The premiere source of truth powering network automation. Open and extensible, trusted by thousands.
NetBox is now available as a managed cloud solution! Stop worrying about your tooling and get back to building networks.
An Introduction to the Force10 S25N
By stretch | Wednesday, November 3, 2010 at 12:23 a.m. UTC
In September I had the honor of attending Gestalt IT's first Networking Tech Field Day, where a dozen of us bloggers got to talk with engineers from several prominent networking companies. One of these companies was Force10 Networks, which specializes in high-throughput (10G+) Ethernet switching and routing. Force10 has generously sponsored one of their products, an S25N datacenter switch for the community lab, and I hope to have it available for public use in the next week or so.
Similarities to Cisco IOS
To get acquainted with the device, I walked through the quick start guide. The first thing I noticed, as anyone with Cisco experience will, is that the CLI interface to Force10's operating system, FTOS, is very similar to Cisco's IOS. This is great, as it greatly reduces the learning curve for anyone with prior experience configuring IOS. Some similarities include:
- Three CLI modes (exec, privileged exec, configuration)
- Question mark for context-sensitive help
- Tab auto-completion
- UNIX-like shortcut keys (up arrow, ctrl+a, ctrl+e, etc.)
- Use of the preceding keyword
noto negate commands - The
showcommand is used to glean information - Output filtering with the pipe character
- The
docommand is used to issue exec commands from configuration mode - Running and startup configurations
Here's an example of the CLI as accessed from a freshly-booted switch:
Force10> Force10> ? disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature quit Exit from the EXEC show Show running system information ssh Open a SSH connection ssh-peer-stack-unit Open a SSH connection to the peer Stack-unit tdr-cable-test Start diagnostics (TDR test) for the cable telnet Open a telnet connection telnet-peer-stack-unit Open a telnet connection to the peer Stack-unit terminal Set terminal line parameters test Test function traceroute Trace route to destination Force10> enable Force10#00:20:51: %STKUNIT0-M:CP %SEC-4-ENABLE_PASSW_NOT_CONFIGURED: Enable password is required for authentication but not configured 00:20:51: %STKUNIT0-M:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on console Force10# configure Force10(conf)# hostname MyFirstS25 MyFirstS25(conf)# interface g0/1 MyFirstS25(conf-if-gi-0/1)# description Bldg 123 MyFirstS25(conf-if-gi-0/1)# ip address 192.168.0.1/24 MyFirstS25(conf-if-gi-0/1)# ipv6 address 2001:db8:0:f10::1/64 MyFirstS25(conf-if-gi-0/1)# no shutdown MyFirstS25(conf-if-gi-0/1)#
Observe that the above commands are nearly identical to Cisco IOS, with the exception that the subnet mask for the IPv4 interface address is specified in CIDR notation rather than dotted-decimal (though I'm guessing that this is not an unwelcome change for most of us). FTOS also sports a handy command which allows you to view the configuration of an interface quickly, directly from interface configuration mode:
MyFirstS25(conf-if-gi-0/1)# show config ! interface GigabitEthernet 0/1 description Bldg 123 ip address 192.168.0.1/24 ipv6 address 2001:db8::1/64 ipv6 address 2001:db8:0:f10::1/64 no shutdown
Look familiar? In fact, the entire configuration of the device might easily be mistaken for an IOS configuration at first glance:
MyFirstS25# show running-config Current Configuration ... ! Version 8.3.2.0 ! Last configuration change at Thu Jan 2 00:19:22 1997 by default ! redundancy auto-synchronize full ! hardware watchdog ! hostname MyFirstS25 ! protocol spanning-tree pvst no disable ! stack-unit 0 provision S25N ! interface GigabitEthernet 0/1 description Bldg 123 ip address 192.168.0.1/24 ipv6 address 2001:db8::1/64 ipv6 address 2001:db8:0:f10::1/64 no shutdown ! interface GigabitEthernet 0/2 no ip address shutdown ! ... ! interface GigabitEthernet 0/24 no ip address shutdown ! interface Vlan 1 ! line console 0 logging synchronous level 2 limit 20 line vty 0 line vty 1 line vty 2 line vty 3 line vty 4 line vty 5 line vty 6 line vty 7 line vty 8 line vty 9 ! end
Some Fundamental FTOS Configuration
Given that we already know so much of FTOS' configuration syntax thanks to IOS, let's look at some FTOS-specific syntaxes.
One aspect of configuration that's quite different under FTOS is VLAN assignment for both trunking and access ports. Assignment of a physical interface to a VLAN is done under VLAN interface (SVI) configuration, after setting the appropriate physical interface(s) to L2 mode with the switchport command. This is opposite of the IOS approach, where VLANs are assigned under interface configuration.
MyFirstS25(conf)# interface g0/2 MyFirstS25(conf-if-gi-0/2)# switchport MyFirstS25(conf-if-gi-0/2)# interface vlan10 MyFirstS25(conf-if-vl-10)# untagged g0/2 MyFirstS25(conf-if-vl-10)# untagged g0/3 % Error: Port is not in Layer-2 mode Gi 0/3. MyFirstS25(conf-if-vl-10)#
Note that we cannot assign an interface to a VLAN until we have designated it as a layer two port; all interfaces operate at layer three by default interfaces must be designated as either switched or routed before they may pass traffic (thanks Venkat). IEEE 802.1Q trunks are defined in a similar manner, with the tagged command.
interface Vlan 11 no ip address tagged GigabitEthernet 0/13 ! interface Vlan 12 no ip address tagged GigabitEthernet 0/13 ! interface Vlan 13 no ip address tagged GigabitEthernet 0/13
This may take a moment to wrap one's head around, and (for now, at least) I think I prefer the IOS approach. At any rate, expect to see some articles featuring Force10's FTOS in the near future. Oh, I almost forgot to save my configuration. Hmm, I wonder if that's the same as IOS too...
MyFirstS25# copy run start File with same name already exist. Proceed to copy the file [confirm yes/no]: y ! 2467 bytes successfully copied
Yep. (By the way, write also works, and doesn't prompt for confirmation.)
Comments
November 3, 2010 at 1:04 a.m. UTC
I much prefer the FTOS way of doing VLANs. You can see VLAN membership all in one place. Show VLAN becomes an even more critical command. It's also nice because you can make a template and push it out to hundreds of switches (as I did in a Force10 deployment a few months ago) without having to set different config parameters on the interfaces. The concept of tagged/untagged makes much more sense logically than trunk/access.
Also, it should be mentioned that FTOS doesnt support CDP or EIGRP, for obvious reasons, but does in fact support the (better) standards: LLDP and OSPF, respectively.
November 3, 2010 at 1:43 a.m. UTC
It gets even worse on Juniper switches - you can define both. In fact Juniper's recommended design is to define tagged vlans on the port level, and the define untagged vlans at the vlan level.
For now Im keeping it all on the interface, because we have a bunch of IOS/JunOS networks and its easier to keep a consistant pattern.
Kurt (@networkjanitor)
November 3, 2010 at 4:34 a.m. UTC
Another difference is the "grep" statment. There is no "include" in FTOS.
For example
show runn | grep desc
or just
sh runn | g desc
November 3, 2010 at 7:36 a.m. UTC
Guess syntax is a hybrid of a HP ProCurve OS and Cisco IOS. Force10 L3 switches seems really cheap compared to other vendor products, it would be excellent if you could provide some feedback about this switch performance. We are about to buy few new 10G switches for our data center, Force10 looks really tempting.
November 3, 2010 at 12:36 p.m. UTC
I agree with IPv6Freely that using tagged/untagged terminology makes more sense than trunk/access.
While both are correct I find the tagged/untagged line of thought encourages you to think more about what is actually happening at the frame level. Using tagged/untagged terminology on a day-to-day basis would help all of the system engineers who don't realize that an access port is actually UNtagged.
November 3, 2010 at 1:04 p.m. UTC
ha ha, I saw this is thought is was the S4810, NSL, but nice draw for the lab
November 3, 2010 at 1:57 p.m. UTC
Constructing a CLI comparable to that of the IOS was a wise choice. The use of CIDR notation, and the ability to view the configuration of an interface from interface configuration mode are nuances that I can appreciate.
If their feature set was comparable, and the price more favorable, I'd certainly give them a look.
Today will be the first day I will have looked at their web site. Thanks for the introduction.
November 3, 2010 at 1:59 p.m. UTC
We've been using the S50n for ~6 mo now in a stacked configuration and it's been working great. We haven't upgraded to 10GE yet but should be doing that in the near future.
November 3, 2010 at 2:13 p.m. UTC
I have hundreds of the Force10 S50Ns in production in a large network - I would not say they are 100% as solid as a Cisco but they are a good, high bandwidth, inexpensive alternative. There are certainly a lot of things I like better - such as the VLAN config the previous poster mentioned. Plus, they have full functionality without having to add annoying software like Cisco. If you need a fast TOR or distribution layer device, I would recommend them.
November 3, 2010 at 9:43 p.m. UTC
@kwbales: I wouldnt say JUNOS is "worse". More like.. its flexible to the point that you can complicate things. Just follow best practice and you'll be fine. (and make use of interface-range)
@Didzis: Not really. Its probably 99% IOS with some minor changes, some of which is somewhat similar to HP. In my opinion, FTOS is better than IOS, except for the features lacking, like reflexive ACLs (and being able to specify ICMP types in ACLs)
The F10 10GigE performance is quite wonderful. I don't have figures in front of me, but the large campus rollout I did of S50V's and C-Series chassis was flawless and easy to configure. However, you have to keep in mind that while FTOS works the same as IOS, it's not the same under the covers - so who knows how stable it is (not that I've had any issues besides a minor bug on the C-Series).
I'd recommend them for a campus or something that isn't EXTREMELY mission critical. But for the price difference, you could always have full redundancy built in, as well as a couple spares sitting on a shelf.
Oh, and they also have no issues with 3rd party SFPs.
November 4, 2010 at 1:02 p.m. UTC
stretch, could you please take a closer look at the power consumption? how reliable are the specs?
November 4, 2010 at 6:48 p.m. UTC
@IPv6Freely: I guess Didzis was thinking in terms of the Tagged/Untagged VLAN assignment as that is identical to ProCurve. I know after being Cisco only then getting trained up on ProCurve (I work for HP...) it is a massive difference and you then associate Tagged/Untagged with HP only.
Thanks to Force10 and Stretch we know now otherwise though ;-)
November 5, 2010 at 7:31 a.m. UTC
The 'show config' command is very nice. As a matter of fact, Huawei routers have that command too, it's 'display this'.
November 5, 2010 at 3:11 p.m. UTC
You can use EEM to add a similar configuration review command under IOS, take a look at:
http://wiki.nil.com/Display_configuration_sections_while_configuring_the_router
November 7, 2010 at 9:48 a.m. UTC
Reminds me of Foundry/Brocade. Very easy to configure.
Also has the tagged/untagged format which I much prefer
November 10, 2010 at 1:45 p.m. UTC
We checked out this switch a while back and couldn't commit to buying because we have some older 7940 and 7960 phones which we could not figure out how to get to work right.
The problem was you would have to go to the phone and manually insert the administrative vlan before the phone would register. I think this is usually done somehow via CDP and since the switch only supports LLDP and the phones only support CDP it would not work.
I would like to hear if anyone has had this issue and how it was resolved.
November 14, 2010 at 1:32 p.m. UTC
Good Article stretch.. I would like to clarify that by default all interfaces are neither L2 nor L3. It means when you send packet to an interface which has default config ("no shut" configured), all packets would be dropped unless that interface is configured with L2 ("switchport") or L3 ("ip address")...
Thanks,
Venkat
Force10 TAC
November 15, 2010 at 4:52 a.m. UTC
That is pretty clever of Force10, having the default config for the ports as "no shut", it makes it a lot easier to clear vlan information, when you need to clear or reset a switch. You dont have the issue of the default switchport mode being dynamic desirable as you have on Cisco switches, which can be hassle as it will form a trunk if the opposite port is in default dynamic desirable or trunk mode. If it forms a trunk, with VTP is running, and the switch whic is connected to the reset switch happens to have a lower bridge ID, or a VLAN domain name other than null, it will pull the VLAN information although it is by default a VTP Server.
November 15, 2010 at 2:06 p.m. UTC
Let me clarify, Default configuration on a port is "no ip address, shutdown".
F10#show run int gi 0/1 ! interface GigabitEthernet 0/1 no ip address shutdown F10#
I meant default configuration along with "no shutdown" command in previous comment..
November 16, 2010 at 2:59 a.m. UTC
Interesting... stp seems to be disabled by default.
Force10#show spanning-tree 0 % Error: No active spanning tree. Force10#conf t Force10(conf)#protocol spanning-tree 0 Force10(conf-stp)#no disable Force10(conf-stp)# 00:36:15: %STKUNIT0-M:CP %SPANMGR-5-STP_ROOT_CHANGE: STP root changed. My Bridge ID: 32768:0001.e8d6.7b25 Old Root: 32768:0000.0000.0000 New Root: 32768:0001.e8d6.7b25 Force10(conf-stp)#
December 12, 2010 at 4:05 p.m. UTC
Very good switching company. Last year they add MPLS to thier Terascale Switches and their command line is so CISCO like! enjoy
June 19, 2012 at 7:16 a.m. UTC
good