Cisco UCS Networking Video

Cisco UCS Networking System, Architecture, Best Practices v3.0

By Brad Hedlund CCIE #5530
http://bradhedlund.com/

Part I: Introduction
Part 2: Infrastructure Virtualization
Part 3: Switching Mode of the Fabric Interconnect
Part 4: Upstream Connectivity SAN Storage
Part 5: Appliance Ports NAS Direct Attach
Part 6a: Fabric Failover
Part 6b: Fabric Failover
Part 7a: End Host Mode Pinning
Part 7b: Upstream Connectivity LAN
Part 8: Inter-Fabric Traffic and Recommended Topology
Part 9: Disjointed Layer 2 Domains
Part 10: Gen 2 Adapters VM FEX
Part 11: Cisco VIC QoS
Part 12: SPAN, IPv6

繼續閱讀 “Cisco UCS Networking Video”

Cisco IOS 小技巧

1. 在每個 show 指令輸出結果前加上 CPU utilization 和時間

C2821(config)#line vty 0 4
C2821(config-line)#exec prompt timestamp
C2821(config-line)#end
C2821#show cdp
Load for five secs: 1%/0%; one minute: 3%; five minutes: 3%
Time source is NTP, 15:42:24.997 CST Tue Jan 18 2011

Global CDP information:
Sending CDP packets every 60 seconds
Sending a holdtime value of 180 seconds
Sending CDPv2 advertisements is  enabled
C2821#

2. 將逃脫字元由 Ctrl-Shift-6-6-x 改成其他組合
如果覺得原來的 Ctrl-Shift-6-6-x 太麻煩,可以改掉(下面的例子改成 Ctrl-C):
 

C2821#show terminal
Line 515, Location: "", Type: "XTERM-COLOR"
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: PSI Enabled, Ready, Active, No Exit Banner, Automore On
Capabilities: none
Modem state: Ready
Group codes:    0
Special Chars: Escape  Hold  Stop  Start  Disconnect  Activation
          &#16
0;    ^^x     none    -     -       none
Timeouts:      Idle EXEC    Idle Session   Modem Answer  Session   Dispatch
00:10:00        never                        none     not set
Idle Session Disconnect Warning
never
Login-sequence User Response
00:00:30
Autoselect Initial Wait
not set
Modem type is unknown.
Session limit is not set.
Time since activation: 00:25:37
Editing is enabled.
History is enabled, history size is 20.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are telnet ssh.
Allowed output transports are lat pad telnet rlogin lapb-ta mop v120 ssh.
Preferred transport is lat.
No output characters are padded
No special data dispatching characters
 
 
C2821#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
C2821(config)#line vty 0 4
C2821(config-line)#escape-character 3
C2821(config-line)#end
 
 
C2821#show terminal
Line 515, Location: "", Type: "XTERM-COLOR"
Length: 24 lines, Width: 80 columns
Baud rate (TX/RX) is 9600/9600
Status: PSI Enabled, Ready, Active, No Exit Banner, Automore On
Capabilities: none
Modem state: Ready
Group codes:    0
Special Chars: Escape  Hold  Stop  Start  Disconnect  Activation
^Cx none   -     -       none
Timeouts:      Idle EXEC    Idle Session   Modem Answer  Session   Dispatch
00:10:00        never                        none     not set
Idle Session Disconnect Warning
never
Login-sequence User Response
00:00:30
Autoselect Initial Wait
not set
Modem type is unknown.
Session limit is not set.
Time since activation: 00:25:49
Editing is enabled.
History is enabled, history size is 20.
DNS resolution in show commands is enabled
Full user help is disabled
Allowed input transports are telnet ssh.
Allowed output transports are lat pad telnet rlogin lapb-ta mop v120 ssh.
Preferred transport is lat.
No output characters are padded
No special data dispatching characters
C2821#

 
 
"3" 是 Ctrl-C 的 ASCII 碼,其他組合的 ASCII 碼可以在這裡查詢。至於 "^Cx" 後面的 "x" 可以忽略,實際操作的時候按下 Ctrl-C 即可。

關閉煩人的 Facebook 應用程式通知

如果有朋友使用 Facebook 的各式各樣應用程式的話,這些 app 會常常發出類似廣告的通知,非常的煩人:

有沒有辦法關掉這些煩人的通知呢?

很簡單,把滑鼠移到右上方,就會看到如上圖紅框中的 X ,點一下,這時就會出現如下的選項:

此時點選隱藏該應用程式的名稱就可以了!

不過,目前還沒有選項可以關閉所有的應用程式通知。

Cisco 10G Ethernet Transceiver Module

目前 Cisco 支援的 10GE transceiver 模組有:XENPAK, X2, XFP, SFP+ 這四種,本文嘗試做一些整理,讓記性差的人(ex.我)有個簡單的地方 review。另外,還有可將 X2 轉 SFP+ 的 OneX 模組與將 X2 插槽轉成兩個 GE 插槽的 TwinGig 模組。

本文分成下面幾個部份:

外觀

Cisco 設備支援情形

支援線材與長度限制

外觀

XENPAK X2

XFP SFP+

OneX TwinGig


Cisco 設備支援情形

(以下只列出常見的設備,詳細的列表)

Product Transceiver supported
Catalyst 6500 Series XENPAK, X2, SFP+
ME 4900 Series X2
Catalyst 4900 Series X2, SFP+
Catalyst 4500 Series X2, SFP+
Catalyst 3750-X Series SFP+
Catalyst 3750-E Series X2
Catalyst 3750 Series XENPAK
Catalyst 3560-X Series SFP+
Catalyst 3560-E Series X2
Catalyst 2960-S Series SFP+
Nexus 7000 Series X2, SFP+
Nexus 5000 Series SFP+
Nexus 2000 Series SFP+
UCS SFP+
Catalyst 3100 Blade Switch X2
Catalyst 2360 Series SFP+
Catalyst 2350 Series X2
7600 Series XENPAK, X2, XFP
SCE 8000 XFP
ASR 9000 Router Series XFP, SFP+

由上可知, SFP+ 是未來的趨勢,較新的產品都有支援。XFP 則因為可支援 OC-192/STM-64,所以 WAN, Service Provider 的產品才會有。

支援線材與長度限制

SFP+

XFP

X2

XENPAK

Cut through 捲土重來

Switch 交換封包的方式分成三種:

  1. Cut through
  2. Store and forward
  3. Fragment free

什麼是 Cut through?

理論上,使用 Cut through 的 switch 在收到封包的時候,在讀取到該封包的 Destination MAC 時,就馬上查詢 MAC address table,找到出口介面,然後就即時將封包交換出去。

Source: www.cisco.com

這種方法最直接的好處便是封包交換速度快,封包的延遲(latency)低,因為封包在 switch 中是沒有浪費任何時間的。試想,如果使用 Jumbo frame 時,使用 store and forward 交換將大大拉長 latency。

Cut through 的 latency 計算方法是 FIFO (First In First Out),也就是,switch 收到第一個 bit 與送出第一的 bit 的時間差就是 latency。

然而 cut through 因為會在檢測封包的 CRC 之前就將之交換出去,所以無法將錯誤的封包丟棄,造成錯誤封包的擴散。這個問題在多年前的網路會較為嚴重,因為當時網路卡的品質不佳,而且使用 Hub 會產生碰撞,碰撞會造成封包 fragment,這些錯誤封包再進入 cut through switch 後,將不會被檢查出也不會被丟棄。

什麼是 Store and forward?

Store and forward 會將整個封包收到 switch 中,檢查是否錯誤再將之處理、交換。這樣子當然會解決錯誤封包擴散的問題。但是,卻會將 latency 拉長。

Store and forward 的 latency 計算方法是 LIFO (Last In First Out),也就是 switch 收到最後一個 bit 與送出第一個 bit 的時間差就是 latency。

為什麼 Cut through 會式微?

前面提到錯誤封包的擴散這個缺點,其實到後來網路卡技術的改進,與大量淘汰 hub 改用 switch 之後,已經獲得解決。

但是,除了這個問題之外,還有許多狀況使得 cut through 無法達到應有的快速、低延遲。

1. 封包需要更多的控制:在 1990 年中期,switch 的用戶需要對封包有更深入的控制,例如 ACL、QoS,為了要控制這些封包,switch 必須讀取更多的欄位以做出判斷,因此可能必須讀取到 54 bytes ( 14 bytes Ethernet + 20 bytes IP + 20 bytes TCP)的欄位,如此也讓 latency 拉長。另外, EtherChannel 需要針對封包做 hash 以決定送出封包的介面,而 hash 所參考的欄位也可能會使用到 IP address 或 Port number。

2. 介面速度的差異:如果 switch 使用 fabric 架構,而出口介面速度(如10Gbps)比入口速度(如1Gbps)快,採用 cut through 會造成 under run 的問題,因為 cut through 在交換封包的時候,送出封包速度太快,以至於等不到後續的封包,此時 switch 必須被迫採用類似 store and forward 的方法先將封包存放到 buffer ,以利快速介面送出。

3. 出口介面擁塞:如果 switch 的出口介面擁塞,cut through 則必須先將封包放在 buffer 之中,等待送出,此時就又如同 store and forward 了!

為什麼 Cisco 又將 cut through 帶回來?

如前所述,目前的硬體進步很多不管是 ASIC 或是 FPGA 都比 1990 年代更能快速處理原本 cut through 衍生的問題。另外,像 HPC 等應用也非常需要低延遲的網路環境。

使用 Cut through 的 Cisco switch

Nexus 5000 便是使用 cut through 交換方法的 switch。

Nexus 7000 則仍然使用 store and forward,因為 Layer 3 switch 必須在交換封包之前更改 header 中的內容( destination MAC、FCS、TOS),所以還是必須使用 store and forward。

參考資料:Cut-Through and Store-and-Forward Ethernet Switching for Low-Latency Environments

使 Cisco VPN Client 自動登入(不須輸入帳號與密碼)的設定

雖然這不是很安全,但往往會需要讓 VPN Client 能夠不須輸入帳號與密碼而自動登入。

以下就使用 Cisco ASA 與 Cisco VPN Client 5.0 來設定,達成這個目的。

Step 1. 確認 VPN Client 所連結的 group

執行 Cisco VPN Client,然後點選需要設定此功能的連線。接下來再點 toolbar 上的 “Modify” (下圖紅框):

Step 2. 記住下圖紅框中的 group name:

Step 3. 連線到 ASA,設定該 Group 的 group-policy,以允許 VPN Client 儲存密碼。

asa5520# conf t
asa5520(config)# group-policy ipsec_nosp attributes
asa5520(config-group-policy)# password-storage enable

繼續閱讀 “使 Cisco VPN Client 自動登入(不須輸入帳號與密碼)的設定”

GNS3 for Mac 安裝

如果要在 Mac 上安裝 GNS 3 ,可以先到 http://www.gns3.net/download 上下載 Mac 的 dmg 檔案。

安裝之後,除了要指令 Cisco IOS 的檔案位置之外,還需要指令 dynamips 的路徑。不過,dynamips在哪裡呢?

其實,路徑就藏在 GNS 3 裡面。不需要再下載 dynamips!在 GNS 3 的 Preference 裡面,點選左邊的 “Dynamips” 之後,在 “Executable path”裡面貼上如下圖的路徑即可!

Cisco 發佈 IOS 15.0


Cisco 於 10/2 發佈了 IOS 15.0。

昨日在幫客戶查 IPv6 相關資料的時候,進到 Configuration Guide 的選擇頁面的時候,發現,怎麼出現了 IOS 15 M&T 的東西。起初以為是網頁寫錯了。把 12.5 寫成 15,畢竟直接從 12.4 跳到 15,實在非常不可思議。

ios15

不過,點進去之後,發現,真的是直接升級到 15.0 了(正確的版本: 15.0(1)M)。

在 Release Note 裡面,Cisco 說明了這次把之前很多 release 裡的功能一次整合進來,總共整合了 2000 項的功能。

詳情請參考:Release NotesNew and Changed Information

新增的功能有下列:

802.1P CoS Bit Set for PPP and PPPoE Control Frames
AAA Authorization and Authentication Cache
AAA Per-User Scalability
AAA Support for Greater than 8 Login and Exec Auth
AppleTalk Support Discontinuation
ATM Conditional Debug Support
ATM OAM Loopback Mode Detection
ATM OAM Traffic Reduction
ATM PVC F5 OAM Recovery Traps
ATM PVC Trap Enhancements for Segment and End AIS/RDI Failures
ATM QoS MIB
ATM VP Average Traffic Rate
BFD—Static Route Support
BFD—VRF Support
BFD—WAN Interface Support (ATM, FR, POS, and Serial)
BGP Event Based VPN Import
BGP Per Neighbor Graceful Restart Configuration
BGP RT Changes Without PE-CE Neighbor Impact
Calling Station ID Attribute 31
Cisco Services for IPS on IOS
Cisco Unified Border Element Support for SRTP-RTP Internetworking
Configurable SIP Parameters via DHCP
CUBE Support for Configurable Pass-Through of SIP INVITE Parameters
CUBE Support for Generating Out-of-Dialog SIP OPTIONS Ping Messages to Monitor SIP Servers
DHCP Client Forcerenew Message
DHCP Client Option 121
Digitally Signed Cisco Software
DMVPN—Tunnel Health Monitoring and Recovery
DMVPN—Tunnel Health Monitoring and Recovery (Interface Line Control)
DMVPN—Tunnel Health Monitoring and Recovery (Syslog)
Embedded Event Manager (EEM) 3.1
Extended NAS-Port-Type and NAS-Port Support
Flexible NetFlow—Ingress VRF Support
Flexible Netflow—NBAR Application Recognition
FPM—Packaging, eTCDF and Full Packet Search Enhancements
G.722 Codec Support with SRST
GET VPN VRF-Aware GDOI on GM
H.323 Calling Without a Calling Number
IGMP Static Group Range Support
iLBC Codec on SCCP Analog FXS Gateway, Transcoding and Conferencing; G.722-64K for H.323 & SIP
IOS Firewall Support for TRP—Phase 2
IOS IPS with Lightweight Signatures
IP Multicast Load Splitting—Equal Cost Multipath (ECMP) Using S, G and Next-Hop
IPv6: Multicast Address Group Range Support
IS-IS—MPLS LDP Autoconfiguration
IS-IS—MPLS LDP Synchronization
IS-IS MIB
IS-IS Support for an IS-IS Instance per VRF for IP
Lawful Intercept (LI)
Licensing Support for IOS SSLVPNs
MLP LFI over ATM Configuration Scaling
MPLS VPN—BGP Local Convergence
MPLS VPN—Inter-AS Option AB
MTR Support for Multicast
Multi-Part SDP Support for NAT/FPG
Multicast Address Group Range Support
Multicast VRF (MVRF) awareness enables the MIB objects associated with these multicast MIBs to be queried and set for the individual MVRFs configured. In addition, MVRF awareness provides the capability to detect conditions for a trap inside of an MVRF and lookup the correct information for that MVRF; the traps would then be sent to the SNMP manager that is configured for that MVRF.
Multicast VPN Extranet Support
Multicast VPN Extranet VRF Select
NAS-Port ID Format C Enhancement:
NAT Static and Dynamic Route-Map Name-Sharing
NSSA-Only
Option to Disable Volume-Based IPsec Lifetime Rekey
OSPF Graceful Shutdown
OSPF TTL Security Check
OSPFv3 Fast Convergence—LSA and SPF Throttling
OSPFv3 Graceful Restart
PfR EIGRP mGRE DMVPN Hub-and-Spoke Support
PIM Stub
PIM Triggered Joins
PKI High Availability
PPP CLI Enhancement for L2CP Phase III
PPP-Max-Payload and IWF PPPoE Tag Support
PPPoE—Session Limiting on Inner QinQ VLAN
PPPoE Agent Remote ID and DSL Line Characteristics Enhancement
PPPoE Smart Server Selection
Preloaded Routes for Outgoing INVITE on CUBE Using Path Header in REGISTER, Service-Route in 200 OK Response to REGISTER and Outbound Proxy
RSVP Fast Local Repair
RSVP Interface-Based Receiver Proxy
RSVP—VRF Lite Admission Control
RTSP Live Streaming and Max Time for Cisco IOS VoiceXML Browser
Service Advertisement Framework (SAF)
SSHv2 Enhancements for RSA Keys
SSLVPN Client Side Certificate Based Authentication
Support for Adjustable Timers for REGISTRATION Refresh and Retries
Support for Distinctive Ringing on SCCP IOS Gateways
Support for FAC and Speed Dial to Voicemail Using Three Numerical Digits
Support for PAI, PPI, Privacy, P-Called-Party-ID and P-Associated-URI headers on Cisco Unified Border Element
Support for Selectively Using SIP: URI or Tel: URI Formats on Individual SIP Headers
Support on CUBE for Selective Filtering of Outgoing Provisional Responses
Suppress BGP Advertisement for Inactive Routes
Unified Communications Trusted Firewall Control Version II
Voice Quality Enhancements on Cisco Unified Border Element Platforms
VRF Aware RSVP Agent and Gateway
WCCP: VRF Support
Zone Based Firewall (ZBFW) Usability and Manageability Features
