Professional Documents
Culture Documents
The above topology is STP-only. Before we dive into the configuration, lets
check out the current VLAN database and Spanning-Tree on N7K3. Well take
a look at this again in a few minutes.
VLANs and Spanning-Tree
N7K3# show vlan
VLAN Name
Status Ports
---- -------------------------------- --------- ------------------------------1 default
active Eth4/13, Eth4/14, Eth4/15
Eth4/16
40 VLAN0040
active Eth4/13, Eth4/14, Eth4/15
Eth4/16
50 VLAN0050
active Eth4/13, Eth4/14, Eth4/15
Eth4/16
60 VLAN0060
active Eth4/13, Eth4/14, Eth4/15
Eth4/16
70 VLAN0070
active Eth4/13, Eth4/14, Eth4/15
Eth4/16
80 VLAN0080
active Eth4/13, Eth4/14, Eth4/15
Eth4/16
VLAN Type
Vlan-mode
---- -------------1 enet
CE
40 enet
CE
50 enet
CE
60 enet
CE
70 enet
CE
80 enet
CE
Remote SPAN VLANs
------------------------------------------------------------------------------Primary Secondary Type
Ports
------- --------- --------------- ------------------------------------------N7K3# show spanning-tree vlan 40,50
VLAN0040
Spanning tree enabled protocol rstp
Root ID Priority 24616
Address
e8ed.f339.4f44
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
FabricPath Topology
Our end-goal will look like this, with FabricPath running between the N7Ks,
and Classical Ethernet running to the bottom two switches.
FabricPath Configuration
Install the feature-set in the Admin VDC
ADMIN# conf t
ADMIN(config)# install feature-set fabricpath
Notice this automatically allows the feature-set in the VDC
vdc N7K3 id 4
limit-resource module-type m2xl f2e
allow feature-set fabricpath
Enable the FabricPath feature-set on the switches/VDCs
N7K3# conf t
N7K3(config)# feature-set fabricpath
N7K4# conf t
N7K4(config)# feature-set fabricpath
N7K5# conf t
N7K5(config)# feature-set fabricpath
N7K6# conf t
N7K6(config)# feature-set fabricpath
Notice the default configuration of FabricPath
N7K3# show run fabricpath
!Command: show running-config fabricpath
!Time: Sun Aug 3 20:01:52 2014
version 6.2(6)
feature-set fabricpath
fabricpath domain default
All weve done so far is enable the FabricPath feature-set. Notice below that
we are already assigned a SID (switch-ID). This is a 12-bit address
dynamically assigned via DRAP (Dynamic Resource Allocation Protocol),
which is used for identifying the switch in the FabricPath domain.
The system-id is the MAC of the switch or VDC (verify with show vdc internal
mac_address_table on the Admin VDC)
N7K3# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
'[E]' - local Emulated Switch-id
'[A]' - local Anycast Switch-id
Total Switch-ids: 1
==============================================
===============================
SWITCH-ID
SYSTEM-ID
FLAGS
STATE STATIC EMULATED/
ANYCAST
--------------+----------------+------------+-----------+-------------------* 370
e8ed.f339.4f44 Primary
Confirmed No
No
N7K4(config)# show fabricpath s
static
switch-id system-id
N7K4(config)# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
'[E]' - local Emulated Switch-id
'[A]' - local Anycast Switch-id
Total Switch-ids: 1
==============================================
===============================
SWITCH-ID
SYSTEM-ID
FLAGS
STATE STATIC EMULATED/
ANYCAST
--------------+----------------+------------+-----------+-------------------* 327
e8ed.f339.4e44 Primary
Confirmed No
No
N7K5(config)# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
'[E]' - local Emulated Switch-id
'[A]' - local Anycast Switch-id
Total Switch-ids: 1
==============================================
===============================
SWITCH-ID
SYSTEM-ID
FLAGS
STATE STATIC EMULATED/
ANYCAST
--------------+----------------+------------+-----------+-------------------* 104
e8ed.f339.4f45 Primary
Confirmed No
No
N7K6(config)# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: '*' - this system
'[E]' - local Emulated Switch-id
'[A]' - local Anycast Switch-id
Total Switch-ids: 1
==============================================
===============================
SWITCH-ID
SYSTEM-ID
FLAGS
STATE STATIC EMULATED/
ANYCAST
--------------+----------------+------------+-----------+-------------------* 76
e8ed.f339.4e45 Primary
Confirmed Yes
No
As you can see, these SIDs are a little all over the place. We can statically
configure these so theyre easier to recognize in the FabricPath domain.
Configure Static FabricPath Switch-ID
N7K3(config)# fabricpath switch-id 73
N7K3(config)# show fabricpath switch-id local
Switch-Id: 73
System-Id: e8ed.f339.4f44
N7K4(config)# fabricpath switch-id 74
N7K4(config)# show fabricpath switch-id local
Switch-Id: 74
System-Id: e8ed.f339.4e44
N7K5(config)# fabricpath switch-id 75
N7K5(config)# show fabricpath switch-id local
Switch-Id: 75
System-Id: e8ed.f339.4f45
N7K6(config)# fabricpath switch-id 76
N7K6(config)# show fabricpath switch-id local
Switch-Id: 76
System-Id: e8ed.f339.4e45
Notice we can already run this command to look at the IS-IS adjacencies,
which will be used to build our MAC-in-MAC routing topology and shortest
path tree.
N7K6(config)# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID
SNPA
Level State Hold Time Interface
Nothing yet, so lets bring up some interfaces and look again. First well
configure FabricPath on all the layer-2 interfaces on N7K3 and N7K4.
Configure FabricPath switchports
N7K3(config)# int e4/13-16
N7K3(config-if-range)# switchport mode fabricpath
N7K4(config)# int e4/13-16
N7K4(config-if-range)# switchport mode fabricpath
2014 Aug 3 20:09:13 N7K3 %ISIS_FABRICPATH-5-ADJCHANGE:
isis_fabricpath-default [30986] P2P adj L1 e8ed.f339.4e44 over Ethernet4/13
- DOWN (New) on MT-0
2014 Aug 3 20:09:13 N7K3 %ISIS_FABRICPATH-5-ADJCHANGE:
isis_fabricpath-default [30986] P2P adj L1 e8ed.f339.4e44 over Ethernet4/13
- UP on MT-0
2014 Aug 3 20:09:14 N7K3 %ISIS_FABRICPATH-5-ADJCHANGE:
isis_fabricpath-default [30986] P2P adj L1 e8ed.f339.4e44 over Ethernet4/14
- DOWN (New) on MT-0
* 50
0000.5e00.0132 static
F F 73.0.4325
G
- e8ed.f339.4e44 static
F F 0.0.0(R)
G 40
e8ed.f339.4e44 static
F F sup-eth1(R)
G 50
e8ed.f339.4e44 static
F F sup-eth1(R)
We now see that traffic to 0000.0c07.ac28 will be FabricPath encapsulated
with the frame directed towards Switch-ID 73, sub-Switch-ID 0 (used in vPC),
and Local ID 4325 (FabricPath edge port the frame will be forwarded on).
Note: SID and SWID are used interchangeably to represent Switch-ID.
