Monday, February 27, 2012

Cisco Etherchannel / Port-Channel (LACP / PAgP)

Etherchannel/Port-channel

On different Cisco switches it is possible to create logical connections that

are made-up off different fysical interface. It is needed that these interface

do have the same speed.

Most Cisco switches support max 64 etherchannels. These interfaces do not have to be contiguous.

or even on the same module. Each channel must be made up of min 2, max 8 interfaces.

The best is to use 2 ,4 or 8 interfaces. This will give the perfect load-balancing.

The load-balancing can be bases on layer 2/3 or 4 information.

It is not possible to have different load-balancing methods for different Etherchannels

on one switch. If the load-balancing method is change, it is applicable for all.

The load-balancing method can be:

- src-mac

- dst-mac

- src-dst-mac

- src-ip

- dst-ip

- src-dst-ip

- src-port

- dst-port

- src-dst-port

By using <port-channel load-balance {option}> it is possible to change to method.

If a single header is used to load-balance the low-order bits is used to dictate to

witch interface the frame is send. If two headers are used a XOR function is used on

the low-order bits.

It is possible to change what path with-in the etherchannel a frame takes by used the following command:

<test etherchannel load-balance interface port-channel [#] ip [src] [dst]>

to assign a physical interface towards a port-channel use the following command:

channel-group [#] mode on

There are two type of dynamic protocols to negotiate an etherchannels: PAgP and LACP 8021.AD

PAgP is Cisco proprietary

When these protocols start to communicate there is an exchange of information before the port-channel can be formed. The following items must match before a port-channel can form:

- same speed/duplex

- Access VLAN (if not trunked)

- Same trunking type, allowed VLAN and native VLAN (if trunked)

- Each port must have the same STP cost per VLAN with-in the portchannel

- No SPAN ports

channel-group [#] mode on (disables PAgP en LACP)

channel-group [#] mode off (disables PAgP en LACP and prevent the ports to form a port-channel)

channel-group [#] mode auto (use PAgP in a passive mode, it will wait until a PAgP packet will be send)

channel-group [#] mode passive (use LACP in a passive mode, it will wait until a PAgP packet will be send)

channel-group [#] mode desirable (use PAgP in an active mode, it will start to send PAgP packets)

channel-group [#] mode active (use LACP in an active mode, it will start to send LACP packets)

3750(config)#interface range gigabitethernet 1/0/2 – 4

3750(config-if-range)#channel-group 1 mode on

3750(config-if-range)#switchport

3750(config-if-range)#switchport trunk encapsulation dot1q

3750(config-if-range)#switchport mode trunk

First type the channel-group command. After that all interface commands will be automatically duplicated on all the interfaces group in the channel-group.

With LACP it is possible to create a port-channel on a stack (3560/3750 switches).

This is based on IOS version 12.2(25)SEE

Show command’s

· show interfaces port-channel [channel-group-number]

· show etherchannel [channel-group-number] summary

Verify command’s

  • test etherchannel load-balance interface port-channel [#] ip [src] [dst

Taken From: http://www.edgenetworks.nl/etherchannel.html

Monday, February 20, 2012

Soft RAID - Windows

If you�ve ever had the desire to RAID your hard drives for increased performance, but didn�t want to shell out the cash for additional hardware, then here is a practical solution for you. You can utilize a software RAID system through the use of dynamic disks if you happen to be the lucky owner of Windows 2000 or XP (Pro/Server).

Microsoft's Definition of Dynamic Disks (�dem fellers is smart)

Dynamic disks provide features that basic disks do not, such as the ability to create volumes that span multiple disks (spanned and striped volumes), and the ability to create fault-tolerant volumes (mirrored and RAID-5 volumes). All volumes on dynamic disks are known as dynamic volumes and can only be accessed by Windows 2000 or XP. You can perform the following tasks only on a dynamic disk:

  • Create and delete simple, spanned, striped, mirrored, and RAID-5 volumes.
  • Extend a simple or spanned volume.
  • Remove a mirror from a mirrored volume or split the volume into two volumes.
  • Repair mirrored or RAID-5 volumes.
  • Reactivate a missing or offline disk.
  • Check disk properties, such as capacity, available free space, and current status.
  • View volume and partition properties such as size, drive letter assignment, label, type, and file system.
  • Establish drive letter assignments for volumes or partitions, optical storage devices (for example CD-ROM), and removable drives.
  • Establish disk sharing and security arrangements for volumes and partitions formatted with NTFS.

