Develop The Right Expertise with HP

2010 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without
notice
HP / CISCO INTEROPERABILITY
AND MIGRATION SCENARIO

Holger Hasenaug,
Presales Solution Architect, HP Networking
Vincent Giles,
EMEA Technical Product Manager, HP
Networking

2011 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without
notice
Abstract
Learn how HPN A-Series and Cisco interoperate together with
regards to layer-2 protocols (VLANs, link aggregation, spanning
tree), layer-3 protocols (VRRP, OSPF, BGP, multicast, VRF), security
and equipment access control management.
We will show live examples of these protocols as proof point of
transition feasibility.
We will describe one migration scenario as a baseline proposal for
customer dialog.

3
Agenda

HP / Cisco Interoperability Migration Scenario

VLANs Migration Objectives
Link-Aggregation Core Migration
Spanning-Tree Campus Edge Migration
Access-List (ACL) DC Edge Migration
IP Phone References / Trainings
IP Adressing and Routing
OSPF Conculsion
BGP

MCE / VRF Demo

4
HP / CISCO INTEROPERABILITY
HP Cisco Interoperability
Switching Management
Switch
Switch Spanning-Tree: VLANs: IEEE 802.1Q SNMP
-- Link aggregation: IEEE 802.3ad Command Line Interface
Routing: Configuration file and
Switch
Switch OSPF, BGP, VRF OS handling

Quality of Service Power over Ethernet

Classification: IP Phone discovery protocols
VoIP
VoIP Marking
Queing, Policing

Management security Network access security

SNMPv3: IETF RFCs IEEE 802.1X, MAC, Web-based
Security
Security SSH, SCP or SFTP: IETF drafts auth.
HTTPS Network stability security
RADIUS, TACACS Spanning-Tree: BPDU-Guard,
Root-Guard
HPN Equipment Management
AAA with RADIUS or HWTACACS
Authentication access with 4 levels capability
ACL to limit VTY access
Syslog
SNMP v2, v3, Trap receiver
SSHv2
NTP
Source management traffic from loopback interface to restrict traffic into management
systems
Header (banner)
Netstream (Netflow)
HP IMC (Intelligent Management Center)

7
SSH with Local User Account
Configuration Comparison
HP A-Serie Cisco

Generate key pair, enable SSH server, and disable Telnet Generate key pair, enable SSH server
access
public-key local create rsa crypto key generate rsa usage-keys modulus 1024
ssh server enable ip ssh version 2
undo telnet server enable Default

Set authentication mode to local user Set authentication mode to local user, disable telnet and
associated ssh service
user-interface vty 0 4 line vty 0 4
authentication-mode scheme login local
protocol inbound ssh transport input ssh

Define local user and privilege level, associated ssh Define local user and privilege level
service
local-user admin123 username admin123 privilege 15 password verysecret
password cipher verysecret
service-type ssh
authorization-attribute level 3
8
SNMPv2
Configuration Comparison
HP A-Serie Cisco
Enable SNMPv2c and community name Enable SNMPv2c and community name
snmp-agent
snmp-agent sys-info version v2c
snmp-agent community write xyzabc snmp-server community xyzabc rw

Enable SNMPv2c traps Enable SNMPv2 traps

snmp-agent trap source loopback 0 snmp-server source-interface trap loopback 0
snmp-agent trap enable snmp-server enable trap
snmp-agent target-host trap address udp-domain snmp-server host 10.1.1.100 version 2c public
10.1.1.100 udp-port 5000 params securityname public v2

SNMP contact and location information SNMP contact and location info
snmp-agent sys-info contact +510 234 4849 snmp-server contact +510 234 4849
snmp-agent sys-info location Germany/xzy snmp-server location Germany/xzy

Disable trap for link up/down Disable trap on link up/down

interface gigabitethernet 1/0/10 interface GigabitEthernet1/0/10
undo enable snmp trap updown no snmp trap link-status

9
 Password encryption, NTP and Syslogging
Configuration Comparison
HP A-Serie Cisco
Encrypt passwords Encrypt passwords
Use cipher keyword every time a password is entered service password-encryption

Set time with NTP, time zone, and summertime Set time with NTP, time zone, and summertime
ntp-service unicast-server 10.1.1.101 ntp server 10.1.1.100
clock timezone GMT1 add 01:00:00 clock timezone gmt1 1
clock summer-time western-europe repeating 01:00:00 2010 March last clock summer-time GMT1 recurring last Sun
Sunday 01:00:00 2010 October last Sunday 01:00:00 Mar 1:00 last Sun Oct 1:00 60

Set syslog server and information log level Set syslog server and info log level
info-center enable
info-center loghost 10.1.1.200 logging host 10.1.1.100
info-center source default channel loghost log level information logging alarm notifications
service timestamps log datetime localtime

10
System Debugging on the CLI
HP A-Series networking devices provide extensive debugging
functions for protocols and features supported to help
administrators and operators to diagnose problems.
<HP-A> debug snmp trap packet
[HP-A-Ten-GigabitEthernet1/1/2]shut

#May 4 05:32:10:292 2000 A5500 LAGG/1/AggPortInactive2:

Trap 1.3.6.1.4.1.25506.8.25.2.3<hh3cAggPortInactiveNotification2>: Aggregation Group 1: port member
11796533 becomes INACTIVE!
%May 4 05:32:10:294 2000 A5500 LAGG/2/LAGG_LOG:
Port member Ten-GigabitEthernet1/1/2 of aggregation group BAGG1 becomes INACTIVE!
*May 4 05:32:10:333 2000 A5500 SNMP/7/TRAP_PACKET:
hh3cAggPortInactiveNotification2 trap<v1> send to: 16.48.50.115
time-stamp: 66786024
UDP port: 162, send OK
*May 4 05:32:10:334 2000 A5500 SNMP/7/VBLIST:
hh3cAggLinkNumber.1: 1
*May 4 05:32:10:335 2000 A5500 SNMP/7/VBLIST:
hh3cAggPortIndex.89: 89
%May 4 05:32:10:421 2000 A5500 IFNET/4/LINK UPDOWN: Ten-GigabitEthernet1/1/2: link status is DOWN

11
Centralized Authentication,
Authorization and Accounting (AAA)
AAA is a server-based authentication strategy that:

is centralized and standards based: can be used for all the devices in the LAN/WAN
simplifies the authorization database configuration and maintenance, including back-up
includes
accounting to collect login and usage information that can be used for security tracking
and troubleshooting
TACACS
Server
HP Networking A-Series support: Network Admin
logged in via SSH
TACACS: on the switch
CS
Point-to-Point Protocol (PPP) TACA

Virtual Private Dial-up Network (VPDN)
Terminal users (Console, Telnet, FTP, SSH, and Web access)
incl. command authorization and accounting
RADIUS: RA
DIU
Switch, S
Point-to-Point Protocol (PPP) Router
Virtual Private Dial-up Network (VPDN)
Terminal users (Console, Telnet, FTP, SSH, and Web access)
Normal user access RADIUS
802.1X, MAC, Web Authentication
though 802.1X, MAC, Web Server

12
Some Standards versus Proprietary

Features HP A-Series HP E-Series Cisco

Link Information LLDP LLDP CDP

VLAN
GVRP GVRP VTP
advertisement

Virtual IP VRRP VRRP HSRP

STP MSTP MSTP PVSTP+

13
LLDP / CDP
 CDP / LLDP Configuration Comparison
Switch-to-Switch connection
HP A-Serie Cisco

lldp enable Default on some devices lldp run

lldp compliance cdp enable cdp run Default

CDP frames forwarding

disabled
interface GigabitEthernet 1/20
lldp compliance admin-status cdp txrx

CDP frames will be procceced and displayed in show lldp

neigh.
No CDP frames will be sent out unless a Cisco IP phone is
discovered. CDP

G1/20 G1/20
LLDP
HP A-Serie Cisco
15
Useful show and display commands
Description HP A-Series Cisco

CDP neighbor information display lldp neighbor-information show cdp neighbor

LLDP neighbor information display lldp neighbor-information list show lldp neighbor

Detailed LLDP and LLDP-MED

display lldp neighbor-information show lldp neighbor detail
neighbor information

Detailed LLDP and LLDP-MED

display lldp neighbor-information show lldp neighbor
port specific neighbor
information interface <port-id> <port-id> detail

16
VLANS
Switch Port Roles
End User ports (PCs, Printer,)
IP phone ports
Server
End User + IP phone ports Switch
Server ports for one VLAN
PC
Server ports for multiple VLANs
Switch-to-Switch ports for multiple VLANs
Aggregated ports
PC

Switch IP phone IP phone

Routing Switch

Aggregated links

Server
18
Terminology Differences
Switch Port
HP A-Series HP E-Series Cisco
Role
End nodes:
PCs, printers, and Access port Untagged port Access port
so on

Hybrid port Untagged in data

Access port with
PC + IP Phone VLAN; tagged in voice
or trunk port auxiliary VLAN (voice)
VLAN

Switch-to-switch
with multiple VLANs
Trunk port Tagged port Trunk port

Bridge aggregation
Link aggregation Trunk port Port channel interface
interface

19
VLAN Configuration Comparison
Switch-to-Switch connection
HP A-Serie Cisco

interface GigabitEthernet 1/20 interface GigabitEthernet 1/20

port link-mode bridge Default switchport Default on access
switches
switchport trunk encapsulation dot1q
port trunk pvid vlan 1 Default switchport trunk native vlan 1 default
port trunk permit vlan 1 to 3 switchport trunk allowed vlan 1-3
port link-type trunk switchport mode trunk
switchport nonegotiate disable Cisco DTP

G1/20 G1/20

HP A-Serie Cisco

20
VLAN Configuration Comparison
Switch-to-End Node connection
HP A-Serie Cisco
interface GigabitEthernet 1/10 interface GigabitEthernet 1/10
port link-mode bridge Default switchport Default on access
port access vlan 10 switches
switchport access vlan 10
port link-type access Default
switchport mode access Default

HP A-Serie Cisco

G1/10 G1/10

21
Useful show Commands
Description HP A-Series Cisco
Port status display interface brief show interfaces status

Port counters / utilization display interface <port> show interface <port>

What VLAN are configured? display vlan show vlan brief

Specific information about display vlan <vlan-id> show vlan id <vlan-id>

a single VLAN.
Which untagged VLAN display interface brief show interfaces status
does a port belong to?
Is the port a Cisco layer-2 display interface brief show interfaces <port> switchport
port?
Which VLANs are display interface <port> show interfaces <port> trunk
configured on a port? display port trunk | hybrid

Which ports exist with display interface brief show interfaces trunk
more than one VLAN display port trunk | hybrid

22
LINK AGGREGATION
 Static Aggregated Ports
HP A-Serie Cisco
interface Bridge-Aggregation 1 interface Port-channel1 Automaticall
y created

interface Gigabitethernet 1/20 interface GigabitEthernet 1/20

Here we do not
port link-aggregation group 1 channel-group 1 mode on use dynamic
aggregation
interface Gigabitethernet 1/21 interface GigabitEthernet 1/21 protocols like
port link-aggregation group 1 channel-group 1 mode on LACP

der of configuration: Order of configuration:

Bridge-Aggregation Interface 1. Physical Interface
Physical Interface 2. Port Channel Interface
G1/20 G1/20

G1/21 G1/21
BAAG1 Po1
HP A-Serie Cisco

The A-Series port-group command does not have anything to do with link-aggregation
24 configurations. Instead you can use it to configure mutliple ports at the same time.
Dynamic Aggregated Ports using LACP (IEEE 802.3ad)

HP A-Serie
interface Bridge-Aggregation 1
link-aggregation mode dynamic
enable
LACP
interface gigabitethernet 1/20
port link-aggregation group 1
interface gigabitethernet 1/21
port link-aggregation group 1
Cisco
interface Port-channel1
interface GigabitEthernet 1/20
channel-group 1 mode active
enable
interface GigabitEthernet 1/21 LACP
channel-group 1 mode active

G1/20 G1/20

G1/21 G1/21
BAAG1 Po1
HP A-Serie Cisco

25
Useful show commands
Description HP A-Series Cisco
What ports belong display link-aggregation summary | show etherchannel <port-channel> summary
to the verbose | detail
aggregation?

Which aggregation display link-aggregation member-port show interfaces <port> etherchannel

does a port belong <port>
to?

What load- display link-aggregation load-sharing show etherchannel load-balance

balancing mode
algorithm is used
for egress traffic?

Specific LACP display lacp show lacp

information.

26
SPANNING-TREE
Multiple Spanning-Tree
Design 1: MSTP with only the default instance
Core1 Core2
HP-A Cisco
STP Series
root STP backup root

Access1
HP-A Series
X

X
Access2
Cisco
Pros: simple, all switches speak the same standard
28
protocol
Cons: no load balancing
Multiple Spanning-Tree
Design 1: MSTP with only the default instance

Core 1: HP A-Series Core 2: Cisco

stp mode mstp Default spanning-tree mode mst
stp enable
stp instance 0 priority 0 spanning-tree mst 0 priority 4096
stp pathcost-standard dot1t

29
Multiple Spanning-Tree
Design 1: MSTP with only the default instance

Access 1: HP A-Series Access 2: Cisco

stp mode mstp Default spanning-tree mode mst
stp enable
stp pathcost-standard dot1t

interface 1/20 interface 1/20

description end-user description end-user
stp edge-port enable spanning-tree portfast

30
Multiple Spanning-Tree
Design 2: MSTP and load balancing between instances
MSTP MSTP
Instance 1: VLAN 1-30 Instance 2: VLAN 31-60
STP root STP backup root STP root
instance 1 instance 1 STP backup root
Core1 Core2 Instance 2 Core1 Instance 2
Core2
HP-A Cisco HP-A Cisco
Series Series

Access1 Access1
HP-A Series HP-A Series
X STP blocked
for instance 1
X
STP blocked
X for instance 2
X
Access2 Access2
Pros: load balancing
Cisco Cons: more complex to configure and troubleshoot Cisco
31
Multiple Spanning-Tree
Design 2: MSTP and load balancing between instances
Core 1: HP A-Series
stp mode mstp
stp instance 1 priority 0
stp instance 2 priority 4096
stp enable
stp pathcost-standard dot1t
stp region-configuration
region-name hp-cisco
revision-level 1
instance 1 vlan 1 to 30
instance 2 vlan 31 to 60
active region-configuration
32
Core 2: Cisco
spanning-tree mode mst
spanning-tree mst 1 priority 4096
spanning-tree mst 2 priority 0
spanning-tree mst configuration
name hp-cisco
revision 1
instance 1 vlan 1-30
instance 2 vlan 31-60
Multiple Spanning-Tree
Design 2: MSTP and load balancing between instances
Access 1: HP A-Series
stp mode mstp
stp enable
stp pathcost-standard dot1t
stp region-configuration
region-name hp-cisco
revision-level 1
instance 1 vlan 1 to 30
instance 2 vlan 31 to 60
active region-configuration
interface 1/20
description end-user
stp edge-port enable
33
Access 2: Cisco
spanning-tree mode mst
spanning-tree mst configuration
name hp-cisco
revision 1
instance 1 vlan 1-30
instance 2 vlan 31-60
interface 1/20
description end-user
spanning-tree portfast
Useful show commands
Description HP A-Series Cisco
How is MST configured? display stp region-configuration show span mst configuration
display current configuration mst- show span mst configuration
region digest
Check if the other show span interface [ <port>
switches are in the same detail]
MST region? Look for Bound (PVST, RPVST,
RSTP)
What ports are blocking display stp brief show spanning-tree
in the CST?
What ports are blocking display stp instance 0 brief show span instance 0
in the IST=instance 0?
What ports are blocking display stp instance <instance id> show span instance <instance ID>
in the instances >0 ? brief
Where did the latest Display stp history show span active detail
topology change came
from?

34
Hardening STP
STP root STP backup root

Root
Root guard:
guard: Prevents
Prevents
the Loop
Loop guard:
guard:
the insertion
insertion of
of aa
fake Prevents
Prevents loop
loop
fake root
root triggering
triggering
an situations
situations when
when
an STP
STP topology
topology
change edge
edge switches
switches
change
stop
stop receiving
receiving
Edge ports BPDUs
BPDUs from
from
BPDU
BPDU guard:
guard: Prevents
Prevents
network
network instability
instability due
due Loopback-detection
Loopback-detection upstream
upstream
to
to switch
switch insertion
insertion at
at Prevents
Prevents loops
loops that
that occur
occur switches
switches
the
the edge
edge on
on an
an external
external hubs
hubs oror
switches
switches and
and are
are not
not
detected
detected by
by STP
STP
35
Spanning-tree Hardening Features
HP A-Series HP E-Series Cisco

Unidirectional Link Unidirectional Link

Device Link Detection
Detection (UDLD) HP E- Detection (UDLD) Cisco
Protocol (DLDP)
Series style style
Root guard Root guard Root guard

Loop guard Loop guard (added in K.15.05) Loop guard

BPDU protection BPDU protection BPDU guard

loopback-detection Loop protection keepalives

36
Root-guard
HP A-Series Cisco

Interface specific: Interface specific:

interface gig0/2 interface gig0/2
stp root-protection spanning-tree guard root

Recovery is done automatically Recovery is done automatically

37
Loop-guard
HP A-Series Cisco

Interface specific: Interface specific:

interface gig0/2 interface gig0/2
stp loop-protection spanning-tree guard loop

Recovery is done automatically Recovery is done automatically

38
BPDU-protection / BPDU-guard
HP A-Series
Global for all ports in stp edge-port
mode:
stp bpdu-protection
Recovery configured globally:
shutdown-interval 300
(default is 30 seconds)
39
Cisco
Global for all ports in spanning-tree
portfast mode:
spanning-tree portfast bpduguard
default
Or interface specific:
interface gig0/2
spanning-tree bpduguard enable
Recovery configured globally:
errdisable recovery cause bpduguard
errdisable recovery interval 300
(default)
Loopback-detection / keepalives
HP A-Series Cisco
By default disabled on all ports By default enabled on all copper ports
loopback-detection enable
loopback-detection interval-time 30
(default)

Interface specific:
interface
loopback-detection enable
loopback-detection control enable
(on vlan trunk/hybrid interfaces
required)

Recovery is done automatically Recovery configured globally:

errdisable recovery cause loopback
errdisable recovery interval 300
(default)
40
Cisco PVST+ Support on HP Networking
devices
HP Networking Switches Schedule for PVST+

A12500 Available since April 2011 (R.13.35)

A9500 Available since April 2011 (R.13.35)

A7500 July 2011

A5820 / A5800 Dec 2011 / Dec 2011

A5500EI / SI Dec 2011 / Dec 2011

A5120EI / SI Dec 2011 / not planned

E8200zl / E5400zl / E3500yl / E6600 Q1 2012

41
ACCESS-LISTS (ACLS)
Configuring ACLs on HP A-Series switches
Like Cisco switches, HP A-Series switches support:
Standard ACLs, called basic and numbered 2000-2999
Extended ACLs, called advanced and numbered 3000-3999
MAC ACLs, called Ethernet frame header ACLs and numbered 4000-4999

A-Series ACLs have an implicit allow at the end

Cisco ACLs have an implicit deny at the end

43
Applying ACLs
Standard & Extended ACL
Routed ACL (applied to Inbound and Outbound routed traffic)
VLAN ACL (applied to inbound switched traffic)
Static and Dynamic Port ACL (applied to inbound switches traffic)

L3

Routed ACL

L2
L2

Port ACL

VLAN ACL
44
 Extended Access-Lists example
HP A- acl number 3101
rule 0 permit tcp established
Serie rule 5 permit tcp destination 192.168.16.250 0.0.0.1 destination-port eq tacacs
s rule 10 permit udp destination 224.0.0.2 0 destination-port eq 1985
rule 20 permit udp destination 192.168.116.72 0 destination-port eq snmptrap
rule 25 permit tcp source 192.168.0.1 0 destination 1.2.3.4 0 destination-port eq 65
rule 30 deny ip
Implicit permit any is the
# default = > rule 30 is required
interface Vlan-interface1 to work like Cisco
ip address 1.1.1.1 255.255.255.0
packet-filter 3101 inbound

Cisco access-list 101 permit tcp any any established

access-list 101 permit tcp any 192.168.16.250 0.0.0.1 eq tacacs
access-list 101 permit udp any host 224.0.0.2 eq 1985
access-list 101 permit udp any host 192.168.116.72 eq snmptrap
access-list 101 permit tcp host 192.168.0.1 host 1.2.3.4 eq 65
!
interface Vlan1
ip address 1.1.1.3 255.255.255.0
ip access-group 101 in
45
HP ACL Converter
Convert Cisco ACLs to HP A-Series ACL`s

46
IP PHONE
Shared connections for PC and IP-phone
How does IP phone auto-configure the voice VLAN and QoS?
Auto-config voice VLAN and L2/L3 QoS using LLDP-MED (HPN switches) or CDPv2
(Cisco switches)
Many phones support vendor specific DHCP process for auto-config
Avaya, Alcatel, Mitel, Siemens, ShoreTel etc
DHCP server on data VLAN advertises voice VLAN ID and QoS

One-time manual configuration

For Cisco, set the admin VLAN ID via the Network Configuration setup when connecting to a Cisco network

DHCP
server IP Untagged data VLAN Untagged
network data VLAN
tagged voice VLAN
Switch IP phone PC

IP PBX
48
Cisco IP phone boot process on old phones
CDPv2 and pre-standard PoE
Cisco pre-standard PoE: Fast Link Pulse
Reflected Fast Link Pulse

CDP: Power requirement

Switch
CDP: voice VLAN ID
Cisco7960G

DHCP request in voice VLAN

DHCP response: IP add., Gateway, TFTP server
DHCP Server

TFTP request for configuration

TFTP request of configuration

Cisco7940G
SCCP or SIP registration with Callmanager Cisco Callmanager
49
 Switch-to-IP-phone connection with old Cisco
phones HP A-series Cisco
Required for old
poe legacy enable pse 4
Cisco Inline-Power
lldp compliance cdp enable
phone
undo voice vlan security enable

interface GigabitEthernet 1/20 interface GigabitEthernet 1/20

port link-mode bridge Required for old switchport
port link-type hybrid Cisco CDP only switchport access vlan 2
undo port hybrid vlan 1 phones switchport mode access
port hybrid vlan 2 untagged switchport voice vlan 3
port hybrid vlan 3 tagged
port hybrid pvid vlan 2
poe enable
PoE needs to
voice vlan 3 enable
be enabled per
undo voice vlan mode auto
port
lldp compliance admin-status cdp txrx

Voice traffic is
marked by default
with COS vlaue 6 Untagged data VLAN (2) Untagged
and DSCP value 46 data VLAN (2)
tagged voice VLAN (3)
(0xEF) and put in
second highest Switch CDPv2 IP phone PC
queue
50 6.
Display CDP for Cisco phones on A-Series
[HP-A] display lldp neighbor-information

CDP neighbor-information of port 2[GigabitEthernet1/0/2]:

CDP neighbor index : 1
Chassis ID : SEP00036B54B56A
Port ID : Port 1
Software version : P00307020200
Platform : Cisco IP Phone 7960
Duplex : Full

51
Cisco IP phone boot process on current
phones
LLDP-MED and 802.3af PoE
IEEE 802.3af: Apply voltage and classify device
Return current

LLDP-MED: PoE requirement, firmware, serial#

Switch
Cisco7941/42/61/62G LLDP-MED: voice VLAN ID, etc
(CDPv2 is still supported)

DHCP request in voice VLAN

DHCP response: IP add., Gateway, TFTP server

Cisco7945/65G DHCP Server

TFTP request for configuration

TFTP request of configuration

Cisco7970/71/75G SCCP or SIP registration with Callmanager Cisco Callmanager

52
Cisco Phone's Support for LLDP-MED Protocol
https://supportforums.cisco.com/docs/DOC-14879

53
 Switch-to-IP-phone connection with current Cisco phones
HP A-series Cisco
undo voice vlan security enable

interface GigabitEthernet 1/20

port link-mode bridge
port link-type hybrid interface GigabitEthernet 1/20
undo port hybrid vlan 1 switchport
port hybrid vlan 2 untagged switchport access vlan 2
port hybrid vlan 3 tagged switchport mode access
port hybrid pvid vlan 2 switchport voice vlan 3
poe enable PoE needs to no cdp enable
voice vlan 3 enable be enabled per
undo voice vlan mode auto port

Voice traffic is
marked by default
with COS vlaue 6 Untagged data VLAN (2) Untagged
and DSCP value 46 data VLAN (2)
tagged voice VLAN (3)
(0xEF) and put in
second highest Switch LLDP-MED IP phone PC
queue
54 6.
Display LLDP-MED for current Cisco phones on A-Series

[HP A-Series] display lldp neighbor-information list

System Name Local Interface Chassis ID Port ID
SEP000ED7ABFFCF GE1/0/2 3.3.3.10 000ED7ABFFCF:P1

[HP A-Series] display lldp neighbor-information

LLDP neighbor-information of port 2[GigabitEthernet1/0/2]:
Neighbor index : 1
Update time : 0 days,0 hours,24 minutes,47 seconds
Chassis type : Network address(ipv4)
Chassis ID : 3.3.3.10
Port ID type : Locally assigned
Port ID : 000ED7ABFFCF:P1
Port description : SW PORT
System name : SEP000ED7ABFFCF
System description : Cisco IP Phone 7970G,V, SCCP70.9-0-2TH1-2S
System capabilities supported : Bridge,Telephone
System capabilities enabled : Bridge,Telephone

Auto-negotiation supported : Yes

Auto-negotiation enabled : Yes
OperMau : speed(1000)/duplex(Full)
...

55
Display LLDP-MED for current Cisco phones on A-Series

...
Device class: Endpoint Class III

Media policy type : Voice

Unknown Policy : No
VLAN tagged : Yes
Media policy VlanID : 3
Media policy L2 priority : 5
Media policy Dscp : 46
...
HardwareRev :
FirmwareRev : 7970_64054100.bin
SoftwareRev : SCCP70.9-0-2TH1-2S
SerialNum : INM080113SF
Manufacturer name : Cisco Systems, Inc.
Model name : CP-7970G

PoE PD power source : PSE

Port PD Priority : Unknown
Port available power value: 6.3(w)

56
QoS Concepts
Traffic classification
Traffic policing Traffic policing
Packet flow

WAN
Router Switch IP phone PC

Congestion managementCongestion management

Congestion avoidance Congestion avoidance
Traffic shaping Traffic shaping
Traffic policing Traffic policing

57
HP A-Series QoS Service Model

Traffic Classification and Marking

Classification based on Port, VLAN ID, IP Addresses, CoS, DSCP
Sophisticated classification and marking using policies and Congention Managament
ACLs Frist In First Out (FIFI)
Traffic Shaping and Policing Priority Queing (PQ)
Commited Access rate (CAR) Customer Queing (CQ)
Generic traffic Shaping (GTS) Weighted Fair Queing (WFQ)
Congestion Avoidance Low Latency Queing (LLQ)
Traditional Packet Drop Policy Class-based Weighted Fair Queing (CBWFQ)
Weighted Random Early Detection (WRED) RTP Priority Queing (RTPQ)

58
Easy QoS example for IP-phones
HP A-series
interface GigabitEthernet 1/20
port link-mode bridge
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 2 untagged
port hybrid vlan 3 tagged
port hybrid pvid vlan 2
voice vlan 3 enable
voice vlan qos trust
or
voice vlan qos {dot1p | dscp} <value> packets in
qos wrr 6 group sp queue 6 will
undo voice vlan mode auto processed in
strict queuing

59
Advanced QoS example for IP-phones
HP A-Series
traffic classifier VoIP-Control-Trust operator or
if-match dscp af31
if-match dscp cs3
traffic classifier VoIP-RTP-Trust operator or
if-match dscp ef
#
traffic behavior VoIP-Control-Trust
remark dscp cs3 or af31
car cir 64 cbs 8000 ebs 4000 green pass red discard yellow pass
traffic behavior VoIP-RTP-Trust
remark dscp ef
car cir 128 cbs 8000 ebs 4000 green pass red discard yellow pass
#
qos policy Police-CiscoPhone
classifier VoIP-RTP-Trust behavior VoIP-RTP-Trust
classifier VoIP-Control-Trust behavior VoIP-Control-Trust
#

interface GigabitEthernet1/0/2

qos apply policy Police-CiscoPhone inbound
qos trust dscp

60
IP ADRESSING AND ROUTING
Layer-3 IP Interfaces and Static Routes
HP A-Series Cisco
ip unreachables enable interface GigabitEthernet 1/20
ip ttl-expires enable to enable traceroute ip unreachables Default

Layer-3 port configuration: Layer-3 port configuration:

interface GigabitEthernet1/0/5 interface GigabitEthernet 1/20
port link-mode route no switchport
ip address 1.1.1.1 255.255.255.252 ip address 1.1.1.1 255.255.255.252

Layer-3 vlan configuration: Layer-3 vlan configuration

interface Vlan-interface1 interface Vlan1
ip address 2.2.2.1 255.255.255.0 ip address 2.2.2.1 255.255.255.0

Static default route: Static default route:

ip route-static 0.0.0.0 0.0.0.0 1.1.5.5 ip route 0.0.0.0 0.0.0.0 1.1.5.5

62
Default Routing Preference / Administrative
Distance
Route Sources HP A-Series Routing Cisco Administrative
Preference Distance
Directly Connected 0 0
OSPF 10 110
(150 if autonomous system
external)
IS-IS 15 115
STATIC 60 1
RIP 100 120
IBGP 255 200
EBGP 255 20
Unknown 256 255

Default Routing Preference / Administrative Distance

should be
63 changed in a mixed environment to have a common
 OSPF

OSPF area 0

Network 2.2.2.0/24 Network 3.3.3.0/24

int g1/0/5 int g1/20:
1.1.1.1 1.1.1.2
HP A-Series Cisco

Network 1.1.1.0/30

User Network 1 Transfer Network User Network 2

64
OSPF Configuration Comparison
HP A-Series
ospf 1
silent-interface Vlan-interface1
preference 110
preference ase 110
area 0.0.0.0
network 1.1.1.0 0.0.0.0
network 3.3.3.1 0.0.0.0
network 99.99.99.1 0.0.0.0
interface LoopBack1
ip address 99.99.99.1 255.255.255.255
ospf cost 10
interface Vlan-interface1
ip address 1.1.1.1 255.255.255.0
ospf cost 10
interface GigabitEthernet1/0/5
port link-mode route
ip address 1.1.1.1 255.255.255.0
ospf cost 10
ospf network-type p2p
65
Cisco
router ospf 1
passive-interface Vlan1
network 1.1.1.2 0.0.0.0 area 0
network 3.3.3.1 0.0.0.0 area 0
network 99.99.99.2 0.0.0.0 area 0
interface Loopback1
ip address 99.99.99.2 255.255.255.255
ip ospf cost 10
interface Vlan1
ip address 1.1.1.2 255.255.255.252
ip ospf cost 10
interface GigabitEthernet 1/20
no switchport
ip address 1.1.1.1 255.255.255.0
ip ospf cost 10
ip ospf network point-to-point
BGP BGP
AS65400

2.
2 .2

30
. 6/

2/
30

2.
2.
2.
30
2.
2.
1/
2.
2. BGP 2 .5
/
AS65010 30
2.

1.1.1.1/30 1.1.1.2/30
HP A-Series Cisco

66
BGP Configuration Comparison
HP A-Series
bgp 65009
preference 20 200 200
undo synchronization
network 9.9.9.0 255.255.255.0
log-peer-change
import-route static
peer 1.1.1.2 as-number 65009
peer 1.1.1.2 description router-xzy
peer 1.1.1.2 connect-interface LoopBack1
peer 1.1.1.2 next-hop-local
peer 1.1.1.2 advertise-community
Cisco
router bgp 65009
no synchronization
network 9.9.9.0 mask 255.255.255.0
bgp log-neighbor-changes
redistribute static
neighbor 1.1.1.1 remote-as 65009
neighbor 1.1.1.1 description router-abc
neighbor 1.1.1.1 update-source Loopback 1
neighbor 1.1.1.1 next-hop-self
neighbor 1.1.1.1 send-community

peer 2.2.2.2 as-number 65400 neighbor 2.2.2.6 remote-as 65400

peer 2.2.2.2 description router-ghi neighbor 2.2.2.6 description router-ghi
peer 2.2.2.2 advertise-community neighbor 2.2.2.6 send-community
undo summary no auto-summary

67
MULTI-VPN-INSTANCE CE (MCE)
VIRTUAL ROUTING FORWARDING
(VRF)
HP: Multi-VPN-Instance CE (MCE)
Cisco: Virtual Routing Forwarding (VRF)
Feature:
Separates one device into many
different software routers (layer-3)
Benefits:
Separate routed (virtual) networks
with distinct routing tables to co- Customer C
exist on the same switch (router) Customer B
Customer A
Providing layer-3 customer
segmentation, complimenting layer-2
VLAN segmentation

69
MCE / VRF Configuration Comparison
HP A-Series Cisco
ip vpn-instance customer-a ip vrf customer-a
route-distinguisher 10:1 rd 10:1
vpn-target 10:1 export-extcommunity route-target export 10:1
vpn-target 10:1 import-extcommunity route-target import 10:1
# !
ip vpn-instance customer-b ip vrf customer-b
route-distinguisher 20:1 rd 20:1
vpn-target 20:1 export-extcommunity route-target export 20:1
vpn-target 20:1 import-extcommunity route-target import 20:1
# !
interface Vlan-interface10 interface Vlan10
ip binding vpn-instance customer-a ip vrf forwarding customer-a
ip address 1.1.1.1 255.255.255.0 ip address 1.1.1.1 255.255.255.0
# !
interface Vlan-interface20 interface Vlan20
ip binding vpn-instance customer-b ip vrf forwarding customer-b
ip address 2.2.2.1 255.255.255.0 ip address 2.2.2.1 255.255.255.0
# !
ospf 1 vpn-instance customer-a router ospf 1 vrf customer-a
area 0.0.0.0 capability vrf-lite
network 1.1.1.1 0.0.0.0 network 1.1.1.1 0.0.0.0 area 0.0.0.0
# !
ospf 2 vpn-instance customer-b router ospf 2 vrf customer-b
area 0.0.0.0 network 2.2.2.1 0.0.0.0 area 0.0.0.0
network 2.2.2.1 0.0.0.0

70
VRRP / HSRP
VRRP / HSRP

HP A-Series Cisco
Options
VRRP HSRP
Authentication Y Y
Preempt Delay Y Y
Interface Tracking Y Y
Remote IP Tracking Y Y
Standard Informational
IETF RFC
RFC 3768 RFC 2281

VRRP and HSRP are not interoperable. Cisco is also supporting

VRRP on some devices which is seldom used.
72
 VRRP / HSRP Configuration Comparison
HP A-Series Cisco
active VRRP router: active HSRP router:
interface Vlan-interface1 interface vlan1
ip address 10.1.1.2 255.255.255.0 ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 standby 1 ip 10.1.1.1
vrrp vrid 1 priority 110 standby 1 priority 110
vrrp vrid 1 preempt-mode timer delay 5 standby 1 preempt delay minimum 5
vrrp vrid 1 track interface vlan-interface 3 standby 1 tracking vlan3
vrrp vrid 1 authentication-mode md5 abc$" standby 1 authentication md5 key-string abc$"
backup VRRP router: backup HSRP router:

interface Vlan-interface1 interface vlan1

ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 100
Default
vrrp vrid 1 preempt-mode timer delay 5
vrrp vrid 1 track interface vlan-interface 3
vrrp vrid 1 authentication-mode md5 abc$"
ip address 10.1.1.3 255.255.255.0
standby 1 ip 10.1.1.1
standby 1 priority 100
standby 1 preempt delay minimum 5 Default
standby 1 tracking vlan 3
standby 1 authentication md5 key-string abc$"

73
 VRRP Configuration Comparison
HP A-Series Cisco
active VRRP router: active VRRP router:
interface Vlan-interface1 interface vlan1
ip address 10.1.1.2 255.255.255.0 ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1 vrrp 1 ip 10.1.1.1
vrrp vrid 1 priority 110 vrrp 1 priority 110
vrrp vrid 1 preempt-mode timer delay 5 vrrp 1 preempt delay minimum 5
vrrp vrid 1 track interface vlan-interface 3 vrrp 1 authentication text abc$"
vrrp vrid 1 authentication-mode md5 abc$"
backup VRRP router: backup VRRP router:

interface Vlan-interface1 interface vlan1

ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 100
Default
vrrp vrid 1 preempt-mode timer delay 5
vrrp vrid 1 track interface vlan-interface 3
ip address 10.1.1.3 255.255.255.0
vrrp 1 ip 10.1.1.1
vrrp 1 priority 100
vrrp 1 preempt delay minimum 5 Default
vrrp 1 authentication text abc$"

vrrp vrid 1 authentication-mode md5 abc$"

74
HP A-Series vs. Cisco CLI Differences
Overview
HP A-Series Cisco HP A-Series Cisco
display show display version show version
undo no CTRL+G | display current- show running-configuration
configuration
local-user user display diagnostic-information show tech-support
return end display save-configuration show startup-configuration
quit exit CTRL+L | display ip routing-table show ip route
logout exit CTRL+Q CTRL+Z
rip router rip CTRL+E CTRL+P
ospf router ospf CTRL+O | undo debug all no debug all
bgp router bgp save write memory
sysname hostname delete erase
acl access-list simple 0
ip host host cipher 7
link-pro encap info-center logging

display and ping can be executed under

75
any view
Useful commands
A-Series Cisco
screen-length disable terminal length 0
terminal monitor terminal monitor
terminal logging logging console level
terminal debugging
display interfaces brief show interfaces status
display ip interfaces brief show ip interfaces brief
display info-center show logging
display boot-loader display boot
display startup
reset saved-configuration (user view) erase startup-config
reboot (user view) reload

76
MIGRATING TO HP NETWORKING
MIGRATION OBJECTIVES
 Existing Network
OSPF/BGP
Site Site
Router1 Router2
- Complexity of PVST/RSTP/MSTP
- Failover time ~ 3s (STP/HSRP)
- Complex L3 Design
Core1 PVST, HSRP, OSPF Core 2
(subnets/protocols)
- Any link/node failure is typically
forcing a topology recalculation
(STP/OSPF)
Campus_Access Campus_Acces DC_Acces DC_Acces
1 s2 PVST s1 s2

79
 Target Network
OSPF/BGP
Site Site
Router1 Router2 No
No need
need for
for MSTP/VRRP
MSTP/VRRP between
between
the
the switches
switches as
as they
they are
are logically
logically
one
one device
device thanks
thanks to
to IRF.
IRF.
Core OSPF Link Aggregation simplifies
Link Aggregation simplifies
network
network design
design and
and operations.
operations.
IR
IR Fast
Fast network
network recovery
recovery (<50ms).
(<50ms).
FF Fewer
Fewer BGP
BGP peers,
peers, OSPF
OSPF neighbors.
neighbors.

Campus_Access DC_Acces
s
IR
IR IR
IR
FF FF

80
Target Network
OSPF/BGP
Site Site
Router1 Router2

SIMPLIFIED
SIMPLIFIED NETWORK
NETWORK
Core OSPF
EASIER
EASIER TO
TO MAINTAIN
MAINTAIN
GREATER
GREATER PERFORMANCE
PERFORMANCE
IR
IR MORE
MORE RELIABLE
RELIABLE
FF FASTER
FASTER FAILOVER
FAILOVER
Campus_Access DC_Acces
s
IR
IR IR
IR
FF FF

81
Migration Order Options
1. Campus Access 1. Core and WAN
2. DC Access 2. Campus Access
3. Core and WAN 3. DC Access

. Less critical part first. . simplify migration if

. Customer may want to get targeted in combination
HPN experience with few with planned outage.
edge devices first.

82
CORE MIGRATION
 Existing Network
OSPF/BGP
Site Site
Router1 Router2

Core1 PVST, HSRP, OSPF Core 2

Campus_Access Campus_Acces DC_Acces DC_Acces

1 s2 PVST s1 s2

84
 Replace Core2 1-
1- Configure
Configure new
new IRF
IRF Core:
Core:
OSPF/BGP
-- VLAN
VLAN
Site Site
-- QoS
QoS marking+queueing
marking+queueing
Router1 Router2
-- ACL
ACL
-- 802.1X
802.1X
-- routing,
routing, multicast
multicast
Core1 PVST, HSRP, OSPF Core 2

IR
IR
FF
2-
2- Make
Make Core1
Core1 primary
primary
Campus_Access Campus_Acces DC_Acces DC_Acces 3-
3- Remove
Remove Core2
Core2
1 s2 PVST s1 s2

85
 Insert new Core2 3-
3- Insert
Insert new
new
Site OSPF/BGP
Site
Core.
Core.
Router1 Router2 4-
4- Check
Check routing.
routing. Connectivity
Connectivity
test.
test.
5-
5- Remove
Remove STP STP on
on Core1
Core1
and
and Access
Access layer
layer
Core1 HSRP, OSPF

IR
IR NO SPANNING
TREE on new Core
FF

Campus_Access Campus_Acces DC_Acces DC_Acces

1 s2 PVST s1 s2

86
 Campus access switches connection
migrationSite
Router1
Site
Router2
~5s 1-
1- Connect
Connect Campus
OSPF/BGP
Core
Core
Campus to
to new
new
2-
2- Check
Check Campus
Campus
connectivity
connectivity
~10s3-
3- For
For Campus
Campus VLANs,
VLANs,
Core1 HSRP, OSPF
OSPF Remove
Remove L3L3 (HSRP)on
(HSRP)on Core1.
Core1.
Activate
Activate L3
L3 on
on new
new Core:
Core:
IR
IR -- configure
configure routing
routing to
to router2
router2
FF -- configure
configure vlan-interface
vlan-interface onon
new
new core
core with
with previous
previous HSRP
HSRP IP
IP
address
address
Campus_Access Campus_Acces DC_Acces DC_Acces -- configure
configure vlan-interface
vlan-interface toto
1 s2 s1 s2 send out gratitious-arp
send out gratitious-arp
-- optional:
optional: clear
clear mac-address-
mac-address-
table
table on
on access
access switch.
switch.
-- tune
tune routing
routing onon router2
router2 to
to
route
route traffic
traffic to
to new
new core
core
4-
4- Check
Check Campus
Campus
87 connectivity
connectivity
 DC access switch connection migration
Site OSPF/BGP
Site
~5s 1-
1- Connect
Connect DC
DC to
to new
new
Router1 Router2 Core
Core on
on BAGG
BAGG interface
interface
2-
2- Check
Check DC
DC
OSPF ~10sconnectivity
connectivity
Core1 HSRP, OSPF
3-
3- For
For DC
DC VLANs,
VLANs,
IR Remove
Remove L3L3 (HSRP)
(HSRP) on
on
IR
FF Core1.
Core1.
Activate
Activate L3
L3 on
on new
new Core:
Core:
-- configure
configure routing
routing to
to router2
router2
-- configure
configure vlan-interface
vlan-interface onon new
new
Campus_Access Campus_Acces DC_Acces DC_Acces core with previous HSRP IP address
core with previous HSRP IP address
1 s2 s1 s2 -- configure
configure vlan-interface
vlan-interface toto send
send
out gratitious-arp
out gratitious-arp
-- optional:
optional: clear
clear mac-address-table
mac-address-table
on access switch.
on access switch.
-- tune
tune routing
routing onon router2
router2 to
to route
route
traffic
traffic to
to new
new core
core
4-
4- Check
Check DC
DC
88 connectivity
connectivity
 Remove Core1 1-
1- Verify
Verify that
that no
no traffic
traffic
OSPF/BGP
Site Site goes
goes through
through Core1.
Core1.
Router1 Router2
2-
2- Remove
Remove
Core1
Core1
3-
3- Check
Check
OSPF
Core1 connectivity
connectivity
4-
4- Additional
Additional link
link to
to
IR
IR Site
Site router1
router1
FF
5-
5- Check
Check
connectivity
connectivity
6-
6- Add
Add second
second link
link to
to
Campus_Access Campus_Acces DC_Acces DC_Acces
1 s2 s1 s2 BAGG
BAGG
7-
7- Check
Check
connectivity
connectivity

89
 1-
1- Add
Add the
the 22 new
new router
router
connections
Site Routers replacement connections
2-
2- Configure:
Configure:
OSPF/BGP
Site Site -- OSPF
OSPF adjacences
adjacences
Router1 Router2 -- BGP
BGP peering
peering (routing
(routing is
is
configured
configured so
so that
that new
new site_router
site_router are
are
Site Site less prefeered)
less prefeered)
Router3 Router4 -- QoS
QoS marking
marking and
and queueing
queueing
OSPF -- ACL
ACL
-- multicast
multicast
IR
IR 3-
3- Check
Check routing
routing
FF
4-
4- Tune
Tune routing
routing to
to get
get new
new
router 3 preferred against
router 3 preferred against
router1
router1
Campus_Access Campus_Acces DC_Acces DC_Acces 5-
5- Check
Check connectivity
connectivity
1 s2 s1 s2
6-
6- Tune
Tune routing
routing to
to get
get new
new
router 4 preferred against
router 4 preferred against
router2
router2
7-
7- Check
Check connectivity
connectivity
9-
9- No
No traffic
traffic through
through old
old 8-
8- Move
Move WAN
WAN circuits
circuits
90 routers.
routers. Remove
Remove them.
them. to
to new ~1min
new routers.
routers.
Core migration completed
OSPF/BGP
Site Site
Router3 Router4

OSPF

IR
IR
FF

Campus_Access Campus_Acces DC_Acces DC_Acces

1 s2 s1 s2

91
CAMPUS EDGE MIGRATION
 Campus Access Switches 1-
1- Install
Install new
new access
access
OSPF/BGP
Site Site switches
switches in in IRF
IRF with
with
Router3 Router4
~5s LACP.
LACP.
2-
2- Move
Move Printers
Printers from
from
Access1
Access1
3-
3- Check
Check
OSPF
connectivity
connectivity
~5s 4-
4- Move
Move Users
Users and
and
IR
IR Phones
Phones
FF 5-
5- Check
Check
connectivity
connectivity
6-
6- Repeat
Repeat forfor Access2
Access2
Campus_Access
Campus_Access Campus_Acces
1 s2 IR 7-
7- Check
Check
IR
FF connectivity
connectivity
8-
8- Remove
Remove old
old Access
Access
Switches
Switches

93
DC EDGE MIGRATION
 DC Access Switches 1-
1- Standby
Standby NIC
NIC move
move to
to
OSPF/BGP
Site Site new
new DC_access.
DC_access.
Router1 Router2

2-
2- Remove
Remove Active
Active NIC.
NIC.
Standby
Standby becomes
becomes
Core OSPF
Active
Active
IR
IR 3-
3- Remove
Remove old
old access
access
FF switches
switches

Campus_Access DC_Acces
DC_Acces DC_Acces s
IR
IR s1 s2 IR
IR
FF FF

95
 Target Network
OSPF/BGP
Site Site
Router1 Router2
~5sFinal
Final step:
step:
Activate
Activate 802.3ad
802.3ad on
on server
server
teaming
teaming driver:
driver: Active/Active
Active/Active
NICs
NICs
Core OSPF

IR
IR
FF

Campus_Access DC_Acces
s
IR
IR IR
IR
FF FF

96
REFERENCES / TRAININGS
Case Study: HP IT
http://h20195.www2.hp.com/V2/GetPDF.aspx/4AA3-3926ENW.pd
f

98
 HP IT Data center network layers WAN
Transport Transport
Transport
WAN Beltway
Transport
(Internet)
(Internet)
(MPLS)
(MPLS) Connectivity
Connectivity Routing to Global MPLS WAN, ISPs &
Layer
Layer
Application
Applications
Internet
Internet Backbone
Backbone Application
Infrastructur

Internet Backbone Optimization

Data
Infrastructur

Internet Backbone Optimization WAN

Protocol Optimization of Selected
WAN Layer
Data Center

Router Router Optimization

Router
Router
Router
Router
Router
Router
Optimization Layer Optimization
ee

Data Center Core

DCs
Center

Internal
Internal
Internal IDS
Routing to individual Cells and adjacent
DMZ Core
DMZCore
DMZ Core Internal IDS
IDS Routing Layer
DMZ Core Core IDS DC
DC Core
Core
Core
Core
Core

Intrusion
Intrusion Intrusion Detection for PCI Applications
FW Internal
Layer3 Layer3 Detection
Detection
FW
SEC InternalDistribution
Layer3 Layer3
Distribution Internal
Layer3
Layer3 Layer3
InternalDistribution
Layer3
Distribution DC
DC Distribution
SEC
SEC
SEC Distribution
Distribution Distribution
Distribution
Distribution Security Services

Layer
Layer 3
3 Routing to individual PODs within a Cell
Layer2 Switch Layer2
Layer2 Switch
Switch Layer Distribution
Layer2 Switch Layer2 Switch Layer 2
2
Cell/POD

Layer2 Switch
Cell/POD Infrastructure

Layer2 Switch
Aggregation
Aggregation Layer2 Switch
Aggregation
Aggregation Aggregation
Aggregation
Aggregation Aggregation
Aggregation Aggregation
POD Level Firewalls
Firewall
Firewall
LB
LB
LB Load
LB
LB Load Balancers
Balancers
Infrastructure

LB
Layer 2 Switch
POD
Layer 2 Switch Aggregation for each
Aggregation
Aggregation

Layer2 Layer
Layer 2
2 Edge
Layer2 Edge Layer2
Layer2 Edge Application
Edge
Switch
Switch
Edge
Switch
Switch
Edge
Switching
Switching
Application Load
Load Load-Balancing Services
Balancing

Layer
Layer 2
2 Edge
Systems
Blade
Blade I/O
I/O Edge Edge Switch ports for Servers and Blade
Server
Server Blade
Blade
Layer
Layer 2
2 Edge
Edge Switching
Switching
Switching
Switching
Platform
Platform Platform
Platform
 HP IT Data center network Portfolio
Transport Transport
WAN A6616
Transport Transport
(Internet)
(Internet)
(MPLS)
(MPLS) Connectivity
Connectivity HP Networking A8812, A6604 and
Layer
Layer
Application
Applications
Internet
Internet Backbone
Backbone Application
Infrastructur

Internet Backbone Optimization

Data
Infrastructur

Internet Backbone Optimization Protocol Optimization of Selected

WAN
WAN Layer Optimization
Data Center

Router Router Optimization

Router
Router
Router
Router
Router
Router
Optimization Layer Optimization
ee

Data
Data Center
Center Core
Center

Internal
Internal
Internal
Core HP Networking A12508
DMZ Core IDS
DMZCore
DMZ
DMZ Core
Core
Internal
Core
Core
Core
IDS
IDS
IDS DC
DC Core
Core Routing
Routing Layer
Layer
Core

Intrusion
Intrusion HP Tipping Point S5100N
FW Internal
Layer3 Layer3 Detection
Detection
FW
SEC InternalDistribution
Layer3 Layer3
Distribution InternalDistribution
Layer3
Internal
Layer3 Layer3
Layer3
Distribution DC
DC Distribution
SEC
SEC
SEC Distribution
Distribution Distribution
Distribution
Distribution Security
Security Services
Services
Layer 3 HP Networking A9505 and A5820X
Layer2 Switch Layer2
Layer2 Switch
Switch Layer Distribution
Distribution
Layer2 Switch Layer 2
2
Cell/POD

Layer2 Switch Layer2

Layer2 Switch
Switch
Cell/POD Infrastructure

Layer2 Switch
Aggregation
Aggregation Aggregation
Aggregation Aggregation
Aggregation
Aggregation Aggregation
Aggregation Aggregation
POD Level Firewalls
Firewall
Firewall
LB
LB
LB
LB
LB Load
Load Balancers
Balancers
Infrastructure

LB
Layer
Layer 2
2 Switch
Switch E6600-24XG and E8212zl
Aggregation
Aggregation

Layer2 Layer
Layer 2
2 Edge
Layer2 Edge Layer2
Layer2 Edge Application
Edge
Switch
Switch
Edge
Switch
Switch
Edge
Switching
Switching
Application Load
Load Load-Balancing Services
Balancing
Balancing

Blade
Blade I/O
I/O Layer
Layer 2
2 Edge
Edge E6600-48G-4XG and E6600-24XG
Server
Server Blade
Blade
Layer
Layer 2
2 Edge
Edge Switching
Switching
Switching
Platform
Platform Platform
Platform
Interoperability Test Report and Cookbook
http://networktest.com/hpiop/
Network Test is an independent third-party test lab and engineering services consultancy.
Our core competencies are performance, security, and conformance assessment of
networking equipment and live networks. Our clients include equipment manufacturers,
large enterprises, service providers, industry consortia, and trade publications.

Tests:
VLAN trunking/tagging
L2/L3 Jumbo Frame handling
Link Aggregation
STP
OSPF v2 & v3
Multicast switching and routing
VRRP

101
HP Networking and Cisco CLI reference
Guide
http://h17007.www1.hp.com/docs/interoperability/Cisco/HP-Networking-and-Cis
co-CLI-Reference-Guide_June_10_WW_Eng_ltr.pdf

102
Available Training for SAs/Channels/Partners
HP Networking Interoperability (3 days)
This course helps network engineers design and implement multivendor networks that
include HP A-Series, HP E-Series, and Cisco switches. The course focuses on the key
differences between platforms, such as VLAN configuration, Spanning Tree Protocol (STP),
Open Shortest Path First (OSPF), link aggregation, and Network Address Translation (NAT).
Network engineers will learn how to identify compatibility problems and evaluate the pros
and cons of each possible solution for a given network environment.
Areas of interoperability on multivendor networks:
Multiple Spanning Tree Protocol (MSTP)
Rapid Spanning Tree Protocol (RSTP)
Differences between Per VLAN Spanning Tree Plus (PVST+) and MSTP
Management of HP A-Series, HP E-Series, and Cisco switches
VLAN configuration on HP A-Series, HP E-Series, and Cisco switches
Aggregated links between HP switches and Cisco switches
Network Address Translation (NAT)
Quality of service (QoS) for proper traffic prioritization
Host Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP)

103
Available Training for SAs/Channels/Partners
HP Migrating to Open Network Standards (4 days)
This course focuses on the advantages of using open-standard protocols
on contemporary networks. It teaches network designers and network
engineers how to migrate proprietary protocols to open-standard
protocols and then helps them develop migration strategies that reduce
both risk and downtime.
Migrating the L3 switches in Core
Migrating the L2 switches in access
HSRP, VRRP and IRF
and distribution layers
IGP transition: static routes, EIGRP, OSPF
Manual or automatic setting of VLANs
BGP transition, ACL migration, IP Multicast
Managing redundancy with or without STP transition
Per VLAN Spanning Tree Plus (PVST+) and MSTP
Static, LACP, and PAgP link-aggregation
Integrate IRF cluster into mixed environment
Managing Cisco and HP devices in
Transiting security features on the Edge the
same network with IMC
104 SNMP and traffic monitoring with Sflow and
DEMOS
Interoperability examples

Layer 2: Layer3:
VLANs OSPF
Link-Aggregation BGP

106
CONCLUSION
Conclusion and Recommendation
Get HP / Cisco interoperability documentation.
Interoperability between HP and Cisco is proven.
Target simplest migration steps: like core first and edge second
Validate migration scenario with customer network protocols and
environment constraints.
Test resulting outage time per disruptive phase.
Planned outage according to the migration scenario including
rollback time if it happens.

108
THANK YOU