cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1738
Views
12
Helpful
22
Replies

Do I need DLSW ER ?

henrybb
Level 1
Level 1

scenario 1 : pls see attached file "TWO router one 400 card.JPG".

Do I need config DLSW ER on DLSW-1 and DLSW-2 ?

scenario 2 : pls see attached file "TWO router two 400 card.JPG" .

Two AS/400 ethernet has duplicate mac-address. Of course,they resides on different VLAN. Can I config it like this:

DLSW-3 router:

dlsw local-peer peer-id 10.2.19.1

dlsw remote-peer 0 tcp 10.2.24.2 circuit weight 20

dlsw remote-peer 0 tcp 10.2.20.1 circuit weight 10

dlsw load-balance circuit-count

DLSW-1 router:

dlsw local-peer peer-id 10.2.24.2 cost 1 promiscuous

DLSW-2 router:

dlsw local-peer peer-id 10.2.20.1 cost 1 promiscuous

scenario 3 : pls see attached file "two center router and remote router.JPG" .

Is it right that add DLSW ER on DLSW-3 AND DLSW-4 router based on config of scenario 2.

any comments is appreciated!

1 Accepted Solution

Accepted Solutions

mbinzer
Cisco Employee
Cisco Employee

Hi,

i assume the as/400 is the "host" in this scenario and the sna server is the "remote client".

scenario 1:

We do not support dlsw ER on the host end.

Why?

Ethernet today means you use a ethernet switch which

makes it necessary to configure dlsw ER with mac address mapping. If you do this on the host end you need to map the mac addresses of the clients. If you have only one sna server you can do this.

However if you have 600 clients in your network you would need to create 600 map statements.

Scenario2 is much prefered for the host end attachment of two dlsw routers.

Scenario2.

Yes you can configure it like you have stated. If the

two ethernet interfaces of the host are equal than you dont need the circuit weight at all. Just two peers and the dlsw load-balance command. You should add a

dlsw timer explorer-wait-time 2

on router dlsw-3.

this makes sure that the router waits 2 seconds to get all responses back to the canureach frame and then caches the results before making a decision which peer to use.

It is the typical scenario we have in a lot of networks today.

Scenario3:

This is the recommended scenario for dlsw ER. Dlsw ER

is configured on the branch router, mapping the mac

address of the host. Typically there are only a limited number of host mac addresses.

Router3 and router4 are configured peer wise like scenario2 and on the ethernet you have the dlsw ER

configuration.

thanks...

Matthias

View solution in original post

22 Replies 22

mbinzer
Cisco Employee
Cisco Employee

Hi,

i assume the as/400 is the "host" in this scenario and the sna server is the "remote client".

scenario 1:

We do not support dlsw ER on the host end.

Why?

Ethernet today means you use a ethernet switch which

makes it necessary to configure dlsw ER with mac address mapping. If you do this on the host end you need to map the mac addresses of the clients. If you have only one sna server you can do this.

However if you have 600 clients in your network you would need to create 600 map statements.

Scenario2 is much prefered for the host end attachment of two dlsw routers.

Scenario2.

Yes you can configure it like you have stated. If the

two ethernet interfaces of the host are equal than you dont need the circuit weight at all. Just two peers and the dlsw load-balance command. You should add a

dlsw timer explorer-wait-time 2

on router dlsw-3.

this makes sure that the router waits 2 seconds to get all responses back to the canureach frame and then caches the results before making a decision which peer to use.

It is the typical scenario we have in a lot of networks today.

Scenario3:

This is the recommended scenario for dlsw ER. Dlsw ER

is configured on the branch router, mapping the mac

address of the host. Typically there are only a limited number of host mac addresses.

Router3 and router4 are configured peer wise like scenario2 and on the ethernet you have the dlsw ER

configuration.

thanks...

Matthias

Hi Matthias,

thanks for your reply.

If DLSW ER is not supported on the host end,is there any loop or incorrect reachability like document of DLSW ER said because same remote mac-address will come from DLSW-1 and DLSW-2?

If so,how to config in scenario 1 ?

thanks!

Hi,

for scenario1:

The most clean way to use it is dlsw/vdlc/snasw together on the head end router and do appn EE upstream to the host. That way you have only pure ip (udp) traffic on the ethernet in front of the host.

I know that it requires some prerequisites at the host end and not everybody can just simply flip the switch and do it.

Also if you can use snasw you can also think about the extra money for the licenses and put a router running snasw directly into the branch eliminating dlsw alltogether on the wide area network.

the second best way is to configure tradditional dlsw with bridge-groups and apply a bridge-group 1 input-address-list 700 filter to the two dlsw routers on the common ethernet.

access-list 700 would ONLY permit the mac address/addresses of your host/hosts.

That way you can not have a loop from dlsw router1 to dlsw router2 and so on.

However one of the problems you can have even with the access list is if your end system brings up multiple circuits on different sap's. And if you would end up to bring up, from the branch, one circuit to head-end1 and the next one to head-end2.

In that case you get issues with the cam table of the head end switches since both head end routers are doing local ack and would send frames into the switch with the source address of the remote client. The cam table, in any given vlan, for any given mac addres, can only point to exactly one port at any time.

if each of your end systems just starts one circuit you are fine with this way. Even if you bring up a

end system with two or more circuits on different sap's it will almost certainly work as long as the

switch cam table is setup and is constantly refreshed

i.e. by rr's of the already existing circuit.

It is just something you need to keep in mind, it is not a totally clean solution.

A third way of doing it would be to configure a

static peer from the branch router to the head1end1.

and a backup peer from the branch to head-end2 with linger 0. Which means the backup peer will go away the moment the primary peer comes back up regardless of the active circuits.

In that case you have always only one router active between the branch and the head end.

The drawback of this is that the backup peer is only

backing up the tcp portion of the dlsw peer connection. If the failure is somewhere else. I.e. in the switched cloud, between the router and the host, the backup peer will not be triggered.

thanks...

Matthias

thanks.

Your reply solved my problem.

And I have another related question and I can't find detailed information on cisco.com.

Except dlsw router,I have another single router running DLSW and SNASW. How to provide redundancy for it? Just do it like previous post ? Do I need concern redundancy for SNASW ?

Config of router:

source-bridge ring-group 99

dlsw local-peer peer-id 10.1.1.254 promiscuous

dlsw icanreach netbios-exclusive

snasw cpname APPN.RTSNASW

snasw port F00 FastEthernet0/0 conntype nohpr

snasw port VDLC vdlc 99 mac 1000.2000.0000 conntype nohpr

snasw link SNA port F00 rmac 0008.e018.cc08

Hi,

i am not sure if i can fully understand your question in regards to the dlsw / snasw configuration.

In my terminology upstream is from the router to the host, downstream is from the router to the remote client.

You most likely have a branch router with dlsw peering to the router you gave the config example from. If the upstream link is "link SNA" than you would need another router, parallel which has also a upstream "link SNA" to your host, and downstream it is connected via dlsw to the branch router. The dlsw

circuit is terminated in the router. The target

mac address for the downstream clients is the mac

address configured on the snasw vdlc port. You configure the same mac address on both routers. So the downstream branch router learns the snasw vdlc

mac address via both peers. And that is how you get

redundancy in this case. For the vdlc port you can configure the key-word nns-required. That means it only accepts downstream connections when the upstream link is connected. if the upstream link fails it will reject downstream connections and they will then fall over to the parallel router. This is triggered from the branch router after the xid exchange failed.

if you need redundancy for snasw with local clients, you would configure hsrp on the two routers ethernet interfaces and define a hsrp mac-address. The hsrp mac-address is the address your clients are connecting to. The snasw port is the physical interface in this case. Hsrp is just used to make the

router listen to a particular mac address. Plus it

provides redundancy in case one router fails.

thanks...

Matthias

Hi, Matthias

thanks for your reply.

From your post, I know that I can config same vdlc mac-address on both redundancy router. But how to config CPNAME ? It's unique on APPN network. Can I config same CPNAME on both redundancy SNASW router. And on my SNA software of RS/6000 which resides on remote site would need config HOST CPNMAE.

So how to config SNASW CPNMAE when implement redundancy of SNASW ? Or my opinion is totally error.

thanks.

Hi,

The snasw routers do indeed need to have different cp names. I'm not familiar with configuration on the RS/6000, but in every SNA implementation I'm aware of there is a way to indicate you want to learn the adjacent cp name rather than configuring it. Is this HOST CPNAME part of a link definition or otherwise?

- Ray

romney
Cisco Employee
Cisco Employee

I found the RS/6000 configuration guide on-line ...

http://publibfp.boulder.ibm.com/cgi-bin/bookmgr/BOOKS/asvf4000/CONTENTS?SHELF=&DT=19940207143307#1.2.2

I took a quick glance. It looks like all you need to add is an Ethernet Link Station Profile. You should use the local APPN control point's XID, and where you specify the remote link MAC/SAP address specify the one you have configured on the VDLC port (the same in each snasw router). Say no in response to "Verify Adjacent Node?" so that you will learn the cpname of which ever snasw router you connect to.

