Data Center

FabricPath

Today’s topic is Fabricpath and Conversational MAC address learning. We will also discuss how Fabricpath overcomes the limitation of traditional Spanning Tree Protocol (STP).
To start with, let me first point out the limitations of STP and why the need of new technology. (Assuming you already have basic understanding of how STP works.)

Spanning Tree Protocol:

  • STP is a Layer 2 protocol running on Bridges / Switches and is specified as IEEE 802.1D.
  • It ensures that there are no loops when you have redundant paths in the network.
  • However in the process, one of the link is blocked and does not participate in forwarding until unless active link has failed. So one link is not even being utilized and cant be used for ECMP even if one link is congested.
  • Apart from ECMP disability, poor convergence and unnecessary MAC flooding are also the disadvantages of STP.
  • As every link counts in the Data Center environment and cannot afford getting one of the link being overutilized when another link is lying down without any traffic.

Fabricpath:

Fabricpath is a Layer 2 routing also known as MAC-in-MAC routing. IS-IS is run in the background to maintain the control plane for Unicast and BUM (Broadcast, unknown unicast and multicast) traffic.
** You must have an F Series module installed in your Nexus 7000 Series chassis in order to run FabricPath and conversational learning.

FabricPath Terminology
Classic Ethernet – By default Vlan mode is CE, until unless fabricpath is not configured. It runs traditional STP
Leaf Switch – This is the edge switch that connects to the CE domain, everything connects to the leaf switches.
Spine Switch – This is the backbone switch, all ports are fabricpath ports.
FabricPath Core Ports – Ports that connects  the leaf switches to the spine or the spine switches to each other.
CE Edge Ports – Ports that connect the CE domain to the Leaf switches.

The FabricPath feature provides the following:

  1. Allows Layer 2 multipathing in the FabricPath network.
  2. Provides built-in loop prevention and mitigation with no need to use the Spanning Tree Protocol (STP).
  3. Provides a single control plane for unknown unicast, unicast, broadcast, and multicast traffic.
  4. Enhances mobility and virtualization in the FabricPath network.

Working of fabricpath:

  • When a frame enters the FabricPath network from a Classical Ethernet (CE) network, the ingress interface encapsulate the frame with a FabricPath header.
  • The system builds paths, called trees, through the FabricPath network and assigns a forwarding tag (FTag) by flow to all the traffic in the FabricPath network.
  • When the frame leaves the FabricPath network to go to a CE network, the egress interface decapsulates the frame and leaves the regular CE header.
  • The underlying protocol is IS-IS which is used to advertise the routes from Leaf to Leaf via Spines. This is completely different from Layer-3 ISIS routing protocol. No configuration is required to run Layer-2 ISIS. It is automatically triggered once fabricpath is configured on the interface.

Conversational MAC address learning:

The type of MAC address learning (Traditional or Conversational) is dependent on the VLAN configuration.Each interface only learn those MAC address for interested hosts, rather all the addresses in the domain.If a switch receives a frame and that destination address is known to the switch, in that case only it will learn the source MAC address and store it in table.This saves the CAM resources and optimizes the control plane.

Topology used:

Topology

Steps:

1. Activate the feature fabricpath on all the devices:

Spine-1(config)# install feature-set fabricpath
Spine-1(config)# feature-set fabricpath
Spine-2(config)#     install feature-set fabricpath
Spine-2(config)#     feature-set fabricpath
Leaf-1(config)#     install feature-set fabricpath
Leaf-1(config)#     feature-set fabricpath
Leaf-2(config)#     install feature-set fabricpath
Leaf-2(config)#     feature-set fabricpath

2. Once the fabricpath is installed, auto generated switch id is assigned to the device. This is a 12-bit address dynamically assigned via DRAP (Dynamic Resource Allocation Protocol), which is used for identifying the switch in the FabricPath domain.

Spine-1(config)# show fabricpath switch-id local
Switch-Id: 2316
System-Id: 5001.0001.002f
Spine-2(config)# show fabricpath switch-id local
Switch-Id: 2544
System-Id: 5001.0002.002f

Leaf-1(config)# show fabricpath switch-id local
Switch-Id: 267
System-Id: 5001.0003.002f

Leaf-2(config)# show fabricpath switch-id local
Switch-Id: 1196
System-Id: 5001.0004.002f

The system-id is the MAC address of the switch. In order to easily identify the switch in network, we generally do manual assignment for the switch-id.

