gbesm_compare
GbESM
L2-L7/L2-L3
Product Marketing
> Comparison of Layer 2/Layer 3
Functionality offered in various
Nortel Networks Gigabit Ethernet
Switch Modules for
IBM eServer BladeCenter
White Paper
Blade Server Switching
Document Date: June 2005
Document Version: 1.0
Comparison of Layer 2/Layer 3 Functionality
1 Introduction
This white paper explains the functional and configuration differences, regarding Layer 2-3 switching functionality,
among the three options for Ethernet switching modules from Nortel Networks for the IBM eServer BladeCenter.
These three options for switching modules for the IBM eServer ® BladeCenterTM from Nortel Networks are:
•
Nortel Networks® Layer 2-7 Gigabit Ethernet Switch Module (GbESM 2-7)
The IBM option P/Ns for this option is 73P9057.
•
Nortel Networks® Layer 2/3 Gigabit Ethernet Switch Module – Copper (GbESM 2/3)
The IBM option P/Ns for this option is 26K6530.
•
Nortel Networks® Layer 2/3 Gigabit Ethernet Switch Module – Fiber (GbESM 2/3)
The IBM option P/Ns for this option is 26K6531.
While both GbESM L2-7 and GbESM L2/3 offer basic Layer 2-3 switching functionality, GbESM L2-7 has
additional features based on Layer 4-7 information, such as Security and Load Balancing. Complete details of the
features offered by GbESM L2-7 are available in [1] and those offered in GbESM L2/3 are described in [3].
The L2-3 switching functionality and other related features on GbESM L2-7 and GbESM L2/3 are very similar but
do differ in some areas. The purpose of this document is to describe these differences. The target reader for this
document is one who is familiar with basic Layer 2-3 features.
The document is divided into three sections:
1. Features that are available only on GbESM L2/3 firmware version 1.0.1.6
2. Features that are available in both GbESM L2-7 firmware version 20.2.2.6 and
GbESM L2/3 version 1.0.1.6
3. Features that are available only on GbESM L2-7 firmware version 20.2.2.6
Blade Server Switching - GbESM
-2-
Comparison of Layer 2/Layer 3 Functionality
1.1 L2/3 Features Unique to the L2/3 GbESM
The features described in this section are not available on GbESM L2-7 as of release 20.2.2.6. The following links
can be accessed for information regarding the latest firmware release:
Nortel Networks Layer 2-7 Gigabit Ethernet Switch Module –
http://www.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-53058
Nortel Networks Layer 2/3 Gigabit Ethernet Switch Module –
http://www.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-58216
1.1.1
802.1w (RSTP) and 802.1s (MSTP)
Rapid Spanning Tree Protocol enhances the IEEE 802.1d Spanning Tree Protocol to provide rapid convergence
on Spanning Tree Group 1. Multiple Spanning Tree Protocol extends the IEEE 802.1w Rapid Spanning Tree
Protocol, to provide both rapid convergence and load balancing in a VLAN environment.
IEEE 802.1s Multiple Spanning Tree extends the IEEE 802.1w Rapid Spanning Tree Protocol through multiple
Spanning Tree Groups. MSTP maintains up to 16 spanning-tree instances that correspond to STP Groups 1-16.
1.1.2
802.1x Port Authentication (Extensible Authentication Protocol over LAN)
GbESM L2/3 can provide user-level security for its ports using the IEEE 802.1x protocol, which is a more secure
alternative to other methods of port-based network access control. Any device attached to an 802.1x-enabled port
that fails authentication is prevented access to the network and denied services offered through that port.
The 802.1x standard describes port-based network access control using Extensible Authentication Protocol over
LAN (EAPoL). EAPoL provides a means of authenticating and authorizing devices attached to a LAN port that has
point-to-point connection characteristics and of preventing access to that port in cases of authentication and
authorization failures.