Next lets bring up the FabricPath interfaces on N7K5 and N7K6 that are
facing N7K3 and N7K4
N7K5(config)# int e4/17-18
N7K5(config-if-range)# switchport mode fabricpath
N7K6(config)# int e4/17-18
N7K6(config-if-range)# switchport mode fabricpath
N7K5# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID
SNPA
Level State Hold Time Interface
N7K3
N/A
1
UP
00:00:28 Ethernet4/17
N7K4
N/A
1
UP
00:00:27 Ethernet4/18
N7K6# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID
SNPA
Level State Hold Time Interface
N7K4
N/A
1
UP
00:00:29 Ethernet4/17
N7K3
N/A
1
UP
00:00:31 Ethernet4/18
N7K3# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID
SNPA
Level State Hold Time Interface
N7K4
N/A
1
UP
00:00:29 Ethernet4/13
N7K4
N/A
1
UP
00:00:30 Ethernet4/14
N7K5
N/A
1
UP
00:00:23 Ethernet4/15
N7K6
N/A
1
UP
00:00:30 Ethernet4/16
N7K4# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID
SNPA
Level State Hold Time Interface
N7K3
N/A
1
UP
00:00:29 Ethernet4/13
N7K3
N/A
1
UP
00:00:26 Ethernet4/14
N7K6
N/A
1
UP
00:00:31 Ethernet4/15
N7K5
N/A
1
UP
00:00:28 Ethernet4/16
We have adjacencies! Next step is to actually configure VLANs to run in
FabricPath mode.
Configure FabricPath VLANs on N7K3 and N7K4
: 20
: 20
: peer link is down
(Peer-link is not in fabricpath
mode for vPC+)
vPC keep-alive status
: peer is alive
vPC fabricpath status
: peer is reachable through fabricpath
Configuration consistency status : success
Per-vlan consistency status
: success
Type-2 consistency status
: success
vPC role
: primary
Number of vPCs configured
:2
Peer Gateway
: Disabled
Dual-active excluded VLANs
:Graceful Consistency Check
: Enabled
Auto-recovery status
: Enabled (timeout = 240 seconds)
Fabricpath load balancing
: Disabled
Port Channel Limit
: limit to 244
74
e8ed.f339.4e44 Primary
Confirmed Yes
No
75
e8ed.f339.4f45 Primary
Confirmed Yes
No
* 76
e8ed.f339.4e45 Primary
Confirmed Yes
No
We have Emulated Switch-IDs that identify the vPC+ switches. Youll see a
single emulated switch-id with two system-IDs that match the actual vPC
peers.
Since we did not configure all interfaces on N7K5 and N7K6 as mode
fabricpath, we must still run spanning-tree for the classical ethernet ports.
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
isis_fabricpath-default
single parameter in our flow selector that a different interface is chosen for
the ECMP.
N7K3# show fabricpath load-balance
ECMP load-balancing configuration:
L3/L4 Preference: Mixed
Hash Control: Symmetric
Rotate amount: 1 bytes
Use VLAN: TRUE
Ftag load-balancing configuration:
Hash Control: Symmetric
Rotate amount: 1 bytes
Use VLAN: TRUE
N7K3(config)# interface Ethernet4/13
N7K3(config-if)# no fabricpath isis metric 100
N7K3# show fabricpath load-balance unicast forwarding-path ftag 1
switchid 74 flow-type l3 src-ip 1.1.1.1 dst-ip 2.2.2.2 vlan 40 module
4
This flow selects interface Eth4/13
N7K3# show fabricpath load-balance unicast forwarding-path ftag 1
switchid 74 flow-type l3 src-ip 1.1.1.1 dst-ip 2.2.2.3 vlan 40 module
4
This flow selects interface Eth4/14
FabricPath Authentication
What would a routing protocol be without authentication? We have two forms
of authentication with FabricPath. First we have interface authentication,
which is the actual hello adjaceny authentication
N7K3(config)# key chain FPKEY
N7K3(config-keychain)# key 1
N7K3(config-keychain-key)# key-string FPKEY
N7K3(config-keychain-key)# exit
N7K3(config)# int e4/13-14
N7K3(config-if-range)# fabricpath isis authentication-type md5
N7K3(config-if-range)# fabricpath isis authentication key-chain FPKEY
2014 Aug 3 23:04:48 N7K3 %ISIS_FABRICPATH-5-ADJCHANGE:
isis_fabricpath-default [30986] P2P adj L1 N7K4 over Ethernet4/14 - DOWN
(Hold timer expired) on MT-0
1
0
40
no
UP
The next form of authentication we have is FabricPath domain authentication
which enforces authentication of the actual IS-IS LSPs. Authentication here
will prevent routes from being learned, however, we can still form
adjacencies even when the domain authentication is mismatched.
