Changes between Version 1 and Version 2 of Internal/OpenFlow/OrbitSwitches/sw-top


Ignore:
Timestamp:
Jun 12, 2010, 10:07:06 PM (14 years ago)
Author:
akoshibe
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Internal/OpenFlow/OrbitSwitches/sw-top

    v1 v2  
    22This is the root switch to the Orbit network.That also includes firewall and Internal switch ports. 
    33
    4 == Legacy switch layout ==
     4== Top Switch layout ==
     5 * Public VLANs (VLAN 50) - 4 ports (DMZ, 2 planet lab, firewall out)
     6 * Firewall feed - 4 ports (to ASA)
     7 * Internal (VLAN 2) - 10 ports
     8 * Legacy sw-top VLANs - 16 ports
    59
    6 VLAN 50 is the publicly exposed VLAN - 4 ports (DMZ, 2 planet lab, firewall out)
    7 VLAN 1001-1005 - Cisco associated (ignore)
    8 9,10- not used
    9 
    10 ports can be divided up into 3 groups
    11 
     10Legacy sw-top ports refer to the following three categories:
    1211 1. Infrastructure - Not really visible to user - Aruba, Internal, Instrumental ect - VLANs 1-6 
    1312 2. Experimental - Pertains to Grid, outdoor, Sandboxes - VLANs 7,8,11-38
    1413 3. Public - Visible from outside - VLAN 50
    1514
    16 == IP8800 sw-top layout ==
     15The legacy sw-top inludes following non-used VLANs, which are ignored for the IP8800 sw-top configs:
     16 * VLAN 1001-1005 - Cisco associated
     17 * 9,10 - not used for any ORBIT services
    1718
    18 We want to combine the internal, firewall feed, and top switch port configs onto one NEC IP8800. The ports that comprise this  setup are:
    19 
    20  1. 4 VLAN 50 ports (ports 1-4)
    21  1. 4 firewall ports (only 3 actually needed to go into ASA)
    22  1. 10 Internal (VLAN 2) Ports
    23  1. 16 Top switch ports (Assorted, originally 20 including 4 VLAN 50 ports)
    24 
    25  
     19== VLANs ==
     20||Port(s)||VLAN(s)||functions||
     21||0/1–4 ||50||Publicly visible - access ports||
     22||'''firewall'''||
     23||0/7||50||Public connection - trunk||       
     24||0/8||7,8||Grid Data and Control||
     25||0/9||1-6||Main Subnets||                 
     26||0/10||11-38||SandBox 1-9||
     27||'''Infrastructural VLAN trunks'''||||Network services hidden from Users||
     28||0/13-22 ||2||Internal access ports
     29||0/29,30 ||1,2||Internal (1)||
     30||0/31||1,3||CM||                           
     31||0/32||1,4,5||Aruba, Instrumental||           
     32||0/33||1,6||DMZ||                           
     33||0/34||1-6||Main Subnets||
     34||'''Testbed VLAN trunks'''||||(Grid, SB 1-9)||
     35||0/37||1,3,29,30||CM, Outdoor Data and Ctrl||
     36||0/38||1,7,31:2:37||Grid and VGrid Ctrl||       
     37||0/39||1,8||Grid Data||                 
     38||0/40||7,8||Grid Data and Ctrl||       
     39||0/41||1,6-8||DMZ, Grid Data and Ctrl||   
     40||0/42||11-48||Unknown||                   
     41||0/43||1,11-38||Testbed Data and Ctrl||     
     42||0/44||1,3,11-38||CM, Testbed Data and Ctrl||
     43||'''Master Trunk connections'''||||Encompass all VLANs on switch||
     44||0/47||1||Access Net||
     45||0/48||1-38||Master Trunk||
     46 
     47== Legacy Configurations ==
    2648references (these are in Japanese):
    2749
     
    3052 * vlan context specs: http://www.nec.co.jp/ip88n/s36_sw/html/cfref/cfref-chap11-22.html
    3153
    32 === Creating VLANs ===
    33 
    34 < A table of the vlans coming up soon. >
    35 
    36 === Associating VLANs with ports ===
    37 
    38 Now that you have properly named VLANs, you can associate them with ports.
    39 
    40 <<here will be the diagram of the switchports layout of the configs.>>
    41 
    42 first, the 4 publically visible VLAN 50 ports:
    43 {{{
    44 (config)# int range gi 0/1-4
    45 (config-if-range)# switchport access vlan 50
    46 }}}
    47 
    48 Then, the firewall ports feeding the VLANs into the ASA; These are specialized trunk ports:
    49 
    50  * geth0/7 - VLAN 50
    51  * geth0/8 - VLANs 1-6
    52  * geth0/9 - VLANs 7,8
    53  * geth0/10 - VLANs 11-38
    54 
    55 The commands to make this happen are the following. First make four ports into trunk ports using the 'interface range' context:
    56 {{{
    57 (config)# int ran gi 0/7-10
    58 (config-if-range)# sw mo tru
    59 !(config-if-range)#
    60 }}}
    61 
    62 Then, specify allowed VLANs for each port. This is according to the list above.
    63 {{{
    64 !(config-if-range)# ##geth0/7 - VLAN 50##
    65 !(config-if-range)# interface gigabitethernet 0/7
    66 !(config-if)# swi trunk allowed vlan 50
    67 !(config-if)# ##geth0/8 - VLANs 1-6##
    68 !(config-if)# interface gi 0/8
    69 !(config-if)# swi trunk allow vlan 1-6
    70 !(config-if)# ##geth0/9 - VLANs 7,8##
    71 !(config-if)# interface gi 0/9
    72 !(config-if)# swi tru all vl 7,8
    73 !(config-if)# ##geth0/10 - VLANs 11-37##
    74 !(config-if)# interface gi 0/10
    75 !(config-if)# swi tru all vl 11-38
    76 !(config-if)# save
    77 (config-if)# exit
    78 }}}
    79 
    80 the configuration results:
    81 {{{
    82 (config)# int ran gi 0/7-10
    83 (config-if-range)# sh
    84 interface gigabitethernet 0/7
    85   switchport mode trunk
    86   switchport trunk allowed vlan 50
    87 !
    88 interface gigabitethernet 0/8
    89   switchport mode trunk
    90   switchport trunk allowed vlan 1-6
    91 !
    92 interface gigabitethernet 0/9
    93   switchport mode trunk
    94   switchport trunk allowed vlan 7-8
    95 !
    96 interface gigabitethernet 0/10
    97   switchport mode trunk
    98   switchport trunk allowed vlan 11-38
    99 !
    100 }}}
    101 
    102 Next, the 10 Internal ports; These are regular switchports all associated to VLAN 2.
    103 {{{
    104 (config)# int ran gi 0/13-22
    105 (config-if-range)# sw mo dot1q-tunnel
    106 !(config-if-range)# sw acc vlan 2
    107 }}}
    108 
    109 Finally, the sw_top configurations; This is perhaps the most complicated part. the ports will be configured from 0/48 to leave ample space between the Internal ports and these ports, which are all specialized trunk ports (we won't want people to accidentally be able to plug into them!). 
    110 
    111 
    112 organizing them:
    113 
    114  Infrastructure VLANs                                   
    115  ||port ||VLANs         ||Description                   ||
    116  ||0/29 ||1,2           ||Internal (1)                  ||
    117  ||0/30 ||1,2           ||Internal (2)                  ||
    118  ||0/31 ||1,3           ||CM                            ||
    119  ||0/32 ||1,4,5         ||Aruba, Instrumental           ||
    120  ||0/33 ||1,6           ||DMZ                           ||
    121  ||0/34 ||1-6           ||Main Subnets                  ||
    122  
    123  Testbed VLANs                                 
    124  ||0/37 ||1,3,29,30     ||CM, Outdoor Data and Ctrl     ||
    125  ||0/38 ||1,7,31:2:37   ||Grid and VGrid Ctrl           ||
    126  ||0/39 ||1,8           ||Grid Data                     ||
    127  ||0/40 ||7,8           ||Grid Data and Ctrl            ||
    128  ||0/41 ||1,6-8         ||DMZ, Grid Data and Ctrl       ||
    129  ||0/42 ||11-48         ||??                            ||
    130  ||0/43 ||1,11-38       ||Testbed Data and Ctrl         ||
    131  ||0/44 ||1,3,11-38     ||CM, Testbed Data and Ctrl     ||
    132  
    133  Master Trunk                                           
    134  ||0/47 ||1             ||Access Net                    ||
    135  ||0/48 ||1-38          ||Master Trunk                  ||
    136 
    137 === killing Spanning Tree ===
    138 Spanning Tree Protocol should be disabled. Both PVST and PVST+ count as spanning tree.
    139 
    140 {{{
    141 !(config)# no spanning-tree vlan 3,7,8,11-38
    142 !(config)# save
    143 }}}
    144