Ads 468x60px

28 January 2019

Cisco Nexus Fabric EXtender (FEX)



I’ve had the luck of working with lots of switch manufactures such as Cisco, Juniper, HPE, etc, etc, etc and this has been great because I’ve been able to learn how these switches work. I’ve also learnt proprietary protocols which afterwards have been release as IEEE standards. For instance, I want to write today about Cisco FEX technology along with the encapsulation mechanism VN-Tag, which are referenced in standards like 802.1BR (Bridge Port Extension), 802.1Qbg (Edge Virtual Bridging) and 802.1Qbc (Provider Bridging).

Cisco FEX technology is easy to understand. We are familiar with modular switches where we have one or two supervisor modules for the management and control plane, and line cards for the data plane. FEX technology removes the line cards from the modular switch thus these I/O modules can be installed as ToR. In addition, these line cards, called Fabric Extenders, are no longer work in the data plane but they are Port Extenders which forward traffic to the Parent Switch where the management, control and data plane is carried out.

Cisco Nexus Fabric EXtenders

This is a new architecture for most network engineers and, therefore, we’ll have to learn new protocols. For instance, the VN-Tag protocol is an encapsulation mechanism to transport frames from the Port Extenders (FEX) to the Parent Switch, or Controlling Bridge according to IEEE. Thanks to this protocol, we can differentiate traffic between host interfaces traversing the fabric uplinks. In addition, Cisco includes management and control protocols such as SDP (Satellite Discovery Protocol), which is used to discover FEX devices, SMP (Satellite Management Protocol), which is used to control FEX devices, and MTS (Message and Transmission Service), which is also deployed in Cisco Catalyst and it is used for inter-process communications.

VN-Tag Header

What’s really interesting in this architecture is the capability of FEX devices to forward frames to the Parent Switch without local switching, then, switching is performed by the Parent Switch. This is going to be like a virtual wire between host interfaces and the Parent Switch. What’s more, this architecture has a great advantage for upgrading the Parent Switch performance because we’ll only have to upgrade the Parent Switch for better performance, due to the fact that forwarding and intelligent decisions are done by the Parent Switch, while FEX devices, already installed, can remain.

Management is another advantage important to highlight because we can manage this topology from a single management device. Therefore, configuration and troubleshooting can be done from the Parent Switch while FEX devices are remote devices which are also configured from the Parent Switch.

As network engineers, we also have to know the FEX operation and the type of interfaces involve in this kind of topologies. Therefore, it’s important to identify the HIF (Host Interface), NIF (Network Interface), LIF (Logical Interface) and VIF (Virtual Interface).

FEX Interfaces

You can see an innovating technology ready for Data Centers, do you like to deploy a network infrastructure with Cisco Fabric Extender?

21 January 2019

Cisco Nexus FabricPath



Configuring the Spanning-Tree Protocol (STP) is mandatory in high scalable networks because we’ll have lots of switches and we'll have to build loop-free topologies. However, STP sets links in blocking state to make loop-free topologies. Therefore, some links are not used and we can’t send traffic for more than one link at a time. Maybe, you are thinking about etherchannels or LACP links to send traffic for more than one link at a time but this technology only works between two switches thus it won’t allow uplinks to more than one device at a time.

An evolution of EtherChannels is Cisco Nexus vPC, which allows uplinks to two different switches to be active at the same time, but this technology is great for a server and not for scalable networks because it only allows two upstream switches per vPC. Therefore, if STP, EtherChannels or vPC is not great for high scalable networks, what technology fits this requirement? Cisco Nexus FabricPath is one of the best protocol for topologies where there are many switches with north-south and east-west traffic.

Comparison Between Traditional Data Center Design and a Cisco FabricPath Design Using the Same Networking Equipment

Cisco Nexus FabricPath is a proprietary protocol which has enhanced the TRILL (Transparent Interconnection of Lots of Links) standard. The aim of Cisco FabricPath is to replace STP to overcome the STP limitations. Hence, the Cisco protocol is going to simplify the topology and the configuration as well as maximizes bandwidth availability using ECMP (Equal Cost Multi-Pathing). In addition, as STP is not required, each switch is going to have its own Layer 2 topology which offers ECMP and loop prevention by using TTL.

We are used to configuring dynamic routing protocols, such as OSPF or BGP, for Layer 3 topologies but it’s amazing how these protocols can also help us to build Layer 2 topologies with loop-free connectivity like IS-IS does with Cisco FabricPath. It’s easy to understand, as dynamic routing protocols use IP addresses to build the routing table for Layer 3 topologies, dynamic routing protocols can also use MAC addresses to build loop-free Layer 2 topologies with load-balancing traffic using ECMP.

Most network engineers already know how to configure STP and Cisco FabricPath seems challenging because of IS-IS configuration. However, we don’t have to configure IS-IS because it’s automatically configured when Cisco FabricPath is enabled. This is an advantage but I have to say there is a disadvantage because STP only works at control plane but FabricPath works at control and data plane thus there is a new FabricPath header.

Actually, Cisco FabricPath uses a MAC-in-MAC encapsulation where the Inside MAC (iMAC) is the Classical Ethernet MAC address and OMAC is the Outside MAC address for the FabricPath domain. What’s more, as FabricPath frame is larger than the Classical Ethernet frame, due to the extra header, FabricPath switches should use jumbo frames or have the MTU increased.

FabricPath Frame Encapsulation

Did you know TRILL or Cisco FabricPath for scalable networks?

14 January 2019

Cisco Nexus vPC



When we are going to deploy a new Data Center network, we always have to think about the best network performance. If switches don’t have high rate interfaces, such as 100 Gbps interfaces, we should use more than one interface to get better performance. In addition, it’s a good idea to design the Data Center network with more than one uplink interface for redundancy because we’ll get better availability. Therefore, as network engineers, we should always design networks with several uplink interfaces for getting high performance and availability.

The best known technology for combining multiple network connections in parallel in order to increase throughput beyond what a single connection could sustain, and to provide redundancy in case one of the links fail is the Link Aggregation Control Protocol (LACP). However, there are already proprietary aggregation schemes similar to LACP. For example, the virtual Port Channel (vPC) is a Cisco technology which allow us to aggregate several port links between different Cisco Nexus switches to connect to a third party device (server, firewall, load balancer, etc) that supports link aggregation technology (LACP).

vPC Deployment Concept

Link Aggregation, such as vPC, has lots of technical benefits. One of the best technical benefit is the loop-free topology because it eliminates Spanning Tree Protocol (STP) blocked ports. In addition, we can use all available uplink interfaces, thus all available bandwidth is used, because we can send traffic for several interfaces at the same time. Theses technical benefits also simplify the network design. What’s more, Cisco vPC can be configured in different Cisco Nexus switches, accordingly, there are independent control planes.

If we are going to configure Cisco vPC, we’ll previously have to know the vPC architecture components. For instance, each Cisco Nexus switch will be a vPC Peer into the vPC domain. We also have to configure the vPC Peer Link and the vPC Peer Keepalive Link for the synchronization between vPC peer devices, which are synchronized thanks to Cisco Fabric Services (CFS) over the Ethernet protocol. In addition, there will be orphan ports for orphan devices and vPC member ports for aggregated switches.

vPC Architecture Components

I would like to highlight the role of the vPC Peer Link and the vPC Peer Keepalive Link. The vPC Peer Link is the most important component, which gives us the illusion of a single control plane, while the vPC Peer Keepalive Link is a Layer 3 backup test used to verify both Peers are alive. Therefore, if vPC Peer link fails and there is no Layer 3 communication, there will be a split brain scenario and a network outage.

Finally, some of you, maybe, are thinking about the Virtual Switching System (VSS) introduced by Cisco in Catalyst switches, or any other Multi-Chassis Link Aggregation technology built by other manufacturers, but vPC is slightly different with regard to the control plane. Cisco Nexus vPC maintains independent control planes.

Comparing Catalyst VSS with Nexus vPC
 
If you are interested in Cisco Nexus vPC and you need more information, you should check The Complete Cisco Nexus vPC Guide by Firewall.cx.

Do you usually configure LACP in your Data Center?

7 January 2019

It’s time to think. It’s time to have a plan.



It’s time to play with toys but I think it’s also time to think. It’s time to know what we got last year and what we want to get this new year. Maybe, it’s time to give up smoking and go to the gym. I don’t smoke and I already go to the gym. Therefore, I’m going to ask new wishes for this year. The truth, some of them are similar to those I asked last year, such as learning French language and renew the CISA and CISM Certifications. In fact, most of the wishes are about keep learning and studying which, I think, is the best way to improve and learn new skills.

One of my wishes is to renew the CISA and CISM Certifications. Last year, I got more than 100 CPEs (Continuing Professional Education) to renew these certifications because I delivered security training courses and I passed the F5 BIG-IP ASM Certified Technology Specialist exam. In addition, I got the second prize of the CyberSecurity Challenge at ForoCiber and I took lots of webinars. This year, I’m going to deliver ethical hacking courses as well as a computer forensic course, which will be useful for getting more CPEs and renew the ISACA Certifications.

Speaking about certificates, this year, my Cisco CCNP Routing & Switching certificate is going to expire. Therefore, I’m thinking about taking the Implementing Cisco Data Center Infrastructure (DCII) exam because I would like to know how Cisco Nexus switches work. What’s more, this exam is going to help me to reinforce my knowledge about VXLAN, Overlay Technologies, HSRP, VRRP and GLBP, Spanning Tree Protocol, etc.

I’m learning the French language since 2016. I’ve already got the A2 level and I’m studying for the B1 level. Learning a new language is not easy. It requires lots of time and effort. However, I will continue going to classes. I will listen the radio in French language and I will read and write in French language as well. Of course, I know I will also have to speak in French language. It’s interesting. I like!

I’ve never written about internships for students with Ariadnex. I don’t know exactly how many students have already had an internships with Ariadnex but I like thinking tasks and projects for them. For instance, last year, three students (Carlos, Guadalupe and David) have been at Ariadnex offices and they have been doing the Final Degree Project with us. They have been working with Proxy servers, Firewalls, SIEMs, etc. I would like more students come to Ariadnex for this new year.

I’ve read books last year and I would like to read more books this year. While I’m reading, I’m relax, and I’m learning new things at the same time. I like! I have a list with lots of books about technology, psychology, economy, etc. For instance, some of the last books I’ve written down are “Hit Refresh: The Quest to Rediscover Microsoft’s Soul and Imagine a Better Future for Everyoneby Satya Nadella or "The History of Information Security: A Comprehensive Handbook" by Karl Maria Michael de Leeuw and Jan Bergstra.

Do you want to tell us your planning for this year?
Related Posts Plugin for WordPress, Blogger...

Entradas populares