R+S
What is PTP used for?
The Precision Time Protocol (PTP) is a protocol used to synchronize clocks throughout a computer network. On a local area network, it achieves clock accuracy in the sub-microsecond range.
What is the difference between MACsec and IPsec?
IPsec works on IP packets, at layer 3, while MACsec operates at layer 2, on ethernet frames. Thus, MACsec can protect all DHCP and ARP traffic, which IPsec cannot secure. On the other hand, IPsec can work across routers, while MACsec is limited to a LAN
What Is EVPN?
Ethernet VPN (EVPN) is defined Layer 2 forwarding over VXLAN and Virtual Private LAN Service (VPLS) tunnels using Border Gateway Protocol (BGP) as a control plane. EVPN is a standards-based way to implement a fabric that is functionally similar to ACI. EVPN works on the Cisco Nexus 9300/9500 in NX/OS mode, but it has also been adopted on other Cisco platforms, as well as on switches from Arista, Juniper and others. Cisco’s Data Center Network Manager (DCNM) is optional software used to orchestrate and manage an EVPN fabric, similar to the role APIC plays with ACI.
Difference between IOS, IOS-XE & IOS-XR
IOS
The classical IOS runs all of the necessary modules in the same memory space. This means that if something happens to the routing engine or the LED indicator, it can cause the whole IOS kernel to crash if it runs out of memory.
IOS-XE
Here, kernel is run as the system daemon. Cisco took out system functions out of the main kernel and into separate processes. That means that if one of system functions has issues then it won’t take the core kernel with it. One of the other benefits of running the kernel as a system daemon is that you can now balance the workload of the processes across multiple processor cores.
IOS-XR
Much like IOS XE, IOS XR does away with the monolithic (अखंड) kernel and shared memory space of IOS Classic. XR segments the ancillary (अधीनस्थ) process in IOS into separate memory spaces to prevent system crashes from an errant bug.
XR is aimed at the larger service provider platforms like the ASR and CRS series of routers. You can see that in the way that XR can allow multiple routing protocol processes to be executed at the same time in different memory spaces. That’s a big key to the service provider.
Protocol Number
TCP: 6
UDP: 17
EIGRP: 88
OSPF: 89
BGP doesn't have protocol number it uses TCP port 179.
RIP uses UDP port 520
Administrative Distance
Administrative distance is locally significant only and can be modified with the "distance" command.
Router eigrp 1
distance eigrp 60 160
Directly Connected = 0
Static = 1
Eigrp Summary = 5
Eigrp = 90
Eigrp External = 170
BGP External = 20
BGP Internal = 200
OSPF = 110
IS IS = 115
RIP = 120
How to troubleshoot stack switch?
The majority of stack instability related reloads can be solved with a reseat of the stack hardware.
The command show switch stack-ports summary can be used to quickly identify which devices are unstable:
C9300-Stack#show switch stack-ports summary
Sw#/Port# Port Status Neighbor Cable Length Link OK Link Active Sync OK #Changes to LinkOK In Loopback
-------------------------------------------------------------------------------------------------------------------
1/1 OK 2 50cm Yes Yes Yes 1 No
1/2 OK 3 50cm Yes Yes Yes 6 No
2/1 OK 3 50cm Yes Yes Yes 8 No
2/2 OK 1 50cm Yes Yes Yes 6 No
3/1 OK 1 50cm Yes Yes Yes 6 No
3/2 OK 2 50cm Yes Yes Yes 1 No
Problem - Cannot Add/Replace Member to Stack
If a member does not join, this suggests either that prerequisite for Stack wise have not been met, or there is a problem with the connection between the new member and the rest of the stack.
Ensure prerequisites for Stack wise are met:
Software version for the new member must match that of the stack
License level must match
Operational mode (Install vs Bundle) must match
Stacks of mixed-PID switches are not supported (see data sheet for specific details)
How to upgrade stack switches?
Catalyst 3750 Software Upgrade in a Stack Configuration
Automatic upgrade through tar file
Step 1: Finding the Priority Value of a Catalyst 3750 Switch
3750#show switch detail
Current
Switch# Role Mac Address Priority State
--------------------------------------------------------
1 Slave 000c.30ae.4f00 9 Ready
*2 Master 000d.bd5c.1680 15 Ready
Step 2: Download required image from cisco site
Step 3: Copy the image (c3750-i5-tar.122-20.SE.tar) to the appropriate TFTP directory on the workstation.
