The tutorial shows EtherChanel, VRRP,
DHCP and OSPF configuration on Cisco, Vyatta and Microcore Linux. A
campus network (look at figure 1) is created with Access and
Distribution layer. Instead of Layer 2 switches in Access layer there is
Cisco Router 3725 occupied with NM-16SW module in this layer and
Cisco is emulated by Dynamips. The Access Layer is L2 type and OSPF routing protocol is running between in Access and Distribution layer. Vyatta Core 6.1 router and Microcore 3.4.1 Linux router are placed in a Distribution Layer and are emulated by Qemu. Both Dynamips and Qemu emulators are controlled by GNS3 network simulator.
Bonding
– is known as an EtherChannel in Cisco terminology and it is
aggregation of several network interfaces to single logical interface.
If the physical links are Layer2 links (STP is running over these
links) either none of physical links is blocked by STP
(Spanning Tree Protocol) or all the links in bundle are blocked
because STP treats all the links like a single logical link. If one of
the links in bundle fails, traffic is sent through another link. Bonding
brings redundancy and increase an available bandwidth using
load-balance of a traffic over bundled inks. Bonding can be set
manually or can been negotiated using 802.3ad – Link Aggregation Control
Protocol.
Unlike Cisco switches, Cisco 3725 router can’t negotiate Etherchannel using LACP or PAgP protocol therefore the ports in bundle have to be configured as static members of bundle (mode on)
without possibility to act as the normal ethernet ports in a case of
unsuccessful negotiation of bundle with an opposite side. The link
between Vyatta and Microcore (interface bond0) is configured to
negotiate bundle using LACP (802.3ad) protocol.
Figure 1 Distribution and Access Layer of Campus network – click image to enlarge
VRRP stands for Virtual Router Redundancy protocol. You can read more about VRRP on Wiki.
I have showed some basic VRRP configuration on Vyatta and Microcore.
Microcore Linux router is Master because its priority is 150 and higher
than Vyatta’s priority 120 therefore traffic from PC1 and PC2 will go
through bond1 interface. If bond1 interface on Microcore fails, Vyatta
will take responsibility for traffic forwarding and transit from Backup
role to Master. This transitions is shown in point 11 of video.
OSPF
for backbone area 0 is configured on all Distribution and Access layer
devices. Quagga 0.99.17 routing software is installed on Microcore 3.4.1
Linux and for OSPF configuration you need to telnet to OSPF daemon
which is running on port 2604.
Microcore Linux router acts as DHCP
server for PCs connected to NM-16SW module. PCs receive IP address,
subnet mask, IP address of default gateway and domain name from DHCP
server. Default gateway IP address is 192.168.2.254 and it is a virtual
IP address of VRRP group 1. Thanks to VRRP configuration on Vyatta and
Microcore hosts connected to NM-16SW module on Cisco 3725 are always
capable of reaching default gateway IP address.
1. Configuration on Microcore Router
1.1 /EtherChannel/ Bonding ConfigurationLinux Microcore 3.4.1 supports bonding loaded as a module to kernel. Links are bonded to bundle with ifenslave control utility. They are several bonding modes you can read more about them here.
sudo su
vi /etc/modprobe.conf
#/etc/modprobe.conf: Modprobe config file.
alias bond0 bonding
options bonding mode=4 miimon=100 max_bonds=3
alias bond1 bonding
options bonding mode=0 miimon=100 max_bonds=3
echo “modprobe bond0″ >> /opt/bootlocal.sh
echo “modprobe bond1″ >> /opt/bootlocal.sh
echo “/etc/modprobe.conf” >> /opt/.filetool.lst
a) Create configuration script Ethernet and Bonding interfaces
vi /usr/local/bin/bonding.sh
ifconfig eth0 down # putting down the eth0 interface
ifconfig eth1 down
ifconfig eth2 down
ifconfig eth3 down
ifconfig bond0 hw ether 00:10:00:10:00:10 # changing the MAC address of the bond0 interface
ifconfig bond1 hw ether 00:11:00:11:00:11
ifconfig bond0 192.168.1.1 netmask 255.255.255.252 up # assign IP address the bond0
ifconfig bond1 192.168.1.5 netmask 255.255.255.252 up
ifenslave bond0 eth0 # putting the eth0 interface in the slave mod for bond0
ifenslave bond0 eth1 # putting the eth1 interface in the slave mod for bond0
ifenslave bond1 eth2
ifenslave bond1 eth3
echo “usr/local/bin/bonding.sh” >> /opt/bootlocal.sh
echo “usr/local/bin/bonding.sh” >> /opt/.filetool.lst
/usr/bin/filetool.sh -b
b) Create restart script for bond interfaces
vi /usr/local/bin/bonding-restart.sh
sudo ifconfig bond0 down
sudo ifconfig bond1 down
sudo rmmod bonding
sudo modprobe bond0
sudo modprobe bond1
sudo /usr/local/bin/bonding.sh
echo “usr/local/bin/bonding-restart.sh” >> /opt/.filetool.lst
/usr/bin/filetool.sh -b
1.2 DHCP Server Configuration on Microcore
sudo mkdir /etc/udhcpd/
echo “/etc/udhcpd/” >> /opt/.filetool.lst
sudo touch /etc/udhcdpd/udhcpd-bond1.leases
sudo vi /etc/udhcdpd/udhcpd-bond1.conf
start 192.168.2.0
end 192.168.2.249
interface bond1
lease_file /etc/udhcpd/udhcpd-bond1.leases
pidfile /var/run/udhcpd-bond1.pid
option dns 192.168.2.254
option subnet 255.255.255.0
option router 192.168.2.254
option domain microcore.linux.eu
echo “/usr/sbin/udhcpd /etc/udhcpd/udhcpd-bond1.conf” >> /opt/bootlocal.sh
/usr/bin/filetool.sh -b
1.3 VRRP Configuration on Microcore
sudo su
vi /usr/local/etc/keepalived/keepalived.conf
vrrp_instance VI_1 {
state MASTER
interface bond1
virtual_router_id 1
priority 150
virtual_ipaddress {
192.168.2.254/24 brd 192.168.2.255 dev bond1
VRRP daemon must be restarted after each change in keepalived.conf file.
sudo /usr/local/sbin/keepalived-restart.sh
Configuration changes in keepalived.conf must be saved with /opt/filetool.sh -b.
/usr/bin/filetool.sh -b
1.4 OSPF Configuration on Microcore
a) Login to ospfd daemon
telnet localhost 2604
Entering character mode
Escape character is ‘^]’.
Hello, this is Quagga (version 0.99.17).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
User Access Verification
Password: quagga
box> enable
box# conf t
box(config)# router ospf
box(config-router)# network 192.168.1.0/30 area 0
box(config-router)# network 192.168.2.0/24 area 0
box(config-router)# exit
box(config)# do write
Configuration saved to /usr/local/etc/quagga/ospfd.conf
box(config)# exit
Exit from Quagga daemon and save ospf configuration:
/usr/bin/filetool.sh -b
2. Configuration on Vyatta Router
vyatta@Vyatta:~$ show configuration
interfaces {
bonding bond0 {
address 192.168.1.2/30
description Link_to_Microcore
mode 802.3ad
}
bonding bond1 {
address 192.168.2.251/24
description Link_to_Cisco
mode round-robin
vrrp {
vrrp-group 1 {
advertise-interval 1
preempt true
priority 120
virtual-address 192.168.2.254
}
}
}
ethernet eth0 {
bond-group bond0
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
bond-group bond0
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
bond-group bond1
duplex full
smp_affinity auto
speed 100
}
ethernet eth3 {
bond-group bond1
duplex full
smp_affinity auto
speed 100
}
}
protocols {
ospf {
area 0 {
network 192.168.1.0/30
network 192.168.2.0/24
}
}
}
service {
lldp {
legacy-protocols {
cdp
}
}
}
bonding bond0 {
address 192.168.1.2/30
description Link_to_Microcore
mode 802.3ad
}
bonding bond1 {
address 192.168.2.251/24
description Link_to_Cisco
mode round-robin
vrrp {
vrrp-group 1 {
advertise-interval 1
preempt true
priority 120
virtual-address 192.168.2.254
}
}
}
ethernet eth0 {
bond-group bond0
duplex auto
smp_affinity auto
speed auto
}
ethernet eth1 {
bond-group bond0
duplex auto
smp_affinity auto
speed auto
}
ethernet eth2 {
bond-group bond1
duplex full
smp_affinity auto
speed 100
}
ethernet eth3 {
bond-group bond1
duplex full
smp_affinity auto
speed 100
}
}
protocols {
ospf {
area 0 {
network 192.168.1.0/30
network 192.168.2.0/24
}
}
}
service {
lldp {
legacy-protocols {
cdp
}
}
}
3. Configuration on Cisco 3725 with NMS-16SW module
Cisco#show running-configCurrent configuration : 1939 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
interface Port-channel1
description Link to Vyatta
switchport trunk allowed vlan 1,1002-1005
switchport mode trunk
duplex full
!
interface Port-channel2
description Link to Microcore
switchport trunk allowed vlan 1,1002-1005
switchport mode trunk
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
switchport trunk allowed vlan 1,1002-1005
switchport mode trunk
duplex full
speed 100
channel-group 1 mode on
!
interface FastEthernet1/1
switchport trunk allowed vlan 1,1002-1005
switchport mode trunk
duplex full
speed 100
channel-group 1 mode on
!
interface FastEthernet1/2
switchport trunk allowed vlan 1,1002-1005
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/3
switchport trunk allowed vlan 1,1002-1005
switchport mode trunk
channel-group 2 mode on
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
ip address 192.168.2.253 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 192.168.2.0 0.0.0.255 area 0
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
0 comments:
Post a Comment