slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Extreme 교육 자료 PowerPoint Presentation
Download Presentation
Extreme 교육 자료

Loading in 2 Seconds...

play fullscreen
1 / 75

Extreme 교육 자료 - PowerPoint PPT Presentation


  • 1004 Views
  • Uploaded on

Extreme 교육 자료. 목 차. 1.Account 설정 2. Vlan 생성과 제거 3. Static routing 4. ESRP 5. 기본적인 명령어 6. Sharing (=trunking) 7.Spanning tree protocol 8. SLB 9. Flow-redirection(WCR) 10. Access-list 11. OSPF. Account 설정. Example #1. Summit48:1 > create account Next possible completions:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Extreme 교육 자료' - fern


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide2
목 차

1.Account설정

2. Vlan 생성과 제거

3. Static routing

4. ESRP

5. 기본적인 명령어

6. Sharing (=trunking)

7.Spanning tree protocol

8. SLB

9. Flow-redirection(WCR)

10. Access-list

11. OSPF

account
Account 설정

Example #1

Summit48:1 > create account

Next possible completions:

admin user ( admin은 read/write user는 read only)

Summit48:1 > create account admin

Next possible completions:

<name>

Summit48:1 > create account admin

Next possible completions:

<name>

Summit48:1 > create account admin testadmin

Next possible completions:

encrypted <cr> <password>

Summit48:1 > create account admin testadmin testpassword

Next possible completions:

<cr>

Summit48:1 > create account admin testadmin testpassword

Summit48:1 > delete account testadmin

slide4

Password 변경

* Summit48:1 # conf account testadmin <tab>

Next possible completions:

encrypted <name> <cr>

* Summit48:1 # conf account testadmin <enter>

password:

Reenter password:

vlan setting 1
VLAN SETTING(1)
  • 기본적으로 Default VLAN에 모든 port들이 들어있다. 먼저 이 port들을 제거 해 준다.

Summit48:1 # sh vlan

VLAN Interface[0-fdf] with name "Default" created by user

Tagging: 802.1Q Tag 1

IP: Waiting for bootp reply.

IPX: Not configured

STPD: Domain "s0" is not running spanning tree protocol

Protocol: Match all unfiltered protocols.

Qos Profile: QP1

Ports: 50. (Number of active port=0)

Untag: 1 2 3 4 5 6 7 8 9

10 11 12 13 14 15 16 17 18 19

20 21 22 23 24 25 26 27 28 29

30 31 32 33 34 35 36 37 38 39

40 41 42 43 44 45 46 47 48 49

50

slide6

VLAN SETTING(2)

Summit48:2 # config default delete port all

만약 1번과 5번 port를 제거 한다면 all 부분에 1, 5라고 넣어주면 됨

1번 부터 5번 까지의 port들을 제거 한다면 1 – 5라고 넣어주면 됨

Summit48:3 # sh vlan

VLAN Interface[0-fdf] with name "Default" created by user

Tagging: 802.1Q Tag 1

IP: Waiting for bootp reply.

IPX: Not configured

STPD: Domain "s0" is not running spanning tree protocol

Protocol: Match all unfiltered protocols.

Qos Profile: QP1

Ports: 0. (Number of active port=0)

slide7

VLAN SETTING(3)

VLAN을 creat 명령어를 사용해 만든다.

Summit48:4 # creat vlan test

만든 VLAN에 port를 추가시킨다.

Summit48:5 # config vlan test add port 1 – 4

만약 BlackDiamond라면 1:1 – 1:4 형식으로 추가 해야 한다. (모듈 넘버:포트 넘버)

VLAN에 IP Address를 입력한다.

Summit48:6 # config vlan test ipadd 100.100.100.100/24

IP interface for VLAN locus-inside has been created.

IP address = 100.100.100.100, Netmask = 255.255.255.0.

VLAN의 IP Address를 바꾸려면 IP Address만 변경하여 위와 동일하게 하면 됨.

*주의 사항

만약 여러개의 VLAN이 있으면 VLAN간에 Traffic이 흐르도록 하기 위해

VLAN을 만들 때 마다 * Summit48:14 # enable ipforwarding명령어를 실행 시킨다.

slide8

VLAN SETTING(4)

Summit48:7 # sh vlan

VLAN Interface[0-fdf] with name "Default" created by user

Tagging: 802.1Q Tag 1

IP: Waiting for bootp reply.

IPX: Not configured

STPD: Domain "s0" is not running spanning tree protocol

Protocol: Match all unfiltered protocols.

Qos Profile: QP1

Ports: 0. (Number of active port=0)

VLAN Interface[1-fdc] with name “test" created by user

Tagging: Untagged (Internal tag 4095)

IP: 100.100.100.100/255.255.255.0

IPX: Not configured

STPD: Domain "s0" is not running spanning tree protocol

Protocol: Match all unfiltered protocols.

Qos Profile: QP1

Ports: 4. (Number of active port=0)

Untag: 1 2 3 4

slide9

VLAN SETTING(5)

BlackDiamond:9 # sh vlan

Name VID Protocol Addr Flags Proto Super Ports

Default 0001 0.0.0.0 /BP -----f----- ANY 0/145

MacVlanDis 4095 ------------------ ---- - ANY 0/ 0

Mgmt 4094 ------------------ ----- ANY 0/ 1

trunk 4093 100.100.100.246/30 -----f--o-- ANY 1/ 1

backbone2 4092 100.100.100.41 /28 -----f--o-- ANY 1/ 1

loop-back 4091 100.100.100.74 /32 -L---f--o-- ANY 0/ 0

neowiz 0601 100.100.101.126/27 -----f--o-- ANY 2/ 2

cckvan 0602 100.100.101.94 /29 M----f--o-- ANY 2/ 2

itventure 0603 100.100.101.250/30 M----f--o-- ANY 2/ 2

test 0604 100.100.102.1 /27 M----f--o-- ANY 2/ 2

backbone1 4090 211.106.158.169/27 -----f--o-- ANY 1/ 1

Flags : M=ESRP Master, E=ESRP Slave, G=GVRP Enabled, L=Loopback Enabled

S=SuperVlan, s=SubVlan, R=SubVLAN IP Range Configured

C=Domain-masterVlan, c=Domain-memberVlan

f=IP Forwarding Enabled, m=IPmc Forwarding Enabled

r=RIP Enabled, o=OSPF Enabled, p=PIM Enabled, d=DVMRP Enabled

R=IPX RIP Enabled, P=IPX SAP Enabled

N=GNS Reply Enabled, 2=IPX Type 20 Forwarding Enabled

default gateway setting
Default Gateway SETTING

Summit48:17 # config iproute add default 100.100.100.1

Summit48:18 # sh iproute

Destination Gateway Mtr Flags Use VLAN Origin

100.100.100.0/24 100.100.100.100 1 0 test Direct

200.200.200.0/24 200.200.200.200 1 0 test1 Direct

127.0.0.1/8 127.0.0.1 0 U H 0 Default Direct

Default Route 100.100.100.1 1 G M 0 test Static

Total number of routes = 4.

Mask distribution:

1 default routes 1 routes at length 8

2 routes at length 24

Route origin distribution:

3 routes from Direct 1 routes from Static

static routing setting
STATIC ROUTING SETTING

Summit48:20 # config iproute add 200.200.100.0 255.255.255.0 200.200.200.1

destination address next hop

Summit48:21 # sh iproute

Destination Gateway Mtr Flags Use VLAN Origin

100.100.100.0/24 100.100.100.100 1 0 test Direct

200.200.100.0/24 200.200.200.1 1 G M 0 test1 Static

200.200.200.0/24 200.200.200.200 1 0 test1 Direct

127.0.0.1/8 127.0.0.1 0 U H 0 Default Direct

Default Route 100.100.100.1 1 G M 0 test Static

Total number of routes = 5.

Mask distribution:

1 default routes 1 routes at length 8

3 routes at length 24

Route origin distribution:

3 routes from Direct 2 routes from Static

static routing iproute sharing
Static routing 제거 및 iproute sharing
  • Summit48:20 # config iproute delete 200.200.100.0 255.255.255.0 200.200.200.1
  • 동일한 destination에 대해서 static routing경로가 2개 이상일 경우 이를

round-robin으로 사용할 수 있다. 경로 백업이 아니고 동시에 사용하기 위해서는 다음과 같은 명령어를 사용한다.

* Summit48:10 # enable iproute sharing

* Summit48:11 # show iprou

Destination Gateway Mtr Flags Use VLAN Origin

211.116.235.192/26 211.116.235.245 1 U 111858 global Direct

100.100.100.0/24 100.100.100.1 1 U 154 test1 Direct

200.200.200.0/24 211.116.235.254 1 UG M 0 global Static

200.200.200.0/24 100.100.100.10 1 UG M 0 test1 Static

127.0.0.1/8 127.0.0.1 0 U H 0 Default Direct

Default Route 211.116.235.254 1 UG M 124683 global Static

esrp setting 1
ESRP SETTING(1)

ESRP는 시스코의 HSRP, Foundrynetworks의 FSRP와 같이 L3기능과 동시에

Spanning tree기능과 같이 L2 blocking을 제공한다.

즉 default gateway backup기능과 Link backup기능을 제공한다.

MASTER쪽과 SLAVE쪽

VLAN의 IP Address는 동일

하게 setting.

ESRP SLAVE

ESRP MASTER

만약 어떤 장비에게 Traffic이

흐르지 않는다면 장비가 현재

MASTER에 연결되어 있는지 확인

SLAVE 쪽으론 Traffic이 흐르지

않음.

slide14
enable esrp vlan <name>

Enables ESRP on a VLAN

  • disable esrp vlan <name>

Disables ESRP on a VLAN

  • config vlan <vlan name> esrp priority <value>

Configures the ESRP priority. The range is 0 to 255. The higher number has higher priority. The default setting is 0.

  • config vlan <vlan name> esrp timer <hello_timer>
    • Configures the time between ESRP updates. The range is 1 to 255 seconds. The default setting is 2 seconds. The timer setting must be configured identically for the VLAN across all participating switches.
    • Hello_timer is a protocol
  • show esrp <vlan name> <all> <cr>
esrp election algorithms 1
ESRP ELECTION ALGORITHMS(1)
  • ESRP ELECTION ALGORITHMS

다섯가지의 master 선정방식중 한가지를 설정할 수 있다. 각각의 election algorithms에 대한 선정 기준에 대한 설명이다.

이 방식의 설정은 i chip에서만 가능하다.

config vlan <name> esrp election-algorithm <tab>

• ports_track_priority_mac — Active ports, tracking information, ESRP riority,

MAC address (Default)

• track_ports_priority_mac — Tracking information, active ports, ESRP riority,

MAC address

• priority_ports_track_mac — ESRP priority, active ports, tracking information,

MAC address

• priority_track_ports_mac — ESRP priority, tracking information, active ports,

MAC address

• priority_mac_only — ESRP priority, MAC address

esrp election algorithms 2
ESRP ELECTION ALGORITHMS(2)
  • config vlan <name> add track-ping <ipaddress> frequency <seconds> miss <number>

지정된 ip로 ping을 쳐서 응답이 없으면 master가 될 수 없다.

  • config vlan <name> add track-route <ipaddress>/<masklength>

지정된 track-route ipaddress에 대한 route가 없으면 master가 될 수 없다.

  • config vlan <name> add track-vlan <vlan_tracked>

지정된 vlan이 active되지 안으면 master가 될 수 없다.

  • config vlan <name> delete track-ping <ipaddress> frequency <seconds> miss <number>
  • config vlan <name> delete track-route <ipaddress>/<masklength>
  • config vlan <name> delete track-vlan <vlan_tracked>
esrp setting 2 esrp host mode
ESRP SETTING(2) – ESRP host mode
  • ESRP에서는 host mode를 지원한다. 특정하게 정해진 port로는 ESRP slave에서도 통신이 가능하게 하는 방법이다. Server에서 dual link가 지원되어 한 port는 active이고 다른 port가 slave로 사용 가능한 경우 매우 유용하다.
  • config esrp port-mode [host | normal] ports

여기서 port-mode를 host로 설정해 주어야 한다.

각 server가 active / backup를 지원하는

lan card를 장착하였을 경우 사용

A-server의 active한 쪽이 fail 된다 하더라도

esrpmaster slave가 바뀌면 안된다.

이런경우 ESRP slave쪽으로 A-server가

통신을 할 수 있어야 한다.

