Experimental Napster Post – 2

This is a interesting but a trivial post. Everybody know about the interface command “load-interval” that changes the time period over which the interface packet-rate and throughput statistics are averaged.

I discovered an addition to this command on the Nexus the other day while poking around. NX-OS allows multiple counter intervals to be configured on the same interface. This allows different sampled intervals to be listed at the same time.

The configuration is easy:

1
2
3
4
#interface Ethernet1/19
  load-interval counter 1 40
  load-interval counter 2 60
  load-interval counter 3 180

The above commands sets the first interval, also the default interval to 40 seconds, the 2nd to 60 seconds and the 3rd to 180 seconds. Now have a look at the highlighted output below :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
n5010# sh int Ethernet1/19
Ethernet1/19 is up
Hardware: 10000 Ethernet, address: 000d.ecfe.075a (bia 000d.ecfe.075a)
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA
Port mode is access
auto-duplex, 10 Gb/s, media type is 10G
Beacon is turned off
  Input flow-control is off, output flow-control is off
  Switchport monitor is off
  EtherType is 0x8100
  Last clearing of "show interface" counters never
  40 seconds input rate 571149904 bits/sec, 71393738 bytes/sec, 56211 packets/sec
  40 seconds output rate 145312624 bits/sec, 18164078 bytes/sec, 40121 packets/sec
  Load-Interval #2: 1 minute (60 seconds)
    input rate 554.23 Mbps, 54.92 Kpps; output rate 141.62 Mbps, 39.95 Kpps
  Load-Interval #3: 3 minute (180 seconds)
    input rate 538.83 Mbps, 53.75 Kpps; output rate 134.19 Mbps, 39.35 Kpps
  RX
    168160146349 unicast packets  2672061 multicast packets  10035857 broadcast packets
    168172854267 input packets  205018658310586 bytes
    0 jumbo packets  0 storm suppression packets
    0 runts  0 giants  0 CRC  0 no buffer
    0 input error  0 short frame  0 overrun   0 underrun  0 ignored
    0 watchdog  0 bad etype drop  0 bad proto drop  0 if down drop
    0 input with dribble  0 input discard
    0 Rx pause
  TX
    129682618102 unicast packets  404063 multicast packets  1477146 broadcast packets
    129684499311 output packets  57796361543865 bytes
    0 jumbo packets
    0 output errors  0 collision  0 deferred  0 late collision
    0 lost carrier  0 no carrier  0 babble
    0 Tx pause
  2 interface resets

Experimental Napster Post – 1

IOS relies on privilege levels.  Privilege levels (0-15) defines locally what level of access a user has when logged into an IOS device, i.e. what commands are permitted. This only applies in the absence of AAA being configured. There are 3 default privilege levels on IOS, but really only two that are relevant:

  • Privilege Level 1 — Normal level on Telnet; includes all user-level commands at the router> prompt.
  • Privilege Level 15 — Includes all enable-level commands at the router# prompt.

NX-OS uses a different concept for the same purpose, known as User Roles. User Roles contain rules that define the operations allowed for a particular user assigned to a role. There are default User Roles:

  • Network-Admin—Complete read-and-write access to the entire NX-OS device (only available in the default VDC).
  • Network-Operator—Complete read access to the entire NX-OS device (Default User Role).
  • VDC-Admin—Read-and-write access limited to a VDC (VDCs are not yet available on Nexus 5000).
  • VDC-Operator—Read access limited to a VDC (Default User Role).

A VDC (Virtual Device Context) is a logical separation of control plane hardware resources into virtualized layer3 switches. Don’t worry to much about what a VDC is for now, it is not really relevant to the purpose of this post.

When a NX-OS device is setup for the first time, during the first login, a Network-Admin account must be specified and subsequently be used to login. Arguably a bit more secure that IOS.