Layer 2 port-channel flood
Hi all,
I was wondering if you may be able to help me, hopefully I will provide enough information.
The background to my problem is this. Every Tuesday morning around 10AM we were experiencing network slowdowns, after many weeks fault finding I have narrowed it down to two backup jobs and two vlans. These are quite substantial backup jobs each 100GB in size.
The servers that are being backed-up are behind an ISA server which is controlling the routing for the subnets that these servers use. The ISA servers are load balanced using Microsoft NLB. It is thought by our security expert that this is the best way to secure these servers.
On our core switch (6513) we have a static route pointing to these subnets and the vlans are defined. Here is the basic config of one of the vlans:-
interface Vlan121
description DB vlan
no ip address
ip flow ingress
ip flow egress
end
ip route 192.168.221.0 255.255.255.0 192.168.219.10
I have managed to stop the flooding going to the user switches by denying the 121 vlan on the port-channels. The issue is still apparent however on our top of rack switches (server switches). The reason for this is, there are servers that require vlan 121 on nearly every top of rack switch.
If anyone can recommend a solution to this problem other than limiting vlans, I would greatly appreciate it.
If you require any further information, please let me know.
Kind regards,
Jamie.
Hi Jon, let me see if I can answer your questions.
There are four VLANs that reside behind the ISA VLAN -121, 122, 123 and 124. Any traffic that requires access to these VLANs have to pass through the ISA because the ISA dcontrols all the routing for the subnets associated with these VLANs.
The server that we are backing up lives on a VLAN 124 and the actual backup server lives on a VLAN outside of the protected VLANs. For the sake of argument lets say that the backup server is shown as the PC on VLAN 156.
When the 90GB backup is initiated, the traffic propagates to all trunk ports throughout the network. I see traffic running at 500Mbps and it can last for up to 20 hours.
I have managed to stop the flood to all the user switches by denying the VLANs stated above. The problem is, I can't deny those VLANs to other top of rack switches because there is at lease one server in each switch that requires one of the VLANs.
In a nutshell, when large amounts of traffic pass through VLAN 666 (ISA) we see it flood to all trunk ports. We think this could be due to the nature of MLB forming a virtual MAC address. The core doesn't know about the MAC address so it sends a unicast flood to find out where it is.
If you have any ideas please let me know.
J.
Similar Messages
-
Port channel as a layer 3 interface
I have just inherited a very complex network and noticed in the config, for a cat-6513 with layer 3, the following:
interface Port-channel34
ip address 10.20.4.10 255.255.255.252
What would be a rationale for making a port-channel a layer 3 port?
thanks.in the case of a portChannel as an L3 entity, it allows for the added capacity/redundancy of the link as well as provides the layer 3 topology either wanted or in some instances, required, such as when you need to make a multilink connection to a router from your switch.
or perhaps you have a routed core infrastructure created in your L3 environment and you wish to increase the capacity of the links between devices without using VTP/trunking. -
N7K Port Channel Layer 3 VLAN Question
I have 2 N7K switches and would like to connect them via port channel and put the channel in VLAN 101. I have the following config, does it make sense? Thanks in advance!
interface eth 3/1
switchport
channel-group 101 mode active
interface eth 3/2
switchport
channel-group 101 mode active
interface port-channel 101
switchport
switchport mode access
switchport access vlan 10
spanning-tree network type edge
interface vlan 10
ip address 10.1.1.1/24Could be something like this in the both sides (if the port numbers match):
conf t
feature lacp
feature interface-vlan
interface eth 3/1
switchport
channel-group 101 mode active
interface eth 3/2
switchport
channel-group 101 mode active
interface port-channel 101
switchport
switchport mode access
switchport access vlan 101
spanning-tree port type network
interface vlan 101
ip address 10.1.1.1/24
no shut
end
vlan 101
end
*(This ip address will be available in only one box, you can use a FHRP as well, to increase the level of reachability) -
Right way of configuring higher MTU over a Port Channel
Hi guys,
I have a running critical Port-Channel between two locations.
