jye: 2012

Tuesday 31 January 2012

review of split-horizon

Distance vector routing protocols like RIP and EIGRP rely on a number of measures for loop avoidance. One of these is split horizon, which prevents a route from being readvertised out the interface on which it was received. For example, if a router learns about 192.168.0.0/16 from a neighbor on its Serial1/0 interface, it can't advertise that route back out Serial1/0. This helps mitigate routing loops while working to optimize communication between neighbors.
However, there are instances where split horizon is undesirable. One good example of such a scenario is a nonbroadcast multiaccess (NBMA) frame relay network lacking a full mesh. Such a topology is illustrated below:

The point-to-multipoint frame relay network is comprised of two virtual circuits, one between R1 and R2 and one between R2 and R3. All three routers are addressed within the 10.0.0.0/24 subnet. EIGRP adjacencies are formed along the virtual circuits (R1 peers with R2 but not with R3):

R1# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                        (sec)         (ms)       Cnt Num
0   10.0.0.2                Se1/0            153 02:26:57   16   200  0  11

R2# show ip eigrp neighbors
IP-EIGRP neighbors for process 1
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                        (sec)         (ms)       Cnt Num
1   10.0.0.3                Se1/0            134 02:27:00  527  3162  0  7
0   10.0.0.1                Se1/0            169 02:27:00  547  3282  0  7

Remember that the split horizon rule forbids R2 from relaying advertisements back out the interface on which they were received. As a result, R3 never receives advertisements from R1 and vice versa. Here we can verify R3 has no knowledge of R1's 192.168.1.0/24 network:

R3# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2
   i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
   ia - IS-IS inter area, * - candidate default, U - per-user static route
   o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Serial1/0
D    192.168.2.0/24 [90/2195456] via 10.0.0.2, 02:29:48, Serial1/0
C    192.168.3.0/24 is directly connected, FastEthernet0/0

One solution to this predicament is to disable split horizon for EIGRP on R2. This is accomplished with the command no ip split-horizon eigrp <AS> under interface configuration.

R2(config)# interface s1/0
R2(config-if)# no ip split-horizon eigrp 1

This command will prompt EIGRP to immediately tear down and reestablish all its adjacencies on the interface, as evidenced by this log message on R2:

%DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 10.0.0.3 (Serial1/0) is resync: split
horizon changed

When the adjacencies are reformed, we can see that R2 is now relaying advertisements between R1 and R3:

R3# show ip route

10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Serial1/0
D    192.168.1.0/24 [90/2707456] via 10.0.0.2, 00:02:39, Serial1/0
D    192.168.2.0/24 [90/2195456] via 10.0.0.2, 02:33:55, Serial1/0
C    192.168.3.0/24 is directly connected, FastEthernet0/0

Additionally, if we were running RIP instead of EIGRP, the command to disable split horizon is simply no ip split-horizon at the interface.

hints:
1.Split Horizon is disabled by default for RIP on interfaces with Frame Relay or SMDS encapsulation, but not for EIGRP, not for subinterfaces, and not for other encapsulation types.
2.
While you can do this in a NBMA network (like FRS) to allow connectivity this can also be solved another way.
You can enable SubInterfaces on all NBMA segments instead keeping split horizon enabled for nearly loop-free performance and still allowing full connectivity in an NBMA FRS.
3.This is also very useful in DMVPN deployments where you don't have a full EIGRP mesh.

Sunday 15 January 2012

H323,SIP,MGCP,SCCP

H.323:a big packet which allows simultaneous voice,video and data to transmit across ISDN connections.(peer-to-peer architecture)
SIP:Session Initiation Protocol,the next generation of H.323. It supports all of these protocols which H323 does, but it's primary functionality is setting up the session, it does not contain all of the packets which H323 has. It passes off the responsibility of the voice or video call to other protocols. It's a much more light-weight and scalable protocol than H323.(peer-to-peer)
MGCP:Media Gateway Control Protocol, the first true"client/server" VOIP signalling protocol. it reports every action to CUCM.
SCCP: Skinny Client Control Protocol, cisco-proprietary. it's not specifically designed for gateway signaling and control. the primary goal of SCCP is to provide a signalling protocol between CUCM and Cisco IP phones.(client/server)

