Sunday, October 27, 2013
Life in Congo
I would like to bring new life to this blog. It has been in Limbo for over 3 years now. I will be telling you about my everyday life here in Goma - Eastern Democratic Republic of Congo. I will also share pictures. Its a good life I must say. May the rebels be kept away.....Enjoy
These are briefly my plans:
1) Build the Roke Telkom Network in Goma and extend it to Bukavu and the rest of DR Congo
2) Setup a mini Basketball court
3) Start a mini Basketball training program and kiddie league
4) Start English classes for those who want to learn it
5) Promote Eastern DR Congo as a safe destination for tourists
Kindly follow my posts and help me promote my objectives through online social media sharing and search engines.
Wednesday, October 27, 2010
Configuring an EAPS ring using Extreme Switches
Jackie, Timothy and I setup an EAPs ring using 3 core network switches to connect 3 POPs (Points of Presence at Zain House, Kanjokya and Augere)
Below is the configuration. It should be a breeze once you get a hold of the extreme command line.
1. create eaps roke_eaps (eaps domain)
2. create vlan roke_eaps (control vlan)
configure vlan roke_eaps tag 111
configure vlan ROKE_EAPS_111 qosprofile QP8
3. configure protected vlans
4. configure eaps roke_eaps add control vlan roke_eaps
5. configure eaps roke_eaps add protect vlan seacom
configure eaps roke_eaps add protect vlan teams
configure eaps roke_eaps add protect vlan xxxxxx
6. configure eaps roke_eaps mode master/transit
7. configure eaps roke_eaps primary port
configure eaps roke_eaps secondary port
8. configure eaps roke_eaps failtime 5**************************************optional
configure eaps roke_eaps failtimer expiry-action open-secondary-port******optional
9. configure eaps roke_eaps hellotime 2 ************************************optional
10. enable eaps
11.configure eaps fast-convergence on/off*********************************optional
12.enable eaps roke_eaps
ZAIN HOUSE
create eaps roke_eaps
create vlan ROKE_EAPS
configure vlan ROKE_EAPS_111 tag 111
configure vlan ROKE_EAPS_111 add ports 3,4 tag
configure vlan ROKE_EAPS_111 qosprofile QP8
***configure protected vlans***
[ROKE_BACKBONE, TEAMS, SEACOM, AUGERE, KJ_OLT_MGT_PORT ] –already exist
configure eaps roke_eaps add control vlan ROKE_EAPS_111
configure eaps roke_eaps add protect vlan SEACOM
configure eaps roke_eaps add protect vlan TEAMS
configure eaps roke_eaps add protect vlan AUGERE
configure eaps roke_eaps add protect vlan ROKE_BACKBONE
configure eaps roke_eaps add protect vlan KJ_OLT_MGT_PORT
configure eaps roke_eaps mode master
configure eaps roke_eaps primary port 4
configure eaps roke_eaps secondary port 3
8. configure eaps roke_eaps failtime 5**************************************optional
configure eaps roke_eaps failtimer expiry-action open-secondary-port
9. configure eaps roke_eaps hellotime 2 ************************************optional
enable eaps
configure eaps fast-convergence on
enable eaps roke_eaps
AUGERE
create eaps roke_eaps
create vlan ROKE_EAPS_111
configure vlan ROKE_EAPS_111 tag 111
configure vlan ROKE_EAPS_111 add ports 49,50 tag
configure vlan ROKE_EAPS_111 qosprofile QP8
***configure protected vlans***
[ROKE_BACKBONE, TEAMS, SEACOM, AUGERE, KJ_OLT_MGT_PORT ] – already exist
configure eaps roke_eaps add control vlan ROKE_EAPS_111
configure eaps roke_eaps add protect vlan SEACOM
configure eaps roke_eaps add protect vlan TEAMS
configure eaps roke_eaps add protect vlan AUGERE
configure eaps roke_eaps add protect vlan ROKE_BACKBONE
configure eaps roke_eaps add protect vlan KJ_OLT_MGT_PORT
configure eaps roke_eaps mode transit
configure eaps roke_eaps primary port 50