Here's the config
SW1:
interface Port-channel2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
end
interface GigabitEthernet1/45
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
end
interface GigabitEthernet1/46
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode active
end
SW2
interface GigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode passive
end
interface GigabitEthernet1/2
switchport trunk encapsulation dot1q
switchport mode trunk
channel-protocol lacp
channel-group 2 mode passive
end
interface Port-channel2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
end
Now I need to increase the MTU from default value to 9198. What the right way to do it and avoid any connectivity loss, PortChannel restart.
Does it matter what switch I start first?
Thanks!
L.E. both SW are WS-C4948Hi,
Because you are using layer 2 interfaces - there is no fragmentation support at layer 2, and interfaces receiving frames which have an unsupported size will be dropped.
I think the best way for you to proceed is to lab this up; and verify what happens - it may be that you need to make changes on switches at either end of the channel within a very short time frame to prevent too large an outage.
When you are ready to maike your change - think the best way to do this is to use the interface range command, and apply the 'mtu' command to all the interfaces in this range. I don't think it matters which switch you apply this change to first, and I don't believe if you are hinting at the 802.3ad (controlled by system-priority) decision maker, that it makes any difference.
HTH
Mike -
Interfaces in port-channel keep err-disabling because of keepalives
Below is the current portchannel that I am having problems with. The interfaces on Switch A keep going into an error disabled state because they receive their own loopback. Cisco says to disable keepalives and that it will fix the problem, but I do not like the idea of disabling keepalives. Has anyone found a solution other than disabling keepalives? Notice that ios's are different, but am not convinced that this is the issue. Also one is PoE and the other isn't. Lastly, i found this article "Keepalives are sent on all interfaces by default in Cisco IOS Software Release 12.1EA-based software. In Cisco IOS Software Release 12.2SE-based software and later, keepalives are not sent by default on fiber and uplink interfaces". I would think trunked interfaces in a port-channel would be uplink interfaces and if this is true, it should be sending out keepalives anyway since i am running the 12.2SE based ios. Thanks for whatever input you may have.
Switch A
C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
System image file is "flash:/c3750e-universalk9-mz.122-55.SE3/c3750e-universalk9-mz.122-55.SE3.bin"
cisco WS-C3750X-48P
Port-channels in the group:
Port-channel: Po52
Age of the Port-channel = 219d:04h:32m:49s
Logical slot/port = 10/39 Number of ports = 4
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Gi1/0/35 On 0
0 00 Gi1/0/36 On 0
0 00 Gi2/0/45 On 0
0 00 Gi2/0/46 On 0
%ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/35.
%PM-4-ERR_DISABLE: loopback error detected on Gi1/0/35, putting Gi1/0/35 in err-disable state
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel39, changed state to down
%LINK-3-UPDOWN: Interface Port-channel39, changed state to down
Switch B
C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
System image file is "flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin"
cisco WS-C3750X-48
Port-channels in the group:
Port-channel: Po52
Age of the Port-channel = 443d:18h:43m:06s
Logical slot/port = 10/39 Number of ports = 4
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Gi1/0/35 On 0
0 00 Gi1/0/36 On 0
0 00 Gi1/0/45 On 0
0 00 Gi1/0/46 On 0PER CISCO
Symptom:
An interface on a Catalyst switch is errordisabled after detecting a loopback.
Mar 7 03:20:40: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on
GigabitEthernet0/2. The port is forced to linkdown.
Mar 7 03:20:42: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state
to administratively down
Mar 7 03:20:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/2, changed state to down
Conditions:
This might be seen on a Catalyst 2940, 2950, 2950-LRE, 2955, 2970, 3550, 3560
or 3750 switch running 12.1EA or 12.2SE based code.
Workaround:
Disable keepalives by using the no keepalive interface command. This
will prevent the port from being errdisabled, but it does not resolve the root
cause of the problem. Please see section below for more information.
Additional Information:
The problem occurs because the keepalive packet is looped back to the port that
sent the keepalive. There is a loop in the network. Although disabling the
keepalive will prevent the interface from being errdisabled, it will not remove
the loop.