** Assigned Switch-Id 1 to Spine-1 **

Spine-1(config)# fabricpath switch-id 1
Spine-1(config)# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: ‘*’ – this system
‘[E]’ – local Emulated Switch-id
‘[A]’ – local Anycast Switch-id
Total Switch-ids: 1
=======================================================
SWITCH-ID      SYSTEM-ID       FLAGS         STATE    STATIC  EMULATED/ANYCAST
————–+—————-+————+———–+——————–
*   1           5001.0001.002f    Primary     Confirmed Yes     No       >>>>> * means this is the local switch

Spine-2(config)# fabricpath switch-id 2

Leaf-1(config)# fabricpath switch-id 3

Leaf-2(config)# fabricpath switch-id 4

3. Configure interfaces to work in fabricpath switchport mode. Once you enable this, ISIS will automatically run between devices and we can see adjacencies being formed.

Spine-1# sh run int e2/1-2
interface Ethernet2/1
switchport
switchport mode fabricpath
no shutdown

interface Ethernet2/2
switchport
switchport mode fabricpath
no shutdown

Spine-1# sh run int e2/4
interface Ethernet2/4
switchport
switchport mode fabricpath
no shutdown

Spine-1# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID       SNPA            Level  State  Hold Time  Interface
Leaf-1          N/A             1      UP     00:00:25   Ethernet2/1
Leaf-2          N/A             1      UP     00:00:24   Ethernet2/2
Spine-2         N/A             1      UP     00:00:25   Ethernet2/4

Spine-2# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID       SNPA            Level  State  Hold Time  Interface
Leaf-1          N/A             1      UP     00:00:22   Ethernet2/1
Leaf-2          N/A             1      UP     00:00:28   Ethernet2/2
Spine-1         N/A             1      UP     00:00:25   Ethernet2/4

Leaf-1# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID       SNPA            Level  State  Hold Time  Interface
Spine-1         N/A             1      UP     00:00:25   Ethernet2/1
Spine-2         N/A             1      UP     00:00:27   Ethernet2/2
Leaf-2          N/A             1      UP     00:00:24   Ethernet2/5

Leaf-2# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID       SNPA            Level  State  Hold Time  Interface
Spine-1         N/A             1      UP     00:00:29   Ethernet2/1
Spine-2         N/A             1      UP     00:00:31   Ethernet2/2
Leaf-1          N/A             1      UP     00:00:25   Ethernet2/5

Ports

 

4. Now as the adjacency is formed, we can see the neighbor’s switch-id as well:

Spine-1# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: ‘*’ – this system
‘[E]’ – local Emulated Switch-id
‘[A]’ – local Anycast Switch-id
Total Switch-ids: 4
==========================================================
SWITCH-ID      SYSTEM-ID       FLAGS         STATE    STATIC  EMULATED/ANYCAST
————–+—————-+————+———–+——————–
*   1           5001.0001.002f    Primary     Confirmed Yes     No
2           5001.0002.002f    Primary     Confirmed Yes     No
3           5001.0003.002f    Primary     Confirmed Yes     No
4           5001.0004.002f    Primary     Confirmed Yes     No

Spine-2# show fabricpath switch-id
1           5001.0001.002f    Primary     Confirmed Yes     No
*   2           5001.0002.002f    Primary     Confirmed Yes     No
3           5001.0003.002f    Primary     Confirmed Yes     No
4           5001.0004.002f    Primary     Confirmed Yes     No

Leaf-1# show fabricpath switch-id
1           5001.0001.002f    Primary     Confirmed Yes     No
2           5001.0002.002f    Primary     Confirmed Yes     No
*   3           5001.0003.002f    Primary     Confirmed Yes     No
4           5001.0004.002f    Primary     Confirmed Yes     No

Leaf-2# show fabricpath switch-id
1           5001.0001.002f    Primary     Confirmed Yes     No
2           5001.0002.002f    Primary     Confirmed Yes     No
3           5001.0003.002f    Primary     Confirmed Yes     No
*   4           5001.0004.002f    Primary     Confirmed Yes     No

5. Now as all the interfaces are running fabricpath, we see that traditional STP does not exist on switches.

Spine-1# show spanning-tree

No spanning tree instance exists.

