Tuesday, December 11, 2012

Cisco CCNP tutorial: Link aggregation/bundling and failover

The last article was about layer 3 switches and how they can be useful in your network. Today I introduce another technology which is introduced in CCNA. Suppose I have  a switch connected to a server by a 1 gbps link. Now suppose two servers want to exchange data at very high speed but are not able to because of the limit on the carrier capacity. What if I could tell the switch to make (atleast) two links connected to it to behave as one? The inter-server communication can be done at 2 gbps now, utilizing both the links. Or suppose we have a switch which connects to an upstream switch. To provide redundancy we require that two links be connected to it so if one link fails the switch is automatically able to failover to the other link. If you try to simple connect two wires to a switch, one of them will get blocked because of STP and will not be utilized (a loop is being formed).To try and solve this problem a technology called Link aggregation/bundling/bonding was invented. Earlier each major vendor had its own proprietary protocol, but now that has changed. IEEE has come up with a standard known as IEEE 802.1ax LACP (Link aggregation control protocol) for Ethernet network. Please note that this technology can be used ONLY for ethernet networks. Since it is an open source protocol it can be used on a variety of devices from different vendors including HP,Juniper and  of course Cisco. Even today's servers can be configured to run LACP ( a thorough treatment of how to run LACP on servers in a future article). Refer to the below diagram which we strive to implement within a few more articles.

Topology having aggregate links, multilayer switches and gre tunneling

As you can clearly see the two links between Switch 0 and multilayer switch 2 are both active, indicated by the green light. This is because they are acting as an aggregate of a single link. STP and infact all the devices see this as one interface known as port-channel interface. To ensure a smooth formation of aggregate link a few steps are recommended.

  • Both the ports on the switch should be of the same type.
  • Similarly, one port of a switch should be connected to a similar port on the other switch. This means that their hardware properties, link speed, duplex mode, IOS version etc must be the same.
  • Any configuration after link aggregation should be done on the newly formed aggregate itnerface.
These steps should ensure that you have a robust aggregate pipe of multiple links. The number of links that can be aggregated depends on the switch being used.

Implementation of aggregate link

On switch 0:

enable  //we will define port channel bundle with id 1
conf t
interface range fa0/1-2 //change the itnerface number according to your needs
channel-group 1 mode active  //define a bundle of two links with LACP set 
channel-protocol lacp //ensure LACP is working
interface port-channel 1 //the logical aggregate interface

switchport trunk encapsulation dot1q //required
switchport mode trunk

On switch 1:

enable //we will define port channel bundle with id 2
conf t
interface range fa0/23-24
channel-group 2 mode active
channel-protocol lacp
interface port-channel 2
switchport mode trunk
switchport trunk encapsulation dot1q //required

On multilayer switch:

conf t
interface port-channel 1
switchport trunk encapsulation dot1q //required
switchport mode trunk
conf t
interface port-channel 2
switchport trunk encapsulation dot1q  //required
switchport mode trunk

Spanning Tree shows no port is blocked even though two ports are connected to the same switch
The above diagram clearly exhibits that none of the ports were blocked even though in a normal configuration they would have.

Who would have thought that it was so easy to make multiple ports on your switch to behave as one giving far superior throughput and  network redundancy at the same time! Note that a device can have upto 16 ports bundled together. So if all the ports have a capacity of 1gbps, that is 16gbps of pipe in your network!

This was a quick rundown of what Ethernet bonding/aggregation is . In the next article in this series gre tunneling will be introduced which is also another interesting topic in CCNP curriculum.

Important Links:

1. Wiki on Ethernet Aggregation
2. Cisco page on LACP(802.3ad)
3. Part 1: Inter Vlan routing using layer 3 switch in Cisco

Sunday, December 9, 2012

CCNP tutorial: layer 3 switch & inter-vlan routing Part 1

This is an introductory article to talk about some of the fundamental technologies which will be useful for students of CCNA and CCNP certification exam. Please note that this is not the most comprehensive guide but i hope it will immensely help not only the CCNA/CCNP candidates but network administrators, architects as well. Through this series I will cover interesting topics such as:

1. What is a Layer 3 switch? Why and how can it be useful?
2. Implementing inter-Vlan routing by using an l3-switch.
3. What is an aggregate link? Implementation of an aggregate link.
4. Introduction to GRE tunnel and how it can be implemented on a Cisco router.

At the end you will be able to configure such a topology:

Network topology having layer 3 switches and link aggregation
Network topology

Before I write about inter vlan routing using a multilayer switch I would recommend you understand how it can be achieved using a router. Link to the webpage describing router on stick. If you a total newbie to VLANs, I highly suggest that you go through these blog posts:

Layer 3 aka l3 switch

If you look at the classic network device paradigm you will find a neat separation between "layers of OSI model". Each layer talks to the upper/lower layer by a protocol and they do not interfere with each other. Similarly each networking device had a specific purpose at a particular OSI model layer. A switch was called a Layer 2 device because it could only understand the Data link layer ie MAC addresses in TCP/IP. It  was not designed to read or process anything above layer 2. It did not know which IP address it was sending the packet to. Router on the other hand was a Layer 3 device. It could read and understand the IP address and make modifications to it. So if a network administrator of a relatively large network (having different Vlans and multiple switches) had to design a network topology it used to be pretty simple. Connect all the end devices to the switch (hub has been deprecated). Create a trunk link connecting to the 'upstream' device which used to be a router. The router would be configured to do an inter-Vlan routing. This would be the most simple topology that I can think of. Ofcourse it has many flaws, for example it does not have any redundancy or failover capabilties. Moreover there are chances that some links would get saturated. All about this in some future post! The main problem faced is that all the inter-Vlan routing is done by the router. Now a router was not built and optimized to do Layer 2 lookups and handle Vlans.