Step 4: Check version of image installed
3750#show version
System image file is "flash:c3750-i5-mz.121-19.EA1d.bin"
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
1 28 WS-C3750G-24TS 12.1(19)EA1d C3750-I5-M
1 28 WS-C3750G-24TS 12.1(19) EA1d C3750-I5-M
Step 5: Verify free space
3750#dir flash:
Directory of flash:/
2 -rwx 1516 Mar 01 1993 00:01:28 vlan.dat
3 -rwx 4050902 Mar 01 1993 00:03:32 c3750-i5-mz.121-19.EA1d.bin
4 -rwx 4273 Mar 05 1993 19:22:44 config.text
84 -rwx 5 Mar 05 1993 19:22:44 private-config.text
15998976 bytes total (11940352 bytes free)
Step 6: Select appropriate command
3750#archive download-sw ?
/destination-system specify destination system to receive software
/force-reload Unconditionally reload system after successful sw
upgrade
/imageonly Load only the IOS image(s)
/leave-old-sw Leave old sw installed after successful sw upgrade
/no-set-boot Don't set BOOT -- leave existing boot config alone
/no-version-check skip version check that prevents incompatible image
install
/only-system-type specify individual system type to be updated
/overwrite OK to overwrite an existing image
/reload Reload system (if no unsaved config changes) after
successful sw upgrade
/safe Always load before deleting old version
flash1: Image file
flash2: Image file
flash: Image file
ftp: Image file
rcp: Image file
tftp: Image file
3750#archive download-sw /leave-old-sw tftp://11.11.11.11/
c3750-i5-tar.122-20.SE.tar
Loading c3750-i5-tar.122-20.SE.tar .from 11.11.11.11 (via GigabitEthernet1/0/4):
!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Installing (renaming): `flash1:update/c3750-i5-mz.122-20.SE' ->
`flash1:c3750-i5-mz.122-20.SE'
New software image installed in flash1:c3750-i5-mz.122-20.SE
Installing (renaming): `flash:update/c3750-i5-mz.122-20.SE' ->
`flash:c3750-i5-mz.122-20.SE'
New software image installed in flash:c3750-i5-mz.122-20.SE
All software images installed.
Step 7: The image copy is complete, and you are ready for the reboot. Before rebooting you need to verify that the current state of the switches is Ready.
show switch detail command.
Here is an example:
3750#show switch detail
Current
Switch# Role Mac Address Priority State
--------------------------------------------------------
1 Slave 000c.30ae.4f00 9 Ready
*2 Master 000d.bd5c.1680 15 Ready
Stack Port Status Neighbors
Switch# Port 1 Port 2 Port 1 Port 2
--------------------------------------------------------
1 Ok Ok 2 2
2 Ok Ok 1 1
Step 8: To verify that the new image is in flash for the stack members, issue the dir flash: command.
3750#dir flash:
Directory of flash:/
2 -rwx 1516 Mar 01 1993 00:01:28 vlan.dat
3 -rwx 4050902 Mar 01 1993 00:03:32 c3750-i5-mz.121-19.EA1d.bin
4 -rwx 4273 Mar 05 1993 19:22:44 config.text
6 drwx 192 Mar 05 1993 19:40:16 c3750-i5-mz.122-20.SE
84 -rwx 5 Mar 05 1993 19:22:44 private-config.text
! --- Notice the "d" in the permissions statement. The "d" indicates a directory.
15998976 bytes total (3491328 bytes free)
3750#dir flash1:
Directory of flash1:/
2 -rwx 4050902 Mar 01 1993 00:35:58 c3750-i5-mz.121-19.EA1d.bin
3 -rwx 1516 Mar 01 1993 00:01:33 vlan.dat
4 -rwx 4273 Mar 05 1993 19:22:44 config.text
5 -rwx 5 Mar 05 1993 19:22:44 private-config.text
7 drwx 192 Mar 05 1993 19:37:40 c3750-i5-mz.122-20.SE
15998976 bytes total (3491328 bytes free)
Step 9: Check boot sequence
The previous System image file was "flash:c3750-i5-mz.121-19.EA1d.bin"
3750#show boot
BOOT path-list : flash:c3750-i5-mz.122-20.SE/c3750-i5-mz.122-20.SE.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
Step 10: Reboot
--------------------------------------------
3750 Series Switch Stack IOS Upgrade - Manual (.tar image)
The three major steps in this method are:
Step 1: Copy the .tar image from the TFTP server to the master switch.