Spine-1#

Spine-2# show spanning-tree

No spanning tree instance exists.

Spine-2#

Leaf-1# show spanning-tree

No spanning tree instance exists.

Leaf-1#

Leaf-2# show spanning-tree

No spanning tree instance exists.

Leaf-2#

 

6. Configure VLAN on all boxes to work in fabricpath mode.

Spine-1(config)# vlan 10,20
Spine-1(config-vlan)# mode fabricpath

Spine-1# show vlan
VLAN Name                             Status    Ports
— ——————————– ——— ——————————-
1    default                          active
10   VLAN0010                         active    Eth2/1, Eth2/2, Eth2/4
20   VLAN0020                         active    Eth2/1, Eth2/2, Eth2/4
VLAN Type         Vlan-mode
—- —–        ———-
1    enet         CE
10   enet         FABRICPATH
20   enet         FABRICPATH

Routing in Fabricpath:

Spine-1# show fabricpath route
FabricPath Unicast Route Table
‘a/b/c’ denotes ftag/switch-id/subswitch-id
‘[x/y]’ denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id

FabricPath Unicast Route Table for Topology-Default
0/1/0, number of next-hops: 0
via —- , [60/0], 0 day/s 02:41:19, local

1/2/0, number of next-hops: 1 >>>>>>>>>>>>>>>>>>>. Ftag-1, SwitchId – 2, SubSwitchId-0
via Eth2/4, [115/400], 0 day/s 00:23:25, isis_fabricpath-default
1/3/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:24:32, isis_fabricpath-default
1/4/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:12:05, isis_fabricpath-default

Spine-2# show fabricpath route

0/2/0, number of next-hops: 0
via —- , [60/0], 0 day/s 02:40:53, local
1/1/0, number of next-hops: 1
via Eth2/4, [115/400], 0 day/s 01:12:52, isis_fabricpath-default
1/3/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:24:11, isis_fabricpath-default
1/4/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:11:46, isis_fabricpath-default

 

Leaf-1# show fabricpath route

0/3/0, number of next-hops: 0
via —- , [60/0], 0 day/s 00:27:41, local
1/1/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:23:39, isis_fabricpath-default
1/2/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:22:48, isis_fabricpath-default
1/4/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 00:11:29, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 00:11:29, isis_fabricpath-default

Leaf-2# show fabricpath route

0/4/0, number of next-hops: 0
via —- , [60/0], 0 day/s 00:11:43, local
1/1/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:10:52, isis_fabricpath-default
1/2/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:10:52, isis_fabricpath-default
1/3/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 00:10:52, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 00:10:52, isis_fabricpath-default

ISIS topology:

Spine-1# show fabricpath isis topology summary
FabricPath IS-IS Topology Summary
Fabricpath IS-IS domain: default

MT-0

Configured interfaces:  Ethernet2/1  Ethernet2/2  Ethernet2/4
Max number of trees: 2  Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f

Spine-2# show fabricpath isis topology summary

 

MT-0

Configured interfaces:  Ethernet2/1  Ethernet2/2  Ethernet2/4
Max number of trees: 2  Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f

Leaf-1# show fabricpath isis topology summary

 

MT-0

Configured interfaces:  Ethernet2/1  Ethernet2/2
Max number of trees: 2  Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f

Leaf-2# show fabricpath isis topology summary

 

MT-0

Configured interfaces:  Ethernet2/1  Ethernet2/2
Max number of trees: 2  Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f

FP switches share the common bridge id 32778 c84c.75fa.6000.  Leafs must have same priority if connected to same CE segment. Mismatch priority can result in root inconsistent. STP is not propagated towards Fabricpath network.

Leaf-1# show spanning-tree vlan 10 root
Root  Hello Max Fwd
Vlan                   Root ID          Cost  Time  Age Dly  Root Port
—————- ——————– ——- —– — —  —————-
VLAN0010         32778 c84c.75fa.6000       0    2   20  15  This bridge is root

Leaf-1# show spanning-tree vlan 20 root
Root  Hello Max Fwd
Vlan                   Root ID          Cost  Time  Age Dly  Root Port
—————- ——————– ——- —– — —  —————-
VLAN0020         32788 c84c.75fa.6000       0    2   20  15  This bridge is root

Leaf-2# show spanning-tree vlan 10 root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
—————- ——————– ——- —– — — —————-
VLAN0010 32778 c84c.75fa.6000 0 2 20 15 This bridge is root
Leaf-2# show spanning-tree vlan 20 root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
—————- ——————– ——- —– — — —————-
VLAN0020 32788 c84c.75fa.6000 0 2 20 15 This bridge is root
Leaf-2#

MAC Address Table:

Leaf-2# show system internal l2fwder mac/Show mac address-table
Stl Static   BD       MAC-Address   FTAG.Sid/L2_Intf  GM  Type      Age
—|——|—–|——————|—————-|—|—–|———|
0      0    20  aa:bb:cc:00:71:10             1, 3   0     0  00:00:50* —————–> 1 is ftag and 3 is switch-id
0      0    20  aa:bb:cc:00:51:10           Eth2/4   0     0  00:09:27*
0      0    10  aa:bb:cc:00:71:00           Eth2/3   0     0  00:24:54*
0      1    20  50:01:00:04:00:2f         sup-eth1   1     0  00:24:25
0      1    10  50:01:00:04:00:2f         sup-eth1   1     0  00:24:31

Now it will check the routing table on where to forward this switch-id:

Leaf-2# show fabricpath route switchid 3
FabricPath Unicast Route Table
‘a/b/c’ denotes ftag/switch-id/subswitch-id
‘[x/y]’ denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default
1/3/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 00:27:03, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 00:27:03, isis_fabricpath-default

Fabricpath Multidestination Tree:

Ftag is used for Multidestination trees . Each tree is assigned a network-wide identity, known as an FTAG.

The first tree is used to handle broadcast and unknown unicasts, the second tree is used to handle multicast traffic.

Leaf-2# show fabricpath isis topology summary
FabricPath IS-IS Topology Summary
Fabricpath IS-IS domain: default
MT-0
Configured interfaces:  Ethernet2/1  Ethernet2/2
Max number of trees: 2  Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f

Tree 1 = FTAG 1 = Broadcast and unknown unicast
Tree 2 = FTAG 2 = Multicast

From the output above, we can see that SID 4 has been chosen as the root for Tree 1, and SID 3 has been chosen as the root for Tree 2.

So, Spine-1 is the root for Broadcast and unknown unicast. Spine-2 is the root for Multicast traffic.

Once the frame is received at CE port, it checks the destination MAC address and based on the type of traffic, frame is encapsulated in Fabricpath Header with Outer Source Address (OSA) as Source Switch Id and Outer Destination Address (ODA) as Destination Switch ID. The Ether type is used as 0x8903 to identify the Fabricpath protocol. Here, the OSA will be 12-bit switch ID for Leaf-2 which is 4 and ODA will be switch ID 3.

FP ping

The root is chosen automatically just like STP:

1. Highest root priority – 8-bit value between 0-255 (Default is 64)
2. Highest System-ID – 48-bit VDC MAC address
3. Highest Switch-ID – 12-bit SID

For Leaf-2, Leaf-2 itself is the root for Tree 1 and the second highest root is the Leaf-1 for Tree 2.

To make the Spine-1 as the root for Tree 1 and Spine 2 as the root for Tree 2, we can change the priority:

Spine-1(config)# fabricpath domain default
Spine-1(config-fabricpath-isis)# root-priority 255
Spine-2(config)# fabricpath domain default
Spine-2(config-fabricpath-isis)# root-priority 254

Leaf-2# show fabricpath isis topology summary
FabricPath IS-IS Topology Summary
Fabricpath IS-IS domain: default
MT-0
Configured interfaces:  Ethernet2/1  Ethernet2/2
Max number of trees: 2  Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0001.002f, 1 —> Spine-1 is the root for Tree-1 now
Tree id: 2, ftag: 2, root system: 5001.0002.002f, 2—-> Spine-2 is the root for Tree-2 now
Ftag Proxy Root: 5001.0001.002f

mdst tree

“show fabricpath isis trees” shows the metric in respect to the root.

