Wednesday, November 4, 2015

Track an IP on your Network

Who has never received the following question from a colleague:
- Hey, the network guy, could you find where is this laptop for me ? I have only his IP address.

To resolve this, you start to follow the IP address by looking in the arp and mac-address table of your switchs, routers and firewall. I have finished this boring job by using the following open source tool:
http://netdbtracking.sourceforge.net/

Developpers have alreay preconfigured a VM:
http://sourceforge.net/projects/netdbtracking/files/vmware/

After 30 minutes of the VM installation and some hours (depending of the size of your network) of configuration to enter your different equipment, you can provide a webtools reachable from everybody to track an IP.

You will find below some examples of host configuration.


  • HP Procurve (Layer 3)

hostname,devtype=procurvehpv2, arp


  • HP Procurve (Layer 2):

On this example, I skipped uplinks interfaces (45 and 47). I have also limited to 2 mac address by interface.
hostname,devtype=procurvehpv2,skip_port=45,skip_port=47,use_trunks,max_macs=2

Monday, July 27, 2015

Windows: find the MTU for a specific IP

The following command, give us the MTU for a specific destination:
U:\>netsh interface ipv4 show destinationcache address='IP_addresss'

  • Example on a classic LAN:

U:\>netsh interface ipv4 show destinationcache address=192.168.95.216
Destination              : 192.168.95.216
Next Hop Address         : 192.168.211.254
Source                   : 192.168.211.1
Interface                : Local Area Connection
Path MTU                 : 1500
Upper-layer MTU          : 1480
RTT mean                 : 3000
RTT deviation            : 0
Path transmit speed (Bps): 0
Path receive speed (Bps) : 0
Link transmit Speed (bps): 1000000000
Link receive Speed (bps) : 1000000000


  • Example with an IPsec Tunnel:


U:\>netsh interface ipv4 show destinationcache address=192.168.95.216
Destination              : 192.168.95.216
Next Hop Address         : 192.168.95.216
Source                   : 192.168.243.197
Interface                : Local Area Connection
Path MTU                 : 1400
Upper-layer MTU          : 1380
RTT mean                 : 40
RTT deviation            : 20
Path transmit speed (Bps): 0
Path receive speed (Bps) : 0
Link transmit Speed (bps): 2000000000
Link receive Speed (bps) : 2000000000

Tuesday, July 7, 2015

Configure PIM-sparse mode between Cisco and HP Procurve

This post explains how to configure PIM-sparse mode between a Cisco and HP Procurve environment. In our case, we have the following components:
- Cisco2 (Rendez-vous Point)
- Cisco1 (PIM router)
- HP1 (PIM router and IGMP edge router)




  • Configuration

    • Cisco2 (RP):


ip multicast-routing
ip pim rp-address 10.10.30.1 (we can filter group here with an ACL)
!
interface Gi1/0/1
 description *** TO Cisco1 ***
 ip address 10.10.20.2 255.255.255.0
 ip pim sparse-mode
!
interface Vlan100
 description *** VLAN Source ***
 ip address 10.10.30.1 255.255.255.0
 ip pim sparse-mode

    • Cisco1:

ip multicast-routing
ip pim rp-address 10.10.30.1    
!
interface Gi1/0/1
 description *** TO Cisco2 ***
 ip address 10.10.20.1 255.255.255.0
 ip pim sparse-mode
!
interface Gi1/0/1
 description *** TO HP1 ***
 ip address 10.10.10.1 255.255.255.0
 ip pim sparse-mode

    • HP1:


ip multicast-routing
!
router pim
   enable
   rp-address 10.10.30.1 224.0.0.0 240.0.0.0 (we can filter group here)
   exit
!
vlan 316
   name "To Cisco1"
   untagged A1
   ip address 10.10.10.2 255.255.255.0
   ip pim-sparse
      ip-addr any
      exit
!
vlan 200
   name "200-RECEIVER"
   untagged A1
   tagged A13-A15,B20,Trk1
   ip address 10.10.40.1 255.255.255.0
   ip igmp
   ip pim-sparse
      ip-addr any
      exit

  • Validation

Check PIM neighbors adjacency on HP:

HP1# sho ip pim neighbor

 PIM Neighbors

  IP Address      VLAN Up Time (sec)      Expire Time (sec)
  --------------- ---- ------------------ ------------------
  10.10.10.1      316  2305990            103


The receiver is requesting traffic from the source (IGMP membership report):

HP1# sho ip igmp vlan 200

 IGMP Service Protocol Info

  Total VLANs with IGMP enabled                : 7
  Current count of multicast groups joined     : 1

  IGMP Filter Unknown Multicast: Disabled
  IGMP Filter Unknown Multicast Status: Disabled

  VLAN ID : 200
  VLAN Name : 200-RECEIVER
  IGMP version : 2
  Querier Address [this switch] : 10.10.40.1
  Querier Port :
  Querier UpTime : 129d 3h 48m 43s
  Querier Expiration Time : 0h 0m 58s

  Active Group Addresses Type       Expires         Ports      Reports Queries
  ---------------------- ---------- --------------- ---------- ------- -------
  239.1.1.1              Filter     0h 4m 19s       A1         3       0

HP1# sho ip igmp groups

 IGMP Group Address Information

  VLAN ID Group Address   Expires       UpTime        Last Reporter   | Type
  ------- --------------- ------------- ------------- --------------- + ------
  200     239.1.1.1       0h 3m 27s     0h 2m 4s      10.10.40.2    | Filter

Check mroute on HP and Cisco:

HP1# sho ip pim mroute

 IP Multicast Route Entries

  Total number of entries : 1

  Group Address   Source Address  Neighbor        VLAN
  --------------- --------------- --------------- ----
  239.1.1.1       10.10.30.2      10.10.10.1      316


Cisco2#show  ip mroute
IP Multicast Routing Table
...

