FabricPath
To start with, let me first point out the limitations of STP and why the need of new technology. (Assuming you already have basic understanding of how STP works.)
Spanning Tree Protocol:
- STP is a Layer 2 protocol running on Bridges / Switches and is specified as IEEE 802.1D.
- It ensures that there are no loops when you have redundant paths in the network.
- However in the process, one of the link is blocked and does not participate in forwarding until unless active link has failed. So one link is not even being utilized and cant be used for ECMP even if one link is congested.
- Apart from ECMP disability, poor convergence and unnecessary MAC flooding are also the disadvantages of STP.
- As every link counts in the Data Center environment and cannot afford getting one of the link being overutilized when another link is lying down without any traffic.
Fabricpath is a Layer 2 routing also known as MAC-in-MAC routing. IS-IS is run in the background to maintain the control plane for Unicast and BUM (Broadcast, unknown unicast and multicast) traffic.
** You must have an F Series module installed in your Nexus 7000 Series chassis in order to run FabricPath and conversational learning.
FabricPath Terminology
Classic Ethernet – By default Vlan mode is CE, until unless fabricpath is not configured. It runs traditional STP
Leaf Switch – This is the edge switch that connects to the CE domain, everything connects to the leaf switches.
Spine Switch – This is the backbone switch, all ports are fabricpath ports.
FabricPath Core Ports – Ports that connects the leaf switches to the spine or the spine switches to each other.
CE Edge Ports – Ports that connect the CE domain to the Leaf switches.
The FabricPath feature provides the following:
- Allows Layer 2 multipathing in the FabricPath network.
- Provides built-in loop prevention and mitigation with no need to use the Spanning Tree Protocol (STP).
- Provides a single control plane for unknown unicast, unicast, broadcast, and multicast traffic.
- Enhances mobility and virtualization in the FabricPath network.
- When a frame enters the FabricPath network from a Classical Ethernet (CE) network, the ingress interface encapsulate the frame with a FabricPath header.
- The system builds paths, called trees, through the FabricPath network and assigns a forwarding tag (FTag) by flow to all the traffic in the FabricPath network.
- When the frame leaves the FabricPath network to go to a CE network, the egress interface decapsulates the frame and leaves the regular CE header.
- The underlying protocol is IS-IS which is used to advertise the routes from Leaf to Leaf via Spines. This is completely different from Layer-3 ISIS routing protocol. No configuration is required to run Layer-2 ISIS. It is automatically triggered once fabricpath is configured on the interface.
The type of MAC address learning (Traditional or Conversational) is dependent on the VLAN configuration.Each interface only learn those MAC address for interested hosts, rather all the addresses in the domain.If a switch receives a frame and that destination address is known to the switch, in that case only it will learn the source MAC address and store it in table.This saves the CAM resources and optimizes the control plane.
Topology used:
Steps:
1. Activate the feature fabricpath on all the devices:
Spine-1(config)# install feature-set fabricpath
Spine-1(config)# feature-set fabricpath
Spine-2(config)# install feature-set fabricpath
Spine-2(config)# feature-set fabricpath
Leaf-1(config)# install feature-set fabricpath
Leaf-1(config)# feature-set fabricpath
Leaf-2(config)# install feature-set fabricpath
Leaf-2(config)# feature-set fabricpath
2. Once the fabricpath is installed, auto generated switch id is assigned to the device. This is a 12-bit address dynamically assigned via DRAP (Dynamic Resource Allocation Protocol), which is used for identifying the switch in the FabricPath domain.
Spine-1(config)# show fabricpath switch-id local
Switch-Id: 2316System-Id: 5001.0001.002f
Spine-2(config)# show fabricpath switch-id local
Switch-Id: 2544System-Id: 5001.0002.002f
Leaf-1(config)# show fabricpath switch-id local
Switch-Id: 267System-Id: 5001.0003.002f
Leaf-2(config)# show fabricpath switch-id local
Switch-Id: 1196System-Id: 5001.0004.002f
The system-id is the MAC address of the switch. In order to easily identify the switch in network, we generally do manual assignment for the switch-id.
** Assigned Switch-Id 1 to Spine-1 **
Spine-1(config)# fabricpath switch-id 1Spine-1(config)# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: ‘*’ – this system
‘[E]’ – local Emulated Switch-id
‘[A]’ – local Anycast Switch-id
Total Switch-ids: 1
=======================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED/ANYCAST
————–+—————-+————+———–+——————–
* 1 5001.0001.002f Primary Confirmed Yes No >>>>> * means this is the local switch
Spine-2(config)# fabricpath switch-id 2
Leaf-1(config)# fabricpath switch-id 3
Leaf-2(config)# fabricpath switch-id 4
3. Configure interfaces to work in fabricpath switchport mode. Once you enable this, ISIS will automatically run between devices and we can see adjacencies being formed.
Spine-1# sh run int e2/1-2
interface Ethernet2/1
switchport
switchport mode fabricpathno shutdown
interface Ethernet2/2
switchport
switchport mode fabricpath
no shutdown
Spine-1# sh run int e2/4
interface Ethernet2/4
switchport
switchport mode fabricpath
no shutdown
Spine-1# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
Leaf-1 N/A 1 UP 00:00:25 Ethernet2/1
Leaf-2 N/A 1 UP 00:00:24 Ethernet2/2
Spine-2 N/A 1 UP 00:00:25 Ethernet2/4
Spine-2# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
Leaf-1 N/A 1 UP 00:00:22 Ethernet2/1
Leaf-2 N/A 1 UP 00:00:28 Ethernet2/2
Spine-1 N/A 1 UP 00:00:25 Ethernet2/4
Leaf-1# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
Spine-1 N/A 1 UP 00:00:25 Ethernet2/1
Spine-2 N/A 1 UP 00:00:27 Ethernet2/2
Leaf-2 N/A 1 UP 00:00:24 Ethernet2/5
Leaf-2# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
Spine-1 N/A 1 UP 00:00:29 Ethernet2/1
Spine-2 N/A 1 UP 00:00:31 Ethernet2/2
Leaf-1 N/A 1 UP 00:00:25 Ethernet2/5
4. Now as the adjacency is formed, we can see the neighbor’s switch-id as well:
Spine-1# show fabricpath switch-id
FABRICPATH SWITCH-ID TABLE
Legend: ‘*’ – this system
‘[E]’ – local Emulated Switch-id
‘[A]’ – local Anycast Switch-id
Total Switch-ids: 4
==========================================================
SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED/ANYCAST
————–+—————-+————+———–+——————–
* 1 5001.0001.002f Primary Confirmed Yes No
2 5001.0002.002f Primary Confirmed Yes No
3 5001.0003.002f Primary Confirmed Yes No
4 5001.0004.002f Primary Confirmed Yes No
Spine-2# show fabricpath switch-id
1 5001.0001.002f Primary Confirmed Yes No
* 2 5001.0002.002f Primary Confirmed Yes No
3 5001.0003.002f Primary Confirmed Yes No
4 5001.0004.002f Primary Confirmed Yes No
Leaf-1# show fabricpath switch-id
1 5001.0001.002f Primary Confirmed Yes No
2 5001.0002.002f Primary Confirmed Yes No
* 3 5001.0003.002f Primary Confirmed Yes No
4 5001.0004.002f Primary Confirmed Yes No
Leaf-2# show fabricpath switch-id
1 5001.0001.002f Primary Confirmed Yes No
2 5001.0002.002f Primary Confirmed Yes No
3 5001.0003.002f Primary Confirmed Yes No
* 4 5001.0004.002f Primary Confirmed Yes No
5. Now as all the interfaces are running fabricpath, we see that traditional STP does not exist on switches.
Spine-1# show spanning-tree
No spanning tree instance exists.
Spine-1#
Spine-2# show spanning-tree
No spanning tree instance exists.
Spine-2#
Leaf-1# show spanning-tree
No spanning tree instance exists.
Leaf-1#
Leaf-2# show spanning-tree
No spanning tree instance exists.
Leaf-2#
6. Configure VLAN on all boxes to work in fabricpath mode.
Spine-1(config)# vlan 10,20
Spine-1(config-vlan)# mode fabricpath
Spine-1# show vlan
VLAN Name Status Ports
— ——————————– ——— ——————————-
1 default active
10 VLAN0010 active Eth2/1, Eth2/2, Eth2/4
20 VLAN0020 active Eth2/1, Eth2/2, Eth2/4
VLAN Type Vlan-mode
—- —– ———-
1 enet CE
10 enet FABRICPATH20 enet FABRICPATH
Routing in Fabricpath:
Spine-1# show fabricpath route
FabricPath Unicast Route Table
‘a/b/c’ denotes ftag/switch-id/subswitch-id‘[x/y]’ denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default
0/1/0, number of next-hops: 0
via —- , [60/0], 0 day/s 02:41:19, local
1/2/0, number of next-hops: 1 >>>>>>>>>>>>>>>>>>>. Ftag-1, SwitchId – 2, SubSwitchId-0via Eth2/4, [115/400], 0 day/s 00:23:25, isis_fabricpath-default
1/3/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:24:32, isis_fabricpath-default
1/4/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:12:05, isis_fabricpath-default
Spine-2# show fabricpath route
0/2/0, number of next-hops: 0
via —- , [60/0], 0 day/s 02:40:53, local
1/1/0, number of next-hops: 1
via Eth2/4, [115/400], 0 day/s 01:12:52, isis_fabricpath-default
1/3/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:24:11, isis_fabricpath-default
1/4/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:11:46, isis_fabricpath-default
Leaf-1# show fabricpath route
0/3/0, number of next-hops: 0
via —- , [60/0], 0 day/s 00:27:41, local
1/1/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:23:39, isis_fabricpath-default
1/2/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:22:48, isis_fabricpath-default
1/4/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 00:11:29, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 00:11:29, isis_fabricpath-default
Leaf-2# show fabricpath route
0/4/0, number of next-hops: 0
via —- , [60/0], 0 day/s 00:11:43, local
1/1/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:10:52, isis_fabricpath-default
1/2/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:10:52, isis_fabricpath-default
1/3/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 00:10:52, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 00:10:52, isis_fabricpath-default
ISIS topology:
Spine-1# show fabricpath isis topology summary
FabricPath IS-IS Topology Summary
Fabricpath IS-IS domain: default
MT-0
Configured interfaces: Ethernet2/1 Ethernet2/2 Ethernet2/4
Max number of trees: 2 Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f
Spine-2# show fabricpath isis topology summary
MT-0
Configured interfaces: Ethernet2/1 Ethernet2/2 Ethernet2/4
Max number of trees: 2 Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f
Leaf-1# show fabricpath isis topology summary
MT-0
Configured interfaces: Ethernet2/1 Ethernet2/2
Max number of trees: 2 Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f
Leaf-2# show fabricpath isis topology summary
MT-0
Configured interfaces: Ethernet2/1 Ethernet2/2
Max number of trees: 2 Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f
FP switches share the common bridge id 32778 c84c.75fa.6000. Leafs must have same priority if connected to same CE segment. Mismatch priority can result in root inconsistent. STP is not propagated towards Fabricpath network.