RAID 101 - The Condensed Version

RAID = Redundant Array of Independent Disks. The key word here is redundant. RAID was developed for data backup reasons on file servers. The basic idea is to have two or more hard drives in a system and when data is written on one, the same data is duplicated on the other (mirroring), and quicker than you can say �deathstar� you have a reliable backup to your data. It was discovered that if you could care less about your data, and just wanted a screaming machine that you could configure two or more drives to act as one. So one set of data is split and written to multiple disks, and you know the old adage �two heads are better than one,� well in this case it is certainly true. Two drives retrieving or writing a file at the same time (striping) increases the efficiency significantly. Now of course there are several possible configurations for striping and mirroring drives in the same array, but since I�m one of those who could care less about my data, I will focus on striping and increasing performance.

Be aware that if you decide to undertake this delicate procedure that your data is at risk. If you have one drive go down then you�re your RAID configuration is no longer valid. Remember, striping splits your data among the drives, so if you lose a drive to failure you won�t be able to access the half files left behind on the good drive!

Just Like the Boy Scouts, Be Prepared!

Windows itself cannot reside on a striped partition. Does that mean you have to have a third drive just for Windows? No! Three drives? Money doesn�t grow on trees you know. Remember, we are being cheap..err�frugal here. However, if you happen to be independently wealthy, just as two heads are better than one, three must be thrice as good, and four must be force as good, huh?

You can pull this off without a format and reinstall of Windows if you already have Windows on its own partition. My recommendation is to back up your data and start from scratch.

Since I�ve convinced you to wipe your drives now, give some consideration to how you will be partitioning them. Keep in mind that to do software RAID it is not necessary to have matched drives. You could get this done with an 80GB and a 40GB without giving up drive space. This is an advantage over hardware RAID, which requires like drives to retain all drive space. However, even in the software setup, I would suspect performance would take a hit if one drive was significantly slower than the other, or the buffers were different sizes.

Here is how I partitioned using two 80GB Maxtor drives:

  • C: =10GB single drive for Windows
  • E: = 100GB on two drives (50GB on each drive striped).
  • F: =10GB Single drive for backups
  • G: = 25GB Single drive for downloads
  • Z: = 2GB on two drives (1GB on each drive striped) for the swapfile

Since Windows can�t be on a striped partition, and I would like to get the maximum benefit from striping, this is the volume on which I keep all program files and data such as My Documents, My Pictures, My Music, etc, etc, etc�. You may be asking yourself �how in the name of Pete do you move all that Windows stuff to a drive that doesn�t contain Windows?� Well, I could tell you, but then I�d have to kill you. Seriously, if you desire this information, feel free tocontact me.
For you visual types, here you go:

clip_image001

If you�re wondering what the 5.33 GB of unallocated space is for, that�s reserved for the day I figure out how to install Linux on a Windows dynamic disk� :p

One more thing, whether you use two, three, or four disks; the biggest performance gain is when each drive is on its own channel. In order to accomplish this with more than two drives, the addition of a PCI controller card is required. There we go spending money on hardware again, but the good news is an IDE controller is much less money than a quality RAID controller.

Throwing Caution to the Wind

Now we get down to the nuts and bolts. Turn off your computer and physically place each hard drive on its own channel. If for some reason you can�t get this done with your system don�t despair. You will still be able to do this, but the results just won�t be as good.

Next we need to do a clean install of Windows. What we are trying to accomplish with this step is to remove all partitions and create just one small one for Windows. The size is up to you, keep in mind that without a swapfile, My Documents, or program files; WinXP pro will take less than 2GB after the installation of SP1. You do need extra room to grow for things like system restore, the registry, and the many other things Windows manages to bloat it self with. Also, you will want free space to allow for later drive defragmentation. My recommendation is 5 to 10GB. After Windows is installed get all your updates done and your hardware installed.

Now that you have a nice fresh install of Windows and everything is working and up to date, right click on My Computer and click on �Manage�, this will bring up the Computer Management console. Just like everything else in Windows there are many ways to get to this, this is the one I prefer. Click on Disk Management and it will bring up a screen similar to the earlier image.