Config esrpport-mode host ports를 해주면

A-server도 backup port를 이용하여

slave ESRP쪽을 통해서 통신이 가능하다.

active

standby

ESRP

slave

ESRP

master

A B C D E

slide18

기본적인 명령어들

장비의 Configuration을 삭제하는 방법

Summit48:8 # Unconfigure switch all

위와 같은 명령을 내리면 장비가 Configuration을 지운 후 재 부팅 함.

설정된 것이 아니라 새로 만들려는 항목들에 대한 명령어 순서는 대부분이

Create  config 순서로 이루어 진다.

Create vlanname

Config vlanname 등등의 형식

기존에 가지고 있는 항목들은 대개 enable , disable로 처리된다.

Enable route sharing

Enable ipforwording

설정에 대해 지우고 싶을때는 delete 혹은 config name delete등의 형식으로 이루어 진다.

Delete vlanname

Delete account 등의 형태를 가진다.

slide19

기본적인 명령어들

장비에 image 또는 Bootrom을 upgrade 하는 방법

Image upgrage

Summit48:19 # download image 100.100.100.100 s4119b2.Z secondary

tftp서버 주소 image 명 primary 또는 secondary

Summit48:33 # use image secondary

다음 부팅 부턴 secondary에 있는 image를 사용

Summit48:34 # reboot

장비 재 부팅

Bootrom upgrade

Summit48:33 # download bootrom 100.100.100.100 sboot_1_9.bin

Summit48:34 # reboot

slide20

기본적인 명령어들

Configuration을 secondary에 저장한 후 다음 부팅부터 secondary에 있는

Configuraton을 사용

Summit48:2 # save configuration secondary

Summit48:3 # use configuration secondary

Upgrage 후 BlackDiamond에 장착되어 있는 두개의 MSM모듈을 동기화 시킨다.

BlackDiamond에서 A Slot에 있는 모든 image와 configuration을 B Slot에 복사

BlackDiamond:1 # synchronize 

slide21

기본적인 명령어들

다른 장비와 연결된 port가 제대로 동작하는지 확인

Summit48:8 # Sh port stats

Port Statistics Tue Jan 16 11:44:57 2001

Port Link Tx Pkt Tx Byte Rx Pkt Rx Byte Rx Rx

Status Count Count Count Count Bcast Mcast

==============================================================

1 ACTIVE 2085 469123 88528 12187150 43295 44841

2 READY 0 0 0 0 0 0

3 READY 0 0 0 0 0 0

4 READY 0 0 0 0 0 0

5 READY 0 0 0 0 0 0

6 READY 0 0 0 0 0 0

7 READY 0 0 0 0 0 0

8 READY 0 0 0 0 0 0

9 READY 0 0 0 0 0 0

10 READY 0 0 0 0 0 0

================================================================

0->Clear Counters U->page up D->page down ESC->exit

slide22

기본적인 명령어들

Interface가 10M 인지 100M인지 또는 auto로 configuration 되어 있는지 확인

Summit48:5 # sh ports info

Information for port 1:

Port state: enabled

Link state: active

Port diagnostic: pass

Configured Duplex mode: auto Actual Duplex Mode: half

Configured speed: auto Actual Speed: 10

Link up 1 time(s)

Link down 1 time(s)

Media type: UTP

Has redundant port: no

Summit Link disabled

Extreme Discovery Protocol: enabled

Qos Monitor: disabled

Load sharing is not enabled

MAC Learning: enabled

VLAN information:

Default(untagged) Vlan Id: 1

slide23

기본적인 명령어들

Protocol: Vlan Default Priority: 0 type: EtherType value: ffff

Qos Profile: None configured

Queue to Qos Profile Mapping:

Q0: QP1

MinBw 0, MaxBw 100, Pri Low

Q1: QP2

MinBw 0, MaxBw 100, Pri Normal

Q2: QP3

MinBw 0, MaxBw 100, Pri Medium

Q3: QP4

MinBw 0, MaxBw 100, Pri High

만약 port의 상태를 바꾸고자 한다면 다음과 같은 방법을 사용하면 됨.

Summit48:21 # configure ports 4 auto off speed 100 duplex full

Summit48:22 # configure ports 4 auto off duplex fullspeed 100

위 2개의 명령어는4번 port를 강재적으로 100 full로 잡는 방법이다.

Summit48:23 # configure ports 4 auto on

4번 port를 auto로 잡는 방법임.

slide24

기본적인 명령어들

Port들의 사용율을 체크 할 때 사용. ( spacebar를 사용해 다른 정보들도 볼 수 있음.)

Summit48:6 # sh port utilization

Link Utilization Averages Tue Jan 16 11:47:08 2001

Port Link Receive Peak Rx Transmit Peak Transmit

Status packet/sec pkt/sec pkt/sec pkt/sec

================================================================

1 ACTIVE 2 7 0 5

2 READY 0 0 0 0

3 READY 0 0 0 0

4 READY 0 0 0 0

5 READY 0 0 0 0

6 READY 0 0 0 0

7 READY 0 0 0 0

8 READY 0 0 0 0

9 READY 0 0 0 0

10 READY 0 0 0 0

================================================================

spacebar->toggle screen U->page up D->page down ESC->exit

slide25

기본적인 명령어들

장비에 관한 대략적인 정보를 볼 수 있음.

Summit48:14 # sh switch

sysName: Summit48

sysLocation:

sysContact: support@extremenetworks.com, +1 888 257 3000

System MAC: 00:01:30:6f:cf:00

License: Full L3.

Qos Mode: Ingress

System Mode: 802.1Q EtherType is 8100. PACE disabled. Jumbo disabled.

Current time: Tue Jan 16 15:40:00 2001

Timezone: GMT Offset: 0 minutes, DST is not in effect.

