Setting up CUCM in VMware workstation – part 2

In part one we seen how to configure GNS3, to integrate the router with the virtual environment that we would be running in VMware. Next, would be the creation of VMware machine.

Initially you would require the ISO image of the CUCM. The process is rather simple, to install CUCM the required hardware is:

Ram: 2GB, Harddisk: 80GB, CPU:1. Click on the image below, as it would open photobucket and the other stream of pics can be seen from there.

Figure 1: Start screen

To have a functioning CUCM VM, you should choose Workstation 6.5-7.x, as CUCM will work with ESX 4.x only. I ran with all sort of problems with ESX5 only (workstation 8).

Figure 2: Workstation 6-7.x

Before finalizing the Setup, select Customize Hardware.

Figure 3: Customize Hardware

At this point, choose the network that you have connected the GNS3 with. In my case i have setup VMnet 8, as seen in figure 4.

Figure 4: Choosing the correct network

The ISO which was downloaded will run Unity Server too, the only difference between the two components are the hardware requirements.

Unity will require: RAM: 4GB, Harddisk: 160GB, CPU: 1. The rest of steps would be the same.

This conclude the setup steps to configure the Virtual Machine. Once that is done, we would proceed with the installation of CUCM.

Setting up CUCM in VMware workstation – part 1

Although setting up Cisco Unified Communication Manager (CUCM) in VMware is pretty easy and straight forward, I had to struggle to get it up and running. Partially cause i was creating the VM wrongly. In this series, I would show the steps required to install CUCM. As a prerequisite to have a fully operational CUCM is:

1- ISO image of CUCM, it can be found at www.cisco.com

2- VMware workstation, as it is the compatible virtualization tool.

3- GNS3 with a router IOS.

For the setup of CUCM there are few components that are required, there is the essential part that without it CUCM will not install. It is NTP. We would use GNS3, to connect the CUCM to Router with NTP configurations on it. Figure one shows the essential configurations, and the connectivity.

Figure 1: GNS3

The Cloud would be configured with port that is connecting to the VMware network. Alternately, a Windows Server can be installed in VMware, configured as Domain Controller, DNS server, and NTP server.

Second component that might require is DNS. While configuring CUCM there is the option of installing DNS client, if you isntall it. then the hostname of CUCM should be resolvable. For this tutorial i have not done that. Although, for a real practice it is best to configure the Windows Server. As other operations can be practiced as well. Such as user authentications, and user related activities.

In part two, We would look into how to create the VMware machine, as that is the second step. Mistakes in creating the VM is equal to many hours wasted in trial and error solution.

Server NIC teaming to multiple switches

Server network redundancy been a hot topic for a while now. It is an ideal situation when we imagine that a server can be connected to multiple switches, with multiple links to provide higher bandwidth, and fault tolerance.

But doing so, creates multiple challenges from both the network and the servers.   Simply to put it, there is no protocol that can run between server and switches so that it can be spanning-tree loop free. If we use LACP, to connect two switches, Server will not have any issue, but the network will break with mac address flaps. If we connect the server with LACP to single switch, the bandwidth will increase , but fault tolerance will be lost.

Cisco has their answer to this solution by providing the VSS with Catalyst 6500 where two switches become one, and the Nexus Switches with the VPC.

Another  solution to this scenario, is using Advance Networking Services from Intel.  They have incorporated many modes of load balancing. The mode that interest us is Switch Fault Tolerance ”SFT”.

Switch Fault Tolerance ”SFT”

It uses two adapters to connect to to switches. Only the Primary link will be active, and in case of link, adapter failure, second adapter will take the active role. Uses two adapters connected to two switches to provide a fault tolerant network connection in the event that the first adapter, its cabling or the switch fail. Only two adapters can be assigned to an SFT team.

Figure 1: SFT Network Settings

The image shows the basic configuration. Switches will be configured with portfast and LACP in dynamic mode. The switch uplinks will have STP running. When operational, the Etherchannel will have single link being utilized, while second will be on standby.

Providing the virtual switching solution, such as VSS, VPC, is still the best solution for providing high bandwidth and fault tolerance.

How to configure On-Demand Routing in Cisco routers?

On-Demand Routing (ODR) is one of the few simple routing methods. It is not a protocol by itself as it uses Cisco Discovery Protocol (CDP) to gather and propagate the route information.

ODR is designed for Hub-spoke networks, where the spokes are stub networks with nothing connecting them. As ODR is not a protocol to propagate routes to different routers.

Enabling ODR in the HUB router, the HUB router will install a default route into each Spoke router. This will eliminate the need for manual static route in each spoke router.  The Spoke routers will send the prefixes  to the HUB router. Prefixes insure that these routes are Variable Length Subnet Mask (VLSM). Furthermore, ODR routes can be redistributed into dynamic IP protocols.

For the above diagram. the required configuration would be

R2#conf t
R2(config)#router odr
R2(config)#router ospf 1
R2(config)#redistribute odr subnets

It really is straight forward. Hope this was informative.

How to configure VSS?

Virtual Switching System (VSS) was one of the early technologies that introduced in the datacenter world to eliminate spanning tree protocol (STP). Thus, giving networks and servers multiple active links with non-blocking ports architecture.

The configurations are quite simple and straight forward. First, VSS domain, assign priority for the primary switch to be the master. Second, create the Virtual Switching Link (VSL). It is basically an etherchannel. Lastly, convert the switch from standalone to virtual switch.

Lets see the configurations.

 Switch 1

switch virtual domain 10
switch mode virtual
switch 1 priority 150
mac-address use-virtual

Switch 2

switch virtual domain 10
switch mode virtual
switch 2 priority 100
mac-address use-virtual

the Portchannel configurations

Swtich 1

!
interface Port-channel11
description >>>>> ISL on SWITCH1 <<<<<
no switchport
no ip address
switch virtual link 1
mls qos trust cos
no mls qos channel-consistency
!

Switch 2

interface Port-channel22
description >>>>> ISL on SWITCH2 <<<<<
no switchport
no ip address
switch virtual link 2
mls qos trust cos
no mls qos channel-consistency

adding interfaces to the port channels

Switch 1

interface TenGigabitEthernet1/5/5
description —->ISL LINK
no switchport
no ip address
mls qos trust cos
channel-group 11 mode on
end
interface TenGigabitEthernet1/5/4
description —->ISL LINK
no switchport
no ip address
mls qos trust cos
channel-group 11 mode on
end

Switch 2

interface TenGigabitEthernet1/5/5
description —->ISL LINK
no switchport
no ip address
mls qos trust cos
channel-group 22 mode on
end
interface TenGigabitEthernet1/5/4
description —->ISL LINK
no switchport
no ip address
mls qos trust cos
channel-group 22 mode on
end

lastly, converting into virtual switch system

switch 1

switch convert mode virtual

Switch 2

switch convert mode virtual

Done. wait for the switches to reload. it takes a while. sometimes upto 10 min for the VSS to be in full operational state. I would write other entries on the operation of VSS, and how SUP failures or chassis failures affect the operation of the VSS.

Lets see the state of our VSS

#show redundancy
Redundant System Information :
——————————
Available system uptime = 3 weeks, 2 days, 15 hours, 58 minutes
Switchovers system experienced = 0
Standby failures = 0
Last switchover reason = none

Hardware Mode = Duplex
Configured Redundancy Mode = sso
Operating Redundancy Mode = sso
Maintenance Mode = Disabled
Communications = Up

Current Processor Information :
——————————-
Active Location = slot 1/5
Current Software state = ACTIVE
Uptime in current state = 3 weeks, 2 days, 15 hours, 57 minutes
Image Version = Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI8a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Sat 03-Dec-11 07:53 by prod_rel_team
BOOT =
Configuration register = 0×2102

Peer Processor Information :
—————————-
Standby Location = slot 2/6
Current Software state = STANDBY HOT
Uptime in current state = 3 weeks, 2 days, 15 hours, 53 minutes
Image Version = Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI8a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Sat 03-Dec-11 07:53 by prod_rel_team
BOOT =
Configuration register = 0×2102

This was successful configurations, as our VSS is up, and showing the standby peer as well.

The highlight of Cisco Connect 2013 Saudi Arabia

I had the opportunity to attend Cisco Connect 2013, It was a two day conference at the Four Seasons Hotel in Riyadh, with multiple sessions of talks, presentations, and technology demonstrations.

Event Organization

There were plenty of partner booths showing various Cisco and Cisco partner components, but the space felt crowded. The hall was big, with enough space for walking and meeting up with people. Although I didn’t like how the coffee and drinks time was very restrictive.

Talks

The talks were all very informative. The keynote was the highlight, Duncan, Dan, and Rabih made a very interesting presentation. I would say that I enjoyed it thoroughly. The other talks were interesting as well. I give it to Cisco to give interesting talks.

Technology

We saw a new networking device. The Unified Access Switch. It is a switch that give connectivity for the wired and wireless. It is a Switch and a controller. I would say that switch 3850 is the go switch to install at the edge of network. To this day, no competitor has came up with something even remotely similar to this. I would talk about this switch in details in coming days.

Identity Services Engine (ISE) +BYOD was the second highlight. With a live demonstration how BYOD can be added to the enterprise network with the right security policies applied through a single interface. I did like how Cisco are trying to integrate their management solutions, and easing the network and security operations with Prime + ISE.

Overall, the event was successful, entertaining and informative. We saw new technologies, how Cisco is adapting to changes in the networking field,  A killer switch 3850 which was being sold at the price of 3750X, and ISE with adaptability to observe the BYOD movement.

Passed CCIE R&S

I’m really glad to say that i have passed the lab exam. I would really have to say that the journey was not short, nor it was easy.

I would really have to thank INE for providing the best materials out there for any CCIE candidates. They really do provide that technical depth, the speed, and qualities that are required to pass this exam.

Well, since that is done. I would certainly take a small break from studying. GNS3, Real Routers became my best friends for the past 15 months.

How to update FWSM to 4.1?

Cisco FWSM’s image/ios version 4.1 was mainly intended to solve compatibility issues with the 6500 VSS. the update process is pretty simple and straight forward. download the ios into TFTP server, it is preferred that the ios image is in the root directory. type the following command

copy tftp://server[/path]/filename flash:[image]

So, assuming server ip is 10.1.1.1 and directory is root. file name is fwsm-ios-4.1 the command would be 

copy tftp://10.1.1.1/fwsm-ios-4.1.bin flash:image

is this the only way to write that command? simple answer is no. But this is the most effective and working way. 

We had to FWSM, one was upgraded the convintional way:

copy tftp flash
Address or name of remote host []? 10.1.1.1
Source filename []? fwsm-ios-4.1.bin
Destination filename [test]?image

to our surprise, it worked only in one FWSM. the second FWSM, will not take the image. it had errors copying, saving, and things just didn’t work. lastly, we followed the one line syntax. and it worked!!

New Datacenter Network Design Proposal

I have mentioned the DC design that was at hand, A new network design was proposed to tackle the issues. Figure below shows the proposed design. The benefits of such design are:

Image: DC design based on VSS

1-      Virtual Switching System (VSS)

• With VSS, the two 6500 will become one.
• This will make both 6500 active in same time, increasing the network bandwidth for all servers and applications.
• This design will eliminate STP.

2-      User Vlans terminated at MSFC

• This will reduce the operational and management task. It will keep the network simple, yet the Data Center will be secured by the FWSM.
• Dynamic routing can be used between the MPLS routing, Core (6500), and future distribution switches that can/should be introduced to follow the standard hierarchy network design.

New Datacenter Network Design

I’ve came upon a network design for data center. While the physical infrastructure consisted of the latest technology,  it had “flaws” in the technical side of  it. The figure blew shows the connectivity.

Image: DC Network Design

From the diagram, we found the following observations.

1- Two MSFC (SUP engine) in each 6500.

• Since all servers are connected two different Chassis (6500), there was no need for redundant (SUP). This is extra redundancy that has no benefit, but only cost of running and purchasing. Redundant SUP are used in scenarios with a single chassis.
• The probability of two SUPs going down is very very low from the manufacturing point of view. It has higher probability in going down in case of fire or loss electricity, then even the Second Chassis with 2 SUPs will go down.

2- Using Static Routing.

• Static routes are not Scalable, not Flexible, not simple, don’t provide high availability. These are major issues that need to be handle when making a new network design. Dynamic routing is a MUST.
• Only when dynamic routing a high available and redundant paths can be utilized.

3- Using Spanning Tree Protocol (STP)

• No new data Center based on STP. All new data center technologies from CISCO, HP, JUNIPER, and BROCADE are going away from STP.
• STP will always have links not utilized. As STP works by “blocking” ports. Hence, all networking components and servers will be running with the half networking capacity.

4- Terminating user Vlans at FWSM (firewall)

• Although this is good for security, it has many issues when it comes to scalability, management, and operation.
• The Server Farm is protected by FWSM, user Vlans are not required to be controlled.
• Referring to point one. The two MSFC (SUP) will not be utilized at all! The 6500 will be used as a giant firewall. If, this is the case. Then there was no requirement to purchase 6500 in first place. Any cheap Cisco 2960 will do the job.

These are the points that i did not like from the design. to tackle this, I would propose my own design that would make better use of the links and hardware in questions.