High process in nexus 7000
Hello,
My name is Benjamin and I have problems with my Nexus 7000. It have high cpu process, I think that is not normal., what do you think?
# sh process cpu sort
PID Runtime(ms) Invoked uSecs 1Sec Process
8259 1848785 56524183 32 27.6% in.dcos-telnetd
4717 231 96 2413 24.7% netstack
3536 402542882 64927941 6199 3.0% platform
4573 501774551 35371572 14185 1.0% xbar_driver_usd
4714 107 22 4871 1.0% arp
1 179754 5381666 33 0.0% init
2 2 300 9 0.0% kthreadd
3 3342 559942 5 0.0% migration/0
4 1936854 444724651 4 0.0% ksoftirqd/0
5 143477 2220884 64 0.0% watchdog/0
6 2042 349180 5 0.0% migration/1
7 1452663 372943404 3 0.0% ksoftirqd/1
1 111 111 11 1 1
907878660006976000800707766999960776799987777777777678687773
603310880008399000100504278989780308288903490180025795804831
100 ** *** *** ** * **** * ***
90 ** *** * *** ** * *##* * *** *
80 ** * * *** ** *#***#** *##* * ###* * * * ** * *
70 ##*************##**##*******##*******###*******************
60 ###########################################################
50 ###########################################################
40 ###########################################################
30 ###########################################################*
20 ###########################################################*
10 ############################################################
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per minute (last 60 minutes)
* = maximum CPU% # = average CPU%
I solved my issue, it was a bug problem:
Some of the telnet sessions do not get cleared with recursive telnet
Bug: CSCtk56774
Workaround: to issue "clear user admin" command
Regards
Similar Messages
-
With Vignesh R. P.
Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
Remember to use the rating system to let Vignesh know if you have received an adequate response.
Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hi Vignesh
Is there is any limitation to connect a N2K directly to the N7K?
if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
VDC1=DC-Core
VDC2=Aggregation
VDC3=Campus core
do we need to add a link between the different VDC's
thanks -
Smart call home - HTTPS transport from the Nexus 7000 to Cisco
hi
i try configured call home on nexus 7000 with https transport and proxy server
i follow this guide -
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
and configured this :
callhome
email-contact XXXXXXXXXXX
phone-contact XXXXXXXXXXX
streetaddress XXXXXXXXXXXXXXXX
destination-profile CiscoTAC-1 transport-method http
destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
transport http use-vrf management
transport http proxy server XXXXXXXXXX port 8080 --------- XXXXXXXXX = my proxy server
transport http proxy enable
enable
periodic-inventory notification interval 30
i have a problem to install the security certificate , i follow thw guide but i get the error :
failed to load or parse certificate
could not perform CA authentication
when i try test call home eith the command : callhome test
trying to send test callhome message
warning:no callhome message sent
email configuration incomplete for destination profile:full_txt
email configuration incomplete for destination profile:short_txt
Error in transporting http message for CiscoTAC-1
http: Received HTTP code 407 from proxy after CONNECT
i guess the problem is because i didnt install the certificate , how can i install the certificate ?
is this the real problem ?I agree with Bryan that the easiest proxy server to setup for the nexus 7000 is the Transport Gateway. The documentation (certificates) is setup to allow you to connect to a Cisco Transport Gateway or directly into tools.cisco.com. Both have a Cisco certificate.
But that doesn't explain your issue. To answer your issue, you need to look here
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
except you need your proxy server's chained certificate in PEM format since the Nexus 7000 is going to terminate at your proxy server. Take a look at this line in the documentation.
Input (cut & paste) the CA certificate (chain) in PEM format
The error code 407 you indicated makes sense and indicates "Proxy Authentication Required". You need the certificate installed first. NX-OS uses the openssl crypto library to implement the cert-pki feature if that helps. A complete certificate chain is required. Also, you might make sure the CRL (certificate revocation list) is set to none so it doesn't do that first.
revocation-check none
The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer
If you are using your own root CA (which typically are taken off-line after authorizing subordinate CAs for security reasons) , then make sure that their certificates are in the correct order to be processed so each can be authenticated.
Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup. -
Ciscoworks 2.6 and Nexus 7000 issues
Running LMS 2.6 with RME version 4.0.6, and DFM 2.0.13.
We keep getting false alerts in DFM on the temperature in our Nexus 7000 switches. The alert says that the high temp threshold is 45C, and it's being exceeded at 46C. The thing that bothers me is that the actual switch reads that the threshold is around 100C or more. Any ideas as to why DFM would be picking up a temperature so far off the mark?
Also, in regards to RME, I cannot pull configs from the Nexus 7000's. The check box in "archive config" is blanked out to where I can't check it. I download the device packages for the 7000 into RME but it will not pull configs. Is this not supported under our version of RME, or would there be some other reason that I can't do this?
Thanks for any assistance with these issues!UPDATE:
I fixed the RMA config pull issue. I thought I had previously downloaded the Nexus device packages so that RMA could work with them, but upon checking again, it looks like I just didn't have them installed. Got that piece fixed and now I can pull configs from the switches just fine.
Still having problems with the temperature reading in DFM not accurately reflecting what is actually on the switches. Any suggestions as to where to start hunting down the issue for this are greatly appreciated. Thanks! -
Nexus 7000, 2000, FCOE and Fabric Path
Hello,
I have a couple of design questions that I am hoping some of you can help me with.
I am working on a Dual DC Upgrade. It is pretty standard design, customer requires a L2 extension between the DC for Vmotion etc. Customer would like to leverage certain features of the Nexus product suite, including:
Trust Sec
VDC
VPC
High Bandwidth Scalability
Unified I/O
As always cost is a major issue and consolidation is encouraged where possible. I have worked on a couple of Nexus designs in the past and have levergaed the 7000, 5000, 2000 and 1000 in the DC.
The feedback that I am getting back from Customer seems to be mirrored in Cisco's technology roadmap. This relates specifically to the features supported in the Nexus 7000 and Nexus 5000.
Many large enterprise Customers ask the question of why they need to have the 7000 and 5000 in their topologies as many of the features they need are supported in both platforms and their environments will never scale to meet such a modular, tiered design.
I have a few specific questions that I am hoping can be answered:
The Nexus 7000 only supports the 2000 on the M series I/O Modules; can FCOE be implemented on a 2000 connected to a 7000 using the M series I/O Module?
Is the F Series I/O Module the only I/O Module that supports FCOE?
Are there any plans to introduce the native FC support on the Nexus 7000?
Are there any plans to introduce full fabric support (230 Gbps) to the M series I/O module?
Are there any plans to introduce Fabric path to the M series I/O module?
Are there any plans to introduce L3 support to the F series I/O Module?
Is the entire 2000 series allocated to a single VDC or can individual 2000 series ports be allocated to a VDC?
Is Trust Sec only support on multi hop DCI links when using the ASR on EoMPLS pwire?
Are there any plans to inroduce Trust Sec and VDC to the Nexus 5500?
Thanks,
ColmHello Allan
The only IO card which cannot co-exist with other cards in the same VDC is F2 due to specific hardware realisation.
All other cards can be mixed.
Regarding the Fabric versions - Fabric-2 gives much bigger throughoutput in comparing with Fabric-1
So in order to get full speed from F2/M2 modules you will need Fab-2 modules.
Fab2 modules won't give any advantages to M1/F1 modules.