configure eaps roke_eaps secondary port 49
8. configure eaps roke_eaps failtime 5**************************************optional
configure eaps roke_eaps failtimer expiry-action open-secondary-port******optional
9. configure eaps roke_eaps hellotime 2 ************************************optional
enable eaps
configure eaps fast-convergence on
enable eaps roke_eaps
KANJOKYA
create eaps roke_eaps
create vlan ROKE_EAPS_111
configure vlan ROKE_EAPS_111 tag 111
configure vlan ROKE_EAPS_111 add ports 49,50 tag
configure vlan ROKE_EAPS_111 qosprofile QP8
***configure protected vlans***
[ROKE_BACKBONE, TEAMS, SEACOM, AUGERE, KJ_OLT_MGT_PORT ] –already exist
configure eaps roke_eaps add control vlan ROKE_EAPS_111
configure eaps roke_eaps add protect vlan SEACOM
configure eaps roke_eaps add protect vlan TEAMS
configure eaps roke_eaps add protect vlan AUGERE
configure eaps roke_eaps add protect vlan BACKBONE
configure eaps roke_eaps add protect vlan KJ_OLT_MGT_PORT
configure eaps roke_eaps mode transit
configure eaps roke_eaps primary port 50
configure eaps roke_eaps secondary port 49
8. configure eaps roke_eaps failtime 5**************************************optional
configure eaps roke_eaps failtimer expiry-action open-secondary-port******optional
9. configure eaps roke_eaps hellotime 2 ************************************optional
enable eaps
configure eaps fast-convergence on
enable eaps roke_eaps
----END----
hope that was easy.....have a great evening or whatever is left of it! :-)
Below is the configuration. It should be a breeze once you get a hold of the extreme command line.
1. create eaps roke_eaps (eaps domain)
2. create vlan roke_eaps (control vlan)
configure vlan roke_eaps tag 111
configure vlan ROKE_EAPS_111 qosprofile QP8
3. configure protected vlans
4. configure eaps roke_eaps add control vlan roke_eaps
5. configure eaps roke_eaps add protect vlan seacom
configure eaps roke_eaps add protect vlan teams
configure eaps roke_eaps add protect vlan xxxxxx
6. configure eaps roke_eaps mode master/transit
7. configure eaps roke_eaps primary port
configure eaps roke_eaps secondary port
8. configure eaps roke_eaps failtime 5**************************************optional
configure eaps roke_eaps failtimer expiry-action open-secondary-port******optional
9. configure eaps roke_eaps hellotime 2 ************************************optional
10. enable eaps
11.configure eaps fast-convergence on/off*********************************optional
12.enable eaps roke_eaps
ZAIN HOUSE
create eaps roke_eaps
create vlan ROKE_EAPS
configure vlan ROKE_EAPS_111 tag 111
configure vlan ROKE_EAPS_111 add ports 3,4 tag
configure vlan ROKE_EAPS_111 qosprofile QP8
***configure protected vlans***
[ROKE_BACKBONE, TEAMS, SEACOM, AUGERE, KJ_OLT_MGT_PORT ] –already exist
configure eaps roke_eaps add control vlan ROKE_EAPS_111
configure eaps roke_eaps add protect vlan SEACOM
configure eaps roke_eaps add protect vlan TEAMS
configure eaps roke_eaps add protect vlan AUGERE
configure eaps roke_eaps add protect vlan ROKE_BACKBONE
configure eaps roke_eaps add protect vlan KJ_OLT_MGT_PORT
configure eaps roke_eaps mode master
configure eaps roke_eaps primary port 4
configure eaps roke_eaps secondary port 3
8. configure eaps roke_eaps failtime 5**************************************optional
configure eaps roke_eaps failtimer expiry-action open-secondary-port
9. configure eaps roke_eaps hellotime 2 ************************************optional
enable eaps
configure eaps fast-convergence on
enable eaps roke_eaps
AUGERE
create eaps roke_eaps
create vlan ROKE_EAPS_111
configure vlan ROKE_EAPS_111 tag 111
configure vlan ROKE_EAPS_111 add ports 49,50 tag
configure vlan ROKE_EAPS_111 qosprofile QP8
***configure protected vlans***
[ROKE_BACKBONE, TEAMS, SEACOM, AUGERE, KJ_OLT_MGT_PORT ] – already exist
configure eaps roke_eaps add control vlan ROKE_EAPS_111
configure eaps roke_eaps add protect vlan SEACOM
configure eaps roke_eaps add protect vlan TEAMS
configure eaps roke_eaps add protect vlan AUGERE
configure eaps roke_eaps add protect vlan ROKE_BACKBONE
configure eaps roke_eaps add protect vlan KJ_OLT_MGT_PORT
configure eaps roke_eaps mode transit
configure eaps roke_eaps primary port 50
configure eaps roke_eaps secondary port 49
8. configure eaps roke_eaps failtime 5**************************************optional
configure eaps roke_eaps failtimer expiry-action open-secondary-port******optional
9. configure eaps roke_eaps hellotime 2 ************************************optional
enable eaps
configure eaps fast-convergence on
enable eaps roke_eaps
KANJOKYA
create eaps roke_eaps
create vlan ROKE_EAPS_111
configure vlan ROKE_EAPS_111 tag 111
configure vlan ROKE_EAPS_111 add ports 49,50 tag
configure vlan ROKE_EAPS_111 qosprofile QP8
***configure protected vlans***
[ROKE_BACKBONE, TEAMS, SEACOM, AUGERE, KJ_OLT_MGT_PORT ] –already exist
configure eaps roke_eaps add control vlan ROKE_EAPS_111
configure eaps roke_eaps add protect vlan SEACOM
configure eaps roke_eaps add protect vlan TEAMS
configure eaps roke_eaps add protect vlan AUGERE
configure eaps roke_eaps add protect vlan BACKBONE
configure eaps roke_eaps add protect vlan KJ_OLT_MGT_PORT
configure eaps roke_eaps mode transit
configure eaps roke_eaps primary port 50
configure eaps roke_eaps secondary port 49
8. configure eaps roke_eaps failtime 5**************************************optional
configure eaps roke_eaps failtimer expiry-action open-secondary-port******optional
9. configure eaps roke_eaps hellotime 2 ************************************optional
enable eaps
configure eaps fast-convergence on
enable eaps roke_eaps
----END----
hope that was easy.....have a great evening or whatever is left of it! :-)
Wednesday, July 14, 2010
wireless LAN for Dizayini (graphics design company in Kampala Uganda)
Just finished doing a wireless LAN for for Dizayini Limited (my brother Albert's company) in Kampala.
I used products from Level-one to setup the LAN.
- A wireless AP connecting to an Ethernet adapter on a windows XP desktop computer via cat6 cable. This Windows XP computer also acts as the gateway to the Internet using a wireless dial up 3G dongle from a local Telco (Orange Uganda). So i went ahead to share the connection on the LAN card giving it the address 192.168.0.1. DNS details are automatically picked up from Orange on dial up.
- Level one wireless cards added to three other Dell optiplex 360 desktops running windows XP and configured with static addresses in the 192.168.0.0/24 range with their gateway as 192.168.0.1. I proceeded to share folders on their D drives to allow sharing of graphic files between computers. Note that I faced a problem with the wireless cards on the Dell Optiplexes as the screens kept going blue with errors; sorted this out by eliminating the level one drivers and using Realtek drivers.
Basic solution to networking a small company in the suburbs of Kampala.
I used products from Level-one to setup the LAN.
- A wireless AP connecting to an Ethernet adapter on a windows XP desktop computer via cat6 cable. This Windows XP computer also acts as the gateway to the Internet using a wireless dial up 3G dongle from a local Telco (Orange Uganda). So i went ahead to share the connection on the LAN card giving it the address 192.168.0.1. DNS details are automatically picked up from Orange on dial up.
- Level one wireless cards added to three other Dell optiplex 360 desktops running windows XP and configured with static addresses in the 192.168.0.0/24 range with their gateway as 192.168.0.1. I proceeded to share folders on their D drives to allow sharing of graphic files between computers. Note that I faced a problem with the wireless cards on the Dell Optiplexes as the screens kept going blue with errors; sorted this out by eliminating the level one drivers and using Realtek drivers.
Basic solution to networking a small company in the suburbs of Kampala.
Tuesday, June 22, 2010
Thursday, June 17, 2010
Extreme CLI
Hardware
- BlackDiamond: Chassis-based high-port density switches for Carrier-Ethernet service providers and enterprise core
- Summit: Standalone switches from L2 100Mbps to L3 10Gig top-of-rack datacenter switches.
- ReachNXT: Port Extender - Manageable by an access switch via XOS
- SummitWM: Wireless controllers
- Altitude: Wireless Access Points
- Sentriant NG: Intrusion Protection System (IPS)
- Sentriant AG: Network Access Controller (NAC)
Software
- ExtremeWare is VxWorks based = first generation of Extreme networks operating system
- ExtremeXOS = 2nd Generation OS based on Linux kernel and BusyBox
- EPICenter = Network Management
Tool
Configuration
Switch CLI prompt is driven from SNMP host name value
Space bar to go to BootROM: for return to factory default configuration: config none
Extreme FDB = Forwarding Database for MAC addresses - 300 Sec Aging timer per MAC
IP FDB (L3) for IP forwarding
show iparp
show fdb
create fdbentry
delete fdbentry
disable learning
enable learning
# configure ports 1 vlan accounting unlimited-learnings
# configure ports 1 vlan accounting learning-limit 3 (use aging timer also) (only for dynamic entries)
Lock-learning (sticky mac)
# configure ports 1 vlan VLAN1 lock-learning
# configure ports 1 vlan VLAN1 unlock-learning
show vlan default security
ELSM (Extreme Link Status monitoring)
gets link status from other-end
enable elsm ports
disable elsm ports
configure elsm ports
clear elsm ports
VLANs
- Port-based
- 802.1Q Tagged VLAN
- Protocol-based VLAN
create vlan vlan_name
delete vlan vlan_name
configure vlan vlan_name add ports
configure vlan vlan_name delete ports
disable vlan vlan_name
enable vlan vlan_name
configure vlan vlan_nametag <tag _value>
configure vlan default delete port 7
configure vlan ENGINEERING add port 7 untagged
configure vlan ENGINEERING add ports 2,3 tagged
show vlan ENGINEERING
BPDU –> vlan0
Port Sharing (Aggregation) LAG
enable sharing 1 grouping 1-4 algorithm address-based lacp
show port sharing
Port Settings
enable lldp port all
show ports configuration no-refresh
enable jumbo-frame ports all
show vlan VLAN1 security
- spanning-tree is disabled by default
- EMI-STP Encapsulation - Extreme Multi Instance Spanning Tree - VST+ additional header
EAPS - Ethernet Automatic Protection Switching (Ring)
- Ring Topology
- L2 Protocol - Multicast MAC
- EAPS version 2 (advanced feature - EAPS shared port for preventing superloop)
- 50 ms failover
- Device Roles: Master node, Transit nodes
- Primary/secondary port on each switch
- Master blocks its secondary port
- Control VLAN and Protected VLAN (one Control VLAN per EAPS domain)
- EAPS flush FDB when there's a topology change
create vlan control_vlan_name
configure vlan control_vlan_name
configure vlan control_vlan_name add port
create eaps
configure eaps
configure eaps
configure eaps
configure eaps
configure eaps
enable eaps
enable eaps
configure eaps fast-convergence [off|on] -> additional 250ms
configure eaps name failtime expiry-action open secondary-port
EAPS with a Shared Port
- Configure partner
- Configure controller port
- link-id must be same on both switches
SummitStack
- Should have same image:
download imageslot - 40Gbps full duplex capacity per switch
- MAX: 8 devices
enable stacking
show stacking
show stacking configuration
configure stacking easy-setup
IP Routing
- By default is disabled
enable ipforwarding
configure iproute add x.x.x.x/x y.y.y.y
show ipconfig - In new vlan ip forwarding might be disabled make sure to check.
show iproute
show ipstats - icmp is enabled by default
OSPF
enable ipforwarding
configure ospf routerid 1.1.1.1
enable loopback vlanname (if you want to have loopback)
configure ospf address VLAN1 area 0.0.0.0
configure ospf address VLAN2 area 0.0.0.0
enable ospf
show ospf
show ospf area 0.0.0.0
show ospf neighbors
show ospf lsdb
- Redistribution is disabled and is configurable by policy files.
- Core license required for OSPF DR/BDR function.
- on edge / advanced edge license: we can not have DRs so priority:0
ESRP
Extreme Standby Routing Protocol - ESRP is extreme protocol for redundancy something like VRRP
QOS
- No much QOS support
Traffic shaping is called metering- 8 queue per interface
- Queue 1 and 8 are used by default (2q)
Tuesday, June 15, 2010
Tuesday, June 8, 2010
MPLS & VPLS: The Wedding
MPLS is the enabler of all these fancy services and applications we hear about today, such as MPLS VPNs, AToM (Any Transport over MPLS), MPLS TE (Traffic Engineering), etc. In order to clearly understand what VPLS is, you need to understand what led to the "birth" of VPLS (Virtual Private LAN Service). Now, it all began with MPLS VPNs. The client had to form a peer-to-peer relationship with the Provider's PE routers. What this means is that the provider is intricately involved with routing and forwarding the customer's traffic and some customers did not buy this idea and also providers had invested heavily into Layer 2 VPN techniques such as ATM, Frame Relay, etc and completely eliminating these overlay VPN techniques didn't feel right with the Chief Accountants and CIOs. Some engineers did not like the idea of having to let go of their beloved ATMs, Frame Relay PVCs for some new chap coming in.
This led Cisco and IETF to develop a solution which would let you run MPLS in the core but users will still maintain their private L2 VPN service across the MPLS core of the service provider. What this means is, the provider will provide a VPN service, across MPLS, but it will be kind of a pseudowire experience. The customer still retains their highly valued privacy, the SP maintains her MPLS core and should the customer be convinced, transitioning to MPLS VPNs will be "bread and butter".
Now this led to the introduction of AToM. AToM is the Cisco name for the Layer 2 transport service over an MPLS backbone. The customer
routers interconnect with the service provider routers at Layer 2 (Ethernet, High-Level Data Link
Control [HDLC], PPP, ATM, or Frame Relay). This eliminates the need for the legacy network
from the service provider carrying these kinds of traffic and integrates this service into the MPLS
network that already transports the MPLS VPN traffic.
AToM is an open standards-based architecture that uses the label switching architecture of MPLS
and can be integrated into any network that is running MPLS. The advantage to the customer is
that they do not need to change anything. Their routers that are connecting to the service provider
routers can still use the same Layer 2 encapsulation type as before and do not need to run an IP
routing protocol to the provider edge routers as in the MPLS VPN solution. As such, the move
from the legacy network that is running ATM or Frame Relay to the network that is running AToM
is completely transparent to the customer.
The service provider does not need to change anything on the provider (P) routers in the core of
the MPLS network. The intelligence to support AToM sits entirely on the PE routers. As such, the
core and edge technologies (MPLS and AToM, respectively) are decoupled. The core label
switching routers (LSRs) only switch labeled packets, whereas the edge LSRs impose and dispose
of labels on the Layer 2 frames. This is similar to the MPLS VPN solution, in which the P routers
switch only labeled packets and the PE routers need the intelligence to impose and dispose of
labels on the IP VPN traffic from the customers.
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Now how does VPLS come into the equation????
AToM is a point-to-point service and hence cannot broadcast frames.
Now some technologies such as Ethernet are broadcast in nature and take for example, the Spanning Tree Protocoo (STP). These protocols operate in a broadcast nature. VPLS is the point-to-multipoint cousin of AToM.
Subscribe to:
Posts (Atom)