Leaf-2# show fabricpath isis trees
Fabricpath IS-IS domain: default
Note: The metric mentioned for multidestination tree is from the root of that tree to that switch-id
*:directly connected neighbor or link
P:Physical switch-id, E:Emulated, A:Anycast
MT-0
Topology 0, Tree 1, Swid routing table
1, L1
via Ethernet2/1, metric 0 —->Root is directly connected on this link for Tree-1
2, L1
via Ethernet2/1, metric 400
3, L1
via Ethernet2/1, metric 400

Topology 0, Tree 2, Swid routing table
1, L1
via Ethernet2/2, metric 400
2, L1
 via Ethernet2/2, metric 0 ——-> Root is directly connected on this link for Tree-2
3, L1
via Ethernet2/2, metric 400
Traffic Engineering in FabricPath:
– Currently, we are doing multipathing to reach Leaf-1 from Leaf-2 and vice-versa.

Leaf-2# show fabricpath route switchid 3
1/3/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 01:06:21, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 01:06:21, isis_fabricpath-default

– 115 is the ISIS Admin Distance and 800 is the metric (400 per link from Leaf-Spine-Leaf).
– In order to prefer only one path, we can increase the ISIS metric on one link.

Leaf-2(config)# int e2/2
Leaf-2(config-if)# fabricpath isis metric 500

Leaf-2# show fabricpath route switchid 3
1/3/0, number of next-hops: 1
via Eth2/1, [115/800], 0 day/s 01:09:11, isis_fabricpath-default

 

Fabricpath ECMP:

– We can check the mroute table for each ftag and see the outgoing interface. It is E2/1 for Ftag-1 and E2/2 for Ftag-2.

Leaf-2# show fabricpath mroute ftag 1
(ftag/1, vlan/10, *, *), Flood, uptime: 01:11:48, isis
Outgoing interface list: (count: 3)
Interface Ethernet2/1,   Switch-id 1, uptime: 01:11:52, isis
Interface Ethernet2/1,   Switch-id 2, uptime: 00:11:10, isis
Interface Ethernet2/1,   Switch-id 3, uptime: 01:11:52, isis

(ftag/1, vlan/20, *, *), Flood, uptime: 01:11:48, isis
Outgoing interface list: (count: 3)
Interface Ethernet2/1,   Switch-id 1, uptime: 01:11:52, isis
Interface Ethernet2/1,   Switch-id 2, uptime: 00:11:10, isis
Interface Ethernet2/1,   Switch-id 3, uptime: 01:11:52, isis

Leaf-2# show fabricpath mroute ftag 2
(ftag/2, vlan/10, *, *), Flood, uptime: 01:12:14, isis
Outgoing interface list: (count: 3)
Interface Ethernet2/2,   Switch-id 1, uptime: 00:11:13, isis
Interface Ethernet2/2,   Switch-id 2, uptime: 01:12:18, isis
Interface Ethernet2/2,   Switch-id 3, uptime: 01:12:18, isis

(ftag/2, vlan/20, *, *), Flood, uptime: 01:12:14, isis
Outgoing interface list: (count: 3)
Interface Ethernet2/2,   Switch-id 1, uptime: 00:11:13, isis
Interface Ethernet2/2,   Switch-id 2, uptime: 01:12:18, isis
Interface Ethernet2/2,   Switch-id 3, uptime: 01:12:18, isis

– Verify the ECMP method being used.