Convert all hard drives to dynamic by right clicking in the disk info box to the left of the partition graph and clicking on convert to Dynamic Disk. Select all drives that will be used for striping, follow the directions, read the warnings, and finish. Note in these images my drives are already converted and partitioned so options are grayed out or missing for me that won�t be for you.

clip_image002

Now that you have dynamic disks, you can create your volumes (partitions) on them. Simply right click anywhere in the unallocated space of the drive where you want the partition be and select �new volume�. Now there will be a wizard to guide you through the process.

clip_image003

You will have a choice of simple, spanned, striped, and mirrored. The wizard provides descriptions of each selection. Be careful of the difference between striped and spanned, spanned will not give a performance increase. We will be using simple or striped. Depending on how you planned out your partitions make the appropriate choice and continue.

clip_image004

Next, for a simple volume, make sure the appropriate drive is selected and for striped volumes make sure all drives are selected. Dial in the size of the partition, for striped volumes this number will be the amount of space taken on one drive and the total size of the partition will be this number times the number of drives involved. For example if you were using two drives and you selected 10MB, the total partition size would be 20MB, 10 on each drive.

clip_image005

Continue and select a drive letter. Click next and select your file system, allocation unit size, and the name you want on this drive. I went with NTFS and default allocations.

clip_image006

Clicking next will give you an overview of what you selected, if it looks ok click finish. Continue in this manner until you have your drives partitioned the way you want them.

Now you are ready to move Your Documents and the pagefile off of the windows partition and on to the new ones you created. Install your software and you�re done. Bear in mind that most installs default to C:\Program Files, so remember to change the path when installing.

System as Tested

Processor:

AMD Athlon 2200+

Motherboard:

MSI KT7 Ultra 2 KT133A

Graphics Card:

ATI Radeon 9800 AGP

Memory:

768MB PC-133 SD-RAM

Hard Drive:

2x Maxtor 80GB 7200RPM 2MB Cache

Software:

Windows XP Pro SP1

SiSoft Sandra is utilized for hard disk performance testing. As you can see my system is not state of the art, yet my results were significant during testing.

Default Drive Performance

clip_image007

Software RAID Performance

clip_image008

Conclusion

This seems to be a good way to squeeze some extra performance from one of the slowest parts of your PC. I have noticed a significant improvement in load time, especially for games. The performance improves greatly with three and four drives, but I�m sure that is getting close to or exceeding the limits of the current PCI bus. Have fun and enjoy your new found performance boost.

Pros:

  • Inexpensive
  • Good performance increase
  • Easy to configure
  • No need for matched drives
  • Can do spanning and mirroring also

Cons:

  • Dynamic disks are only recognized by Windows 2000 or later
  • Small increase in CPU loading

Taken From: http://www.techimo.com/articles/index.pl?photo=149

GNS3 - PIX Firewall Emulation

PIX Firewall Emulation

GNS3 is also capable of emulating PIX firewalls. Once again, you’ll need to provide your own PIX image. If you want to run more than a restricted license, you’ll also need to have a valid serial number and activation keys.

Configuring Qemuwrapper and Cisco PIX image

First, go to Preferences on the Edit menu in GNS3. Click on Qemu in the left pane. The default path to the Qemuwrapper should be fine. You may want to specify a different working directory. Note that Qemuwrapper is shipped with a compiled version of Pemu, therefore you do not need Qemu to emulate PIX.

On PIX tab, use the button next to Binary image to specify the location of your PIX operating system image. You may also change other settings like RAM or the number of interfaces. Once you are finished with the settings, click on Save.

clip_image002clip_image004

You may use the default Key and Serial number, if necessary. This will provide a restricted license with limited features. You will need a valid serial number and activation keys to access additional features. The graphic below on the left is a restricted image. Failover, VPN-DES, and VPN-3DES-AES are disabled. You are also limited to 6 physical interfaces and 25 VLANs. The graphic below on the right is unrestricted. With an unrestricted license, these features are enabled along with support for additional interfaces and VLANs.

clip_image006

If you have a serial number and valid activation keys, you may move from a restricted license to an unrestricted license. Type in the activation keys separated by commas with no spaces. Use all lower case. Be sure your serial number is converted to hexadecimal. It is usually in decimal in a show version command. Use a calculator to convert from decimal to hexadecimal if necessary.