Auto DST check: Enabled

Boot time: Mon Jan 15 16:24:33 2001

Next reboot: None scheduled

Timed upload: None scheduled

Temperature: 25C. All fans are operational. 장비의 온도는 0 – 40도를 유지

Power supply: Primary OK, RPS not present 하는 것 이 좋다.

slide26

기본적인 명령어들

Software image selected: primary

Software image booted: primary

Primary software version: 4.1.19b2

Secondary software version: 4.1.19b2

Configuration selected: primary

Configuration booted: primary

Primary configuration: 444520 bytes saved on Mon Jan 15 16:22:14 2001

Secondary configuration: Empty

slide27

기본적인 명령어들

장비가 사용하고 있는 Boot image와 image를 확인

Summit48:15 # sh ver

System ID: 800013-14-0037M02655

Board ID: 700015-11-0037M00694

Left Board ID: 700016-10-0036M00614

Right Board ID: --

Image : Extremeware Version 4.1.19 (Build 2) by Release_Master Wed 08/09/200

0 6:09p

BootROM : 1.9

Mirroring 방법

enable mirroring to <port>

Example: enable mirroring to port 3

config mirroring add/del ports vlan <vlan name> <hex octet>

disable mirroring

show mirroring

* Summit3:8 # sh mir

Mirror port: 3 is up

slide28

기본적인 명령어들

장비의 log를 확인하는 방법 (장비 이상 유무 확인)

Summit48:24 # sh log

01/16/2001 16:40.27 <INFO:SYST> Port 1 link down

01/16/2001 16:40.25 <INFO:SYST> serial admin: conf port 1 auto off speed 100 du

fu

01/16/2001 16:04.27 <INFO:SYST> User admin logged out from telnet (211.116.235.2

05)

01/16/2001 15:25.15 <INFO:USER> admin logged in through telnet (211.116.235.205)

01/16/2001 14:11.09 <INFO:SYST> User admin logged out from telnet (211.116.235.2

05)

01/16/2001 14:09.16 <INFO:USER> admin logged in through telnet (211.116.235.205)

01/16/2001 11:49.56 <INFO:SYST> serial admin: sh management

01/16/2001 11:43.36 <INFO:USER> admin logged in through console

장비에 시간을 세팅하는 방법(log 확인시 시간 표시)

Summit48:6 # configure time 1 / 17 / 2001 09 : 54 : 00

sharing trunking
Sharing (= trunking)
  • Sharing은 cisco의 fast ether channel과 foundrynetworks의 trunk와 동일한 의미이다.
  • 두개의 물리적 포트를 하나의 포트처럼 사용가능하게 하는 방법이다.
  • 100M 이상의 트래픽이 몰리는 구간에 두개의 port를 연결하고 그 포트를 sharing 하면 200M로 사용할 수 있다.
  • * Summit48:1 # enable sharing 45 grouping 45 – 46
  • Enable sharing <시작port> grouping <시작port> - <끝port>
  • Fast ethernet 4port 까지 가능 ( 800M)
spanning trees
Spanning Trees
  • Default switch configuration contains one STPD called “s0”
    • By default, spanning tree is disabled on s0
  • Once the STPD is created, one or more VLANs can be assigned to it
  • Spanning Trees have VLANs as members
    • VLANs are assigned to STPDs
    • All VLANs are automatically made members of “s0”
  • You cannot delete a VLAN from “s0”, however, you can add it to another STPD
stp configuration cli commands
STP Configuration CLI Commands
  • create/delete stpd
  • enable/disable stpd
  • enable/disable stpd port
  • config stpd add vlan
  • config stpd priority
  • config stpd port cost
  • config stpd port priority
  • config stpd hellotime
  • config stpd forwarddelay
  • config stpd maxage
  • unconfig stpd
  • show stpd
  • show stpd port
  • enable ignore-stp vlan <name>
cli command
CLI Command
  • create stpd <stpd_name>
  • delete stpd <stpd_name>
    • Creates an STPD. When created, an STPD has the following default parameters:
      • Bridge priority — 32,768
      • Hello time — 2 seconds
      • Forward delay — 15 seconds

enable stpd <stpd_name>

  • disable stpd <stpd_name>

The default setting is disabled

cli command1
CLI Command
  • enable stpd <stpd_name> port <portlist>
  • disable stpd <stpd_name> port <portlist>
  • The default setting is enabled
  • config stpd <stpd_name> add vlan <name>
  • config stpd <stpd_name> priority <value>
    • The range is 0 through 65,535.
    • The default setting is 32,768
cli command2
CLI Command
  • config stpd <stpd_name> port cost <value> <portlist>
      • For a 10Mbps port, the default cost is 100.
      • For a 100Mbps port, the default cost is 19.
      • For a 1000Mbps port, the default cost is 4.
  • config stpd <stpd_name> port priority <value> <portlist>
    • The range is 0 through 255.
    • The default setting is 128
cli command3
CLI Command
  • config stpd <stpd_name> hellotime <value>
  • The hellotime default setting is 2 seconds
  • config stpd <stpd_name> forwarddelay <value>
    • The range is 4 through 30.
    • The default setting is 15 seconds.
  • config stpd <stpd_name> maxage <value>
  • The default setting is 20 seconds.
  • unconfig stpd <stpd_name>
cli command show stpd
CLI Command - show stpd

show stpd {<stpd_name>}

Displays STP information for one or all STP domains.

Stpd: s0 Stp: ENABLED Number of Ports: 3

Ports: 16,17,22

Vlans: Default red blue

Bridge Priority: 32768

BridgeID: 80:00:00:e0:2b:03:eb:00

Designated root: 80:00:00:e0:2b:03:18:00

RootPathCost: 4

MaxAge: 20s HelloTime: 2s ForwardDelay: 15s

CfgBrMaxAge: 20s CfgBrHelloTime: 2s CfgBrForwardDelay: 15s

Topology Change Time: 35s Hold time: 1s

Topology Change Detected: FALSE Topology Change: TRUE

Number of Topology Changes: 0

Time Since Last Topology Change: 9s

}

If this matches, then this is the ROOT Bridge

cli command show stpd port
CLI Command - show stpd port

show stpd {<stpd_name>} port <portlist>

Displays the STP state of a port.

* Summit24:6 #show stpd s0port 1

Stpd: s0 Port: 1 PortId: 8001 Stp: ENABLED Path Cost: 100

Port State: FORWARDING Topology Change Ack: FALSE

Port Priority: 128

Designated Root: 00:00:00:00:00:00:00:00 Designated Cost: 0

Designated Bridge: 00:00:00:00:00:00:00:00 Designated Port Id: 0

Press <SPACE> to continue or <Q> to quit:

slb server load balancing
SLB (Server Load Balancing)

i칩이 들어간 모든 장비에서 지원한다.( submit1i, submit5i, submit7i, blackdiamond등)

Server Loadbalancing을 위해서는 다음과 같은 구성요소가 필요하다.