Leaf-2# show fabricpath load-balance

ECMP load-balancing configuration:

L3/L4 Preference: Mixed

Hash Control: Symmetric

Rotate amount: 12 bytes

Use VLAN: TRUE

Ftag load-balancing configuration:

Hash Control: Symmetric

Rotate amount: 12 bytes

Use VLAN: TRUE

Leaf-2(config)# sh run all | i “fabricpath load-balance”

fabricpath load-balance symmetric

fabricpath load-balance unicast mixed rotate-amount 0xc

fabricpath load-balance multicast rotate-amount 0xc

Leaf-2(config)#

 

– ECMP methods available:

Leaf-2(config)# fabricpath load-balance unicast ?
include-vlan   Use hardware translation of vlan/vni
layer3         Only Layer-3 parameters considered
layer4         Only Layer-4 parameters considered
mixed          Mix of Layer-3 and Layer-4 paramaters (default)
rotate-amount  Rotate amount for hash string

– To check which interface will be selected based on the Source and Destination, use below command:

Leaf-2# show fabricpath load-balance unicast forwarding-path ftag 1 switchid 3 flow-type l3 src-ip 10.0.0.253 dst-ip 10.0.0.225 vlan 10 module 2
This flow selects interface Eth2/1

Fabricpath Authentication: There are two types of Authentication being used in Fabricpath:

– Fabricpath Interface Authentication, which is basically used for Hello
– Fabricpath domain Authentication which is intended for ISIS LSPs

1. Interface Authentication: Lets configure Authentication between Spine-1 and Spine-2 on interface E2/4.

ISIS- hellos

Spine-1(config)# key chain Spine-1
Spine-1(config-keychain)# key 1
Spine-1(config-keychain-key)# key-string Spine-1

Spine-1(config)# int e2/4
Spine-1(config-if)# fabricpath isis authentication-type md5
Spine-1(config-if)# fabricpath isis authentication key-chain Spine-1

Spine-1(config-if)# show fabricpath isis interface e2/4
Fabricpath IS-IS domain: default
Interface: Ethernet2/4
Status: protocol-up/link-up/admin-up
Index: 0x0003, Local Circuit ID: 0x01, Circuit Type: L1
Authentication type MD5
Authentication keychain is Spine-1
Authentication check specified
Extended Local Circuit ID: 0x1A083000, P2P Circuit ID: 0000.0000.0000.00
Retx interval: 5, Retx throttle interval: 66 ms
LSP interval: 33 ms, MTU: 1500
P2P Adjs: 0, AdjsUp: 0, Priority 64
Hello Interval: 10, Multi: 3, Next IIH: 00:00:05
Level   Adjs   AdjsUp  Metric   CSNP  Next CSNP  Last LSP ID
1          0        0     400     60  Inactive   ffff.ffff.ffff.ff-ff
Topologies enabled:
Level Topology Metric  MetricConfig Forwarding
0     0        400     no           UP
1     0        400     no           UP

Spine-1(config-if)# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID       SNPA            Level  State  Hold Time  Interface
Leaf-1          N/A             1      UP     00:00:23   Ethernet2/1
Leaf-2          N/A             1      UP     00:00:32   Ethernet2/2
Spine-2         N/A             1      LOST   00:04:53   Ethernet2/4 ———-> Adjacency is lost

We will see that once we configure Spine-2 with same key, adjacency will be resumed.

Spine-2(config)# key chain Spine-1
Spine-2(config-keychain)# key 1
Spine-2(config-keychain-key)# key-string Spine-1
Spine-2(config-keychain-key)# int e2/4
Spine-2(config-if)# fabricpath isis authentication-type md5
Spine-2(config-if)# fabricpath isis authentication key-chain Spine-1

Spine-2(config-if)# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID       SNPA            Level  State  Hold Time  Interface
Leaf-1          N/A             1      UP     00:00:29   Ethernet2/1
Leaf-2          N/A             1      UP     00:00:27   Ethernet2/2
Spine-1         N/A             1      UP     00:00:30   Ethernet2/4

2. Domain Authentication: This will prevent routes from being learned, however will not have any impact on adjacencies.

Spine-1(config)# fabricpath domain default
Spine-1(config-fabricpath-isis)# authentication-type md5
Spine-1(config-fabricpath-isis)# authentication key-chain Spine-1

