Monday 28 September 2015

MST and Port Priority on VIRL

I really wanted to cement my knowledge of MST and Port Priorities, and VIRL was perfect for this.  All I did was use two switches connected with dual links. I defined 4 new vlans and then put two in MST 1 and two in MST 2.

What I noticed though was that both MST 1 and MST 2 were using Gi0/1 to forward, even though I had set SW1 as the root for MST1 and SW2 as the root for MST2. So I used port-priorities to configure MST1 to use Gi0/1 and MST2 to use Gi0/2.

The configuration of port-priorities is shown below:

VIRL was perfect to investigate and cement MST and port-priorities for me, and I didn't have to waste any of my INE rack rental time or purchase switches (which seem to be so much more expensive then routers for my CCIE lab)

Sunday 27 September 2015

VIRL Troubleshooting

VIRL is fantastic to use, but I have had some issues with it lately so I thought I might detail the fairly simple solutions I found.

Virtual Interface Creation Failed Error on launching simulation:

First one happened when I clicked yes to the update prompt. It ran through updates and then when I open Maestro and tried to launch a simulation I got the following error:

Node "R1" state changed from BUILDING to ERROR with message: Virtual Interface creation failed:   File "/usr/lib/python2.7/dist-packages/nova/compute/", line 297, in decorated_function

The correct way to do the upgrade can be found here. But since I was stuck in some quasi-half upgrade stage, all I had to do was run the following commands:

sudo vinstall vinstall

sudo salt-call saltutil.sync_all

sudo vinstall salt

sudo salt-call state.sls openstack

sudo salt-call state.sls openstack.setup

sudo salt-call state.sls openstack.restart

Now my VIRL is launching simulations properly again.

Connection Refused to console:

This one is so annoying, because it appears like everything is working but when you try to get to the console of the running devices you get the following error:

This had a crazy simple solution. I had a VPN running on the VM which was interfering with the routes to the console. The easiest way to fix this was to disable the VPN. And now I can get to the console again. :)

WAN Circuits

- default serial encapsulation
- no advanced features
- problems with vendor interoperability
- very easy config "no shut", configure clockrate


- negotiation, authentication (PAP, CHAP), PPPoE
- easy to configure, 'encapsulation ppp'
- debug ppp negotiation
- pap: password authentication protocol
- challenger: "ppp authentication pap"
- reponse: "no ppp pap refuse", "ppp pap sent-username... password"


MST Revision

Required information for an MST instance:

  • instance name
  • revision number
  • mst to vlan mappings

intra region:
vlan to stpis are manually defined
undefined vlans fall into CIST (MST 0)

inter region:
details between regions are not know

MST is backwards compatible with legacy CST and PVST+
behaves like inter-region MST
CST root must be within the MST domain

migration, start from root bridge and work your way out

Config Steps:
1. define the following in MST config mode:
region name
revision number
VLAN to isntance mappings
2. Enable MST globally

Same election process as CST/PVST+

Changing BID priority, port cost, port priority - all done for the instance
eg. spanning-tree mst [instance] priority

BEST PRACTICE: 3 spanning-tree instances in MST