Leaf-1# show spanning-tree vlan 10 root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
—————- ——————– ——- —– — — —————-
VLAN0010 32778 c84c.75fa.6000 0 2 20 15 This bridge is root
Leaf-1# show spanning-tree vlan 20 root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
—————- ——————– ——- —– — — —————-
VLAN0020 32788 c84c.75fa.6000 0 2 20 15 This bridge is root
Leaf-2# show spanning-tree vlan 10 root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
—————- ——————– ——- —– — — —————-
VLAN0010 32778 c84c.75fa.6000 0 2 20 15 This bridge is root
Leaf-2# show spanning-tree vlan 20 root
Root Hello Max Fwd
Vlan Root ID Cost Time Age Dly Root Port
—————- ——————– ——- —– — — —————-
VLAN0020 32788 c84c.75fa.6000 0 2 20 15 This bridge is root
Leaf-2#
MAC Address Table:
Leaf-2# show system internal l2fwder mac/Show mac address-table
Stl Static BD MAC-Address FTAG.Sid/L2_Intf GM Type Age
—|——|—–|——————|—————-|—|—–|———|
0 0 20 aa:bb:cc:00:71:10 1, 3 0 0 00:00:50* —————–> 1 is ftag and 3 is switch-id0 0 20 aa:bb:cc:00:51:10 Eth2/4 0 0 00:09:27*
0 0 10 aa:bb:cc:00:71:00 Eth2/3 0 0 00:24:54*
0 1 20 50:01:00:04:00:2f sup-eth1 1 0 00:24:25
0 1 10 50:01:00:04:00:2f sup-eth1 1 0 00:24:31
Now it will check the routing table on where to forward this switch-id:
Leaf-2# show fabricpath route switchid 3
FabricPath Unicast Route Table
‘a/b/c’ denotes ftag/switch-id/subswitch-id
‘[x/y]’ denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default
1/3/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 00:27:03, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 00:27:03, isis_fabricpath-default
Fabricpath Multidestination Tree:
Ftag is used for Multidestination trees . Each tree is assigned a network-wide identity, known as an FTAG.
The first tree is used to handle broadcast and unknown unicasts, the second tree is used to handle multicast traffic.
Leaf-2# show fabricpath isis topology summary
FabricPath IS-IS Topology Summary
Fabricpath IS-IS domain: default
MT-0
Configured interfaces: Ethernet2/1 Ethernet2/2
Max number of trees: 2 Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0004.002f, 4
Tree id: 2, ftag: 2, root system: 5001.0003.002f, 3
Ftag Proxy Root: 5001.0004.002f
Tree 1 = FTAG 1 = Broadcast and unknown unicastTree 2 = FTAG 2 = Multicast
From the output above, we can see that SID 4 has been chosen as the root for Tree 1, and SID 3 has been chosen as the root for Tree 2.
So, Spine-1 is the root for Broadcast and unknown unicast. Spine-2 is the root for Multicast traffic.
Once the frame is received at CE port, it checks the destination MAC address and based on the type of traffic, frame is encapsulated in Fabricpath Header with Outer Source Address (OSA) as Source Switch Id and Outer Destination Address (ODA) as Destination Switch ID. The Ether type is used as 0x8903 to identify the Fabricpath protocol. Here, the OSA will be 12-bit switch ID for Leaf-2 which is 4 and ODA will be switch ID 3.
The root is chosen automatically just like STP:
1. Highest root priority – 8-bit value between 0-255 (Default is 64)
2. Highest System-ID – 48-bit VDC MAC address
3. Highest Switch-ID – 12-bit SID
For Leaf-2, Leaf-2 itself is the root for Tree 1 and the second highest root is the Leaf-1 for Tree 2.
To make the Spine-1 as the root for Tree 1 and Spine 2 as the root for Tree 2, we can change the priority:
Spine-1(config)# fabricpath domain default
Spine-1(config-fabricpath-isis)# root-priority 255
Spine-2(config)# fabricpath domain default
Spine-2(config-fabricpath-isis)# root-priority 254
Leaf-2# show fabricpath isis topology summary
FabricPath IS-IS Topology Summary
Fabricpath IS-IS domain: default
MT-0
Configured interfaces: Ethernet2/1 Ethernet2/2
Max number of trees: 2 Number of trees supported: 2
Tree id: 1, ftag: 1, root system: 5001.0001.002f, 1 —> Spine-1 is the root for Tree-1 nowTree id: 2, ftag: 2, root system: 5001.0002.002f, 2—-> Spine-2 is the root for Tree-2 nowFtag Proxy Root: 5001.0001.002f
“show fabricpath isis trees” shows the metric in respect to the root.
Leaf-2# show fabricpath isis trees
Fabricpath IS-IS domain: default
Note: The metric mentioned for multidestination tree is from the root of that tree to that switch-id
*:directly connected neighbor or link
P:Physical switch-id, E:Emulated, A:Anycast
MT-0
Topology 0, Tree 1, Swid routing table
1, L1
via Ethernet2/1, metric 0 —->Root is directly connected on this link for Tree-12, L1
via Ethernet2/1, metric 400
3, L1
via Ethernet2/1, metric 400
Topology 0, Tree 2, Swid routing table
1, L1
via Ethernet2/2, metric 400
2, L1
via Ethernet2/2, metric 0 ——-> Root is directly connected on this link for Tree-23, L1
via Ethernet2/2, metric 400
Traffic Engineering in FabricPath:
– Currently, we are doing multipathing to reach Leaf-1 from Leaf-2 and vice-versa.
Leaf-2# show fabricpath route switchid 3
1/3/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 01:06:21, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 01:06:21, isis_fabricpath-default
– 115 is the ISIS Admin Distance and 800 is the metric (400 per link from Leaf-Spine-Leaf).
– In order to prefer only one path, we can increase the ISIS metric on one link.
Leaf-2(config)# int e2/2
Leaf-2(config-if)# fabricpath isis metric 500
Leaf-2# show fabricpath route switchid 3
1/3/0, number of next-hops: 1
via Eth2/1, [115/800], 0 day/s 01:09:11, isis_fabricpath-default
Fabricpath ECMP:
– We can check the mroute table for each ftag and see the outgoing interface. It is E2/1 for Ftag-1 and E2/2 for Ftag-2.
Leaf-2# show fabricpath mroute ftag 1
(ftag/1, vlan/10, *, *), Flood, uptime: 01:11:48, isis
Outgoing interface list: (count: 3)
Interface Ethernet2/1, Switch-id 1, uptime: 01:11:52, isis
Interface Ethernet2/1, Switch-id 2, uptime: 00:11:10, isis
Interface Ethernet2/1, Switch-id 3, uptime: 01:11:52, isis
(ftag/1, vlan/20, *, *), Flood, uptime: 01:11:48, isis
Outgoing interface list: (count: 3)
Interface Ethernet2/1, Switch-id 1, uptime: 01:11:52, isis
Interface Ethernet2/1, Switch-id 2, uptime: 00:11:10, isis
Interface Ethernet2/1, Switch-id 3, uptime: 01:11:52, isis
Leaf-2# show fabricpath mroute ftag 2
(ftag/2, vlan/10, *, *), Flood, uptime: 01:12:14, isis
Outgoing interface list: (count: 3)
Interface Ethernet2/2, Switch-id 1, uptime: 00:11:13, isis
Interface Ethernet2/2, Switch-id 2, uptime: 01:12:18, isis
Interface Ethernet2/2, Switch-id 3, uptime: 01:12:18, isis
(ftag/2, vlan/20, *, *), Flood, uptime: 01:12:14, isis
Outgoing interface list: (count: 3)
Interface Ethernet2/2, Switch-id 1, uptime: 00:11:13, isis
Interface Ethernet2/2, Switch-id 2, uptime: 01:12:18, isis
Interface Ethernet2/2, Switch-id 3, uptime: 01:12:18, isis
– Verify the ECMP method being used.
Leaf-2# show fabricpath load-balance
ECMP load-balancing configuration:
L3/L4 Preference: Mixed
Hash Control: Symmetric
Rotate amount: 12 bytes
Use VLAN: TRUE
Ftag load-balancing configuration:
Hash Control: Symmetric
Rotate amount: 12 bytes
Use VLAN: TRUE
Leaf-2(config)# sh run all | i “fabricpath load-balance”
fabricpath load-balance symmetric
fabricpath load-balance unicast mixed rotate-amount 0xc
fabricpath load-balance multicast rotate-amount 0xc
Leaf-2(config)#
– ECMP methods available:
Leaf-2(config)# fabricpath load-balance unicast ?
include-vlan Use hardware translation of vlan/vni
layer3 Only Layer-3 parameters considered
layer4 Only Layer-4 parameters considered
mixed Mix of Layer-3 and Layer-4 paramaters (default)
rotate-amount Rotate amount for hash string
– To check which interface will be selected based on the Source and Destination, use below command:
Leaf-2# show fabricpath load-balance unicast forwarding-path ftag 1 switchid 3 flow-type l3 src-ip 10.0.0.253 dst-ip 10.0.0.225 vlan 10 module 2
This flow selects interface Eth2/1
Fabricpath Authentication: There are two types of Authentication being used in Fabricpath:
– Fabricpath Interface Authentication, which is basically used for Hello
– Fabricpath domain Authentication which is intended for ISIS LSPs
1. Interface Authentication: Lets configure Authentication between Spine-1 and Spine-2 on interface E2/4.
Spine-1(config)# key chain Spine-1
Spine-1(config-keychain)# key 1
Spine-1(config-keychain-key)# key-string Spine-1
Spine-1(config)# int e2/4
Spine-1(config-if)# fabricpath isis authentication-type md5
Spine-1(config-if)# fabricpath isis authentication key-chain Spine-1
Spine-1(config-if)# show fabricpath isis interface e2/4
Fabricpath IS-IS domain: default
Interface: Ethernet2/4
Status: protocol-up/link-up/admin-up
Index: 0x0003, Local Circuit ID: 0x01, Circuit Type: L1
Authentication type MD5Authentication keychain is Spine-1Authentication check specifiedExtended Local Circuit ID: 0x1A083000, P2P Circuit ID: 0000.0000.0000.00
Retx interval: 5, Retx throttle interval: 66 ms
LSP interval: 33 ms, MTU: 1500
P2P Adjs: 0, AdjsUp: 0, Priority 64
Hello Interval: 10, Multi: 3, Next IIH: 00:00:05
Level Adjs AdjsUp Metric CSNP Next CSNP Last LSP ID
1 0 0 400 60 Inactive ffff.ffff.ffff.ff-ff
Topologies enabled:
Level Topology Metric MetricConfig Forwarding
0 0 400 no UP
1 0 400 no UP
Spine-1(config-if)# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
Leaf-1 N/A 1 UP 00:00:23 Ethernet2/1
Leaf-2 N/A 1 UP 00:00:32 Ethernet2/2
Spine-2 N/A 1 LOST 00:04:53 Ethernet2/4 ———-> Adjacency is lost
We will see that once we configure Spine-2 with same key, adjacency will be resumed.
Spine-2(config)# key chain Spine-1
Spine-2(config-keychain)# key 1
Spine-2(config-keychain-key)# key-string Spine-1
Spine-2(config-keychain-key)# int e2/4
Spine-2(config-if)# fabricpath isis authentication-type md5
Spine-2(config-if)# fabricpath isis authentication key-chain Spine-1
Spine-2(config-if)# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
Leaf-1 N/A 1 UP 00:00:29 Ethernet2/1
Leaf-2 N/A 1 UP 00:00:27 Ethernet2/2
Spine-1 N/A 1 UP 00:00:30 Ethernet2/4
2. Domain Authentication: This will prevent routes from being learned, however will not have any impact on adjacencies.
Spine-1(config)# fabricpath domain default
Spine-1(config-fabricpath-isis)# authentication-type md5
Spine-1(config-fabricpath-isis)# authentication key-chain Spine-1
Spine-1(config)# show fabricpath isis
Fabricpath IS-IS domain : default
System ID : 5001.0001.002f IS-Type : L1 Fabric-Control SVI: Unknown
SAP : 432 Queue Handle : 15
Maximum LSP MTU: 1492
Graceful Restart enabled. State: Inactive
Last graceful restart status : none
Graceful Restart holding time:60
Metric-style : advertise(wide), accept(wide)
Start-Mode: Complete [Start-type configuration]
Area address(es) :
00
Process is up and running
CIB ID: 1
Interfaces supported by Fabricpath IS-IS :
Ethernet2/1
Ethernet2/2
Ethernet2/4
Level 1
Authentication type: MD5Authentication keychain: Spine-1 Authentication check specifiedLSP Lifetime: 1200
L1 LSP GEN interval- Max:8000 Initial:50 Second:50
L1 SPF Interval- Max:8000 Initial:50 Second:50
MT-0 Ref-Bw: 400000
Max-Path: 16
Address family Swid unicast :
Number of interface : 3
Distance : 115
L1 Next SPF: Inactive
We can see that though adjacency is still there, System ID is not resolving the host Name and also routes are lost.
Spine-1# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
5001.0003.002f N/A 1 UP 00:00:22 Ethernet2/1
5001.0004.002f N/A 1 UP 00:00:29 Ethernet2/2
5001.0002.002f N/A 1 UP 00:00:25 Ethernet2/4
Spine-1# show fabricpath route
FabricPath Unicast Route Table
‘a/b/c’ denotes ftag/switch-id/subswitch-id
‘[x/y]’ denotes [admin distance/metric]
ftag 0 is local ftag
subswitch-id 0 is default subswitch-id
FabricPath Unicast Route Table for Topology-Default
0/1/0, number of next-hops: 0
via —- , [60/0], 0 day/s 05:23:24, local
Spine-1#
Once authentication is removed, routes are learned.
Spine-1(config-fabricpath-isis)# no authentication-type
Spine-1(config-fabricpath-isis)# no authentication key-chain
Spine-1(config-fabricpath-isis)# show fabricpath isis adjacency
Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:
System ID SNPA Level State Hold Time Interface
Leaf-1 N/A 1 UP 00:00:23 Ethernet2/1
Leaf-2 N/A 1 UP 00:00:26 Ethernet2/2
Spine-2 N/A 1 UP 00:00:22 Ethernet2/4
Spine-1(config-fabricpath-isis)# show fabricpath route
0/1/0, number of next-hops: 0
via —- , [60/0], 0 day/s 05:24:20, local
1/2/0, number of next-hops: 1
via Eth2/4, [115/400], 0 day/s 00:00:12, isis_fabricpath-default
1/3/0, number of next-hops: 1
via Eth2/1, [115/400], 0 day/s 00:00:12, isis_fabricpath-default
1/4/0, number of next-hops: 1
via Eth2/2, [115/400], 0 day/s 00:00:12, isis_fabricpath-default
Fabricpath Unicast Static Routes and Multiple ISIS topologies:
– We can configure unicast static routes to override the routes computed by dynamic protocols such as IS-IS in FabricPath.
Leaf-2# sh fabricpath route switchid 3
1/3/0, number of next-hops: 2
via Eth2/1, [115/800], 0 day/s 01:11:26, isis_fabricpath-default
via Eth2/2, [115/800], 0 day/s 01:44:19, isis_fabricpath-default
Leaf-2(config)# fabricpath route switch-id 3 ethernet 2/1
Leaf-2(config)# show fabricpath route switchid 3
1/3/0, number of next-hops: 1
via Eth2/1, [40/40], 0 day/s 00:00:06, static route
– By default MT0 is the topology being used by all Vlans. We can configure multiple topologies to map specific VLANs and specific features to that specific topology.
Leaf-2(config)# fabricpath topology 1
Leaf-2(config-fp-topology)# member vlan 10
Leaf-2(config-fp-topology)# exit
Leaf-2(config)# int e2/1
Leaf-2(config-if)# fabricpath topology-member 1
Leaf-2(config-if-fp-topology)# exit
Leaf-2(config-if)# show fabricpath topology vlan
Topo-Description Topo-ID Configured VLAN List
——————————– ——— ————————————-
0 0 1-9,11-4096
1 1 10