My comments are based on the assumptions that 1) you want to have the RS/6000 connect as an APPN EN to only one snasw router at a time, 2) you have dlsw peers correctly configured to provide access over the WAN between the RS/6000 and the snasw routers, and 3) the RS/6000 is connected to it's local dlsw router via Ethernet. If any of those are incorrect then the answer will be different.

As Matthias already mentioned, there are other ways to provide redundancy (i.e. local snasw and hsrp). We can discuss these further if you want.

- Ray

Hi Ray,

thanks for your reply.

When you said "assumptions 1" , do you mean that another router will take over if current work router didn't work ? And execpt EN,how about NN and LEN ?

I use another router to provide local and remote SNA communication to S/390. It's config is like this:

source-bridge ring-group 1

!

dlsw local-peer peer-id 99.1.5.240 promiscuous

dlsw bridge-group 2

snasw cpname NET.ROUTERCP

snasw dlus NET.DEVP backup NET.DEVT

snasw port HPRIP hpr-ip FastEthernet0/0

snasw port ETH vdlc 1 mac 4000.4000.4000

snasw link OS3901 port HPRIP ip-dest 99.1.5.149

snasw link OS390 port HPRIP ip-dest 99.1.5.150

Can I provide redundancy for local and remote at the same time ? Do I need special concern about DLUS and DLUR ?

thanks!

If I code same mac-address on both redundancy router,how to config HSRP mac-address to provide redundancy for local client ?

If I code same mac-address, is there any problem about duplicate mac-address on ethernet? It like that local client can connected to vdlc mac 4000.4000.4000 . So if I code it on both router, there would be two same mac on same ethernet.

thanks!

Hi,

in general vdlc mac addresses should only be reachable via remote dlsw peers.

You code the same mac address on both routers on the snasw vdlc port. Those mac addresses are reachable from dlsw and are terminated in the router.

If you need to have redundancy for local clients at the same time you can configure hsrp with a hsrp mac-address. Simply make it the same mac address as the vdlc one, just keep in mind you have to bitswap the address.

If you do hsrp you do NOT do transparent bridging on the ethernet interface. If you dont do transparent bridging you can NOT get to the snasw vdlc mac addresses.

Your local clients are talking directly to the snasw router. There is no bridging involved in this connectivity and as such you have only one router advertising the hsrp mac-address on the ethernet. The one that is hsrp active. Just define the physical interface as snasw port. Hsrp is used to make the

router "listen" to the appropriate mac address and

provide the redundancy in case a box goes down.

As you stated if you configured bridging on the ethernet and then you need dlsw local switching to get to the snasw vdlc mac-address. In this case you have the mac address appear from two routers on the same ethernet segment which is no allowed on a ethernet segment.

If you remove the bridging from the ethernet segment and use hsrp you have it clean.

thanks...

Matthias

Hi Matthias,

If I only config HSRP and no bridging, can SNA on local ethernet work normally ? I never see this before your post.

thanks!

Hi,

the most simple way to configure snasw on a ethernet segment is to use the physcial interface as snasw port.

You can change the physcial mac address to your needs and be done.

The problem is that you can do this only on one router per ethernet segment. If you need redundancy in case of an outage of one of the routers than you have actually not that much choices.

If you use any form of transparent bridging you will

always have the same mac address advertised from two

physical routers on the same ethernet segment and this is forbidden in ethernet.

So there is not that much choice left besides to use hsrp.

It works fine and it is the recommended way to get redundancy for snasw on a ethernet segment. You are not using any bridging. Always only one router per segement is active and advertising the hsrp mac addrss. As such the ethernet switch is happy. If a switchover happens the router is sending a gratuitous arp and is changing the cam table to point to the new active hsrp router.

If you have multiple ethernet segments/vlans you can get load balancing by activating even vlans on router1 and odd vlans on router2.

With the usage of multiple hsrp groups you can even have more than one mac address active on the same segment.

In case you also have already ip addresses on your

routers you waste a view addresses for the standby stuff. If you dont use ip on these segments you need to dummy the ip addresses up, since you need an ip address to get hsrp to work.

We have certainly customers using hsrp for snasw redundancy and the number will grow the more ethernet comes into play.

thanks...

Matthias

Hi Matthias ,

thanks for all your post. It helps me so much!

Review Cisco Networking for a $25 gift card