.yyyy
where yy.yyyy equals the lower 24 bits; these bits consist of 6 zero
bits, 10 bits that correspond to the GLBP group number, and 8 bits
that correspond to the virtual forwarder number
0007.b400.0102 : last 24 bits = 0000 0000 0000 0001 0000 0010 =
GLBP group 1, forwarder 2
 Protocol allows for 1024 groups and 255 forwarders
Number of forwarders are capped at 4
Hardware restrictions limit actual number of groups and forwarders
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
46
GLBP Configuration Rules
 Load balancing operates on a per-host basis
All connections for a given host will use the same gateway
 Maximum of 4 MAC addresses per GLBP Group
 Load balancing algorithm, 3 types:
Round-robin
Each virtual forwarder MAC takes turns
Weighted
Directed load determined by advertised weighting factor
Host-dependent
Ensures that each host is always given the same vMAC
 If no load balance algorithm is specified, default is round-robin
 MD5 authentication security (Releases 12.3(2)T and 12.2(18)S))
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
47
GLBP Configuration Example
!
interface FastEthernet2/0
ip address 10.88.49.1 255.255.255.0
duplex full
glbp 1 ip 10.88.49.10
glbp 1 priority 105
glbp 1 authentication text magicword
glbp 1 weighting 100 lower 95
glbp 1 weighting track 10 decrement 10
glbp 1 forwarder preempt delay minimum 0
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
48
Cisco Catalyst 6500 Series and Cisco
7600 Series GLBP Specifics
 GLBP “reserves” 4 MAC filter entries
The number of forwarders in the group is limited to 4*
Active Virtual Gateway will ‘allocate’ these to GLBP group members (Virtual
Forwarders)
 There is a restriction on GLBP group number for the MSFC2/PFC2 – Only
a single group may be defined
 The single group may be reused on all VLAN
 Sup720 supports both plain text & MD5 auth; Sup2 plain text only
 HSRP & GLBP can co-exist in Sup720 but not in Sup2
 GLBP Availability:
Cisco IOS Software
Release
Switching Product
12.2(17d)SXA and later
Cisco Catalyst 6500 SUP720/MSFC3
12.2(17d)SXB and later
Cisco Catalyst 6500 SUP2/MSFC2, C7600
SUP2/MSFC2
Group/Forwarder Limits
1024 / 4
1/4
* Note: 1024 group limit is an arbitrary cap, the protocol design actually allows
for 4096; as is the forwarder limit of 4 – the design could allow for up to 16.
Customers
not
requested
the additional capacity.
Presentation_ID
© 2006 Ciscohave
Systems, Inc.
All rights
reserved.
Cisco Confidential
50
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
51