Holger Hasenaug,
Presales Solution Architect, HP Networking
Vincent Giles,
EMEA Technical Product Manager, HP
Networking
3
Agenda
4
HP / CISCO INTEROPERABILITY
HP Cisco Interoperability
Switching Management
Switch
Switch Spanning-Tree: VLANs: IEEE 802.1Q SNMP
-- Link aggregation: IEEE 802.3ad Command Line Interface
Routing: Configuration file and
Switch
Switch OSPF, BGP, VRF OS handling
7
SSH with Local User Account
Configuration Comparison
HP A-Serie Cisco
Generate key pair, enable SSH server, and disable Telnet Generate key pair, enable SSH server
access
public-key local create rsa crypto key generate rsa usage-keys modulus 1024
ssh server enable ip ssh version 2
undo telnet server enable Default
Set authentication mode to local user Set authentication mode to local user, disable telnet and
associated ssh service
user-interface vty 0 4 line vty 0 4
authentication-mode scheme login local
protocol inbound ssh transport input ssh
Define local user and privilege level, associated ssh Define local user and privilege level
service
local-user admin123 username admin123 privilege 15 password verysecret
password cipher verysecret
service-type ssh
authorization-attribute level 3
8
SNMPv2
Configuration Comparison
HP A-Serie Cisco
Enable SNMPv2c and community name Enable SNMPv2c and community name
snmp-agent
snmp-agent sys-info version v2c
snmp-agent community write xyzabc snmp-server community xyzabc rw
SNMP contact and location information SNMP contact and location info
snmp-agent sys-info contact +510 234 4849 snmp-server contact +510 234 4849
snmp-agent sys-info location Germany/xzy snmp-server location Germany/xzy
9
Password encryption, NTP and Syslogging
Configuration Comparison
HP A-Serie Cisco
Encrypt passwords Encrypt passwords
Use cipher keyword every time a password is entered service password-encryption
Set time with NTP, time zone, and summertime Set time with NTP, time zone, and summertime
ntp-service unicast-server 10.1.1.101 ntp server 10.1.1.100
clock timezone GMT1 add 01:00:00 clock timezone gmt1 1
clock summer-time western-europe repeating 01:00:00 2010 March last clock summer-time GMT1 recurring last Sun
Sunday 01:00:00 2010 October last Sunday 01:00:00 Mar 1:00 last Sun Oct 1:00 60
Set syslog server and information log level Set syslog server and info log level
info-center enable
info-center loghost 10.1.1.200 logging host 10.1.1.100
info-center source default channel loghost log level information logging alarm notifications
service timestamps log datetime localtime
10
System Debugging on the CLI
HP A-Series networking devices provide extensive debugging
functions for protocols and features supported to help
administrators and operators to diagnose problems.
<HP-A> debug snmp trap packet
[HP-A-Ten-GigabitEthernet1/1/2]shut
11
Centralized Authentication,
Authorization and Accounting (AAA)
AAA is a server-based authentication strategy that:
is centralized and standards based: can be used for all the devices in the LAN/WAN
simplifies the authorization database configuration and maintenance, including back-up
includes
accounting to collect login and usage information that can be used for security tracking
and troubleshooting
TACACS
Server
HP Networking A-Series support: Network Admin
logged in via SSH
TACACS: on the switch
CS
Point-to-Point Protocol (PPP) TACA
Virtual Private Dial-up Network (VPDN)
Terminal users (Console, Telnet, FTP, SSH, and Web access)
incl. command authorization and accounting
RADIUS: RA
DIU
Switch, S
Point-to-Point Protocol (PPP) Router
Virtual Private Dial-up Network (VPDN)
Terminal users (Console, Telnet, FTP, SSH, and Web access)
Normal user access RADIUS
802.1X, MAC, Web Authentication
though 802.1X, MAC, Web Server
12
Some Standards versus Proprietary
VLAN
GVRP GVRP VTP
advertisement
13
LLDP / CDP
CDP / LLDP Configuration Comparison
Switch-to-Switch connection
HP A-Serie Cisco
G1/20 G1/20
LLDP
HP A-Serie Cisco
15
Useful show and display commands
Description HP A-Series Cisco
LLDP neighbor information display lldp neighbor-information list show lldp neighbor
16
VLANS
Switch Port Roles
End User ports (PCs, Printer,)
IP phone ports
Server
End User + IP phone ports Switch
Server ports for one VLAN
PC
Server ports for multiple VLANs
Switch-to-Switch ports for multiple VLANs
Aggregated ports
PC
Routing Switch
Aggregated links
Server
18
Terminology Differences
Switch Port
HP A-Series HP E-Series Cisco
Role
End nodes:
PCs, printers, and Access port Untagged port Access port
so on
Switch-to-switch
with multiple VLANs
Trunk port Tagged port Trunk port
Bridge aggregation
Link aggregation Trunk port Port channel interface
interface
19
VLAN Configuration Comparison
Switch-to-Switch connection
HP A-Serie Cisco
G1/20 G1/20
HP A-Serie Cisco
20
VLAN Configuration Comparison
Switch-to-End Node connection
HP A-Serie Cisco
interface GigabitEthernet 1/10 interface GigabitEthernet 1/10
port link-mode bridge Default switchport Default on access
port access vlan 10 switches
switchport access vlan 10
port link-type access Default
switchport mode access Default
HP A-Serie Cisco
G1/10 G1/10
21
Useful show Commands
Description HP A-Series Cisco
Port status display interface brief show interfaces status
Which ports exist with display interface brief show interfaces trunk
more than one VLAN display port trunk | hybrid
22
LINK AGGREGATION
Static Aggregated Ports
HP A-Serie Cisco
interface Bridge-Aggregation 1 interface Port-channel1 Automaticall
y created
G1/21 G1/21
BAAG1 Po1
HP A-Serie Cisco
The A-Series port-group command does not have anything to do with link-aggregation
24 configurations. Instead you can use it to configure mutliple ports at the same time.