The master switch should have twice the amount of space of the .tar image file size. This space is needed to store the .tar file as well as to store the content of the .tar file that you extract in next step.
3750-stack#copy tftp: flash:
Address or name of remote host []? 10.10.10.10
Source filename []? c3750-advipservicesk9-tar.122-25.SEE1.tar
Destination filename [c3750-advipservicesk9-tar.122-25.SEE1.tar]?
Accessing tftp://10.10.10.10/c3750-advipservicesk9-tar.122-25.SEE1.tar...
Loading c3750-advipservicesk9-tar.122-25.SEE1.tar from 10.10.10.10 (via Vlan10
): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Step 2: Extract the .tar image into all the Flash file systems of the switches.
3750-stack#archive tar /xtract <tar file name> <Dir to extract files>
3750-stack#archive tar /xtract c3750-advipservicesk9-tar.122-25.SEE1.tar
flash1:
750-stack#archive tar /xtract c3750-advipservicesk9-tar.122-25.SEE1.tar
flash2:
Step 3: Configure the boot variable.
The boot system switch all command is used to change the boot variable.
3750-stack(config)#boot system switch all flash:/c3750-
advipservicesk9-mz.122-25.SEE1/c3750-advipservicesk9-mz.122-25.SEE1.bin
3750-stack(config)#exit
3750-stack#write memory
Step 4 - Reload and Verify
Reload the switch and verify that the switch runs the new Cisco IOS software release after the reload:
3750 Series Switch Stack IOS Upgrade - Manual (.bin Image)
Note: The commands archive download-sw and archive upload-sw are applicable only for .tar image files and do not apply to .bin image files.
Step-by-Step Instructions
Step 1 - Download the .bin Image
Step 2 - Verify the Available Memory
You can verify the available memory in the Flash file system of both switches individually as this example output shows:
Switch#dir flash1:
Directory of flash1:/ flash2:
32514048 bytes total (12754944 bytes free)
Step 3 - Copy the Images to the Flash File System
Copy the .bin image from the TFTP server to the Flash file system of both switches.
Switch#copy tftp: flash1:/ flash2:
Address or name of remote host [172.22.1.165]?
Source filename [c3750-advipservicesk9-mz.122-25.SEE2]? c3750-advipservicesk9-
.122-25.SEE2.bin
Destination filename [c3750-advipservicesk9-mz.122-25.SEE2.bin]?
Accessing tftp://172.22.1.165/c3750-advipservicesk9-mz.122-25.SEE2.bin...
Loading c3750-advipservicesk9-mz.122-25.SEE2.bin from 172.22.1.165 (via Vlan1)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Step 4 - Configure the Boot Variable
Configure the boot variable to boot the switch with the newly copied IOS:
Switch(config)#boot system switch all flash:/
c3750-advipservicesk9-mz.122-25.SEE2.bin
Switch(config)#exit
Switch#write memory
Step 5 - Verify Before the Reload
Verify the boot variable:
Switch#show boot
BOOT path-list : flash:/c3750-advipservicesk9-mz.122-25.SEE2.bin
! --- Master switch.
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Auto upgrade : yes
-------------------
Switch 1
!--- Member switch.
-------------------
BOOT path-list : flash:/c3750-advipservicesk9-mz.122-25.SEE2.bin
Config file : flash:/config.text
Private Config file : flash:/private-config.text
Enable Break : no
Manual Boot : no
HELPER path-list :
Verify that the new IOS file is present in the Flash:
Switch#dir flash1:
Directory of flash1:/
2 -rwx 24 Mar 3 1993 22:02:44 +00:00 private-config.text
3 -rwx 623744 Jan 1 1970 00:12:28 +00:00 stardust0923
4 -rwx 796 Mar 1 1993 00:02:48 +00:00 vlan.dat
5 -rwx 623744 Jan 1 1970 00:32:09 +00:00 diag
6 -rwx 8169055 Mar 1 1993 00:43:34 +00:00 c3750-advipservicesk9-mz.1
22-25.SEE1.bin
7 -rwx 8172194 Mar 3 1993 22:31:35 +00:00 c3750-advipservicesk9-mz.1
22-25.SEE2.bin
8 -rwx 10192 Mar 3 1993 22:02:44 +00:00 config.text
462 -rwx 114 Mar 1 1993 00:32:19 +00:00 info
367 drwx 192 Mar 1 1993 00:32:19 +00:00 c3750-advipservicesk9-mz.1
22-25.SEE1
32514048 bytes total (4582400 bytes free)
Step 6 - Reload and Verify
How to configure VSS for Cat6880 switches?
The Virtual Switching System (VSS) allows two Cisco Catalyst 6500 or 4500 chassis to bond together so that is seen as a single virtual switch to the rest of the network.
NSF (Non-Stop Forwarding) / SSO (Stateful Switchover) ensures that when single chassis fails the other one will take over without any downtime since the routing table / CEF table etc. are stored in both chassis’ supervisors.
Another cool feature is EFSU (Enhanced Fast Software Upgrade) which allows you to upgrade the IOS version without any downtime.
Verification
SW1-VSS#show module
Mod Ports Card Type Model Serial No.
--- ----- -----------------------------------------------------------------------
1 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL11111111
2 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL11111111
3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL11111111
If Both switches have the VS-SUP2T-10G supervisor that we will use for VSS.
Configure a virtual switch domain on both switches and configure one switch as “switch 1” and the other one as “switch 2”.
Configuring the virtual switch domain is nothing more but grouping the two switches using an ID. This ID can be a value between 1 and 255 and has to be the same on both switches.
SW1-VSS(config)#switch virtual domain 1
Domain ID 1 config will take effect only
after the exec command 'switch convert mode virtual' is issued
SW1-VSS(config-vs-domain)#switch 1
SW2-VSS(config)#switch virtual domain 1
Domain ID 1 config will take effect only
after the exec command 'switch convert mode virtual' is issued
SW2-VSS(config-vs-domain)#switch 2
assign a priority to determine what switch will become active or standby.
SW1-VSS(config-vs-domain)#switch 1 priority 110
SW1-VSS(config-vs-domain)#switch 2 priority 100
SW2-VSS(config-vs-domain)#switch 1 priority 110
SW2-VSS(config-vs-domain)#switch 2 priority 100
Configure the virtual switch links.
The virtual switch link is used to exchange configuration and stateful information between the two physical switches.
You can use a single physical interface for VSL or create an etherchannel for redundancy.
SW1-VSS(config)#interface port-channel 1
SW1-VSS(config-if)#no shutdown
SW1-VSS(config-if)#switch virtual link 1 --> command to tell the switch that the etherchannel is a VSL
SW1-VSS(config-if)#exit
SW1-VSS(config)#int range ten 1/4 - 5
SW1-VSS(config-if-range)#channel-group 1 mode on
SW1-VSS(config-if-range)#no shut
SW2-VSS(config)#interface port-channel 2
SW2-VSS(config-if)#no shutdown
SW2-VSS(config-if)#switch virtual link 2 --> command to tell the switch that the etherchannel is a VSL
SW2-VSS(config-if)#exit
SW2-VSS(config)#int range ten 1/4 - 5
SW2-VSS(config-if-range)#channel-group 2 mode on
SW2-VSS(config-if-range)#no shutdown
Execute the conversion command which will reboot the switches.
Once we do this the switches will reload and 3 things will happen:
The configurations of both switches will be merged into a single configuration.
The interface numbers will be renumbered from slot/port to switch-number/slot/port.
Negotiation to determine which switch is active or standby.
SW1-VSS#switch convert mode virtual
This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
NOTE: Make sure to configure one or more dual-active detection methods
once the conversion is complete and the switches have come up in VSS mode.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...
SW2-VSS#switch convert mode virtual
This command will convert all interface names
to naming convention "interface-type switch-number/slot/port",
save the running config to startup-config and
reload the switch.
NOTE: Make sure to configure one or more dual-active detection methods
once the conversion is complete and the switches have come up in VSS mode.
Do you want to proceed? [yes/no]: yes
Converting interface names
Building configuration...
The switches will now reboot and you will see this on the console:
SW1-VSS#
System detected Virtual Switch configuration...
Interface TenGigabitEthernet 1/1/4 is member of PortChannel 1
Interface TenGigabitEthernet 1/1/5 is member of PortChannel 1
SW2-VSS#
System detected Virtual Switch configuration...
Interface TenGigabitEthernet 2/1/4 is member of PortChannel 2
Interface TenGigabitEthernet 2/1/5 is member of PortChannel 2
What is a SUP Engine?
The supervisor module is the module that is the brains behind the whole switching operations. It's usually found in chassis-based switches, such as the 4500 and 6500 series, it handles everything, including routing and switching.
How to upgrade Cat6880 switches with two SUP engines?
Step 1 : Upload new image to the device via TFTP, FTP or SCP. You need to upload new image to both bookdisk: and slavebootdisk:
copy ftp:// admin:password@10.10.10.10/c6880x-adventerprisek9-mz.SPA.151-2.SY7.bin bootdisk:
copy ftp:// admin:password@10.10.10.10/c6880x-adventerprisek9-mz.SPA.151-2.SY7.bin slavebootdisk:
Step 2 : Verify if you have this new image on both chassis:
C-6880X#dir bootdisk:
Directory of bootdisk:/
1 -rw- 33554432 Aug 18 2015 00:11:24 +02:00 sea_console.dat
2 -rw- 102771080 Aug 18 2015 00:16:36 +02:00 c6880x-adventerprisek9-mz.SPA.151-2.SY4a.bin
3 -rw- 33554432 Aug 18 2015 00:12:02 +02:00 sea_log.dat
4 -rw- 8577 Oct 13 2015 11:14:10 +02:00 startup-config.converted_vs
5 -rw- 102843784 Aug 24 2016 13:36:12 +02:00 c6880x-adventerprisek9-mz.SPA.151-2.SY7.bin
1928724480 bytes total (1655980032 bytes free)
C21-03-MER-11-C-6880X#dir slavebootdisk:
Directory of slavebootdisk:/
1 -rw- 33554432 Aug 17 2015 16:46:40 +02:00 sea_console.dat
2 -rw- 102771080 Aug 17 2015 16:51:24 +02:00 c6880x-adventerprisek9-mz.SPA.151-2.SY4a.bin
3 -rw- 33554432 Aug 17 2015 16:47:18 +02:00 sea_log.dat
4 -rw- 8577 Oct 13 2015 11:14:40 +02:00 startup-config.converted_vs
5 -rw- 102843784 Aug 24 2016 13:30:02 +02:00 c6880x-adventerprisek9-mz.SPA.151-2.SY7.bin
1928724480 bytes total (1655980032 bytes free)
Step 3 : verify the VSS pair is ready for the ISSU upgrade:
Router# show issu state detail
Slot = 1/3
RP State = Active
ISSU State = Init
Boot Variable = bootdisk:s72033-oldversion.v1,12;
Operating Mode = sso
Primary Version = N/A
Secondary Version = N/A
Current Version = bootdisk:s72033-oldversion.v1
Variable Store = PrstVbl
Slot = 2/3
RP State = Standby
ISSU State = Init
Boot Variable = bootdisk:s72033-oldversion.v1,12;
Operating Mode = sso
Primary Version = N/A
Secondary Version = N/A
Current Version = bootdisk:s72033-oldversion.v1
Router# show redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Secondary
Unit ID = 18
Redundancy Mode (Operational) = sso
Redundancy Mode (Configured) = sso
Redundancy State = sso
Maintenance Mode = Disabled
Communications = Up
client count = 132
client_notification_TMR = 30000 milliseconds
keep_alive TMR = 9000 milliseconds
keep_alive count = 0
keep_alive threshold = 18
RF debug mask = 0x0
Step 4 : load the new image onto the standby chassis. This will load the new code on the standby and reload the chassis
outer# issu loadversion bootdisk:s72033-newversion.v2
Step 5 : force a switchover to the standby chassis that is running the new code and being upgrading the remaining chassis
Router# issu runversion
Once the chassis has rebooted we will once again want to verify the ISSU state and redundancy state:
Router# show issu state detail
Slot = 2/3
RP State = Active
ISSU State = Run Version
Boot Variable = bootdisk:s72033-newversion.v2,12;bootdisk:s72033-oldversion.v1,12
Operating Mode = sso
Primary Version = bootdisk:s72033-newversion.v2
Secondary Version = bootdisk:s72033-oldversion.v1
Current Version = bootdisk:s72033-newversion.v2
Variable Store = PrstVbl
Slot = 1/3
RP State = Standby
ISSU State = Run Version
Boot Variable = bootdisk:s72033-oldversion.v1,12
Operating Mode = sso
Primary Version = bootdisk:s72033-newversion.v2
Secondary Version = bootdisk:s72033-oldversion.v1
Current Version = bootdisk:s72033-oldversion.v1
Step 6 : You will now want to commit the new version to reload the standby chassis and have it run the new image:
Router# issu commitversion
Once this has been completed your entire VSS pair will be upgraded
What is dhcp snooping?
DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature determines whether traffic sources are trusted or untrusted. To prevent such attacks, the DHCP snooping feature filters messages from untrusted sources.
What is VTP V2 and V3 difference?
V1 and V2 versions are alike except that V2 supports token ring VLANs
V3 supports extended VLANs (1006 to 4094). Whereas V1 and V2 can broadcast only VLANs 1 to 1005.
Difference between STP and RSTP?
STP, which has five switchport states, RSTP has only three: discarding, learning, and forwarding.
BGP attributes to influence incoming traffic?
MED, AS-PATH, longest prefix-match & BGP communities.
BGP attributes to influence outgoing Routes?
What are BGP communities and how to make use of them?
A BGP community is an optional, transitive BGP attribute that is recognized and passed to other BGP peers. You might see a BGP community as a tag attached to the BGP routes exchanged between two BGP peers.
Here are the 4 well known BGP communities:
Internet: advertise the prefix to all BGP neighbors.
No-Advertise: don’t advertise the prefix to any BGP neighbors.
No-Export: don’t advertise the prefix to any eBGP neighbors.
Local-AS: don’t advertise the prefix outside of the sub-AS (this one is used for BGP confederations.
How to configure HSRP?
HSRP is first-hop redundancy protocol which provides redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop router failures.
HSRP Configuration:
1) Decide a virtual address (standby ip address) to use for the HSRP address. This address must be in the same subnet that is assigned to the LAN interface where you want to run HSRP. Each router in the standby group must define with the same virtual IP address.
2) Decide which router is to be the primary router. This can be accomplished with the standby [group-number] priority [priority] commands.
Priority range is from 1 to 255 (default value is 100), where 1 denotes the lowest priority and 255 denotes the highest priority. The router in the HSRP group with the highest priority value becomes the active router.
Optional Configuration
3) Enable preemption: If you want higher priority router to take always active role, after failover, whenever available.
4) Enable Tracking: When HSRP tracks an interface (say connected with ISP) and the state of a tracked interface changes down, the primary router decreases its priority so that its priority becomes less than its standby peer. The standby router reads this value and will take over an active role.
By default, it decreases its priority by 10.
5) HSRP Authentication: It ensures that only authorized routers can become part of the HSRP group & supports both plain text & md5 authentication.
6) HSRP timers: configure the time between hello packets and the time before other routers declare the active Hot Standby or standby router to be down. The default hello interval is 3 seconds and hold time is 10 seconds.
How does ABR convert LSA7 to LSA5?
What is the difference between static and default route? and how router decides which to use?
Describe Nexus Upgrade Procedure.
F5
What is the Application Visibility and Reporting (AVR) module?
1) It provides detailed charts and graphs to give you more insight into the performance of web applications.
2) It provides detailed views on HTTP and TCP stats.
3) It provides information about system performance (CPU, memory, etc.).
4) It helps us to gain a better understanding of where the traffic is originating from (client IP addresses / subnets.
5) The nature and volume of request and response traffic (Total Transactions as well as Average and Max Transactions/sec).
6) Server Latency and Page Load times.
7) Virtual Server and Pool member performance.
Steps :
1) Go to LTM --> Profiles --> Analytics --> HTTP Analytics
2) Click Create
3) Click the Custom checkbox in the top-right
4) Type in Custom_HTTP_Analytics for the Profile Name
5) Under the Associated Virtual Servers section, click Add, and then select all listed Virtual Servers. This will add this profile to all the virtual servers simultaneously without having to individually modify each virtual server.
6) Under the Statistics Gathering Configuration, checkmark the following options:
Max TPS and Throughput
URLs
Countries
Client IP Addresses
Client Subnets
Response Codes
User Agents
Methods
OS and Browsers
Viewing the Analytics data
Once we have had some traffic received by the application Virtual Servers and processed by the Analytics profile, we can now go in to view and analyze this data.
In the BIG-IP GUI, go to Statistics >> Analytics >> HTTP >> Overview
This page shows you details about the traffic received by every Virtual Servers that had the HTTP Analytics profile attached.
You can filter and update the graphs, by selecting one or more Virtual Servers from the filters on the right. Selecting one or more Virtual Servers will update the graphs to show data only for the selected Virtual Servers. You can also choose from other filter options, like Pool Members, URLs, Client IP Addresses, etc. Feel free to explore the various graphs and filter options on your own.
You can also go to the the Statistics >> Analytics >> HTTP >> Custom Page, and customize the various widgets shown.
4. You can move the widgets around and re-arrange the page by simply dragging-and-dropping the widgets from the top-left corner of each widget. add more widgets on the page by clicking the Add Widget button at the bottom of the page.
5. Once you have updated the page to show you the data you want, you can create a report by clicking the Export button at the top-right of the page.
What is RAM cache in F5?
A RAM cache is a cache of HTTP objects stored in the BIG-IP systems random-access memory (RAM) that subsequent connections can reuse to reduce the amount of load on the backend servers.
You can use the RAM Cache feature to reduce traffic load to back-end servers. This feature is most useful under the following conditions:
High-demand objects - The Ram Cache feature is useful if a site has periods of high demand for specific content. When you configure RAM cache, the content server only has to serve the content to the BIG-IP system once per expiration period.
Static content - The RAM Cache feature is useful if a site consists of a large quantity of static content such as CSS files, JavaScript files, or images and logos.
Content compression - For compressible data, the RAM cache feature can store data for clients that can accept compressed data. When used in conjunction with the compression feature on the BIG-IP system, the RAM cache takes stress off of the BIG-IP system and the content servers.
To configure the cache feature, you can enable RAM Cache in the HTTP profile.
What is TMM in f5?
The Traffic Management Microkernel (TMM) processes all load-balanced traffic on the BIG-IP system. TMM runs as a real-time user process within the BIG-IP operating system (TMOS). CPU and memory resources are explicitly provisioned in the BIG-IP configuration.
CPU usage on single CPU, single core systems
CPU resources are explicitly provisioned in the BIG-IP configuration. When TMM is idle or processing low volumes of traffic, TMM yields idle cycles to other processes.
CPU usage on multi-CPU/multi-core/multi-threaded systems
Even-numbered logical cores (hyper threads) are allocated to TMM, while odd-numbered cores are available for other processes.
ACI
What is CIMC?
Cisco Integrated Management Controller (CIMC) is the remote out-of-band management solution (IPMI) provided with Cisco servers.
It is a separate management module built into the motherboard of the E-Series Server or NCE. A dedicated ARM-based processor, separate from the main server CPU, runs the CIMC firmware.
What is vxlan , overlay and underlay in ACI?
VXLAN or Virtual eXtensible Local Area Network is a tunneling protocol that carries layer 2 packets over a layer 3 network, that is ethernet over IP.
In terms of VXLAN, the underlay is the Layer 3 (L3) IP network that routes VXLAN packets as normal IP traffic. The overlay refers to the virtual Ethernet segment created by this forwarding.
Difference between vlan and vxlan ?
VLAN you can create only 4094 networks over ethernet, while with VXLAN, you can create up to 16 million.
VLAN uses the tree spanning protocol, which means half the ports are blocked for use while you can use all the ports in the case of VXLAN, further improving efficiency.
Comments