Nexus 1000v integeration with SCVMM

Similar Messages

• SCVMM Kicks out Nexus 1000V Uplink NIC Any ideas?

  The SCVMM suddenly kicks out the Nexus 1000V Uplink NIC,
  thus preventing me from remediating the change.
  Also i get this error message
  Using Hyper V as virtualization platform

  Hello,
  You can use one Ethernet port-profile with a channel-group command (like 'channel-group auto mode on mac-pinning') and assign it to all the vmnic interfaces that need to carry the same set of VLANs
  The same port-profile can be used on other hosts too. The N1k would automatically bundle (port-channel) the interfaces that belong to the same ESX host (accomplished through the 'channel-group auto' command)
  If you need the interfaces to carry separate sets of VLANs, then you need a different port-profile.
  Port-profile is just a container for a common set of configuration that you can apply for multiple interfaces across multiple hosts.
  Thanks,
  Shankar

• VN-Tag with Nexus 1000v and Blades

  Hi folks,
  A while ago there was a discussion on this forum regarding the use of Catalyst 3020/3120 blades switches in conjunction with VN-tag.  Specifically, you can't do VN-Tag with that Catalyst blade switch sitting inbetween the Nexus 1000V and the Nexus 5000.  I know there's a Blade switch for the IBM blade servers, but will there be a similar version for the HP C-class blades?  My guess is NO, since Cisco just kicked HP to the curb.  But if that's the case, what are my options?  Pass-through switches?  (ugh!)
  Previous thread:
  https://supportforums.cisco.com/message/469303#469303

  wondering the same...

• Nexus 1000V. problem when working with the console VMWare

  I have a problem when working with the console VMWare.
  Sometimes it is impossible to connect any of the hypervisor to the guest OS managed by them.
  I get the message: "Unable connect to the MKS: Host address lookup for server <name of the hypervisor> failed: No such host is known."
  This message always appears in conjunction with the reconfiguration of virtual switch: "Reconfigure vNetwork Distributed Switch .... Initiated by Cisco_Nexus_1000V_ ....."
  Upon completion of the reconfiguration, Communication console, with guest OS is restored, or on its own or after a reboot srv-vc.
  In this time, I do not see any message in Nexus 1000v log.
  What is this?
  Thanks in advance.

  Smells of a DNS issue.  Are you sure your ESX hosts are reachable from your client via DNS hostname?  Try pinging them from a command prompt/terminal.  You may have DNS server issues.
  As a temp fix, edit your [windowspath]/system32/etc/drivers/hosts file and manually add the ESX host name and IP, then re-test.
  Regards,
  Robert

• Weird syslog format messages with Nexus 1000v

  I'm  trying out the Nexus 1000v, and have the VEM configured to write logs to my  syslog server. The thing is, the messages are in a weird format that my  log management tools cannot parse. Here is an example:
  <189>: 2012 Oct 21 15:22:40 UTC: %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on unknown_session
  I found the documentation rather  amusing, where it states "The syslog client functionality is RFC-5424  compliant" - doesn't look like they've even read the RFC! This is closer  to the format of the older (but more often found in the wild,  RFC3164... though not compliant with that either :/
  Anyway,  I guess the main issue here is that the hostname of the 1000v is not  being added to the logs (it is set in my config). Any ideas how I can  fix this?
  Thanks!

  Hi,
       Do you have vCenter install on Win2012 Server? The installation would not continue until you have vCenter installed.
  Hardik

• New vcenter server but keeping database with nexus 1000v

  I have been reading through all the details of migrating to new hardware for the vcenter server with the nexus 1000v.  i wish to avoid doing the vswitch thing.  If I am keeping the same database but just moving to new hardware and possibly new ip address I was hoping to be able to do something along the lines of.
  Leave everything as is,
  Reinstall vcenter on new server and point to existing database.
  reconnect the esx hosts
  disconnect the VSM
  get the xml from the vsm
  install on vcenter server
  reconnect the VSM to the new server
  all should be good.
  From my reading it appears as tho most of the issues are around connecting to a fresh database.
  Is there anything wrong with my assumptions??
  Regards Justin

  I have done this before but I always keep the same name an IP so that I don't have to reconnect each ESXi host and my vSphere Client users don't have to use a different name.
  What I do in this scenario is build the new server with a temp name/IP.
  Backup the vCenter DB and SSL certs (this is very important).
  Power down the old vCenter.
  Re-IP/Re-Name the new to match the old.
  Copy the SSL certs to the proper location (C:\ProgramData\VMware\VMware VirtualCenter\SSL)
  Create your DSN and install vCenter using the old DB. The DB will be upgraded.
  Your hosts will automatically connect to the new server.

• Configuring Tacacs with Nexus 1000v

  Hi Experts,
  Does anyone share a sample configuration of AAA (Tacacs+) with Nexus 1000v? I have found some documents, but it only covers authentication, no one document found that can cover authorization, and accounting in detail with Nexus 100v.
  Thanks and Regards,
  Ahmed Shahzad.    

  Hi Experts,Does
  anyone share a sample configuration of AAA (Tacacs+) with Nexus 1000v?
  I have found some documents, but it only covers authentication, no one
  document found that can cover authorization, and accounting in detail
  with Nexus 100v.Thanks and Regards,
  Ahmed Shahzad.
  Hi Ahmed,
  Check out the below link for TACAS configuration in Nexus 1000
  http://cco.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_4tacacs.html
  Hope to Help !!
  Ganesh.H

• Nexus 1000v VSM can't comunicate with the VEM

  This is the configuration I have on my vsm
  !Command: show running-config
  !Time: Thu Dec 20 02:15:30 2012
  version 4.2(1)SV2(1.1)
  svs switch edition essential
  no feature telnet
  banner motd #Nexus 1000v Switch#
  ssh key rsa 2048
  ip domain-lookup
  ip host Nexus-1000v 172.16.0.69
  hostname Nexus-1000v
  errdisable recovery cause failed-port-state
  vem 3
    host vmware id 78201fe5-cc43-e211-0000-00000000000c
  vem 4
    host vmware id e51f2078-43cc-11e2-0000-000000000009
  priv 0xa2cb98ffa3f2bc53380d54d63b6752db localizedkey
  vrf context management
    ip route 0.0.0.0/0 172.16.0.1
  vlan 1-2
  port-channel load-balance ethernet source-mac
  port-profile default max-ports 32
  port-profile type ethernet Unused_Or_Quarantine_Uplink
    vmware port-group
    shutdown
    description Port-group created for Nexus1000V internal usage. Do not use.
    state enabled
  port-profile type vethernet Unused_Or_Quarantine_Veth
    vmware port-group
    shutdown
    description Port-group created for Nexus1000V internal usage. Do not use.
    state enabled
  port-profile type ethernet vmware-uplinks
    vmware port-group
    switchport mode trunk
    switchport trunk allowed vlan 1-3967,4048-4093
    channel-group auto mode on
    no shutdown
    system vlan 2
    state enabled
  port-profile type vethernet Management
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  port-profile type vethernet vMotion
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  port-profile type vethernet ServidoresGestion
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  port-profile type vethernet L3-VSM
    capability l3control
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    system vlan 2
    state enabled
  port-profile type vethernet VSG-Data
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  port-profile type vethernet VSG-HA
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  vdc Nexus-1000v id 1
    limit-resource vlan minimum 16 maximum 2049
    limit-resource monitor-session minimum 0 maximum 2
    limit-resource vrf minimum 16 maximum 8192
    limit-resource port-channel minimum 0 maximum 768
    limit-resource u4route-mem minimum 1 maximum 1
    limit-resource u6route-mem minimum 1 maximum 1
  interface mgmt0
    ip address 172.16.0.69/25
  interface control0
  line console
  boot kickstart bootflash:/nexus-1000v-kickstart.4.2.1.SV2.1.1.bin sup-1
  boot system bootflash:/nexus-1000v.4.2.1.SV2.1.1.bin sup-1
  boot kickstart bootflash:/nexus-1000v-kickstart.4.2.1.SV2.1.1.bin sup-2
  boot system bootflash:/nexus-1000v.4.2.1.SV2.1.1.bin sup-2
  svs-domain
    domain id 1
    control vlan 1
    packet vlan 1
    svs mode L3 interface mgmt0
  svs connection vcenter
    protocol vmware-vim
    remote ip address 172.16.0.66 port 80
    vmware dvs uuid "ae 31 14 50 cf b2 e7 3a-5c 48 65 0f 01 9b b5 b1" datacenter-n
  ame DTIC Datacenter
    admin user n1kUser
    max-ports 8192
    connect
  vservice global type vsg
    tcp state-checks invalid-ack
    tcp state-checks seq-past-window
    no tcp state-checks window-variation
    no bypass asa-traffic
  vnm-policy-agent
    registration-ip 172.16.0.70
    shared-secret **********
    policy-agent-image bootflash:/vnmc-vsmpa.2.0.0.38.bin
    log-level
  for some reason my vsm can't the the vem. I could before, but then my server crashed without doing a copy run start and when it booted up all my config but the uplinks was lost.
  When I tried to configure the connection again it wasn't working.
  I'm also attaching a screen capture of the vds
  and a capture of the regular switch.
  I will appreciate very much any help you could give me and will provide any configuration details that you might need.
  Thank you so much.

  Carlos,
     Looking at vds.jpg, you do not have any VEM vmkernel interface attached to port-profile L3-VSM. So fix VSM-VEM communication problem, you either migrate your VEM management vmkernel interface to L3-VSM port-profile of the vds, or create new VMkernel port on your VEM/host and attach it to L3-VSM port-profile.

• Nexus 1000v, VMWare ESX and Microsoft SC VMM

  Hi,
  Im curious if anybody has worked up any solutions managing network infrastructure for VMWare ESX hosts/vms with the Nexus 1000v and Microsoft's System Center Virtual Machine Manager.
  There currently exists support for the 1000v and ESX and SCVMM using the Cisco 1000v software for MS Hyper-V and SCVMM.   There is no suck support for VMWare ESX.
  Im curious as to what others with VMWare, Nexus 1000v or equivalent and SCVMM have done to work around this issue.
  Trying to get some ideas.
  Thanks

  Aaron,
  The steps you have above are correct, you will need steps 1 - 4 to get it working correctly.  Normally people will create a separate VLAN for their NLB interfaces/subnet, to prevent uncessisary flooding of mcast frames within the network.
  To answer your questions
  1) I've seen multiple customer run this configuration
  2) The steps you have are correct
  3) You can't enable/disable IGMP snooping on UCS.  It's enabled by default and not a configurable option.  There's no need to change anything within UCS in regards to MS NLB with the procedure above.  FYI - the ability to disable/enable IGMP snooping on UCS is slated for an upcoming release 2.1.
  This is the correct method untill the time we have the option of configuring static multicast mac entries on
  the Nexus 1000v.  If this is a feature you'd like, please open a TAC case and request for bug CSCtb93725 to be linked to your SR. 
  This will give more "push" to our develpment team to prioritize this request.
  Hopefully some other customers can share their experience.
  Regards,
  Robert

• Firewall between Nexus 1000V VSM and vCenter

  Hi,
  Customer has multiple security zones in environment, and VMware vCenter is located in a Management Security Zone. VSMs in security zones have dedicated management interface facing Management Security Zone with firewall in between. What ports do we need to open for the communication between VSMs and vCenter? The Nexus 1000V troubleshooting guide only mentioned TCP/80 and TCP/443. Are these outbound from VSM to vCenter? Is there any requirements from vCenter to VSM? What's the best practice for VSM management interface configuration in multiple security zones environment? Thanks.