Spine-1(config)# show fabricpath isis
Fabricpath IS-IS domain : default
System ID : 5001.0001.002f  IS-Type : L1 Fabric-Control SVI: Unknown
SAP : 432  Queue Handle : 15
Maximum LSP MTU: 1492
Graceful Restart enabled. State: Inactive
Last graceful restart status : none
Graceful Restart holding time:60
Metric-style : advertise(wide), accept(wide)
Start-Mode: Complete [Start-type configuration]
Area address(es) :
00
Process is up and running
CIB ID: 1
Interfaces supported by Fabricpath IS-IS :
Ethernet2/1
Ethernet2/2
Ethernet2/4
Level 1
Authentication type: MD5
Authentication keychain: Spine-1  Authentication check specified
LSP Lifetime: 1200
L1 LSP GEN interval- Max:8000 Initial:50      Second:50
L1 SPF Interval- Max:8000     Initial:50      Second:50
MT-0 Ref-Bw: 400000
Max-Path: 16
Address family Swid unicast :
Number of interface : 3
Distance : 115
L1 Next SPF: Inactive
We can see that though adjacency is still there, System ID is not resolving the host Name and also routes are lost.

Spine-1# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID       SNPA            Level  State  Hold Time  Interface
5001.0003.002f  N/A             1      UP     00:00:22   Ethernet2/1
5001.0004.002f  N/A             1      UP     00:00:29   Ethernet2/2
5001.0002.002f  N/A             1      UP     00:00:25   Ethernet2/4

Spine-1# show fabricpath route
FabricPath Unicast Route Table
‘a/b/c’ denotes ftag/switch-id/subswitch-id
‘[x/y]’ denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default
0/1/0, number of next-hops: 0
via —- , [60/0], 0 day/s 05:23:24, local
Spine-1#

Once authentication is removed, routes are learned.

Spine-1(config-fabricpath-isis)# no authentication-type
Spine-1(config-fabricpath-isis)# no authentication key-chain

Spine-1(config-fabricpath-isis)# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID       SNPA            Level  State  Hold Time  Interface
Leaf-1          N/A             1      UP     00:00:23   Ethernet2/1
Leaf-2          N/A             1      UP     00:00:26   Ethernet2/2
Spine-2         N/A             1      UP     00:00:22   Ethernet2/4

Spine-1(config-fabricpath-isis)# show fabricpath route

0/1/0, number of next-hops: 0
via —- , [60/0], 0 day/s 05:24:20, local
1/2/0, number of next-hops: 1
via Eth2/4, [115/400], 0 day/s 00:00:12, isis_fabricpath-default
1/3/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:00:12, isis_fabricpath-default
1/4/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:00:12, isis_fabricpath-default

Fabricpath Unicast Static Routes and Multiple ISIS topologies:

– We can configure unicast static routes to override the routes computed by dynamic protocols such as IS-IS in FabricPath.

Leaf-2# sh fabricpath route switchid 3
1/3/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 01:11:26, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 01:44:19, isis_fabricpath-default

Leaf-2(config)# fabricpath route switch-id 3 ethernet 2/1
Leaf-2(config)# show fabricpath route switchid 3
1/3/0, number of next-hops: 1
via Eth2/1, [40/40], 0 day/s 00:00:06, static route

– By default MT0 is the topology being used by all Vlans. We can configure multiple topologies to map specific VLANs and specific features to that specific topology.

Leaf-2(config)# fabricpath topology 1
Leaf-2(config-fp-topology)# member vlan 10
Leaf-2(config-fp-topology)# exit

Leaf-2(config)# int e2/1
Leaf-2(config-if)# fabricpath topology-member 1
Leaf-2(config-if-fp-topology)# exit

Leaf-2(config-if)# show fabricpath topology vlan
Topo-Description                 Topo-ID   Configured VLAN List
——————————– ——— ————————————-
0                                0         1-9,11-4096
1                                1         10

Further Reading: https://www.cisco.com/c/dam/en/us/products/collateral/switches/nexus-7000-series-switches/white_paper_c07-728188.pdf

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/fabricpath/configuration/guide/b-Cisco-Nexus-7000-Series-NX-OS-FP-Configuration-Guide-6x/b-Cisco-Nexus-7000-Series-NX-OS-FP-Configuration-Guide-6x_chapter_010.html

Advertisements

1 reply »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s