Category Archives: HP Networking

FRR with BFD for route failover via different paths on HP 5820 (Comware5)

Posted on by
Reply

HP 5820 (running Comware5 OS) does support fast reroute (FRR) & bidirectional forwarding detection (BFD) feature like Cisco, Juniper and others. Recently I have implemented FRR & BFD with static routes to get route protection/detour to a destination network via different paths on HP5820.

Before come across FRR & BFD – I was looking for a solution that could do tracking of next-hop address in-case of primary link failure and detour the same route through an alternative path using static routes. As the network got multi-vendor devices – a good IGP protocols might not work properly over IPsec VPN tunnel (few latest products does support this although); that’s why I was looking to get this done through static routes. A lot of documents mentioned FRR as a feature of MPLS – this works fine on non-MPLS environment as well.

The next-hope address tracking was done by using BFD (bidirectional forwarding detection) – this is a super fast compared to IGP hello intervals. Default BFD check interval is 50ms. However, BFD is not suitable for slow speed & higher latency network.

Here is the network topology –

FRR-Topology

In this topology –

a. Primary connectivity between Site-A and Site-B is dark optical fiber link – which provides full wire speed.

b. In case optical fiber fail – the Site-A and Site-B connectivity must go through site to site IPsec VPN over the Internet.

The configurations are following –

a. Site-to-site IPsec VPN been established (omitted)

b. IP address configurations have been done on vlan interfaces on both Site-A & Site-B switches (omitted).

c. Configurations on Site-A HP5820-SW01-

#configure BFD (bidirectional forwarding detection) source to track next-hop IP address
bfd echo-source-ip 172.16.10.1

##define the primary route to Site-B via optical fiber – static route
ip route-static 2.2.2.0 255.255.255.0 Vlan-interface10 172.16.10.2

##define Site-B network prefix to be used in the route policy
ip ip-prefix site-b-prefix 10 permit 2.2.2.0 24

##define route-policy to route to Site-B via IPsec VPN as backup route
route-policy site-a-frr permit node 10
   if-match ip-prefix site-b-prefix
   apply fast-reroute backup-interface Vlan-interface20 backup-nexthop 172.16.20.2

##configure the backup next hop static route
ip route-static fast-reroute route-policy site-a-frr

d. Configurations on Site-B HP5820-SW02-

#enable BFD (bidirectional forwarding detection) source to track next-hop IP address
 bfd echo-source-ip 172.16.10.2

##define the primary route to Site-A via optical fiber
ip route-static 1.1.1.0 255.255.255.0 Vlan-interface10 172.16.10.1

##define Site-B network prefix to be used in route policy
ip ip-prefix site-a-prefix 10 permit 1.1.1.0 24

##define route-policy to route to Site-B via IPsec VPN as backup route
route-policy site-b-frr permit node 10
   if-match ip-prefix site-a-prefix
   apply fast-reroute backup-interface Vlan-interface30 backup-nexthop 172.16.30.2

##configure the backup next hop static route
ip route-static fast-reroute route-policy site-b-frr

That’s all for the configurations!

Let’s verify the configuration –
#display bfd session      ;this will display tracking of next-hop

If the state is DOWN – “backup next-hop” will become the active route

BFD-Sessions

#display ip routing-table 2.2.2.0 verbose                             ;on HP5820-SW01

#display ip routing-table 1.1.1.0 verbose                             ;on HP5820-SW02

FRR-RoutingTable

This will display both NextHop and BackupNextHop for the same destination.

Enable SSH on HP ProCurve 6600 series switch

Posted on by
Reply

HP ProCurve 6600 runs “ProVision” network operating system. ProVision command syntaxes are pretty much similar to Cisco IOS commands.

Following are commands to enable SSH on a ProCurve 6600 series –

First create local user account on the switch; command is –

#password manager user-name admin; this will prompt to enter password

Generate crypto keys for SSH server; command is –

#crypto key generate ssh

Enable SSH service; command is –

#ip ssh

To check SSH service status, enter the following command –

#show ip ssh

hp-6600-ssh

To restrict access to SSH (or local services on the switch), configure authorised manager IP address; command is –

#ip authorized-managers IP_Address

That’s all.

HP 5820 LACP (802.3ad) with non-HP (Cisco, F5 and others)

Posted on by
Reply

HP 5820-24XG-SFP+ is a 24 port 10GB SFP+ Layer 3 enterprise and carrier grade Ethernet switch. This is running Comware5 network operating system. This switch is actually manufactured by H3C.

HP 5820 series LACP (802.3ad) link aggregation is called “Bridge-Aggregation” interface. The configuration is pretty much similar to Cisco EtherChannel.

I will discuss two things here–

(a). how to configure link-aggregation between HP and non-HP (Cisco, F5, Juniper) devices.

(b). how to configure link-aggregation between HP and HP (HP ProCurve ProVision, Comware5/7, HP SAN).

Following are configuration commands to create LACP between HP and non-HP devices –

(a). Enter the following command on the HP switch to create bridge-aggregation interface

(trunk/tagged vlan interface example)

interface Bridge-Aggregation1
 description “LACP Trunk goes to a non-HP device”
 port link-type trunk
 port trunk permit vlan all ;this can be limited to user define VLANs only 
 link-aggregation mode dynamic  ;for non-HP mode dynamic is require

(access port example)

interface Bridge-Aggregation2
 description “LACP access goes to a non-HP device”
 port access vlan 100
 link-aggregation mode dynamic  ;for non-HP mode dynamic is require

After define bridge aggregation interface – you need to add physical interfaces to it. Physical interface should inherit all the parameters configured on the bridge-aggregation interface.

Make sure physical interfaces are configured with “default” settings only before put them to a bridge-aggregation group to get settings auto inherited. Otherwise you need to specify “link-type” and “permit vlan” parameters once again on all the member physical interfaces.

interface Ten-GigabitEthernet1/0/22
   port link-mode bridge
   description “this interface is a member of bridge-aggregation 1”
   port link-type trunk
   port trunk permit vlan all
   port link-aggregation group 1

interface Ten-GigabitEthernet2/0/22
   port link-mode bridge
   description “this interface is a member of bridge-aggregation 1”
   port link-type trunk
   port trunk permit vlan all
   port link-aggregation group 1

Once done – you should be able to see aggregated bandwidth on the “Bridge-Interface”.

Do a “#display interface Bridge-Aggregation 1

Screenshot of a two 10Gbps LACP interface (20Gbps aggregated) –

5820-LACP

(b). For LACP between HP and HP devices enter all the above commands except “link-aggregation mode dynamic”.

HP ProCurve 6600 series firmware upgrades using USB flash drive

Posted on by
Reply

Firmware upgrade on a HP ProCurve 6600 series (24g-4xg or 48g-4xg or 24xg) can be done in several ways, here I will cover upgrading firmware using USB stick.

HP 6600 series always keep two boot images on the flash – (i)primary boot image and (ii)secondary boot image; by default switch boot from the primary. During new firmware upgrade the system automatically take a backup of primary image and copy this to the secondary – so no worry; if you messed up with firmware upgrade you can tell the system to boot from secondary (which is you current good one in fact).

Also firmware upgrade process will keep a backup of your “configurations” in the switch – however it is recommended you should take copy of the same before start upgrade process.

1. Download the latest firmware from HP My Networking site – https://h10145.www1.hp.com/downloads/ProductsList.aspx?lang=&cc=&prodSeriesId=

The latest firmware as of today (June 2014) is K.15.13.0005. The firmware file is a “.swi” extension file. Copy this file onto a USB flash drive (do not put this in a sub directory). Before the upgrade make sure which version is you are currently running; the command is “#show flash” – screenshot –

HP-6600-firmware-1

2. Insert the USB stick to the switch; the switch will automatically mount the USB. Do a “#show flash” to see the firmware file visible on the switch.

3. Once you see the firmware file on the switch – let’s start firmware upgrade process. Copy the firmware file to primary flash. The command and screenshot following –

#copy usb flash K_15_13_0005.swi primary

HP-6600-firmware-2

4. Once the copy is finish make sure your primary flash is showing the latest version; the command is “#show flash” again –

HP-6600-firmware-3

(now primary and secondary version are different)

5. Optional – you might need to tell the switch to boot from the primary image; command is “#boot system flash primary” – screenshot following –

HP-6600-firmware-4

The switch will reboot during firmware upgrade.

Once all above are done – do a “#show flash” to confirm the switch is running with the latest firmware.