Introduction to Fabric Path

What is Fabric Path ?

        Cisco Fabric Path is an innovation in Cisco NX-OS software that brings the stability and performance of Layer 3 routing to Layer 2 switched networks to build a highly resilient and scalable Layer 2 fabric. Cisco FabricPath is a foundation for building massively scalable and flexible data centers.. Thus it is a layer 2 routing protocol also sometimes called MAC in MAC Routing.

This is an alternative to running STP. Thus if there is a layer 2 failure due to link cut or layer 2 crash, the entire spanning tree does not need to re-converge which is a feature of STP thus increasing the availabilty of the system. In addition to that, there are no redundant paths as in STP which gives higher bandwidth between the switches by implementing equal cost paths among the links.

How does it work ?

        Cisco Fabric  Path introduces entirely new Layer 2 data plane by encapsulating the frames entering the fabric with a header that consists of routable source and destination addresses. These addresses are called Switch IDs. These addresses are the address of switch in which the frame was received and the address of the destination switch to which the frame is heading. From there the frame is routed until it reaches the remote switch where it is decapsulated and delivered in its original Ethernet format. The figure below shows this simple process.

Fabric Path Terminologies:

Classical Ethernet (CE): It is the regular ethernet with regular flooding and regular STP etc.

The classical ethernet domain has been marked with green border in the figure above.

Leaf Switches : These switches connect CE(Classical Ethernet) domain to FP(Fabric Path) domain.

The switches in the middle of the picture are the leaf switches which are implemented using nexus 5k devices, more precisely nexus 5500 and 7000 F1 and F2 line card modules as nexus 5000 does not support fabric path because fabric path is implemented in hardware.

Spine Swtiches: These switches FP backbone switch with all ports in the FP domain only. The switches on the top of the picture are the spine switches which are implemented using nexus 7k devices.

FP Core Ports: Links the leaf up to spine or between spine switches. The ports in nexus switches are by default in classical ethernet mode ie access mode. Ports within the red border in above picture.To configure it for fabric path the following command should be used.

N7K-1#conf t

N7K-1(config)#int ethernet 1/1

N7K-1(config-if)#switchport mode fabricpath

CE Edge Ports: These ports link the leaf switches connecting to regular classical ethernet domain.

Ports within the green border in above picture.

Fabric Path Switch ID:

           This is analogous to OSPF router id or IS-IS NET id. This identifies the node in IS-IS SPT(Shortest path tree).  This id is automatically generated by default. It can also be assigned manually using the following command in global config mode.

N7K-1#conf t

N7K-1(config)#fabricpath switch-id

Fabric Path Control Plane:

FabricPath IS-IS replaces STP as the control-plane protocol within the FabricPath domain. In other words, FabricPath IS-IS determines the forwarding topology STP(Shortest path tree) instead of STP(Spanning Tree Protocol).    

IS-IS is an industry standard link-state routing protocol. The FabricPath IS-IS implementation is implemented as a single-level IS-IS domain and extended through the definition of FabricPath-specific Type-Length-Value (TLV) fields.

Several characteristics of IS-IS make it ideally suited for use as a Layer 2 forwarding protocol:

●   Has no IP dependency - IS-IS does not require IP reachability in order to form adjacency between devices. While the majority of modern networks do provide IP connectivity for network infrastructure, using IS-IS ensures that no strict requirement for in-band IP connectivity among switches exists.It does not use IP to carry routing information messages. IS-IS is neutral regarding the type of network addresses for which it can route.

●   Easily extensible - Using custom TLVs, IS-IS devices can exchange information about virtually anything. In the case of Layer 3 IS-IS, routers exchange IP prefix reachability. In the case of FabricPath, switches exchange Switch ID reachability.

●   Provides SPF routing - SPF routing protocols have been proven to be scalable, flexible, and fast to converge. In addition, IS-IS supports equal-cost multipath (ECMP) forwarding, allowing data-plane packets to follow any available parallel path rather than restricting forwarding to a single path.

While IS-IS forms the basis of FabricPath, enabling FabricPath in your network requires no specific knowledge of IS-IS - the configuration is plug-and-play. Much as a network operator simply “turns on” STP and interconnects switches, you can enable FabricPath on interfaces and begin forwarding through the FabricPath fabric with minimal configuration.    

Custom topologies in Mininet : With and without the mn script

There are two ways to run custom mininet topologies.

Without the mn script:

One is without the mn script in the command line. In this case, we simply run the file just as we run a python file. If the custom topology is in a file named mytopo.py, the file should be run as follows.

mininet@mininet-vm:~$ sudo python mytopo.py

With the mn script:

 In this case, the topology named should be given the command line.