  • Node –실제 동작을 하는 real server를 말함
  • Pools – Node(real server)들을 하나의 Group으로 설정
  • VIP – Virtual IP (사용자가 접속하는 ip address)

위의 세가지 구성요소로 이루어 진다.

Server Load Balancing 동작 방식에 따라 다음과 같은 4가지 mode를 지원한다.

      • GO GO 가장 빠른속도의 방법이지만 서버들의 mac과 ip를 동일하게 해주어야함.
      • Transparent hardware로 처리 되므로 빠른 응답, 서버에 loopback설치 필요(권장)
      • Translational 일반적인 L4 switch가 동작되는것과 같음 cpu로 처리됨
      • Port Translational 가장 늦은 방법, port변환을 해야함
slb server load balancing1
SLB (Server Load Balancing)

Server Load Balancing Algorithms:

  • Round Robin : 순차적으로 한번씩 보냄
  • Ratio : 서버의 성능에 따라서 비율을 준다.
  • Priority
  • Least Connections : 보낸지 가장 오래된 서버로 보냄

Server Load Balancing 에서 주의점

- Server vlan과 client가 들어오는 vlan이 반드시 나누어져야 한다. Extreme에서는 L3 라우팅이 일어날 때 slb가 이루어 지므로 반드시 vlan이 분리되어야 한다.

- Vip는 server vlan이나 또는 client vlan 어느 쪽에 있어도 무방하다.

- Health check는 ping-check, L4-port check, service check중 하나를 선택한다.

slb server load balancing3
SLB (Server Load Balancing)

Server Load Balancing mode에서 transparent mode를 사용할 경우

- NT Server에서 loopback interface 설정 방법

NT서버에서 Loopback interface설정은 제어판 -> 새하드웨어 추가설치 -> 네트웍어뎁터 -> microsoft -> Loopback interface로 하면 된다.

Loopback interface는 하나만을 설정하고 그 이상의 추가 설치는 하지 않는다

부득이 추가할 경우에는 advanced tab을 이용하여 추가 한다.

- Linux & UNIX에서의 Loopback interface 설정

Ifconfig lo:0 <ipaddress> netmask <255.255.255.255> up

Make sure that it has the correct default route (netstat –rn) look for 0.0.0.0

If not, add one, Route add default gw <gateway ip>

Transparent Mode를 사용할 경우

반드시 Loopback interface address는 Extremenetwork장비의 Vip(virtual ip)로 설정해야 한다.

slb server load balancing4
SLB (Server Load Balancing)

Create slb pool <poolname> {slb-method [ round-robin | ratio| priority| least-connections]}

Poolname은 유일해야 하며 기억하기 쉬운 것으로 임의 설정을 한다.

SLB-method는 round-robin, ratio, priority, and lest-connections중 하나를 선택한다.

Show slb pool

Show slb pool detail

Show slb node

Enable slb node <ipaddress> ping-check

Enable slb node <ipaddress> port <port> port-check

config slb pool <poolname> add <ipaddress>:<L4Port> {ratio <ratio> |priority <priority>}

 SLB pool에다가 node를 추가시키는 명령어.

Create slb vip <vipname> pool <poolname> mode [transparent | translation | port-translation] <ipaddress> {- <upper_ipaddress>} {port <L4Port>}

Enable slb vip

Disable slb vip

Show slb vip detail

Show slb vip

slb server load balancing5

Public network

200.200.200.0/24

Private network

100.100.100.0/24

Client

100.100.100.2

Port http

100.100.100.3

Port http

3

2

1

100.100.100.4

Port ftp

100.100.100.5

Port ftp

인터넷

SLB (Server Load Balancing)
slb server load balancing6
SLB (Server Load Balancing)

Configuration guide

두개의 vlan으로 나눈다. ( public network과 private network으로 나눈다.)

Slb pool을 두개를 만든다 ( httppool, ftppool)

- httppool은 node로 100.100.100.2와 100.100.100.3을 갖는다.

- ftppool은 node로 100.100.100.4와 100.100.100.5를 갖는다.

Vip를 두개를 만든다. ( public network, private network에 각각 하나씩 만든다.)

- public network(200.200.200.1)에 만드는 경우는 vip는 public ip를 갖고 real server는 private network에 존재

- private network(100.100.100.6)에 만드는 경우는 nat를 해주는 장비(firewall등등)가 있는 경우

Transparent mode 로 설정하려면 real server에서 loopback address를 vip로 지정해 줘야만 한다.

slb server load balancing7
SLB (Server Load Balancing)

configuration

create vlan svlan

create vlan cvlan

conf svlan add port 1:1-1:10

conf cvlan add port 1:11-1:20

conf svlan ipadd 100.100.100.1/24

conf cvlan ipadd 200.200.200.2/24

enable ipforwarding (vlan을 생성하면 반드시 해주어야 한다.)

create slb pool httppoollb-method round

conf slb pool httppool add 100.100.100.2 : 80

conf slb pool httppool add 100.100.100.3 : 80

create slb pool ftppool lb-method least

conf slb pool ftppool add 100.100.100.4 : ftp

conf slb pool ftppool add 100.100.100.5 : ftp

create slb vip pubvip pool httppool mode translational 200.200.200.1 : http

create slb vip privip pool ftppool mode transparent 100.100.100.6 : ftp

enable slb

config vlan svlan slb-type server (svlan을 server vlan으로 선언)

config vlan cvlan slb-type client (cvlan을 client vlan으로 선언)

enable slb node all tcp-port-check (health check를 L4-port까지 check)

slb server load balancing8
SLB (Server Load Balancing)

PING-CHECK

Ping-check is Layer 3 based pinging of the physical node. The default ping frequency is

one ping generated to the node each 10 seconds. If the node does not respond to any

ping within a timeout period of 30 seconds (3 ping intervals), then the node is

considered down.

PING-CHECK COMMANDS

To enable ping-check, use this command:

enable slb node <ipaddress> ping-check

To disable ping-check, use this command:

disable slb node <ipaddress> ping-check

slb server load balancing9
SLB (Server Load Balancing)

TCP-PORT-CHECK

TCP-port-check is Layer 4 based TCP port open/close testing of the physical node. The

default frequency is 30 seconds and the default timeout is 90 seconds. Port-checking is

useful when a node passes ping-checks, but a required TCP service (for example, httpd)

has gone down. If the httpd daemon running on TCP port 80 crashed, that would cause

a layer 4 port-check on port 80 to fail, because no TCP socket could be opened to that

port. If this continues for the duration of the specified port-check timeout, the IP/port

combination is considered down.

TCP-PORT-CHECK COMMANDS

To enable tcp-port-check, use this command:

enable slb node <ipaddress>:<L4Port> tcp-port-check

To disable tcp-port-check, use this command:

disable slb node <ipaddress>:{<L4Port> | all} tcp-port-check

slb server load balancing10
SLB (Server Load Balancing)

SERVICE-CHECK

Service-check is Layer 7 based application-dependent checking defined on a VIP.

Service-checking is performed on each node in the pool with which this VIP is

associated. The default frequency is 60 seconds and the default timeout is 180 seconds.

Each service check has associated parameters that you can set. These parameters are

described in Table 1 7-3.

If the service-check parameters are not specified on an individual node or VIP, the

global default values for these parameters are used. The global service-check defaults

themselves are configurable, so if you use the same value in many cases, change the

global defaults accordingly.

In the case of HTTP service-checking, the URL of the Web page to be retrieved, such as

“/index.html”, can be specified. A match-string that is expected to be in the retrieved

Web page can be specified, such as “Welcome”. If the match-string is found in the first

1,000 bytes of the retrieved Web page, the service-check passes on the particular node. A

match-string specified as keyword any-content will match any retrieved text. However,

to distinguish valid data in the retrieved text from error text, specifying an actual string

to match is suggested.

For FTP, Telnet, and POP3 service-check attempts to log on and off the application on

the server using the specified userid and password.

slb server load balancing11
SLB (Server Load Balancing)

SERVICE-CHECK COMMANDS

To enable service-check, use this command:

enable slb vip [<vipname> | all] service-check

To disable service-check, use this command:

disable slb vip [<vipname> | all] service-check

Service-Check Parameters

Service Attribute Global Default Value

HTTP URL “/”

Match-string Any-content

FTP Userid “anonymous”

Password “anonymous”

Telnet Userid “anonymous”

Password “anonymous”

SMTP Dns-domain Same as the switch DNS domain. If

no DNS domain is configured for the

switch, the value is ““.

NNTP Newsgroup “ebusiness”

POP3 Userid “anonymous”

Password “anonymous”

flow redirection wcr
Flow-redirection (WCR)
  • WEB CACHE REDIRECTION (WCR)
  • Flow redirection은 source, destination, L4-port를 가지고 redirection할 수 있다.

IP source address and mask

IP destination address and mask

Layer 4 port

  • Cache server와 연동해서 TCS(transparent cache switching)을 지원
  • PBR(policy base routing)을 지원

source ip를 가지고 Destination router를 설정하는 기술

flow redirection wcr1
Flow-redirection (WCR)
  • create flow-redirection <flow_policy> [tcp |udp] destination

{<ipaddress/mask> | any]ip-port [<L4Port> | any] source[<ipaddress/mask> | any]

  • config flow-redirection <flow_policy> add next-hop <ipaddress>
  • config flow-redirection <flow_policy> delete next-hop <ipaddress>
  • delete flow-redirection <flow_policy>
  • show flow-redirection
  • config <flow-policy> service-check ping
  • config <flow -policy > service-check L4-port
  • config <flow -policy > service-check http url “/test.htm” match-string “pass”
flow redirection wcr2
Flow-redirection (WCR)

CLIENT VLAN

10.10.10.1/24

INTERNET VLAN

10.10.30.1/24

INTERNET

10.10.20.1/24

10.10.20.10/24 , 10.10.20.11/24

CACHE SERVER VLAN

flow redirection wcr3
Flow-redirection (WCR)

create vlan client

config vlan client add port 1

config vlan client ipaddress 10.10.10.1/24

create vlan cache

config vlan cache add port 2

config vlan cache ipaddress 10.10.20.1/24

create vlan internet

config vlan internet add port 3

config vlan internet ipaddress 10.10.30.1/24

enable ipforwarding

create flow-redirection wcr tcp destination any ip-port 80 source any

config flow-redirection wcr add next-hop 10.10.20.10 (CACHE SERVER ADDRESS)

config flow-redirection wcr add next-hop 10.10.20.11 (CACHE SERVER ADDRESS)

config flow-redirection wcr service-check L4-port

access list
Access-list
  • Access lists

packet filtering 기능

  • Access policy

장비 자체에 접속하는 것을 filtering

  • Routing access policies

routing 정보를 advertisement or recognition하는 것을 filtering

  • Route maps

Route maps are used to modify or filter routes redistributed into BGP.

slide55

Access-list

  • USING IP ACCESS LISTS
  • Extremenetwork에서 제공하는 access-list는 inbound로만 설정이 가능하다. 즉 어떤 packet이 들어오면 access-list 항목과 비교하여 일치되는 것이 있으면 적용이 된다.
  • ASIC으로 구성되어 CPU에 전혀 부하를 주지 않는다.
  • 동일 VLAN에서도 원하는 port에만 적용 가능하다.
  • Default로 all permit됨
  • ACCESS LIST적용시 PACKET이 들어올 때와 이에 대한 응답을 줄때 적용이 되는지 안되는지 잘 확인해야 한다.
  • Precedence값으로 ACCESS LIST 적용 순서를 바꿀 수 있다.
  • Create ACCESS LIST하면 바로 적용이 된다.
  • ACCESS LISTS 구성요소

• IP source address and mask

• IP destination address and mask

• TCP or UDP source port range

• TCP or UDP destination port range

• Physical source port

• Precedence number (optional)

access list1
Access-list

ACCESS LIST RULL COMMAND

IP LAVEL로 설정할 경우 (CISCO STANDARD ACCESS LIST)

create access-list <name> ip destination [<dst_ipaddress>/<dst_mask> | any] source

[<src_ipaddress>/<src_mask> | any] [permit<qosprofile> | deny] ports [<portlist> | any]{precedence <precedence_num>} {log}

create access-list denyall ip destination any source any deny ports any

TCP LAVEL로 설정할 경우 (CISCO EXTENDED ACCESS LIST)

create access-list <name> tcp destination[<dst_ipaddress>/<dst_mask> | any] ip-port