  Avi -
  You need the connection between vCenter and the VSM anytime you want to add or make any changes to the existing port-profiles.  This is how the port-profiles become available to the virtual machines that reside on your ESX hosts.
  One problem when the vCenter is down is what you pointed out - configuration changes cannot be pushed
  The VEM/VSM relationship is independent of the VSM/vCenter connection.  There are separate VLANs or L3 interfaces that are used to pass information and heartbeats between the VSM and its VEMs.
  Jen

• Can a Nexus 1000v be configured to NOT do local switching in an ESX host?

  Before the big YES, use an external Nexus switch and use VN-Tag. The question is when there is a 3120 in a blade chassis that connects to the ESX hosts that have a 1000v installed on the ESX host. So, first hop outside the ESX host is not a Nexus box.
  Looking for if this is possible, if so how, and if not, where that might be documented. I have a client who's security policy prohibits switching (yes, even on the same VLAN) within a host (in this case blade server). Oh and there is an insistance to use 3120s inside the blade chassis.
  Has to be the strangest request I have had in a while.
  Any data would be GREATY appreciated!

  Thanks for the follow up.
  So by private VLANs, are you referring to "PVLAN":
  "PVLANs: PVLANs are a new feature available with the VMware vDS and the Cisco Nexus
  1000V Series. PVLANs provide a simple mechanism for isolating virtual machines in the
  same VLAN from each other. The VMware vDS implements PVLAN enforcement at the
  destination host. The Cisco Nexus 1000V Series supports a highly efficient enforcement
  mechanism that filters packets at the source rather than at the destination, helping ensure
  that no unwanted traffic traverses the physical network and so increasing the network
  bandwidth available to other virtual machines"

• Nexus 1000v and vcenter domain admin account

  I changed out domain admin account on our domain in which vcenter services runs as and now its using a different services account. I am wondering if I need to update anything on the nexus 1000v switch side between the 1000v and venter

  Hi Dan,
  You are on the right track. However you can perform some of these function "online".
  First you want to ensure that you are running at a minimum, Nexus 1000v SV1(4a) as ESXi 5.0 only began support on this release. With SV1(4a), it provides support for both ESXi 5.0 and ESX/i 4.1.
  Then you can follow the procedure documented here:
  Upgrading from VMware Release 4.0/4.1 to VMware Release 5.0.0
  This document walks you through upgrading your ESX infrastructure to VMware Release 5.0.0 when Cisco Nexus 1000V is installed. It is required to be completed in the following order:
  1. Upgrade the VSMs and VEMs to Release 4.2(1)SV1(4a).
  2. Upgrade the VMware vCenter Server to VMware Release 5.0.0.
  3. Upgrade the VMware Update Manager to VMware Release 5.0.0.
  4. Upgrade your ESX hosts to VMware Release 5.0.0 with a custom ESXi image that includes the VEM bits.
  Upgrading the ESX/ESXi hosts consists of the following procedures:
  –Upgrading the vCenter Server
  –Upgrading the vCenter Update Manager
  –Augmenting the Customized ISO
  –Upgrading the ESXi Hosts
  There is also a 3 part video highlighting the procedure to perfrom the last two steps above (customized ISO and upgrading ESXi hosts)
  Video: Upgrading the VEM to VMware ESXi Release 5.0.0
  Hope that helps you with your upgrade.
  Thanks,
  Michael

• VWLC and Nexus-1000V

  Hi Experts!
  Does anybody try to install vWLC on ESX with Nexus-1000V as switch?
  All deployment guide are based on standard VMWare vSwitch and I can not find any information about questions:
  1. Is vWLC compatible with Nexus-1000V?
  2. What configuration should be done on Nexus-1000V to vWLC works properly?