For eg.: If there is a custom topology in a python file named 'mytopo.py', there should be a line like below in the file.

topos = { 'mytopo': ( lambda: MyTopo() ) }

topos is a dictionary which stores a custom name as a key and the class name as the value.The name 'mytopo' here can be any name you want to give.It need NOT be same as the filename  MyTopo() is the class name that we have defined in the custom topology which is a sub-class of Topo class that needs to be imported as follows

from mininet.topo import Topo

The above file can be run as follows:

mininet@mininet-vm:~$ sudo mn --custom ~/mininet/custom/mytopo.py --topo mytopo --mac

Here mytopo is the key defined in topos dictionary and ~/mininet.custom/mytopo.py is the file location of the file.

Connecting Mininet Hosts to Internet

While working on my project on open vswitch I had to connect mininet hosts to internet to enable some functionalities in mininet hosts. After working on it for two days, I came to realise that its just 4 easy steps. If you are struggling with the same here is the solution.

Step 1: Make sure that your guest OS ie mininet OS is connected to the internet.

In virtualbox network setting make sure that you have a NAT interface enabled that allows you to connect to internet. It will have an ip address like this : 10.0.3.15 ie a class A address
Test by pinging www.google.com to make sure you are connected to internet from the guest OS ie Mininet OS.

Step 2: Start the network

Start a mininet netowrk with a switch and a host or any topology you prefer.

sudo mn  --switch ovsk --mac --topo single,2

The above command creates a network with single switch and two hosts.
This will create a switch s1 and two hosts h1 and h2.

Step 3: Connect the guest interface(that connects to the internet) to the ovs bridge

The command used to achieve this is an ovs-vsctl command which is used for quering and configuring openvswitchd(this is a process of openvswitch).

Open an xterm window for s1 as this command does not run directly on mininet.For this you need to ssh the guest OS from the host OS. If you don't know how to do this, you can refer to my earlier post titled "Error: Cannot Connect to Display"

Check the openvswitch configuration using the command: ovs-vsctl show
My switch had the following configuration.

root@mininet-vm:~# ovs-vsctl show
d27a9060-3edf-4ee7-a4cf-09e705c93f56
    Bridge "s1"
        Controller "ptcp:6634"
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "s1-eth1"
            Interface "s1-eth1"
        Port "s1-eth2"
            Interface "s1-eth2"
        Port "s1"
            Interface "s1"
                type: internal
    ovs_version: "2.0.1"

Now, run the following command to connect eth1 to s1: ovs-vsctl add-port s1 eth1

Check the configuration again using ovs-vsctl show. The new interface that is added has been highlighted in red.

root@mininet-vm:~# ovs-vsctl show
d27a9060-3edf-4ee7-a4cf-09e705c93f56
    Bridge "s1"
        Controller "ptcp:6634"
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "eth1"
            Interface "eth1"
        Port "s1-eth1"
            Interface "s1-eth1"
        Port "s1-eth2"
            Interface "s1-eth2"
        Port "s1"
            Interface "s1"
                type: internal
    ovs_version: "2.0.1"

Step 4: Run dhclient on hosts.

Open  xterm windows for h1 and h2 and run the following commands. The first command removes the ip from h1-eth0,the second command gets the ip address for h1-eth0 from dhcp server. The second command shows the interface description.

root@mininet-vm:~# ifconfig h1-eth0 0
root@mininet-vm:~# dhclient h1-eth0
root@mininet-vm:~# ifconfig
h1-eth0   Link encap:Ethernet  HWaddr 00:00:00:00:00:01
          inet addr:10.0.3.16  Bcast:10.0.3.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:24 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3304 (3.3 KB)  TX bytes:1764 (1.7 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1252 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1252 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:151432 (151.4 KB)  TX bytes:151432 (151.4 KB)

Now check the internet connectivity using ping.

root@mininet-vm:~# ping www.google.com
PING www.google.com (216.58.216.164) 56(84) bytes of data.
64 bytes from sea15s02-in-f4.1e100.net (216.58.216.164): icmp_seq=14 ttl=54 time=61.9 ms
64 bytes from sea15s02-in-f4.1e100.net (216.58.216.164): icmp_seq=15 ttl=54 time=60.7 ms
^C
--- www.google.com ping statistics ---
15 packets transmitted, 2 received, 86% packet loss, time 14065ms
rtt min/avg/max/mdev = 60.707/61.336/61.965/0.629 ms

Summary:

The command that we have used to achieve internet connectivity to hosts are:

ovs-vsctl add-port s1 eth1
ifconfig h1-eth0 0
dhclient h1-eth0

Error: Cannot Connect to display

In some virtual box images which does not have GUI support, the error mentioned in the title is encountered. This is because it does not support GUI and so it cannot display a graphical interface.

However, whether you are using Windows or Linux,there is a solution to this.

Step 1: Make sure you have host only networking adapter on your vm.

Make sure that you add an adapter with host only networking enabled on that adapter.
If you have host-only networking enabled, you will see an interface on your image with a class C ip address.
The IP Address is a class C address like 192.168.56.103.

To know this address use the commands ifconfig(if your image is linux based) or ipconfig(if your host is windows based.)

It will also have a class A address like 10.0.0.3 if you have NAT adapter enabled. This is used for connecting the virtualbox to the internet.

Step 2: Connecting to guest from host.

If you are accessing the guest using a command line, use the following command to access the guest and you do not need to follow step 3.

ssh -X username@address        ----------where -X enables X11 forwarding, username is the username  of the image and address is the host-only address of the guest.

If you are using a Windows host.

Make sure that you enable X11 forwarding in the ssh client(Eg, Putty, Secure Crt) you are using.

In Putty,Go to Connection > SSH > X11 > Check mark the X11 Forwarding option.
In Secure Crt, Go to Connection--> Port Forwarding--> Remote/X11 and check the Enforce X11 authentication checkbox

Step 3: Start Xming(If you are using Windows host)

Download Link : http://www.straightrunning.com/XmingNotes/

If you are using the Windows as a host you will need to start Xming first, which is a display server for Windows.

Now, to display the GUI for applications use the command xterm to open the GUI.
For eg.: In case of mininet use 'xterm s1' to display the xterm window for switch 1.

Authentication in RIP v2

RIP version 1 does not support authentication. RIP version 2 supports plain text and md5 authentication. The difference between md5 and plain text authentication is that the key string is unencrypted in plain text so it can be seen be anyone who can see or sniff the packet. So MD5 authtication is more secure. There is no point in not using MD5.

We will first configure MD5 authentication and see how just change of one word in MD5 authentication leads to plain-text authentication.

MD5 Authentication:

Step 1 : Configure key chain

R1(config)#key chain sandesh   ### 'sandesh' is the name of key chain which enables
                                                                authentication  for routing protocols.
R1(config-keychain)#key 1       ###Identifies an authentication key on a key chain.
R1(config-keychain-key)# key-string passpass    ###Specifies the authentication key string for a key
                                                                      in this case the key-string is 'passpass'

Step 2: Configure interface

R1(config)#int fa0/0
R1(config-if)#ip rip authentication mode md5
R1(config-if)#ip rip authenticaiton key-chain sandesh

Repeat the same configuration on the other router and the directly connected interface. Thats all you need to do for MD5 authentication.

Plain Text Authentication

To configure plain text authentication just change the configuration of the directly connected interfaces. Step 1 is same for both

Step 2: Configure interface

R1(config)#int fa0/0
R1(config-if)#ip rip authentication mode text
R1(config-if)#ip rip authenticaiton key-chain sandesh

To check the key chain in cisco route use the following command:

R1#show key chain
Key-chain sandesh:
    key 1 -- text "passpass"
        accept lifetime (always valid) - (always valid) [valid now]
        send lifetime (always valid) - (always valid) [valid now]

In the above result we can see that the key 1 has two properties, accept lifetime and send lifetime.
These properties define the validiy of the key 1. It means that the key 1 is always valid.

Cisco routers provide the flexibility to configure multiple keys valid for different periods of time. This adds to the security of the rip updates.

Changing Validity of key in RIP

To change the validity of keys in RIP, we need to specifiy the start time of key validity and the end time or duration.

R2(config)#key chain sandesh
R2(config-keychain)#key 1
R2(config-keychain-key)#send-lifetime hh:mm:ss <1-31> MONTH <1993-2035> hh:mm:ss 
                                             <1-31> MONTH <1993-2035>  ### start time and end time

Instead of end time we can specify the duration in seconds as well

R2(config)#key chain sandesh
R2(config-keychain)#key 1
R2(config-keychain-key)#send-lifetime hh:mm:ss <1-31> MONTH <1993-2035> duration
                                                <1-2147483646> 

The other option is infinite which means that the key is valid as long as the key is there.

R2(config)#key chain sandesh
R2(config-keychain)#key 1
R2(config-keychain-key)#send-lifetime hh:mm:ss <1-31> MONTH <1993-2035> infinite

With this flexibility provided by cisco routers, we can have multiple keys for a pair of directly connected interfaces each valid at different period of time.

Configuring Password on Cisco Router

There are mainly three types of passwords that can be set on cisco routers.
To see the lines available in a cisco router we can use the following command.

sandesh#show line
   Tty Line Typ     Tx/Rx    A Roty AccO AccI   Uses   Noise  Overruns   Int
*    0    0 CTY              -    -    -    -      0       0     0/0       -
     1    1 AUX   9600/9600  -    -    -    -      0       0     0/0       -
   322  322 VTY              -    -    -    -      0       0     0/0       -
   323  323 VTY              -    -    -    -      0       0     0/0       -
   324  324 VTY              -    -    -    -      0       0     0/0       -
   325  325 VTY              -    -    -    -      0       0     0/0       -
   326  326 VTY              -    -    -    -      0       0     0/0       -
   327  327 VTY              -    -    -    -      0       0     0/0       -
   328  328 VTY              -    -    -    -      0       0     0/0       -
   329  329 VTY              -    -    -    -      0       0     0/0       -
   330  330 VTY              -    -    -    -      0       0     0/0       -
   331  331 VTY              -    -    -    -      0       0     0/0       -
   332  332 VTY              -    -    -    -      0       0     0/0       -
   333  333 VTY              -    -    -    -      0       0     0/0       -
   334  334 VTY              -    -    -    -      0       0     0/0       -
   335  335 VTY              -    -    -    -      0       0     0/0       -
   336  336 VTY              -    -    -    -      0       0     0/0       -
   337  337 VTY              -    -    -    -      0       0     0/0       -

The router I am using has an auxiliary port, a console port and 16 vty lines. Following are the passwords that can be set for these lines.

1. Auxiliary Password:
      This password is set for the auxiliary port of router which is located at the back of the router. The purpose of an auxiliary port is to connect an external modem to the router. This modem can be used to connect to the router for troubleshooting purposes should regular connectivity fail. Similary to console port, auxiliary port is also an asynchronous serial port with an RJ-45 interface. A rollover cable is used for connections.

CLI Commands for configuration:

Router(config)#line aux 0
Router(config-line)#password auxiliary
Router(config-line)#login

2. Console Password: 
        Router console ports are meant to allow root access to the router via a dumb terminal interface, regardless of the state of the router (unless it is completely dead). By connecting to the console port you can get remote access to the root level of a router without using the network that the router is connected to. This creates a secondary path to the router outside the bandwidth of the network which needs to be secured without relying on the primary network. A rollover cable is used for connections.

More info about physical connection here : https://www.youtube.com/watch?v=_xA94N__uzk

CLI Commands for configuration:

Router(config)#line aux 0
Router(config-line)#password console
Router(config-line)#login

3. VTY Password:
        This is used in vty lines. Whenever, there is a request to connect to these vty lines, the router ass for a password. A number of protocols can be used to connect to these vty lines. For eg: telnet and ssh. The protocols allowed depends on the cisco router series.

CLI Commands for configuration:

The simplese command include the following.

Router(config)#line vty 0 4
Router(config-line)#password remote
Router(config-line)#login

These commands set password for telnet access. When we try to telnet to the management ip of the router, the router asks for the password.
Eg: C:> telnet 8.8.8.8
       Password:
Configuration to ask for username in telnet access:
Now, if we want the router to ask for the username as well, we need to use the following commands.

Router(config)#username cisco password cisco
Router(config)#line vty 0 4
Router(config-line)#login local

The command login local forces the router to ask for username.

SSH Protocol configuration for VTY lines:

We can also configure to use ssh protocol for remote connections as telnet is not secure. Telnet uses plain-text to transport data to and from the router.

Step 1: Configure the domain name:

Router(config)#ip domain-name sandeshshrestha,net

Step 2: Generate RSA key

Router(config)#crypto key generate rsa
% Please define a hostname other than Router.
Router(config)#hostname sandesh
sandesh(config)#crypto key generate rsa
The name for the keys will be: sandesh.sandeshshrestha.net
Choose the size of the key modulus in the range of 360 to 2048 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]: 510
% Generating 510 bit RSA keys, keys will be non-exportable...[OK]
sandesh(config)#
*Mar 1 2:53:22.782:  RSA key size needs to be at least 768 bits for ssh version 2
*Mar 1 2:53:22.782:  %SSH-5-ENABLED: SSH 1.5 has been enabled

Two interesting thing to note here:

1. It asks for a hostname other than Router.
2. The ssh verion enabled is 1.5 but there is not 1.5 version for ssh. This basically means that version 2 is not being used here. Instead its version 1. To configure version 2 of ssh, use the following command. Also, note that the rsa key should be at least 768 bits for version 2.

sandesh(config)#ip ssh version 2
Please create RSA keys (of at least 768 bits size) to enable SSH v2.

For reason mentioned above, it gives the error.

Step 3: Configure vty line

Router(config)#line vty 0 4
Router(config-line)#transport input ssh telnet  (allows both ssh and telnet)
Router(config-line)#password ssh
Router(config-line)#login local

Step4: Connect
To connect to vty line in router using ssh we do the following:

C:>ssh cisco@8.8.8.8
Password:

Dynamic Trunking Protocol

This protocol is used to negotiate trunk links between VLAN aware switches using dot1q or isl. The negotiation process will also determine which trunking protocol is used either dot1q or isl. By default no trunking protocol is configured on either end. ISL is configured if supported by each switch.

DTP advertieses VTP domain, the status of the interface and its DTP type. These packets are transmitted on the native VLAN every 60 seconds.

DTP should not be confused with VTP, as they serve different purposes. VTP communicates VLAN existence information between switches. DTP aids with trunk port establishment. Neither protocol transmits the data frames that trunks carry.


The following switch port mode settings exist:

Access — Puts the LAN port into permanent nontrunking mode and negotiates to convert the link into a nontrunk link. The LAN port becomes a nontrunk port even if the neighboring LAN port does not agree to the change.

CLI command: switchport mode access

Trunk — Puts the LAN port into permanent trunking mode and negotiates to convert the link into a trunk link. The LAN port becomes a trunk port even if the neighboring port does not agree to the change.

CLI command: switchport mode trunk

Dynamic Auto — Makes the LAN port willing to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk or desirable mode.

CLI command: switchport mode dynamic auto

Dynamic Desirable — Makes the LAN port actively attempt to convert the link to a trunk link. The LAN port becomes a trunk port if the neighboring LAN port is set to trunk, desirable, or auto mode. This is the default mode for all LAN ports.

CLI command: switchport mode dynamic desirable

Nonegotiate — Puts the LAN port into permanent trunking mode but prevents the port from generating DTP frames. You must configure the neighboring port manually as a trunk port to establish a trunk link.

CLI command: switchport mode nonegotiate

Port Security in Cisco Switches

Switch port security restricts the number of mac-addresses that are able to send or receive packets. Any incoming packet from other device is discarded by the switch.

If the maximum number of secure mac-addresses has been reached, a security violation occurs when a device with a different mac address tries to attach to that port.

The command to configure number of mac-addresses is:

switchport port-security maximum
The maximum number of secure mac-addresses allowed is 132.


Types of secure mac-addresses:

1. Static secure mac-address: Configured manually using the switchport port-security mac-address command. These mac-addresses are stored in the address table and in the running configuration of the switch.

2. Dynamic secure mac-address: These are dynamically learned by the switch and stored in the dynamic mac-address table. These are removed when the switch restarts. Only command required for this type is switchport port-security. The default behaviour is to allow only one mac-address and shutdown for violation.

3. Sticky secure mac-address: Like dynamic secure mac-address they are learned dynamically but are saved in running configuration. For eg: If the maximum is 1, the learn hardware to connect to the switch is the secure device and the switch learns the mac- address and saves it to the running configuration. Since, the mac-addresses are saved in running config, the mac-addresses remain intact if the config is saved to startup-config.


Depending on the action you want a switch to take when a security violation occurs, you can configure the behavior of a switch port to one of the following:

Protect – when the maximum number of secure MAC addresses has been reached, packets from devices with unknown source addresses are dropped until you remove the necessary number of secure MAC addresses from the table. In this mode, you are not notified when a security violation occurs.Shutdown
Restrict – is identical with protect mode, but notifies you when a security violation occurs. Specifically, a SNMP trap is sent, a syslog message is logged and the violation counter increments.

Shutdown – this is the default behavior on a switch. In this mode, the switch ports shuts down when the violation occurs. Also, a SNMP trap is sent and the message is logged. You can enable  the port again with the no shutdown interface configuration command.


CLI Commands:

For dynamic:

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security

For Sticky:

Switch(config)#interface FastEthernet 0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config)if)#switchport port-security maximum 10
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security violation restrict

To see all port security configuration for the switch port use this command:

show port-security int fa0/1

VTP Basics

VLAN Trunking Protocol(VTP) allows switches to share VLAN information automatically. Thus an administrator only need to change VLAN on one switch which will be propagated to all switches. However, this does not reduce the need to assign switchports to different VLANs.

A VTP domain can only support 255 vlans. A switch is enabled in server mode by default. VTP advertisements are sent every 5 minutes by default or when there is a change in configuration revision number caused by addition or deletion of vlans.

VTP Modes:

Server Mode - In VTP server mode you can create, modify and delete vlans. VLAN information is synchronized with other VTP servers and clients on the VTP domain. You can have multiple VTP servers in the VTP domain and VLAN information is synchronized according to the server with the highest configuration revision number. VLAN information is stored in the the vlan.dat file in NVRAM/Flash memory.

Client Mode - Switches in VTP client mode receive and synchronize VLAN database information from other VTP servers and VTP clients in the VTP domain. A VTP client can update a VTP server if it has a higher configuration revision number. VLAN information is stored in the "Running-Config" or DRAM. If a switch in client mode is restarted then all VLAN information, including the VTP revision number on the switch is lost and must be relearned from the VTP server once the client has restarted.

Transparent Mode - Switches in transparent mode receive updates from other servers and clients but do not participate in the VTP Domain, rather they allow the VTP updates and advertisements, to pass through the switch on to other switches in the VTP domain. Transparent mode switches do not synchronize their VLAN information with other VTP servers and clients, but maintain their own separate VLAN configurations.


VTP Configuration Commands:


This command shows the vtp status like vtp version, configuration revision number, number of vlans, etc.

Switch# show vtp status

This configures the domain name of vtp. There can be more than one domain in a topology. VTP does not work across domains i.e. if the client is in a different domain than server, it does not learn about vlan from the server.

Switch(config)# vtp domain
Changing VTP domain name from NULL to


Switch(config)# vtp mode

To make two switches talk to one another, the ports connecting them should be in trunk mode. Either of the ports can be configured to trunk mode and the other will be automatically be in trunk mode as the ports are in dynamic-auto mode.

Switch(config)#int fa0/1
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport  trunk allowed vlan 1-99

Now go to the other switch and configure vtp client mode using the vtp domain and vtp mode command.

How to clear switch for new configuration

1. Connect to the console port and enter priviliged EXEC mode.

From your computer terminal connect to the console port of the switch using a console cable. You should see the console prompt that includes the switch's hostname followed by > or #.

If the prompt ends in > you are in user mode. To enter priviliged EXEC mode, type enable.

2. Delete the VLAN database file.

Switch#delete flash:vlan.dat
Delete flash vlan.dat ? [confirm]
Switch#

3. Erase the start-up config from nvram


The startup configuration of switches can be removed using the erase-start up config command.

Switch# erase startup-config
Erasing the nvram filesystem will remove all configuration files! Continue?
[confirm]
[OK]
Erase of nvram: complete
Switch#
Switch# reload

Pointers and Arrays

Pointers and arrays are intricately linked in the C language.

For Eg:

int nValue[5]={1,2,3,4,5};

So, when we print

cout << nValue, the outupt is the address of  first element of nValue.
Therefore, we can say that nValue is a pointer that points to the first element of any array.

Thus, cout << nValue++ will be address of second element of nValue.

Also,

cout << *nValue will print the first element of nValue. This is called dereferencing pointers.e
and cout << *(nValue+1) will print the second element of nValue. Parentheses are used to ensure operator precedence is correct. Operator * has higher preference than +.


Also look at the following progam which uses the concept explained above.

#include <iostream>
using namespace std;

int main(){

const int nArraySize = 7;
char szName[nArraySize] = "Mollie";
int count=0;
for (char *pnPtr = szName; pnPtr < szName + nArraySize; pnPtr++)
{
   
    if(*pnPtr!=NULL){
  count++;   }
}

cout << szName << " has " << count << " alphabets" << endl;
}

Laptop directly boots into Windows even after installing Ubuntu

In some laptops mainly in HP, even after you install Ubuntu, laptop directly boots into Windows without giving any boot menu.

To get the boot menu perform the following steps.

1. Restart your laptop holding down the F2 or F10 (depending on the brand) to get the System SetUp      Utility.

2. In the boot options, choose to boot from USB. Save and Exit(Press F10) the set up.

3. Keep the USB connected to the laptop, so it will boot into Ubuntu giving the grub menu for        Ubuntu. Select Try Ubuntu(First Option).

4. When the desktop appears, open a terminal using the Ctrl+ Alt + T keys.

5. In the terminal run the following commands one by one.

sudo add-apt-repository ppa:yannubuntu/boot-repair
sudo sh -c "sed -i 's/trusty/saucy/g' /etc/apt/sources.list.d/yannubuntu-boot-repair-trusty.list"
sudo apt-get update
sudo apt-get install -y boot-repair && boot-repair
 
           

Click on the "Recommended repair".
6. You might get a message stating "EFI is detected". This is just an informational message because it is perfectly fine to install Ubuntu with EFI turned on.

7. After clicking "OK" to the EFI detected message the utility performed a few tasks and then asks to select some text and run it in a terminal window.

8. If you are asked to do this open a new terminal window using Ctrl+ Alt + T keys. Copy the text from the boot repair window and run the commands one by one.Make sure all the commands have run correctly.

9. Now click on the "Forward" button within the boot repair application. You may be asked to copy and paste more text.
Repeat the process of selecting all the text, press CTRL and C and then right click in the terminal window and select paste.
Make sure the commands run.

Keep following through on the process until the boot repair finishes.
If you are lucky enough then at the very end of the process you will see a message stating that boot repair completed without errors.
Reboot your computer. You'll get the boot menu.

File Operations in C++

The header file which contains the library for file operations is fstream.
 Be sure to include this line at the top.

C++ provides the following classes to perform output and input of characters to/from files:

ofstream: Stream class to write on files
ifstream: Stream class to read from files
fstream: Stream class to both read and write from/to files.

#include <iostream>
#include <string>
#include <fstream>
using namespace std; int main() {

  fstream myfile;                                                 

  string data;

  

  myfile.open ("B-large-practice.in");                             

  getline(myfile,data);                                                          

  cout << data<< endl;

  while(!getline(myfile,data).eof()){

 

  int no_of_cases=data.length();

  cout << no_of_cases<

  

  }

  myfile.close();                         

getchar();

return 0;

}

Background color not appearing in div element

A floating element doesn't affect the size of the parent, unless the parent specifically contain the children using the overflow style.

Your outer div has the same background colors as the child divs, but the height of the parent is zero, so you don't see its background.

div { background: #ccc; overflow: hidden; }

Mapping IP Multicast Addresses to Ethernet and FDDI MAC Addresses

To support IP multicasting, the Internet authorities have reserved the multicast address range of 01-00-5E-00-00-00 to 01-00-5E-7F-FF-FF for Ethernet and Fiber Distributed Data Interface (FDDI) media access control (MAC) addresses. As shown in Figure 4.1, the high order 25 bits of the 48-bit MAC address are fixed and the low order 23 bits are variable.

To map an IP multicast address to a MAC-layer multicast address, the low order 23 bits of the IP multicast address are mapped directly to the low order 23 bits in the MAC-layer multicast address. Because the first 4 bits of an IP multicast address are fixed according to the class D convention, there are 5 bits in the IP multicast address that do not map to the MAC-layer multicast address. Therefore, it is possible for a host to receive MAC-layer multicast packets for groups to which it does not belong. However, these packets are dropped by IP once the destination IP address is determined.

For example, the multicast address 224.192.16.1 becomes 01-00-5E-40-10-01. To use the 23 low order bits, the first octet is not used, and only the last 7 bits of the second octet is used. The third and fourth octets are converted directly to hexadecimal numbers. The second octet, 192 in binary is 11000000. If you drop the high order bit, it becomes 1000000 or 64 (in decimal), or 0x40 (in hexadecimal). For the next octet, 16 in hexadecimal is 0x10. For the last octet, 1 in hexadecimal is 0x01. Therefore, the MAC address corresponding to 224.192.16.1 becomes 01-00-5E-40-10-01.

The 25th bit is always zero.

Understanding LDP

Label Distribution Protocol(LDP) is a signalling protocol that is used in an MPLS network to distinguish label information to LERs and LSRs. In this way, it is very similar to an IP routing protocol except that instead of distributing IP network address information, it distributed label information. Before LDP can be enabled on a router, the network must be running a routing protocol. The routing protocol allows LDP to know which destinations it needs to generate labels for. Once a peering session is established, the routers check their routing tables and send out a label associated with networks that they see.

Understanding MPLS

MPLS is a packet-forwarding technology which uses labels to make data forwarding decisions. With MPLS, the Layer 3 header analysis is done just once (when the packet enters the MPLS domain). Label inspection drives subsequent packet forwarding. MPLS provides these beneficial applications:

Virtual Private Networking (VPN)
Traffic Engineering (TE)
Quality of Service (QoS)
Any Transport over MPLS (AToM)

Additionally, it decreases the forwarding overhead on the core routers. MPLS technologies are applicable to any network layer protocol.

In MPLS network, routers are catagorized as Label Edge Routers(LERs) and Label Switched Routers(LSRs). The LERs are the endpoints of the MPLS tunnels, known as Label Switched Paths(LSPs)

and are normally at the edge of the network. The LSRs are at the core of the network and provide the connectivity between the LERs.

The purpose of MPLS is to provide a tunneling service to forward customer packets across the provider network based on information other than simply IP address destination. In order to provide the service, MPLS will mark packets inbound from the customer devices(CE) with a special header called label. The label is simply an additional header that is packets inbound to the provider network.

A label is a short, four-byte, fixed-length, locally-significant identifier which is used to identify a Forwarding Equivalence Class (FEC). The label which is put on a particular packet represents the FEC to which that packet is assigned.

                         

Label—Label Value (Unstructured), 20 bits
Exp—Experimental Use, 3 bits; currently used as a Class of Service (CoS) field.
S—Bottom of Stack, 1 bit
TTL—Time to Live, 8 bits

These labels are used to make forwarding decisions rather than the IP address. This basically turns the Layer 3 routed network into a switched network. This provides several advantages over traditional IP routing.

LERs mark the packets with label information based on provider configured policies. By marking the packets, the provider network can differentiate customer traffic based on the labels, for example, by forwarding differently labeled packets over a preferred path.

The MPLS enabled routers(LERs and LSPs) use a signalling protocol to distribute labeled packets across the network. The method for distributing labels through the network depends on the signalling protocol being used, either Label Distribution Protocol(LDP) or Resource Reservation Protocol(RSVP).

MPLS and VPN services - Basic Terms

Customer Edge Routers:

• Reside on customer permises
• Provides access to service provider network over a link or more Provider Edge Routers.
• End user typically owns and operates these devices.
• CE devices are unaware of tunneling protocols over VPN services provided by the service provider.
• Eg: Home networking router or wireless access point.

Provider Edge Router:

• Has at lease one interface that is directly connected to the CE device.
• PE device usually has at lease one interface that connects to the Service Provider Core devices.
• Must be able to connect to different CE devices over different access media, usually able to support many different interface types.
• Customer's gateway to the VPN services offered by the service provider.

Provider Router:

• Routers located in the Provider Core Network
• P router supports the service provider's bandwidth and switching requirements over a geographically dispersed area
• Does not connect directly to the customer equipement
• P routers does not care about the different types of services that are provided to individual customers and instead simply make forwarding decisions based on information attached to the IP packets by the PE devices.

Thus we can say that much of the intelligence in a service-based network is provided by the PE devices.It provides almost all of the critical setup and control that are needed to mark traffic and have it forwarded correctly throughout the rest of a service network.

Service Access Point(SAP): 

• Provides the logical entity that serves as the customer access to whatever services are provided by the PE.

Service Distribution Point(SDP):

This is the method that a service uses to connect to another router's services.

Important features of SDPs include:

• To provide the transport tunnel encapsulation that the service will be using such as MPLS/RSVP-TE/MPLS-LDP or IP/GRE
• SDP IDs are locally unique, the same SDP ID can be used on another router
• An SDP is not specific to one service. Many services can use the same SDP.

Properties of Reliable Delivery Service

1. Stream Orientation: Stream delivery service on destination passes to the receiver exact same sequence of bytes that the sender passes it to the source.

2. Virtual Circuit Connection: Protocol softwares on both the ends communicate by verifying that the transfer is authorized and both sides are ready. Once all details have been settled, the protocol modules inform the application programs that the connection has been established and that transfer can begin.

3. Buffered transfer : When transferring data, each application uses whatever size pieces it finds convenient, which can be as small as a single octet.

4. Unstructured stream : Application programs using the stream service must understand stream content and agree on stream format before they initiate a connection.

5. Full duplex connection : A full duplex connection consists of two independent streams flowing in opposite directions, with no apparent interaction. The advantage of a full duplex connection is that the underlying protocol software can send control information for one stream back to the source in datagrams carrying data in the opposite direction. Such piggybacking reduces network traffic.

What is difference between Limited Broadcast address and Directed Broadcast address

We all know broadcast address . It is the address used to address all in the same LAN ( Local Area network).

In broadcast we have two types : Limited broadcast and Directed broadcast. What is the difference between the directed broadcast and the Limited broadcast ?

Limited broadcast is the broadcast limited to a single LAN and which is to be received by all. It is sent to reserved Class E , IP address 255.255.255.255. The destination MAC address for such frames will be FF:FF:FF:FF:FF:FF.  The router simply drop the Limited broadcast address and does not forward it.


Directed Broadcast address is the local subnet broadcast address. If the subnet is 192.168.10.0 , the directed broadcast address will be 192.168.10.255 , which will be heard by all in the same subnet hosts. The router will receive such packet and process it.The  destination mac address will still be FF:FF:FF:FF:FF:FF, as it is to be received by all hosts.

DHCP packets are Limited broadcast packets and NBNS uses directed broadcast packets.