1.1.3
RIPv2
GbESM L2-7
GbESM L2/3
Routing information Protocol version 1 (RIPv1)
RIPv2 (including RIPv1compatibility mode)
RIPv2 is the most popular and preferred configuration for most networks. RIPv2 expands the amount of useful
information carried in RIP messages and provides a measure of security. RIPv2 improves efficiency by using
multicast UDP (address 224.0.0.9) data packets for regular routing updates. Subnet mask information is provided
in the routing updates. A security option is added for authenticating routing updates, by using a shared password.
GbESM L2/3 supports using clear password for RIPv2.
GbESM L2/3 allows you to configure RIPv2 in RIPv1compatibility mode, for using both RIPv2 and RIPv1 routers
within a network. In this mode, the regular routing updates use broadcast UDP data packet to allow RIPv1 routers
to receive those packets. With RIPv1 routers as recipients, the routing updates have to carry natural or host
mask. Hence, it is not a recommended configuration for most network topologies.
RIP can be turned ON/OFF globally. When ON, each interface can either run RIPv1 or it can run RIPv2.
1.1.4
ECMP
With Equal Cost Multiple Path routes, a router potentially has several available next hops towards any given
destination. ECMP allows separate routes to be calculated for each IP Type of Service. All paths of equal cost to
Blade Server Switching - GbESM
-3-
Comparison of Layer 2/Layer 3 Functionality
a given destination are calculated, and the next hops for all equal-cost paths are inserted into the routing table.
GbESM L2/3 supports 682 ECMP routes.
1.1.5
Access Control Lists
Access Control Lists (ACLs) are filters that allow you to classify and segment traffic, so you can provide different
levels of service to different traffic types. Each filter defines the conditions that must match for inclusion in the
filter, and also the actions that are performed when a match is made.
The following command can be used to configure ACLs:
/cfg/acl
1.1.6
HTTPS
The BBI can be accessed via a secure HTTPS connection over management and data ports. To enable BBI
Access on the switch via HTTPS, use the command /cfg/sys/access/https/https. To change the HTTPS
Web server port number from the default port 443, use the command /cfg/sys/access/https/port.
Accessing the BBI via HTTPS requires that you generate a certificate to be used during the key exchange. A
default certificate is created the first time HTTPS is enabled, but you can create a new certificate defining the
information you want to be used in the various fields. The certificate can be saved to flash for use if the switch is
rebooted by using the /apply and /save commands. When a client (e.g. web browser) connects to the switch,
they will be asked if they accept the certificate and can verify that the fields are what expected. Once BBI access
is granted to the client, the BBI can be used as described in the BBI Quick Guide.
1.1.7
SNMPv3
SNMP version 3.0 is an enhanced version of the Simple Network Management Protocol, approved by the Internet
Engineering Steering Group in March, 2002. SNMPv3 contains additional security and authentication features that
provide data origin authentication, data integrity checks, timeliness indicators and encryption to protect against
threats such as masquerade, modification of information, message stream modification and disclosure. SNMPv3
ensures that the client can use SNMPv3 to query the MIBs, mainly for security.
1.1.8
IGMP Filtering
With IGMP Filtering, you can allow or deny a port to send and receive multicast traffic to certain multicast groups.
Unauthorized users are restricted from streaming multicast traffic across the network.
If access to a multicast group is denied, IGMP Membership Reports from the port are dropped; and the port is not
allowed to receive IP multicast traffic from that group. If access to the multicast group is allowed, Membership
Reports from the port are forwarded for normal processing.
1.1.9
802.1p Priority Queuing
The GbESM has eight output Class of Service (COS) queues per port, into which each packet is placed.
Each packet’s 802.1p priority determines its COS queue, except when an ACL action sets the COS queue of
the packet. Each COS queue uses Weighted Round Robin (WRR) scheduling with user configurable weight,
from 1 to 15. The weight of 0 (zero) indicates strict priority, which might starve the low priority queues. You can
configure the following attributes for COS queues:
•
Map 802.1p priority value to a COS queue
•
Define the scheduling weight of each COS queue
Blade Server Switching - GbESM
-4-
Comparison of Layer 2/Layer 3 Functionality
Use the 802.1p menu (/cfg/qos/8021p) to configure COS queues.
1.1.10
QoS using DSCP
The six most significant bits in the TOS byte of the IP header are defined as DiffServ Code Points (DSCP).
Packets are marked with a certain value depending on the type of treatment the packet must receive in the
network device. DSCP is a measure of the Quality of Service (QoS) level of the packet.
The GbESM can perform the following actions to the DSCP:
•
Read the DSCP value of ingress packets
•
Re-mark the DSCP value to a new value
•
Map the DSCP value to an 802.1p priority
Once the DSCP value is marked, the GbESM can use it to direct traffic prioritization. The GbESM can re-mark the
DSCP value of ingress packets to a new value, and set the 802.1p priority value, based on the DSCP value.
Blade Server Switching - GbESM
-5-
Comparison of Layer 2/Layer 3 Functionality
1.1.11
L3 Trunking
L2/L3 hash parameters to be defined as a single unit (i.e. you cannot define L2 hash parameters separately from
L3 hash parameters).
Trunk hash parameters are limited to only the following combinations:
•
•
•
•
•
•
•
SMAC only
DMAC only
SIP only
DIP only
SIP + DIP
SMAC + DMAC
Default trunk hash parameters: SIP + DIP.
1.1.12
FTP Applications
All applications such as Configuration Backup/Restore, Upload FLASH dump, Upload Tech Support dump, etc.
that supported TFTP services also support FTP services.
1.1.13
Scheduled Reboots
This feature allows the switch administrator to schedule a reboot to occur at a particular time in future. This
feature is particularly helpful if the user needs to perform switch upgrades during off-peak hours. You can set the
reboot time, cancel a previously scheduled reboot, and check the time of the currently set reboot schedule with
the help of the Boot Schedule menu (/boot/sched).
1.1.14
NTP Requests
The command /oper/ntpreq allows the user to send requests to the NTP server.
1.1.15
Password change
The command /oper/passwd allows the user to change the password. You need to enter the current password
in use for validation.
1.1.16
Configuration Change Tracking
The command /oper/cfgtrk displays a list of configuration changes made since the last apply command. Each
time the apply command is sent, the previous configuration-tracking log is replaced with the latest changes.
1.1.17
Time Zone
The switch allows you to configure a time zone, in a manner similar to any Linux or Windows machine. It can be
configured using the following command:
/cfg/sys/timezone
Blade Server Switching - GbESM
-6-
Comparison of Layer 2/Layer 3 Functionality
1.2 Implementation Differences for L2-3 Features Common to
the GbESM L2/3 and GbESM L2-7
This section describes the differences in features that are available on both GbESM L2-7 and GbESM L2/3.
1.2.1
Forwarding Database Size
GbESM L2/3 supports 8192 entries in the MAC address table, whereas GbESM L2-7 supports 2048.
1.2.2
IGMP Snooping
Both GbESM L2-7 and GbESM L2/3 support IGMP Snooping. The differences in functionality are
tabulated below:
Functionality
GbESM
L2-7
GbESM
L2/3
Join Suppression/Aggregation
No
Yes
IGMP Leave Proxy
No
Yes
Group Specific Query to Port (FastLeave disabled)
No
Yes
Mixed Version support
(ignore Leave if Group is v1/v2 whereas Mrouter is v1)
No
Yes
IGMP Groups
256
64
Querier election
No
Yes
Restrict Single Mrouter port on VLAN
No
Yes
1.2.3
Management Network Configuration
To limit access to the switch without having to configure filters for each switch port, you can set a source IP
address (or range) that will be allowed to connect to the switch IP interface through Telnet, SSH, SNMP, or the
Browser-Based Interface (BBI). This will also help to prevent spoofing or attacks on the switch’s TCP/IP stack.
When an IP packet reaches the switch, the source IP address is checked against the range of addresses defined
by the management network and mask, (/mnet and /mmask). If the source IP address of the host is within this
range, users are allowed to attempt to log in. Any packet addressed to a switch IP interface with a source IP
address outside this range is discarded.
In GbESM L2-7, you can only specify a single network. In GbESM L2/3, this has been enhanced to allow user to
specify up to five such networks using the Management Networks Menu (cfg/sys/access/mgmt).
Blade Server Switching - GbESM
-7-
Comparison of Layer 2/Layer 3 Functionality
1.2.4
Trunk Hash
This feature allows you to configure the particular parameters for the GbESM Trunk Hash algorithm instead of
having to utilize the defaults.
This feature differs on GbESM L2-7 and GbESM L2/3 in the degree of freedom available for selecting the
particular parameters, as tabulated below:
GbESM L2-7
GbESM L2/3
Layer 2 trunk hash parameters can be defined
independently of the Layer 3 trunk hash
parameters.
Layer 2/ Layer 3 hash parameters must to be
defined as a single unit (i.e. you cannot define
Layer 2 hash parameters separately from
Layer 3 hash parameters).
You can configure new default behavior for
Layer 2 traffic and Layer 3 traffic separately.
You can select one of the following
configurations:
You configure new default behavior for Layer 2
traffic and Layer 3 traffic as one unit.
You can select one of the following
configurations:
1.2.5
•
Source IP (SIP)
•
Source IP (SIP)
•
Destination IP (DIP)
•
Destination IP (DIP)
•
Source MAC (SMAC)
•
Source MAC (SMAC)
•
Destination MAC (DMAC)
•
Destination MAC (DMAC)
•
Source IP (SIP) + Destination IP
(DIP)
•
Source IP (SIP) + Destination IP (DIP)
•
•
Source MAC (SMAC) + Destination
MAC (DMAC)
Source MAC (SMAC) + Destination
MAC (DMAC)
•
Source MAC (SMAC) + Source IP
(SIP)
•
Source MAC (SMAC) + Destination IP
(DIP)
Jumbo Frame Support
GbESM L2-7 allows selective support for jumbo frames (9000 bytes) on a per VLAN basis. GbESM L2/3 allows
full support for jumbo frames on all VLANs.
Blade Server Switching - GbESM
-8-
Comparison of Layer 2/Layer 3 Functionality
1.2.6
ARP Configuration
GbESM L2-7
GbESM L2/3
Static (permanent) ARP entries can be
configured using the Address Resolution
Protocol Menu in the Maintenance Tree
(/maint/arp)
Static (permanent) ARP entries can be
configured using the Address Resolution
Protocol Menu in the Configuration Tree
(/cfg/l3/arp/static)
Fixed.
User can specify period for “Re-ARP.”
Blade Server Switching - GbESM
-9-
Comparison of Layer 2/Layer 3 Functionality
1.3 L2/3 Features Unique to the L2-7 GbESM
The features described in this section are not available on GbESM L2/3 as of release 1.0.1.1. Please check for
information about the latest firmware release.
1.3.1
Default Gateway Load Balancing
On GbESM L2-7, Default Gateways 1 through 4 are used for load-balancing session requests. There is no loadbalancing functionality within this feature in GbESM L2/3.
1.3.2
IP forwarding Per Interface
IP forwarding can be enabled and disabled per interface on GbESM L2-7.In GbESM L2/3, IP forwarding is a
global configuration parameter only.
1.3.3
Switch IP address via BOOTP
If available on your network, a BOOTP server can supply the switch with IP parameters so that you do not have to
enter them manually.
Blade Server Switching - GbESM
- 10 -
Comparison of Layer 2/Layer 3 Functionality
2 Configuration Commands
The following commands reflect the changes outlined in the earlier sections.
Feature
GbESM L2-7
GbESM L2/3
Local Network
-
/cfg/l3/frwd/local
IGMP Snooping
/cfg/l3/igmp/robust
/cfg/l3/igmp/snoop/robust
/cfg/l3/igmp/qinterval
/cfg/l3/igmp/snoop/timeout
/cfg/l3/igmp/qmrt
/cfg/l3/igmp/snoop/mrto
/cfg/l3/igmp/on
/cfg/l3/igmp/snoop/ena
/cfg/l3/igmp/off
/cfg/l3/igmp/snoop/dis
/cfg/l3/igmp/cur
/cfg/l3/igmp/snoop/cur
/cfg/l3/igmp/snoop/add
/cfg/l3/igmp/snoop/rem
/cfg/l3/igmp/snoop/clear
-
/maint/igmp/snoop
/maint/igmp
/maint/igmp/mrouter
-
Management
Network
/cfg/sys/access/mnet
/cfg/sys/access/mmask
/cfg/sys/access/mgmt/add
/cfg/sys/access/mgmt/rem
/cfg/sys/access/mgmt/cur
Trunk Hash
/cfg/l2/thash/l2
/cfg/l2/thash/set
/cfg/l2/thash/l3
-
Jumbo Frame
Support
/cfg/l2/vlan/jumbo
-
ARP
/maint/arp/add
/cfg/l3/arp/static/add
/maint/arp/del
/cfg/l3/arp/static/del
/main/arp/find/rfpt
-
-
/cfg/l3/arp/rearp
Default Gateway
/cfg/l3/metrc
-
RIP
/cfg/l3/rip1/updat
/cfg/l3/rip/update
/cfg/l3/rip1/spply
/cfg/l3/rip/if/supply
/cfg/l3/rip1/deflt
/cfg/l3/rip/if/default
/cfg/l3/rip1/statc
-
/cfg/l3/rip1/vip
-
/cfg/l3/rip1/poisn
/cfg/l3/rip/if/poison
/cfg/l3/rip1/on
/cfg/l3/rip/on
Blade Server Switching - GbESM
- 11 -
Comparison of Layer 2/Layer 3 Functionality
Feature
GbESM L2-7
GbESM L2/3
/cfg/l3/rip1/off
/cfg/l3/rip/off
/cfg/l3/rip1/cur
/cfg/l3/rip/current
-
/cfg/l3/rip/if/version
-
/cfg/l3/rip/if/listen
-
/cfg/l3/rip/if/poison
-
/cfg/l3/rip/if/trigg
-
/cfg/l3/rip/if/mcast
-
/cfg/l3/rip/if/metric
-
/cfg/l3/rip/if/auth
-
/cfg/l3/rip/if/key
-
/cfg/l3/rip/if/enable
-
/cfg/l3/rip/if/disable
-
/cfg/l3/rip/if/current
BOOTP
/cfg/sys/bootp
-
Miscellaneous
/maint/image/lsdmp
-
Blade Server Switching - GbESM
- 12 -
Comparison of Layer 2/Layer 3 Functionality
3 References
1. Nortel Networks Layer 2-7 GbE Switch Module Application Guide
Part number 25K9199
http://www.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-53098
2. Nortel Networks Layer 2-7 GbE Switch Module Command Reference
Part number 25K9198
http://www.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-53101
3. Nortel Networks Layer 2-3 GbE Switch Module Application Guide
Part number 59P4392
http://www.ibm.com/support/docview.wss?rs=113&uid=psg1MIGR-58325
4. Nortel Networks Layer 2-3 GbE Switch Module Command Reference
Part number 59P4353
http://www.ibm.com/support/docview.wss?rs=113&uid=psg1MIGR-58326
Blade Server Switching - GbESM
- 13 -
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement