AI, ML, Development + Cisco Learning Blog Learning about Machine Learning, Artificial Intelligence, related devlopment topics and formerly Routing and Switching, Datacenter, Security and other topics, CCIE #23664, Frank Wagner

24. November 2007

dynamips performance on suse linux

Filed under: dynamips — ocsic @ 23:05

As i started to configure some labs now, i recognized that my new laptop with dual core 2,1 Mhz (3GB )is not enough for 14 virtual machines.

In the beginning everything is fine. When you fire up all devices first, you get a load about 5-10 percent. Which is really nice. Most devices have not really much configured. But as you add more configurations, the load starts to get higher. When i start to add BGP the load is getting to high for one machine. Even i got the best idlepc value for my machine, the neighbors got flapping and it`s getting unusable.

I read about each router is equipped with a cpu with about 400 Mhz each. That make`s 5,6 Ghz for 14 machines. So a single duo core machine can`t handle the load, when all routers are at cpu limts.

You can get a quad core machine, which for me is not possible, as i travel a lot and must have a notebook with me. So i can not do some things with one notebook. And if i have a second one,  i can split between two notebooks. I configured the BB`s on one and routers and switches on the other. That should already help a lot. So

I will update my blog, when i have more experience regarding load sharing. It`s still great to work with dynamips. Thanks to the author one more. 🙂

I planning to to my next attempt in february or march next year. Good luck anyone else attempting it maybe even this year in december.

10. November 2007

dynamips training

Filed under: dynamips — ocsic @ 14:28

I went back home by train yesterday from berlin and was able to do some labbing with dynamips. On my 6 hours journey i started with lab 3 from internetworkexpert workbook 3 v4.1. It took quite some time to setup everything to start. You have to change the interface types (FastEthernet to Ethernet or Serial0/0 to Serial1/0 for example) from the startup-configs. But everything went fine. I let ospf/eigrp/rip run all over the devices.

I’m using „konsole“ from KDE with tabbing feature. So i can easily switch between the routers by holding down „Shift“+“Left“ or „Right“. So you don’t need to switch with the mouse back and forth.

And i got to know a nice blog here where there is a collection of other ccie candidates also writing about their progress. Please have a look at:

Still More CCIE Blogs

loadbalancing with the ACE module for the 6500/7600

Filed under: Bridging + Switching,module types — ocsic @ 14:10

We have a customer who ordered the ACE module for the 6500. The installation will be with two 6500 and an 720 sup each. Currently the ace is only as a modul available. Cisco is trying to release a appliance next year in February. It’s a follow-up of the csm and css from cisco. Absolutely new is the virtualisation part. It’s possible to build up to 250 different contexts to build up sort of independent hardware loadbalancerson one machine. The module is about 80.000$ and with a max of 16 Gbps throughput and as a max 345,000 connections per second.

All traffic is send through the module as you define what should become loadbalanced.

The default license comes with 5 contexts and 1000 SSL TPS (transactions per second).

I have be on a three day course for the ace module in Berlin from wednesday this week.It was a very good lab from flane with a bulgarian teacher. We did some labs from labgear.net with a virtual webserverfarm as linux machines and as clients. Only the ace-module was not virtual :-). All servers/clients have been vmware machines. Quite nice labs to test SSL termination, sticky connections, nat, layer4 balancing, layer7 balancing and other topics.

Seems like the ace module is out for some time and the new ace-20 is overcoming some bugs.

Here is an example config, like one we had in the labs, while vlan 212 is external and vlan 412 is the inernal vlan. The VIP is the virtual ip that represents all webservers. Here are some webservers and a VIP12.16.12.50. With the class-map you define the VIP and what traffic is allowed. Then you also have to setup an access-list on the incoming interface and allow this traffic. Look at this example :

——————————————————————————–

login timeout 0

access-list anyone line 10 extended permit tcp any any

probe icmp pingpong

rserver host d25-lnx1

ip address 172.168.1.11

inservice
rserver host d25-lnx2
ip address 172.168.1.12
inservice
rserver host d25-lnx3
ip address 172.168.1.13
inservice
rserver host d25-lnx4
ip address 172.168.1.14
inservice
rserver host d25-lnx5
ip address 172.168.1.15
inservice

serverfarm host servers1
rserver d25-lnx1
inservice
rserver d25-lnx2
inservice
rserver d25-lnx3
inservice
rserver d25-lnx4
inservice
rserver d25-lnx5
inservice

class-map match-all VIP-50
2 match virtual-address 12.16.12.50 any
class-map type management match-any remote-access
description remote-access-traffic-match
2 match protocol telnet any
3 match protocol ssh any
4 match protocol icmp any

policy-map type management first-match remote-mgmt
class remote-access
permit

policy-map type loadbalance first-match lb-lo
class class-default
serverfarm servers1

policy-map multi-match client-vips
class VIP-50
loadbalance vip inservice
loadbalance policy lb-lo

interface vlan 212
ip address 12.16.12.5 255.255.255.0
access-group input anyone
service-policy input remote-mgmt
service-policy input client-vips
no shutdown
interface vlan 412
description Servers vlan
ip address 172.168.1.1 255.255.255.0
no shutdown

——————————————————————————–

The new thing on the commandline is, that the tab completition does work also for service-policies and class-maps.

The nice thing that juniper already has implemented it the checkpoint feature. It has nothing to do with checkpoint FW1, but its a nice and handy rollbacksystem in the case something went wrong or you want to rollback to an older configuration. It’s no longer necessary to reload the router, just say for example „checkpoint rollback config-name“ and the context will load the configuration and erase the previous one. No need to reload the router to clean up the previous configurations from RAM or running-config. The running-config is replaced completely by the checkpoint previously created. So you can easily go back to the last saved working configuration. Juniper is even more sophisticated, as you can configure on the system and later on say, that this you be implemented now.

Probably this will show up in future IOS versions too.
Source:

http://www.cisco.com/en/US/products/ps6906/index.html

Nice comparison between the css, csm, ace

http://www.cisco.com/en/US/products/hw/modules/ps2706/products_qanda_item0900aecd8045867c.shtml

Powered by WordPress