Dynamic Aggregated Ports using LACP (IEEE 802.3ad)
HP A-Serie Cisco
interface Bridge-Aggregation 1 interface Port-channel1
link-aggregation mode dynamic
enable
LACP
interface gigabitethernet 1/20 interface GigabitEthernet 1/20
port link-aggregation group 1 channel-group 1 mode active
interface gigabitethernet 1/21 enable
port link-aggregation group 1 interface GigabitEthernet 1/21 LACP
channel-group 1 mode active
G1/20 G1/20
G1/21 G1/21
BAAG1 Po1
HP A-Serie Cisco
25
Useful show commands
Description HP A-Series Cisco
What ports belong display link-aggregation summary | show etherchannel <port-channel> summary
to the verbose | detail
aggregation?
26
SPANNING-TREE
Multiple Spanning-Tree
Design 1: MSTP with only the default instance
Core1 Core2
HP-A Cisco
STP Series
root STP backup root
Access1
HP-A Series
X
X
Access2
Cisco
Pros: simple, all switches speak the same standard
28
protocol
Cons: no load balancing
Multiple Spanning-Tree
Design 1: MSTP with only the default instance
29
Multiple Spanning-Tree
Design 1: MSTP with only the default instance
30
Multiple Spanning-Tree
Design 2: MSTP and load balancing between instances
MSTP MSTP
Instance 1: VLAN 1-30 Instance 2: VLAN 31-60
STP root STP backup root STP root
instance 1 instance 1 STP backup root
Core1 Core2 Instance 2 Core1 Instance 2
Core2
HP-A Cisco HP-A Cisco
Series Series
Access1 Access1
HP-A Series HP-A Series
X STP blocked
for instance 1
X
STP blocked
X for instance 2
X
Access2 Access2
Pros: load balancing
Cisco Cons: more complex to configure and troubleshoot Cisco
31
Multiple Spanning-Tree
Design 2: MSTP and load balancing between instances
32
Multiple Spanning-Tree
Design 2: MSTP and load balancing between instances
34
Hardening STP
STP root STP backup root
Root
Root guard:
guard: Prevents
Prevents
the Loop
Loop guard:
guard:
the insertion
insertion of
of aa
fake Prevents
Prevents loop
loop
fake root
root triggering
triggering
an situations
situations when
when
an STP
STP topology
topology
change edge
edge switches
switches
change
stop
stop receiving
receiving
Edge ports BPDUs
BPDUs from
from
BPDU
BPDU guard:
guard: Prevents
Prevents
network
network instability
instability due
due Loopback-detection
Loopback-detection upstream
upstream
to
to switch
switch insertion
insertion at
at Prevents
Prevents loops
loops that
that occur
occur switches
switches
the
the edge
edge on
on an
an external
external hubs
hubs oror
switches
switches and
and are
are not
not
detected
detected by
by STP
STP
35
Spanning-tree Hardening Features
HP A-Series HP E-Series Cisco
36
Root-guard
HP A-Series Cisco
37
Loop-guard
HP A-Series Cisco
38
BPDU-protection / BPDU-guard
HP A-Series Cisco
Global for all ports in stp edge-port Global for all ports in spanning-tree
mode: portfast mode:
stp bpdu-protection spanning-tree portfast bpduguard
default
Or interface specific:
interface gig0/2
spanning-tree bpduguard enable
Recovery configured globally:
shutdown-interval 300 Recovery configured globally:
(default is 30 seconds) errdisable recovery cause bpduguard
errdisable recovery interval 300
(default)
39
Loopback-detection / keepalives
HP A-Series Cisco
By default disabled on all ports By default enabled on all copper ports
loopback-detection enable
loopback-detection interval-time 30
(default)
Interface specific:
interface
loopback-detection enable
loopback-detection control enable
(on vlan trunk/hybrid interfaces
required)
41
ACCESS-LISTS (ACLS)
Configuring ACLs on HP A-Series switches
Like Cisco switches, HP A-Series switches support:
Standard ACLs, called basic and numbered 2000-2999
Extended ACLs, called advanced and numbered 3000-3999
MAC ACLs, called Ethernet frame header ACLs and numbered 4000-4999
43
Applying ACLs
Standard & Extended ACL
Routed ACL (applied to Inbound and Outbound routed traffic)
VLAN ACL (applied to inbound switched traffic)
Static and Dynamic Port ACL (applied to inbound switches traffic)
L3
Routed ACL
L2
L2
Port ACL
VLAN ACL
44
Extended Access-Lists example
HP A- acl number 3101
rule 0 permit tcp established
Serie rule 5 permit tcp destination 192.168.16.250 0.0.0.1 destination-port eq tacacs
s rule 10 permit udp destination 224.0.0.2 0 destination-port eq 1985
rule 20 permit udp destination 192.168.116.72 0 destination-port eq snmptrap
rule 25 permit tcp source 192.168.0.1 0 destination 1.2.3.4 0 destination-port eq 65
rule 30 deny ip
Implicit permit any is the
# default = > rule 30 is required
interface Vlan-interface1 to work like Cisco
ip address 1.1.1.1 255.255.255.0
packet-filter 3101 inbound
46
IP PHONE
Shared connections for PC and IP-phone
How does IP phone auto-configure the voice VLAN and QoS?
Auto-config voice VLAN and L2/L3 QoS using LLDP-MED (HPN switches) or CDPv2
(Cisco switches)
Many phones support vendor specific DHCP process for auto-config
Avaya, Alcatel, Mitel, Siemens, ShoreTel etc
DHCP server on data VLAN advertises voice VLAN ID and QoS
DHCP
server IP Untagged data VLAN Untagged
network data VLAN
tagged voice VLAN
Switch IP phone PC
IP PBX
48
Cisco IP phone boot process on old phones
CDPv2 and pre-standard PoE
Cisco pre-standard PoE: Fast Link Pulse
Reflected Fast Link Pulse
Cisco7940G
SCCP or SIP registration with Callmanager Cisco Callmanager
49
Switch-to-IP-phone connection with old Cisco
phones HP A-series Cisco
Required for old
poe legacy enable pse 4
Cisco Inline-Power
lldp compliance cdp enable
phone
undo voice vlan security enable
Voice traffic is
marked by default
with COS vlaue 6 Untagged data VLAN (2) Untagged
and DSCP value 46 data VLAN (2)
tagged voice VLAN (3)
(0xEF) and put in
second highest Switch CDPv2 IP phone PC
queue
50 6.
Display CDP for Cisco phones on A-Series
[HP-A] display lldp neighbor-information
51
Cisco IP phone boot process on current
phones
LLDP-MED and 802.3af PoE
IEEE 802.3af: Apply voltage and classify device
Return current
53
Switch-to-IP-phone connection with current Cisco phones
HP A-series Cisco
undo voice vlan security enable
Voice traffic is
marked by default
with COS vlaue 6 Untagged data VLAN (2) Untagged
and DSCP value 46 data VLAN (2)
tagged voice VLAN (3)
(0xEF) and put in
second highest Switch LLDP-MED IP phone PC
queue
54 6.
Display LLDP-MED for current Cisco phones on A-Series
55
Display LLDP-MED for current Cisco phones on A-Series
...
Device class: Endpoint Class III
56
QoS Concepts
Traffic classification
Traffic policing Traffic policing
Packet flow
WAN
Router Switch IP phone PC
57
HP A-Series QoS Service Model
58
Easy QoS example for IP-phones
HP A-series
interface GigabitEthernet 1/20
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 untagged
port hybrid vlan 3 tagged
port hybrid pvid vlan 2
voice vlan 3 enable
voice vlan qos trust
or
voice vlan qos {dot1p | dscp} <value> packets in
qos wrr 6 group sp queue 6 will
undo voice vlan mode auto processed in
strict queuing
59
Advanced QoS example for IP-phones
HP A-Series
traffic classifier VoIP-Control-Trust operator or
if-match dscp af31
if-match dscp cs3
traffic classifier VoIP-RTP-Trust operator or
if-match dscp ef
#
traffic behavior VoIP-Control-Trust
remark dscp cs3 or af31
car cir 64 cbs 8000 ebs 4000 green pass red discard yellow pass
traffic behavior VoIP-RTP-Trust
remark dscp ef
car cir 128 cbs 8000 ebs 4000 green pass red discard yellow pass
#
qos policy Police-CiscoPhone
classifier VoIP-RTP-Trust behavior VoIP-RTP-Trust
classifier VoIP-Control-Trust behavior VoIP-Control-Trust
#
interface GigabitEthernet1/0/2
qos apply policy Police-CiscoPhone inbound
qos trust dscp
60
IP ADRESSING AND ROUTING
Layer-3 IP Interfaces and Static Routes
HP A-Series Cisco
ip unreachables enable interface GigabitEthernet 1/20
ip ttl-expires enable to enable traceroute ip unreachables Default
62
Default Routing Preference / Administrative
Distance
Route Sources HP A-Series Routing Cisco Administrative
Preference Distance
Directly Connected 0 0
OSPF 10 110
(150 if autonomous system
external)
IS-IS 15 115
STATIC 60 1
RIP 100 120
IBGP 255 200
EBGP 255 20
Unknown 256 255
OSPF area 0
Network 1.1.1.0/30
64
OSPF Configuration Comparison
HP A-Series Cisco
ospf 1 router ospf 1
silent-interface Vlan-interface1 passive-interface Vlan1
preference 110
preference ase 110
area 0.0.0.0
network 1.1.1.0 0.0.0.0 network 1.1.1.2 0.0.0.0 area 0
network 3.3.3.1 0.0.0.0 network 3.3.3.1 0.0.0.0 area 0
network 99.99.99.1 0.0.0.0 network 99.99.99.2 0.0.0.0 area 0
65
BGP BGP
AS65400
2.
2 .2
30
. 6/
2/
30
2.
2.
2.
30
2.
2.
1/
2.
2. BGP 2 .5
/
AS65010 30
2.
1.1.1.1/30 1.1.1.2/30
HP A-Series Cisco
66
BGP Configuration Comparison
HP A-Series Cisco
bgp 65009 router bgp 65009
preference 20 200 200
undo synchronization no synchronization
network 9.9.9.0 255.255.255.0 network 9.9.9.0 mask 255.255.255.0
log-peer-change bgp log-neighbor-changes
import-route static redistribute static
peer 1.1.1.2 as-number 65009 neighbor 1.1.1.1 remote-as 65009
peer 1.1.1.2 description router-xzy neighbor 1.1.1.1 description router-abc
peer 1.1.1.2 connect-interface LoopBack1 neighbor 1.1.1.1 update-source Loopback 1
peer 1.1.1.2 next-hop-local neighbor 1.1.1.1 next-hop-self
peer 1.1.1.2 advertise-community neighbor 1.1.1.1 send-community
67
MULTI-VPN-INSTANCE CE (MCE)
VIRTUAL ROUTING FORWARDING
(VRF)
HP: Multi-VPN-Instance CE (MCE)
Cisco: Virtual Routing Forwarding (VRF)
Feature:
Separates one device into many
different software routers (layer-3)
Benefits:
Separate routed (virtual) networks
with distinct routing tables to co- Customer C
exist on the same switch (router) Customer B
Customer A
Providing layer-3 customer
segmentation, complimenting layer-2
VLAN segmentation
69
MCE / VRF Configuration Comparison
HP A-Series Cisco
ip vpn-instance customer-a ip vrf customer-a
route-distinguisher 10:1 rd 10:1
vpn-target 10:1 export-extcommunity route-target export 10:1
vpn-target 10:1 import-extcommunity route-target import 10:1
# !
ip vpn-instance customer-b ip vrf customer-b
route-distinguisher 20:1 rd 20:1
vpn-target 20:1 export-extcommunity route-target export 20:1
vpn-target 20:1 import-extcommunity route-target import 20:1
# !
interface Vlan-interface10 interface Vlan10
ip binding vpn-instance customer-a ip vrf forwarding customer-a
ip address 1.1.1.1 255.255.255.0 ip address 1.1.1.1 255.255.255.0
# !
interface Vlan-interface20 interface Vlan20
ip binding vpn-instance customer-b ip vrf forwarding customer-b
ip address 2.2.2.1 255.255.255.0 ip address 2.2.2.1 255.255.255.0
# !
ospf 1 vpn-instance customer-a router ospf 1 vrf customer-a
area 0.0.0.0 capability vrf-lite
network 1.1.1.1 0.0.0.0 network 1.1.1.1 0.0.0.0 area 0.0.0.0
# !
ospf 2 vpn-instance customer-b router ospf 2 vrf customer-b
area 0.0.0.0 network 2.2.2.1 0.0.0.0 area 0.0.0.0
network 2.2.2.1 0.0.0.0
70
VRRP / HSRP
VRRP / HSRP
HP A-Series Cisco
Options
VRRP HSRP
Authentication Y Y
Preempt Delay Y Y
Interface Tracking Y Y
Remote IP Tracking Y Y
Standard Informational
IETF RFC
RFC 3768 RFC 2281
73
VRRP Configuration Comparison
HP A-Series Cisco
active VRRP router: active VRRP router:
interface Vlan-interface1 interface vlan1
ip address 10.1.1.2 255.255.255.0 ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 vrrp 1 ip 10.1.1.1
vrrp vrid 1 priority 110 vrrp 1 priority 110
vrrp vrid 1 preempt-mode timer delay 5 vrrp 1 preempt delay minimum 5
vrrp vrid 1 track interface vlan-interface 3 vrrp 1 authentication text abc$"
vrrp vrid 1 authentication-mode md5 abc$"
backup VRRP router: backup VRRP router:
74
HP A-Series vs. Cisco CLI Differences
Overview
HP A-Series Cisco HP A-Series Cisco
display show display version show version
undo no CTRL+G | display current- show running-configuration
configuration
local-user user display diagnostic-information show tech-support
return end display save-configuration show startup-configuration
quit exit CTRL+L | display ip routing-table show ip route
logout exit CTRL+Q CTRL+Z
rip router rip CTRL+E CTRL+P
ospf router ospf CTRL+O | undo debug all no debug all
bgp router bgp save write memory
sysname hostname delete erase
acl access-list simple 0
ip host host cipher 7
link-pro encap info-center logging
76
MIGRATING TO HP NETWORKING
MIGRATION OBJECTIVES
Existing Network
OSPF/BGP
Site Site
Router1 Router2
- Complexity of PVST/RSTP/MSTP
- Failover time ~ 3s (STP/HSRP)
- Complex L3 Design
Core1 PVST, HSRP, OSPF Core 2
(subnets/protocols)
- Any link/node failure is typically
forcing a topology recalculation
(STP/OSPF)
Campus_Access Campus_Acces DC_Acces DC_Acces
1 s2 PVST s1 s2
79
Target Network
OSPF/BGP
Site Site
Router1 Router2 No
No need
need for
for MSTP/VRRP
MSTP/VRRP between
between
the
the switches
switches as
as they
they are
are logically
logically
one
one device
device thanks
thanks to
to IRF.
IRF.
Core OSPF Link Aggregation simplifies
Link Aggregation simplifies
network
network design
design and
and operations.
operations.
IR
IR Fast
Fast network
network recovery
recovery (<50ms).
(<50ms).
FF Fewer
Fewer BGP
BGP peers,
peers, OSPF
OSPF neighbors.
neighbors.
Campus_Access DC_Acces
s
IR
IR IR
IR
FF FF
80
Target Network
OSPF/BGP
Site Site
Router1 Router2
SIMPLIFIED
SIMPLIFIED NETWORK
NETWORK
Core OSPF
EASIER
EASIER TO
TO MAINTAIN
MAINTAIN
GREATER
GREATER PERFORMANCE
PERFORMANCE
IR
IR MORE
MORE RELIABLE
RELIABLE
FF FASTER
FASTER FAILOVER
FAILOVER
Campus_Access DC_Acces
s
IR
IR IR
IR
FF FF
81
Migration Order Options
1. Campus Access 1. Core and WAN
2. DC Access 2. Campus Access
3. Core and WAN 3. DC Access
82
CORE MIGRATION
Existing Network
OSPF/BGP
Site Site
Router1 Router2
84
Replace Core2 1-
1- Configure
Configure new
new IRF
IRF Core:
Core:
OSPF/BGP
-- VLAN
VLAN
Site Site
-- QoS
QoS marking+queueing
marking+queueing
Router1 Router2
-- ACL
ACL
-- 802.1X
802.1X
-- routing,
routing, multicast
multicast
Core1 PVST, HSRP, OSPF Core 2
IR
IR
FF
2-
2- Make
Make Core1
Core1 primary
primary
Campus_Access Campus_Acces DC_Acces DC_Acces 3-
3- Remove
Remove Core2
Core2
1 s2 PVST s1 s2
85
Insert new Core2 3-
3- Insert
Insert new
new
Site OSPF/BGP
Site
Core.
Core.
Router1 Router2 4-
4- Check
Check routing.
routing. Connectivity
Connectivity
test.
test.
5-
5- Remove
Remove STP STP on
on Core1
Core1
and
and Access
Access layer
layer
Core1 HSRP, OSPF
IR
IR NO SPANNING
TREE on new Core
FF
86
Campus access switches connection
migrationSite
Router1
Site
Router2
~5s 1-
1- Connect
Connect Campus
OSPF/BGP
Core
Core
Campus to
to new
new
2-
2- Check
Check Campus
Campus
connectivity
connectivity
~10s3-
3- For
For Campus
Campus VLANs,
VLANs,
Core1 HSRP, OSPF
OSPF Remove
Remove L3L3 (HSRP)on
(HSRP)on Core1.
Core1.
Activate
Activate L3
L3 on
on new
new Core:
Core:
IR
IR -- configure
configure routing
routing to
to router2
router2
FF -- configure
configure vlan-interface
vlan-interface onon
new
new core
core with
with previous
previous HSRP
HSRP IP
IP
address
address
Campus_Access Campus_Acces DC_Acces DC_Acces -- configure
configure vlan-interface
vlan-interface toto
1 s2 s1 s2 send out gratitious-arp
send out gratitious-arp
-- optional:
optional: clear
clear mac-address-
mac-address-
table
table on
on access
access switch.
switch.
-- tune
tune routing
routing onon router2
router2 to
to
route
route traffic
traffic to
to new
new core
core
4-
4- Check
Check Campus
Campus
87 connectivity
connectivity
DC access switch connection migration
Site OSPF/BGP
Site
~5s 1-
1- Connect
Connect DC
DC to
to new
new
Router1 Router2 Core
Core on
on BAGG
BAGG interface
interface
2-
2- Check
Check DC
DC
OSPF ~10sconnectivity
connectivity
Core1 HSRP, OSPF
3-
3- For
For DC
DC VLANs,
VLANs,
IR Remove
Remove L3L3 (HSRP)
(HSRP) on
on
IR
FF Core1.
Core1.
Activate
Activate L3
L3 on
on new
new Core:
Core:
-- configure
configure routing
routing to
to router2
router2
-- configure
configure vlan-interface
vlan-interface onon new
new
Campus_Access Campus_Acces DC_Acces DC_Acces core with previous HSRP IP address
core with previous HSRP IP address
1 s2 s1 s2 -- configure
configure vlan-interface
vlan-interface toto send
send
out gratitious-arp
out gratitious-arp
-- optional:
optional: clear
clear mac-address-table
mac-address-table
on access switch.
on access switch.
-- tune
tune routing
routing onon router2
router2 to
to route
route
traffic
traffic to
to new
new core
core
4-
4- Check
Check DC
DC
88 connectivity
connectivity
Remove Core1 1-
1- Verify
Verify that
that no
no traffic
traffic
OSPF/BGP
Site Site goes
goes through
through Core1.
Core1.
Router1 Router2
2-
2- Remove
Remove
Core1
Core1
3-
3- Check
Check
OSPF
Core1 connectivity
connectivity
4-
4- Additional
Additional link
link to
to
IR
IR Site
Site router1
router1
FF
5-
5- Check
Check
connectivity
connectivity
6-
6- Add
Add second
second link
link to
to
Campus_Access Campus_Acces DC_Acces DC_Acces
1 s2 s1 s2 BAGG
BAGG
7-
7- Check
Check
connectivity
connectivity
89
1-
1- Add
Add the
the 22 new
new router
router
connections
Site Routers replacement connections
2-
2- Configure:
Configure:
OSPF/BGP
Site Site -- OSPF
OSPF adjacences
adjacences
Router1 Router2 -- BGP
BGP peering
peering (routing
(routing is
is
configured
configured so
so that
that new
new site_router
site_router are
are
Site Site less prefeered)
less prefeered)
Router3 Router4 -- QoS
QoS marking
marking and
and queueing
queueing
OSPF -- ACL
ACL
-- multicast
multicast
IR
IR 3-
3- Check
Check routing
routing
FF
4-
4- Tune
Tune routing
routing to
to get
get new
new
router 3 preferred against
router 3 preferred against
router1
router1
Campus_Access Campus_Acces DC_Acces DC_Acces 5-
5- Check
Check connectivity
connectivity
1 s2 s1 s2
6-
6- Tune
Tune routing
routing to
to get
get new
new
router 4 preferred against
router 4 preferred against
router2
router2
7-
7- Check
Check connectivity
connectivity
9-
9- No
No traffic
traffic through
through old
old 8-
8- Move
Move WAN
WAN circuits
circuits
90 routers.
routers. Remove
Remove them.
them. to
to new ~1min
new routers.
routers.
Core migration completed
OSPF/BGP
Site Site
Router3 Router4
OSPF
IR
IR
FF
91
CAMPUS EDGE MIGRATION
Campus Access Switches 1-
1- Install
Install new
new access
access
OSPF/BGP
Site Site switches
switches in in IRF
IRF with
with
Router3 Router4
~5s LACP.
LACP.
2-
2- Move
Move Printers
Printers from
from
Access1
Access1
3-
3- Check
Check
OSPF
connectivity
connectivity
~5s 4-
4- Move
Move Users
Users and
and
IR
IR Phones
Phones
FF 5-
5- Check
Check
connectivity
connectivity
6-
6- Repeat
Repeat forfor Access2
Access2
Campus_Access
Campus_Access Campus_Acces
1 s2 IR 7-
7- Check
Check
IR
FF connectivity
connectivity
8-
8- Remove
Remove old
old Access
Access
Switches
Switches
93
DC EDGE MIGRATION
DC Access Switches 1-
1- Standby
Standby NIC
NIC move
move to
to
OSPF/BGP
Site Site new
new DC_access.
DC_access.
Router1 Router2
2-
2- Remove
Remove Active
Active NIC.
NIC.
Standby
Standby becomes
becomes
Core OSPF
Active
Active
IR
IR 3-
3- Remove
Remove old
old access
access
FF switches
switches
Campus_Access DC_Acces
DC_Acces DC_Acces s
IR
IR s1 s2 IR
IR
FF FF
95
Target Network
OSPF/BGP
Site Site
Router1 Router2
~5sFinal
Final step:
step:
Activate
Activate 802.3ad
802.3ad on
on server
server
teaming
teaming driver:
driver: Active/Active
Active/Active
NICs
NICs
Core OSPF
IR
IR
FF
Campus_Access DC_Acces
s
IR
IR IR
IR
FF FF
96
REFERENCES / TRAININGS
Case Study: HP IT
http://h20195.www2.hp.com/V2/GetPDF.aspx/4AA3-3926ENW.pd
f
98
HP IT Data center network layers WAN
Transport Transport
Transport
WAN Beltway
Transport
(Internet)
(Internet)
(MPLS)
(MPLS) Connectivity
Connectivity Routing to Global MPLS WAN, ISPs &
Layer
Layer
Application
Applications
Internet
Internet Backbone
Backbone Application
Infrastructur
Internal
Internal
Internal IDS
Routing to individual Cells and adjacent
DMZ Core
DMZCore
DMZ Core Internal IDS
IDS Routing Layer
DMZ Core Core IDS DC
DC Core
Core
Core
Core
Core
Intrusion
Intrusion Intrusion Detection for PCI Applications
FW Internal
Layer3 Layer3 Detection
Detection
FW
SEC InternalDistribution
Layer3 Layer3
Distribution Internal
Layer3
Layer3 Layer3
InternalDistribution
Layer3
Distribution DC
DC Distribution
SEC
SEC
SEC Distribution
Distribution Distribution
Distribution
Distribution Security Services
Layer
Layer 3
3 Routing to individual PODs within a Cell
Layer2 Switch Layer2
Layer2 Switch
Switch Layer Distribution
Layer2 Switch Layer2 Switch Layer 2
2
Cell/POD
Layer2 Switch
Cell/POD Infrastructure
Layer2 Switch
Aggregation
Aggregation Layer2 Switch
Aggregation
Aggregation Aggregation
Aggregation
Aggregation Aggregation
Aggregation Aggregation
POD Level Firewalls
Firewall
Firewall
LB
LB
LB Load
LB
LB Load Balancers
Balancers
Infrastructure
LB
Layer 2 Switch
POD
Layer 2 Switch Aggregation for each
Aggregation
Aggregation
Layer2 Layer
Layer 2
2 Edge
Layer2 Edge Layer2
Layer2 Edge Application
Edge
Switch
Switch
Edge
Switch
Switch
Edge
Switching
Switching
Application Load
Load Load-Balancing Services
Balancing
Layer
Layer 2
2 Edge
Systems
Blade
Blade I/O
I/O Edge Edge Switch ports for Servers and Blade
Server
Server Blade
Blade
Layer
Layer 2
2 Edge
Edge Switching
Switching
Switching
Switching
Platform
Platform Platform
Platform
HP IT Data center network Portfolio
Transport Transport
WAN A6616
Transport Transport
(Internet)
(Internet)
(MPLS)
(MPLS) Connectivity
Connectivity HP Networking A8812, A6604 and
Layer
Layer
Application
Applications
Internet
Internet Backbone
Backbone Application
Infrastructur
Data
Data Center
Center Core
Center
Internal
Internal
Internal
Core HP Networking A12508
DMZ Core IDS
DMZCore
DMZ
DMZ Core
Core
Internal
Core
Core
Core
IDS
IDS
IDS DC
DC Core
Core Routing
Routing Layer
Layer
Core
Intrusion
Intrusion HP Tipping Point S5100N
FW Internal
Layer3 Layer3 Detection
Detection
FW
SEC InternalDistribution
Layer3 Layer3
Distribution InternalDistribution
Layer3
Internal
Layer3 Layer3
Layer3
Distribution DC
DC Distribution
SEC
SEC
SEC Distribution
Distribution Distribution
Distribution
Distribution Security
Security Services
Services
Layer 3 HP Networking A9505 and A5820X
Layer2 Switch Layer2
Layer2 Switch
Switch Layer Distribution
Distribution
Layer2 Switch Layer 2
2
Cell/POD
Layer2 Switch
Aggregation
Aggregation Aggregation
Aggregation Aggregation
Aggregation
Aggregation Aggregation
Aggregation Aggregation
POD Level Firewalls
Firewall
Firewall
LB
LB
LB
LB
LB Load
Load Balancers
Balancers
Infrastructure
LB
Layer
Layer 2
2 Switch
Switch E6600-24XG and E8212zl
Aggregation
Aggregation
Layer2 Layer
Layer 2
2 Edge
Layer2 Edge Layer2
Layer2 Edge Application
Edge
Switch
Switch
Edge
Switch
Switch
Edge
Switching
Switching
Application Load
Load Load-Balancing Services
Balancing
Balancing
Blade
Blade I/O
I/O Layer
Layer 2
2 Edge
Edge E6600-48G-4XG and E6600-24XG
Server
Server Blade
Blade
Layer
Layer 2
2 Edge
Edge Switching
Switching
Switching
Platform
Platform Platform
Platform
Interoperability Test Report and Cookbook
http://networktest.com/hpiop/
Network Test is an independent third-party test lab and engineering services consultancy.
Our core competencies are performance, security, and conformance assessment of
networking equipment and live networks. Our clients include equipment manufacturers,
large enterprises, service providers, industry consortia, and trade publications.
Tests:
VLAN trunking/tagging
L2/L3 Jumbo Frame handling
Link Aggregation
STP
OSPF v2 & v3
Multicast switching and routing
VRRP
101
HP Networking and Cisco CLI reference
Guide
http://h17007.www1.hp.com/docs/interoperability/Cisco/HP-Networking-and-Cis
co-CLI-Reference-Guide_June_10_WW_Eng_ltr.pdf
102
Available Training for SAs/Channels/Partners
HP Networking Interoperability (3 days)
This course helps network engineers design and implement multivendor networks that
include HP A-Series, HP E-Series, and Cisco switches. The course focuses on the key
differences between platforms, such as VLAN configuration, Spanning Tree Protocol (STP),
Open Shortest Path First (OSPF), link aggregation, and Network Address Translation (NAT).
Network engineers will learn how to identify compatibility problems and evaluate the pros
and cons of each possible solution for a given network environment.
Areas of interoperability on multivendor networks:
Multiple Spanning Tree Protocol (MSTP)
Rapid Spanning Tree Protocol (RSTP)
Differences between Per VLAN Spanning Tree Plus (PVST+) and MSTP
Management of HP A-Series, HP E-Series, and Cisco switches
VLAN configuration on HP A-Series, HP E-Series, and Cisco switches
Aggregated links between HP switches and Cisco switches
Network Address Translation (NAT)
Quality of service (QoS) for proper traffic prioritization
Host Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)
103
Available Training for SAs/Channels/Partners
HP Migrating to Open Network Standards (4 days)
This course focuses on the advantages of using open-standard protocols
on contemporary networks. It teaches network designers and network
engineers how to migrate proprietary protocols to open-standard
protocols and then helps them develop migration strategies that reduce
both risk and downtime.
Migrating the L3 switches in Core
Migrating the L2 switches in access
HSRP, VRRP and IRF
and distribution layers
IGP transition: static routes, EIGRP, OSPF
Manual or automatic setting of VLANs
BGP transition, ACL migration, IP Multicast
Managing redundancy with or without STP transition
Per VLAN Spanning Tree Plus (PVST+) and MSTP
Static, LACP, and PAgP link-aggregation
Integrate IRF cluster into mixed environment
Managing Cisco and HP devices in
Transiting security features on the Edge the
same network with IMC
104 SNMP and traffic monitoring with Sflow and
DEMOS
Interoperability examples
Layer 2: Layer3:
VLANs OSPF
Link-Aggregation BGP
106
CONCLUSION
Conclusion and Recommendation
Get HP / Cisco interoperability documentation.
Interoperability between HP and Cisco is proven.
Target simplest migration steps: like core first and edge second
Validate migration scenario with customer network protocols and
environment constraints.
Test resulting outage time per disruptive phase.
Planned outage according to the migration scenario including
rollback time if it happens.
108
THANK YOU