  • 802.1P CoS Bit Set for PPP and PPPoE Control Frames
  • AAA Authorization and Authentication Cache
  • AAA Per-User Scalability
  • AAA Support for Greater than 8 Login and Exec Auth
  • AppleTalk Support Discontinuation
  • ATM Conditional Debug Support
  • ATM OAM Loopback Mode Detection
  • ATM OAM Traffic Reduction
  • ATM PVC F5 OAM Recovery Traps
  • ATM PVC Trap Enhancements for Segment and End AIS/RDI Failures
  • ATM QoS MIB
  • ATM VP Average Traffic Rate
  • BFD—Static Route Support
  • BFD—VRF Support
  • BFD—WAN Interface Support (ATM, FR, POS, and Serial)
  • BGP Event Based VPN Import
  • BGP Per Neighbor Graceful Restart Configuration
  • BGP RT Changes Without PE-CE Neighbor Impact
  • Calling Station ID Attribute 31
  • Cisco Services for IPS on IOS
  • Cisco Unified Border Element Support for SRTP-RTP Internetworking
  • Configurable SIP Parameters via DHCP
  • CUBE Support for Configurable Pass-Through of SIP INVITE Parameters
  • CUBE Support for Generating Out-of-Dialog SIP OPTIONS Ping Messages to Monitor SIP Servers
  • DHCP Client Forcerenew Message
  • DHCP Client Option 121
  • Digitally Signed Cisco Software
  • DMVPN—Tunnel Health Monitoring and Recovery
  • DMVPN—Tunnel Health Monitoring and Recovery (Interface Line Control)
  • DMVPN—Tunnel Health Monitoring and Recovery (Syslog)
  • Embedded Event Manager (EEM) 3.1
  • Extended NAS-Port-Type and NAS-Port Support
  • Flexible NetFlow—Ingress VRF Support
  • Flexible Netflow—NBAR Application Recognition
  • FPM—Packaging, eTCDF and Full Packet Search Enhancements
  • G.722 Codec Support with SRST
  • GET VPN VRF-Aware GDOI on GM
  • H.323 Calling Without a Calling Number
  • IGMP Static Group Range Support
  • iLBC Codec on SCCP Analog FXS Gateway, Transcoding and Conferencing; G.722-64K for H.323 & SIP
  • IOS Firewall Support for TRP—Phase 2
  • IOS IPS with Lightweight Signatures
  • IP Multicast Load Splitting—Equal Cost Multipath (ECMP) Using S, G and Next-Hop
  • IPv6: Multicast Address Group Range Support
  • IS-IS—MPLS LDP Autoconfiguration
  • IS-IS—MPLS LDP Synchronization
  • IS-IS MIB
  • IS-IS Support for an IS-IS Instance per VRF for IP
  • Lawful Intercept (LI)
  • Licensing Support for IOS SSLVPNs
  • MLP LFI over ATM Configuration Scaling
  • MPLS VPN—BGP Local Convergence
  • MPLS VPN—Inter-AS Option AB
  • MTR Support for Multicast
  • Multi-Part SDP Support for NAT/FPG
  • Multicast Address Group Range Support
  • Multicast MIB VRF Support
  • Multicast VPN Extranet Support
  • Multicast VPN Extranet VRF Select
  • NAS-Port ID Format C Enhancement:
  • NAT Static and Dynamic Route-Map Name-Sharing
  • NSSA-Only
  • Option to Disable Volume-Based IPsec Lifetime Rekey
  • OSPF Graceful Shutdown
  • OSPF TTL Security Check
  • OSPFv3 Fast Convergence—LSA and SPF Throttling
  • OSPFv3 Graceful Restart
  • PfR EIGRP mGRE DMVPN Hub-and-Spoke Support
  • PIM Stub
  • PIM Triggered Joins
  • PKI High Availability
  • PPP CLI Enhancement for L2CP Phase III
  • PPP-Max-Payload and IWF PPPoE Tag Support
  • PPPoE—Session Limiting on Inner QinQ VLAN
  • PPPoE Agent Remote ID and DSL Line Characteristics Enhancement
  • PPPoE Smart Server Selection
  • Preloaded Routes for Outgoing INVITE on CUBE Using Path Header in REGISTER, Service-Route in 200 OK Response to REGISTER and Outbound Proxy
  • RSVP Fast Local Repair
  • RSVP Interface-Based Receiver Proxy
  • RSVP—VRF Lite Admission Control
  • RTSP Live Streaming and Max Time for Cisco IOS VoiceXML Browser
  • Service Advertisement Framework (SAF)
  • SSHv2 Enhancements for RSA Keys
  • SSLVPN Client Side Certificate Based Authentication
  • Support for Adjustable Timers for REGISTRATION Refresh and Retries
  • Support for Distinctive Ringing on SCCP IOS Gateways
  • Support for FAC and Speed Dial to Voicemail Using Three Numerical Digits
  • Support for PAI, PPI, Privacy, P-Called-Party-ID and P-Associated-URI headers on Cisco Unified Border Element
  • Support for Selectively Using SIP: URI or Tel: URI Formats on Individual SIP Headers
  • Support on CUBE for Selective Filtering of Outgoing Provisional Responses
  • Suppress BGP Advertisement for Inactive Routes
  • Unified Communications Trusted Firewall Control Version II
  • Voice Quality Enhancements on Cisco Unified Border Element Platforms
  • VRF Aware RSVP Agent and Gateway
  • WCCP: VRF Support
  • Zone Based Firewall (ZBFW) Usability and Manageability Features

IPv6 位址的取得 (Autoconfiguration and DHCPv6)


和 IPv4 相同,介面的 IPv6 位址可以是手動設定(static)或是自動設定。

手動設定沒什麼好說的。這篇文章要講的是自動設定的種類與方法。

在 IPv6 的環境裡,Router 的介面會定期的使用 multicast 發出 Router Advertisement (RA)。

這個 RA 包含了這個網路(網段)的 ipv6 prefix 資訊。

如果我們把介面設定成 IP 位址自動設定(autoconfiguration),電腦的網路卡收到 RA 之後,會利用這個 Prefix 再加上網路卡的 Interface ID (通常是使用 EUI-64 來取得) 組合成 128 bits 的 IPv6 位址。

But wait! 只有 IPv6 位址和 default gateway,上網會寸步難行吧。至少還需要 DNS server 的位址啊!

如果我們來看 Router Advertisement 的格式 (RFC 4861) ,你會發現,RA 真的只會給 IPv6 prefix 而已。但是,如何讓電腦順利的上網呢?

我們把 RA 的格式拿出來看:

raformat

紅框的地方,叫做 Router Advertisement Option (上圖為舊的資訊,最新的定義在 RFC5175,不過上圖足以解釋本文)。我們要看的就是其中的 M bit 與 O bit。

M: Managed Address Configuration 這個 bit 如果是 1,代表要請電腦另外再去跟 DHCPv6 要 IPv6 Prefix

O: Other Configuration 這個 bit 如果是 1,代表請電腦去跟 DHCPv6 要 DNS 等等資訊。

我們常聽到的 stateful DHCPv6 與 stateless DHCPv6,就是由 M bit 與 O bit 的組合不同而來的。

  1. M=1, O=0 or 1: 所有資訊(包括 Prefix、DNS等等資訊)都請電腦使用 DHCPv6 取得。(Stateful DHCPv6)
  2. M=0, O=1: 使用 RA 裡面的 Prefix,但是 DNS 等等資訊請電腦使用 DHCPv6 取得。(Stateless DHCPv6)
  3. M=0, O=0: 電腦將只得到 Prefix,無法取得 DNS 等資訊。(Stateless autoconfiguration)

所謂的 stateful 就是必須要由 server 去動態維護、保留其對應狀態的資訊。會有這種需求的,就是 IPv6 位址的指派、對應。

而 stateless 則是不須動態維護的資訊,如 DNS 等資訊,因為這些不會動態改變,都是固定的資訊。

所以當 prefix 由 DHCPv6 來提供的時候,因為 DHCPv6 server 會有對應表(binding table),所以這種就叫 stateful DHCPv6。

而如果 prefix 是由 router 提供,因為 router 不會留存這個 binding table,所以這種方式就叫做 stateless autoconfiguration or stateless DHCPv6。

那麼,Cisco IOS 如何設定 M bit 與 O bit 呢(也就是如何選擇 stateful DHCPv6/stateless DHCPv6/stateless autoconfiguration)?

設定 M bit:

Router(config-if)# ipv6 nd managed-config-flag

設定 O bit:

Router(config-if)# ipv6 nd other-config-flag

至於,有沒有方法不須 DHCPv6 直接從 RA 裡得到 DNS 資訊?有,不過目前(Oct. 2009)還不是標準,請參見 RFC5006。在 router 端,Linux/BSD上的 radvd (Router Advertisement Deamon)有支援 RFC 5006。在 client 端,ndisc6 裡的 rdnssd 有支援 RFC5006。不過,我都沒有試過。Cisco/Juniper 也都尚未支援 RFC5006。

一台 Router 有幾個 OSPF Router ID ?


在設定 OSPF 的時候,Router ID 是 OSPF 用來識別 Router 用的。要成功的讓 OSPF 交換路由,必須先建立 neighbor relationship。要成功的建立 OSPF neighbor,每個 Router 必須要有唯一的 Router ID,是其中的一個條件。

我們來複習 OSPF Router ID (RID) 的選擇方式:

  1. OSPF process 會檢查是否有使用 router-id 這個指令手動設定 RID。
  2. 如果沒有手動設定 RID,OSPF process 會看是否有 active (up/up) 的 Loopback 介面。如果有,則挑選 Loopback interface 中最高的 IP address,將之設定為 RID。
  3. 如果 Router 中沒有 Loopback interface (或都被 shutdown),則會選擇 active (up/up) 的實體介面(Physical interfaces)中最高的 IP address,將之設定為 RID。
  4. 如果也都沒有 active 的實體介面,或 active 的實體介面都沒有設定 IP address,那麼 OSPF 將無法設定。(如下例)
Router#show ip int brief
Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES manual administratively down down

FastEthernet0/1 unassigned YES manual administratively down down

Vlan1 unassigned YES manual administratively down down
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#router ospf 100
OSPF process 100 cannot start. There must be at least one “up” IP interface
Router(config-router)#end
%SYS-5-CONFIG_I: Configured from console by console
Router#
show ip ospf
%OSPF: Router process 100 is not running, please configure a router-id
Router#

我們再來看這個例子:
2009-09-20_101306
R1:

interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface Loopback2
ip address 2.2.2.1 255.255.255.255
!
interface Loopback3
ip address 3.3.3.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
!

router ospf 100
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0


R2:

interface Loopback1
ip address 1.1.1.2 255.255.255.255
!
interface Loopback2
ip address 2.2.2.2 255.255.255.255
!
interface Loopback3
ip address 3.3.3.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.1.1.2 255.255.255.0
!

router ospf 100
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0

當 OSPF 成功建立起 neighbor 之後我們可以從 R2 看到,R1 的 RID 是 3.3.3.1,合乎上述的選擇方式。
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.1 1 FULL/BDR 00:00:30 10.1.1.1 FastEthernet0/0
R2#

但也因此,很多人都以為每一台 Router 都只有“一個”唯一的 Router ID。
如果,我想在 R2 上面看到 R1 的 RID 是 2.2.2.1,而且不能使用 router-id 指令,也不能將 Loopback 介面 shutdown,該怎麼做呢?
要解這個問題,必須先了解:在一台 Router 之中,可以啟動多個 OSPF process。而每一個 OSPF process 都會使用一個唯一的 Router ID。
所以上面這個問題,我只需要在 R1 上面先設定一個 OSPF process,讓它選定 3.3.3.1 為 RID,但不下任何 network 指令。再設定一個要與 R2 建 neighbor 的 OSPF process,讓它選定 2.2.2.1 為 RID。

R1:
R1#show run
router ospf 100
log-adjacency-changes
!
router ospf 200
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0

R1#show ip ospf
Routing Process “ospf 100” with ID 3.3.3.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 0. 0 normal 0 stub 0 nssa
External flood list length 0
Routing Process “ospf 200” with ID 2.2.2.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
External flood list length 0
Area BACKBONE(0)
Number of interfaces in this area is 1
Area has no authentication
SPF algorithm executed 2 times
Area ranges are
Number of LSA 4. Checksum Sum 0x01969f
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

R2:
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
2.2.2.1 1 FULL/BDR 00:00:35 10.1.1.1 FastEthernet0/0