Using Cisco PIX

Click OK to return to the GNS3 main interface. Drag a PIX firewall icon from the Nodes Types pane into the workspace. Right-click FW1 and choose Start, then right-click on FW1 again and choose Console.

Once you console into your PIX firewall, issue a show version command. If the activation keys do not show up properly, then issue the following command from privileged mode (enable mode):

pixfirewall# activation-key 0x12345678 0x12345678 0x12345678 0x12345678

clip_image008

The command is issued on one line with spaces between the activation keys. Save the configuration using either the write command orcopy run start. Stop the device and restart it. Congratulations! Your PIX firewall is up and running.

Interfaces on the PIX are Ethernet interfaces. To connect to other devices, you’ll need to use either Ethernet or FastEthernet interfaces. You may not connect to a serial interface.

You may connect to other PIX firewalls, routers, and switches. You may not connect to a cloud. Consequently, to connect to a real network or to a Virtual PC, you’ll need to connect from the PIX to a switch, and then from the switch to your Cloud.

CPU usage with PIX

Just as with routers, CPU usage is an issue when emulating PIX firewalls on your computer. You will note that your CPU usage is most likely 100%. There are no idle-pc values available for PIX firewalls at this time. Instead, you may use third-party software to control your CPU usage. There are a variety of products on the market. The one that I use for Windows is called BES and is a free download.

Complete documentation is available on the Web site along with the program download. Once you start your PIX firewall, start BES. Click the Target button. Choose the pemu.exe process and click the Limit this button. A confirmation screen will appear.

Click the Control button to control how much CPU limiting will be used. I’ve set mine to reduce CPU usage by 50%. If you are running multiple firewalls, you will want to limit each one. This program may also limit other processes running on your Windows computer.

clip_image010clip_image012

For Linux, use cpulimit. You may learn more about cpulimit at the following Web site: http://cpulimit.sf.net. On ubuntu you can use Synaptic Package Manager or Ubuntu Software Centre to download and install cpulimit.

To run cpulimit, press F2 while holding the ALT key down (ALT+F2) in Ubuntu to open a Run Application box. Type the following in the box:

cpulimit –e pemu –l 40

clip_image014

This will limit the application pemu to 40% CPU usage.

Still in your Ubuntu, choose System Monitor under Administration on the System menu. Click the Resources tab. You should see that pemu process is running at 40% of your CPU usage.

Taken From: http://www.gns3.net/gns3-pix-firewall-emulation/

Tuesday, February 14, 2012

Cisco TSHOOT – Top 10 Show Commands

Cisco Router Tips
Top 10 'show' Commands by Tom Lancaster
clip_image002

One of the most important abilities a network administrator can have is the know-how to get information out of his network devices so he can find out what's going on with the network. In most networks, the staple of information gathering has been the "show" commands. Here are my top ten commands to know and love:

  1. show version: Start simple; this command gives uptime, info about your software and hardware and a few other details.
  2. show ip interface brief: This command is great for showing up/down status of your IP interfaces, as well as what the IP address is of each interface. It's mostly useful for displaying critical info about a lot of interfaces on one easy to read page.
  3. show interface: This is the more popular version of the command that shows detailed output of each interface. You'll usually want to specify a single interface or you'll have to hit 'page down' a lot. This command is useful because it shows traffic counters and also detailed info about duplex and other link-specific goodies.
  4. show ip interface: This often overlooked command is great for all the configuration options that are set. These include the switching mode, ACLs, header compression, ICMP redirection, accounting, NAT, policy routing, security level, etc. Basically, this command tells you how the interface is behaving.
  5. show ip route: This indispensable command shows your routing table, which is usually the primary purpose of the box. Get to know the options on this command.
  6. show arp: Can't ping a neighbor? Make sure you're getting an arp entry.
  7. show running-config: This is an easy one. It tells you how the box is configured right now. Also, "show startup-config" will tell you how the router will be configured after the next reboot.
  8. show port: Similar to the show interface command on routers, this command gives you the status of ports on a switch.
  9. show vlan: With the trend toward having lots of VLANs, check this command to make sure your ports are in the VLANs you think they are. Its output is very well designed.
  10. show tech-support: This command is great for collecting a lot of info. It basically runs a whole bunch of other show commands, and spits out dozens of pages of detailed output, designed to be sent to technical support. But, it's also useful for other purposes.