(*, 239.1.1.1), 00:02:43/00:02:46, RP 10.10.30.1, flags: S
  Incoming interface: GigaEthernet1/0/2, RPF nbr 10.10.20.2
  Outgoing interface list:
    GigaEthernet1/0/1, Forward/Sparse, 00:02:43/00:02:46

(10.10.30.1, 239.1.1.1), 00:02:43/00:00:16, flags: T
  Incoming interface: GigaEthernet1/0/2, RPF nbr 10.10.20.2
  Outgoing interface list:
    Port-channel3, Forward/Sparse, 00:02:43/00:02:46



Monday, July 6, 2015

Configure Distributed Trunking on HP Procurve and MEC on Cisco VSS

Distributed Trunking is the 'equivalent' of the vPC on the Cisco Nexus Series. It's a link aggregation technique which can be used even if the host is connected on 2 differents switchs. The following design has been built between 2 HP 5400 and 2 Cisco 4500 in VSS mode.



  • Configuration on the Cisco Switch:

interface Port-channel20
 description TO-HP-DT
 switchport
 switchport mode trunk
!
interface TenGigabitEthernet1/5/4
 description TO-HP-DT-1
 switchport mode trunk
 channel-group 20 mode active
!
interface TenGigabitEthernet2/5/4
 description TO-HP-DT-2
 switchport mode trunk
 channel-group 20 mode active


  • Configuration of the HP 1:
    • Configure ISC
trunk B7,E8 trk10 lacp
switch-interconnect trk10
vlan xxx
 tagged trk10
vlan xxx
 tagged trk10
...
    • Configure the keepalive 
interface D20
   name "Keep-Alive"
   exit
vlan 900
   name "VLAN900"
   untagged D20
   ip address 192.168.100.1 255.255.255.0
   exit
distributed-trunking peer-keepalive vlan 900
distributed-trunking peer-keepalive destination 192.168.100.2
    • Configure the dt-lacp between the VSS and the HP:
trunk A1,B1 trk1 dt-lacp

  • Configuration of the HP 2:
    • Configure ISC
trunk B7,E8 trk10 lacp
switch-interconnect trk10
vlan xxx
 tagged trk10
vlan xxx
 tagged trk10
...
    • Configure the keepalive 
interface D20
   name "Keep-Alive"
   exit
vlan 900
   name "VLAN900"
   untagged D20
   ip address 192.168.100.2 255.255.255.0
   exit
distributed-trunking peer-keepalive vlan 900
distributed-trunking peer-keepalive destination 192.168.100.1
    • Configure the dt-lacp between the VSS and the HP:
trunk A1,B1 trk1 dt-lacp
  • Validation:
HP-1# show switch-interconnect
Port         : Trk10
Status       : Up
Active VLANs : 1,100,200,300


HP-1# show distributed-trunking statistics peer-keepalive
DT peer-keepalive Status : Up

HP-1# show  distributed-trunking consistency-parameters trunk trk1

Allowed VLANs on Local : 1,100,200,300
Allowed VLANs on Peer  : 1,100,200,300

HP-1# show  lacp distributed

                             Distributed LACP

Local Port Status:

       LACP    Trunk   Port            LACP    Admin  Oper
  Port Enabled Group   Status  Partner Status  Key    Key
  ---- ------- ------- ------- ------- ------- ------ ------
  A1   Active  Trk1    Up      Yes     Success 0      290


Remote Port Status:

          LACP      Trunk     Port                LACP      Oper
   Port   Enabled   Group     Status    Partner   Status    Key
   ----   -------   -------   -------   -------   -------   ------
   A1     Active    Trk1      Up        Yes       Success   20

C4510-VSS-Core#show  lacp 20 neighbor

Partner's information:

                  LACP port                        Admin  Oper   Port    Port
Port      Flags   Priority  Dev ID          Age    key    Key    Number  State
Te1/5/4   SA      0         40a8.f07b.a400   2s    0x0    0x0    0x271F  0x3D
Te2/5/4   SA      0         40a8.f07b.a400   4s    0x0    0x0    0x271A  0x3D


Some remarks:
- ISC is only supported in MST mode

Monday, March 9, 2015

Migrate from spanning-tree redundancy to LACP

Just a small memo of how migrate from spanning-tree redundancy to LACP with the minimum of outage.
If you follow these steps, you will normally not loose the control to your remote switch (or just during the spanning-tree convergence time).

Before the beginning of the migration, we have the following topology:

Start of the migration:

Access switch:
interface Gig 0/2
shut

Core switch:
int port-channel 10
shut
!
default interface Gi0/2
!
interface Gi0/2
channel-group 10 mode active
!
int po 10
switchport mode trunk
switchport trunk allowed vlan all



Core switch:
interface Gi0/2
shut

Access switch:
interface port-channel 1
!
default interface Gig 0/2
!
int Gig 0/2
channel-group 1 mode active
!
int po1
switchport mode trunk
switchport trunk allowed vlan all
no shut


Core switch:
interface port-channel 10
no shut




Access switch:
int Gig 0/1
shut

Core switch:
default int Gi0/1
!
int Gi0/1
switchport mode trunk
switchport trunk allowed vlan all
channel-group 10 mode active


Core switch:
int Gi0/1
shut

Access switch:
default int Gig 0/1
!
int Gig 0/1
switchport mode trunk
switchport trunk allowed vlan all
channel-group 1 mode active

Core switch:
int Gi0/1
no shut