HUawei Global PBR Configuration in Switch...!

 Traffic routing with Policy-based routing (PBR)

Packet routing is generally carried out by equipment by consulting its routing table where they look for the best routes based on their destination address.

However, what I intend to show is that there are other forms of packet routing, such as PBR, which allows routes to be changed based on other criteria such as source addresses, packet size or next hop.

 

To show one of the ways to configure packet forwarding based on PBR, I will use an example:

 

In the company we have two departments that have different access to the Internet due to the needs of the IT Team who need better access to the Internet. What we are going to show is a way to configure the routing of each network for its Internet access, and both teams access the DMZ and can also communicate with each other.

 

 

 

The first step will be to carefully configure an ACL to select only the traffic we want to redirect. As we want to redirect all traffic destined for the Internet, we make the following configuration:

 

ACL name IT_TEAM number 3001 rule 10 permit ip source 192.168.0.0 0.0.0.255 destination any rule 15 permit ip source 192.168.1.0 0.0.0.255 destination any  # ACL Name COM_TEAM number 3002 rule 10 permit ip source 192.168.2.0 0.0.0.255 destination any rule 15 permit ip source 192.168.3.0 0.0.0.255 destination any

 

After defining the ACLs, they configured the traffic classifiers

 

traffic classifier TC_IT_TEAM type or   if-match acl 3001  # traffic classifier TC_COM_TEAM type or   if-match acl 3002

 

 

The next step was to choose what to do with the traffic they had just categorized.

 

traffic behavior TB_IT_TEAM redirect nexthop 192.168.0.147  # traffic behavior TB_COM_TEAM redirect nexthop 192.168.0.149

 

As you know after the classifier and traffic behavior are configured they need to be put together to make sense. And that's what they did too.

 

traffic policy TP_IT_TEAM classifier TC_IT_TEAM behavior TB_IT_TEAM # traffic policy TP_COM_TEAM classifier TC_COM_TEAM behavior TB_COM_TEAM

 

Finally, the traffic policies were configured. The only thing left to do was to apply the traffic policies on the switch.

 

traffic-policy TP_IT_TEAM global inbound # traffic-policy TP_COM_TEAM global inbound

 

After that, traffic destined for the internet was redirected according to the policy.

Mikrotik Multiple port trunk with bridge .

 Find the diagram given below.

########################################################

/interface bridge
add name=bridge1 protocol-mode=none vlan-filtering=yes

########################################################

/interface vlan
add interface=bridge1 name=10 vlan-id=10
add interface=bridge1 name=192 vlan-id=192

########################################################

/interface bridge port
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether6

########################################################

/interface bridge vlan
add bridge=bridge1 tagged=bridge1,ether3,ether6 vlan-ids=192,10

########################################################

/ip address
add address=11.1.1.1/24 interface=192 network=11.1.1.0
add address=10.1.1.1/24 interface=10 network=10.1.1.0

########################################################

Ookla Server Auto Start After Machine reboot or Network Outage..!

 Here i will show you how you can enable your Ookla server in Auto start mode when there is a machine reboot or any kind of network outage . find the configuration below.

 It is highly advisable to create own systemd services or udev rules to run scripts during boot instead of using this file  /etc/rc.d/rc.local .

make sure you have given executable permission to your own systems script. 

chmod +x /etc/systemd/system/speedtest.service

[root@localhost ~]# vi /etc/systemd/system/speedtest.service
[Unit]
After=network.target
[Service]
User=root
Group=root
WorkingDirectory=/usr/ookla/
Type=simple
KillMode=mixed
ExecStart=/usr/ookla/OoklaServer
TimeoutStartSec=30
TimeoutStopSec=60
Restart=always
[Install]
WantedBy=multi-user.target


[root@localhost ~]#

systemctl enable speedtest.service
 systemctl start speedtest.service
 systemctl status speedtest.service
systemctl daemon-reload

How to Troubleshoot of a website if that website is not opening .

Let's say we will try on google.com. and we are not able to open the google.com website.

Step-1 = Ping to the website which is not opening.

First you have to check the ping to that website. There may be a possibility that ICMP is blocked in the destination end due to security concern...

C:\Users\hp>ping google.com
Pinging google.com [142.250.194.206] with 32 bytes of data:
Reply from 142.250.194.206: bytes=32 time=49ms TTL=58
Reply from 142.250.194.206: bytes=32 time=46ms TTL=58
Reply from 142.250.194.206: bytes=32 time=48ms TTL=58
Reply from 142.250.194.206: bytes=32 time=51ms TTL=58
Ping statistics for 142.250.194.206:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 46ms, Maximum = 51ms, Average = 48ms
C:\Users\hp>

You can see above that ICMP is not blocked in google end and we are getting Ping to google.com.Thats Fine..

Till Now we are getting the ping but 

2-Check Traceroute to google.com to verify whether you can reach the destination or not .

C:\Users\hp>tracert google.com

Tracing route to google.com [142.250.193.206]

over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  192.168.0.1

  2     2 ms     1 ms     1 ms  103.14.9.18

  3    43 ms    44 ms    42 ms  103.15.9.17

  4    43 ms    43 ms    44 ms  103.6.9.26

  5    46 ms    45 ms    46 ms  72.4.203.200

  6    45 ms    46 ms    45 ms  142.250.244.151

  7    45 ms    45 ms    45 ms  142.250.54.97

  8    47 ms    44 ms    46 ms  del11s17-in-f14.1e100.net [142.250.193.206]

Trace complete.

C:\Users\hp>

As you can see above that the Traceroute is showing OK and we are able to reach the destination.

Step-3=Check the DNS resolve , weather the DNS is proper or not .

C:\Users\hp>nslookup
Default Server:  UnKnown
Address:  192.168.0.1
> google.com
Server:  UnKnown
Address:  192.168.0.1
Non-authoritative answer:
Name:    google.com
Addresses:  2404:6800:4002:81c::200e
          142.250.194.206
>

As you can see above that DNS is working properly and we are able to resolve from name to IP and IP to name.

Step-4= Check the Telnet to Website whether the https://google.com is open on 443 port or not.

To check in Telenet , Got to your cmd and write the telnet google.com 443

C:\Users\hp>telnet google.com 443

You can see above that we are able to access the website on 443 port , it means everything is fine .

Summary.

Till now everything is fine from our end but still we are not able to access the website . So now you have to contact your ISP for checking this issue because this issue can be with your public IP or in ISP end there is some routing issue such as Assymetric routing or Routing failure in the transit etc etc..and also there is a possibility that somewhere in transit  Your public IP address is blocked.

Cisco Three-Layer Hierarchical Design..!!

 Cisco Has 3 layers.

1. Core Layer.
2. Distribution Layer.
3. Access Layer.

Core Layer

In the core Layer, We use devices called high-end routers and Those routers are going to be the gateway to the internet or outside our network. Basically, we use the redundancy internet connection where we do the path manipulation, Layer-3 security .

 we must have redundancy in the core for routing .

Distribution Layer.

In the distribution Layer , we use normally routers or layer 3 switches for QOS implementation, Layer 3 routing , vlan gateway ,etc etc . 

Access Layer.

In access layer we have lots of devices like our access switches and Access points from where our end hosts are connected, this is just an entry for all of our network for hosts .  Normally the switches we use are 3550,2960, SMB switches etc etc .

From the configuration point of view, we may have VLAN access, Layer-2 QOS marking, or maybe some layer-2 security features like Dhcp Snooping, Storm control etc. 

GPON SFP Types..!

 The main difference is the output optical power which we called as TX Power of module . Class C++ GPON SFP module output optical power is about 7dBm, the Class C+ GPON SFP module output optical power is about 5dBm. Of course, their optical receiver sensitivity is also different. The Class C++ optical receiver sensitivity is best.

The detailed specification parameter table comparison is as below:

GPON SFP modules

Type	Class B+ GPON SFP module	Class C+ GPON SFP module	Class C++ GPON SFP module
wavelength	Tx：1490nm	Tx：1490nm	Tx：1490nm
	Rx：1310nm	Rx：1310nm	Rx：1310nm
rate	Tx：2.488Gbit/s	Tx：2.488Gbit/s	Tx：2.488Gbit/s
	Rx：1.244Gbit/s	Rx：1.244Gbit/s	Rx：1.244Gbit/s
Mini Output Power	1.5dBm	3dBm	6dBm
Mini Output Power	5dBm	7dBm	10dBm
Optical Receiver Sensitivity	-28dBm	-32dBm	-35dBm
Optical Connector	SC	SC	SC
Fiber type	Single mode	Single mode	Single mode
Receiver Overload	-8dBm	-8 dBm	-15dBm
Extinction Ratio	10dB	10dB	8.2dB

 

GPON FTTH Network Architecture..!

 I will show you how you can design the FTTH network in the best way which will help you to expand your network in a better way and also it will help you to manage the power appropriately.

In GPON , We can extend our network to 20km and we can give 128 customers on per PON port.

As we know, In FTTH the most important thing is to calculate your power budget from OLT to ONU because optical power is the main component of GPON network architecture. Let's see..

There is a 2 way of splitting and designing the FTTH network.

1. Two-way Splitting.
2. Three-way Splitting.

Two-way Splitting Design.

in 2 ways, There are 3 types is splitting.

• 1:4 <==========> 1:32
• 1:8 <==========> 1:16
• 1:2 <==========> 1:64

Three-way Splitting Design.

in 3 ways, There are 4 types is splitting.

• 1:2 <==========> 1:2  <==========> 1:32
• 1:4 <==========> 1:4 <==========> 1:8
• 1:4 <==========> 1:16 <==========> 1:2
• 1:2 <==========> 1:8 <==========> 1:8

EPON FTTH Network Architecture..!

 I will show you how you can design the FTTH network in the best way which will help you to expand your network in a better way and also it will help you to manage the power appropriately.

In EPON , We can extend our network to 20km and we can give 64 customers on per PON port.

As we know, In FTTH the most important thing is to calculate your power budget from OLT to ONU because optical power is the main component of EPON network architecture. Let's see..

There is a 2 way of splitting and designing the FTTH network.

1. Two-way Splitting.
2. Three-way Splitting.

Two-way Splitting Design.

in 2 ways, There are 3 types is splitting.

• 1:8 <==========> 1:8
• 1:4 <==========> 1:16
• 1:2 <==========> 1:32

Three-way Splitting Design.

in 3 ways, There are 3 types is splitting.

• 1:2 <==========> 1:2  <==========> 1:16
• 1:4 <==========> 1:4 <==========> 1:4
• 1:4 <==========> 1:8 <==========> 1:2

PON Power Budget Calculation...!

 Now Let's look at a detail diagram where we will calculate the power from OLT to ONU . and also we will see all the losses that are involved from source to destination...!

As I have already mentioned in my previous blog , we have a total 5 types of losses which are given below.

Type Of Loss	Losses in db
Insertion Loss	--
Fiber Attenuation Loss(Distance)	0.35 db/Per Km
Splicing Loss	0.2 dB
Connector Loss	0.75 dB
Splitter Loss	You Can refer My Chart
Safety Margin	We will keep 2-3 dB in spare for better performance.

Power Budget Formula Of Calculation.

Total Loss = Distance+ Splicing Loss + Splitter Loss + Safety Margin Loss + Connector Loss

ONU RX Power =  Pon Module TX Power - Total Loss 

Now Let's start and take an example of our diagram.

Example-1

Let's Calculate the Power.

• Total DIstance (3+5) = 8km
• Total Connector  = 4
• Splitter 1:4, 1:8 & 1:2 
• Total Splicing = 5

My TX Power of PON Module is = +7

Total Loss : Connector + Distance + Splitter + Splicing + Safety Margin

= Connector(4 * 0.75) + Distance (8*0.35) + Splitter (7+10.5+3.5) + Splicing(5 * 0.2) + Safety Margin (3) = 30.08 dBm

Power Budget(ONU RX Power): Pon Module TX Power - Total Loss.

 = 7 - 30.8) = -23.8 dBm.

Example-2

Let's Calculate the Power.

• Total DIstance (2+6) = 8km
• Total Connector  = 3
• Splitter = 1:8 & 1:16
• Total Splicing = 3

My TX Power of PON Module is = +7

Total Loss : Connector + Distance + Splitter + Splicing + Safety Margin

= Connector(3 * 0.75) + Distance (8*0.35) + Splitter (10.5+14) + Splicing(3 * 0.2) + Safety Margin ( 3 ) = 33.15 dBm

Power Budget(ONU RX Power): Pon Module TX Power - Total Loss.

 = 7 - 33.15) = -26.15 dBm.

Types of Losses Involved in Gpon/Gepon Networks...!!

 A total of 5 types of losses are involved from OLT to ONU so find the details chart given below.

Type Of Loss	Losses in db
Insertion Loss	Less than 1 dBm
Fiber Attenuation Loss(Length Of Fiber)	0.35 db/Per Km
Splicing Loss	0.2 dB
Connector Loss	0.75 dB
Splitter Loss	You Can refer My Chart

Ratio Coupler Insertion Loss Chart..!

The chart given below shows the general attenuation loss for common ratio Couplers in FTTH.

Type Of Coupler	Split Ratio	Insertion Loss
1x2	50:50	3.2/3.2
1x2	45:55	3.7/2.8
1x2	40:60	4.2/2.4
1x2	35:65	4.8/2.1
1x2	30:70	5.4/1.8
1x2	25:75	6.2/1.5
1x2	15:85	8.4/0.91
1x2	10:90	10/0.66
1x2	5:95	13/0.42
1x2	2:98	17/0.29
1x2	1:99	20/0.24
1x3	10:45:45	10/3.7/3.7
1x3	20:40:40	7.2/4.2/4.2
1x3	20:40:40	7.2/4.2/4.2
1x3	30:35:35	5.4/4.8/4.8
1x3	40:30:30	4.2/5.4/5.4
1x3	50:25:25	3.2/6.2/6.2
1x3	60:20:20	2.4/7.2/7.2
1x3	70:15:15	1.8/8.4/8.4
1x3	80:10:10	1.2/10/10
1x4	25:25:25:25	6.2/6.2/6.2/6.2

GPON/GEPON Splitter Loss CHart..!!!

 The chart given below shows the general attenuation loss for common splitter ratios in FTTH.

Splitter Type	Insertion Loss in db
1:2	-3.01dB
1:4	-6.02dB
1:8	-9.03dB
1:16	-12.04dB
1:32	-15.05dB
1:64	-18.06dB
1:128	-24.06dB