Wednesday 11 January 2012

NEXUS7000

Nexus7000:
VDC:virtual Device Context. By using the VDC feature, we can segment the physical
Nexus7000 in multiple logical switches each of which runs in a separate memory
space and provides total isolation between the VDCs.
NX-OS is a fully modular operating system; most software modules don't run unless
the correspondent service(which called conditional services) is enabled.
VPC:virtual port channel
the VPC functionality provides the following benefits:
.allow a single device to use a port channel across two upstream devices
.eliminates STP blocked ports
.provides a loop-free topology
.uses all available uplink bandwidth
.provides fast convergence if either the link or a device fails
.provides link-level resilency
.assures high availability
The terminology used for vPCs is as follows:
• vPC — The combined port channel between the vPC peer devices and the downstream
device.
• vPC peer device — One of a pair of devices that are connected with the special
port
channel known as the vPC peer link.
• vPC peer link — The link used to synchronize states between the vPC peer devices.
Both ends must be on 10-Gigabit Ethernet interfaces.
• vPC domain — This domain is formed by the two vPC peer link devices. It is also a
configuration mode for configuring some of the vPC peer link parameters.
• vPC peer keep-alive link — The peer keep-alive link is a Layer3 link between the
vPC
peer devices used to ensure that both devices are up. The fault-tolerant link sends
configurable, periodic keepalive messages between devices connected by the vPC peer
link on an out-of-band link.
• vPC member port — Interfaces that belong to the vPCs.

#show module
#show version
NX-OS is composed by two images: kickstart image that contains Linux Kernel and a
system image that contains most of the NX-OS software components.
#sh run all | begin mgmt0
#sh vrf interface
#sh vrf management interface
#conf t
#int mgmnt0
#vrf member management
#ping 10.1.1.1 vrf management
improved CLI piping, is similar to the one on Linux machines.
#show run | grep ?(to print lines matching a pattern)

Role Based Access Control:RBAC
#show role
#show role feature
#show role feature-group
#conf t
#role name nxos
#rule 1 permit read
#rule 2 permit read-write feature cdp
#rule 3 permit command ping * ( *=matches all)
#rule 4 permit command conf t ; interface *
a role can also specific what resources in terms of interface,vlans and vrfs the
user is entitled to access:
#interface policy deny
#permit interface e2/1
#show role name nxos
attach the role with user
#username rbac pass rbac role nxos

configuraion rollback:
NX-OS fully support configuraiton rollback, allowing you to revert to a previous
configuration state.
#checkpoint nxos
#show checkpoint summary
compare the different between the current config and the previous config:
#show diff rollback-patch checkpoint nxos running-config
rollback the config
#rollback running-config checkpoint nxos

Links up with spanning tree
default ST: rapid PVST
#feature lacp (enable the conditional service)
#vlan 1-4
#spanning-tree vlan 1-4 priority 4096
#int po 10
#switchport mode trunk
#sw tr allow vlan 1-4
#spa port type network
(enable bridge assurance, causing the switch to send BPDUs on all operational
ports)
#descri link to the other N7K
#no shutdown
#int e2/1
#shut
#rate-mode dedicated
#switchport
#sw mo tr
#sw tr allowed vlan 1-4
#no shut
#channel-group 10 mode active
#exit
#show port-channel sum
#show spanning-tree vlan 3

HSRP
#feature interface-vlan(enable SVI service)
#feature hsrp (enable hsrp service)
#int vlan 2
#hsrp 1
#preempt delay minimum 180
#priority 20
#times 1 3
#ip 192.168.12.2
#show hsrp brief

Moving the topology from STP-based to VPC-based
config steps:
1.enable VPC service
2.create the VPC domain
3.configure the peer-link port channel and place it in VPC peer-link mode
4.configure the access layer facing port channels and place them in VPC mode
#conf t
#feature vpc
#vpc domain 1
#role priority 1000 (the lower priority wins)
#peer-keepalive dest 10.1.1.2 source 10.1.1.1
#show vpc peer-keepalive (check the status of the fault-tolerant link)
#int port-channel 10
#vpc peer-link
#show vpc brief

VDC:virtual device contexts
#show vdc
#conf t
#no vdc pod1-s1
#vdc pod2-s2
#allocate interface ethernet 2/2
restart:delete the VDC then re-create it with running configuration
bringdown:delete the VDC
reset:reset the active supervisor or force a supervisor switchover
#ha-policy single-sup restart dual-sup restart
#limit-resource vrf min 16 max 20
#show vdc pod2-s2 membership
switchto newly created VDC
#switchto vdc pod2-s2

MPLS:RD, RT

MPLS:multiprotocol lable switching
RD:route distinguisher, 64bit length. transform an 32bit IP add to 96bit vpnv4 address, so that it will be unique in the network even you use the same range of private ip address in your network.
RT:route target, 64bit BGP community. import and export functionality. can decide which route you want to send the traffic for.
the name of RT can be different, they are not related.
e.g: #ip vrf vpn1
      #rd 10.1.1.1:1
      #route-target import 1:1(can choose which one you wanna import)
      #route-target export 1:1
     #do sh ip vrf
     #do sh ip bgp vpnv4 all

Saturday 7 January 2012

Voice gateway protocols

H225 setup:ringing

H245 feature:negotiate codec g711,g729

H225 RAS: communicate to gatekeeper

RRQ RRQ

gateway-----gatekeeper-----gateway

RCF RCF

once call finished:disengage confirm

gatekeeper(control center):bandwidth,where to forward the call, allow the call forward/drop

gatekeeper commands:

zone local

zone remote

zone prefix

no shut

gateway commands:

h323-gateway voip int

h323-gateway voip ID

h323-gateway voip h323-ID

h323-gateway voip bind

session target RAS

gateKeeper:

#gatekeeper

#zone local gk1.cisco.com cisco.com 10.1.1.1

#zone remote gk2.cisco.com cisco.com 10.1.1.2

#zone prefix gk1.cisco.com 7...

#zone prefix gk2.cisco.com 8...

#no shut

#exit

gateWay

#interface f0/0

#h323-gateway voip interface

#h323-gateway voip id gk1.cisco.com ipaddr 10.1.1.1 1718

#h323-gateway voip h323-id myrouter

#h323-gateway voip bind srcaddr 1.1.1.1

#exit

#dial-peer voice 100 voip

#destination-pattern ....

#session target ras (gatekeeper)

#exit

MGCP relys on call agent(CUCM)

events: on-hook,off-hook,hookflash,fax/modem tones,dial DTMF digits

signal: busy tone,call waiting tone,dial tone,DTMF tone,ringing tone,ringback tone

configuration:

#mgcp

#mgcp call-agent 192.168.12.120

#dial-peer voice 1 pots

#port 1/1/0

#application MGCPAPP

#exit

SIP concepts and configuration

1.the SIP standards and architechture

SIP was created by IETF

based on many of the previous protocols(HTTP,SMTP,DNS..)

uses text-based(ASCII) communication

more of an "all-in-one"

2.the SIP components

database-->SIP proxy-->user agent

3.SIP request/response messages

invite->ACK->BYE->cancel->options->register->info

4.SIP addressing

using E.164 address

sip://1212@cisco.com

using FQDNS

SIP://123@cisco.com

5.sample SIP call setup

invite(SDP)->trying-->ringing(SDP)-->OK(400)-->(ACK)-->RTP-->RTCP

6.configuration a cisco router for SIP

#conf t

#sip-ua

#sip-server dns:sip123(ipv4:10.1.1.1)

#exit

to a sip-server

#dial-peer voice 15 voip

#destination-pattern ....

#session protocol sipv2

#session target sip-server

to a normal peer router

#dial-peer voice 16 voip

#destination-pattern 99...

#sessin protocol sipv2

#session target ipv4:5.5.5.5

H323 VS MGCP link:

http://www.cisco.com/en/US/tech/tk1077/technologies_tech_note09186a00806fedbe.shtml

cisco unity express auto-attendant script editor

The link for writing and editing script for CUE 7.0 and later: http://www.cisco.com/en/US/docs/voice_ip_comm/unity_exp/rel7_0/administrator/script/scripteditor.html

More for Auto-Attendant: Multiple cisco unity AA call transfer

This document explains how to set up multiple Cisco Unity AutoAttendants and how to configure Cisco CallManager to forward calls to the AutoAttendants. Link: http://www.cisco.com/en/US/products/sw/voicesw/ps2237/products_tech_note09186a00801e6ef6.shtml

Cisco callmanager auto-attendant

Cisco callmanager auto-attendant allows callers to locate people in the organizaiton without talking to receptionist. You can use the default prompts or customize your own prompts. When an incoming call hits the voice gateway, the voice gateway searches its transfer rules and transfer the call to CUCM, CUCM looks for CTI route points and hands off to Auto-Attendant. Auto-attendant then prompts the options for caller to choose and then transfer the call to the phone accordingly. Here is the diagram for a better understanding.

links: http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a008015bf9f.shtml http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_5_1/ccmfeat/fsaa.html#wp1219806

Friday 6 January 2012

Laptop for Cisco Voice lab

I have been trying to setup an efficient cisco voice lab environment for studying Cisco Callmanager 8.x and Cisco Unity Connection. I have managered to install and run CUCM and CUC in my current laptop. But it only has 4GB RAM, I can only run CUCM or CUC at one time. I am thinking of getting another laptop for running these. My badget is around 500 pound. The idea laptop must have a second-generation CPU(i3,i5 or even i7) combinds with at least 8 GB RAM, I don't care about the GPU cos I have stopped play computer games for ages. Having done some research, I realized Intel would launch the new generation CPU in April 2012. Following by Intel's 'tick-tock' strategy, this new generation CPU will be called ivy bridge and will be 10% improved performance compared with the 2nd sandy bridge. So should I just wait and see? And also the bigger RAM should be cheaper, 8GB RAM(4x2 kit) is around 100 pound in the UK, hopefully it will be much soon.