Manuals / Znyx Networks / Computer Equipment / Switch

Znyx Networks bh5700 manual Cops Common Open Policy Service, Handle Semantics

Models: bh5700

1 359

Download 359 pages 3.51 Kb

Page 70

Although the translation rules handle some inconsistency between software and hardware, a user must define a combination of rules that is reasonable in hardware, to ensure predictable results.

Handle Semantics

All examples have illustrated zqosd copying tc rules into hardware. In fact, the zqosd utility also enables the user to add tc rules that remain only in software. This selection is based on handles. zqosd processes all supported queue disciplines and filters with handles between 100:0 and 200:FFFF.

COPS: Common Open Policy Service

The Common Open Policy Service (COPS) is a protocol for distributing networking policy to devices such as switches and routers. COPS allows a single Policy Decision Point (PDP) to distribute policy to multiple Policy Enforcement Points (PEPs). A PDP acts as a server for PEP clients. Figure 4.3 Provides an illustration of the COPS Network Architecture.

PDP

PEP

PEP

PEP

Figure 4.3: COPS Network

Architecture

A PDP contains all of the policy rulers for its associated PEPs. A PDP typically stores rules in a data and is a dedicated server, not a forwarding device.

A PEP is any network device that has to enforce policy decisions. For example, a switch that restricts network access or prioritizes traffic fits the definition of a Policy Enforcement Point. A PEP makes no policy decision. It simply applies policy that receives from its PDP.

COPS uses a connection-based query and response mechanism. The following scenario illustrates PEP-PDP communication:

•A PEP comes online and opens a connection to its PDP.

•After a connection has been established, the PEP transmits state information to the PDP.

•The PDP uses that state information to determine what policy is applicable for the PEP.

Ethernet Switch Blade User's Guide

release 3.2.2j

page 70

Image 70

Znyx Networks bh5700 manual Cops Common Open Policy Service, Handle Semantics

Contents

HP bh5700 Atca 14-Slot Blade Server Ethernet Switch Blade Manufacturing Part Number AD171-9603A JuneEthernet Switch Blade Users Guide Release 3.2.2j Legal Notices About the Ethernet Switch Blade Manual Table of Contents Specifying Source and Destination IP Addresses Ethernet Switch Blade Users Guide Release 3.2.2j 100 Network File System NFS Client Configuration Network Time Protocol NTP Client ConfigurationCombining Queuing Disciplines Ethernet Switch Blade Users Guide Release 3.2.2j Ethernet Switch Blade Users Guide Release 3.2.2j Ethernet Switch Blade Users Guide Release 3.2.2j Fabric Switch Elements Table of FiguresIndex of Tables Init Script FlowEthernet Switch Blade Users Guide Release 3.2.2j Ethernet Switch Blade Users Guide Release 3.2.2j Overview of the Ethernet Switch Blade High Performance Embedded SwitchingExtensible Customization of Routing Policies OpenArchitect Switch ManagementPowerful CarrierClass Features Ethernet Port LayoutFabric Switch Quick Reference Ethernet Switch Blade Port ConfigurationBase switch Quick Reference Inter-switch Link ISLOpenArchitect Switch Environment OpenArchitect Software StructureEthernet Switch Blade Users Guide Release 3.2.2j OpenArchitect Software Structure Connecting to the Console Port Port Cabling and LED IndicatorsConnecting the Cables Console Port CablingOut of Band Ports OOB Ports LED ReferenceLED Reference Ethernet Switch Blade Users Guide Release 3.2.2j High Availability Networking Surviving PartnerZlmd Switch Replacement and Reconfiguration Example HA Switch Configuration Modifying zsp.conf on the Base switch Siblingaddresses zhp1 = 10.0.0.30, 10.0.0.31 netmask #vrrpmode blockcrossconnect Siblingaddresses zhp1=10.0.0.30master, 10.0.0.31 netmask Modifying zspvlan.conf on the Fabric Switch You will see output similar to thisEthernet Switch Blade Users Guide Release 3.2.2j Ethernet Switch Blade Users Guide Release 3.2.2j # zre names cannot be mixed on the same line ARP Ethernet Switch Blade Users Guide Release 3.2.2j Ethernet Switch Blade Users Guide Release 3.2.2j Configuring Surviving Partner Central Authority Secondary Can be modified to Connecting to the Fabric Switch Console Fabric Switch ConfigurationTwo switches, two consoles OpenArchitect Configuration ProcedureExample Configuration Scripts Default Configuration ScriptsChanging the Shell Prompt Overview of OpenArchitect Vlan Interfaces Tagging and Untagging VLANsSwitch Port Interfaces Address. The S50layer2 script does the followingReboot the switch Using the S50layer2 ScriptRapid Spanning Tree Create a bridge device from the zhp device To Enable Rapid Spanning TreePort Path Cost Layer 3 Switch Configuration Usr/sbin/zl3d zhp0..47 Using the S55gatedRip1 Script Layer 3 Routing Protocols with GateDDefines the netmask used in the interface Sets the RIP1 protocol to openTo Modify the GateD Scripts Or for RIP2Ingress Classification Class of Service COSEgress Queues Or for OspfRunning zfilterd Marking and Re-markingScheduling Ztmd ExplainedRestrictions on Implementation Iptables and filtering IntroductionFirewall Flow Packet WalkSpecifying Protocol Filter Rules SpecificationsSpecifying Source and Destination IP Addresses Specifying an Icmp Message TypeFilter Rule Targets Specifying TCP flagsSpecifying an Interface Supported TargetsZaction Examples Extensions to the default matchesOptions with any of these Zaction parameters Send all tcp packets arriving on zhp5 out portFifo Queues pfifo and bfifo disciplines Forwarding Chain supports all of themOutput should display the following Root HandlePfifo limit Prio and WRR queues Ethernet Switch Blade Users Guide Release 3.2.2j U32 Filter Combining Queuing DisciplinesCops Common Open Policy Service Handle SemanticsProtocol Architecture OpenArchitect PEPUsing pepd Sample configuration file is listed belowSetting the Root Password Fabric Switch AdministrationAdding Additional Users Setting up a Default Route Name Service ResolutionNetwork File System NFS Client Configuration Network Time Protocol NTP Client ConfigurationNFS Server Configuration Removing the # signConnecting to the Switch Using Tftp Connecting to the Switch Using FTPTftpd Server Configuration Snmp Agent Supported MibsSupported Traps Supported MIBsSupported Traps Snmp and OpenArchitect Interface DefinitionsOpenArchitect, defines three types of devices Link and Snmp Status Snmp ConfigurationIfStackTable Entries Response Port MirroringSnmp Applications You can alter this behavior by specifyingTo check the status of a link Link and LED ControlLink Event Monitoring To check the status of all linksFabric Switch Maintenance Overview of the OpenArchitect switch boot processBoot Flow Chart System Boots with a Console Cable Modifying Files and Updating the SwitchRecovering from a System Failure Saving ChangesBooting with the -ioption Reboot the system System Hangs During BootBooting the Duplicate Flash Image Upgrading the OpenArchitect ImageExcluding Saving Files to Flash Upgrading the Switch DriverUpgrading or Adding Files Image file will be something named similar to the followingUsing apt-get Connecting to the Base Switch Console Base Switch ConfigurationOpenArchitect Configuration Procedure Changing the Shell Prompt Default Configuration ScriptsExample Configuration Scripts Files into flash for reloadingOverview of OpenArchitect Vlan Interfaces Multiple VLANs Then, bring up the interface with ifconfig1M LinuxRapid Spanning Tree Layer 3 Switch Configuration Zconfig zhp1 vlan2=zre5..8 zconfig zre5..8=untag2 Layer 3 Switch Layer 3 Switch Using Multiple VLANs Using the S50multivlan ScriptMultiple Vlan Configuration Layer 3 Routing Protocols with GateD 10.0.0.42-10.0.3.42, assigns the netmask and brings them upShuts off sending and receiving packets from all interfaces To Modify the GateD Scripts Egress Queues Class of Service COSIngress Classification Marking and Re-marking ZcosScheduling Output Port Running zfilterdRestrictions on Implementation Field valuesIptables and filtering Action that will take place. For example, the rulesFirewall Flow Specifying Source and Destination IP Addresses Icmp-type ping Zaction These are described in the Linux packet filtering Howto at Tc Traffic ControlStrict Priority Qdisc Znyx Forwarding Chain supports all of themWeighted Round Robin Qdisc Fifo Qdiscs Using Filters to Direct Packets to a COS QueueProtocol ip Protocol all Protocol arpMatching Specific Ingress Ports Advanced Filtering Policing Examples Policing ActionsSpanning tree Bpdu packets go in COS queue 6, no limit 82+ U32 match selectors used in filtersTo mirror only in-profile packets to port 3, use Match selectors U Match SelectorsZtmd zqosd Ethernet Switch Blade Users Guide Release 3.2.2j U32 Filter Cops Common Open Policy Service Protocol Architecture Using pepd OpenArchitect PEPWhere PepidSetting the Root Password Base Switch AdministrationAdding Additional Users Setting up a Default Route Name Service ResolutionNetwork File System NFS Client Configuration NFS Server Configuration Connecting to the Switch Using FTPTftpd Server Configuration Connecting to the Switch Using TftpSnmp Agent Supported Mibs Snmp and OpenArchitect Interface Definitions Physical Link Status on Base Switch Snmp ConfigurationPort Mirroring Snmp ApplicationsLink and LED Control Link Event MonitoringBase Switch Maintenance Overview of the OpenArchitect switch boot processBooting up Process Flow System Boots with a Console Cable Modifying Files and Updating the SwitchRecovering from a System Failure Saving ChangesBooting with the -i option ∙ Reboot the systemBooting the Duplicate Flash Image System Hangs During BootUpgrading the OpenArchitect Image Upgrading the Switch Driver Upgrading or Adding FilesUsing apt-get Ethernet Interfaces Base Interface Hub SystemManagement Interfaces Fabric Interface Hub System Console port. An RS-232 to RJ-45 adapter is requiredBase Interface Out-of-Band Ethernet Connection Fabric Interface Serial Ports Fabric Interface Out of Band Ethernet Connection Diagnosing a Failed Ethernet Switch Blade Activation Ethernet Switch Blade Activation StatesFRU State HotSwap Healthy Solution LED Status FRU State HotSwap Healthy Solution Accessing the ShMMVerifying Communications Between the ShMM and Switch Troubleshooting StatesAnalyzing Mstate information for the switch Checking the ekey Status From the Shelf ManagerClia board -v Troubleshooting a Failed OpenArchitect Load OpenArchitect Boot Process Recovering from a System Failure Booting Without the Overlay File Properly attach the console cableBooting the Duplicate Flash Image Interface Overview Network Configuration ProblemsEthernet Switch Blade Backplane Interfaces zre Ports Physical InterfacesPort, Layer 2 Switching, single Vlan Default Base Interface ConfigurationAdditional Interfaces Default Base Interface Network Diagram Default Fabric Interface Configuration Ifconfig Default Screen Output for the Base Interface Linux Networking Environment InterfacesProblem Solution Configuration TroubleshootingDetermining ekey status for a specific slot 1000fd Disable External Fault Link Port Status Link Speed Pause FaultsAuto Enable Internal Fault ZreExample Output Querying Base Interface ekey StatusLink Status for a single port Link Status for a range of portsQuerying Fabric Interface ekey Status Ethernet Switch Blade Users Guide Release 3.2.2j External Fault LED Network Connectivity Troubleshooting No ConnectionConnecting to Devices with Fixed Port Speeds Diminished Network ThroughputPing Test Network TestsTraceroute Test Isolating Hardware Failures Switch Chip U59 Isolation Transformer Zone 3 Atca Connector Switch Chip U60Isolation Transformer ZMC Daughter Board Inside View Hardware Subsystem Testing the FlashROMs Link Status for a single port Testing the Switch FabricLink Status for a range of ports Testing the onboard RAM Testing the Control Processor Hardware Fault INT FLT LED activityEthernet Switch Blade Users Guide Release 3.2.2j Spontaneous Failover Activity High Availability TroubleshootingUnexpected Fail-back Activity Following output is shown for the 3.0 Base Interface Switch Firmware OverviewChecking the switch firmware version Base InterfaceFabric Interface BootLoader Firmware Upgrade Updating the Switch FirmwareOpenArchitect Firmware Upgrade Ipmc Firmware Upgrade Restoring the Factory Default Configuration Before Calling Support ROM Devices in OpenArchitect Appendix a Fabric Switch Command Man Pages Vrrpconfig Vrrpconfig Configure and control the running vrrpdSee Also Vrrpd Vrrpd Virtual Router Redundancy Protocol DaemonChange the virtual MAC address from Vrrpconfig Zbootcfg Zbootcfg -d 1 Zconfig Zconfig Configures the OpenArchitect switchTrunk Interface Statements Global StatementsGlobal Statement Syntax Trunk interface syntaxThis statement creates a trunk containing three ports Zrl0=ip sourceaddress, ip destinationaddress Is the same asExamples of trunk interface statements Teardown statement uses a colon instead of an equals signNetwork interface actions may include Examples of Network Interface StatementsPort Interface Statements Examples of Port Interface StatementsWildcards This statement is equivalent to the following three linesThis is equivalent to Zl3d Zcos class of service queue control ZcosHostname Prio RR WRR DRR port list Zcos -n 50,50,50,50,75,75,75,75 zre0..19 Zdog Options Zfilterd Zflash Zbootcfg Zl2, zl2mc, zl3host, zl3net, zvlan Zl2 -m 00c095450000 Following command deletes the above entry Following command displays all entries of the zl2 tableZgvrpd Zgvrpd -t zhp0 Zl2d Zl2d Layer 2 daemon for the OpenArchitect switchStart stop Operations Zl3d Layer 3 daemon for the OpenArchitect switch Zl3dZl3d zhp1 zhp2 zhp3 Zlc Zlc − link and LED controlTo query the settings of a particular port Ifconfig8 Zlmd Zlmd − monitor link changes or hot swap eventsZlmd zre1..4=/usr/sbin/prtchange Zlogrotate To start zlogrotate with the default valuesZlogrotate − Rotates log files Zmirror Zmirror Set packet mirroring on an ingress or egress portZmirror is cumulative Zmnt Zmnt − Expands the read/write files onto the RAM diskRestored overlay will be used upon the next reboot Zpeer On the fabric switch the following command would returnPeer is not properly functioning Healthy state, the query will return the backup state Set debug level to level Display complete status of zpeerBe also reset Zqosd Ztmd, tc8, zfilterd Zrc Zrc Packet rate controlZreg Operands Zrld Zrld Znyx redirector daemonZsnoopd Zsnoopd Zspconfig Zspconfig configure and start surviving partnerConfiguration File Ethernet Switch Blade Users Guide Release 3.2.2j Ethernet Switch Blade Users Guide Release 3.2.2j Rain link zhp1, zre1..4 Output Files Zconfig, ifconfig, vrrpd, dhclient, dhcpd Zstack Configures the OpenArchitect switch stacking ZstackStack Creation Stack Port AssociationStack Configuration Statements Stack Control StatementsAre supported Zre lists. Example of stack0..3 representing stacks 0, 1, 2 Switch Blade Ztats − Display statistics and information about switchZtats Zsync Zsync − Saves changes to the flashRestored overlay will be loaded upon the next reboot To zsync only the hosts fileZtmd Zqosd, iptables8, tc8, zfilterd Brctl Bridge and Spanning Tree Protocol administration Brctl8Setportprio bridge zre# priority Brctl8 replaces the older brcfg toolZconfig, zl2d Appendix B Base Switch Command Man Pages = Master Examples Following options are supported by vrrpd Lower Case ‘m’ the time is specified in milliseconds. See Also Specifies the ROM device from which to boot. The dev Zbootcfg -d ZhpN for example, zhp0 Trunk interface actions Examples of trunk interface statements Network interface actions may include Zhp0 vlan100 = zre1,zre10,zre11,zre13 Tag are given the Vlan tag with the VID number 1, enter This is equivalent to See Also Zcos Limit on dynamic pool usage, in bytes, reset % port list Prio RR WRR DRR port list Examples Zdog Options Zffpcounter First example queries all FFP counter values Now using zffpcounter to displayNext example clears all FFP counter values Next example queries ports 2-7, 15, Counter 19 Counter 20 Counter 21 Zfilterd -d level -p port -f -l -i pid -o pid Zflash Zbootcfg Zgmrpd Std 802.1D, 1998 EditionZgmrpd -t zhp0 Zgr Following command displays all entries of the zl2 table See Also Level Sets the level of debugging output required by zgvrpd. Enable Gvrp on the set Start stop Operations Zl3d -h hostname -t msecs -b -e -l -n -d level iface Zl3d zhp1 zhp2 zhp3 Zlc Global Settings Zlmd Examples Zlogrotate Zmirror Zmirror zre1 zre10 zmirror zre2 zre11 See Also Expanded, or the file to which the tar image is saved Restored overlay will be used upon the next reboot Zpeer Options See Also Zqosd Ztmd, tc8, zfilterd Number of packets per time period above which Zreg Echo 0x80000640 zreg -w Zrld Zsnoopd No router multicast traffic. Default is 260 seconds Zpeer peer state query Time to wait in seconds before giving up on Configuration File Ethernet Switch Blade Users Guide Release 3.2.2j Ethernet Switch Blade Users Guide Release 3.2.2j RAINlink zhp1, zre1..4 Boardsynchronizationmode basic Zconfig, ifconfig, vrrpd, dhclient, dhcpd, zpeer Ethernet Switch Blade Users Guide Release 3.2.2j Specifies the remote hostname to configure. By Stack0 ppa0 local Stack1 ppa1 local Stack Configuration Statements Wildcards See Also Zsync Files Ztmd Zqosd, iptables8, tc8, zfilterd Important This option must only be executed by zl2d Ethernet Switch Blade Users Guide Release 3.2.2j Zconfig, zl2d Appendix C Intelligent Platform Management Interface ISwitch-ShMC InteractionStates Table C.1. Ipmi M States PMC Controller Support Command Code Sensor # StatusPeripheral Management Controller Functional Support Table C.2 PMC Controller SupportSensor Reading Example Standard Ipmi Command GetSensorReadingTable C.3 GetSensorReading Standard Ipmi Response GetSensorReading Table C.4 GetSensorResonseStructure of Standard Ipmi Commands From BMC to PMC Structure of Standard Ipmi Responses From PMC to BMCField Replaceable Unit Inventory Device Event GeneratorIpmb Event message format Table C.8 Seeprom Space Spare Seeprom Space AllocationIpmb Override Status Data Table C.9. Ipmb Override Status Data Index DhcpNFS NTP Tc 62 Ztmd 301 Zvlan 179 ZX4920.MIB 333