28 Apr

How to Run 40GbE Over Duplex LC MMF Cabling

This is a good guide for running 40G on existing MMF fiber.

The use of parallel optics in 40GbE multimode fiber cabling (MMF cabling) require more fiber strands than the 10GbE infrastructures. Thus, data center will require a cabling upgrade to meet the requirement of migration. In this case, cost is a big factor. To help user solve the fiber cost issue, many vendors developed a new transceiver alternative that allow zero-cost fiber migration by reusing the current 10Gbps multimode fiber-optic cabling plant for 40Gbps connectivity. This post will introduce three mainstream transceiver options for running 40GbE over duplex multimode fiber cable with LC connectors.Option 1: Cisco QSFP 40G BiDi Transceiver (QSFP-40G-SR-BD)

The Cisco QSFP BiDi transceiver can transmit full-duplex 40Gbps traffic over one duplex OM3 or OM4 MMF cable with LC connector. It provides the capability to reuse 10Gbps fiber infrastructure, enabling data center operators to upgrade to 40Gbps connectivity without making any changes to the previous 10GbE infrastructures.

The working principle of Cisco QSFP BiDi transceiver is that it uses two 20Gbps channels, each transmitted and received simultaneously over two wavelengths on a single MMF strand, as shown in the following.

QSFP BiDi

Concept of QSFP BiDi transceiver

Cisco QSFP BiDi transceiver can be supported in most Cisco switching and routing products that support 40GbE interfaces. The connection distance can reach up to 100 meters over OM3 MMF or 150 meters over OM4 MMF, which is the same as 40GBASE-SR4 QSFP+.

Note: The other version of Cisco QSFP BiDi transceiver (QSFP-40G-BD-RX) is almost the same with the QSFP-40G-SR-BD, but with link monitor hardware, such as the Cisco Nexus® Data Broker.

Option 2: Juniper 40Gbps QSFP+ LX4 (JNP-QSFP-40G-LX4)

Juniper 40Gbps QSFP+ LX4 module uses the same infrastructure as 10GbE. The LX4 technology represents a new way to deploy 40GbE that meets all of the performance criteria of today’s data centers by providing 40GbE on two MMF strands with duplex LC connectors. Thus, users can simply replace existing 10GbE transceiver modules with 40GbE LX4 modules without expensive 40GbE migration cassettes and additional fiber infrastructure.

As the following picture shown, QSFP+ LX4 transceiver uses four 10Gbps channels, each transmitted and received simultaneously over four wavelengths on a single MMF strand. Similar with the 40GBASE-SR4 modules, it can also support transmission distance up to 100 meters over OM3 MMF or 150 meters over OM4 MMF cable. Juniper 40Gbps QSFP+ LX4 can be supported in many Juniper devices that support 40GbE interface, such as QFX3000 QFabric system, QFX5100 switches, and so on.

qsfp-lx4

Concept of QSFP+ LX4 transceiver

Note: The Juniper 40Gbps QSFP+ LX4 also support to run over single-mode fiber (SMF: OS1) and reach up to 2 kilometers.

Option 3: Arista Networks QSFP-40G-UNIV Transceiver

The Arista networks QSFP-40G-UNIV is a 40GbE QSFP+ transceiver with a duplex LC connector that can be used with both MMF and SMF. Its working principle is similar with the Juniper LX4 mentioned above, having 4 channels of 10G multiplexed inside the module to transmit and receive an aggregate 40Gbps signal over 2 strands of fiber. UNIV is short for the word “universal” because of its ability to operate with both MMF and SMF without the need for any software/hardware changes to the module or any additional hardware in the network. The Arista networks QSFP-40G-UNIV can operates on OM3 or OM4 MMF for distance up to 100 meters or SMF (OS1) for distance up to 500 meters. It is noted that this QSFP module can interoperate with Cisco and other vendors standards based 40GbE LR4 optics.

Credit: http://www.fiber-optic-transceiver-module.com/how-to-run-40gbe-over-duplex-lc-mmf-cabling.html

Incoming search terms:

  • having4fo
21 Apr

Monitor TP-Link Smart Plug in check_mk

Objective: to integrate TP-Link Smart Plug into check_mk (for data history and for fun)
Pre-requisite: Check_MK is installed and you have created check_mk site. check_mk installation tutorial will not be covered under this post.

Install software dependencies

apt-get install nodejs npm

Install TP-Link Smart Home API

Switch to OMD site

OMD[home]:~/local/bin$ npm install tplink-smarthome-api

Install TP-Link power monitoring plugin

OMD[home]:~/tmp/wget https://mathias-kettner.com/check_mk-exchange-file.php?&file=tp-link-cmk-1.0.mkp

OMD[home]:~/mkp install /tmp/tp-link-cmk-1.0.mkp

Create monitoring host

Go to WATO > Host & Service Parameters > Datasource Programs

Go to Individual program call instead of agent access

Create new rule. You may insert the rule description and comments as needed (optional). Specify this command under INDIVIDUAL PROGRAM CALL INSTEAD OF AGENT ACCESS.
tp-link-power.js $HOSTNAME$

To be safe during test, you may hardcode explicitly the smart plug ip address.

Create new host, enter hostname and IP address and click “Save & Finish”. Edit again this node and click Parameters on top.

Expand DATASOURCE PROGRAM and select the custom check from here. Click “Individual program call instead of agent access” and make sure the check is here and valid.

Wait for few minutes and check the service graph.

References:

https://github.com/bmachek/tp-link-cmk
https://mathias-kettner.com/check_mk-exchange-file.php?&file=tp-link-cmk-1.0.mkp
https://mathias-kettner.com/download/Marco_Reale_Check_MK_Beginner_guide.pdf
https://www.npmjs.com/package/tplink-smarthome-api
https://mathias-kettner.com/cms_datasource_programs.html

28 Mar

BGP Additional Paths

BGP routers only advertise the best path to their neighbors. When a better path is found, it replaces the current path. Advertising a path and replacing it with a new path is called an implicit withdraw.

Since we only advertise the best path, a lot of other possible paths are unknown to some of the routers. We call this path hiding.

Extra notes on additional path command syntax:

  • neighbor neighbor-id additional-paths send: We use this to configure the router so it sends multiple BGP paths to a neighbor.
  • neighbor neighbor-id additional-paths receive: If you have a neighbor that sends multiple paths, that’s nice but you still have to configure your local router that it wants to receive multiple paths.
  • bgp additional-paths select : you receive a bunch of paths from your neighbor but you can still configure your router which of these paths you actually want to use.
  • bgp additional-paths install: this tells the router to actually install a backup path that you selected with the “bgp additional-paths install” command.
  • neighbor neighbor-id advertise additional-paths: This configures your router which additional-paths you want to advertise to a neighbor. “all” means all additional-paths.

Reference:
https://networklessons.com/bgp/bgp-additional-paths
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-3s/irg-xe-3s-book/irg-additional-paths.html

19 Mar

Default routes in BGP

There are 3 ways of advertising default route in BGP.

Method 1: Using network 0.0.0.0 command.
It requires only that the route 0.0.0.0 is present in the Interior Gateway Protocol (IGP) routing table. This is the preferred approach.

Method 2: Using default-information originate command.
It requires explicit redistribution of the route 0.0.0.0. This protects against someone accidentally redistributing a default route in BGP which could potentially be disastrous.

Method 3: Using neighbor default-originate command.
This method does not require the presence of the 0.0.0.0/0 network in the routing table of the advertising router.

https://community.cisco.com/t5/routing/bgp-default-information-originate/td-p/772779

http://lostintransit.se/2013/06/12/default-routes-in-bgp/

Incoming search terms:

  • bgp protocol default route
18 Mar

VPN Ports

 

PPTP:
To allow PPTP tunnel maintenance traffic, open TCP 1723.
To allow PPTP tunneled data to pass through router, open Protocol ID 47.

L2TP over IPSec
To allow Internet Key Exchange (IKE), open UDP 500.
To allow IPSec Network Address Translation (NAT-T) open UDP 4500.
To allow L2TP traffic, open UDP 1701.

OpenVPN:

OpenVPN uses port 1194 udp and tcp:

Here’s the Cisco access list: (gre=Protocol ID 47, pptp=1723, isakmp=500, non500-isakmp=4500):

permit gre any any
permit tcp any any eq 1194
permit udp any any eq 1194
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit udp any any eq 5500
permit tcp any any eq 1723
permit udp any any eq 1701

If natted address is being used by any of the peer then you need to open up the UDP port 4500 for ISAKMP.

If no natting is there then you need to open up the UDP port 500 for ISAKMP

For Phase 2: you need to explicitly open up the port for specific protocol like port 50 for AH and port 51 for ESP

IPSec can use ESP (protocol 50), or AH (protocol 51).   AH breaks if used with any type of NAT with IPv4, so it is rarely ever used in a transform set.

Common Cisco ACL for allowing VPN traffic:

remark Allow VPN Traffic
permit udp any host [IPSec Headend] eq 500
permit udp any host [IPSec Headend] eq 4500
permit 50 any host [IPSec Headend]
permit 51 any host [IPSec Headend]
permit 47 any host [IPSec Headend]
permit 57 any host [IPSec Headend]
deny   ip any host [IPSec Headend]