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/data_sheet_c78-685394.html
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/prodcut_bulletin_c25-688075.html
HTH,
Alex -
Hi,
I have some Nexus 7000 with FET-10G with xcvrInval status
Eth7/33 N5k-S1-3T-1/3 xcvrInval trunk auto auto Fabric Exte
and some other FET-10G with notconn status
Eth7/8 FEX-101 notconnec 1 auto auto Fabric Exte
If I inter exchange the position of both FET-10G the status port doesn´t change
FET-10G from 7/8 to 7/33
FET-10G from 7/33 to 7/8
7/33 holds xcvrInval status
7/8 holds notconnec status
I have reconfigured from default interface with same results
Next you´ll find the same serial number in deferent port, the diference is the current
when is xcvrInva or when is notconnec
What can I do to get FET10G in e7/33 validated?
sh interface e7/33 transceiver details
Ethernet7/33
transceiver is present
type is Fabric Extender Transceiver
name is CISCO-FINISAR
part number is FTLX8570D3BCL-C2
revision is A
serial number is FNS17201TE5
nominal bitrate is 10300 MBit/sec
Link length supported for 62.5/125um fiber is 10 m
Link length supported for 50/125um OM3 fiber is 100 m
cisco id is --
cisco extended id number is 4
cisco part number is 10-2566-02
cisco product id is FET-10G
cisco vendor id is V02
number of lanes 1
SFP Detail Diagnostics Information (internal calibration)
Current Alarms Warnings
Measurement High Low High Low
Temperature 19.30 C 75.00 C 5.00 C 70.00 C 10.00 C
[7m--More-- [m
Voltage 3.31 V 3.63 V 2.97 V 3.46 V 3.13 V
Current 0.06 mA -- 11.80 mA 4.00 mA 10.80 mA 5.00 mA
Tx Power N/A 22.69 dBm 8.69 dBm 18.69 dBm 12.69 dBm
Rx Power N/A 22.99 dBm 6.09 dBm 18.99 dBm 10.09 dBm
Transmit Fault Count = 0
Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warning
now in slot 7/8
Ethernet7/8
transceiver is present
type is Fabric Extender Transceiver
name is CISCO-FINISAR
part number is FTLX8570D3BCL-C2
revision is A
serial number is FNS17201TE5
nominal bitrate is 10300 MBit/sec
Link length supported for 62.5/125um fiber is 10 m
Link length supported for 50/125um OM3 fiber is 100 m
cisco id is --
cisco extended id number is 4
cisco part number is 10-2566-02
cisco product id is FET-10G
cisco vendor id is V02
number of lanes 1
SFP Detail Diagnostics Information (internal calibration)
Current Alarms Warnings
Measurement High Low High Low
Temperature 23.17 C 75.00 C 5.00 C 70.00 C 10.00 C
[7m--More-- [m
Voltage 3.30 V 3.63 V 2.97 V 3.46 V 3.13 V
Current 7.50 mA 11.80 mA 4.00 mA 10.80 mA 5.00 mA
Tx Power 17.65 dBm 22.69 dBm 8.69 dBm 18.69 dBm 12.69 dBm
Rx Power -12.21 dBm -- 22.99 dBm 6.09 dBm 18.99 dBm 10.09 dBm
Transmit Fault Count = 0
Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warning
NX7K-1-VDC-3T-S1-L2FP# sh int e7/33
Ethernet7/33 is down (Transceiver validation failed)
admin state is up, Dedicated Interface
Belongs to Po51
Hardware: 1000/10000 Ethernet, address: 8478.ac23.6cec (bia 8478.ac23.6cec)
Description: N5k-S1-3T-1/3
MTU bytes (CoS values): MTU 1500(0-2,4-7) bytes MTU 2112(3) bytes
BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
auto-speed auto-duplex,, media type is 10G
Beacon is turned off
Auto-Negotiation is turned on
Input flow-control is off, output flow-control is off
Auto-mdix is turned on
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
EEE (efficient-ethernet) : n/a
Last link flapped never
Last clearing of "show interface" counters 07:22:09
0 interface resets
Load-Interval #1: 30 seconds
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
300 seconds input rate 0 bits/sec, 0 packets/sec
300 seconds output rate 0 bits/sec, 0 packets/sec
RX
88 unicast packets 0 multicast packets 0 broadcast packets
0 input packets 0 bytes
0 jumbo packets 0 storm suppression packets
0 runts 0 giants 0 CRC/FCS 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 Rx pause
TX
88 unicast packets 0 multicast packets 0 broadcast packets
0 output packets 0 bytes
0 jumbo packets
0 output error 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble 0 output discard
0 Tx pause
NX7K-1-VDC-3T-S1-L2FP# sh int e7/33
Ethernet7/8 is down (Link not connected)
admin state is up, Dedicated Interface
Belongs to Po101
Hardware: 1000/10000 Ethernet, address: 8478.ac23.6cd3 (bia 8478.ac23.6cd3)
Description: FEX-101
MTU bytes (CoS values): MTU 1500(0-2,4-7) bytes MTU 2112(3) bytes
BW 10000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is p2p
Port mode is fex-fabric
auto-speed auto-duplex,, media type is 10G
Beacon is turned off
Auto-Negotiation is turned on
Input flow-control is off, output flow-control is off
Auto-mdix is turned on
Rate mode is dedicated
Switchport monitor is off
EtherType is 0x8100
EEE (efficient-ethernet) : n/a
Last link flapped 5week(s) 1day(s)
Last clearing of "show interface" counters never
0 interface resets
Load-Interval #1: 30 seconds
30 seconds input rate 0 bits/sec, 0 packets/sec
[7m--More-- [m
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
300 seconds input rate 0 bits/sec, 0 packets/sec
300 seconds output rate 0 bits/sec, 0 packets/sec
RX
10588 unicast packets 0 multicast packets 0 broadcast packets
4 input packets 0 bytes
0 jumbo packets 0 storm suppression packets
0 runts 0 giants 0 CRC/FCS 0 no buffer
0 input error 0 short frame 0 overrun 0 underrun 0 ignored
0 watchdog 0 bad etype drop 0 bad proto drop 0 if down drop
0 input with dribble 0 input discard
0 Rx pause
TX
10588 unicast packets 1 multicast packets 0 broadcast packets
4 output packets 5688 bytes
0 jumbo packets
0 output error 0 collision 0 deferred 0 late collision
0 lost carrier 0 no carrier 0 babble 0 output discard
0 Tx pauseHi Ans,
You are rigth, I have defaulted againt the port, now configured with switchport mode FEX, and now the FET-10G is validated
NX7K-1-VDC-3T-S1-L2FP(config-if)# description FEX-101
NX7K-1-VDC-3T-S1-L2FP(config-if)# switchport
NX7K-1-VDC-3T-S1-L2FP(config-if)# switchport mode fex-fabric
NX7K-1-VDC-3T-S1-L2FP(config-if)# fex associate 101
NX7K-1-VDC-3T-S1-L2FP(config-if)# medium p2p
NX7K-1-VDC-3T-S1-L2FP(config-if)# channel-group 101
NX7K-1-VDC-3T-S1-L2FP(config-if)# no shutdown
NX7K-1-VDC-3T-S1-L2FP(config-if)#
NX7K-1-VDC-3T-S1-L2FP(config-if)# sh int e7/33 status
Port Name Status Vlan Duplex Speed Type
Eth7/33 FEX-101 notconnec 1 auto auto Fabric Exte
NX7K-1-VDC-3T-S1-L2FP(config-if)#
Thanks for your help, and have a nice weekend.
Atte,
EF -
We are in the process of migrating our servers from Cat6500 (HSRPv1) to Nexus 7000 (HSRPv2). The HSRP virtual ip address remains the same after the migration. During the migration, we will shut down the Layer3 interface vlan on the Cat6500 and create the new Layer 3 interface vlan on the N7K. Because we are migrating to HSRPv2, the HSRP virtual MAC address will change. Would like to check if there is there any way for the N7K to send gratuitous ARP to all the servers so that their ARP cache are refreshed. does "ip arp gratuitous update" help ? THanks Eng Wee
Hi Eng Wee,
Nexus sends gratuitous arp by default. This command is enabled on the interface by default. There is nothing special that you need to do for the switch to send the gratuitous arps.
JayaKrishna -
Migration from Nexus 7000 without VDC to VDC
Hi all
I am working on a DataCenter architecture where we would like to implement Nexus 7000.
For the time being, there only one "context" but we may take the opportunity to implement VDC in a later future
I was not able to find a clear answer on the following :
Can we add the VDC licence & configure a new VDC on a Nexus 7000 running without VDC ?
I suppose this is possible. but does it need to have the whole configuration changed or adding a VDC can be done without any interruption on the current environnement ?
Thanks in advance !Hello
To have VDC support on n7k you will require following license:
LAN_ADVANCED_SERVICES_PKG
To configure new vdc you need to run:
Nexus(config)# vdc
This will create new VDC which is separate from the current one. It shouldn't affect productional environment since separate processes started for new VDC.
Then you can allocate some interfaces to it and configure.
But you need to be careful to check whether you allocate unused interfaces and don't add resource excessive configuration.
Here is a very good explanation of what is VDC and how it works:
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/White_Paper_Tech_Overview_Virtual_Device_Contexts.html
And here is VDC config guide:
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_nx-os_cfg.html
HTH,
Alex -
SFP Detail Diagnostics Information Nexus 7000
Hello guys,
I have a question about why one port on a Nexus 7000 with a N7K-M132XP-12 (32 port 10G card) doesn't show any values
when looking at "show inter e 9/27 transceiver details", all values are just zero.
N7K# show inter e 9/27 transceiver details
Ethernet9/27
transceiver is present
type is 10Gbase-SR
name is CISCO-EXCELIGHT
part number is SPP5101SR-C1
revision is A
serial number is EXX13050136
nominal bitrate is 10300 MBit/sec
Link length supported for 50/125um OM2 fiber is 82 m
Link length supported for 62.5/125um fiber is 26 m
Link length supported for 50/125um OM3 fiber is 300 m
cisco id is --
cisco extended id number is 4
number of lanes 1
SFP Detail Diagnostics Information (internal calibration)
Current Alarms Warnings
Measurement High Low High Low
Temperature N/A 0.00 C 0.00 C 0.00 C 0.00 C
Voltage N/A 0.00 V 0.00 V 0.00 V 0.00 V
Current N/A 0.00 mA 0.00 mA 0.00 mA 0.00 mA
Tx Power N/A 0.00 dBm 0.00 dBm 0.00 dBm 0.00 dBm
Rx Power N/A 0.00 dBm 0.00 dBm 0.00 dBm 0.00 dBm
Transmit Fault Count = 2
Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warning
Tried to remove the SFT+ and inserted a new, but same results, all values are 0.
Does anyone know why it doesn't show any values?
We are runing version 6.2(8)
And here's the port configuration:
interface Ethernet9/27
switchport
switchport mode trunk
spanning-tree port type edge trunkYou are correct. There isn't any option for seeing the hit count on the prefix-list on the Nexus series.
HTH -
Hello,
We recently had a power supply failure in one of our Nexus 7000s, and I noticed that the syslog for the Platform is only present in the default VDC, and not in any of the other VDCs syslogs. Is this by design, or is there a logging level I can turn up in another VDC to capture this log? Thanks for any input
syslog from default VDC -
2013 Mar 18 23:10:34 %PLATFORM-2-PS_CAPACITY_CHANGE: Power supply PS3 changed i
ts capacity. possibly due to power cable removal/insertion (Serial number xxxxxxxx)
nothing in the VDC where I would like to get the logging
default VDC logging level -
xxx7K02# show log level platform
Facility Default Severity Current Session Severity
platform 5 5
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
xxx7K02#
loggging from the specific VDC where we have management tools.
xxx-LOW# show log level platform
Facility Default Severity Current Session Severity
platform 5 5
0(emergencies) 1(alerts) 2(critical)
3(errors) 4(warnings) 5(notifications)
6(information) 7(debugging)
xxx-LOW#Hello Carl,
What version of code are you running on your Nexus 7k?
The expected behavior is:
"When a hardware issue occurs, syslog messages are sent to all VDCs."
http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_mgmt.html#wp1170241
Dave -
Dell Servers with Nexus 7000 + Nexus 2000 extenders
<< Original post by smunzani. Answered by Robert. Moving from Document section to Discussions>>
Team,
I would like to use some of the existing Dell Servers for new network design of Nexus 7000 + Nexus 2000 extenders. What are my options for FEC to the hosts? All references of M81KR I found on CCO are related to UCS product only.
What's best option for following setup?
N7K(Aggregation Layer) -- N2K(Extenders) -- Dell servers
Need 10G to the servers due to dense population of the VMs. The customer is not up for dumping recently purchased dell boxes in favor of UCS. Customer VMware license is Enterprise Edition.
Thanks in advance.To answer your question, the M81KR-VIC is a Mezz card for UCS blades only. For Cisco rack there is a PCIe version which is called the P81. These are both made for Cisco servers only due to the integration with server management and virtual interface functionality.
http://www.cisco.com/en/US/prod/collateral/ps10265/ps10493/data_sheet_c78-558230.html
More information on it here:
Regards,
Robert -
LMS 4.2.2 Interface utilisation on Nexus 7000
Hi All,
I'm trying to poll some interfaces for their utilization on a nexus 7000 through LMS 4.2.2.
When I create a poller fot the specific instances, the LMS recognises the instances, but after activating the poller I get the error "No Such Instance - The specified instance is not available".
No info is displayed when I generate an interface utilization report for the specific nexus.
When I activate the automonitor for interface utilization, the interfaces on the nexus are polled.
On the cisco website there are some features listed which LMS does not support on the Nexus 7000, but polling is not in that list (neither in the supported feature list).
Any tips?
Thanks for your help.
JorisAny Idea..??
-
ESXi 4.1 NIC Teaming's Load-Balancing Algorithm,Nexus 7000 and UCS
Hi, Cisco Gurus:
Please help me in answering the following questions (UCSM 1.4(xx), 2 UCS 6140XP, 2 Nexus 7000, M81KR in B200-M2, No Nexus 1000V, using VMware Distributed Switch:
Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?
Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned?
Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct?
Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES?
I would really appreciate if someone can help me clear these lingering doubts of mine.
God Bless.
SiMSim,
Here are my thoughts without a 1000v in place,
Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000? //Yes, for vPC to UCS the best practice is to bowtie uplink to (2) 7K or 5Ks.
Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned? //The port channel will be configured on both the UCSM and the 7K. The pro of a port channel would be both bandwidth and redundancy. vPC would be prefered.
Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct? //Without the 1000v, I always tend to leave to dvSwitch load balence behavior at the default of "route by portID".
Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES? UCS can perform L2 but Northbound should be performing L3.
Cheers,
David Jarzynka -
Privilege Level for Tacacs Account in Nexus 7000
Hi,
I have configured the Tacacs (ACS 4.2v) on Nexus 7000 (as mentioned below) and works fine but unlike IOS (6509) It's doesn't prompt that you are in userexec mode (>) and then need to type enable and password for full privilege.
In n7k when I entered into "configure terminal" It won't allow me to access other commands.
How to login into level 15 privilege mode after authenticating from tacacs
(config)# show running-config tacacs+
tacacs-server key 7 "xxxxx"
tacacs-server host x.x.x.x key 7 "xxxx"
aaa group server tacacs+ TacServer
server x.x.x.x (same ip as tacacs-server host)
use-vrf management
source-interface Vlan2
(config)# show running-config aaa
aaa authentication login default group TacServer
aaa authentication login console local
aaa user default-role
Here below are the commands accessible in "Terminal" currently
(config)# ?
no Negate a command or set its defaults
username Configure user information.
end Go to exec mode
exit Exit from command interpreter
isb.n7k-dcn-agg-1-sw(config)#Hi Jan.nielsen
Issue is resolved but by another way.
I have found the same resolution too of custom attirbute command but the Custom attribute Option for shell command wasn't available in ACS v4.2, so after enabling shell for users and by clicking exec--> Shell Exec and enabling priviledge level 15 in the same box of Shell options, It start working without any command -
Nexus 7000 - unexpected shutdown of vPC-Ports during reload of the primary vPC Switch
Dear Community,
We experienced an unusual behavior of two Nexus 7000 switches within a vPC domain.
According to the attached sketch, we have four N7Ks in two data centers - two Nexus 7Ks are in a vPC domain for each data center.
Both data centers are connected via a Multilayer-vPC.
We had to reload one of these switches and I expected the other N7K in this vPC domain to continue forwarding over its vPC-Member-ports.
Actually, all vPC ports have been disabled on the secondary switch until the reload of the first N7K (vPC-Role: primary) finished.
Logging on Switch B:
20:11:51 <Switch B> %VPC-2-VPC_SUSP_ALL_VPC: Peer-link going down, suspending all vPCs on secondary
20:12:01 <Switch B> %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In domain 1, VPC peer keep-alive receive has failed
In case of a Peer-link failure, I would expect this behavior if the other switch is still reachable via the Peer-Keepalive-Link (via the Mgmt-Port), but since we reloaded the whole switch, the vPCs should continue forwarding.
Could this be a bug or are there any timers to be tuned?
All N7K switches are running on NX-OS 6.2(8)
Switch A:
vpc domain 1
peer-switch
role priority 2048
system-priority 1024
peer-keepalive destination <Mgmt-IP-Switch-B>
delay restore 360
peer-gateway
auto-recovery reload-delay 360
ip arp synchronize
interface port-channel1
switchport mode trunk
switchport trunk allowed vlan <x-y>
spanning-tree port type network
vpc peer-link
Switch B:
vpc domain 1
peer-switch
role priority 1024
system-priority 1024
peer-keepalive destination <Mgmt-IP-Switch-A>
delay restore 360
peer-gateway
auto-recovery reload-delay 360
ip arp synchronize
interface port-channel1
switchport mode trunk
switchport trunk allowed vlan <x-y>
spanning-tree port type network
vpc peer-link
Best regardsProblem solved:
During the reload of the Nexus 7K, the linecards were powerd off a short time earlier than the Mgmt-Interface. As a result of this behavior, the secondary Nexus 7K received at least one vPC-Peer-Keepalive Message while its peer-link was already powerd off. To avoid a split brain scenario, the VPC-member-ports have been shut down.
Now we are using dedicated interfaces on the linecards for the VPC-Peer-Keepalive-Link and a reload of one N7K won't result in a total network outage any more.
Maybe you are looking for
-
So I updated to IOS 7 last night and when I tried to log in it wants a passcode... I have never used a Passcode feature on my phone and have not backed up my phone in forever what do I do???? Can i still get in by somehow singing in with my apple ID?
-
Webelements : does not support when i add the data sourcce& view in HTML
hi Masters, i am using sap crystal reports 2008 and when i add the data source and add tables to the report and i use web elements functions as my selection screen then it does not show i mean the script remains as it is and when i take out my data s
-
How to Release the blocked Sales orders?
Hi Gurus, Requirement: To Release the Blocked Salesorders problem: find out any Tables and procedure to release blocked SO(allow to creating delivery for SO). how to Customer CreditLimit and Tables of Theses............... Thanks in Advance
-
Hi all, I need to generate a report using ALV which displays certain fields. After displaying this output, I have a requirement as mentioned below : Each line should have a checkbox present in the first column. Multiple checkboxes can be selected, a
-
Wireless printing does not work when VPN into network (officejet 4500)
Officejet 4500 G510n I print with wireless, which works fine, Until I VPN into the network (which is most of the day) at which point printer shows offline. To print what is in the que, I have to log out of the network, wait for it to print, then log