Znyx Networks bh5700 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Znyx Networks bh5700. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Znyx Networks bh5700 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Znyx Networks bh5700 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Znyx Networks bh5700 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Znyx Networks bh5700
- nom du fabricant et année de fabrication Znyx Networks bh5700
- instructions d'utilisation, de réglage et d’entretien de l'équipement Znyx Networks bh5700
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Znyx Networks bh5700 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Znyx Networks bh5700 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Znyx Networks en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Znyx Networks bh5700, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Znyx Networks bh5700, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Znyx Networks bh5700. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    HP bh5700 ATCA 14-Slot Blade Ser ver Ethernet Switch Blade First Edition Manufacturing Part Number: AD171-9603A June 2006[...]

  • Page 2

    Ethernet Switch Blade User's Guide release 3.2.2j page ii[...]

  • Page 3

    Legal Notices The information in this document is sub ject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchanta bility and fitness for a particular purpose. Hewlett- Packard shall not be held liable for err ors contained herein or direc[...]

  • Page 4

    About the Ethernet Sw itch Blade Manual This manual includes everything you need to begin usi ng the HP Ethernet Switch Blade with OpenArchitect software, Release 3.2.2j. Ethernet Switch Blade User's Guide release 3.2.2j page iv[...]

  • Page 5

    Table of Contents Chapter 1 Overview of the Ethernet Switch Blade ........................................................... 17 High Performance Embedded Switching...................................................................... 17 Advanced TCA® Compliant........................................................................................[...]

  • Page 6

    Rapid Spanning Tree................................................................................................ 50 To Enable Rapid Spanning Tree:......................................................................... 51 Port Path Cost...................................................................................................... 51 Laye[...]

  • Page 7

    Chapter 5 Fabric Switch Administration........................................................................... 73 Setting the Root Password............................................................................................ 73 Adding Additional Users.........................................................................................[...]

  • Page 8

    Example Configuration Scripts............................................................................ 92 Overview of OpenArchitect VLAN Interfaces.................................................... 93 Tagging and Untagging VLANs.......................................................................... 94 Switch Port Interfaces.................[...]

  • Page 9

    Classical Targets................................................................................................ 111 ZNYX Targets................................................................................................... 112 ZACTION Examples......................................................................................... 112 Extens[...]

  • Page 10

    SNMP and OpenArchitect Interface Definitions............................................... 134 ifStackTable Entries........................................................................................... 135 SNMP Configuration......................................................................................... 135 SNMP Applications.........[...]

  • Page 11

    Booting the Duplicate Flash Image ............................................................................ 159 Chapter 13 Network Configuration Problems ............................................................... 160 Interface Overview...................................................................................................... 160 [...]

  • Page 12

    Chapter 17 Restoring the Factory Default Configurat ion................................................ 188 Chapter 18 Before Calling Support..................................................................................189 Appendix A Fabric Switch Command Man Pages........................................................ 191 vrrpconfig .........[...]

  • Page 13

    zgr................................................................................................................................ 297 zgvrpd.......................................................................................................................... 300 zl2d.............................................................................[...]

  • Page 14

    Figure 6.3: Init Script Flow................................................................................................ 86 Figure 7.1: Multiple VLANs..............................................................................................94 Figure 7.2: Layer 2 Switch ........................................................................[...]

  • Page 15

    Ethernet Switch Blade User's Guide release 3.2.2j page 15[...]

  • Page 16

    Ethernet Switch Blade User's Guide release 3.2.2j page 16[...]

  • Page 17

    Chapter 1 Overview of the Ethernet Swi tch Blade The Ethernet Switch Blade is a 72-port Adva ncedTCA® Hub and providing Gigabit Ethernet. Up to 14 ATCA node boards may be addressed via the PICMG 3.0 Base Interface and via the ATCA PICMG 3.1 fabric . The Base and Fabric switchi ng domains are kept totally separate, both on the physical layer and th[...]

  • Page 18

    OpenArchitect Switch Management The OpenArchitect software component – open sourc e Linux, IP protocol stack, control applications and the OA Engine – runs on two embedde d PowerPC microprocessors. OpenArchitect provides extensive manage d IP routing protocols and other open standards for switch management. Examples include ne twork services; V[...]

  • Page 19

    Ethernet Switch Blade P ort Configuration Base switch Quick Reference ShelfManager1 zre22 ShelfManager2 zre13 ISL channel ( Base node2 ) zre23 Base nodes 3-14 zre0-11 Base nodes 15,16 zre 20-21 Front panel zre12, zre14, zre15 Fabric Switch Quick Reference slot zre numbers 3 zre0-3 4 zre4-7 5 zre8-11 6 zre12-15 7 zre16-19 8 zre24-27 9 zre28-29 10 zr[...]

  • Page 20

    You will find the Ethernet Switch Blade ha s a straightforward installation and configur ation. UNIX or Linux system management skills a nd some understanding of network protocols will be required. Configure the Ethernet Switch Blade s to your networking application before you begin using the OpenArchitect switch. OpenArchitect Switch Environment T[...]

  • Page 21

    network-enabled Linux implementation. The purpose of the routing table is to tell the packet forwarding software where to forward the data packets. In Linux, the packet-forwa rding algorithm is operated in software. Normally, the routing tables are maintained by operator conf iguration and the various routing protocols that run in the application e[...]

  • Page 22

    Figure 1.2: OpenArchitect Softwar e Structure OpenArchitect applications are used to progr am and configure the Ethernet Switch Blade. These applications are implemente d above the libraries and RMAPI. Ethernet Switch Blade User's Guide release 3.2.2j page 22 Linux Appli cation Level Software (routed, gated) ZNYX RAIN Mgt API RMA PI OpenArchit[...]

  • Page 23

    Chapter 2 Port Cabling and LE D Indicators The PICMG 3.1 standard defines an embedded Ethe rnet environment for Telco chassis. This environment includes two switch fabric sl ots that create a dual star Ethernet net work to the fourteen node slots. Placing the Ethernet Sw itch Blade in a hub slot provides embedded Ethernet services to each node card[...]

  • Page 24

    4. Reinsert the switch into the shelf chassis and power up. Use a terminal emulation program to access the switch console. Out of Band Ports (OOB P orts) Each switch, fabric and Base, in a Ethe rnet Switch Blade unit has out-of-band (OOB) Etherne t ports on the front panel. This is an alternat ive maintenance port supplying Ethernet connect ivity i[...]

  • Page 25

    Ethernet Switch Blade User's Guide release 3.2.2j page 25 Figure 2.1: LED Reference[...]

  • Page 26

    Ethernet Switch Blade User's Guide release 3.2.2j page 26[...]

  • Page 27

    Chapter 3 High Availability Networkin g High availability networking is achieve d by eliminating any single point of failure through redundant connectivity: Redundant cable s, switches and network interfaces for hardware, combined with HA software solutions on both the hos ts and switches to control the HA hardware and maintain connectivity. An HA [...]

  • Page 28

    VRRP Since most end nodes use default router addres ses, the change of the default router address during a switch failover would require the end nodes to reconfigure. Layer 3 switches that failover must maintain the default router address to ma intain the end node's IP transparent failover. The Vi rtual Router Redundancy Protocol (VRRP, RFC 23[...]

  • Page 29

    Switch Replacement and Reconf iguration When a switch fails, it must be repl aced. The replacement switch will likely requi re proper configuration. For transparent switch replac ement, the newly replaced switch must le arn its configuration from its Surviving Partner. In a simple failover scenario, Host A a nd Host B are configured with failover b[...]

  • Page 30

    The configuration and runtime scripts creat ed are as follows: • S70Surviving_partner Switch initialization script that is run at boot time. This script will restart the switc h with the original configuration given to zspconfig . Optionally, zspconfig will run this script from the i nitial invocation. • zsp.conf.<n> - zspconfig configura[...]

  • Page 31

    When using a Linux Bonding driver on the node card, the bonding dri ver should be configured for Mode 1 (active/standby). See the Linux Bonding docum entation at http://sourceforge.net/project s/bonding/ for complete information. The two Base switches will be configure d as Surviving Partners, using VRRP to form a single virtual interface to the ho[...]

  • Page 32

    sibling_addresses: zhp1 = 10.0.0.30, 10.0.0.31 netmask 255.0.0.0; Now configure the virtual address for each s ibling group. We are going to create a virtual interface across one VLAN, but not for the inte rconnect. This provides a single point to connect/route to the VLANs. vrrp_virtual_address: zhp1 = 10.0.0.42 netmask 255.0.0.0; Next come port d[...]

  • Page 33

    #vrrp_mode: block_crossconnect; The next sections determines t he failover mode between the Surviving Partner switches. Ther e are three modes: • switch - Failover by switch. Failover from Maste r switch to Backup on any port failure. The switch with the most links becomes the new Master. One port failure will cause the switch to failover. • vl[...]

  • Page 34

    #start_script:/etc/rcZ.d/SxxScript; #start_script:/etc/rcZ.d/SyyScript; # vrrpd_script: Allows the user to add scripts to be executed during # vrrpd state transitions. These scripts are run from the end of the # /etc/rcZ.d/surviving_partner/vrrpd.script file. The user provided # script must be well behaved. If it crashes, or hangs or delays it will[...]

  • Page 35

    Once the configuration files are comple te, run the zspconfig utility on the Master to configure all the scripts: NOTE: This command can take 60 seconds or more with n o screen output. zspconfig –f zsp.conf You will see output similar to this: zspconfig -f zsp.conf …. Would you like to install the Surviving Partner startup script[y,n,?] y Would[...]

  • Page 36

    # This script will likely need modification for your particular # network setup. # # In this example the Egress ports, zre20..23 and zre48..50 are # not managed by HA since how, or if, these ports are managed by HA is # dependent on the external devices they are connected to. Non-HA # egress ports can be brought up through conventional means by add[...]

  • Page 37

    zconfig zre0, zre4, zre8, zre12, zre16, zre24, zre28, zre30, zre32, zre34, zre36, zre38, zre40, zre42 = untag1; zconfig zre1, zre5, zre9, zre13, zre17, zre25, zre29, zre31, zre33, zre35, zre37, zre39, zre41, zre43 = untag2; zconfig zre2, zre6, zre10, zre14, zre18, zre26 = untag3; zconfig zre3, zre7, zre11, zre15, zre19, zre27 = untag4; zconfig zre5[...]

  • Page 38

    vrrp_virtual_address: zhp1 = 10.0.0.42 netmask 255.0.0.0; vrrp_virtual_address: zhp2 = 11.0.0.42 netmask 255.0.0.0; vrrp_virtual_address: zhp3 = 12.0.0.42 netmask 255.0.0.0; vrrp_virtual_address: zhp4 = 13.0.0.42 netmask 255.0.0.0; # Port definitions # Define to what the ports are connected. Specifications can be # by zhp or zre name. The zhp name [...]

  • Page 39

    # crossconnect ports of the VRRP Backup. The block_crossconnect mode is # meant as a replacement for STP, however, the switches connected to the # crossconnect ports must be Ethernet Switch switches running Surviving Partner. # # The RAINlink_xmit_on_failover mode requires that the OpenNode blades # connected to RAINlink ports transmit a packet whe[...]

  • Page 40

    failover_mode: port; # VRRP_msg_rate is the time in milliseconds between transmissions # VRRP messages on the interconnect. The VRRP protocol requires the # absence of 3 VRRP messages before concluding that the remote switch # has failed. The msg_rate must match the msg_rate of all siblings. # Anything other than multiples of seconds is non-conform[...]

  • Page 41

    # Fabric portions of the 7100 switch. The actual coordination is dependent on the # setting of the board_synchronization_mode and the failover_mode. In # switch failover_mode the number of up links in both switch planes is # considered. In vlan and port failover mode they are not. In all # failover_modes, if the data plane or fabric plane switch re[...]

  • Page 42

    # gated_template: Allows the user to provide a template for the # gated.conf file to be used by the sibling group. #gated_template: /etc/rcZ.d/surviving_partner/gated.template Once the configuration files are comple te, run the zspconfig utility on the Master to configure all the scripts: NOTE: This command can take 60 seconds or more with n o scre[...]

  • Page 43

    Finally, it lets the currently saved S70Surviving_Partner script execute. This case would be the case of a power up of an already configured backup sw itch when the other HA switch is unavailable. This case could occur after losing power to the entire chassis. Central Authority Modifications can be made to the S60SP_startup script to use a third ma[...]

  • Page 44

    "zsp.primary.conf"; } host SECONDARY { fixed-address 100.0.0.31; option dhcp-client-identifier "SECONDARY"; option vendor-encapsulated-options "zsp.secondary.conf"; } } The zsp.primary.conf and zsp.secondary.conf files must be placed in the tftp location on the machine, often /tftpboot . The zsp.primary.conf and zsp.se[...]

  • Page 45

    request vendor-encapsulated-options; require vendor-encapsulated-options; The last step is to modify the start up scripts that run zspconfig to use the -c option. The -c option allows you to provide a dhclient.conf script rather then having zspconfig create a default. For example, the S60SP_startup script line that reads: echo y n | zspconfig -t 10[...]

  • Page 46

    Chapter 4 Fabric Switch Configu ration Two switches, two consoles There are two separate switch port ions in the Ethernet Switch Blade units, the base s witch and the fabric switch. The fabric switch handles the data traffic for the ATCA rack over ports 0-47. It runs the Ethernet Switch Blade softwar e. Two or four GigE connections are provided to [...]

  • Page 47

    Changing the Shell Prompt You may use standard bash shell procedures to change the prompts on your base switches. Many sites choose a system that distingui shes among the individual switches at their locati on. The same rules apply for saving your choice ( zsync) a s for all other configuration changes. Default Configuration Scripts As shipped the [...]

  • Page 48

    Overview of OpenArchitect VLAN In terfaces A zhp device is associated with one VLAN. zhp ma y have one or more physical ports and their associated zre devices. A VLAN from the viewpoint of the switch is a logical mapping of ports based on intended use. The primary purpose of a VLAN is to is olate traffic and enable communication to flow more effici[...]

  • Page 49

    Switch Port Interfaces For each switch port, OpenArchitect c reates a separate interface with its own MAC a ddress called a ZNYX raw Ethernet ( zre ). After the initial power up, 48 zre interfaces are created, one for each in band port. You cannot directly acce ss or modify the zre interfaces. During the initial power up of the switch, the de fault[...]

  • Page 50

    ifconfig zhp1 0.0.0.0 # # At this point the system will act as a Layer 2 switch # across all ports. Also, the system will accept telnet() # connections on 10.0.0.43 on any port. Script(s) may then # be run to reinitialize the system and modify its # configuration. Using the S50layer2 Script The S50layer2 script can be used as an example, and edited[...]

  • Page 51

    To Enable Rapid Spanning Tree: Create a VLAN containing the ports that will be a part of the Linux bridge running Rapid Spanning Tree. This example will use ports 0-3 (unta gged): zconfig zhp0: vlan1=zre0..3 zconfig zre0..3=untag1 Create a bridge device from the zhp de vice, zl2d start zhp0 A Bridge device named bzhp0 should now exist consist ing o[...]

  • Page 52

    Layer 3 Switch Configuration The previous section outlines the Layer 2 switch configuration that is automatically confi gured when you initially bring up the OpenArchitec t switch. In order to communicate between Layer2 interfaces, you must properly setup routing. The steps to build a Layer 2 switch involve creating a group of switch ports in a VLA[...]

  • Page 53

    In the S50layer3 script separate VLANs are set up for ea ch port. The VLANs, are labeled as zhp0..zhpn . Each VLAN is associated with an individua l zre interface. There is always a one to one connection between VLANs and zhp interfac es. Remember, zre and zhp interfaces can begin with a zero value but a VLAN cannot (t hat is, zhp0 has zre0 on vlan[...]

  • Page 54

    the number of IP addresses as applicable. In the exam ple below, the IP address is changed for the interface in the ifconfig command line of the scr ipt. From: ifconfig zhp0 10.0.0.43 netmask 255.255.255.0 broadcast 10.0.0.255 up To: ifconfig zhp0 193.08.1.1 netmask 255.255.255.0 broadcast 193.08.1.255 up • Adjust the number of zhp interfaces, th[...]

  • Page 55

    interface 10.0.1.42 passive interface 10.0.2.42 passive . . . interface 10.0.13.42 passive interface 10.0.14.42 passive interface 10.0.15.42 passive • Defines the netmask used in the interface . define 10.0.0.43 netmask 255.255.255.0; define 10.0.1.42 netmask 255.255.255.0; define 10.0.2.42 netmask 255.255.255.0; . . . define 10.0.13.42 netmask 2[...]

  • Page 56

    . . interface 10.0.13.43 ripin ripout version 1; interface 10.0.14.43 ripin ripout version 1; interface 10.0.15.43 ripin ripout version 1; • Imports routes learned through the RIP protocol. import proto rip { all; }; • Exports all directly connected routes and routes l earned from the RIP protocol. export proto rip { proto direct } all; }; prot[...]

  • Page 57

    Or for OSPF: cp /etc/rcZ.d/examples/S55gatedOspf /etc/rcZ.d cp /etc/rcZ.d/examples/gated.conf.ospf /etc/rcZ.d • Open and make configuration changes to the listed conf file to coincide with the current Layer 3 configuration (that is, adjust IP addresses and numbe r of interfaces available). See GateD documentation if you have questions regar ding [...]

  • Page 58

    Marking and Re-marking The OpenArchitect switch can mark or rem ark packets using the TOS field or 802.1p tag. This is also controlled through the Linux iptables utili ty. Scheduling The servicing of configured queues by the switc hing fabric is referred to as scheduling. The OpenArchitect switch has three built-i n scheduling algorithms. The type [...]

  • Page 59

    you may want to move your set of iptables commands t o a start up script to run upon initialization. This could be a ccomplished by creating a standalone " S " script and plac ing that script into / etc/rcZ.d . Restrictions on Implementation Several restrictions exist on the r ules that can be implemented on the FFP hardware. These includ[...]

  • Page 60

    On the other hand, in the following sequence of rule s, the position of the rule that drops SYN packets is important. Since the set of fi elds it examines is not a subset of the fields exa mined by the ACCEPT rules, and visa versa, the order ing rule given above does not apply. In this case, the order it is applied will be the same as it s position[...]

  • Page 61

    By default, INPUT, FORWARD and OUTPUT chains are insta lled on boot up. Additional rules can be installed for the other chains . Additionally, one can write software extensions to add mor e chains. Figure 4.2 provides an illustration of the Firewall Flow. When a packet reaches a circl e in the diagram, that chain is examined to decide the fate of t[...]

  • Page 62

    send to CPU action is specified, it is sent to the INPUT chain for further processing. If there is no valid way to forward the packet, it is dropped. If t he switch is configured to forward the packet, it is sent to the FORWARD chain. Next the hardware FORWARD chain is walked. If ther e is a rule inserted that matches the packe t headers, then it i[...]

  • Page 63

    The type can be preceded by ! to match a ny message except the type listed, for example, -- icmp-type ! 1 Specifying TCP or UDP po rts If the protocol is TCP or UDP, the -s ( or --sport ) and -d (or --dport ) opti ons specify the TCP or UDP ports to match. A range of ports can be specified by giving the first and last ports separated by a : , as in[...]

  • Page 64

    --drop Drops the packet --accept Accepts the packet --set-prio <val> Set the 802.1p priority to <val> --use-prio <val> Use queue priority <val> --copy-cpu Send the packet to the CPU. This will force the full installed chains traversal in software --set-eport <val> Redirect the packet to port <val> --set-mport <[...]

  • Page 65

    FORWARDING Chain supports all of them. tc and zqosd tc , which stands for Traffic Control, is a mec hanism for enabling Quality of Service on Linux. tc uses three functional objects: queuing dis ciplines , which comprise queuing and scheduling algorithms such as FIFO queues, priority queues, R ED queues, and token buckets; classes , which are leafs[...]

  • Page 66

    qdisc pfifo 100: dev zhp0 limit 32p The tc command is applied to a device, so dev zhp0 must be specified. Note that a VLAN, such as zhp0 , and a port, such as zre0 , are eac h treated as devices. Breakdown of the options: handle 100:0 Defines the handle for the queuing discipl ine. This handle may be used to reference the pfifo queue. Note that the[...]

  • Page 67

    The byte-limited FIFO queue case differs only s lightly from the packet-limited FIFO case. T he syntax is almost identical. In hardware the limit is based on 128-byte cells. The speci fied byte limit is divided by 128 to determine the cel l limit. Always specify a byte limit of at least 128 bytes to avoid setting the queue length to zer o. For exam[...]

  • Page 68

    index of the list element (numbering f rom 0) and q is the value specified by that element. So, thi s example would read: Priority 0 maps to Queue 1 Priority 1 maps to Queue 2 Priority 2 maps to Queue 2 Priority 3 maps to Queue 2 Priority 4 maps to Queue 3 Note that the tc priority map applies to a 4- bit field. With the Ethernet Switc h Blade, the[...]

  • Page 69

    The U32 Filter The U32 filter provides the capability to mat ch on fields in the L2, L3 or L4 header of a packet. Each match rule gives the locati on of the field to be tested, which is always a 32 bit word, a mas k selecting the bits to be test ed, and a value which is to be matched by the packet field. M any matches can be specified in one tc fi [...]

  • Page 70

    Although the translation rules handle some inconsistency between software and hardware, a use r must define a combination of rules that is reasonable in hardware, to ensure predictable re sults. Handle Semantics All examples have illustrate d zqosd copying tc rules into hardware. In fact, the zqosd util ity also enables the user to add tc rules tha[...]

  • Page 71

    • The PDP sends that policy to the PEP. • The PEP installs the policy and applie s it to future traffic. As long as COPS is running, a connection between the P EP and PDP should stay open. A PEP could query a PDP at any time asking for a policy deci sion. Alternatively, an administrator coul d modify the policy on a PDP, which would then push a[...]

  • Page 72

    The pepd utility requires a PDP that has impl emented the above RFCs and drafts. Until all dra ft standards are approved, the certain COPS-PR data types will not be assigned OIDs. pepd uses non-standard OIDs for the unassigned values. Using pepd The pepd utility works by connection to a PDP, informing the PDP of its roles , and installing any rules[...]

  • Page 73

    Chapter 5 Fabric Switch Administration One of the main benefits of the OpenArchite ct switch is that it runs Linux, so much of the switch administration is already familiar to most network or system administrators. It is a good i dea to complement these instructions wit h a standard Linux reference guide, such as Linux Net work Administrator’s Gu[...]

  • Page 74

    Enter new password: Re-enter new password: Password changed. ZX7100-OA<release no.># zsync ZX7100-OA<release no.># Setting up a Default Route If you wish to access the switch from some pla ce other than a directly attached network, you may want to setup a default route. Use the rout e command to set a default gateway. route add default [...]

  • Page 75

    dhcpd Consult Linux Network administration m anuals for more information on DHCP and configuration options. To use DHCP to set your IP addresses automatical ly on boot up, uncomment the the following line in /etc/init.d/rcS by removing the # sign dhcpd Network Time Protocol ( NTP) Client Configuration NTP is a protocol for setting the real time clo[...]

  • Page 76

    /sbin/rpc.statd /usr/sbin/rpc.mountd -r Once the above servers are started, you c an mount a remote NFS file system. mount rhost:nfs_file_system local_mount_point If the remote NFS file system you’re mounting is on an OA switch, you should mount with caching disabled. mount rhost:nfs_file_system –o noac local_mount_point All the necessary serve[...]

  • Page 77

    Now start nfsd to export the mount points and begin answer ing requests from remote clients. /sbin/rpc.nfsd –r To export file systems automatic ally on boot, edit /etc/init.d/rcS , uncomment the /sbin/rpc.nfsd command line by removing the #. /sbin/rpc.nfsd -r Connecting to the Switch Using FTP Use ftp to transfer files to or from the switch. Se e[...]

  • Page 78

    SNMP Agent Simple Network Management Protocol (SNMP) is the defacto standard for network management. An SNMP agent maintains a structure of data for a network device in a virtual information database, called a Management Inf ormation Base (MIB). A network management station is capable of accessing the MIB of the net work device to monitor and confi[...]

  • Page 79

    Supported MIBs RFC 2573: S NMP Applications RFC 2574: U ser-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 2575: V iew-based Security Model (VACM) for version 3 of the Simple Networ k Management Protocol (SNMP) RFC 2576: C oexistence between Version 1, Version 2 and Version 3 of the In ternet- standa[...]

  • Page 80

    Supported Traps SNMPv2-MIB: coldStart SNMPv2-MIB: authenticationFailure IF-MIB: linkUp IF-MIB: linkDown UCD-SNMP-MIB: ucdShutdown RMON-MIB: risingAlarm RMON-MIB: fallingAlarm VRRP: vrrpTrapNewMaster VRRP: vrrpTrapAuthFailure EGP (rfc1213): egpNeighborLoss BGP4-MIB: bgpEstablished BGP4-MIB: bgpBackwardTransition Table 5.2: Supported Traps SNMP and O[...]

  • Page 81

    Link and SNMP Status Physical Link Status SNMP Operational Status zre1 zre2 zre1 zre2 zhp0 down down down down down down u p down up up up down up down up up up up up up Table 5.3: Link and SNMP Status The administrative status i s directly controlled by ifconfig up/down. The administrative s tatus of the zhps and zres do not affect each other. ifS[...]

  • Page 82

    response. The processing for link up and link down traps is now user c onfigurable. As the default, traps conform to RFC2863, meaning the trap conte nts will include: ifIndex, ifAdminStatus and ifOperstatus You can alter this behavior by specifying: cisco_link_traps on If cisco_link_traps are turned on as described then link up and link down traps [...]

  • Page 83

    mirrored (copied and transmitted) to por t 12. This mirroring would be in addition to any Layer 3 or Layer 2 switching. zmirror zre0 zre12 zmirror zre1 zre12 zmirror zre2 zre12 To clear the current mirroring use the -t option. The -e option can be used to indicate that packets being sent on a given port should be copi ed to the mirror_to port. For [...]

  • Page 84

    Chapter 6 Fabric Switch Maintenance This chapter includes basic informa tion about the OpenArchitect switch environment incl uding an overview of the file system structure, modi fying and updating switch files, upgrading the switch driver and kernel, and implementing a s ystem recovery. Overview of the OpenArchitect swi tch boot process The OpenArc[...]

  • Page 85

    Figure 6.2: Boot Flow Chart Under normal circumstances, the booting up proc ess follows the process outlined in Figure 6.2. During boot up, the zmon bootloader reads the device boot string to locate and validate the correct application image to l oad. The bootstring command is in the following format: boot : X | [<options>] X represents the d[...]

  • Page 86

    Saving Changes Any modifications made to the scripts for your particular configuration must be properly saved or your changes are lost when you reboot. The file syste m for the switch only exists in memory. A rewritable overlay is contained within t he upper four megabytes of the first application f lash. Modifying Files and Updating t he Switch An[...]

  • Page 87

    configuration files contained in / e t c / r c Z . d In order to telnet into the box, there must be a configured interface with a proper IP address. For e xample, zhp0 is configured with the IP address 10.0.0.43 in the factory default configurati on. Booting with the –i option If you cannot telnet into the switch and Linux fails to boot, it is li[...]

  • Page 88

    zsync /etc/hosts • Reboot the system. System Hangs During Boot After attaching the system console cabl e, if the system hangs during boot, try booting with the –i option as described in the previous section. It is possible that important Linux system fil es became corrupted and incorrectly save d in the flash overlay. Use zmnt as described in t[...]

  • Page 89

    Download the OpenArchitect image to a local system. The OpenArchitect image is very cl ose to the limit of free space available on a default system so you may need to clear some space prior to downloadi ng the OpenArchitect image to the switch. Check for free space with the df c ommand. One of the easiest ways to create free space is to remove /usr[...]

  • Page 90

    Using apt-get apt-get is a utility created by the Debia n Linux community to allow remote fetching and installation of software stored in a repository in Debian package format. It allows users to keep their software up-to-date with the latest binaries, and install new software without the need to recompile. Users may create their own repositories a[...]

  • Page 91

    Chapter 7 Base Switch Configuration At this point, the OpenArchitect Ether net Switch Blade should be installed and powered up for the first time. This chapter helps you conne ct and configure the base switch by presenting command line examples as well as a disc ussion of the example configuration scripts . You may configure the fabric switch indep[...]

  • Page 92

    files into flash for reloading. Changing the Shell Prompt You may use standard bash shell procedures to change the prompts on your base switches. Many sites choose a system that distingui shes among the individual switches at their locati on. The same rules apply for saving your choice ( zsync ) as for al l other configuration changes. Default Conf[...]

  • Page 93

    • S50multivlan - Script which sets up multiple untagged VLANs. The first VLAN includes the first ten 10/100/1000 ports, the next contains the last ten 10/100/1000 ports, the third VLAN contains two 10/100/1000 ports, the last VLAN contains the last two 10/100/1000 ports. Layer 3 switching is enabled. • S55gatedRip1 - Script which is used with a[...]

  • Page 94

    Tagging and Untagging VLANs The OpenArchitect switch is capabl e of switching VLAN tagged and untagged data packets. VLAN tagged packets conform to the 802.1q specific ation and the packet header contains an additional four bytes of VLAN tag information. A given port can be specified to accept VLAN tagged or untagged traffic. Internall y, all traff[...]

  • Page 95

    Figure 7.2: Layer 2 Switch During the initial power up, a startup script called /etc/rcZ.d/S50layer2 is executed at boot time creating a single untagged VLA N (IP interface labeled as zhp0 ) which includes all Ethernet and gigabit ports as one Layer2 switch. The int erface to the host is then assigned the IP addres s of 10.0.0.42 to allow access to[...]

  • Page 96

    Using the S50layer2 Script The S50layer2 script can be used and example, or edited to customiz e your Layer2 setup. For example, to reconfigure the IP address on your Layer 2 switch , • Open the S50Layer2 file in the Linux vi editor. • Change the IP address value listed under the Linux ifconfig(1M) command line. • Save your changes by running[...]

  • Page 97

    brctl show brctl showbr bzhp0 Port Path Cost Each port has an associated cost that c ontributes to the total cost of the path to the Root Bridge when the port is the root port. The smaller the cost, the better the path. The Ethernet Switch Blade uses the following IEEE 802.1D recommendations base d on the connection speed of your port: Port Path Co[...]

  • Page 98

    zconfig zhp1: vlan2=zre5..8 zconfig zre5..8=untag2 Now, use ifconfig to assign each zhp interface an IP address, ifconfig zhp0 10.0.0.1 ifconfig zhp1 11.0.0.1 At this point, the Linux host has enough informati on to route between the networks of the directly attached interfaces, 10.0.0.0 via zhp0 , and 11.0.0.0 via zhp1 . The next step is to enable[...]

  • Page 99

    Linux IP zre1 VLAN 2 zre4 zre3 VLAN 3 zre2 VLAN 4 zre11 VLAN 11 zre7 VLAN 7 zre9 VLAN 9 zre6 VLAN 6 zre8 VLAN 8 zre10 VLAN 10 zre5 VLAN 5 VLAN 14 zre12 VLAN 12 zre13 VLAN 13 zhp0 - zhp2 3 zre20 VLAN 15 Each vlan interface (zhp) has only one switch port (zre) VLAN 1 zre0 zre15 VLAN16 zre16 VLAN17 zre17 VLAN18 zre19 VLAN20 VLAN19 VLAN23 VLAN22 VLAN21[...]

  • Page 100

    • Runs the OpenArchitect zl3d . The zl3d application monitors the Linux routing tables and updates the switch routing tables for each inte rface configured above. /usr/sbin/zl3d zhp0..23 zl3d initially creates and adds eac h zhp interface (VLAN) to the switch routing tables. The zhp0..zhp23 is shorthand for the list of interfaces ( zhp0 , zhp1 , [...]

  • Page 101

    • VLAN 4, zhp3: for last set of six ports, zre18- zre23 Each VLAN interface is labeled z h p N in the file, where N is a value from 0-3. Each interface is untagged and assigned its own IP address (see Figure 7.4) . Figure 7.4: Multiple VL AN Configuration The S50multivlan script executes the following c ommands: • Runs zconfig to create and sta[...]

  • Page 102

    (10.0.0.42-10.0.3.42), assigns the netmask and brings them up. ifconfig zhp0 10.0.0.42 netmask 255.255.255.0 broadcast 10.0.0.255 up ifconfig zhp1 10.0.1.42 netmask 255.255.255.0 broadcast 10.0.1.255 up ifconfig zhp2 10.0.2.42 netmask 255.255.255.0 broadcast 10.0.2.255 up ifconfig zhp3 10.0.3.42 netmask 255.255.255.0 broadcast 10.0.3.255 up • Run[...]

  • Page 103

    example): • Starts GateD with Rip1 using gated.conf.rip1 as the confi guration file: /usr/sbin/gated –f /etc/rcZ.d/gated.conf.rip1 The GateD conf file specifies the f ollowing configuration commands: • Implements the passive function so GateD is pre vented from rerouting information to a different interface if insufficient informat ion is rec[...]

  • Page 104

    interface all noripin noripout • Opens sending and receiving packets for selected int erfaces. interface 10.0.0.42 ripin ripout version 1; interface 10.0.1.42 ripin ripout version 1; interface 10.0.2.42 ripin ripout version 1; . . . interface 10.0.13.42 ripin ripout version 1; interface 10.0.14.42 ripin ripout version 1; interface 10.0.15.42 ripi[...]

  • Page 105

    cp /etc/rcZ.d/examples/gated.conf.rip1 /etc/rcZ.d Or for RIP2: cp /etc/rcZ.d/examples/S55gatedRip2 /etc/rcZ.d cp /etc/rcZ.d/examples/gated.conf.rip2 /etc/rcZ.d Or for OSPF: cp /etc/rcZ.d/examples/S55gatedOspf /etc/rcZ.d cp /etc/rcZ.d/examples/gated.conf.ospf /etc/rcZ.d • Open and make configuration changes to the listed c o n f file to coincide w[...]

  • Page 106

    Marking and Re-marking The OpenArchitect switch can mark or rem ark packets using the TOS field or 802.1p tag. This is also controlled through the Linux iptables utili ty. Scheduling The servicing of configured queues by the switc hing fabric is referred to as scheduling. The OpenArchitect switch has three built-i n scheduling algorithms. The type [...]

  • Page 107

    Running zfilterd Before starting zfilterd , ztmd must be running. Your can star t both from within a script, or directly from the command line . For example, ztmd zfilterd iptables rules can be entered at any time. If your iptables fi ltering rules set is extensive, you may want to move your set of iptables commands t o a start up script to run upo[...]

  • Page 108

    action that will take place . For example, the rules: iptables -a FORWARD -i zhp3 -j DROP iptables -a FORWARD -i zhp3 -o zhp1 -p tcp --dport smtp -j ACCEPT result in SMTP packets received on any port in zhp3 to be sent for any port in zhp1 ; all other packets from zhp3 would be dropped. The order of the two rul es in the FORWARD chain does not matt[...]

  • Page 109

    Introduction Firewall rules are stored in tables. The se tables are sometimes also known as firewal l chains or just chains . Tables normally store rules for what are known as hooks , which can be looked as packet-path junctions. There are five de fined hooks: PRE-ROUTE, POST-ROUTE, INPUT, OUTPUT and FORWARDING. The example below illustrat es the d[...]

  • Page 110

    Packet Walk When a packet comes in via one of the int erface ports, the base switch makes a routi ng decision. If the packet was destined for the base switch itself or if the send to CPU action is speci fied, it is sent to the INPUT chain for further processing. If the re is no valid way to forward the packet, it is dropped. If the switch is config[...]

  • Page 111

    --icmp-type ping The type can be preceded by ! to match a ny message except the type listed, for example: --icmp-type ! 1 Specifying TCP or UDP po rts If the protocol is TCP or UDP, the -s ( or --sport ) and -d (or --dport ) opti ons specify the TCP or UDP ports to match. A range of ports can be specified by giving the first and last ports separate[...]

  • Page 112

    ZNYX Targets ZACTION This is the ZNYX Action target. Parameters for ZACTION: --drop Drops the packet --accept Accepts the packet --set-prio <val> Set the 802.1p priority to <val> --use-prio <val> Use queue priority <val> --copy-cpu Send the packet to the CPU. This will force the full installed chains traversal in software --[...]

  • Page 113

    Extensions to the default matches These are described in the Linux packet filtering HOWTO at: http://netfilter.org/docume ntation/index.html#documentation-howto ZNYX FORWARDING Chain supports all of them. tc : Traffic Control The switch supports up to eight queues for each por t, including the cpu port. These queues hold packets waiting to be trans[...]

  • Page 114

    queue number + 1 after the qdisc handle. So the highest priority queue in this example is 105:8. NOTE: 16 values must be provided for the priomap list. T his is a feature of the Linux priority system, which uses 16 priority level s. The last eight values given will be ignored. Weighted Round Robin Qdisc A weighted round robin qdisc builds on the ab[...]

  • Page 115

    handle 100:0 Defines the handle for the queuing discipl ine. This handle may be used to reference the pfifo queue. Note that the ha ndle is included with the output of the qdisc ls command. (100:0 and 100: are equi valent in tc .) The choice of handle is significant for zqosd . root Tells tc that this is the base queuing discipline for the device, [...]

  • Page 116

    match ip tos 0xa0 0xe0 would match an IP precedence of 5. Specific fields can also be speci fied by giving their offset from the beginning of the IP hea der and a field name of u8 , u16 , or u32 , depending on the width of the fiel d. For example, to match the SYN bit in the TCP flags, the specific ation is: match u8 2 0x02 at 33 Several IP fields [...]

  • Page 117

    tc qdisc add dev zre1 ingress //ingress qdisc for zre1 tc qdisc add dev zhp2 ingress //ingress qdisc for vlan The filter add command changes slightly, the pa rent is now a special handle ffff:fff1, so using the same filter as the first example : tc filter add dev zre1 parent ffff:fff1 protocol ip u32 match ip dst 10.91.100.5/32 classid 105:2 This f[...]

  • Page 118

    omitted, and the packet is not dropped, the e gress queue will be determined by the priority of t he packet, either from the 802.1p priority for ta gged packets or the default priority for untagged packets for the ingress port. Examples The following commands set up priority queues for packets sent to the CPU and then use filters with policing to d[...]

  • Page 119

    specified numerically for eithe r out-of-profile or in-profile actions. The numeric val ue is a decimal integer action code shown in the table below. If the action requires a paramet er, the parameter value is multiplie d by 256 and added to the action code. Only a few of the actions are possible for out-of-profile. All can be used for in- profile.[...]

  • Page 120

    for a u16 match. In many cases, there is a fiel d name that can be used for the match, elimina ting the need to specify the offset. U match selectors Field Match Equivalent ip src a.b.c.d/n u32 <value> <mask> at 12 ip dst a.b.c.d/n u32 <value> <mask> at 16 ip tos <value> <mask> u8 <value> <mask> at 1 [...]

  • Page 121

    OpenArchitect switch though, because the norm al case is for packets to be switched in hardware. For that reason, zqosd must be used to shadow tc configurati on into hardware. Like zfilterd , zqosd works with ztmd , which provides the actual hardwar e interaction. If ztmd is not already running, start it:, then initiate t he zqosd daemon with no pa[...]

  • Page 122

    In tc , the prio queuing discipline establishes multi ple queues and specifies their associate d priority map. Although WRR support is not part of the standard tc distribution, it has been added to the prio disciplinE. The following example illustrat es WRR. A strict priority scheduler is a simple r case that can be constructed easily from this exa[...]

  • Page 123

    many packets sent as queue 0, queue 2 will have four times as many, and queue 3 will have six times as many. wrr parameters a re scaled such that the maximum value is no more t han 15. values which would be 0 are set to 1: • Queue 0 has a weight of 1000 bytes • Queue 1 has a weight of 2000 bytes • Queue 2 has a weight of 4000 bytes • Queue [...]

  • Page 124

    tc filter add dev zhp0 protocol arp parent 100:0 u32 match u32 2 0xffff at +4 flowid 100:30 Combining Queuing Discip lines Any of the queue length limiting discipline s can be used with the bandwidth management queue disciplines, by defining them with the handle of one of the classes as their parent. For the htb queueing discipline, each class has [...]

  • Page 125

    Figure 7.6: COPS Network Architecture A PDP contains all of the policy rulers for it s associated PEPs. A PDP typically stores rules in a data and is a dedicated server, not a f orwarding device. A PEP is any network device that has to enforce policy decisions. For example, a switch that restricts network access or prioriti zes traffic fits the def[...]

  • Page 126

    and relaying those requests to its PDP. By contrast, the provisioning model is based on l onger lasting policy. The expectation is that policy should be administratively defi ned at the PDP and pushed to the PEPs as needed. OpenArchitect is a COPS-PR client. The most common use of COPS-PR is for distributing Differentiated Services (Diffserv) poli [...]

  • Page 127

    where, PDP address: The IP address of the PDP. Default is loopback (127.0.0.1) PDP port: The destination port on which to open a COPS connection. Default is 3288. PEPID: The PEP Identifier Role-If: A mapping of roles to interfaces. The name of the role is followed by a comma-delineated list of interfaces. Multiple role- interface mappings are defin[...]

  • Page 128

    Chapter 8 Base Switch Administration One of the main benefits of the OpenArchite ct switch is that it runs Linux, so much of the switch administration is already familiar to most network or system administrators. It is a good idea to complement these instructions wit h a standard Linux reference guide, such as Linux Net work Administrator’s Guide[...]

  • Page 129

    ZX6000-OA<release no.># zsync ZX6000-OA<release no.># Setting up a Default Route If you wish to access the switch from some pla ce other than a directly attached network, you may want to setup a default route. Use the rout e command to set a default gateway. route add default gw 10.0.0.254 Put the entry into the /etc/init.d/rcS startup [...]

  • Page 130

    Network Time Protocol ( NTP) Client Configuration NTP is a protocol for setting the real time clock on a system. There are numerous primary and secondary servers available on the network. F or more NTP information, and a list of available NTP servers, see the following URL: http://www.ntp.org/ You will need to have your network settings properly co[...]

  • Page 131

    All the necessary servers are included in /etc/init.d/rcS but are commented out by default. To automatically start all NFS client services each time you boot, uncomment t he NFS Client servers. Go to the /etc/init.d/rcS file. Uncomment the following command lines by removing the # sign. /sbin/portmap /sbin/rpc.statd /usr/sbin/rpc.mountd -r You can [...]

  • Page 132

    ftpd Server Configuration The switch itself can also be configured to run a n FTP server ( ftpd ). See the Linux Reference Guide for details of the ftpd command. You will ne ed to add a user to the switch in order to connect via ftp from a remote host, since root is not allowed ftp access. See the earlier section in this chapter regarding how to ad[...]

  • Page 133

    Supported MIBS RFC 1155: Structure and Identification of Management Information for TC P/IP-based internets RFC 1227: SNMP MUX Protocol and MIB RFC 1493: Definitions of Managed Objects for Bridges (obsoletes RFC 1286) RFC 1657: Definitions of Managed Objects for the Fourth Version of th e Border Gateway Protocol (BGP-4) using SMI-V2 RFC 1724: RIP V[...]

  • Page 134

    Supported MIBS ZNYX Networks Private MIB Custom ZNYX MIB to support software and hardware features not covered by standard MIBs. The Private MIBs are ZX7100BASE.MIB AND ZX7100FABRIC.MIB, pointed to by ZNYX-H.MIB. UCD-SNMP Enterprise MIB UCD-SNMP MIB related to management and monitoring of the LINUX ho st Table 8.1: Supported MIBs Supported Traps Up[...]

  • Page 135

    status is down, then the operational status will be down independent of the underlying link state. You must ifconfig up the zres to see the operational link status for a zre . When the administrative status is up, the oper ational status is dependent on the underlying physical state. For example, Table 8.3 shows that if zhp0 contains zre1 and zre2 [...]

  • Page 136

    IMPORTANT: For NET-SNMP agents, these objects ( sysLocation.0, sysContact.0 and sysName.0 ) ordinarily are read-write. However , specifying the value for one of these objects by giving the appropriat e token in snmpd.conf makes the corresponding object read-only, and attempts to set the value of the object will result in a notWritable error respons[...]

  • Page 137

    zmirror mirror_from mirror_to After executing the following three c ommands, packets received on ports 0, 1 and 2 would be mirrored (copied and transmitted) to por t 12. This mirroring would be in addition to any Layer 3 or Layer 2 switching. zmirror zre0 zre12 zmirror zre1 zre12 zmirror zre2 zre12 To clear the current mirroring use the -t option. [...]

  • Page 138

    Chapter 9 Base Switch Maintenance This chapter includes basic informa tion about the OpenArchitect switch environment incl uding an overview of the file system structure, modi fying and updating switch files, upgrading the switch driver and kernel, and implementing a s ystem recovery. Overview of the OpenArchitect switch boot process The OpenArchit[...]

  • Page 139

    Under normal circumstances, the booting up proc ess follows the process outlined in Figure 6-2. During boot up, the zmon bootloader reads the device boot string to locate and validate the correct application image to l oad. The bootstring command is in the following format: boot : X | [<options>] X represents the device value 0, 1 or 2 The bo[...]

  • Page 140

    Saving Changes Any modifications made to the scripts for your particular configuration must be properly saved or your changes are lost when you reboot. The file syste m for the switch only exists in memory. A rewritable overlay is contained within t he upper four megabytes of the first application f lash. Modifying Files and Updating th e Switch An[...]

  • Page 141

    Booting with the –i option If you cannot telnet into the switch and Linux fails to boot, it is likely that a change saved by zsync has left the switch in an inaccessible state. To allow users to recover from mist akes saved in the overlay file system, a boot argument of –i passed to the init process will stop the untarring of the saved overlay [...]

  • Page 142

    System Hangs During Boot After attaching the system console cabl e, if the system hangs during boot, try booting with the –i option as described in the previous section. It is possible that important Linux system fil es became corrupted and incorrectly save d in the flash overlay. Use zmnt as described in the previous section to fix or remove the[...]

  • Page 143

    the limit of free space available on a default system, so you may need to clear some space prior to downloading the new OpenArchitect im age to the switch. CAUTION: Do not remove the existing copy of /usr/sbin/gated (as suggested in Step 5, below) until you have, in fact, determined that an OpenArchitect upgrade version is available for downloading[...]

  • Page 144

    Using apt-get apt-get is a utility created by the Debia n Linux community to allow remote fetching and installation of software stored in a repository in Debian package format. It allows users to keep their software up-to-date with the latest binaries, and install new software without the need to recompile. Users may create their own repositories a[...]

  • Page 145

    Chapter 10 Connecting to the Ethernet Switch Bl ade The Ethernet Switch Blade has two compl etely separate switching subsystems within one ATCA blade supporting both Base Interface and F abric Interfaces The Ethernet Switch Blade implement s an independent control processor and software environment for both Base and Fabric Interface switching subsy[...]

  • Page 146

    console port. An RS-232 to RJ-45 adapter is required. Fabric Interface Hub System : A 48-port Gigabit Ethernet Switch that pr ovides PICMG 3.1 Option 2 (2.0 Gb/s) Ethernet service for a full 14-slot ATCA chassis. All connect ors for the fabric interface hub and it’s processor ar e labeled “fabric”. Ethernet Interfaces : The 3.1 Fabric Interfa[...]

  • Page 147

    To attach the console cable to the Ethernet Swit ch Blade switch: 1. Plug the RJ-45 end of the console cable (P/N 6900-63006, shippe d with the HP bh5700 ATCA 14-Slot Blade Server) into the RJ-45 Consol e Port (1) on the front panel. 2. Connect the DB-9 end of console cable into a s tandard Modem Eliminator Cable (normally locally available). 3. Co[...]

  • Page 148

    NOTE: The OOB port is not active by default with the factory c onfigured configuration. The first time you log into the switch either in-band or thr ough the console cable you must use the ifconfig command to make the port active. Connecting to the Fabric Interfa ce Fabric Interface Serial Port Connect ion The switch console can be accessed via one[...]

  • Page 149

    9. Reinsert the switch into the system and power up. 10. Use a terminal emulation program to access the switch console. Fabric Interface Out of Band Eth ernet Connection Connect an Ethernet cable from the Ethernet S witch Blade front panel MGMT OOB (4 in Figure 10.3) to your PC. 1. Configure a host on the 10.0.0.0 network. 2. The OpenArchitect swit[...]

  • Page 150

    Chapter 11 Diagnosing a Failed E thernet Switch Blade Activation The Ethernet Switch Blade must tra nsition through a series of states (M0–M4) to become act ive in an ATCA shelf. After the Ethernet Switc h Blade has reached the M4 state, it will becom e active and start the boot process of the Ope nArchitect Switch Management environment. If a fa[...]

  • Page 151

    FRU State HotSwap LED Status Healthy LED Status Solution M0 OFF OFF No power. Board not inserted correctly. 1. Remove and re-insert board. 2. If board does not power-up after re-insertion, try a different slot. If board continues to fai l in the new slot and the problem does not affect other boards running in the chassis, return the Ethernet Switch[...]

  • Page 152

    FRU State HotSwap LED Status Healthy LED Status Solution switch through a console cable. If OpenArchitect is running, and abnormal be havior is occurring, please see Network Configurati on Problems for information on network issues. If OpenArchitect cannot be accessed through the console port, please see Troubleshooting a Fa iled OpenArchitect Load[...]

  • Page 153

    sensor information. Examine the System E vent Log (SEL) on the ShMM and determine if critica l sensor events have been logged for the switch in quest ion. If the switch has reported critical sensor data for temperature or voltage, the ShMM ca n prevent it from booting. To determine if the criti cal sensor events persist, it may be necessa ry to alt[...]

  • Page 154

    clia board -v 7 or clia board -v 8 These commands generate an output that reports if the ShMM thinks it has granted access to ports on the switches. Check the Shelf Manager User’s Guide for the expected output. Ethernet Switch Blade User's Guide release 3.2.2j page 154[...]

  • Page 155

    Chapter 12 Troubleshooting a Failed OpenArchitect Load The OpenArchitect operating system is loaded fr om the FlashROM memory into RAM when the Ethernet Switch Blade is activated by the Shelf Manager. If there is a problem with the loading of OpenArchitect due to a hardware failure or corrupt file s ystem, the back-up image can help to troubleshoot[...]

  • Page 156

    The Ethernet Switch Blade is equipped with a Random Acce ss Memory (RAM) disk and three Read-Only Memory (ROM) devices, including, a boot ROM and two appli cation flash Ethernet Switch Blade User's Guide release 3.2.2j page 156 E t h er n et S w it ch b lade h as been e n abled by t h e S h M M a n d st a r t s t o bo o t Bo o t lo ader ex a m[...]

  • Page 157

    The boot ROM is located on device 0 and contai ns the OpenArchitect zmon application that operates as a boot loader and include s a device bootstring. Device 1 contains the application fl ash 1 image of the Linux operating system and t he OpenArchitect overlay file system. Applicati on flash 1 is the primary working image for the switch. Device 2 c[...]

  • Page 158

    properly attach the console cable. Booting Without the Overlay File If you cannot telnet into the switch and Linux fails to boot, it is likely that a change saved by zsync has left the switch in an inaccessible state. To allow users to recover from mist akes saved in the overlay file system, a boot argument of –i passed to the init process will s[...]

  • Page 159

    If the switch still is unable to boot, s ee Booting the Duplicate Flash Image , below. Booting the Duplicate Flash Image Another recovery method, if Linux fails to boot, is to temporarily boot the factory-installed duplicate image located in the second fl ash device. 1. Connect through the console port. 2. When you see the number counter appear aft[...]

  • Page 160

    Chapter 13 Network Configuration P roblems Many reported problems on a booted switch wil l ultimately be traced back to user errors in the layer 2 or layer 3 switch configuration. In some c ases, symptoms from an improperly configured switch can masquerade as potential ha rdware problems. Interface Overview On startup OpenArchitect creates inter fa[...]

  • Page 161

    Physical Slot 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Fabric Port 3 19 11 - - 3 7 15 27 Fabric 51** * Base Interface Inter-Switch Link (I SL) ** 10 Gigabit Ethernet Fabric Interfac e - Update Channel Table 13.2: Additional Interfaces Additional Interfaces Base F abric Front Panel Egress (zre) 12 20 - 21 14 22 15 23 Shelf Manager 1 (zre) 22 - Shelf M[...]

  • Page 162

    2. S30e1000 - Script that loads the e1000 driver module for the Out-of- Band Ethernet ports. (Editing this script is not recommended.) S40vpd - Script that checks the current OA version, and loads into t he Vital Product Data (VPD) area if necessary. (Editing this script is n ot recommended.) 3. S50layer2 - Script that sets up a basic Layer 2 switc[...]

  • Page 163

    Default Fabric Interface Configuration Editing the S50layer2 script can change the Ethernet Switch Blade Fabric Interface default configuration. The S50Layer2 script and included example scr ipts ( /etc/rcZ.d/examples ) can be used as templates to create custom sc ripts. The default S50layer2 script configures the switch accordingly: 1. S20stack - [...]

  • Page 164

    ifconfig Default Screen Output for the Bas e Interface Ethernet Switch Blade User's Guide release 3.2.2j page 164 Figure 13.2: Linux Networking Environ ment Interfaces [ZX7100-OA3.2.2h]# ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16144 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 fra[...]

  • Page 165

    Configuration Troubleshooti ng Problem Solution No Connection Physical Link problem. Check to see if the port LED is lit. If the LED port is not lit, then you may have a bad cable connection. OR Configuration Error. Connect through the console port (See Chapter 10). Use the ifconfig command to see all of the configured interfaces on the Ethernet Sw[...]

  • Page 166

    The following table will translate the zlc output t o link status. Link Port Status Link Speed Pause Faults OK Zre (x) EKEY_DISA BLED Auto Enable Internal Fault EKEY_ENAB LED 1000fd UP 1000hd DOWN 100fd 100hd 10fd 10hd Disable External Fault ON Link: zre(X) – physical interface Shelf Manager Status: EKEY_DISABLED - A s lot or device that has been[...]

  • Page 167

    10hd – Ethernet Half Duplex Pause: Enable: a port that can temporarily suspend the data transmission between two network devices in the event t hat one of the devices becomes congested. Pause enabled devices can reduce bottlenecks by making the network more efficient. Disabled: The pause feature is not e nabled and will continue to transmit traff[...]

  • Page 168

    NOTE: this is the zlc output for a single Etherne t Switch Blade Base Interface in the default configuration with no line cards installed in the chassis. Querying Fabric Interface ekey Status Link Status for a single port To query a link status for a single port type zre<x> query. For exam ple : zlc zre13 query Example Output: Link Status for[...]

  • Page 169

    Ethernet Switch Blade User's Guide release 3.2.2j page 169 [ZX7100-OA3.2.2h]# zlc zre0..51 query zre0: <EKEY_DISABLED, AUTO, PAUSE ENABLE, EXT_FLT ON, OK ON> zre1: <EKEY_DISABLED, AUTO, PAUSE ENABLE, EXT_FLT ON, OK ON> zre2: <EKEY_DISABLED, AUTO, PAUSE ENABLE, EXT_FLT ON, OK ON> zre3: <EKEY_DISABLED, AUTO, PAUSE ENABLE, EX[...]

  • Page 170

    Network Connectivity Troubleshooting No Connection If the port LED is lit on the front panel, the switch has established a physical connection and the problem is a network configuration error. Check t o see if both devices are configured to be on the same network (ex. 10.0.0.xxx) and that the subnet mask is set correctly. Diminished Network Through[...]

  • Page 171

    have an active remote device att ached, then first bring down the ports which do not have active connections expected to make sure there is a legitimate EXT FLT condition. If loss of communications is suspected on an e xternally wired port, make sure to check and test affected cables. Network Tests Ping Test It is possible to test a network conne c[...]

  • Page 172

    Traceroute Test It’s possible to trace a network path usi ng the traceroute command. The following is an example of a Layer 2 traceroute with only t wo devices. Ethernet Switch Blade User's Guide release 3.2.2j page 172 sh-2.04# traceroute 192.168.1.101 traceroute to 192.168.1.101 (192.168.1.101), 64 hops max, 40 byte packets 1 192.168.1.101[...]

  • Page 173

    Chapter 14 Isolating Hardware Failures 1. Fl ash 10. Switch Chip (U69) 2. EEPROM 11. Zone 3 ATCA Connector 3. PH Y 12. Isolation Transformers 4. C PU 13. 4-port PHY 5. SDRAM 14. Zone 2 ATCA Connector 6. I solation Transformer 15. Zone 1 ATCA Connector 7. I PMI Controller 16. Isolation Transformers 8. Power Supply 17. 4 port PHY 9. Switch Chip (U56)[...]

  • Page 174

    1. Isolation Transformer 2. Zone 3 ATCA Connector 3. Isolation Transformer 4. Switch Chip (U60) 5. SDRAM 6. Switch Chip (U59) 7. Isolation Transformer Ethernet Switch Blade User's Guide release 3.2.2j page 174 Figure 14.2: ZMC Daughter Card Outside View[...]

  • Page 175

    1. Isolation Transformer 8. Flash ROMs 2. 4 Port PHY 9. FPGA 3. CPU (U22) 10. ZMC Connector 4. 10 Gigabit XFP 11. Zone 3 ATCA Connector 5. 10 Gigabit PHY 12. Power Supply Ethernet Switch Blade User's Guide release 3.2.2j page 175 Figure 14.3: ZMC Daughter Board Inside View[...]

  • Page 176

    6. Isolation Transformer 13. Isolation Transformers 7. Power Supply 14. 4 Port PHY Hardware Subsystem In the following tables, refer to the ident ified component-area numbers on indicated in the pictures in the proceeding section. The indi cations of malfunction may be identified eit her during normal operation, or in response to a specific tes t. [...]

  • Page 177

    Base ZM C 0 # ZMC 1 # Hardware Subsystem Indications of Malfunction any of the following indications: • Error message via OpenArchitect due to inability to access the registers within the switch chip, or a failure of DMA transfers. • Loss of switch functionality, such as the inability to forward packets, or forwarding packets in error. 8 12 Pow[...]

  • Page 178

    Duplicate Flash Image . If the switch can succ essfully boot from FlashROM device 2, then FlashROM device 2 is fully operational. Testing the Switch Fabric You can test the functionality of the swit ch fabric by running the zlc command. The zlc command outputs the link status for any Ethe rnet Switch Blade interface. Link Status for a single port T[...]

  • Page 179

    Example Output: NOTE: This is the zlc output for a single Ethern et Switch Blade Base Interface in the default configuration with no line cards installed in the chassis. Testing the onboard RAM You can test the onboard memory by running the free c ommand. The free command will output the current memory usage. h-2.04# Total Used Free Shared Buffers [...]

  • Page 180

    If the “Used” and “Free” memory statis tics do not add up to the Total memory, the software environment may have a memory leak caus ed by a software error. Reboot the switch. If the problem persists after a reboot. R un the top command to list the memory utiliz ation of all current processes. sh-2.04# top The top command can help you isolat[...]

  • Page 181

    To test the operational status of t he control processors you can do the following: Hardware Fault Connect to the console port of either the Bas e or Fabric Interface control processor (See Chapter 10 for more information). If you cannot communicate with the Ether net Switch Blade, the control processor may have encountered a software error. Reboot[...]

  • Page 182

    INT FLT LED is illuminated, replace the switch and return it for repair. Ethernet Switch Blade User's Guide release 3.2.2j page 182[...]

  • Page 183

    Chapter 15 High Availability Trou bleshooting The ATCA environment will usually contain a high-a vailability failover configuration betwee n two ATCA switches in the chassis. Note tha t the failover features are configurable and a switch can be directed to fail over all of it s processing when a single port or link goes down, or it can perform a po[...]

  • Page 184

    Chapter 16 Switch Firmware Overview There are three components to the fir mware on the Ethernet Switch Blade: 1. Bootloader firmware ( zmon ) 2. OpenArchitect firmware 3. IPMI firmware Some hardware and software problems can be res olved by updating the firmware to the latest version. Check the Hewlett-Packard websit e for the latest version (see t[...]

  • Page 185

    Key: PN: Base Interface Switch Assembly Number SN: Base Interface Switch Serial Numbe r V6: OpenArchitect Version Number VP: IPMI Firmware Version VZ: BootLoader Version Number The following output is shown for the 3.1 Fabric Inter face: 3.1 Fabric Interface Key: PN: Base Interface Switch Assembly Number SN: Base Interface Switch Serial Numbe r V6:[...]

  • Page 186

    Updating the Switch Firmware Currently, the OpenArchitect and bootloader components are the only upgradeable firmware on the Ethernet Switch Blade. Upgrading t he IPMI software is not currently supported. BootLoader Firmware Upgrade: 1. Download the bootloader image to a local system. 2. FTP the bootloader image from the local system to your switch[...]

  • Page 187

    Surviving Partner daemons to think there is a failure , resulting in link oscillation. Base Interface: zflash -d 1 rdr6000.zImage.initrd Fabric Interface: zflash –d 1 rdr7100.zImage.initrd IPMC Firmware Upgrade: Upgrading the IPMC Firmware through OpenArchitec t is not currently supported. Ethernet Switch Blade User's Guide release 3.2.2j pa[...]

  • Page 188

    Chapter 17 Restoring the Factory Default Configuration You should use this procedure if the contents i n Flash Device 1 are corrupt and you need to restore the switch to the factory defaul t configuration. By restoring the factory default configuration, you will overwrite your main f ile system in Flash Device 1 and lose all previous configuration [...]

  • Page 189

    Chapter 18 Before Calling Suppo rt Because of the highly customized confi gurations that can be applied by customers to their ATCA switch environment, the focus must be on dat a collection to get a snapshot of the current switc h configuration and network traffic activi ty. If support is needed, it is necessary to gather the following information f[...]

  • Page 190

    Figure 18.1: ROM Devices in OpenAr chitect The boot ROM is located on device 0 and contai ns the OpenArchitect zmon application that operates as a boot loader and includes a device bootstring. Device1 contains the applicati on flash1 image of the Linux operating system and the OpenArchitect overlay file system. Application flash1 is the primary wor[...]

  • Page 191

    Appendix A Fabric Swit ch Command Man Pages OpenArchitect applications are im plemented above the OpenArchitect libraries and the R MAPI interface. OpenArchitect applicati ons are used for normal operation of the switch, for runtime status and diagnostics, and for prototyping new a pplications development. For runtime operation, the OpenArchitect a[...]

  • Page 192

    vrrpconfig NAME vrrpconfig – Configure and control the running vrrpd SYNOPSIS vrrpconfig [-d <level>] -- <vrrpd parameters> vrrpconfig [-d <level>] [-k] [-a] [-p] [-s <vid>] DESCRIPTION vrrpconfig provides communication with a running vrrpd daemon. T he -- option for vrrpconfig will pass all parameters to vrrpd a s would b[...]

  • Page 193

    EXAMPLES Here is an example of using the -- invocat ion method that changes the priority to 99 for the Virtual Router associated with the Virtual Router Identifier 1: vrrpconfig -- -v 1 –p 99 SEE ALSO vrrpd Ethernet Switch Blade User's Guide release 3.2.2j page 193[...]

  • Page 194

    vrrpd NAME vrrpd – Virtual Router Redundancy Protocol Daemon SYNOPSIS vrrpd -i ifname -v vrid [-f piddir] [-s] [-a auth] [-p prio] [-nhb] [-I ifname] [-d delay] [-m address] [-M ] [-B] [-S script] [-c conf_file] [-D level] ipaddr DESCRIPTION vrrpd is an implementation of Virtual Re dundant Routing Protocol (VRRPv2) as specified in RFC2338. It run[...]

  • Page 195

    the –i option. -s Toggle preemption mode (Enabled by default). Preemption means that a Master switch will go to Backup if a current Backup has higher priority. -M Become MASTER when priority is equal. Be sure it is only set on one host or the switches will oscillate. Must set –B option on other hosts (requires preemption mode ! -s) -B Become BA[...]

  • Page 196

    The result of which to use the native MAC address of the interface. Using the –n option is not recommended. -D <level> Set debugging output to the supplied level <ipaddr> the ip address(es) of the virtual server SEE ALSO vrrpconfig Ethernet Switch Blade User's Guide release 3.2.2j page 196[...]

  • Page 197

    zbootcfg NAME zbootcfg − Modifies the boot parameters of t he OpenArchitect switch. SYNOPSIS zbootcfg -a | -d <device number> [<boot_string>] DESCRIPTION zbootcfg is used to display or modify the boot parame ters on the switch. The boot parameters are utilized by the minof boot loader a pplication to indicate on which device to find a[...]

  • Page 198

    application flash. Typically this is required before updating application flash 1. B y booting the alternative image, if a fail ure occurs during the programming of application flash 1, rec overy is easier. zbootcfg -d 2 The next example passes the -i option t o the booting kernel. This is useful when recovering from a mistake saved to the read-wri[...]

  • Page 199

    zconfig NAME zconfig - Configures the OpenArchitect switch. SYNOPSIS zconfig [-h <host_name>] [-d <level>] [-a] [-t] [{-f <file>} | <configuration>] DESCRIPTION zconfig creates Virtual Local Area Network (VLAN) groups of switch port s or trunks. Each VLAN group forms a Layer 2 switching domain. Each V LAN group has a VLAN Id[...]

  • Page 200

    input. If the -f flag is not used, a single line of configuration data can be entered as parameters to zconfig . CONFIGURATION SYNTAX zconfig takes configuration data from standar d input or from a file with the -f option. In either case, the configuration syntax is the same. The zconfig configuration data consists of a list of semicolon-delimited [...]

  • Page 201

    ports. teardown Removes the trunk interface, making the ports which were part of the trunk available for configuration in other trunks or VLANs. all mac [ source_address | destination_address ] ip [ source_address | destination_address ] port [ source_port | destination_port ] Further specifies the rules for selecting which port in the trunk a pack[...]

  • Page 202

    The syntax for a network interface state ment is the interface name followed by a colon and a n action. Network interface state ments are used to create or tear down a VLAN group and can consist of one or a list of network interfac e names; followed by a colon and then an action. For example: zhp0: <Network Interface Action>; Network interfac[...]

  • Page 203

    named zhp1 . This VLAN includes four switc h ports, zre1 , zre10 , zre11 , zre13 . zhp0: vlan100 = zre1,zre10,zre11,zre13; The next statement adds two switch port s, zre1 , zre2 and zre3 , to an existing network interface and VLAN. zhp0: vlan100 = zre1..3; The next statement deletes two sw itch ports, zre1 and zre2 , to an existing network interfac[...]

  • Page 204

    zre1=untag1; If port 0 is also a member of VLAN 100, packets f or VLAN 100 are sent from this port with a VLAN tag as part of their header. In the next example, the switch ports 10, 11, and tr unk 2 are configured as untagged members of VLAN 100. zre10,zre11,zrl2=untag100; This statement is equivalent to the following three lines: zre10=untag100; z[...]

  • Page 205

    The following statement creates 14 VLAN groups with VID numbers 1-14. Each VLAN contains the same switch port, port 1, represente d as zre1 . zhp0 ..13: vlan1..14 = zre1; The plus (+) wildcard can be used with the las t port listed to auto-increment that port number before each VLAN group is created. The followi ng network interface statement creat[...]

  • Page 206

    The previous configuration can be used for creat ing a 14 port Layer 2 switch, all 14 ports assigned to the same VLAN. SEE ALSO zl3d Ethernet Switch Blade User's Guide release 3.2.2j page 206[...]

  • Page 207

    zcos NAME zcos - class of service queue control SYNOPSIS zcos [-h <hostname>] [-d <level>] [ -u <default priority> ] [ -m q0,q1,q2,q3,q4,q5,q6,q7 ] [-n <queue length list in packets for each queue> | -b <Reserved space in bytes for each queue> | -s <limit on dynamic pool usage, in bytes>, <reset %>] [ -k PR[...]

  • Page 208

    Each cos queue is limited in the number of packets it can hold waiting scheduling; the mem ory used by each queue is managed to provide a guarant eed space with additional space shared among all queues for a port. OPTIONS Most options are optionally followed by a <port list> , which may inc lude zre port ranges, like zre0..5 , individual port[...]

  • Page 209

    Packets are first counted against the re served space for a queue. When that space is occupied, additional memory is used from the dynamic me mory pool until the dynamic pool usage limit f or the port is reached. Any additional packets received for the queue on this port are dropped. Metering and Scheduling -r <list of bandwidth guarantees in Kb[...]

  • Page 210

    -q all | qmap | qinfo | scheduler [<port list>] Queries the current COS/QOS Settings. all - Displays all of the queue mappings, queue limi ts, metering and scheduling settings qmap - Displays the priority to COS queue mappings . qinfo - Displays queue limits for the COS queues . scheduler - Displays the traffic metering and s haping settings [...]

  • Page 211

    zdog NAME zdog - Configure and send heartbeats to watch dog enabl ed drivers. SYNOPSIS zdog [-d <level>] -h | -i <interval> | -n <heartbeats> zdog [-d <level>] -b zdog [-d <level>] -a DESCRIPTION zdog is used to configure the Ethernet Switch Bla de watchdog timer functions and to send heartbeats to the Ethernet Switc h[...]

  • Page 212

    component of zdog insures that the CPU is functioni ng well enough to execute something. The software component of zdog when launched from monit insures that monit is running to perform higher level tasks. And finally monit can be used to monitor any or all critical system resources and processes in the system. OPTIONS -d set debug level to <lev[...]

  • Page 213

    zfilterd NAME zfilterd - A daemon to use the filter hardware of the OpenArchitect switch for filtering based on iptables(8) rules. SYNOPSIS zfilterd [-d <level>] [-p <port>] [-f] [-l] [-i <pid>] [-o <pid>] DESCRIPTION zfilterd is a daemon that intercepts filte ring rules entered by the user, using iptables(8) , checks them f[...]

  • Page 214

    zflash NAME zflash − Loads images into the flash ROMs on the OpenArc hitect switch. SYNOPSIS zflash -d <dev> [-o|-O <offset>] <image_file> <upgradeipmi.img> DESCRIPTION zflash enables you to program the flash ROMs on the switch. The switc h contains 3 flash ROM devices: the boot ROM flash, applicat ion flash 1 and applicat[...]

  • Page 215

    Exercise caution when using this command, a s an error can render your switch inoperable. Do not interrupt this process until complete. SEE ALSO zbootcfg Ethernet Switch Blade User's Guide release 3.2.2j page 215[...]

  • Page 216

    zl2, zl2mc, zl3host, zl3net, zvlan NAME zl2, zl2mc, zl3host, zl3mc, zl3net, zvlan – Formatted display of OpenArchitect generic tables. zl2 displays the abstraction API’s layer 2 ta ble. zl2mc displays the abstraction API’s layer 2 multi cast table. zl3host displays the abstraction API’s layer 3 host route table. zl3mc displays the abstracti[...]

  • Page 217

    display on the user console. The format of the output is table-dependent. Port mapping affects the ports referenced in the generic table s. (Ports listed in order from 1 to 15) Headers describing the column being displayed ar e printed after every 22 lines of output, which makes it easy to pipe through more(1). The abst raction layer tables grow an[...]

  • Page 218

    The following command deletes the above ent ry: zl2 -c -m 00:c0:95:45:00:00 The following command displays all ent ries of the zl2 table: zl2 Be careful, the -c option does not ask. The fol lowing command deletes all entries in the zl2 table: zl2 -c SEE ALSO zal Ethernet Switch Blade User's Guide release 3.2.2j page 218[...]

  • Page 219

    zgvrpd NAME zgvrpd - GARP VLAN Registration Protocol (GVRP) daemon fo r the OpenArchitect switch. SYNOPSIS zgvrpd [-d <level>] [-f] [-h <hostname>] [-p <ppa>] [-t <target>] DESCRIPTION zgvrpd is run after the network interfaces are created and initialized with zconfig , and started with ifconfig(1M) . zgvrpd starts a backgro[...]

  • Page 220

    OPTIONS -d <level> Sets the level of debugging output required by zgvrpd. The default level is zero (0). Setting the debug level higher produces more output. Five (5) is currently the maximum output level. -f Run zgvrpd in foreground. Default is to run it in background. -h <hostname> Connect to remote host <hostname>. -p <ppa&g[...]

  • Page 221

    zl2d NAME zl2d - Layer 2 daemon for the OpenArchitect switch. SYNOPSIS zl2d [start | stop] [-t <msecs>] [-d <level>] [-f] [-p <priority>] <iface..> DESCRIPTION zl2d is run after the network interfaces are created and initialized with zconfig . zl2d creates a Linux bridge for each interf ace using brctl(8) . The bridge name i[...]

  • Page 222

    OPERATIONS zl2d manages the Spanning Tree state fi elds in the switch of each port within the bridge(s). Based on a timer, zl2d reads the port inform ation for each Linux bridge and updates the switch when necessary. EXAMPLES In the following example, zl2d creates a Linux bridge named b zhp0 which includes all of the zre<n> devices previously[...]

  • Page 223

    zl3d NAME zl3d - Layer 3 daemon for the OpenArchitect switch. SYNOPSIS zl3d [-h <host_name>] [-t <msecs>] [-b] [-e] [-l] [-n] [-d <level>] <iface ..> DESCRIPTION zl3d is run after the network interfaces are created and initialized with zconfig , and started with ifconfig(1M).zl3d listens for Netlink messages from the ke rnel[...]

  • Page 224

    produces more output. Four (4) is currently the maximum output level. <iface…> The network interfaces on which zl3d should operate. These network interfaces must first be created by zconfig. zl3d does not operate with standard network interface cards. It only works on switch network interfaces created by zconfig. It uses the same syntax as [...]

  • Page 225

    zlc NAME zlc − link and LED control SYNOPSIS zlc [-h <hostname>][-d <level>][-x] <port_list> <action> [on | off ] zlc [-h <hostname>][-d <level>][-x] <action> [on | off |clear] zlc [-h <hostname>][-d <level>][-x] [state|query] DESCRIPTION The zlc application sets the link speed and s tate of i[...]

  • Page 226

    EXAMPLES In the following example, zlc forces the line speed of port 1 t o 100 Full duplex. The interface must be down to change the speed. Assuming zre1 i s part of interface zhp0 , ifconfig zhp0 down zlc zre1 100fd The external fault, internal fault , and ok LEDs can be set on a per port basis or globally . To set the external fault LED for a par[...]

  • Page 227

    SEE ALSO ifconfig(8) Ethernet Switch Blade User's Guide release 3.2.2j page 227[...]

  • Page 228

    zlmd NAME zlmd − monitor link changes or hot swap events. SYNOPSIS zlmd [-h <hostname>] [-b] [-d <level>] {-f <file>} | <configuration> DESCRIPTION The zlmd application is intended to run as a daem on, waiting for a configured event to occur and then running the program configured for that event. The e vents monitored are [...]

  • Page 229

    <port-list> A list of ports in the same forms supported by zconfig, e.g. zre1,zre2 or zre10..14 <program> Path to an executable program or script to be run when the event occurs. Note: An absolute path to <program> is required. The program will be called with the following parameters: For Link Changes: <program> <ppa> [...]

  • Page 230

    zlogrotate NAME zlogrotate − Rotates log files. SYNOPSIS zlogrotate [-b] [-t time] [-s segment size] [-n # of files] [-f file to rotate] DESCRIPTION zlogrotate rotates the selected file every [t ime] seconds if the file is larger than [se gment size]. It will keep only the number of fi les selected. zlogrotate is called from /etc/init.d/rcS by de[...]

  • Page 231

    zmirror NAME zmirror - Set packet mirroring on an ingress or egress port. SYNOPSIS zmirror -a | -t zmirror [-e] <from_list> <to_port> DESCRIPTION zmirror sets packet mirroring from a given set of ports to a given port . Turning on packet mirroring causes a copy of the packet to be se nt to the to port. Any number of from ports can be mi[...]

  • Page 232

    zmirror is cumulative: zmirror zre1, zre2, zre3 cpu Is the same as: zmirror zre1 cpu zmirror zre2 cpu zmirror zre3 cpu Setting a different to port will ove rwrite the previous setting and direct previously mi rrored ports to a new to port. Given the last setup the fol lowing will change port 1 traffic to be forwarded to port 10. zmirror zre1 zre10 [...]

  • Page 233

    zmnt NAME zmnt − Expands the read/write files onto the RAM dis k. SYNOPSIS zmnt [-c] <directory> zmnt [-c] -t <file> zmnt [-c] –l DESCRIPTION zmnt expands files from flash onto the RAM disk that have been previ ously saved with zsync . The init process runs zmnt to expand the files in fla sh onto RAM file system. The user may use zm[...]

  • Page 234

    In the following example, zmnt the current overla y into a tar file called overlay.tar zmnt –t overlay.tar The resulting tar file can now be saved on a dif ferent host as a snapshot of the overlay at that point in time. Use zsync to restore the ove rlay on the switch: zsync –t overlay.tar The restored overlay will be used upon the ne xt reboot.[...]

  • Page 235

    zpeer NAME zpeer – Application for High Availability comm unication between the Fabric and Data switches. SYNOPSIS zpeer [-d <level>] local|peer <command> <value>|query zpeer [-d <level>][-a][-r] DESCRIPTION zpeer is used to pass bidirectional High Availabi lity(HA) state and priority information between the base and fabri[...]

  • Page 236

    displayed by query, but must be set at initial ization. After setting the healthy state, the query will retur n the backup state. backup Used to reflect the backup state of vrrpd master Used to reflect the master st ate of vrrpd The priority value is a value betwee n 0 and 255. In the HA suite, the value is set to 254 minus the number of ports that[...]

  • Page 237

    be also reset. SEE ALSO zspconfig Ethernet Switch Blade User's Guide release 3.2.2j page 237[...]

  • Page 238

    zqosd NAME zqosd – monitors tc(8) commands to implement classification filters and queuing disci plines in hardware. SYNOPSIS zqosd [-d <level>] [-p <port>] [-f] [-l] [-i <pid>] [-o <pid>] DESCRIPTION zqosd monitors commands entered by tc which set up queuing disciplines and c lassification filters for managing traffic in [...]

  • Page 239

    SEE ALSO ztmd, tc(8), zfilterd Ethernet Switch Blade User's Guide release 3.2.2j page 239[...]

  • Page 240

    zrc NAME zrc - Packet rate control SYNOPSIS zrc -b | -m | -d | -t | -a [-p <port>] [-v <vlan>] [-g <group>] [-M <mac_addr>] [-T <timeout>] [-D <level>] <rate> DESCRIPTION zrc sets rate control on Broadcast, Multicast and/or Destination Lookup Failure (DLF) packets. The rate is measured in the number of pac [...]

  • Page 241

    zreg NAME zreg - Read and write registers and tables on the OpenArchite ct switch switching hardware. SYNOPSIS zreg [-p <ppa>] [-w] [-i <index>] [-t <index>] [-k] [-h <hostname>] [-d <level>] [-r 10] <reg> DESCRIPTION zreg allows a user to read and write direct and indi rect registers and tables on the resident s[...]

  • Page 242

    default zreg configures the OpenArchitect switch that is locally connected (i.e., the one that is on the local PCI bus). -r 10 Sets numeric radix for registers to 10. Default is 16. -d <level> Set the level of debugging output produced by zreg. The default level is 1. Setting the debug level higher produces more output. The maximum level of o[...]

  • Page 243

    zrld NAME zrld – ZNYX redirector daemon SYNOPSIS zrld [-d <level>] [-p <port>] [-f] DESCRIPTION zrld is used for remote management of OA/HA appl ications. OA/HA applications capable of remote management include zlc , ztats , zlmd . zrld only allows requests from hosts listed in /etc/rcZ.d/zrld_trusted_hosts . OPTIONS -d <level> [...]

  • Page 244

    zsnoopd NAME zsnoopd - IGMP Snooping daemon for the OpenArchitect switch . SYNOPSIS zsnoopd [-d <level>] [-f] [-h <hostname>] [-p <ppa>] [-r <sec>] [-t <sec>] [-u <sec>] [-v <vlan_id>] DESCRIPTION zsnoopd is run after the network interfaces are created and initialized with zconfig , and started with ifconfi[...]

  • Page 245

    -f Run zsnoopd in foreground. Default is to run it in background. -h <hostname> Connect to remote host <hostname>. -p <ppa> Start zsnoopd on switch <ppa>. Default is 0. -r <sec> Time to wait, in seconds, before removing a port with no router multicast traffic. Default is 260 seconds. -t <sec> Time to wait, in sec[...]

  • Page 246

    zspconfig NAME zspconfig - configure and start surviving partner SYNOPSIS zspconfig [-d <level>] [-p <directory_path>] [-u <dhcp_interface>] [-c <dhclient.conf>] [-t <timeout>] [-s] [-v] -f <file> DESCRIPTION zspconfig is used to configure and start the Surviving Partner software. With the -f option a configurati[...]

  • Page 247

    -t <timeout> Time to wait in seconds before giving up on finding a Surviving Partner to retrieve configuration information from. Only valid with the –u option. -s Do not ask for confirmation. Run from a script. -v Prints the current version of zspconfig. -f <file> The provided <file> is used as input to configure the Surviving P[...]

  • Page 248

    A sibling_addresses statement is required for each VLAN created with t he zconfig commands. The two addresses in the list indic ate there are two switches in the Surviving Partner group. The first address 10.0.0.30 and 11.0.0.30 are assigned to the swit ch on which the configuration is being run. The remaining addresses are distri buted to the swit[...]

  • Page 249

    monitor_only - Ports that are monitored but do not have a virtual address managed on them. They will not have their links brought down tempor arily during a failover scenario. These ports are only monitored. If a problem occ urs on this type of link it will cause a failover scenario. configure_only - Ports are configured as pe r the zconfig command[...]

  • Page 250

    interconnect, it is not a bonding driver ena bled port, and therefore should be setup as an interconnect port type. To accompl ish this, the zre ports are listed to avoid conflicting port types. Note that a single line cannot contai n both zhp and zre definitions. Therefore rain link: zhp1, zre1..4 does not work and the definition zre1..8 is equiva[...]

  • Page 251

    Additional startup scripts may be included in the configuration using the start_script command. The files in the start_script com mand will be placed in a location for tftp transfer to sibling switches that initialize us ing the –u option. A common use of the start_script comm and might be to propagate gated configurations to all m embers of the [...]

  • Page 252

    distinguish potentially more than one backup switch. This configuration file is placed in /tftpboot, and is retrieved via DHCP by a replacement switch on boot up. /etc/rcZ.d/surviving_partner/dhcpd.conf Configuration script used by dhcpd when the switch becomes master. dhcpd is used to serve replacement switches their configuration scripts. Namely [...]

  • Page 253

    zstack NAME zstack - Configures the OpenArchitect switch st acking. SYNOPSIS zstack [-h <host_name>] [-d <level>] [-a] [-t] [{-f <file>} | <configuration>] DESCRIPTION zstack combines multiple switch fabric chips into a s ingle virtual switch. zstack must be run before any other switch configuration. Speci fically it must be[...]

  • Page 254

    semicolon-delimited statem ents. Each statement specifies an action to ta ke on a stack. A stack is a group of ports on a single switch fabric chip. Ac tions include stack creation, stack port association, stack configuration and sta ck control. Comments, spaces and new lines are i gnored. Comments begin with the # character and include characters [...]

  • Page 255

    an equal number of ports in each list. Wild car ds may be used in the zre_lists . See below. Stack port association syntax for a Ether net Switch Blade: stack0: zre0..11 = zre0..11; stack1: zre12..23 = zre0..11; The first statement above configure s the first switch silicon chip, represented by stack0, to ha ve no translation between its physical p[...]

  • Page 256

    are supported. enable; The enable statement turns on stac king that has been previously configured. This statement cannot be made until configuration is compl ete. disable; The disable statement turns off stacki ng. Before disabling stacking, all Ethernet Switc h Blade daemons must be stopped, and the VLAN configurations must be torn down using zco[...]

  • Page 257

    zre lists . Example of stack0..3 representing stacks 0, 1, 2 and 3. SEE ALSO zconfig Ethernet Switch Blade User's Guide release 3.2.2j page 257[...]

  • Page 258

    ztats NAME ztats − Display statistics and information about switch SYNOPSIS ztats [-d <level>] [-i <unit>] | [-m <port>] | [-v <vlan id>] | [-t <tgid>] | [-v] DESCRIPTION ztats displays MIB counters for a selected physic al port, trunk group or VLAN. It can also display information about the configurat ion of the swi[...]

  • Page 259

    zsync NAME zsync − Saves changes to the flash. SYNOPSIS zsync [-c][-f][<dir_or_file>] zsync [-c][-f][-t <file>] zsync [-c][-f][-z] zsync [-c][-l] DESCRIPTION zsync is used to save a snapshot of the current file system to flash ROM. By default, zsync creates a compressed tar image of the files that have changed and saves the image in t[...]

  • Page 260

    -t <file> Read files to be saved from a tar file. -z Zero the overlay area. -f Do not confirm with user and do not warn if saving failed. Exit code can be examined to determine success or failure. <dir_or_file> Save only the named file, or save the named directory to the overlay. Contents of directories must be created with zmnt . -l Li[...]

  • Page 261

    ztmd NAME ztmd – traffic management daemon which accept s messages from traffic filtering and quality of service applications and se ts up hardware. SYNOPSIS ztmd [-d <level>] [-p <port>] [-f] [-i <pid>] [-o <pid>] [-a <addr>] [-l] DESCRIPTION ztmd listens for messages on a multicast port. These messages describe pac[...]

  • Page 262

    SEE ALSO zqosd, iptables(8), tc(8), zfilterd Ethernet Switch Blade User's Guide release 3.2.2j page 262[...]

  • Page 263

    brctl(8) NAME brctl - Bridge and Spanning Tree Protocol administration. SYNOPSIS brctl [options] DESCRIPTION brctl is used to set up, maintain, and display the bridge configuration in the Linux kernel. brctl is a standard command included wit h Linux bridge support which includes Rapid Spanning Tree Protocol (RSTP) support. A bridge is a device com[...]

  • Page 264

    bridge will not send or receive BPDUs, and will thus not participate in the Spanning Tree Protocol. If your bridge isn't the only bridge on the LAN, or if there are loops in the LAN's topology, DO NOT turn this option off. Turning this option off may impair network traffic, so be careful. setbridgeprio <bridge> <priority> sets[...]

  • Page 265

    SEE ALSO zconfig , zl2d Ethernet Switch Blade User's Guide release 3.2.2j page 265[...]

  • Page 266

    Appendix B Base Switch Com mand Man Pages OpenArchitect applications are im plemented above the OpenArchitect libraries and the R MAPI interface. OpenArchitect applicati ons are used for normal operation of the switch, for runtime status and diagnostics, and for prototyping new a pplications development. For runtime operation, the OpenArchitect a p[...]

  • Page 267

    vrrpconfig NAME vrrpconfig – Configure and control the running vrrpd SYNOPSIS vrrpconfig [-d <level>] -- <vrrpd parameters> vrrpconfig [-d <level>] [-k] [-a] [-p] [-s <vid>] DESCRIPTION vrrpconfig provides communication with a running vrrpd daemon. T he -- option for vrrpconfig will pass all parameters to vrrpd a s would b[...]

  • Page 268

    EXAMPLES Here is an example of using the -- invocat ion method that changes the priority to 99 for the Virtual Router associated with the Virtual Router Identifier 1: vrrpconfig -- -v 1 –p 99 SEE ALSO vrrpd Ethernet Switch Blade User's Guide release 3.2.2j page 268[...]

  • Page 269

    vrrpd NAME vrrpd – Virtual Router Redundancy Protocol Daemon SYNOPSIS vrrpd -i ifname -v vrid [-f piddir] [-s] [-a auth] [-p prio] [-nhb] [-I ifname] [-d delay] [-m address] [-M ] [-B] [-S script] [-c conf_file] [-D level] ipaddr DESCRIPTION vrrpd is an implementation of Virtual Re dundant Routing Protocol (VRRPv2) as specified in RFC2338. It run[...]

  • Page 270

    other words there is a unique vrid to ifname associated with the –i option. -s Toggle preemption mode (Enabled by default). Preemption means that a Master switch will go to Backup if a current Backup has higher priority. -M Become MASTER when priority is equal. Be sure it is only set on one host or the switches will oscillate. Must set –B optio[...]

  • Page 271

    spaces. The –n option overrides the change made with –m. The result of which to use the native MAC address of the interface. Using the –n option is not recommended. -D <level> Set debugging output to the supplied level <ipaddr> the ip address(es) of the virtual server SEE ALSO vrrpconfig Ethernet Switch Blade User's Guide rel[...]

  • Page 272

    zbootcfg NAME zbootcfg − Modifies the boot parameters of t he OpenArchitect switch. SYNOPSIS zbootcfg -a | -d <device number> [<boot_string>] DESCRIPTION zbootcfg is used to display or modify the boot parame ters on the switch. The boot parameters are utilized by the minof boot loader a pplication to indicate on which device to find a[...]

  • Page 273

    application flash. Typically this is required before updating application flash 1. B y booting the alternative image, if a fail ure occurs during the programming of application flash 1, rec overy is easier. zbootcfg -d 2 The next example passes the -i option to the booti ng kernel. This is useful when recovering from a mistake saved to the read-wri[...]

  • Page 274

    zconfig NAME zconfig - Configures the OpenArchitect switch. SYNOPSIS zconfig [-h <host_name>] [-d <level>] [-a] [-t] [{-f <file>} | <configuration>] DESCRIPTION zconfig creates VLAN groups of switch ports or trunks. Each V LAN group forms a Layer 2 switching domain. Each VLAN group has a VLAN Identificat ion number (VID) tha[...]

  • Page 275

    entered as parameters to zconfig . CONFIGURATION SYNTAX zconfig takes configuration data from standar d input or from a file with the -f option. In either case, the configuration syntax is the same. The zconfig configuration data consists of a list of semicolon-delimited sta tements. Each statement specifies an action to take globally or on an inte[...]

  • Page 276

    A port member is identified with the zre<X> format, where x represents a port number between 0 and 23 for the in-band ports. The Out-of-Band ports cannot be included in the List of ports. teardown Removes the trunk interface, making the ports which were part of the trunk available for configuration in other trunks or VLANs. all mac [ source_a[...]

  • Page 277

    Network Interface Statements The syntax for a network interface state ment is the interface name followed by a colon and a n action. Network interface state ments are used to create or tear down a VLAN group and can consist of one or a list of network interfac e names; followed by a colon and then an action. For example: zhp0: <Network Interface[...]

  • Page 278

    The next statement creates a VLAN group with the VID number 100 and the network interface named zhp1 . This VLAN includes four switch ports, zre1, zre10, zre11, zre13. zhp0: vlan100 = zre1,zre10,zre11,zre13; The next statement adds two switch port s, zre1, zre2 and zre3, to an existing network interfac e and VLAN. zhp0: vlan100 = zre1..3; The next [...]

  • Page 279

    tag are given the VLAN tag with the VID number 1, ent er: zre1=untag1; If port 0 is also a member of VLAN 100, packets f or VLAN 100 are sent from this port with a VLAN tag as part of their header. In the next example, the switch ports 10, 11, and tr unk 2 are configured as untagged members of VLAN 100. zre10,zre11,zrl2=untag100; This statement is [...]

  • Page 280

    network interface, and all ports lis ted after the equal sign are included in each group. The following statement creates 14 VLAN groups with VID numbers 1-14. Each VLAN contains the same switch port, port 1, represente d as zre1 . zhp0 ..13: vlan1..14 = zre1; The plus (+) wildcard can be used with the las t port listed to auto-increment that port [...]

  • Page 281

    The previous configuration can be used for creat ing a 14 port Layer 2 switch, all 14 ports assigned to the same VLAN. SEE ALSO zl3d Ethernet Switch Blade User's Guide release 3.2.2j page 281[...]

  • Page 282

    zcos NAME zcos - class of service queue control SYNOPSIS zcos [-h <hostname>] [-d <level>] [ -u <default priority> ] [ -m q0,q1,q2,q3,q4,q5,q6,q7 ] [-n <queue length list in packets for each queue> | -b <Reserved space in bytes for each queue> | -s <limit on dynamic pool usage, in bytes>, <reset %>] [ -k PR[...]

  • Page 283

    Each cos queue is limited in the numbe r of packets it can hold waiting scheduling; the memory used by each queue is managed to provide a guarant eed space with additional space shared among all queues for a port. OPTIONS Most options are optionally followed by a <port list>, which may include zre port ranges, like zre0..5 , individual ports,[...]

  • Page 284

    Packets are first counted against the re served space for a queue. When that space is occupied, additional memory is used from the dynamic me mory pool until the dynamic pool usage limit f or the port is reached. Any additional packets received for the queue on this port are dropped. Metering and Scheduling -r <list of bandwidth guarantees in Kb[...]

  • Page 285

    -q all | qmap | qinfo | scheduler [<port list>] Queries the current COS/QOS Settings. all - Displays all of the queue mappings, queue limi ts, metering and scheduling settings qmap - Displays the priority to COS queue mappings . qinfo - Displays queue limits for the COS queues . scheduler - Displays the traffic metering and s haping settings [...]

  • Page 286

    zdog NAME zdog - Configure and send heartbeats to watchdog e nabled drivers. SYNOPSIS zdog [-d <level>] -h | -i <interval> | -n <heartbeats> zdog [-d <level>] -b zdog [-d <level>] -a DESCRIPTION zdog is used to configure the base switch wat chdog timer functions and to send heartbeats to the base switch watchdog driver[...]

  • Page 287

    software component of zdog when launched from monit insures that monit is running to perform higher level tasks. And finally monit can be used to monitor any or all critical system resources and processes in the system. OPTIONS -d set debug level to <level> -h Toggle use of the hardware watchdog timer. Off by default. -i Time interval in mill[...]

  • Page 288

    zffpcounter NAME zffpcounter —Query or clear one or more Fast Filter Processor (FFP) counters. SYNOPSIS zffpcounter -P <zre_port> [-p <ppa>] [-i <index>] [-h <hostname>] [-c] [-d <level>] DESCRIPTION The switch enforces filtering rules through the FFP. Each filtering rule may specify an FFP counter, to be incremented[...]

  • Page 289

    EXAMPLES The first example queries all FFP counte r values. zffpcounter The output displays the initial stat e of the counters. Note that the counters are not initia lized on startup, Counter 0: 59602801 Counter 1: 83360091 Counter 2: 83361262 . . . Counter 29: 83074779 Counter 30: 81723249 Counter 31: 71007391 The next example clears all FFP count[...]

  • Page 290

    Counter 30: 0 Counter 31: 0 iptables(8) is used to setup a rule, and associate that rule with a counter. For instance, add a rule to accept all packets from 10.0.0.11 a nd associate that rule with FFP Counter 1. iptables –A FORWARD –s 10.0.0.11 –j ZACTION -–accept –-counter 1 Start zfilterd to move the rule entere d with iptables(8) down [...]

  • Page 291

    Counter 19: 0 Counter 20: 0 Counter 21: 0 SEE ALSO zirule, iptables(8) Ethernet Switch Blade User's Guide release 3.2.2j page 291[...]

  • Page 292

    zfilterd NAME zfilterd - A daemon to use the filter hardware of the OpenArchitect switch for filtering based on iptables(8) rules. SYNOPSIS zfilterd [-d <level>] [-p <port>] [-f] [-l] [-i <pid>] [-o <pid>] DESCRIPTION zfilterd is a daemon that intercepts filte ring rules entered by the user, using iptables(8) , checks them f[...]

  • Page 293

    zflash NAME zflash − Loads images into the flash ROMs on the OpenArc hitect switch. SYNOPSIS zflash -d <dev> [-o|-O <offset>] <image_file> <upgradeipmi.img> DESCRIPTION zflash enables you to program the flash ROMs on the switch. The switc h contains 3 flash ROM devices: the boot ROM flash, applicat ion flash 1 and applicat[...]

  • Page 294

    Exercise caution when using this command, a s an error can render your switch inoperable. Do not interrupt this process until complete. SEE ALSO zbootcfg Ethernet Switch Blade User's Guide release 3.2.2j page 294[...]

  • Page 295

    zgmrpd NAME zgmrpd - GARP Multicast Registration Protoc ol (GMRP) daemon for the OpenArchitect switch. (Partially supported in this release .) SYNOPSIS zgmrpd [-d <level>] [-f] [-h <hostname>] [-p <ppa>] [-t <target>] DESCRIPTION zgmrpd is run after the network interfaces are created and initialized with zconfig , and starte[...]

  • Page 296

    Only the GARP normal registration mode is cur rently supported. Multiple instances of zgmrpd may run concurrent ly provided the targets are unique. However, zgmrpd cannot run concurrently with zsnoopd . See zsnoopd . OPTIONS -d <level> Sets the level of debugging output required by zgmrpd. The default level is zero (0). Setting the debug leve[...]

  • Page 297

    zgr NAME zl2, zl2mc, zl3host, zl3net, zvlan – Formatted display of OpenArchitect generic tables. zl2 displays the abstraction API’s layer 2 ta ble. zl2mc displays the abstraction API’s layer 2 multi cast table. zl3host displays the abstraction API’s layer 3 host route table. zl3net displays the abstraction API’s layer 3 net work route tab[...]

  • Page 298

    Several options are available whi ch enable the user to display only selected entries. Addit ionally, there is an option that clears user -specified entries in the table. OPTIONS -i <index> Displays the entry at the <index> position in the table. Valid for all tables. Cannot be combined with -m, -P or -v . -m <mac_address> Display[...]

  • Page 299

    zl2 Be careful, the -c option does not ask. The foll owing command deletes all entries in the zl2 table: zl2 -c SEE ALSO zal Ethernet Switch Blade User's Guide release 3.2.2j page 299[...]

  • Page 300

    zgvrpd NAME zgvrpd - GARP VLAN Registration Protocol (GVRP) da emon for the OpenArchitect switch. SYNOPSIS zgvrpd [-d <level>] [-f] [-h <hostname>] [-p <ppa>] [-t <target>] DESCRIPTION zgvrpd is run after the network interfaces are created and initialized with zconfig , and started with ifconfig(1M).zgvrpd starts a backgroun[...]

  • Page 301

    default level is zero (0). Setting the debug level higher produces more output. Five (5) is currently the maximum output level. -f Run zgvrpd in foreground. Default is to run it in background. -h <hostname> Connect to remote host <hostname>. -p <ppa> Start zgvrpd on switch <ppa>. Default is 0. -t <target> Enable GVRP o[...]

  • Page 302

    zl2d NAME zl2d - Layer 2 daemon for the OpenArchitect switch. SYNOPSIS zl2d [start | stop] [-t <msecs>] [-d <level>] [-f] [-p <priority>] <iface..> DESCRIPTION zl2d is run after the network interfaces are created and initialized with zconfig . zl2d creates a Linux bridge for each interf ace using brctl(8) . The bridge name i[...]

  • Page 303

    OPERATIONS zl2d manages the Spanning Tree state fi elds in the switch of each port within the bridge(s). Based on a timer, zl2d reads the port inform ation for each Linux bridge and updates the switch when necessary. EXAMPLES In the following example, zl2d creates a Linux bridge named b zhp0 which includes all of the zre<n> devices previously[...]

  • Page 304

    zl3d NAME zl3d - Layer 3 daemon for the OpenArchitect switch. SYNOPSIS zl3d [-h <host_name>] [-t <msecs>] [-b] [-e] [-l] [-n] [-d <level>] <iface ..> DESCRIPTION zl3d is run after the network interfaces are created and initialized with zconfig , and started with ifconfig(1M). zl3d listens for Netlink messages from the kernel[...]

  • Page 305

    produces more output. Four (4) is currently the maximum output level. <iface…> The network interfaces on which zl3d should operate. These network interfaces must first be created by zconfig. zl3d does not operate with standard network interface cards. It only works on switch network interfaces created by zconfig. It uses the same syntax as [...]

  • Page 306

    zlc NAME zlc − link and LED control SYNOPSIS zlc [-h <hostname>][-d <level>][-x] <port_list> <action> [on | off ] zlc [-h <hostname>][-d <level>][-x] <action> [on | off |clear] zlc [-h <hostname>][-d <level>][-x] [state|query] DESCRIPTION The zlc application sets the link speed a nd state of i[...]

  • Page 307

    must be down to change the speed. Assuming zre1 i s part of interface zhp0 , ifconfig zhp0 down zlc zre1 100fd The external fault, internal fault , and ok LEDs can be set on a per port basis or globally . To set the external fault LED for a particul ar port, zlc zre1 extfault on To query the settings of a particular port, zlc zre1 query Global Sett[...]

  • Page 308

    zlmd NAME zlmd − monitor link changes or hot swap events. SYNOPSIS zlmd [-h <hostname>] [-b] [-d <level>] {-f <file>} | <configuration> DESCRIPTION The zlmd application is intended to run as a daem on, waiting for a configured event to occur and then running the program configured for that event. The e vents monitored are [...]

  • Page 309

    <port-list> A list of ports in the same forms supported by zconfig, e.g. zre1,zre2 or zre10..14 <program> Path to an executable program or script to be run when the event occurs. Note: An absolute path to <program> is required. The program will be called with the following parameters: For Link Changes: <program> <ppa> [...]

  • Page 310

    zlogrotate NAME zlogrotate − Rotates log files. SYNOPSIS zlogrotate [-b] [-t time] [-s segment size] [-n # of files] [-f file to rotate] DESCRIPTION zlogrotate rotates the selected file every [t ime] seconds if the file is larger than [se gment size]. It will keep only the number of fi les selected. zlogrotate is called from /etc/init.d/r cS by d[...]

  • Page 311

    zmirror NAME zmirror - Set packet mirroring on an ingress or egress port SYNOPSIS zmirror -a | -t zmirror [-e] <from_list> <to_port> DESCRIPTION zmirror sets packet mirroring from a given set of ports to one given port . Turning on packet mirroring causes a copy of the packet to be se nt to the to port. Any number of from ports can be m[...]

  • Page 312

    zmirror zre1, zre2, zre3 cpu Is the same as: zmirror zre1 cpu zmirror zre2 cpu zmirror zre3 cpu Multiple mirroring setups can be ma de. The following example will mirror port 1 traffic to port 11 and port 2 traffic to port 12. zmirror zre1 zre10 zmirror zre2 zre11 Setting a different to port will ove rwrite the previous setting. Given the last setu[...]

  • Page 313

    , (comma) Use for creating lists .. (dot-dot) Specifies an inclusive range Below are some examples for the correct usage of the comma (,) and dot-dot (..). Each line below produces the same results: zre1, zre2, zre3, zre4 zre1..4 zre1, zre2..4 zre1..2, zre3..4 SEE ALSO tcpdump(1M) Ethernet Switch Blade User's Guide release 3.2.2j page 313[...]

  • Page 314

    zmnt NAME zmnt − Expands the read/write files onto the RAM dis k. SYNOPSIS zmnt [-c] <directory> zmnt [-c] -t <file> zmnt [-c] –l DESCRIPTION zmnt expands files from flash onto the RAM disk that have been previ ously saved with zsync . The init process runs zmnt to expand the files in fla sh onto RAM file system. The user may use zm[...]

  • Page 315

    zmnt –t overlay.tar The resulting tar file can now be saved on a dif ferent host as a snapshot of the overlay at that point in time. Use zsync to restore the ove rlay on the switch: zsync –t overlay.tar The restored overlay will be used upon the ne xt reboot. SEE ALSO zsync Ethernet Switch Blade User's Guide release 3.2.2j page 315[...]

  • Page 316

    zpeer NAME zpeer – Application for High Availability comm unication between the Fabric and Data switches. SYNOPSIS zpeer [-d <level>] local|peer <command> <value>|query zpeer [-d <level>][-a][-r] DESCRIPTION zpeer is used to pass bidirectional High Availabi lity(HA) state and priority information between the base and fabri[...]

  • Page 317

    displayed by query, but must be set at initial ization. After setting the healthy state, the query will retur n the backup state. backup Used to reflect the backup state of vrrpd master Used to reflect the master st ate of vrrpd The priority value is a value betwee n 0 and 255. In the HA suite, the value is set to 254 minus the number of ports that[...]

  • Page 318

    be also reset. SEE ALSO zspconfig Ethernet Switch Blade User's Guide release 3.2.2j page 318[...]

  • Page 319

    zqosd NAME zqosd – monitors tc(8) commands to implement classification filters and queuing disci plines in hardware. SYNOPSIS zqosd [-d <level>] [-p <port>] [-f] [-l] [-i <pid>] [-o <pid>] DESCRIPTION zqosd monitors commands entered by tc which set up queuing disciplines and c lassification filters for managing traffic in [...]

  • Page 320

    SEE ALSO ztmd, tc(8), zfilterd Ethernet Switch Blade User's Guide release 3.2.2j page 320[...]

  • Page 321

    zrc NAME zrc - Packet rate control SYNOPSIS zrc -b | -m | -d | -t | -a [-p <port>] [-v <vlan>] [-g <group>] [-M <mac_addr>] [-T <timeout>] [-D <level>] <rate> DESCRIPTION zrc sets rate control on Broadcast, Multicast and/or Destination Lookup Failure (DLF) packets. The rate is measured in the number of pac [...]

  • Page 322

    zreg NAME zreg - Read and write registers and tables on the OpenArchite ct switch switching hardware. SYNOPSIS zreg [-p <ppa>] [-w] [-i <index>] [-t <index>] [-k] [-h <hostname>] [-d <level>] [-r 10] <reg> DESCRIPTION zreg allows a user to read and write direct and indi rect registers and tables on the resident s[...]

  • Page 323

    connected (i.e., the one that is on the local PCI bus). -r 10 Sets numeric radix for registers to 10. Default is 16. -d <level> Set the level of debugging output produced by zreg. The default level is 1. Setting the debug level higher produces more output. The maximum level of output is currently 4. OPERANDS <reg> If no –i, -t, or –[...]

  • Page 324

    zrld NAME zrld – ZNYX redirector daemon SYNOPSIS zrld [-d <level>] [-p <port>] [-f] DESCRIPTION zrld is used for remote management of OA/HA appl ications. OA/HA applications capable of remote management include zlc , ztats , zlmd . zrld only allows requests from hosts listed in /etc/rcZ.d/zrld_trusted_hosts . OPTIONS -d <level> [...]

  • Page 325

    zsnoopd NAME zsnoopd - IGMP Snooping daemon for the OpenArchitect switch . SYNOPSIS zsnoopd [-d <level>] [-f] [-h <hostname>] [-p <ppa>] [-r <sec>] [-t <sec>] [-u <sec>] [-v <vlan_id>] DESCRIPTION zsnoopd is run after the network interfaces are created and initialized with zconfig , and started with ifconfi[...]

  • Page 326

    -f Run zsnoopd in foreground. Default is to run it in background. -h <hostname> Connect to remote host <hostname>. -p <ppa> Start zsnoopd on switch <ppa>. Default is 0. -r <sec> Time to wait, in seconds, before removing a port with no router multicast traffic. Default is 260 seconds. -t <sec> Time to wait, in sec[...]

  • Page 327

    zpeer peer state query The output from the above command during the boot process would be “unhealthy” The -a option can be used to display a complete listing of all state and priority information and internal information that can be use d for debugging. Here is example output from the -a option. Local/Write Peer/Read priority 203 231 state mast[...]

  • Page 328

    zspconfig NAME zspconfig - configure and start surviving partner SYNOPSIS zspconfig [-d <level>] [-p <directory_path>] [-u <dhcp_interface>] [-c <dhclient.conf>] [-t <timeout>] [-s] [-v] -f <file> DESCRIPTION zspconfig is used to configure and start the Surviving Partner soft ware. With the -f option a configurat[...]

  • Page 329

    finding a Surviving Partner to retrieve configuration information from. Only valid with the –u option. -s Do not ask for confirmation. Run from a script. -v Prints the current version of zspconfig. -f <file> The provided <file> is used as input to configure the Surviving Partner. See the next section on CONFIGURATION FILE for the synt[...]

  • Page 330

    A sibling_addresses statement is required for each VLAN c reated with the zconfig commands. The two addresses in the list indicate there are two switches in the Surviving Pa rtner group. The first address 10.0.0.30 and 11.0.0.30 are assigned to the sw itch on which the configuration is being run. The remaining addres ses are distributed to the swit[...]

  • Page 331

    monitor_only - Ports that are monitored but do not have a virtual address managed on them. They will not have their links brought down tempor arily during a failover scenario. These ports are only monitored. If a problem occ urs on this type of link it will cause a failover scenario. configure_only - Ports are configured as pe r the zconfig command[...]

  • Page 332

    interconnect, it is not a bonding driver ena bled port, and therefore should be setup as an interconnect port type. To accompl ish this, the zre ports are listed to avoid conflicting port types. Note that a single line cannot contai n both zhp and zre definitions. Therefore RAINlink: zhp1, zre1..4 does not work and the definition zre1..8 is equival[...]

  • Page 333

    Coordination between the data and fabr ic switches can be enabled by setting the board_synchronization_mode . Possible modes are “off” and “basic”. B oard synchronization is off by default. When board sync hronization is put into basic mode, HA events on the base switch are coordinated with the HA events on the fabric switch. The behavior o[...]

  • Page 334

    files run the Surviving Partner. This is a li st of all configuration and script files: /etc/rcZ.d/S70Surviving_partner The main startup script that starts the Surviving Partner by running zconfig, ifconfig, zlmd and vrrpd. zspconfig prompts the user to run this script. This file can be saved with zsync to automatically start the Surviving Partner [...]

  • Page 335

    Ethernet Switch Blade User's Guide release 3.2.2j page 335[...]

  • Page 336

    zstack NAME zstack - Configures the OpenArchitect switch st acking. SYNOPSIS zstack [-h <host_name>] [-d <level>] [-a] [-t] [{-f <file>} | <configuration>] DESCRIPTION zstack combines multiple switch fabric chips into a s ingle virtual switch. zstack must be run before any other switch configuration. Speci fically it must be[...]

  • Page 337

    semicolon-delimited statem ents. Each statement specifies an action to ta ke on a stack. A stack is a group of ports on a single switch fabric chip. Ac tions include stack creation , stack port association , stack configuration and stack control . Comments, spaces and new lines are i gnored. Comments begin with the # character and include character[...]

  • Page 338

    semicolon are two zre_lists separated by an equal si gn. The first is the list of virtual port names, the second is the physical port names. The assignment is done in order, and there must be an equal number of ports in each list. Wild car ds may be used in the zre_lists . See below. Stack port association syntax for a base sw itch: stack0: zre0..1[...]

  • Page 339

    Stack Control Statements Finally after creating the sta ck, associating the ports, and setting the stack confi guration, the stack can be enabled using one of the Stack Cont rol statements. The following stack control state ments are supported. enable; The enable statement turns on stac king that has been previously configured. This statement canno[...]

  • Page 340

    ztats NAME ztats − Display statistics and information about switch SYNOPSIS ztats [-d <level>] [-i <unit>] | [-m <port>] | [-v <vlan id>] | [-t <tgid>] | [-v] DESCRIPTION ztats displays MIB counters for a selected physic al port, trunk group or VLAN. It can also display information about the configurat ion of the swi[...]

  • Page 341

    zsync NAME zsync − Saves changes to the flash. SYNOPSIS zsync [-c][-f][<dir_or_file>] zsync [-c][-f][-t <file>] zsync [-c][-f][-z] zsync [-c][-l] DESCRIPTION zsync is used to save a snapshot of the current file system to flash ROM. By default, zsync creates a compressed tar image of the files that have changed and saves the image in t[...]

  • Page 342

    OPTIONS -c Save files to the custom overlay -t <file> Read files to be saved from a tar file. -z Zero the overlay area. -f Do not confirm with user and do not warn if saving failed. Exit code can be examined to determine success or failure. <dir_or_file> Save only the named file, or save the named directory to the overlay. Contents of d[...]

  • Page 343

    ztmd NAME ztmd – traffic management daemon which acc epts messages from traffic filtering and qua lity of service applications and sets up hardwa re. SYNOPSIS ztmd [-d <level>] [-p <port>] [-f] [-i <pid>] [-o <pid>] [-a <addr>] [-l] DESCRIPTION ztmd listens for messages on a multicast port. These messages describe pa[...]

  • Page 344

    SEE ALSO zqosd, iptables(8), tc(8), zfilterd Ethernet Switch Blade User's Guide release 3.2.2j page 344[...]

  • Page 345

    brctl(8) NAME brctl - Bridge and Spanning Tree Protocol administration. SYNOPSIS brctl [options] DESCRIPTION brctl is used to set up, maintain, and display the bridge configuration in the Linux kernel. brctl is a standard command included wit h Linux bridge support including Rapid Spanning Tree Protocol (RSTP). A bridge is a device commonly used to[...]

  • Page 346

    makes the interface a port of the bridge. This means that all frames received on the interface will be processed as if destined for the bridge. Also, when sending frames on the bridge, the interface will be considered as a potential output interface. For the OpenArchitect switch, <interface> is zhp0, zhp1, … IMPORTANT: This option must only[...]

  • Page 347

    setmaxage <bridge> <time> sets the bridge's maximum message age to <time> seconds. setpathcost <bridge> <port> <cost> sets the port cost of the port to <cost>. This is a dimensionless metric. The path cost is set to 100 for all OpenArchitect switch ports by default. IEEE 802.d recommends the following:[...]

  • Page 348

    Appendix C Intellig ent Platform Management Interface The Ethernet Switch Blade provides Inte lligent Platform Management Interface (I PMI) support. IPMI circuitry provides: • The communication channel between the Base board Management Controller (BMC) and the CPU for management. • Data storage, SDRR, FRU, access. • Sensor readings. IPMI circ[...]

  • Page 349

    M States M5 Deactivation r equest (e.g. hot swap ejector opened) M6 Deactivation gr anted by ShMC M7 Unexpected los s of communication between FRU and ShMC Table C.1.: IPMI M States Peripheral Management Controller Functi onal Support The following IPMI commands are implemented in vers ion 1.00: PMC Controller Support Command Code Sensor # Status N[...]

  • Page 350

    Sensor Reading Example This is an example of how to structure a c ommand and response to determine a sensor value. In this example, a GetSensorReading com mand is sent from BMC (address 20h in this example), to the switch in slot 2 (geographical addre ss is B2h) to read the temperature sensor, which is assigned to sensor number 60h. Standard IPMI C[...]

  • Page 351

    Standard IPMI Response: GetSensorReading Byte Data Field D escription 1 rqAddr 20h 2 netFn/Lun 16h 3 check1 CAh 4 rsAddr B2h 5 seq no 06 6 command 2Dh 7 completion code 00h 8 sensor reading 1Bh -> 27 Celsius degree 9 optional data byte C0h scanning is enabled 10 optional data byte C0h 11 optional data byte 00 12 checksum2 80h Table C.4: GetSenso[...]

  • Page 352

    Structure of Standard IPMI Commands: From BMC to PMC Structure of Standard IPMI Commands BMC - PMC Byte Data Field D escription 1 rsAddr <slot’s IPMB addr> 2 netFn/Lun <netFn> 3 check1 <chksm1> 4 rqAddr <sw_id> 5 seq no <seq> 6 command <cmd> 7 optional dat a byte <arg1> 7+x optional data bytes <argN>[...]

  • Page 353

    Event Generator The PMC’s event generator is disabled until it receives a SetEventReceiver command from BMC for Event Receiver’s slave address and LUN. If the event generator is enabled, PMC reports significant events to the BMC a synchronously. The standard IPMI platform event message format is used. IPMB Event message format Structure of even[...]

  • Page 354

    Version 2.x supports three FRU Inventory Device Com mands: Get FRU Inventory Area Info Read FRU Data Write FRU Data The spare SEEPROM space is allocated as fol lows: Spare SEEPROM Space Allocation Space for Start address End address Size Notes VPD 0 0x3FF 0x400 (1Kbytes) FRU 0x400 0x13FF 0x1000 (4kbytes) Parameters 0x1400 0x17FF 0x400 (1 Kbytes) At[...]

  • Page 355

    IPMB Override Status Data 5= Clock low time out; 6=under test; 7=Undiagnosed communications failure Table C.9.: IPMB Override Status Data Ethernet Switch Blade User's Guide release 3.2.2j page 355[...]

  • Page 356

    Index Index adduser........................................................................................................................................................................................... ...............................................................................................................................................[...]

  • Page 357

    Index Network Time Protocol..................................................................................................................................................... 72, 131 NFS..................................................................................................................................................................[...]

  • Page 358

    Index tc 62, 113 The U32 Filter................................................................................................................................................................... 66, 124 thttpd.............................................................................................................................................[...]

  • Page 359

    Index ztmd......................................................................................................................................................................................... 301 zvlan.................................................................................................................................................[...]