Wednesday, August 14, 2013

Force10 FTOS Architecture and Configuration - Day 1

Starting the Force10 FTOS Architecture and Configuration Course (5 Days - Train the Trainer)

Looks pretty much like the equivalent of the DCNI-2 Course from Cisco on the Cisco Nexus platform so far.  Not everything but I am speaking from my own memory.

So here it goes...

Lots to learn and I've been working on compliance training and other misc. training up till now.

Here's the Outline:

  1. Introduction
    1. Welcome
    2. Using this Material
    3. Course Introduction
    4. Goal
    5. Objectives
    6. Curriculum Delivery Method
    7. Prerequisites
    8. WIIFM
  2. Lab Information
      1. Lab Equipment
        • Equipment List
          • Switches
          • Serial Port Hubs
    1. Lab Information
    2. Lab Station Diagrams
      • Lab Equipment Logical Layout
  3. E-Classroom
    1. Force10 E-Classroom
  4. Appendices
    1. Instructor Materials
      • Z-Series Technical Overview
      • E-Series Technical Overview
      • C-Series Technical Overview
      • S-Series Technical Overview
      • CLI Basics
      • Lab: CLI Basic
      • Physical Interface Configuration
      • Port Channel Interface Configuration
      • VLAN Configuration
      • Lab: Interfaces
      • Basic Troubleshooting Tools
      • Using iSupport
      • Spanning Tree
      • Lab: MSTP
      • ACLs
      • Lab: ACLs
      • Management Tools
      • VRRP Configuration
      • Lab: VRRP
      • OSPF
      • Lab: OSPF
      • BGP
      • Lab: BGP
    2. Learner Materials
      • Lab: CLI Basic
      • Lab: Interfaces
      • Lab: MSTP
      • Lab: ACLs
      • Lab: VRRP
      • Lab: OSPF
      • Lab: BGP

Here's the physical diagram - to give an idea of the complexity of the course in question:

Here's a link to the Tolly Report for the Z-series

Got my F10 Partner account setup.
Got my Aruba Partner account setup.
Got my SonicWall Partner account setup.

I suppose I'll need to setup a Brocade/Foundry and F5 accounts too.  One thing at a time.

I setup my LearnDell account last night.

Dell/F10 - E-Series Questions and Answers:

 What are the 4 major switch/router products offered by Force10?

1. S-Series - TOR/Access Systems
2. C-Series - Aggregation Systems
3. E-Series - Core Systems
4. Z-Series - Distributed Core Systems

Name the 3 types of card modules for the E-Series?  What are their primary functions?
Describe the main performance features of each?

1. EtherScale (End of Life) - 1st Generation
2. TeraScale - 2nd Generation
3. ExaScale - 3rd Generation

RPM - Route Processor Modules
LineCards - Support Various Interface Types
SFM - Switch Fabric Modules

What is an Epoch? Why is it important?

An Epoch is a concept that identifies a set of multiple clock cycles.  An Epoch is important because it defines a certain amount of data will be transmitted from the iBTM through the SF to the eBTM. Multiple packets to the same destination are segmented and during an Epoch.

Describe how control traffic vs. data traffic is switched across the backplane in a TeraScale system

Control Traffic:

1. Packet arrives containing Ethernet and IP headers
2. FPC parses packet for ingress port ID and header bytes
3. Provides new Ethernet Header, incl VLAN ID, if req. and egress port ID
4. Prepends F10 header and sends packet to iBTM
5. iBTM queues packet to SDRAM, performs ingress QoS and notifies BSC of packet arrival
6. When output port-pipe is available, iBTM retrieves packet from SDRAM and sends to RPM via SFM
7. eBTM on RPM receives packets, applies any Loopback ACLs and forwards to CPU
8. Control traffic is processed by one of the CPUs and FIBs on all CAMs are updated, if necessary

Data Traffic:

TERASCALE PACKET WALKTHROUGH – transit packet with learned L2 headers and learned L3 destination IP address

1. The packet comes from wire and hits the FPC.
2. The FPC does lookup to CAM/FIB and says it is destined for a given MAC/IP Address, then packet F10 header appended. To do that I need to go to “this” egress port on the port pipe.
3. The FPC passes it to the BTM where resides in BTM RAM and BSC says it is clear to send to the backplane, which the packet is then sent to.
4. iBTM -> SF -> eBTM. Hit RAM on eBTM, feed to FPC, hit CAM one last time and the packet is sent out. Note that there is no need to hit the RPM because the entry is already there.

Describe how control traffic vs. data traffic is switched across the backplane in an ExaScale system

Control Traffic ARP Request:

1. ARP packet is received on 10-GE interface.
2. The packet hits the Layer 2 FIB and…
3. Gets multicast to all ports, including all 3 RPM CPUs.
4. CP, RP1 and RP2 learn the ARP address.
5. RP2 responds with an ARP response packet.
6. RP2 responds with an ARP response packet
7. Which travels from the RPM to the line card switch
8. To the iFPTM
9. To the SF3 over the switch fabric to another port pipe
10. To the eFPTM, and
11. Then through the front-panel port

Data Traffic:

1. Data packet is received on the input interface
2. The packet hits the Ingress FPTM
3. Table lookup provides egress port information
4. The packet gets switched through the switch fabric to the egress port-pipe where the egress port resides.
5. The packet arrives at egress FPTM. Egress Table lookup is performed
6. Packet is sent out of the egress port

Lippis Report for the Dell/F10 S-Series TOR S4810 Switch

The really kewl thing about the FTOS for me is that most of my Cisco IOS CLI is mostly the same - more or less.  I noticed the same similarities back when I worked with Foundry, Adtran, and that other switching platform I did not too long ago...  It's on the tip of my tongue.

Some strangeness like this:

In the Layer 2 protocols, the no disable command syntax allows you to enable the protocol because the protocols are disabled by default. For example, in the PROTOCOL SPANNING TREE mode, the protocol is not enabled by default and you must enter no disable to begin operation of spanning tree protocol.
For terminal monitor, you need to enter the command run terminal no monitor, instead of no terminal monitor.

Some kewlness like: ignore case command

Lots more bells and whistles for some commands:

crypto key generate: Generate keys for the SSH server

debug ip ssh: Enables collecting SSH debug information

ip ssh authentication-retries: Configure the maximum number of attempts that should be used to authenticate a user

ip ssh connection-rate-limit: Configure the maximum number of incoming SSH connections per minute

ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server

ip ssh key-size: Configure the size of the server-generated RSA SSHv1 key

ip ssh password-authentication enable: Enable password authentication for the SSH server

ip ssh pub-key-file: Specify the file to be used for host-based authentication

ip ssh rhostsfile: Specify the rhost file to be used for host-based authorization

ip ssh rsa-authentication enable: Enable RSA authentication for the SSHv2 server

ip ssh rsa-authentication: Add keys for the RSA authentication

show crypto: Display the public part of the SSH host-keys

show ip ssh client-pub-keys: Display the client public keys used in host-based authenticatio.

show ip ssh rsa-authentication: Display the authorized-keys for the RSA authentication

ssh-peer-rpm: Open an SSH connection to the peer RPM

I love extended Ping on Cisco and am greatly pleased to be able to use it on Force10 FTOS too!!!

Force10# ping
Type Ctrl-C to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100.0 percent (5/5), round-trip min/avg/max = 0/0/0 (ms)
Force10# ping
Target IP address   :
Repeat Count [5]    :
Datagram size [100] :
Timeout in secs [2] :
Extended commands [n] : y
Source address or interface :
Type of service [0]     :
Set DF bit in IP header [n] :
Validate reply data [n] :
Data pattern [0xABCD]   :
Sweep range of sizes [n]:
Type Ctrl-C to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:
Success rate is 100.0 percent (5/5), round-trip min/avg/max = 0/0/0 

No comments: