53-1002805-03 9 July 2013 Brocade MLX Series and NetIron Family Documentation Updates Supporting Multi-Service IronWare R05.4.
Copyright © 2013 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, MLX, NetIron, SAN Health, ServerIron, TurboIron, VCS, and VDX are registered trademarks, and AnyIO, Brocade One, CloudPlex, Effortless Networking, ICX, NET Health, OpenScript, and The Effortless Network are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries.
Document History Title Publication number Summary of changes Date Brocade MLX Series and NetIron Family Documentation Updates 53-1002805-01 New document 19 December 2012 Brocade MLX Series and NetIron Family Documentation Updates 53-1002805-02 NetIron 05.4.00c Release updates. 26 March 2013 Brocade MLX Series and NetIron Family Documentation Updates 53-1002805-03 NetIron 05.4.00d Release updates.
iv Brocade MLX Series and NetIron Family Documentation Updates 53-1002805-03
Contents About This Document In this chapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix How this document is organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Brocade resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Getting technical help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Document feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Global ACL command to delete ACLs bound to an interface . . . . . . 31 Changing the router ID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Show lag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 OpenFlow Hybrid Port Mode for IPv6 . . . . . . . . . . . . . . . . . . . . . . . . . 34 Bypass LSP Liberal Path Selection . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Current algorithm. . . . . . . . . . . . . . . . . . . . . . . . .
Data Integrity Protection for Metro. . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Configuring Data Integrity Protection for Metro . . . . . . . . . . . . . 66 New configuration commands . . . . . . . . . . . . . . . . . . . . . . . . . . 66 New show commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Syslog messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Management module redundancy overview . . . . . . . . . . . . . . . . . . .
viii Brocade MLX Series and NetIron Family Documentation Updates 53-1002805-03
About This Document In this chapter • “How this document is organized” on page ix • “Brocade resources” on page ix • “Getting technical help” on page ix • “Document feedback” on page x How this document is organized This document contains updates to the Multi-Service IronWare R05.4.00b product manuals. These updates include document fixes and changes covering new features. Table 1 below list the most recently released Multi-Service IronWare R05.4.00b product manuals.
Document feedback Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and completeness of this document. However, if you find an error or an omission, or you think that a topic needs further development, we want to hear from you. Forward your feedback by email to: documentation@brocade.
Chapter Documentation Updates for the Brocade MLX Series and NetIron Family Configuration Guide 1 In this chapter The updates in this chapter are for the Brocade MLX Series and NetIron Family Configuration Guide, publication number 53-1002544-02, published September 2012. The following features were added or modified as part of the 5.4.00b release.
1 In this chapter The following features were added or modified as part of the 5.4.00d release. • IEEE 802.1ag Connectivity Fault Management (CFM), the MEP mep-id range parameter was updated to 1-8191.
1 Support for IPv6 anycast addresses Support for IPv6 anycast addresses In the NetIron 5.4.00a Configuration Guide, the list of unsupported features for Brocade MLX series and Brocade NetIron XMR devices incorrectly includes IPv6 anycast address. Brocade MLX series and Brocade NetIron XMR devices support IPv6 anycast addresses starting in NetIron 5.4.00b. New LAG formation rule The 10Gx24-DM module ports can only be part of LAGs exclusively consisting of 24x10G ports.
1 Deleting CSPF groups This feature enhancement allows you to delete all configured groups at once. Use a single no cspf-group command. This command is only available at the router-mpls level and takes no arguments. Sample configuration These are the commands for use with the feature.
1 IPv6 Traceroute over an MPLS network IPv6 Traceroute over an MPLS network TABLE 2 Supported platforms Features supported Brocade NetIron XMR Series Brocade MLX Brocade Series NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_PREM package Brocade NetIron CER 2000 Series Base package Brocade NetIron CER 2000 Series Advanced Services package IPv6 Traceroute over an MPLS network Yes Yes Yes Yes No Yes No NOTE IPv6 MPLS tr
1 IPv6 Traceroute over an MPLS network Tracing an IPv6 route through an MPLS domain Figure 1 shows an MPLS-enabled provider network consisting of four LSRs. PE1 is the ingress PE Label Edge Router (LER), P1 and P2 are transit LSRs, and PE2 is the egress provider edge LER. CE1 and CE2 are CE devices located in different geographical locations.
