First hands-on experience with Alcatel-Lucent OmniSwitches

Disclaimer: Thanks to ALE Deutschland GmbH, the german subsidiary of Alcatel-Lucent Enterprise, for loaning me two OmniSwitch 6450 switches.

Who’s Alcatel-Lucent Enterprise?

I’m quite sure that you know Alcatel-Lucent, a leading vendor for telecommunication and networking equipment. But do you know Alcatel-Lucent Enterprise (ALE)? In April 2015, Nokia placed an offer to buy Alcatel-Lucent for ~ 15 billion euro. Six months before, in October 2014, Alcatel-Lucent sold his enterprise business to China Huaxin. Since october 2014, ALE offers communication, cloud and networking solutions for business of all sizes. More than 2700 employees in 100 countries and 2900 partners serve solutions for more than 830000 customers worldwide. ALE offers solutions for unified communications and collaboration, which benefit from intelligent and converged networks. Solutions that scale from the local office to the cloud. Unified communication and collaboration solutions include business telephony solutions (e.g. voice, video and conferencing across the enterprise), mobility solutions (e.g. wired and wireless voice and unified communications across the enterprise and across devices) and collaboration solutions (e.g. cloud or on-premises web conferencing).

I will focus on the OmniSwitch campus access switches in this blog post.

A simple comparison

ALE has sent me two OmniSwitch 6450 (OS6450) to play with. The OS6450 is stackable gigabit and fast ethernet switch for the network and metro access. Depending on the model, the OS6450 has 24 or 48 RJ-45 ports and two SFP+ tranceiver slots for 1 GigE or 10 GigE uplinks. There is also a model with 22 SFP slots, as well as models with PoE+ and without PoE. Up to 8 switches can be added to a single stack. The HW for the fast ethernet switches is gigabit ethernet capable, so a simple software license can upgrade a fast ethernet to a gigabit ethernet switch. You can also upgrade a 1 GbE uplink to a 10 GbE uplink by adding a license key. Optional metro ethernet features (e.g. IEEE 802.1ad Provider Bridge, IEEE 802.1ag Ethernet OAM or ITU-T G.8032 Ethernet Ring Protection) can easily added with a software license. The OS6450 can do basic L3 routing (static and RIP) and it supports IPv4, IPv6 and OpenFlow. A complete overview over the ALE campus and data center switch products can be found in this product brochure.

With which devices can the OS6450 be compared? I have chosen two switches from competitors and set them into comparsion with a OS6450: The HP 2920-48G-POE+ and a Cisco Catalyst 2960X-48LPD-L. All switches have 48 gigabit ethernet ports and PoE+ support. Please note that this is only a comparison based on specs. Just to get a feeling for the range.

OS6450-P48 HP 2920-48G-POE+ Cisco Catalyst 2960X-48LPD-L
Ports 48x RJ-45 10/100/1000 ports2x SFP+ Transceivoer Slots (10 Gigabit capable with additional software license)2x Expansion slots for Stacking, SFP(+) or RJ-45 Uplinks 44x RJ-45 10/100/1000 ports + 4x SFP+/ RJ-45 dual personality2x Expansion slots with 2 Ports for Stacking, SFP(+) or RJ-45 Uplinks
Power Supplies Internal power supply, internal RPS possible Internal power supply, external RPS possible
Switching throughput 131.0 Mpps 131.0 Mpps
Switching capacity 176 Gbps 176 Gbps
Stacking capacity 40 Gb/s  80 Gb/s
Switching latency < 4 µs < 4 µs
MAC table size 16000 entries 16000 entries
Max. VLANs 4000 256
Routing Protocols Static routing and RIP, IPv4 and IPv6 Static routing and RIP, IPv4 and IPv6
Routing Table (unicast, direct routes) 256 entries for IPv4 and 128 entries for IPv6 2048 entries for IPv4 and 256 entries for IPv6
Protocols and Features Nearly no difference. All switches support a common set of features and protocols.
Datasheet Link to ALE Link to HP

As you can see: Not much differences. And that proves once again: Switches are commodities. And because of this, it’s not a question of hardware, it’s about the ecosystem around, OPEX and your connection to your favorite VAR.

If it is not the hardware, why should I draw ALE into consideration? ALE offers the vision of the Application Fluent Network…

The Application Fluent Network

To support the requirements in the best possible way, ALE has developed the vision and the products for the Application Fluent Network. The Application Fluent Network is based upon three components:

  • a resilient architecture,
  • streamlined operations, and
  • automatic control

A resilient architecture is often a simplified, lean architecture. In the context of networking, a simplified and lean architecture is often based upon two (core and access layer), and not three tiers (core, distribution, access). Streamlined operations mean automatic provisioning of switches and enpoints, such as WiFi access points, converged management for data and voice, centralized troubleshooting and a common OS for all switches. Automatic control describes how the requirements of users and application, like VLAN, ACL or QoS settings, are automatically applied by profiles, policies and auto-sensing of users and endpoints.

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

Needless to say that software defined networking (SDN) is an important part of the Application Fluent Network. Most switch models offer RESTful API, Python, OpenFlow and OpenStack integration. If you are interested to see, how ALE OmniSwitches can be integrated with VMware NSX, check this whitepaper: VMware NSX and OmniSwitch 6900 interoperability setup. You can’t manage what you don’t know. To address this, ALE developed the OmniSwitch 6860. On the first look a classy high-density gigabit ethernet switch. But under the hood, ALE added a hardware-based application recognition engine. This engine allows the switch to detect the traffic of more than 2000 applications in real time. This capability can be used to apply policies to business-critical applications like Citrix XenApp/ XenDesktop (ICA protocols) or communications applications using Session Initiation Protocol (SIP). If you want to read more about this, check out this whitepaper: Delivering application analytics for an Application Fluent Network.

Lab setup

The two OS6450 are stacked, so the two physical switches form a virtual chassis/ logical switch. My lab equipment is connected to both switches, e.g. each ESXi host has two 1 GbE links to each OS6450. My Synology DS414slim is connected with a LACP LAG, spanning both switches. The OS6450 is configured with multiple VLANs and it does L3 routing between the VLANs and to my lab firewall.

The setup was really easy. With the correct slot number assignment, the stack is formed automatically. Both switches had a stacking module, so all I had to do was plug in the stacking cable and turn on the switches on.

Welcome to the Alcatel-Lucent OmniSwitch 6450
Software Version 6.6.5.63.R02 GA, December 16, 2014.

Copyright(c), 1994-2014 Alcatel-Lucent. All Rights reserved.

OmniSwitch(TM) is a trademark of Alcatel-Lucent registered
in the United States Patent and Trademark Office.

-> show stack topology
                                         Link A  Link A          Link B  Link B
NI      Role      State   Saved  Link A  Remote  Remote  Link B  Remote  Remote
                          Slot   State   NI      Port    State   NI      Port
----+-----------+--------+------+-------+-------+-------+-------+-------+-------
   1 PRIMARY     RUNNING    1    UP          2   StackB  DOWN        0        0
   2 SECONDARY   RUNNING    2    DOWN        0        0  UP          1   StackA

->

The switches are running AOS 6.6.5 R02. The current release is 6.7.1 R01. Unfortunately there is no public download available. You need access to the business partner portal. Contact your VAR so he can assist you.

I’m a CLI guy. For the configuration, I’ve used the CLI. The CLI is nothing special. The command set differs from Cisco or HP, but the same applies to Juniper Junos or Arista EOS. If you have understood the technology, then the rest is syntax. Get the CLI guide and everything will be fine. Let’s go through the configuration of my stack.

There is no configuration mode. Each command you enter will be immediately effective. AOS knows to different operation modes:

  • working, and
  • certified

In working mode you can modify the configuration, but not in certified mode. During the boot process, working and certified config were compared and if they differ, the switch will use the certified config. If you have changed the switch config and you messed it up… just reboot the switch. Just a few lines to get a brief overview over the CLI and configuration steps.

First, the switch needs a name, a system contact, date/ time etc.

system name OS6540-Stack
system contact "Patrick Terlisten"
system location "ML Network GmbH"
system timezone CET
system daylight savings time enable

To add an NTP server, just enter:

ntp server 192.168.200.65 key 0 version 4 minpoll 6
ntp client enable

To create a VLAN with the ID 2 and the name “Management” enter:

vlan 2 enable name "Management"

To assign a specific VLAN to a port, use this command.:

vlan 2 port default 1/13
vlan 2 port default 2/13

With this command, the port 13 on the first and second chassis is assigned to VLAN 2. This is similar to an access port (Cisco IOS or HP Comware). If you need 802.1Q VLAN tags, use

vlan 2-6 100 200 802.1q 1/1 "ESX1 Onboard Port 1"

to configure a port for the VLANs 2 to 6, 100 and 200. For inter-VLAN routing you need to add IP interfaces to the VLANs. With

ip interface "SVI VLAN 2" address 192.168.200.62 mask 255.255.255.224 vlan 2

you create an interface with the IPv4 address 192.168.200.62 in VLAN 2. If you need an IPv6 address, you need two steps. First, you have to create an IPv6 interface. During this step, a IPv6 link-local IP address is assigned. In a second step, an IPv6 address is assigned (in this case a unique local address).

ipv6 interface "IPv6 SVI VLAN 2" vlan 2
ipv6 address fdda:28ad:487:2:ffff:ffff:ffff:fffe/64 "IPv6 SVI VLAN 2"

To configure Spanning Tree and set the bridge priority to 0, enter:

bridge mode flat
bridge 1 priority 0

Bridge mode flat implies a single spanning tree instance, whereas mode 1x1 is similar to Ciscos PVST. With

bridge mode 1x1 pvst+ enable

you can enable PVST+ interoperability mode. IP helper addresses are also something really fundamental. It’s no problem to configure multiple addresses.

ip helper per-vlan only
ip helper address 192.168.200.65 vlan 3
ip helper address 192.168.200.65 vlan 4

The first command enables per-vlan IP helper addresses. The next commands configure 192.168.200.65 as helper address for VLAN 3 and 4. To save the configuration use

-> write memory
File /flash/working/boot.cfg replaced.
This file may be overwritten if "takeover" is executed before "certify"

and

-> copy working certified flash-synchro
Setting CERTIFY Timeout for 800 seconds
from /flash/working to /flash/certified
Copying boot.cfg                             ....................          completed

CERTIFY process completed successfully
Flash Synchronization process started
+++ == CSM == Stack 1 Certify process Completed
+++ == CSM == Stack 2 Certify process Completed
Flash Synchronization process completed successfully

The first command saves the running configuration to the working configuration. The next command saves the working configuration to the certified configuration and synchronizes the configuration between the stack members. Sometimes you need to take a look into the logs. With

-> show log swlog level alarm
Displaying file contents for '/flash/swlog2.log'
FILEID: fileName[/flash/swlog2.log], endPtr[63779],  configSize[64000], mode[2]
Time Stamp               Application    Level   Log Message
------------------------+--------------+-------+--------------------------------
THU NOV 30 01:20:50 2000    DHCP-SERVER   alarm Load initial policy file failed.  Error=13893637
THU NOV 30 01:20:50 2000    DHCP-SERVER   alarm Cannot open QDHCP configuration file: /flash/switch/dhcpd.conf.  Error=13893637
THU NOV 30 01:20:50 2000    DHCP-SERVER   alarm Cannot open QDHCP configuration file: /flash/switch/dhcpd.conf.lastgood.  Error=
THU NOV 30 01:20:50 2000    DHCP-SERVER   alarm [Count.]13893637

you get a listing of all alarm messages. But you can also use one of the other log levels:

-> show log swlog level ?
                       ^
                       WARNING OFF INFO ERROR DEBUG3 DEBUG2 DEBUG1 ALERT ALARM
                       <num>
 (System Service & File Mgmt Command Set)

AOS also has a web interface, called Web View. I haven’t played much with it. It’s not a beauty, but it’s fast and suitable suitable for all non-networking nerds.

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

What is coming?

This is only a first look. I really like the OmniSwitches, and I like the approach to score with added value, and not with “feature fucking”. The next step is to get OmniVista 2500 Network Management System  up and running in my lab. I will certainly write about it. Stay tuned for more ALE OmniSwitch content on vcloudnine.de.