Taken From: http://www.thenetworkadministrator.com/ciscoroutertips.htm

Sunday, February 12, 2012

Iperf Commands for Network Troubleshooting

Iperf is a very useful utility for network troubleshooting.  In this post I’ll share my list of Iperf commands that I have found useful.

What is Iperf?

Iperf is a network performance utility that can generate both TCP and UDP traffic for testing bandwidth, latency, and packet loss.  Iperf is very powerful and can easily generate enough traffic to saturate a 1Gb, or 10Gb connection.  Iperf is included with most Linux distributions but you can compile Iperf for windows if needed.

In order to use Iperf you’ll need to setup an Iperf server, Iperf clients can then connect to the server in order to run tests.  By default Iperf is uni-directional and sends data from the client to the server.

In my examples I’m using 192.168.1.1 as the address of my Iperf server.

Running iperf -s will setup a basic Iperf server, you can also run Iperf in daemon mode by running iperf -D.

Basic TCP Unicast Test

The simplest test you can do with Iperf is a basic TCP test.  By default the server will use a  TCP window size of 85.3KB.  The client will connect to the server on port 5001 using a TCP window size of 16KB.  The -t option instructs the client to run the test for 30 seconds instead of the default of 10 seconds.

[Server] – iperf -s -i 1

[Client] – iperf -c 192.168.1.1 -t 30

Parallel TCP connections

Parallel connections can be useful if you need to saturate the bandwidth of a link.  The bandwidth of a single TCP session can be greatly affected by the size of the receive window and the latency of the link.

To enable parallel connections add the -P flag to the Iperf client parameters followed by the number of connections you want.  Make sure to use a capital P, lowercase p will specify a different port number to connect on.

[Server] – iperf -s -i 1

[Client] – iperf -c 192.168.1.1 -t 30 -P 10

UDP Mode

Testing with UDP packets requires the -u flag on both the client and server.  The cool thing about UDP mode is that you don’t have to use a server.  Instead you can use the interface counters on your switches.  You can also specify the destination address to be a multicast group, the default TTL for multicast is 1 (be careful).  To set a different TTL use the -T option on the client.

If you want to test for jitter and packet loss then you should use UDP mode.

[Server] – iperf -s -i 1

[Client] – iperf -c 192.168.1.1 -t 30 -u

In UDP mode iperf defaults to 1Mb/s, you can tell it to use more bandwidth by using the -b flag followed by the number of bits/sec to send.  For example, iperf -c 192.168.1.1 -u -b 100000000 would send at a rate of 100Mb/s.

Bidirectional testing

If you want to test throughput both to and from the server at the same time you can use the -d option to run a bidirectional test.  This will send data to the server, and receive data from the server simultaneously.

[Server] – iperf -s -i 1

[Client] – iperf -c 192.168.1.1 -t 30 -d

Bandwidth limiting

If you need to test for packet loss or other problems at a specific rate of bandwidth you can use the -b flag to specify the maximum throughput in bits/second.

[Server] – iperf -s -i 1

[Client] – iperf -c 192.168.1.1 -t 30 -b 100000

Transfer 1GB of data then stop

Instead of running the test for a specific period of you can instruct Iperf to stop running after trasfering a certain amound of data.  The example below will send 1GB (1024³) of data to the server and then stop

[Server] – iperf -s -i 1

[Client] – iperf -c 192.168.1.1 -n 1073741824

Stop the iPerf server

To kill the iperf server just press CTRL+C in your terminal and it will interrupt the process.

If you are running iPerf in daemon mode you’ll need to find the process ID first

ps -ef | grep iperf
root     16186     1  0 22:00 ?        00:00:00 iperf -s -D

Then kill it

kill 16186

Useful References

Energy Sciences Network Host Tuning Guide

Using Iperf – Guide by Jon Dugan

Taken From: http://samkear.com/networking/troubleshooting/iperf-commands-network-troubleshooting