IPv6 Traceroute over an MPLS network 1 1. CE1 sends a traceroute probe with a TTL of 1 to its peer, CE2, with the destination IP address of 2001:DB8:2::2. PE1 decrements the packet’s TTL by one and drops the expired packet. It generates a ttl-exceeded ICMPv6 message, and sends it back to CE1 with the source IPv6 address embedded in the IPv6 header of the expired packet. Traceroute reports the PE1 IPv6 address at hop 1, but there is no label information. 1. <1 ms <1 ms <1 ms 2001:DB8:1::2 2.
1 IPv6 Traceroute over an MPLS network Traceroute reports only the IP address of the destination device CE2. No label extension is added because the received packet is not labeled. The port unreachable message is label-switched back to the customer source device CE1, as a normal data packet.
1 IPv6 VRRP-E short path forwarding for MCT IPv6 VRRP-E short path forwarding for MCT TABLE 3 Supported devices for IPv6 VRRP-E short path forwarding for MCT.
1 IPv6 VRRP-E short path forwarding for MCT When both MCT devices act as the VRRP or VRRP-E backup routers, the following behavior will be seen: • Packets sent to VRRP-E virtual IPv6 address will be L2 switched to the VRRP-E master router for forwarding. • VRRP-E MAC will be learned by both MCT switches acting as backup routers. • Both data traffic and VRRP-E control traffic will need to travel through ICL unless the short-path forwarding feature is enabled.
1 IPv6 VRRP-E short path forwarding for MCT Sample MCT Configuration Cluster: ABC E3 CEP Bridge ID: 100 Bridge ID: 101 A E4 B ICL e2/1 CEP e2/1 CCEP CCEP e1/1 e1/1 CEP E5 LAG S1 End stations E1 Switch bridge ID: 200 E2 End stations Switch A: vlan 4090 tagged ethe 2/1 router-interface ve 1 ! interface ve 1 ip address 192.168.1.1/24 ! cluster ABC rbridge-id 100 session-vlan 4090 member-vlan 100 to 300 icl icl_a_b ethernet 2/1 peer 10.10.20.
1 IPv6 VRRP-E short path forwarding for MCT backup priority 50 ipv6-address 10::100 activate ! Switch B: vlan 4090 tagged ethe 2/1 router-interface ve 1 ! interface ve 1 ip address 192.168.1.2/24 ! cluster ABC rbridge-id 101 session-vlan 4090 member-vlan 100 to 300 icl icl_a_b ethernet 2/1 peer 10.10.20.
1 VRRP and VRRP-E support for routing over VPLS on CES and CER VRRP and VRRP-E support for routing over VPLS on CES and CER TABLE 4 VRRP and VRRP-E support on devices for routing over VPLS on CES and CER.
1 Hybrid port mode OpenFlow Hybrid port mode OpenFlow TABLE 5 Supported devices for hybrid port mode OpenFlow Features supported Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_PREM package Brocade NetIron CER 2000 Series BASE package Brocade NetIron CER 2000 Series Advanced Services package Hybrid port mode OpenFlow Yes Yes No No No No No OpenFlow hybrid-enabled
Hybrid port mode OpenFlow 1 Hybrid port mode operation Consider Device-1 in Figure 2. Ingress traffic on VLAN 10 on hybrid port 1/1 will be processed for normal routing. Traffic on other VLANs will be processed against OpenFlow flows on port 1/1 and switched accordingly. A preconfigured number of protected VLANs can be supported for normal routing. The Spanning tree protocols (STP) state of these routing VLANs will be set to forwarding, as the Layer 2 protocol is not supported.
1 Hybrid port mode OpenFlow • A port can be enabled for hybrid port mode only if the port is untagged in the default VLAN. • Ports in OpenFlow hybrid port mode cannot be added as untagged ports to regular VLANs or L2VPN because this can cause a problem with topology discovery.
Hybrid port mode OpenFlow 1 Setting the system maximum The system-max openflow-pvlan-entries command sets the CAM size of OpenFlow protected VLAN entries for the device. By default, this value is set to 0. Brocade(config)# system-max openflow-pvlan-entries 2000 Syntax: system-max openflow-pvlan-entries value The value variable represents the number of port and protected VLAN combination entries that can be configured in the system. The range is from 0 to 2048.
1 Hybrid port mode OpenFlow Displaying Ethernet slots and ports The show interface command gives the number of ports and their slots for the ethernet interface. brocade(config-if-e10000-2/5)# show in ethernet 2/5 10GigabitEthernet2/5 is up, line protocol is up STP Root Guard is disabled, STP BPDU Guard is disabled Hardware is 10GigabitEthernet, address is 000c.dbf5.bd00 (bia 000c.dbf5.
1 sFlow null0 sampling sFlow null0 sampling TABLE 6 Supported devices for sFlow null0 sampling Features supported Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_PREM package Brocade NetIron CER 2000 Series BASE package Brocade NetIron CER 2000 Series Advanced Services package sFlow null0 sampling Yes Yes No No No No No This feature allows Brocade devices to sampl
1 sFlow null0 sampling Enabling or disabling the null0 sFlow sampling These commands include the enabling and disabling of the null0 sampling. Enter the following command to enable sFlow sampling for null0 routes. Brocade(config)#sflow null0-sampling To disable null0 sampling , enter the following command. Brocade(config)#no sflow null0-sampling Syntax: [no] sflow null0-sampling Configuring a null0 route For configuring a route for null0 sampling, use the following command. Brocade(config)#ip route 10.
1 Support matrix for MSTP and STP global/STP/RSTP Support matrix for MSTP and STP global/STP/RSTP Table 7 provides the MSTP compatibility matrix as of NetIron 5.4.00b.
1 Aggregated TM VOQ statistics collection Aggregated TM VOQ statistics collection The following is an update to the list of modules that support Aggregated TM VOQ statistics collection.
1 Aggregated TM VOQ statistics collection Current Queue Depth Maximum Queue Depth since Last read Priority = 1 EnQue Pkt Count EnQue Bytes Count DeQue Pkt Count DeQue Bytes Count Total Discard Pkt Count Total Discard Bytes Count Oldest Discard Pkt Count Oldest Discard Bytes Count WRED Dropped Pkt Count WRED Dropped Bytes Count Current Queue Depth Maximum Queue Depth since Last read Priority = 2 ....
1 Aggregated TM VOQ statistics collection TABLE 8 Traffic Manager statistics (Continued) This field... Displays... WRED Dropped Pkt Count A count of all packets entering ingress queues on this traffic manager but dropped due to WRED. WRED Dropped Bytes Count A count of all bytes entering ingress queues on this traffic manager but dropped due to WRED. Maximum Queue Depth since Last read The maximum queue depth since last access to read.
1 Displaying QoS packet and byte counters Displaying QoS packet and byte counters You can enable the collection of statistics for Ingress and Egress packet priorities using the enable-qos-statistics command. Once the collection of statistics is enabled, the show np statistics command can be used to display a count of the packet priorities of Ingress and Egress packets as shown in the following. Brocade# show np statistics TD: Traffic Despritor.
1 Multi-Chassis Trunk (MCT) client-interfaces delay Multi-Chassis Trunk (MCT) client-interfaces delay Use the client-interfaces delay command to set the delay before brining up the CCEP port. This command is used to set the delay, so that after a node is reloaded, with just L2vpn peer alone, the delay to bring up the CCEP port will be the designated value. Brocade(config-cluster-TOR)#client-interfaces delay 60 Syntax: [no] client-interfaces delay time in sec The default value for delay is 30 seconds.
1 Deletion of ACLs bound to an interface Deletion of ACLs bound to an interface TABLE 9 Supported platforms Features supported Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_PREM package Brocade NetIron CER 2000 Series BASE package Brocade NetIron CER 2000 Series Advanced Services package Deletion of ACLs bound to an interface Yes Yes No No No No No To delete an
1 Deletion of ACLs bound to an interface interface ethe 2/1 mac access-group SampleACL in ! Brocade(config)#show cam l2acl SLOT/PORT Interface number Brocade(config)# sh cam l2acl 2/1 LP Index VLAN Src MAC Dest MAC Port Action (Hex) 2 0a3800 10 0000.0000.0000 0000.0000.0000 0 Pass 2 0a3802 0 0000.0000.0000 0000.0000.
Configuring an encrypted syslog server 1 Configuring an encrypted syslog server You can configure up to six encrypted syslog servers, but only one is active at any time, with the other servers acting as standby. When you add an encrypted syslog server, if there is no active syslog server, a session is established with the configured server. If a new connection is added when an active session exists, a new session with another encrypted syslog server is not attempted.
1 Configuring an encrypted syslog server Using SCP 1. Use SCP to copy the SSL Client Certificate and private key from the remote machine. Enter the following commands in sequence in any order at the remote host where the SSL Client Certificate and private key are present: Host# scp cert.p12 user@10.25.105.121:sslclientcert Host# scp privkeyfile user@10.25.105.
Global ACL command to delete ACLs bound to an interface 1 Global ACL command to delete ACLs bound to an interface The access-list command now allows the deletion of Access Control Lists (ACLs) bound to an interface. The following examples show the application of an ACL and the deletion of the ACL that has been bound to an interface. 1. ACL configuration Brocade(config)# access-list 102 permit ip any any 2.
1 Global ACL command to delete ACLs bound to an interface If you prefer, you can explicitly set the router ID to any valid IP address. The IP address should not be in use on another device in the network. You can set a router ID for a specific VRF as described within this section.
1 Show lag Show lag The show lag command has been updated to display the number of available LAGs, including 100g LAGs. Brocade # Brocade #show lag b Total number of LAGs : 2, 100g : 2 Total number of deployed LAGs : 2, 100g : 2 Total number of trunks created : 2 (254 total available), 100g : 2 (14 total available) LACP System Priority / ID :1 / 0024.3883.
1 OpenFlow Hybrid Port Mode for IPv6 OpenFlow Hybrid Port Mode for IPv6 This feature enables an OpenFlow enabled port to support normal IPv6 routing on protected VLANs.
1 Bypass LSP Liberal Path Selection Bypass LSP Liberal Path Selection TABLE 10 Supported platforms Features supported Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Liberal bypass LSP selection Yes Yes No Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_PREM package Brocade NetIron CER 2000 Series Base package Brocade NetIron CER 2000 Series Advanced Services package No No Yes Current algorithm The current algor
1 FIGURE 3 Bypass LSP Liberal Path Selection Bypass LSP Protected LSP Head PLR Node A Node B MP Link1 Node C Node D Protected LSP Tail Node G Node protection Node E Facility Protected LSP Protected LSP used Links – protected interface Bypass LSP Path Backup path from PLR to MP. New algorithm The new facility backup computation mode applies an algorithm between and extremely conservative approach and an extremely liberal approach. The changes only affect how a bypass LSP is qualified.
Bypass LSP Liberal Path Selection 1 Syntax: [no] cspf-computation-mode [ use-bypass-liberal | use-bypass-metric] By default, backup query uses full restrictions to qualify bypass LSP during backup query. This command can be executed at any time. The bypass LSP selection process will use the restricted or liberal mode depending upon the current configuration. Changing the computation mode will not impact the already selected bypass LSPs.
1 Bypass LSP Liberal Path Selection Fast Reroute: facility backup desired Backup LSP: UP, out-label: 3, outbound interface: e4/9 bypass_lsp: byp1 Path cspf-group computation-mode: add-penalty, cspf-computation-mode: usebypass-metric, use-bypass-liberal, cost: 0 Global revertiveness enabled with hold time 5 secs FRR Forwarding State: Pri(active), Backup(up) 38 Brocade MLX Series and NetIron Family Documentation Updates 53-1002805-03
1 Max Queue Depth and Buffer Utilization CLI enhancements Max Queue Depth and Buffer Utilization CLI enhancements This section describes two commands which summarize the buffer utilization and maximum queue depth across all queues on a per slot basis.
1 Max Queue Depth and Buffer Utilization CLI enhancements 6 532 0% 7 0 0% --------- Ports 3/25 - 3/48 --------QType Max Depth Max Util 0 0 0% 1 0 0% 2 0 0% 3 0 0% 4 0 0% 5 0 0% 6 0 0% 7 0 0% 2/7 NA Destination Port NA NA NA NA NA NA NA NA TABLE 13 Field Explanation QType Queue priority Max Depth Maximum queue depth of any queue with Qtype in bytes Max Util Percentage of max queue util (max-queue-depth / max-queue-size) Destination Port Destination port of queue that had highest max queue depth
Transparent forwarding of L2 and L3 protocols on a VLL for CES and CER 1 Transparent forwarding of L2 and L3 protocols on a VLL for CES and CER TABLE 15 Feature support Table Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_Prem package Brocade NetIron CER 2000 Series BASE package Brocade NetIron CER 2000 Series Advanced Services package N N Y Y Y Y Y The command for
1 Transparent forwarding of L2 and L3 protocols on a VLL for CES and CER Member of 1 L2 VLAN(S) (tagged), port is in tagged mode, port state is Forwarding STP configured to ON, Priority is level0, flow control enabled Priority force disabled, Drop precedence level 0, Drop precedence force disabled dhcp-snooping-trust configured to OFF mirror disabled, monitor disabled LACP BPDU Forwarding:Disabled LLDP BPDU Forwarding:Disabled L2L3 protocols Forwarding:Disabled Not member of any active trunks … The follow
1 Forward Error Correction mode Forward Error Correction mode TABLE 16 Feature support Table Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_Prem package Brocade NetIron CER 2000 Series BASE package Brocade NetIron CER 2000 Series Advanced Services package Y Y N N N N N Using Forward Error Correction (FEC) mode enabled modules on a Brocade MLXe series chassis will r
1 Manual deletion of an OpenFlow rule Manual deletion of an OpenFlow rule TABLE 17 Feature support Table Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_Prem package Brocade NetIron CER 2000 Series BASE package Brocade NetIron CER 2000 Series Advanced Services package Y Y Y Y Y Y Y The command clear openflow flowid Flow ID has been implemented in NetIron 5.4.00c.
Show tech enhancement for OpenFlow • • • • 1 show statistics show running-config show logging show save Brocade MLX Series and NetIron Family Documentation Updates 53-1002805-03 45
1 Root Guard Root Guard NOTE This enhancement is to synchronize the “root protect CCEP” ports states to the peer MCT. In NetIron 05.4.00c, a new security feature has been added that allows a CCEP port to run STP, but not allow the connected device to become the Root. The Root Guard feature provides a way to enforce the root bridge placement in the network and allows STP to interoperate with user network bridges while still maintaining the bridged network topology that the administrator requires.
Discontinuing FID updates 1 • Reconfiguring the timeout period • Checking for Syslog messages Discontinuing FID updates When the following command is enabled, FID updates will not be sent to the line card. A new FID will be created on the management card and sent to the line card. This command will create a new FID before breaking the old FID, thereby avoiding traffic loss.
1 IP assignment within a LAG IP assignment within a LAG Layer 3 static or dynamic LAG support IP assignment. All the configurations has to be done on the primary port of the LAG. The following is a sample configuration: lag lag_dist_a_1 dynamic id 15 ports ethe 1/1 to 1/12 primary-port 1/1 deploy ! router vrrp ! interface ethe 1/1 ip address 192.168.10.1 255.255.255.0 ip vrrp vrid 1 backup priority 50 track-priority 10 ip-address 192.168.1.10 activate Update to Chapter 17 of the NetIron 5.4.
1 STP feature configuration STP feature configuration TABLE 18 Feature support table Features supported Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_PREM package Brocade NetIron CER 2000 Series BASE package Brocade NetIron CER 2000 Series Advanced Services package Enhanced support for Fast Port Span, Fast Uplink Span, and Singleinstance Span Yes Yes Yes Yes Yes Y
1 STP feature configuration • Fast Port Span eliminates unnecessary MAC cache aging that can be caused by topology change notifications. Bridging devices age out the learned MAC addresses in their MAC caches if the addresses are unrefreshed for a given period of time, sometimes called the MAC aging interval. When STP sends a topology change notification, devices that receive the notification use the value of the STP forward delay to quickly age out their MAC caches.
STP feature configuration 1 Brocade(config)#write memory To exclude a set of ports from Fast Port Span, enter commands such as the following. Brocade(config)#fast port-span exclude ethernet 1 ethernet 2 ethernet 3 Brocade(config)#write memory To exclude a contiguous (unbroken) range of ports from Fast Span, enter commands such as the following.
1 STP feature configuration You can use the Fast Uplink Span feature on a Brocade device deployed as a wiring closet switch to decrease the convergence time for the uplink ports to another device to just one second. The new Uplink port directly goes to forward mode (bypassing listening and learning modes). The wiring closet switch must be a Brocade device but the device at the other end of the link can be a Brocade device or another vendor’s switch.
1 STP feature configuration • You cannot add a subset of the ports in a trunk group to the Fast Uplink Span group. All ports in a trunk group have the same Fast Uplink Span property, as they do for other port properties. • If the working trunk group is partially down but not completely down, no switch-over to the backup occurs. This behavior is the same as in the standard STP feature.
1 STP feature configuration ID ID Cost Port 1 000000c100000001 2 1/3/1 rity Age llo ld dly Chang Hex sec sec sec sec sec 8000 20 2 1 15 65 cnt Address 15 000011111111 Port STP Parameters: Port Num 1/1/2 1/1/3 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 Prio rity Hex 80 80 80 80 80 80 80 80 Path Cost State Fwd Trans Design Cost Designated Root Designated Bridge 0 0 4 0 0 0 0 0 DISABLED DISABLED FORWARDING DISABLED DISABLED DISABLED DISABLED DISABLED 0 0 1 0 0 0 0 0 0 0 2 0 0 0 0 0 00000000000000
Protecting against UDP attacks 1 Protecting against UDP attacks The following section is an update to the NetIron Configuration Guide chapter titled Protecting against Denial of Service Attacks, specifically to the section titles Protecting against UDP attacks.
1 Displaying VLAN information Displaying VLAN information The following change is an update to Chapter 10 VLANs. The output is displayed as shown in the example below. Displaying VLAN information for specific ports To determine which VLANs a port is a member of, enter the following command. Brocade# show vlan e 4/1 VLANS 1 VLANs 100 show vlan ethernet slot-number/port-number [ | [ begin expression | exclude expression | include expression] The ethernet slot-number/port-number parameter specifies a port.
LACP Enhancement 1 LACP Enhancement LACP flap counters The show lacp flap command shows the LACP flap counters and the corresponding timestamps and the index. Use the index to get detailed information about this flap instance. Sample Output MP#show lacp flap <9/3> Port : 9/3 Lag ID : 1 Number of Flaps: 2 Index Timestamps 1 2012.03.20-09:26:28.365 2 2012.03.20-09:36:28.
1 LACP Enhancement 19 scp TASK 49 01:01:56.337 01:01:56.386 2013.05.07 20 scp TASK 40 01:01:56.294 01:01:56.335 2013.05.07 21 console TASK 16 01:01:56.170 01:01:56.187 2013.05.07 22 console TASK 51 01:01:49.150 01:01:49.552 2013.05.07 23 l4 TASK 55 01:01:46.269 01:01:46.325 2013.05.07 24 snms TASK 22 01:01:46.237 01:01:46.259 2013.05.07 25 snms TASK 17 01:01:46.219 01:01:46.236 2013.05.07 26 snms TASK 17 01:01:46.201 01:01:46.219 2013.05.07 27 snms TASK 17 01:01:46.182 01:01:46.200 2013.05.
1 CSPF limitation CSPF limitation NOTE The following is a limitation of the MPLS CSPF fate-sharing group. CSPF calculates the least cost paths first and then applies the hop limit on the paths. Fabric Auto Tuning SNMP and syslog enhancement The following section describes an enhancement to the existing Slow Rate CRC Link Monitoring feature.
1 Fabric Auto Tuning SNMP and syslog enhancement Brocade (config)# sysmon tm link threshold 5 10 Syntax: [no] sysmon tm link threshold error-threshold poll-window-size Set the error-threshold parameter for the error threshold value for a 60 second monitoring period. The minimum value is 1 the maximum value is 300. The default is 5. Set the poll-window-size parameter to the number of 60 second monitoring periods in the polling window. The minimum value is 1 the maximum value is 300. The default is 10.
Fabric Auto Tuning SNMP and syslog enhancement 1 TM Log Message (show tm log command output when auto tuning failed): Mar 4 20:33:57: TM Link Shutdown due to auto tuning failure: SNM5/FE1/Link16 ? LP15/TM1/Link4 TM Log Message (show tm log command output based on action taken): Mar 4 20:33:57: TM Link CRC Errors: SFM1/FE1/Link 15-> LP3/TM1/Link3 OR Mar 4 20:33:57: TM Link Shutdown due to CRC Errors: SFM1/FE1/Link 15-> LP3/TM1/Link3 FE command changes The sysmon FE link command checks link status for er
1 Fabric Auto Tuning SNMP and syslog enhancement Message examples SYSLOG(If no action taken, just logging message): Apr 30 15:32:16: I: System: Health Monitoring: Fabric link CRC errors: LP15/TM1/Link4 ? SNM5/FE1/Link16 SYSLOG(If link is shutdown): Apr 30 15:32:16: I: System: Health Monitoring: Fabric link shutdown due to CRC errors: LP15/TM1/Link4 ? SNM5/FE1/Link16 SFM Log Message (show sfm log command output when CRC is detected): Mar 4 20:33:57: Fabric Link CRC errors: LP15/TM1/Link4 ? SNM5/FE1/Link1
1 Default global metric for ISIS Default global metric for ISIS TABLE 20 Feature support table Features supported Brocade NetIron XMR Series Brocade MLX Series Brocade NetIron CES 2000 Series BASE package Brocade NetIron CES 2000 Series ME_PREM package Brocade NetIron CES 2000 Series L3_PREM package Brocade NetIron CER 2000 Series BASE package Brocade NetIron CER 2000 Series Advanced Services package Enhanced support for Default metric for ISIS Yes Yes Yes Yes Yes Yes Yes ISIS has a defa
1 Default global metric for ISIS IPv6 metric behavior with multi-topology configuration The default-link-metric for IPv6 will depend upon the multi-topology configuration. No multi-topology: address-family. The IPv6 default-link-metric will be same as that configured for IPv4 Multi-topology: address-family. The IPv6 default-link-metric will be equal to the value configured for IPv6 Multi-topology transition: The IPv6 default-link-metric will be equal to the value configured for IPv6 address-family.
1 Configuring Secure Shell and Secure Copy Configuring Secure Shell and Secure Copy The following section replaces the same titled section in the NetIron 5.4.00 Configuration Guide. Configuring DSA or RSA public key authentication With DSA or RSA public key authentication, a collection of clients’ public keys are stored on the Brocade device. Clients are authenticated using these stored public keys.
1 Data Integrity Protection for Metro Configuring Data Integrity Protection for Metro 1. Configure the Global Rolling Window Time Frame. 2. Configure the threshold parameters for CSRAM and/or LPM memories. New configuration commands The following configuration commands are introduced to configure various parameters. The system np control-ram-threshold command configures the CSRAM error reporting threshold.
Management module redundancy overview 1 Syslog messages The following are examples of Syslog messages that may be displayed. NP CSRAM has 4 error events, exceeding configured threshold for interfaces 1/1 to 1/24. NP LPM 1 has 4 error events, exceeding configured threshold for interfaces 1/1 to 1/24. Management module redundancy overview The following section is an update to the Management module redunancy overview section of Chapter 6 in the NetIron 5.4.00 Configuration Guide.
1 68 Globally changing the IP MTU Brocade MLX Series and NetIron Family Documentation Updates 53-1002805-03
Chapter Documentation updates for Multi-Service IronWare Diagnostic Guide 2 Management module diagnostics The management modules control Brocade NetIron XMR and Brocade MLX series hardware components, run networking protocols, and provide the Real Time Operating System (RTOS). Each chassis requires one management module, and can accept a second module for redundancy that works in conjunction with the active management module.
Management module diagnostics SAND access - Passed Valere power Supply 0 Passed Valere power Supply 1 Passed Power Supply access - Passed Port 0 passed Port 1 passed Port 2 passed Port 3 passed Port 4 passed Port 5 passed Port 6 passed Port 7 passed Port 8 passed Port 9 passed Port 10 passed Port 11 passed Port 12 passed Port 13 passed Port 14 passed Port 15 passed Port 16 passed Port 17 passed Port 18 passed Port 19 passed Port 23 passed Dx246 Switch Port Loopback - Passed ###- PASS -### MP-1 OS> LP (6) [
Management module diagnostics After the system reboots, you can display the status of the module using the show module command, as shown in the following example.
Management module diagnostics 72 Unified IP MIB Reference 53-1002805-03
Chapter Documentation updates for Unified IP MIB Reference 3 RFC 4293: Management Information Base for the Internet Protocol (IP) RFC 4293, Management Information Base for the Internet Protocol (IP) obsoletes the following: • RFC 2011: SNMPv2 Management Information Base for the Internet Protocol using SMIv2 • RFC 2465: Management Information Base for IP Version 6: Textual Conventions and General Group • RFC 2466: Management Information Base for IP Version 6: ICMPv6 Group This RFC is supported on the Br
RFC 4293: Management Information Base for the Internet Protocol (IP) Object group name Object identifier Supported IP version Access ipSystemStatsHCOutTransmits 1.3.6.1.2.1.4.31.1.1.31 IPv4 IPv6 returns 0. ipSystemStatsOutOctets 1.3.6.1.2.1.4.31.1.1.32 None Always returns 0. ipSystemStatsHCOutOctets 1.3.6.1.2.1.4.31.1.1.33 None Always returns 0. ipSystemStatsInMcastPkts 1.3.6.1.2.1.4.31.1.1.34 None Always returns 0. ipSystemStatsHCInMcastPkts 1.3.6.1.2.1.4.31.1.1.
RFC 4293: Management Information Base for the Internet Protocol (IP) Object group name Object identifier Supported IP version Access ipIfStatsHCOutForwDatagrams 1.3.6.1.2.1.4.31.3.1.24 IPv6 IPv4 returns 0. ipIfStatsOutDiscards 1.3.6.1.2.1.4.31.3.1.25 IPv6 IPv4 returns 0. ipIfStatsOutFragReqds 1.3.6.1.2.1.4.31.3.1.26 None Always returns 0. ipIfStatsOutFragOKs 1.3.6.1.2.1.4.31.3.1.27 IPv6 IPv4 returns 0. ipIfStatsOutFragFails 1.3.6.1.2.1.4.31.3.1.28 IPv6 IPv4 returns 0.
RFC 4293: Management Information Base for the Internet Protocol (IP) 76 Object group name Object identifier Supported IP version Access Ipv6RouterAdvertTable 1.3.6.1.2.1.4.39 IPv6 Only the following objects have read-write access; all others are read-only: • ipv6RouterAdvertSendAdverts • ipv6RouterAdvertManagedFlag • ipv6RouterAdvertOtherConfigFl ag • ipv6RouterAdvertReachableTim e • ipv6RouterAdvertRetransmitTi me • ipv6RouterAdvertCurHopLimit • ipv6RouterAdvertDefaultLifetim e icmpStatsTable 1.
Fabric drop count Fabric drop count The Brocade NetIron MLX, Brocade MLXe, and Brocade NetIron XMR devices are provided with Simple Network Management Protocol (SNMP) Management Information Base (MIB) support for the fabric drop count. The fabric drop counters are maintained by the system and are updated automatically whenever there is a packet drop at switch fabric level.
brcdNPCSRAMErrorTable (to query for NP CSRAM errors) brcdNPCSRAMErrorTable (to query for NP CSRAM errors) The brcdNPCSRAMErrorTable displays information of Network Processor (NP) Control Static Random Access Memory (CSRAM) MIB objects. NOTE The following MIB objects are supported on the Brocade NetIron CES and Brocade NetIron CER series devices. 78 Name, OID, and syntax Access Description brcdNPCSRAMErrorTable brcdIp.1.14.2.1.1.
brcdNPLPMRAMErrorTable (to query for NP LPM-RAM errors) brcdNPLPMRAMErrorTable (to query for NP LPM-RAM errors) NOTE The following MIB objects are supported only on the Brocade NetIron CES and Brocade NetIron CER series devices. Unified IP MIB Reference 53-1002805-03 Name, OID, and syntax Access Description brcdNPLPMRAMErrorTable brcdIp.1.14.2.1.1.5 None A list of brcdNPLPMRAMError entries.
brcdNPLPMRAMErrorTable (to query for NP LPM-RAM errors) Traps The following new traps are added to report the CSRAM and LPMRAM errors on the Brocade NetIron CES and Brocade NetIron CER series devices. : 80 Trap name and number Object ID Severity Description brcdNPCSRAMErrorThresholdEx ceeded brcdIp.1.14.2.0.
Chapter 4 Documentation Updates for the MLX Series and NetIron XMR Series Hardware Installation Guide In this chapter The updates in this chapter are for the Brocade MLX Series and Brocade NetIron XMR Hardware Installation Guide, publication number 53-1002424-03, published May 2012. • “4-slot router” For determining the number of power supplies required for redundancy, refer to Chapter 7, “Hardware Specifications”.
4 TABLE 1 100xGbE 2-port interface module Brocade MLXe router power consumption values (Continued) Model MLXe-32 @100 VAC @200 VAC @-48VDC Amps Watts BTU/hr Amps Watts BTU/hr Amps Watts BTU/hr N/A N/A 57 11414 38958 238 11414 38958 N/A Minimum number of 1200W power supplies needed Minimum number of 1800W power supplies needed Minimum number of 2400W power supplies needed Minimum number of 3000W power supplies needed 4 4 5 4 MAXIMUM PER MLXe (any module) MLXe-4 21 2083 7108