[<dst_port> | range <dst_port_min><dst_port_max> | any] source[<src_ipaddress>/<src_mask> | any] ip-port[<src_port> | range <src_port_min><src_port_max> | any] [permit <qosprofile> |permit-established | deny] ports [<portlist> |any] {precedence <precedence_num>} {log}

create access-list tcp1 tcp destination 10.10.20.100/32 ip any source

10.10.10.100/32 ip any permit qp1 ports any precedence 20

create access-list tcp2 tcp destination 10.10.10.100/32 ip any source

10.10.20.100/32 ip any permit qp1 ports any precedence 21

access list2
Access-list

create access-list <name> udp destination[<dst_ipaddress>/<dst_mask> | any] ip-port

[<dst_port> | range <dst_port_min><dst_port_max> | any] source[<src_ipaddress>/<src_mask> | any] ip-port[<src_port> | range <src_port_min><src_port_max> | any] [permit <qosprofile> |deny] ports [<portlist> | any] {precedence<precedence_num>} {log}

ICMP에 대한 ACCESS LIST 적용

create access-list icmp destination[<dest_ipaddress>/<mask> | any] source

[<src_ipaddress>/<source_mask> | any] type<icmp_type> code <icmp_code>

[permit |deny] {<portlist>} {log}

create access-list denyping icmp destination any source any type 8 code 0 deny ports any

delete access-list <name>

disable access-list <name> counter

enable access-list <name> counter

show access-list {<name> | ports <portlist>} Displays access-list information.

show access-list-fdb

show access-list-monitor

access list3

10.1.0.1/24

10.2.0.1/24

X

10.3.0.1/24

10.4.0.1/24

Access-list

X

X

Requirement:

1. Deny UDP port 23 traffic to 10.2.0.0/24

2. Deny TCP port 23 traffic to 10.2.0.0/24

3. Deny TCP port 23 traffic from 10.3.0.0/24

4. Permit traffic of 10.2.0.0/24 to QP3

X

access list4
Access-list

create access-list deny102_43 udp destination 10.2.0.0/24 ip-port 23 source any

ip-port any deny ports any precedence 10

create access-list deny102_23 tcp destination 10.2.0.0/24 ip-port 23 source any

ip-port any deny ports any precedence 20

create access-list deny103_23 tcp destination any ip-port 23 source 10.3.0.0/24

ip-port any deny ports any precedence 30

create access-list perm102d tcp destination 10.2.0.0/24 ip-port any source any

ip-port any permit qosprofile qp3 ports any precedence 40

create access-list permit102s tcp destination any ip-port any source 10.2.0.0/24

ip-port any permit qosprofile qp3 ports any precedence 45

access profile
Access profile 설정
  • 장비에 대한 보안을 위해 특정한 client만 접속을 허용하기 위해서 사용한다.

create access-profile <access-profile> type ipadress

conf access-profile <access-profile> mode [permit | deny | none]

conf access-profile <access-profile> add [<seq_number>] [permit | deny] [vlan <name> | ipaddress <ipaddress> <mask> {exact}]

enable telnet {access-profile [<access-profile> | none ]} {port <tcp-port-number>}

access profile1

10.1.0.10/24

10.1.0.1/24

10.2.0.1/24

X

X

X

X

10.3.0.1/24

10.4.0.1/24

Access profile 설정

Requirement:

1. Only PC (10.1.0.10) can telnet to the 10.1.0.1 i/f

access profile2
Access profile 설정

create access-profile perm_telnet type ipaddress

(access profile 생성)

conf access-profile perm_telnet add ipa 10.1.10.10/32

(access profile에 client ipaddress를 추가시킴)

conf access-profile perm_telnet mode permit

(access-profile의 mode를 permit or deny를 설정함)

enable telnet access-profile perm_telnet

(telnet service에 access-profile을 적용시킴)

Note: the access-profile can apply to snmp, web and ssh2.

slide63
OSPF

예제 구성

OSPF AREA 20.20.20.0

OSPF

Default G/W 

OSPF

OSPF

OSPF

 Default G/W

10.10.10.2

30.30.30.2

40.40.40.2

40.40.40.1

10.10.10.1

20.20.20.1

20.20.20.2

30.30.30.1

Static routing 정보 를 Alpine에 보내기 위해 redistiribute을 설정 해야 함.

slide64
OSPF

Alpine 설정 과정

* Alpine3804:2 # config default dele port all

* Alpine3804:3 # creat vlan vlan10

* Alpine3804:4 # creat vlan vlan20

* Alpine3804:5 # config vlan10 add port 1:1 - 1:10

* Alpine3804:6 # config vlan20 add port 1:11 - 1:20

* Alpine3804:7 # config vlan10 ipadd 10.10 .10.10.1/24

IP interface for VLAN vlan10 has been created.

IP address = 10.10.10.1, Netmask = 255.255.255.0.

* Alpine3804:8 # config vlan20 ipadd 20.20.20.1/24

IP interface for VLAN vlan20 has been created.

IP address = 20.20.20.1, Netmask = 255.255.255.0.

slide65
OSPF

* Alpine3804:9 # enable ipforward OSPF를 설정 하기 전에 꼭 실행

* Alpine3804:10 # enable ospf OSPF 프로토콜을 ENABLE 시킴

* Alpine3804:11 # creat ospf area 20.20.20.0 OSPF AREA 생성

* Alpine3804:12 # config ospf add vlanvlan10 area 20.20.20.0 VLAN에 OSPF를

* Alpine3804:13 # config ospf add vlan vlan20 area 20.20.20.0 구동 시킴

* Alpine3804:21 # sh vlan

Name VID Protocol Addr Flags Proto Super Ports

Default 0001 0.0.0.0 /BP -----f----- ANY 0/ 0

MacVlanDis 4095 ------------------ ----- ANY 0/ 0

Mgmt 4094 ------------------ ----- ANY 0/ 1

vlan10 4093 10.10.10.1 /24 -----f--o-- ANY 1/ 10

VLAN에 OSPF가 동작한다는 표시

vlan20 4092 20.20.20.1 /24 -----f--o-- ANY 1/ 10

slide66
OSPF

* Alpine3804:24 # sh ipr

OR Destination Gateway Mtr Flags Use M-Use VLAN Acct-1

*d 20.20.20.0/24 20.20.20.1 1 U------u- 25 0 vlan20 0

*d 10.10.10.0/24 10.10.10.1 1 U------u- 305 0 vlan10 0

*oa 30.30.30.0/24 20.20.20.2 10 UG-----um 8 0 vlan20 0

*d 127.0.0.1/8 127.0.0.1 0 U-H----um 0 0 Default 0

*o2 Default Route 20.20.20.2 1 UG-----um 68 0 vlan20 0

slide67
OSPF

* Alpine3804:22 # sh ospf areadetail

Area: 0.0.0.0 (0) Type: Normal

Router Id: 20.20.20.1

Spf Runs: 10 Num ABR: 0 Num ASBR: 0 Num LSA: 0 LSA Chksum:0x0

Interfaces:

IP addr Ospf State DR IP addr BDR IP addr

Inter-Area route Filter: None

External route Filter: None

Configured Address Ranges:

slide68
OSPF

Area: 20.20.20.0 (336860160) Type: Normal

Router Id: 20.20.20.1

Spf Runs: 10 Num ABR: 0 Num ASBR: 1 Num LSA: 3 LSA Chksum:0x1a13d

Interfaces:

IP addr Ospf State DR IP addr BDR IP addr

20.20.20.1 /24 E BDR 20.20.20.2 20.20.20.1

10.10.10.1 /24 E DR 10.10.10.1 0.0.0.0

Inter-Area route Filter: None

External route Filter: None

Configured Address Ranges:

slide69
OSPF

BLACKDIAMOND 설정 과정

* MSM64:3 # config default dele port all

* MSM64:4 # creat vlan vlan20

* MSM64:5 # creat vlan vlan30

* MSM64:6 # config vlan20 add port 2:1 1 - 2:10

* MSM64:7 # CO config vlan30 add port 2:11 - 2:20

* MSM64:8 # config vlan20 ipadd 20.20.20.2/24

IP interface for VLAN vlan20 has been created.

IP address = 20.20.20.2, Netmask = 255.255.255.0.

* MSM64:9 # configvlan vlan30 ipadd 30.30.30.1/24

IP interface for VLAN vlan30 has been created.

IP address = 30.30.30.1, Netmask = 255.255.255.0.

slide70
OSPF

* MSM64:10 # en ipf

* MSM64:11 # enable ospf

* MSM64:12 # creat ospf area 20.20.20.0

* MSM64:13 # config ospf add vlanvlan20 area 20.20.20.0

* MSM64:14 # config ospf add vlanvlan30 area 20.20.20.0

* MSM64:15 # config iproute add default 30.30.30.2 Summit 장비로 넘어가기 위한 라우팅

* MSM64:16 # enable ospf export static cost 1 type ase-type-1 static 정보를 동일 OSPF AREA

extreme의 redistributeor ase-type-2로 넘김

* MSM64:36 # sh vlan

Name VID Protocol Addr Flags Proto Super Ports

Default 0001 0.0.0.0 /BP -----f----- ANY 0/ 0

MacVlanDis 4095 ------------------ ----- ANY 0/ 0

Mgmt 4094 ------------------ ----- ANY 0/ 1

vlan20 4093 20.20.20.2 /24 -----f--o-- ANY 1/ 10

vlan30 4092 30.30.30.1 /24 -----f--o-- ANY 1/ 10

slide71
OSPF

* MSM64:51 # sh iproute

Destination Gateway Mtr Flags Use M-Use VLAN Origin

*20.20.20.0/24 20.20.20.2 1 U u 17 0 vlan20 Direct

*10.10.10.0/24 20.20.20.1 10 UG um 62 0 vlan20 OSPFIntra

*30.30.30.0/24 30.30.30.1 1 U u 17 0 vlan30 Direct

*127.0.0.1/8 127.0.0.1 0 U H um 0 0 Default Direct

*Default Route 30.30.30.2 1 UG S um 84 0 vlan30 Static

slide72
OSPF

* MSM64:37 # sh ospf area detail

Area: 0.0.0.0 (0) Type: Normal

Router Id: 30.30.30.1

Spf Runs: 7 Num ABR: 0 Num ASBR: 0 Num LSA: 0 LSA Chksum:0x0

Interfaces:

IP addr Ospf State DR IP addr BDR IP addr

Inter-Area route Filter: None

External route Filter: None

Configured Address Ranges:

slide73
OSPF

Area: 20.20.20.0 (336860160) Type: Normal

Router Id: 30.30.30.1

Spf Runs: 7 Num ABR: 0 Num ASBR: 0 Num LSA: 3 LSA Chksum:0x20c4d

Interfaces:

IP addr Ospf State DR IP addr BDR IP addr

30.30.30.1 /24 E DOWN 0.0.0.0 0.0.0.0

20.20.20.2 /24 E DR 20.20.20.2 20.20.20.1

Inter-Area route Filter: None

External route Filter: None

Configured Address Ranges:

slide74
OSPF

SUMMIT 48 설정 과정

* Summit48:2 # config default dele port all

* Summit48:3 # creat vlan vlan30

* Summit48:4 # creat vlan vlan40

* Summit48:5 # confgig vlan30 add port 1-10

* Summit48:6 # config vlan40 add port 11-20

* Summit48:7 # config vlan30 ipadd 30.30.30.2/24

IP interface for VLAN vlan30 has been created.

IP address = 30.30.30.2, Netmask = 255.255.255.0.

* Summit48:8 # config vlan40 ipadd 40.40.40.1/24

IP interface for VLAN vlan40 has been created.

IP address = 40.40.40.1, Netmask = 255.255.255.0.

* Summit48:9 # en ipforward

* Summit48:10 # config iproute add default 30.30.30.1 다른 네트웍으로 넘어가기 위한 라우팅

slide75
OSPF

Summit 장비는 sh vlan 하면 detail하게 나오기 때문에 ospf에 관한 정보를 못 봄.

* Summit48:22 # sh ipr

Destination Gateway Mtr Flags Use VLAN Origin

30.30.30.0/24 30.30.30.2 1 U 132 vlan30 Direct

40.40.40.0/24 40.40.40.1 1 U 198 vlan40 Direct

127.0.0.1/8 127.0.0.1 0 U H 0 Default Direct

Default Route 30.30.30.1 1 UG M 170 vlan30 Static