N7K3(config)# fabricpath domain default
N7K3(config-fabricpath-isis)# authentication-type md5
N7K3(config-fabricpath-isis)# authentication key-chain FPKEY
Notice authentication is enabled
N7K3# show fabricpath isis
Fabricpath IS-IS domain : default
System ID : e8ed.f339.4f44 IS-Type : L1 Fabric-Control SVI: Unknown
SAP : 432 Queue Handle : 17
Maximum LSP MTU: 1492
Graceful Restart enabled. State: Inactive
Last graceful restart status : none
Graceful Restart holding time:60
Metric-style : advertise(wide), accept(wide)
Start-Mode: Complete [Start-type configuration]
Area address(es) :
00
Process is up and running
CIB ID: 1
Interfaces supported by Fabricpath IS-IS :
Ethernet4/13
Ethernet4/14
Ethernet4/15
Ethernet4/16
Level 1
Authentication type: MD5
Authentication keychain: FPKEY Authentication check specified
LSP Lifetime: 1200
L1 LSP GEN interval- Max:8000 Initial:50
Second:50
L1 SPF Interval- Max:8000
Initial:50
Second:50
MT-0 Ref-Bw: 400000
Max-Path: 16
Address family Swid unicast :
Number of interface : 4
Distance : 115
L1 Next SPF: Inactive
We have adjacencies, but we can no longer see Switch-IDs
N7K3# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID
SNPA
Level State Hold Time Interface
e8ed.f339.4e44 N/A
1
UP
00:00:25 Ethernet4/13
e8ed.f339.4e44 N/A
1
UP
00:00:33 Ethernet4/14
e8ed.f339.4f45 N/A
1
UP
00:00:25 Ethernet4/15
e8ed.f339.4e45 N/A
1
UP
00:00:29 Ethernet4/16
We no longer have routes
N7K3# show fabricpath route
FabricPath Unicast Route Table
'a/b/c' denotes ftag/switch-id/subswitch-id
'[x/y]' denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default
0/73/0, number of next-hops: 0
via ---- , [60/0], 1 day/s 02:15:27, local
Once we configure the other switches with domain authentication, our
adjacency tables will populate the SIDs, and our route tables will build.
N7K3# sho fab isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID
SNPA
Level State Hold Time Interface
N7K4
N/A
1
UP
00:00:33 Ethernet4/13
N7K4
N/A
1
UP
00:00:24 Ethernet4/14
N7K5 N/A
1
UP
00:00:22 Ethernet4/15
N7K6 N/A
1
UP
00:00:26 Ethernet4/16
Full Sample config
As promised, here is a full sample config, N7K3 and N7K4 are configured for
authentication. N7K5 and N7K6 are running vPC+ FabricPath.
N7K3# sh run fabricpath
feature-set fabricpath
vlan 40,50
mode fabricpath
fabricpath switch-id 73
interface Ethernet4/13
fabricpath isis authentication-type md5
fabricpath isis authentication key-chain FPKEY
switchport mode fabricpath
interface Ethernet4/14
fabricpath isis authentication-type md5
mode fabricpath
fabricpath switch-id 75
vpc domain 20
fabricpath switch-id 20
interface port-channel20
switchport mode fabricpath
interface Ethernet4/17
switchport mode fabricpath
interface Ethernet4/18
switchport mode fabricpath
interface Ethernet4/19
switchport mode fabricpath
interface Ethernet4/20
switchport mode fabricpath
fabricpath domain default
N7K6# sh run fabricpath
feature-set fabricpath
vlan 40,50
mode fabricpath
fabricpath switch-id 76
vpc domain 20
fabricpath switch-id 20
interface port-channel20
switchport mode fabricpath
interface Ethernet4/17
switchport mode fabricpath
interface Ethernet4/18
switchport mode fabricpath
interface Ethernet4/19
switchport mode fabricpath
interface Ethernet4/20
switchport mode fabricpath
fabricpath domain default