Sunday, June 2, 2019

Spine and Leaf Practical Applications, OSPF

As covered in the previous post, base configuration of a spine-and-leaf fabric is actually pretty simple. This will be pretty short, but we'll cover the conversion of the previously built fabric to OSPF.

Here's the updated diagram: (YAML). As we move to a more full-fledged implementation, we'll do dual-stack.


The cleanup for this is as follows:


no router rip

From here, we can configure the router statements on all devices. It can be the same for all, because of the summarization performed while planning out the network.


router ospf 1
 ispf
 log-adjacency-changes
 nsf cisco
 network 10.6.0.0 0.0.0.255 area 0
 network 10.6.240.0 0.0.1.255 area 0
In a production environment you should add passive-interface default on the leafs if the ToR does not peer dynamic routing with anything sub-tending it.

Unsurprisingly, this just works. Now, to setup IPv6!

ospf-s0#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
ospf-s0(config)#ipv6?
% Unrecognized command
Well, it looks like IPv6 is not available until IOS 12.2.55. Let's use this network to upgrade it, by hooking up a TFTP server to leaf-1:

interface FastEthernet0/14
 no switchport
 ip address 10.66.0.1 255.255.255.0
!
router ospf 1
 network 10.66.0.1 0.0.0.0 area 0

We test reachability from the other leaf - this is a fully layer 3 switched path:

ospf-l0#ping 10.66.0.180

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.66.0.180, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
And then we copy it over TFTP:

ospf-s1#copy tftp flash:
Address or name of remote host []? 10.66.0.180
Source filename []? c3560-ipservicesk9-mz.122-55.SE6.bin
Destination filename [c3560-ipservicesk9-mz.122-55.SE6.bin]?
Accessing tftp://10.66.0.180/c3560-ipservicesk9-mz.122-55.SE6.bin...
Loading c3560-ipservicesk9-mz.122-55.SE6.bin from 10.66.0.180 (via FastEthernet0/23): !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
[OK - 12752912 bytes]

12752912 bytes copied in 201.133 secs (63405 bytes/sec)
Note that this, while a practical application, is still non-redundant.

UPGRADING INTENSIFIES

Now to implement IPv6 as follows: (YAML)

Note: We used ; instead of : due to a feature issue with drawthe.net. We're using /126 prefixes because this is on older equipment, which may not support /127 prefixes reliably.
On all devices, we need to enable ipv6 routing / OSPFv3:


ipv6 unicast-routing
ipv6 router ospf 2
 log-adjacency-changes

We then configure each device:

ospf-l0# configure terminal
interface Loopback0
 ip address 10.6.0.0 255.255.255.255
 ipv6 address FD00:6::/128
 ipv6 ospf 2 area 0
interface FastEthernet1/0/21
 no switchport
 ip address 10.6.241.1 255.255.255.254
 ipv6 address FD00:6:241::2/126
 ipv6 enable
 ipv6 ospf 2 area 0
interface FastEthernet1/0/24
 no switchport
 ip address 10.6.240.1 255.255.255.254
 ipv6 address FD00:6:240::2/126
 ipv6 enable
 ipv6 ospf 2 area 0

ospf-l1# configure terminal
interface Loopback0
 ip address 10.6.0.1 255.255.255.255
 ipv6 address FD00:6::1/128
 ipv6 ospf 2 area 0
interface FastEthernet0/22
 no switchport
 ip address 10.6.240.3 255.255.255.254
 ipv6 address FD00:6:240::6/126
 ipv6 enable
 ipv6 ospf 2 area 0
interface FastEthernet0/23
 no switchport
 ip address 10.6.241.3 255.255.255.254
 ipv6 address FD00:6:241::6/126
 ipv6 enable
 ipv6 ospf 2 area 0

ospf-s0# configure terminal
interface Loopback0
 ip address 10.6.0.240 255.255.255.255
 ipv6 address FD00:6::240/128
 ipv6 ospf 2 area 0
interface FastEthernet0/22
 no switchport
 ip address 10.6.240.2 255.255.255.254
 ipv6 address FD00:6:241::1/126
 ipv6 enable
 ipv6 ospf 2 area 0
interface FastEthernet0/24
 no switchport
 ip address 10.6.240.0 255.255.255.254
 ipv6 address FD00:6:240::1/126
 ipv6 enable
 ipv6 ospf 2 area 0

ospf-s1# configure terminal
interface Loopback0
 ip address 10.6.0.241 255.255.255.255
 ipv6 address FD00:6::241/128
 ipv6 ospf 2 area 0
interface FastEthernet0/21
 no switchport
 ip address 10.6.241.0 255.255.255.254
 ipv6 address FD00:6:241::1/126
 ipv6 enable
 ipv6 ospf 2 area 0
interface FastEthernet0/23
 no switchport
 ip address 10.6.241.2 255.255.255.254
 ipv6 address FD00:6:241::5/126
 ipv6 enable
 ipv6 ospf 2 area 0

From here, we test by initiating traffic from a subtending network on Leaf-1 to Leaf-0, and checking the routing tables:

ospf-l1#ping ipv6 fd00:6::

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FD00:6::, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/8 ms
ospf-l1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
O       10.6.0.0/32 [110/3] via 10.6.241.2, 00:03:58, FastEthernet0/23
                    [110/3] via 10.6.240.2, 00:03:58, FastEthernet0/22
C       10.6.0.1/32 is directly connected, Loopback0
O       10.6.240.0/31 [110/2] via 10.6.240.2, 00:03:58, FastEthernet0/22
O       10.6.0.240/32 [110/2] via 10.6.240.2, 00:03:58, FastEthernet0/22
O       10.6.241.0/31 [110/2] via 10.6.241.2, 00:03:58, FastEthernet0/23
O       10.6.0.241/32 [110/2] via 10.6.241.2, 00:03:58, FastEthernet0/23
C       10.6.240.2/31 is directly connected, FastEthernet0/22
C       10.6.241.2/31 is directly connected, FastEthernet0/23
ospf-l1#show ipv6 route
IPv6 Routing Table - Default - 11 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, R - RIP, D - EIGRP, EX - EIGRP external
       ND - Neighbor Discovery
       O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2
       ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
O   FD00:6::/128 [110/2]
     via FE80::216:C8FF:FE04:4741, FastEthernet0/22
     via FE80::223:4FF:FE42:F3C2, FastEthernet0/23
LC  FD00:6::1/128 [0/0]
     via Loopback0, receive
O   FD00:6::240/128 [110/1]
     via FE80::216:C8FF:FE04:4741, FastEthernet0/22
O   FD00:6::241/128 [110/1]
     via FE80::223:4FF:FE42:F3C2, FastEthernet0/23
O   FD00:6:240::/126 [110/2]
     via FE80::216:C8FF:FE04:4741, FastEthernet0/22
C   FD00:6:240::4/126 [0/0]
     via FastEthernet0/22, directly connected
L   FD00:6:240::6/128 [0/0]
     via FastEthernet0/22, receive
O   FD00:6:241::/126 [110/1]
     via FastEthernet0/22, directly connected
C   FD00:6:241::4/126 [0/0]
     via FastEthernet0/23, directly connected
L   FD00:6:241::6/128 [0/0]
     via FastEthernet0/23, receive
L   FF00::/8 [0/0]
     via Null0, receive
Note: technically we don't have to number the leaf-spine-leaf links in IPv6 with OSPFv3/RIP-ng/EIGRP, but that is a personal preference of mine to keep it consistent with future designs, and to allow for ease of troubleshooting.

As always, example configurations are here.

No comments:

Post a Comment

Using VM Templates and NSX-T for Repeatable Virtual Network Deployments

So far, we've provided the infrastructure for continuous delivery / continuous integration, but it's been for those other guys . Is ...