The problem is aggravated if there are a large number of Topology Change
Notifications on the network. When a switch receives a BPDU with the Topology
Change bit set, the switch will fast age the MAC Address table. When this
happens, the number of flooded packets increases because the MAC Address table
is empty. -
i have an sg300-28 running the latest firmware, and would like some insight on port-channel options. below are the port configs i have for a LAG to my router. i am currently using 802.3ad with LACP. my router is a linux machine pulling duty as a basic (no dynamic routing) router, firewall and internet gateway. the bonding options on the routers side explained at
http://docs.fedoraproject.org/en-US/Fedora/16/html/System_Administrators_Guide/sec-Using_Channel_Bonding.html. the mode is 4 or 802.3ad and the xmit_hash_policy is 2 or layer2+3. i also have 2 servers setup in a similar fashion with 2 interfaces in a LAG.
when i run a bandwidth test, iperf, between the two servers, i only get 900+ mbps which indicates that the GB ports are running fine. this also indicates to me that the traffic is not being "striped" across the port-channeled interfaces, thereby giving me the aggregated bandwidth of all interfaces in the LAG. i have found no options to use the balance-xor mode to create port-channels, which as i understand it, would aggregate the total bandwidth of all interfaces in the LAG. is the sg300 capable of creating a LAG that will combine the throughput of all the members of the LAG? for example, create a 2 GB pipe when 2 interfaces are port-channeled? is the balance-xor mode what would do this (regardless of the sg300's ability to do this)
interface gigabitethernet25
description "Port Channel to Router"
channel-group 1 mode auto
lldp notifications enable
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
lldp management-address automatic
interface gigabitethernet26
description "Port Channel to Router"
channel-group 1 mode auto
lldp notifications enable
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
lldp management-address automatic
interface gigabitethernet27
description "Port Channel to Router"
channel-group 1 mode auto
lldp notifications enable
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
lldp management-address automatic
interface gigabitethernet28
description "Port Channel to Router"
channel-group 1 mode auto
lldp notifications enable
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
lldp management-address automatic
interface Port-channel1
description "Port Channel to Router"
switchport mode general
switchport general allowed vlan add 2-3,25,37,50,52,253-255 tagged
switchport general pvid 255Hi Brendan,
You said "i only get 900+ mbps which indicates that the GB ports are running fine. this also indicates to me that the traffic is not being "striped" across the port-channeled interfaces, thereby giving me the aggregated bandwidth of all interfaces in the LAG. i have found no options to use the balance-xor mode to create port-channels, which as i understand it, would aggregate the total bandwidth of all interfaces in the LAG."
As the Admin guide says on page 130, http://www.cisco.com/en/US/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf
Load Balancing
Traffic forwarded to a LAG is load-balanced across the active member ports, thus achieving an effective bandwidth close to the aggregate bandwidth of all the active member ports of the LAG.
Traffic load balancing over the active member ports of a LAG is managed by a hash-based distribution function that distributes Unicast and Multicast traffic based on Layer 2 or Layer 3 packet header information.
The switch supports two modes of load balancing:
By MAC Addresses—Based on the destination and source MAC addresses of all packets.
By IP and MAC Addresses—Based on the destination and source IP addresses for IP packets, and destination and source MAC addresses for
non-IP packets.
So, an IP host running running IPERF maybe checking unicast throughput between the two IP hosts. There will be a Source and Desination IP address in that test. The switch will direct the traffic over one of the LAG port members . It wont Round robin the unicast traffic over multiple LAG ports, if the Source and Desination IP address of the traffic is the same. .
If the PC running IPerf, had another concurrent IPerf session to another or different IP host, the hash algorithm on the switch may direct that stream , maybe, over a different physical LAG interface.
So your comment about achieving 900+mbps sounds normal Yes LAG spreads the load, the benefit comes when lots of hosts on both sides of the switches.
You hay find with just two hosts on either side of a LAG, that the switch may run the traffic between two hosts over just one member of the LAG group.
regards Dave -
How to troubleshooting port channel in N7K
i find N5K
http://www.cisco.com/c/en/us/support/docs/switches/nexus-5000-series-switches/116199-technote-stp-00.html
i notice distribution switch has root guard block log
does it mean that looping has occured yesterday?
i use command below do not have yesterday record
show spanning-tree internal event-history tree 1 brief | in "2015:03:15 10"
first core is root switch
now port channel shutdown in first core and use port channel in second core. How can i see which problem has occurred in port channel ?
how to know which port has problem ?
how to know which vlan caused the problem ?
we notice one of access switch has lost config, will it affect the distribution layer switch?
i remember that yesterday i just get log with filezilla after configure notebook same vlan and same network with the testing access switchNot sure if youre after the portchannel bandwidth or port-channel speed... If you really want to get an insight on the bandwidth usage, get SNMP on both sides, actively monitor the port channel and interfaces (real time by frequent polling)
And you could get two endpoints @ 10 gb nics that are bundled, then 'thrash' the link, end to end. I use iperf, you could use big ftp transfers to test and see what performance is. You'll get the rate / speed in which the links are operating 'end to end'
It may mean that the ports are @10gb full duplex, but the overall bandwidth is 20gb
Sent from Cisco Technical Support iPhone App -
FabricPath vPC port-channel err-disabled CE Vlan?
I have a pair of Nexus 56128 configured with fabric path and vpc+. The Nexus pair has UCS connected downstream using vpc port-channels. When a Vlan is in mode fabricpath, it's ok for the vpc+ peer-link and the vpc port-channel to UCS. However when I changed the vlan to classic Ethernet, it's err-diabled in the vpc port-channels.
Is this the normal behavior of fabric path domain? In other words, CE Vlans and fabric path Vlans cannot use the same Layer 2 path, correct?
If I need to transport CE Vlans and fabric path Vlans from Nexus (fabric path vpc+) to UCS, I have to use a separate non-vpc port-channel for the CE Vlans between each Nexus and UCS?
ThanksI have a pair of Nexus 56128 configured with fabric path and vpc+. The Nexus pair has UCS connected downstream using vpc port-channels. When a Vlan is in mode fabricpath, it's ok for the vpc+ peer-link and the vpc port-channel to UCS. However when I changed the vlan to classic Ethernet, it's err-diabled in the vpc port-channels.
Is this the normal behavior of fabric path domain? In other words, CE Vlans and fabric path Vlans cannot use the same Layer 2 path, correct?
If I need to transport CE Vlans and fabric path Vlans from Nexus (fabric path vpc+) to UCS, I have to use a separate non-vpc port-channel for the CE Vlans between each Nexus and UCS?
Thanks -
Stacking 3750s and Port Channel
We're replacing legacy switches with 3750s in the coming months, and I have a question about stacking and port channel.
The 3750s will be Layer 2 switches, and each will be uplinked via Gigabit fiber to a pair of 6500s acting as Layer 3 distribution switches.
One thing I'm not sure about is if it will be possible to built Port Channel links for 2, 3, or 4 GB across different switches, or if I can only put Port Channels on the same switch. My understanding is with stacking it appears as one big switch and I can built Port Channels however I want, but am not 100% if this design will work.You can certainly configure EtherChannels across different 3750s in the same stack, thus avoiding your single point of failure by having the aggregate ports all in one switch.
However in the scenario the port channel has to be configured explicitly to ON, PaGP is not supported across stack members.
3750 stack switches appear as a single logical switch with a single management address. From which you can configure all physical ports. It is important to remember that you configure your switch priorities accordingly in order to govern which switch is your master, and also set a secondary.
Regards
Allan.
Please kindly rate this post if you find this information helpful. -
What is the maximum number of physical link we can bind to a ether-channel and port-channel
Hi,
I was studying about port-channel & ether-channel and found that, it can be bind up-to 8 ports. So maximum number, we can have of 8 ports or more ?
For binding we should have minimum of 2 ports or 1 ports will work ? For load-balancing purpose, is the port no. would be in a bundle of 2,4 and 8 ?
ThanksHi Kathik,
I have gone through one document. It's saying the below mentioned things :
Jun 7, 2012 9:36 PM (in response to Sarabjit)
Re: What is the maximum number of etherchannels we can have?
The maximum number of Etherchannels varies from platform to platform. The maximum number of ports in an etherchannel is either 8 ro 16 depending on the platform. The minimum number of ports in an etherchannel bundle is 1.
Jun 8, 2012 1:27 AM (in response to Sarabjit)
Re: What is the maximum number of etherchannels we can have?
Etherchannels is a Cisco term. Other vendors call them 802.3ad trunks. It's common to see something like this in datasheets:
48 ports 10/100/1000 Mbit/s
802.3ad:
Maximum of 32 groups
Maximum of 8 ports per group
The document url is https://learningnetwork.cisco.com/thread/43680
The another document says the below mentioned things :
Matrix of Load Balancing Methods
This matrix consolidates the load balancing methods that this document describes:
Platform
Address Used in XOR
Source-Based?
Destination-Based?
Source-Destination-Based?
Load Balancing Method—Configurable/Fixed?
6500/6000
Layer 2, Layer 3 addresses, Layer 4 information, or MPLS information2
Yes
Yes
Yes
Configurable
5500/5000
Layer 2 address only
Yes
Cannot change the method
4500/4000
Layer 2, Layer 3 addresses, or Layer 4 information
Yes
Yes
Yes
Configurable
2900XL/3500XL
Layer 2 address only
Yes
Yes
Configurable
3750/3560
Layer 2 or Layer 3 address only
Yes
Yes
Yes
Configurable
2950/2955/3550
Layer 2 address only1
Yes
Yes
—1
Configurable
1900/2820
These platforms use a special method of load balancing. See theCatalyst 1900/2820 section for details.
8500
Layer 3 address only
Yes
Cannot change the method
1 For the 3550 series switch, when source-MAC address forwarding is used, load distribution based on the source and destination IP address is also enabled for routed IP traffic. All routed IP traffic chooses a port based on the source and destination IP address.
2 For the 6500 series switches that run Cisco IOS, MPLS layer 2 information can also be used for load balancing MPLS packets.
The document url is http://www.cisco.com/c/en/us/support/docs/lan-switching/etherchannel/12023-4.html
Another document says the below mentioned things for load-balancing :
inally, here is full list of valid load-distribution methods:
•dst-ip—Load distribution on the destination IP address
•dst-mac—Load distribution on the destination MAC address
•dst-port—Load distribution on the destination TCP/UDP port
•src-dst-ip—Load distribution on the source XOR destination IP address
•src-dst-mac—Load distribution on the source XOR destination MAC address
•src-dst-port—Load distribution on the source XOR destination TCP/UDP port
•src-ip—Load distribution on the source IP address
•src-mac—Load distribution on the source MAC address
•src-port—Load distribution on the source port
The document url is https://learningnetwork.cisco.com/thread/63064
Please suggest. -
Nexus port channel load balance
Hi
I just want to clarify one setting for the port channel load balance on Nexus 6k switch. If I use the load balance option source-dest-ip-only, will following four converstions be load balanced?
10.10.10.1 -> 192.168.1.1
10.10.10.2 -> 192.168.1.1
10.10.10.1 -> 192.168.1.1
10.10.10.1 -> 192.168.1.2
Thanks. LeoHi Leo,
I think there may be typo in your question as I only see three conversations and not four. That aside I've not seen the Nexus port-channel load balancing sufficiently well documented to be able to give you the exact answer.
In their configuration guides Cisco only include the following statement:
Cisco NX-OS load balances traffic across all operational interfaces in a port channel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel.
There is other documentation that states the load balancing algorithm uses a CRC-8 based polynomial, but as we don't know exactly which parts of the frame are used in the calculation, I don't see it's possible to calculate the answer and so derive the link that will be used for a given conversation.
While I've not seen full documentation regarding the science used in the calculation, what Cisco have done is provide a command on the switch CLI that will allow you to determine which link of a port-channel will be used.
If you run the command show port-channel load-balance forwarding-path interface port-channel vlan src-ip dst-ip then one of the parts of the output is the member link of the port-channel that will be used for that flow.
You can find full details of the options for the show port-channel load-balance command in the command reference.
One other point to remember is that the load balancing across a port-channel is unidirectional, and the hashing might be completely different for the return flow of a conversation. For example it is entirely possible that traffic from A to B could use one link of a port-channel, while the return traffic from B to A for the same conversation could use a different link.
In general I would use the source-dest-port option for load balancing on the Nexus switches as this will obviously include the Layer-4 port numbers in the calculation, and so give you a better distribution of flows across all member links.
Regards -
Hello
I have a pair of Nexus 5K's in a VPC domain and some 2960's as VPC members, with a port channel to the domain.
Topology is as follows:
5K1 and 5K2 in VPC domain
VPC from 5K1 and 5K2 to 2960
2960 has gi0/1 and gi0/2 in 1 port channel
gi0/1 to 5k1, gi0/2 to 5k2
I know that what I am going to ask may be totally against the purpose of VPC, but, I am looking for a way to favour gi0/1 for traffic, rather than load balancing over gi0/1 and gi0/2. The reaon for this is that I would like to benefit from the lack of loop that VPC provides, but would also like to have a primary and secondary link as the majority of traffic should actually go via 5K1, rather than 5K2.
Any suggestions welcome.
Many thanks in advance
AnthonyHi Anthony,
The Cisco NX-OS software load balances traffic across all operational interfaces in a portchannel by hashing the addresses in the frame to a numerical value that selects one of the links in the channel. Port channels provide load balancing by default. Port-channel load-balancing uses MAC addresses, IP addresses, or Layer 4 port numbers to select the link. Port-channel load balancing uses either source or destination addresses or ports, or both source and destination addresses or ports.
You can configure the load-balancing mode to apply to all port channels that are configured on the entire device or on specified modules. The per-module configuration takes precedence over the load-balancing configuration for the entire device. You can configure one load-balancing mode for the entire device, a different mode for specified
modules, and another mode for the other specified modules. You cannot configure the load-balancing method per port channel.
You can configure the type of load-balancing algorithm used. You can choose the load-balancing algorithm that determines which member port to select for egress traffic by looking at the fields in the frame.
Note: The default load-balancing mode for Layer 3 interfaces is the source and destination IP address, and the default load-balancing mode for non-IP interfaces is the source and destination MAC address.
From the config mode you can try different load-balacing method ,
port-channel load-balance {dest-ip-port | dest-ip-port-vlan |
destination-ip-vlan | destination-mac | destination-port | source-dest-ip-port | source-dest-ip-port-vlan | source-dest-ip-vlan | source-dest-mac | source-dest-port | source-ip-port | source-ip-port-vlan | source-ip-vlan | source-mac | source-port} [module-number]
To Summarize: I cannot say which port would be selected, it purely depends on type of frame you are sending with the combination of the load-balance method.
After tweaking you can also know from the command which link the traffic is taking,
NEXUS2-SPAN# show port-channel load-balance forwarding-path interface port-channel 71 src-ip 1.1.1.1 dst-ip 2.2.2.2 vlan 51 module 2
Module 2: Missing params will be substituted by 0's.
Load-balance Algorithm: src-dst ip-l4port
RBH: 0xb0 Outgoing port id: Ethernet8/8
we can also try tweaking the same load-balancing on the 2960 also. It purely depends on the load-balancing algorithm. Below is for 2960 Load-balancing tweaking,
http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_53_se/configuration/guide/swethchl.html
Even after doing this i wouldnt say 100% it would select one link.
Hope this helps!
Thanks,
Richard.
*Rate if this is useful -
3750X Port-Channel Load-Blanace method
I have a 3750X and I'm wondering what would be the best Port-Channel Load-Balancing method would be for my network.
switch(config)#port load ?
dst-ip Dst IP Addr
dst-mac Dst Mac Addr
src-dst-ip Src XOR Dst IP Addr
src-dst-mac Src XOR Dst Mac Addr
src-ip Src IP Addr
src-mac Src Mac Addr
We have a few Layer 3 VLANs: Default, Servers, Clients, and Guests.
Some of our servers are LACP bundled.
So it would be mainly clients on the one layer 3 VLAN accessing the server on the other layer 3 VLAN.
We also have a few smaller switches that are trunked and LACP bundled back to the core 3750X.
Can anyone suggest which Load-Balancing method would be best for our situation?
Thanks!The default load balancing method on the 3750 series is based on source-MAC address. This usually works fine in most cases. If you change it to something different than this, it will affect all your port-channels in that switch.
HTH -
Can I join Layer 2 MEC port channel with 10G SR and LR together?
We are thinking of using VSS setup.
VSS with Server Farm switches.
VSS sw1 and sw2 are in different building.
in order to save cost..
Server farm 1 with VSS sw1 will use 10G SR.
Server farm 1 with VSS sw2 will use 10G LR.
But I need to bundle that 10G SR and LR together to form L2 MEC..
Thanks,
Johnhi John,
yes you can
one thing you need to check is that the qos scheduling match on the interfaces , they can differ depending on what cards they are on .....ie below (in bold)
even if they dont match -- there is a command to ignore this in etherchannel formation -- i can dig up if you need.
#sh int te 1/5/2 capabilities
TenGigabitEthernet1/5/2
Model: WS-X6708-10GE
Type: 10Gbase-SR
Speed: 10000
Duplex: full
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on),tx-(off,on)
Membership: static
Fast Start: yes
QOS scheduling: rx-(8q4t), tx-(1p7q4t)
QOS queueing mode: rx-(cos,dscp), tx-(cos,dscp)
CoS rewrite: yes
ToS rewrite: yes
Inline power: no
Inline power policing: no
SPAN: source/destination
UDLD yes
Link Debounce: yes
Link Debounce Time: yes
Ports-in-ASIC (Sub-port ASIC) : 2-3,6,8 (2)
Remote switch uplink: no
Dot1x: no
Port-Security: yes -
Port Channel over L2 MPLS links
Hello.
I was hoping that someone could over some suggestions on best practice or recommendations for configuring port channel to bundle to layer 2 MPLS links that we have.
We have racks in two geographically separated data centres, each rack has a stack of Cisco 3850 switches, and there are two 100Mbps layer 2 connections linking these stacks together. The links are provided by our supplier and runs over their core network (I can get more info on their setup if need be).
I had initially just configured a simple port channel bundling the two ports on "Switch A", and the same on "Switch B". However I have since noticed that one of the ports was put into error disabled state, and I have my doubts that we ever had 200Mbps throughput over the portchannel.
The logs showed:
UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gix/x/x, aggressive mode failure detected
%PM-4-ERR_DISABLE: udld error detected on Gix/x/x, putting Gix/x/x in err-disable state
How I understand is that one of ports recieved an unexpected (or incorrect) BPDU packet, and shut the port down as part of spanning tree process to stop a loop forming.
For the time being I have removed the port channel config and re-opened all the ports, so I believe one of the ports is now in blocking state.
Whilst redundancy for these links is great, ideally I would like to have the links bundled so I also get the benefit of higher throughput.
Any thoughts are greatly appreciated.
Thank youHi,
Thank you for your reply and suggestions. I have been reading up on layer 2 protocol tunnelling and I'm not sure if this will work for us. According to these guidelines for the catalyst 3550 (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-1_19_ea1/configuration/guide/3550scg/swtunnel.html#wp1006657) it states:
•If you enable PAgP or LACP tunneling, we recommend that you also enable UDLD on the interface for faster link-failure detection.
•Tunneling is not supported on trunk ports. If you enter the l2protocol-tunnel interface configuration command on a trunk port, the command is accepted, but Layer 2 tunneling does not take affect unless you change the port to a tunnel port or an access port.
•EtherChannel port groups are compatible with tunnel ports when the 802.1Q configuration is consistent within an EtherChannel port group.
(maybe its a different and is supported on 3850's)
Also, I cant use layer 3 over this link as I am looking to extend VLANs over the link so devices and virtual machines in each of the datacentre are in the same subnet and broadcast domain.
I will speak with the supplier to see what they are willing to do.
Thanks again.
Maybe you are looking for
-
I just updated my iTunes to 10.5 and now when I plug in my iPod touch and iPad it won't sync or even recognize them? Help!
-
Failed to load backgroud images after upgrade to 4.1.1 in Mozilla Firefox
Hi, I have recently upgraded our test APEX environment from 3.2.1 to 4.1.1.00.23. Everything went smoothly - I have only one small but annoying problem. In both administration and administration services some background graphics are not displayed. Th
-
Assignment field updation in Vendor document
In vendor master, i have given sort key as Purchase Order(10). I made MIRO against PO, but assignment field not updated with Purchase order number. If i pay down payment against PO, for that document, Purchase order is updated. But for MIRO it has
-
File Upload and Reading from Ex cel
Hi ALL, In my jsp page I have the file form field (input type=file) by which i browse for a excel file in local system and when i select the file and clicks on the submit button. The excel file should be uploaded to server and at the same time the co
-
I see there in on FireWire plugs on the back I have a Sony HDR-hc9 1080i camcorder and ilink cable. Is there and adapter plug for the lightning outlet?