  Hi Dave,
  You can access  below URL for nexus 1000v -4.0(4)SV1(3b) docs:
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3_b/roadmap/guide/n1000v_roadmap.html
  And
  Nexus5000
  http://www.cisco.com/en/US/products/ps9670/tsd_products_support_series_home.html
  BR,
  John Meng

• VSM and Cisco nexus 1000v

  Hi,
  We are planning to install Cisco Nexus 1000v in our environment. Before we want to install we want to explore little bit about Cisco Nexus 1000v
  •  I know there is 2 elements for Cisco 1k, VEM and VSM. Does VSM is required? Can we configure VEM individually?
  •   How does Nexus 1k integrated with vCenter. Can we do all Nexus 1000v configuration from vCenter without going to VEM or VSM?
  •   In term of alarming and reporting, does we need to get SNMP trap and get from individual VEM or can be use VSM to do that. OR can we   get    Cisco Nexus 1000v alarming and reporting form VMware vCenter.
  •  Apart from using Nexus 1010 can what’s the recommended hosting location for VSM, (same Host as VEM, different VM, and different physical server)
  Foyez Ahammed

  Hi Foyez,
  Here is a brief on the Nexus1000v and I'll answer some of your questions in that:
  The Nexus1000v is a Virtual Distributed Switch (software based) from Cisco which integrated with the vSphere environment to provide uniform networking across your vmware environment for the host as well as the VMs. There are two components to the N1K infrastructure 1) VSM 2) VEM.
  VSM - Virtual supervisor module is the one which controls the entire N1K setup and is from where the configuration is done for the VEM modules, interfaces, security, monitoring etc. VSM is the one which interacts with the VC.
  VEM - Virtual ethernet module are simply the module or virtual linecards which provide the connectivity option or virtual ports for the VMs and other virtaul interfaces. Each ESX host today can only have one VEM. These VEMs recieve their configuration / programing from the VSM.
  If you are aware of any other switching products from Cisco like the Cat 6k switches, the n1k behaves the same way but in a software / virtual environment. Where the VSM are equal of a SUPs and the VEM are similar to the line cards. The control and the packet VLANs in the n1k provide the same kind of AIPC and Inband connectivity as the 6k backplane would for the communication between the modules and the SUP (VSM in this case).
  *The n1k configuration is done only from the VSM and is visible in the VC.However the port-profiles created from the VSM are pushed from the VSM to the VC and have to be assigned to the virtual / physical ports from the VC.
  *You can run the VSM either on the Nexus1010 as a Virtual service blade (VSB) or as a normal VM on any of the ESX/ESXi server. The VSM and the VEM on the same server are fully supported.
  You can refer the following deployment guide for some more details: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/guide_c07-556626.html
  Hope this answers your queries!
  ./Abhinav

• Nexus 1000V, 4K and 5K

  I'm looking over the deployment guide for 1000Vs, and am not clear on the design.  If I have a Nexus 4k connecting to a Nexus 5k, how does the Nexus 1000V fit?  What I'm seeing is that typically a vpc is built between the Nexus 1k and a clustered upstream switch, such as Nexus 5ks, or VSS with 6500s.  However, if I already have a vpc between a Nexus 4k and a pair of 5ks, what affect does adding 1ks to the configuration have?  Or is the idea to move the vpc back to the 1000Vs instead of the between the 4k and 5ks?  Or perhaps is using a 1000V more suited when you have blades that are pass through modules where each blade has its own NIC or there are blade switches (non Nexus 4k) in the chassis? 
  thank you,
  Bill

  hi bill
  mainly there are two options
  first option if to use the N1K with a clustered up stream switches as you mentioned vPC or VSS
  in this case all what you need form the N1K/ESXi host is to use a normal portchannel and multihome th eport channel links to both of these switches ( this is a recommended solution if applicable )
  option two is to use non-clustered switches like in your case the two 4K switches as the upstream switches with the N1K
  and in this case you can use vPC host mode where the N1K with new releases uses mac-pining to chose uplink subgroup within the port channel
  see below: