How to use a Cisco router as Frame-Relay switch


For this tutorial you can use  a low cost Cisco router and of course you need some serial interfaces available on this router. I will use a 7206 with 3 serial interfaces. This router I will call R6 and the rest of the three routers connected to R6, will be R2, R5 and R9. In this way it will be easier for you to understand how the frame-relay routing is achieved.

If we have a look to R6’s (the router used as frame-relay switch) interfaces:

r6-c7206#sh int desc
Interface                      Status         Protocol       Description
Fa0/0                            up                down
Fa0/1                             up                down
Se5/0:1                         up                up                    TO_R2
Se5/1:2                         up                up                    TO_R5
Se6/0                            down          down
Se6/1                             up                up                    TO_R9

you’ll notice that we have 3 active serial interfaces, each being connected to one of the three routers R2, R5 and R9.

Very important, before you begin define a scalable range for your DLCI numbers, otherwise you will have a complete mess when troubleshooting is needed. I like to define them after formula Rx0Ry. In the middle you have the number zero. In this idea, we will have something like R20R5 and from this resul the DLCI 205 for the Frame-Relay connection between R2 and R5. Below you have the DLCI numbers used in this tutorial:

R2 -> R5: DLCI 205
R2 -> R9: DLCI 209
R5 -> R2: DLCI 502
R5 -> R9: DLCI 509
R9 -> R2: DLCI 902
R9 -> R5: DLCI 905

Now that we have defined the DLCI numbers lets configure R6 router as frame-relay switch.

First of all, you need to enable frame relay switching on the router:

r6-c7206#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
r6-c7206(config)#frame-relay switching

This command enable the switching  of packets based on the data?link connection identifier (DLCI) inside your router.

Next, we have to configure the frame-relay routing on the physical interface. We will start with interface S5/0:1 where R2 router is connected and apply the following configuration

interface Serial5/0:1
description TO_R2
no ip address
encapsulation frame-relay
! the frame-relay switch is the DCE and the other end is the DTE
frame-relay intf-type dce
frame-relay route 205 interface Serial5/1:2 502
frame-relay route 209 interface Serial6/1 902

With frame-relay route command we tell to frame-relay switch where to forward the packets based on the DLCI number. If we take a look to the first frame-relay route command, than the path to DLCI 502 is interface Serial5/1:2. If you feel confuse, please check again above the interface connection to the router and the assigment scheme for DLCI numbers.

The same like for interface S5/0:1, we will configure the interfaces connected to R5 and R9:

interface Serial5/1:2
description TO_R5
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 502 interface Serial5/0:1 205
frame-relay route 509 interface Serial6/1 905

interface Serial6/1
description TO_R9
no ip address
encapsulation frame-relay
frame-relay intf-type dce
frame-relay route 902 interface Serial5/0:1 209
frame-relay route 905 interface Serial5/1:2 509

Having a look to S5/1:2, first frame-relay route command, here we configure the path back from R5 to R2, by telling the frame-relay switch to chose interface S5/0:1 to send packets to DLCI 205 (R2).

This is the basics of how to configure a Cisco router as a frame-relay switch. If you need help, please don’t hesitate to use the comment form below.

Cisco: Use TTCP to test together with TTCPW or JPerf

In one my previous posts, I shown you how to test a connection using a hidden Cisco IOS tool called TTCP.  A few days ago I run into an issue. I had to test a TCP connection to a remote Cisco router, but I had not other router on which to initiate the TTCP connection. As explained in Testing TCP Connection post, to use TTCP you need 2 Cisco routers.

Now, I found 2 new ways to do the testing without the need of having 2 routers, but just one. Maybe you already know this methods, but for those who don’t please keep on reading.

First, there is a Windows tool called TTCPW (download here) (actually you can download also the code, and I think it’s possible to compile and run it under Linux as well). This TTCW tool have the same option like Cisco TTCP and can work together without any issue.
On Cisco router, issue the ttcp command, and keep the regular parameters (we are not interested for now in fine tuning). Below I set the Cisco router to be the receiver:

Cisco TTCP
Cisco TTCP with default settings

On PC side, you download TTCPW and use the same settings. Basically to transmit you only need to input ttcpw.exe -t or -r “ip.address” and that’s it  Of course you can tune the settings to meet your needs. Just type ttcpw.exe to see all the settings.

TTCPW
TTCPW help

The second tool that you can use with Cisco TTCP is IPerf (text mode) or JPerf (Java graphical mode). Just fill in the IP address and the port (5001 if default) and you’re ready to go:

Jperf with TTCP
Jperf with TTCP

Of course there are some limitations on JPerf to TTCP compared to JPerf to JPerf testing. One of then is that you cannot use parallel streams, if you want to stress the connection. To overcome this limitation, I do the following.
Open 2 or 3 connection to the Cisco router where TTCP will run. Start one each connection one TTCP daemon with different ports (e.g. assuming 3 connection than ports 5001, 5002 and 5003). Then on the client start 3 JPerf (Iperf) with the same IP address but different ports (you can take the one below). In this way you can stress the connection a little bit.

Cisco Borderless Network – Phase 2

Everywhere where I turn my look in the last days I hear about the quick coming of Phase 2 of Cisco Borderless Network. If you are interested, you can register for the event on Cisco website .

I tried to search some documentation to understand what is Cisco Borderless Network and which is the big difference from Unified Communication , but all I could find is mostly marketing related documents which promise the next network miracle, everything interconnected, controlled and monitored from distance.

Then I turn myself to the Cisco blogging community to see what’s there, but also it seems that the things are not so clear there as well. Everybody know about the 5 phases of the new Cisco service:

  • Phase 1: Borderless Network Services – Delivering innovations IN and ON the network that optimize network availability, performance, and security.
  • Phase 2: Borderless User Services – Embedding key services spanning mobility, security, and application performance across all elements of the network.
  • Phase 3: Borderless Policy – Implementing a unified policy framework for managing security, identity, and access to the network and network resources.
  • Phase 4: Borderless Integration Framework – Bringing end-to-end network-to-endpoint intelligence through open, extensible interfaces into the network.
  • Phase 5: Borderless Experience – Converging services and systems to provide a superior customer and employee experience regardless of location, device, or application.

but I which also look more like a marketing ad, than network related topics. On phase 1, I was lucky enough and I could find some direction on technical blog of Ivan Pepelnjak, and in this phase it seems that everything was about the new ISR G2 release. Ivan have some objective observation about the Phase 1 of Cisco Borderless Network:

  • All the embedded “WAN” ports are Gigabit Ethernet uplinks. Good.
  • They claim up to 5-times higher performance than the previous routers. Average. The ISR series was launched in 2004 and Moore’s law predicts 5.8-times increase.
  • Lots of the old interface modules are supported. Amazing; I’m just hoping it doesn’t hurt the performance.
  • They’ve replaced the old half-hearted attempts to include an x86 generic application platform within a router with the Service Ready Engine (another great marketing invention … sounds so much better than a Linux blade) modules, having up to 4GB of RAM and 1TB of hard disk. I don’t want to know how the people who bought the old AXP platform feel reading these specs.
Now going back to the Phase 2, Jim Duffy on NetworkWorld.com Cisco subnet is presuming that this will include :
  • innovations in Cisco’s switching portfolio and how they are relevant to the company’s business
  • service-enabling solutions for video, energy management and trusted access
  • a competitive switching offer for the price-sensitive market segment
  • enhanced support and services

but still there is enough fog around the subject. I think I will register for the Phase 2 European event, on March 18 maybe I will get some more clues about Cisco Borderless Network.

Skipping all this marketing and technical stuff, I’m wondering if the world is really prepared for this. And when I’m saying world I mean networks. I really don’t know what to say. I mean I know it’s cool and maybe positive from financial perspective to turn off light in some remote location, but how your network will support this. If you turn your look around you’ll see that network engineers have more stressing problems with day by day operation like VoIP services, slow data transfer between data centers and LAN security, just to name a couple of my problems.

Another problem is the word of the day: costs. How much it will cost to implement all of this and will companies be interested in implementing such a solution? I know that from marketing perspective everything looks great, because that’s their job, to make it look great, but network engineers might have a different opinion.

If you have some news or thoughts in regard to this topic, please use with trust the comment form.

Cisco: The basics about VRF implementation

VRF, meaning Virtual Routing and Forwarding, is a technology implemented in the IP network routers that allows multiple instances of a routing table to exist on the same router in the same time. Since each VRF is independent, the same IP subnet can exist in 2 different VRFs. Basically you can overlap one IP address in 2 VRFs but without conflicting with each other. Even this is possible, I would not suggest doing so, unless you have a very good reason to do it.

Another meaning of VRF is VPN Routing and Forwarding which is a key element in Cisco’s MPLS (Multiprotocol Label Switching) VPN technology. Internet service providers often take advantage of VRF to create separate virtual private networks (VPNs) for customers. Some advantages of  using this technology is than an ISP can provision scalable IP  MPLS VPN services, generate reports (e.g. audit for services), Service Level Agreements (SLA) contracts and more…

To summarize, virtual networks enable administrators to split a physical link into multiple virtual links completely isolated one from the others. Typically, a virtual network will be dedicated to traffic from a specific application or from a specific users / customers.


Now that we clarify the basic of what is and how it works, let’s see where is VRF used the most. As you maybe guess already, this is in the MPLS VPN environment, due to the fact that in today’s business granularity is very important and VRF help network engineers to isolate and provide security for its customers in an ISP environment or to separate services in an Intranet environment. As you probably already know, MPLS functionality is based on P (Provider) routers, PE (Provider edge) routers and CE (Customer edge) routers. Each of these routers must be configured in order for MPLS to work within an enterprise’s architecture. I describe a little bit the MPLS technology, so you can understand better the topology presented below and then following configuration example:

VRF Implementation As you can see from the topology, one PE router can hold and manage multiple virtual routing table, one for each customer that an ISP have. If you are running in a private environment (e.g. Intranet), you can use MPLS VPN to separate services (e.g. office, development…) The  basic functionality is the same and I’ll show you below how to implement VRFs.

The actual configuration of VRFs  is not a complicate task to achieve. There are two main components to a VRF: The route distinguisher(RD) and the route target(RT).

The route distinguisher (RD) is a number which help identify a VPN in a provider’s network and allow for overlapping IP space.

The route target (RT) indicates the VPN membership of a route and allows VPN routes to be imported or exported into or out of your VRFs. The RT functions a little like a routing policy — determining how routes are distributed throughout the particular VPN.

The RD / RT is a 8-byte (64-bits) number which can be written down as follow:

16-bit AS number: your 32-bit number
(e.g.) 65000:100

or

32-bit IP address: your 16-bit number
(e.g) 192.168.0.1:10

Usually the first method is used more often.

For some very basic VRF configuration follow the steps:
1.
Enters VRF configuration mode and assigns a VRF name.

Router(config)#ip vrf vrf-name

2. Creates a VPN route distinguisher (RD) following one of the 16bit-ASN:32bit-number or 32bit-IP:16bit-number explained above

Router(config-vrf)#rd route-distinguisher

3. Creates a list of import and/or export route target communities for the specified VRF.

Router(config-vrf)# route-target {import | export | both} route-distinguisher

4. (Optional step) Associates the specified route map with the VRF.

Router(config-vrf)# import map route-map

5. Specifies an interface and enters interface configuration mode.

Router(config)# interface type number

6. Associates a VRF with an interface or subinterface.

Router(config-vrf)# ip vrf forwarding vrf-name

To check your configuration, you can use ping or traceroute tools under Cisco CLI, but remember that you have to use “vrf vrf-name” parameter:

Router# ping vrf vrf-name IP-address

Also you can check the virtual routing table:

Router# show ip route vrf vrf-name

In some of the following posts, I will present a VRF implementation following a real environment topology, but until then I hope you understood the basics of VRF functionality. It’s not hard to implement (from case to case it might be due to local topologies and technology) but it can help you to have a more granular connections and makes troubleshooting more easy, especially in the environments which have a lot of IP addresses under management.

Cisco security updates squash router bugs

CiscoCisco has released eight security updates for the Internetwork Operating System (IOS) software used to power its routers.

The patches were released Wednesday, the day Cisco had previously scheduled for its twice-yearly IOS updates. None of the bugs had been publicly disclosed ahead of Wednesday’s updates, but some of them were reported to Cisco by outside sources.

Most of the bugs could be exploited by attackers to crash or somehow disrupt service to a router, typically if a specific, vulnerable service is enabled, Cisco said.

The eight updates fix 11 security vulnerabilities, according to Jean Reese, senior manager with Cisco’s Product Security Incident Response Team.

Read the full article on NetworkWorld.com