In comes a layer 3 switch. It not only has the ASICS to do hardware switching but also do routing lookups (for more details follow the link given below). This gives very fast inter vlan switching because the traffic know longer goes through the relatively slow physical connections. By doing so, a layer 3 switch effectively eliminates the need for a router for vlan switching and makes the connections much much faster.

Understanding inter-vlan routing using layer 3 switch

Consider the following network topology.
NOTE: I have used 2 2960 layer 2 switches and one 3560-24PS layer 3 switch which is available in packet tracer.

inter vlan routing
Layer 3 switch doing inter-vlan routing

Note that by default a layer 3 switch DOES NOT do routing by default. You will have to configure it by running a simple command to make it populate routing table and entries. In practice you need to create either a SVI or a routed interface. An SVI (switched Virtual interface) is a virtual interface which belongs to a particular VLAN and can also have an IP address. A routed interface on the other hand is a physical interface to which an IP address is assigned. Do you notice the difference? An SVI interface has an Ip address but no physical interface attached to it. Creating a routed interface is just like making a switch behaving as a router. The switch will lose any information about vlans will not pass any Layer 2  traffic.

Configure an SVI for all the Vlans between which you want to do inter-Vlan routing. Now these ip addresses will actually act as gateway for the host devices. Let us dig deeper as to how this will work. There are two possible scenarios- when a device wants to talk to another device within the same vlan or when it has to talk to another device in some different vlan.

Intra-Vlan communication will work exactly the way it works in a layer 2 device. Now refer to the diagram. When intra-Vlan communication has to be done, eg PC 0 wants to talk to PC 4, it will realise that PC 4 does not belong to its subnet and therefore it will send a broadcast asking for the MAC address of its gateway which happens to be the switch. As soon as it receives the request, the switch will reply with MAC of the SVI. How the MAC is assigned to an SVI is out of scope of this article but you can read it here. PC 0 will then send the packet with MAC address of the SVI.

When the switch will receive the packet it will realise that the packet was meant for an SVI. It will then consult the routing table and realise that the ip address of the SVI belongs to a network which is in some VLAN. The following illustration should clear the concept.

The switch now knows that the packet is meant for a device in vlan 2. It will flood to all the ports of that vlan  an arp request for the destination IP address (remember the destination IP address does not change throughout the packet forwarding, only the mac address does at each hop). The rest is pretty straightforward. Now let us quickly fast move to implementation of these concepts.

Implementation of Layer 3 switch

NOTE: I will be using the above topology for configuration.

On Layer 2 switch, Switch 0

conf t
int fa0/1
port mode access
port access vlan 2 //configure the port to be part of vlan id 2
int fa0/3
port mode access
port access vlan 3
int fa0/4
port mode trunk //pass all traffic through this link
On switch 1
conf t
int fa0/1
switchport mode access
switchport access vlan 2
int fa0/3
switchport mode access
switchport access vlan 3
int fa0/4
switchport mode trunk

On Multilayer Switch (layer 3 switch) 

conf t
int fa0/1
switchport trunk encapsulation dot1Q #use 802.1Q protocol
switchport mode trunk 
int fa0/2
switchport trunk encapsulation dot1Q
switchport mode trunk
vlan 2 //create a vlan of id 2
vlan 3 
interface vlan 2 //create an SVI belonging to vlan-id 2
ip address //assign the SVI an ip address
interface vlan 3 
ip address
ip routing //very important command. Enables routing and tells switch to populate routing entries


  1. First try to ping the local gateway. If you are able to ping then move to step 2, otherwise check whether correct vlans are being passed to the multilayer switch. Check vlans by running
     show vlans 

    Also check whether the host has been assigned an IP and it is connected to an access port.
  2. Try to ping the other Vlans subnet. If you are not able to, it means the IP has not been assigned on the switch. First define a vlan by executing
    vlans &ltvlan-id&gt
    interface vlan &ltvlan id&gt
    ip address &ltip-address&gt
  3. If you are not able to ping the foreign machine, check the routing table by executing the show route command.
  4. Always remember to run the command "ip routing" to ensure that the switch starts behaving as a router and populates the routing table
You should be able to ping from now. We have successfully achieved inter-vlan routing using a layer 3 switch. In the next article of this series we will understand what an aggregate link is and how to configure it. Finally we will understand what is a GRE tunnel.

Next part of this series: Cisco CCNP Link aggregation or link bundling

Important Links: