What is VRF and why we use it??

VRFs are virtual routers. This is very similar to VLANs in switches. A VRF is totally independent router. It has its own interface, IP subnets, routing protocols, routing and forwarding table.

VRF (Virtual Routing and Forwarding) is used to separate routing table within one router. You can have multiple instance of routing table on the same router using VRF. In a real world application, you can use VRF to separate traffic of various customers using different instance of VRF.

How to create VRF

Cisco(config)#ip vrf Marketing

Cisco(config-vrf)#

VRF related commands

#sh ip vrf – Shows all vrf instances and interface associated to each

How to assign VRF to interfaces

You can assign a VRF to any interfaces including SVI and Loopback

CISCO(config)#interface vlan 100

CISCO(config-if)#ip vrf forwarding Marketing

% Interface vlan 100 IP address 192.168.1.250 removed due to enabling VRF Marketing

CISCO(config-if)#ip address 192.168.1.250 255.255.255.0

CISCO(config-if)#exit

CISCO(config)#vlan 100

CISCO(config-if)#ip vrf forwarding Marketing

CISCO(config-if)#ip address 192.168.1.250 255.255.255.0

VRF is a separate router by itself; you can assign duplicate IPs but need to be assigned to different router. When VRF is assigned to an interface associated with an IP address that IP will be removed but can be easily re-added as you can see in the above example.

 

 

 

End-to-End VLAN

In this model, VLANs are trunked across the entire organization, campus, or building – regardless of where end hosts are physically located. The VLANs are strictly based on function with little or no regard for where they may be at any given time. That means all switches contain all VLANs. Obviously this becomes difficult to maintain at scale, which is why VTP is often used in conjunction with the end-to-end VLAN model. Simply add or modify a VLAN on a VTP server switch and the changes are automatically propagated. Of course VTP adds more risk to the mix, but that’s another topic

Perhaps the biggest benefit to an end-to-end architecture is that any user can get access to their resources from any switch. If a VMPS server is deployed, a user can plug into any switch port and will automatically be assigned to their correct “home” VLAN. Sounds good right?

Drawbacks

There are some serious drawbacks though. First, end-to-end VLANs are very difficult to maintain across large networks. If you are not running VTP server or client mode on all of your switches, then every switch must be configured with the correct VLAN assignments manually. And what happens when it comes time to troubleshoot an issue when you have hundreds of switches. Managing this type of environment is difficult, but just as concerning is the performance trade-off. If every VLAN is stretched across every switch, that means they must also cross the distribution and core of your network. All of the broadcast traffic on all VLANs then must also traverse the core, which can lead to serious performance problems. The main reason I see end-to-end VLANs still used in some organizations is for application requirements. Some apps require all hosts to be on the same segment – regardless of physical location. If this is the case, some VLANs may have to be stretched in an end-to-end fashion

Local VLAN

The local VLAN model is more based around geographical proximity than it is around universal accessibility. In this approach, VLANs are local to a block of switches and never extend all of the way to the core. Instead, they rely on a hierarchical switch structure to terminate the layer two boundaries. For example, you may have VLAN 100 used for “first floor workstation connectivity”. There may be more than one switch that supports the first floor, but they will all be somewhat close. More importantly, all of them will connect to the same pair of distribution layer switches which will act as the default gateway for the local VLAN segments. From there packets are routed to the core using layer three protocols, not layer two VLANs. Therefore, switching of local VLANs happens at the access layer and routing at the distribution and core layer.

Benefits

A local VLAN configuration means simplified VLAN troubleshooting and fewer spanning tree design considerations. Performance is also improved with SVIs on the distribution switches – creating smaller broadcast domains.

 

 

WiFi signal is measured in dBm, which stands for decibels relative to milliwatts (mW).

Absolute power of a signal is measured in wattage

dB scale does not define where you are starting from or what your ‘zero’ is. Therefore, we specify dBm, indicating that our scale is relative to 1 milliWatt of power. 0 dBm = 1 mW.

The reason you see negative values is that you are representing small but positive numbers, on a logarithmic scale. In logarithms, the value indicated represents an exponent… for example, under a log 10 scale, a value of -2 represents 10 to the -2 power, which equals 0.01.

Likewise, a negative dBm means that you are applying a negative exponent in your power calculations; 0 dBm equals 1 mW of power, so -10 dBm equates to 0.1 mW, -20 dBm equates to 0.01 mW, and so forth.

It is a lot easier, and more useful in some calculations, to describe a weak signal as -100 dBm as opposed to 0.0000000001 mW.

So remember – -1 dBm is significantly better than -100 dBm.

PowerShell is been around 2006 and evolved since then through different versions. What makes PowerShell more powerful is the modules that we install on it. I am going to talk about who we can use PowerShell in Azure context.

In the past, we installed Azure RM module into PowerShell to work with Azure. At the same time Azure portal had Azure something called Cloud Shell. The commands are different between AzureRM modules and Azure Cloud Shell. Microsoft realized it need to come up with a new module to remove this discrepancy. This is the reason Az module was released by Microsoft in December 2018 for general availability.

Az module was built to harness the power of PowerShell Core and Cloud Shell, and maintain compatibility with PowerShell 5.1. Az ensures that PowerShell and PowerShell Core users can get the latest Azure tooling in every PowerShell, on every platform

Az also simplifies and normalizes Azure PowerShell cmdlet and module names. Az ships in Azure Cloud Shell and is available from the PowerShell Gallery. One more great thing about Az module is its cross-platform compatibility. This means it works in MacOS and Linux variants now.

To install modules at a global scope, you need elevated privileges to install modules from the PowerShell Gallery:

>Install-Module -Name Az -AllowClobber

Frequently update your module :

Update-Module -Name Az

Note: You should not install Az side-by-side with AzureRM. Remove all AzureRM modules before installing Az.

You need to have an availability set already defined before creating VMs in Azure.

So what does an availability set do?

• An availability set is a group of virtual machines that are deployed across fault domains and update domains.
• Availability sets make sure that your application is not affected by single points of failure, like the network switch or the power unit of a rack of servers.

Fault Domain:

Each VM in Azure is assigned to a fault domain – Fault domains define the group of virtual machines that share a common power source and network switch.

Update Domain:

• Virtual machines get update domains automatically once they are put inside availability set.
• All virtual machines within that update domain will reboot together.
• Update domains are used for patching of the virtual machines.
• Only one update domain would be updated at the time.
• In Azure Resource Manager(ARM) portal, we have up to three Fault domains and 5 update domains but we can have up to 20 update domains.
• How many Fault Domains and How many Update Domains is recommended? it depends !
  • If your region allows 3 fault domains, it is recommended to use 3, otherwise use 2 that is available to all regions.
  • 5 update domains is recommended. But if you choose to have more update domain, it will take longer to get all the update applied to your system.

When a packet comes into a router, the routing decision will be based on the destination IP address in the packet. First the router will consult the forwarding table (forwarding information base – FIB) and select the longest match in case of multiple match (longest match has the most bits in common). However if there is a host route match (/32), it will be the most preferred route regardless what the routing protocol is.

Say for example – the destination IP is 10.10.1.10

In the router, you type in #sh ip route 10.10.1.10 and you get 3 results:

10.0.0.0/8

10.10.0.0/16

10.10.1.0/24

Therefore, the third route is the longest match that has most bits in common.

One important thing to remember is FIB operates at the data plane level. FIB also called CEF table (Cisco Express Forwarding). To view the FIB you issue the command called #sh ip cef

Once the longest match found we need to go through route recursion (recursive lookup) process to decide the actual outgoing interface for the particular packet. Routing information base (RIB) is used for this purpose (#sh ip route). RIB operates at the control plane level on the router.

Recursion process:

10.10.1.10 via 76.10.55.96

76.10.55.96 via 128.100.2.10

128.100.2.10 directly connected GigabitEthernet2/6

This means the packet will egress via Gig2/6 on the router.

Notes: Routing get complicated if you have ACL, NAT translations, policy based routing like the upper layer techniques

RIB information is update regularly using routing protocols and other control plane information and RIB contains complete list of routes which is learned by the router.

How to enable CEF on all the interfaces on a router:

Router(config)# ip cef distributed

When you enable CEF FIB and adjacency table will be created in the router. At the same time all the routes will be downloaded in to the FIB from the RIB.