Posts tagged distribution
BCMSN Notes – EtherChannel Distribution
Jun 23rd
EtherChannel lets you aggregate links into one logical connection, but the distribution of traffic is not uniform. It does not use per-packet load-balancing or the like to determine what interface in the bundle to use. Instead, it uses a XOR function on packet information to generate a hash that is used to determine what interface to use.
By default, the switch will use both the source and destination IP addresses to generate the hash, but there are lots of others.
- src-ip: Just the source IP
- dst-ip: Just the destination IP
- src-dst-ip: Both the source and destination IPs
- src-mac: Just the source MAC
- dst-mac: Just the destination MAC
- src-dst-mac: The source and destination MACs
- src-port: Just the source TCP/UDP port
- dst-port: Just the destination TCP/UPD port
- src-dst-port: The source and destination TCP/UDP ports
You change the method by giving the port-channel load-balance method directive in global config mode. Notice that this is a system command, so any change affects all channel groups.
To generate the hash, the switch takes the binary representation of the address(es) and does a XOR (that is, are they different? yes/no) on the last few bits of each to get a value. If you have 8 interfaces, it uses the last 3 bits (2^3 = 8). If you have 4 interfaces, it uses 2 bits. Two interfaces means a single bit.
What we wind up with is an index of the interface to use. If you do a show etherchannel detail on your switch, you’ll see each interface is assigned an index that starts with 0.
Let’s go through an example. You have a switch that has F0/1(index 0) and F0/2 (index 1) in Po10. You also have left the load-balancing method to the default of src-dst-ip. The switch needs to forward a packet that is sourced from 10.0.0.1 and destined to 10.0.0.2 over Po10. Let’s step through it.
10.0.0.1 = 00001010 00000000 00000000 00000001
10.0.0.2 = 00001010 00000000 00000000 00000010
Since we have two interfaces in the channel group, we look at the last bit of each address and XOR them to get an index of 1 (1 XOR 0 = 1). That’s F0/2, so that interface will be used to send the frame over.
If we add f0/3 and f0/4 to the channel group, we would calculate a XOR on the last 2 bits of each address, which would give us 11, which is 3 in binary. The interface with an index of 3 (probably f0/4) would get the traffic.
What if I’m switching IPX packets? Any non-IP packet will default to using the MAC address. Can someone answer exactly what method it will be used?
What if we then add f0/5? That’s a good question, but I’m not exactly sure how the switch handles a number of interfaces not a power of 2. Can someone help on this, too?
Send any obvious corrections and questions my way.
The Cisco Network Hierarchical Model
Feb 6th
I got my CCNP certification library the other day to finally get myself another cert, so I’ve been doing some reading of late. The thing I hate about certs is that, even if you have all the experience in the world, there’s always a whole mess of academic stuff that no one really knows or cares about. One of those things is the Cisco Network Hierarchical Model. This model is purely academic and comes with the caveat that you may or may not want to need to use this model in your situation. In other words, here’s what we recommend, but do what you want to make your network run properly.
This model tells us to configure our network in three layers — the access, distribution, and core layers.
- The access layer is where hosts are connected to the network. This includes your closet switches for your users and any other switches where your servers connect up. This layer is OSI layer-2 only and includes physical segments and VLANs. When I think of this layer, I immediately think of a Catalyst 2950 or 3550.
- The distribution layer aggregates the access layers into a central layer-3 device (a router or L3 switch) for distribution between access devices or up to the core. This is where you lock down access with ACLs. When I think of the distribution layer, I think of a 3750 or 4500.
- The core layer combines your distribution layers at layers 3 and 4 and simply ships data from distribution layer to distribution layer. There’s no access control so that everything is as speedy as possibly. I think of 6500s or 7600 at this layer.
Did you notice that this seems to be LAN-based? You’re not imagining things. This model is for deploying a campus network where every host is in the same building or very close, so Ethernet dominates connectivity. You could apply other technologies, such as OC3s or DS0s on the core, I imagine, but there’s no mention of WANs at all in the model description.
Speaking of WANs, where’s my Internet access? Where’s my HTTP server farm? Where’s my firewall? Where’s my management system? Those questions are left answered in this model. This is where the caveat comes into play. You have to be able to place those devices in the network in the most efficient and effective place. Your Internet access will probably be in the core. The server farms, by definition, are just hosts, so you would create another access layer for those. Since you need to firewall those servers off, you’ll put their access layer under their own distribution layer with the firewall at the top for access control. Management is just another access layer, but the distribution layer where that lives isn’t quite as clear.
Like I said, it’s an academic model, so there’s no definitive answers for anything, but it has a lot of information in there that you may or may not have considered.
