Active-active router redundancy using VARP

In most of Leaf-Spine deployments, redundancy in Spine layer is required to achieve high availability and to prevent network service disruption. Modern layer 2 networks adopted loop-free and balanced path networks using Multi Chassis Link Aggregation topologies with LACP port channels, leaving loop control methods (STP) as second protection layer. Spines also supports layer 3 networks, using ECMP in a scalable network topology. For unicast redundancy in layer 3, a common method is use First Hop Router Redundancy (FHRR) to provide a simple and unique gateway for Leaf level. VRRP and HRSP are popular FHRR protocols and supported in most equipments today. Although HSRP and VRRP provide redundancy, they are active-standby FHRR protocols and do not provide a balanced data traffic distribution over Multi Chassis Link Aggregated topologies. The following figure show show data traffic is handled using active-standby FHRR protocol topology.

Continue reading

What Does DOM Mean for a SFP Transceiver?

If you take a look at the description of a SFP transceiver module, you will see the “DOM support” appeared in the product details. What does it mean? In fact, DOM or Digital Optical Monitoring as the words implies, is used for monitoring some parameters of the transceiver, which can help to identify the location of the fiber link failure, simplify maintenance, improve system reliability. Obviously a SFP with DOM function is high-ender than one without it. This is why most of modern optical SFP transceivers support DOM functions. To have a further understanding of DOM, some detailed information will be introduced in the following passage. Continue reading

EIGRP Wide Metrics

First and foremost, the metric has been reworked.
EIGRP named mode automatically uses wide metrics when speaking to another EIGRP named mode process. No additional configuration is necessary, this is automatic. So if it’s speaking to a traditional EIGRP process, it uses the old calculations.

Continue reading

IOS Conditional Debugging

I while back I mentioned it is possible to debug a single IPSec tunnel using crypto conditions, this functionality also extends outside of crypto conditions. IOS routers offer the functionality to create debug conditions and limit debug output to specific interfaces, ip addresses, and more see the following list:

Continue reading

How To Calculate Optimal TCP Window Size For Long Distance WAN Link

If you have a requirement to copy large amounts of data along way around the world you may find that despite your link being 60Mb/s if it’s 5,000 miles away you only can transfer files at much less like 10Mb/s. The cause of this is generally the TCP Window Size is optimized by OS and FTP clients by default to work on networks with less distance and less network round trip latency. Continue reading

VACL – VLAN Access Lists

IP access control lists – ACLs are used by routers to deny or forward specific traffic from passing through some network interface. We can say that ACLs are used when traffic travels from one network address space to other. Cisco Catalyst switch can also have an ACL applied within a VLAN. This special kind of ACL is called a VLAN access control list – VACL.

First configuration here is showing us how to configure a VACL that permits Telnet traffic to a host, which have the IP address 10.2.2.13,e and stopping all other traffic. In this example there is a vlan access-map named YESTOTELNET that is configured to match access list 120. For sequence number 10, the specified action is to forward traffic matching that access list. All other traffic is dropped because of a default implicit drop instruction, which drops all traffic not explicitly permitted. Finally, the VLAN filter (that is, the VACL) is applied to VLANs in the range 1 to 50.

Continue reading