Nexus 1000v Layer3 Control not coming up

For info, I run 4.2(1)SV1(4) as a VM and not the appliance.
I tried this morning to migrate a small environment to the Nexus L3 control instead of L2 for a certain requirement. We have two ESX in the with the Nexus 1000v running sucessfully for months on L2.
I tried to follow the procedure that is in this document. I followed this script:
Created a layer3 control0 interface with an IP in vlan951.
So I had my VMWare guy move a VMKernel interface of each ESX host to this profile:
port-profile type vethernet VLAN951
vmware port-group VLAN951
capability l3control
switchport mode access
switchport access vlan 951
system vlan 951
no shutdown
state enabled
Then modified the svs domain like such:
svs-domain
no control vlan
no packet vlan
svs mode 13 interface control0
I made sure that I have layer-2 connectivity between the VSM host and the rest ESX hosts is OK, but I am not certain how you actually assign a layer 2 vlan to the control0 interface... Is it supposed to broadcast on all the VLANs? Or is it a correlation of the port-profile config and svs-domain that does that?
In any case, my two VEM go down and do not come back up once I am in l3 mode. I had to revert back to L2.
Any help would be appreciated.
Regards,
Simon T.

Hi Simon,
Since you are using ctrl0 as the layer 3 interface, you need to assign the IP address under the ctrl0 interface (interface ctrl0). This IP address should be able to communicate with the vmk interface's IP address.
Regards,
Shankar

Similar Messages

Nexus 1000v repo is not available

Hi everyone.
Cisco Yum repo for nexus 1000v is not available at the moment. I am wondering, is it Ok and Cisco finished it experiment with free Nexus1k or I need to contact someon (who?) to ask him to fix this problem.
PS Link to the repo: https://cnsg-yum-server.cisco.com/yumrepo

Let's set the record straight here - to avoid confusion.
1. VEMs will continue to forward traffic in the event one or both VSM are unavailable - this requires the VEM to remain online and not reboot while both VSMs are offline. VSM communication is only required for config changes (and LACP negociation prior to 1.4)
2. If there is no VSM reachable, and a VEM is reboot, only then will the System VLANs go into a forwarding state. All other non-system VLANs will remain down. This is to faciliate the Chicken & Egg theory of a VEM being able to initially communicate with a VSM to obtain its programming.
The ONLY VLANs & vEth Profiles that should be set as system vlans are:
1000v-Control
1000v-Packet
Service Console/VMkernel for Mgmt
IP Storage (iSCSI or NFS)
Everything else should not be defined as a system VLAN including VMotion - which is a common Mistake.
**Remember that for a vEth port profile to behave like a system profile, it must be define on BOTH the vEth and Eth port profiles. Two factor check. This allows port profiles that maybe are not critical, yet share the same VLAN ID to behave differently.
There are a total of 16 profiles that can include system VLANs. If you exceed this, you can potentially run into issues with the Opaque data pushed from vCenter is truncated causing programming errors on your VEMs. Adhering to the limitations above should never lead to this situation.
Regards,
Robert

'Application Server Control' not coming up - URGENT

All,
BPEL - 10.1.3.4
My SOA server is up, from the SOA home page when I click 'Application Server Control', the page is not coming up. No idea what went wrong during installation. FYI, I didnt face any issue during installation, it was smooth.
startup log:
Configuration information
Running in D:\oracle\OracleAS_1
Operation mode:Startup, App Server, No Enterprise Manager, Single Instance
Oracle home:D:\oracle\OracleAS_1
Oracle home name:Unnamed
Instance name:host.localhost.ariba.com
Instance type:allProducts
Version:10.1.3.4.0
Uses infrastructure:false
Not an infrastructure instance, no infrastructure information available
Components:[j2ee, apache, orabpel, oraesb, owsm, Wsil]
2010-10-14 05:11:06.994--Begin log output for Mid-tier services (host.localhost.ariba.com)
2010-10-14 05:11:06.994--Processing Step: starting OPMN
2010-10-14 05:11:08.385--Processing Step: starting OPMN managed processes
2010-10-14 05:11:08.432--Processing Step: OPMN and managed processes started
2010-10-14 05:11:25.495--End log output for Mid-tier services (host.localhost.ariba.com)
Thanks,
Sen

Hi Sen,
I am facing the similar issue when i am trying to set up the SOA environment in my local system.
Can you please help me with the step you took to fix the issue.
Thanks & Regards,
Md Yaqoob

VN-Link Hardware require Nexus 1000v yes or not?

I have a problem about VN-Link Hardware. When i create port profile on UCS Manager and Create Port Profile Client then vCenter will create Port Group too. But when i apply network in Virtual Machine by select Port Group in vCenter i can't see Virtual Maching Guest in VM tab on UCS Manager.
Finally question VN-Link Hardware require Nexus 1000v install on ESX yes or not? in UCS Manager GUI document say need require DVS Switch.

Thank you for reply. I have successfully turn on VN-Link hardware by follow this video --> http://tinyurl.com/23p896k
and i have install Nexus 1000v VEM in ESX for turn on VN-Link hardware.
I need test performance of CNA Card (palo) and report to my CEO.
- How to test it?
- What is tool for test?
PS.Sorry for English language

Nexus 1000v vsm secondary not recognized

I deployed the seondary vsm but when it came up the primary vsm still does not recognize that there is a standby.
I went through the ovf and selected seondary and only entered the vsm domain id and the admin password.
after the power on the master did not see the secondary
any idea?

Hi Tony,
In order for this VSM to see its peer, you need to configure it for system redundancy role Primary.
As shown in the output, it is currently running in standalone mode.
Once we reconfigure the first deployed VSM as primary, the two VSMs should see each other (given they have L2 connectivity)
Nexus1000v# show system redundancy status
Redundancy role
administrative: standalone
operational: standalone
Redundancy mode
administrative: HA
operational: None
This supervisor (sup-1)
Redundancy state: Active
Supervisor state: Active
Internal state: Active with no standby
Other supervisor (sup-2)
Redundancy state: Not present
Nexus1000v# con
Nexus1000v(config)# system redundancy role primary
After this change, the VSMs will negotiate and the secondary will reboot. When the secondary comes back up, we should see that they have paired.
Nexus1000v(config)# show redundancy status
Redundancy role
administrative: primary
operational: primary
Redundancy mode
administrative: HA
operational: HA
This supervisor (sup-1)
Redundancy state: Active
Supervisor state: Active
Internal state: Active with HA standby
HTH,
Joe

Nexus 1000v: Control VLAN must be same VLAN as ESX hosts?

Hello,
I'm trying to install nexus 1000v and came across the below prerequisite.
The below release notes for Nexus 1000v states
VMware and Host Prerequisites
The VSM VM control interface must be on the same Layer 2 VLAN as the ESX 4.0 host that it manages. If you configure Layer 3, then you do not have this restriction. In each case however, the two VSMs must run in the same IP subnet.
What I'm trying to do is to create 2 VLANs - one for management and the other for control & Data (as per latest deployment guide, we can put control & data in the same vlan).
However, I wanted to have all ESX host management same VLAN as the VSM management as well as the vCenter Management. Essentially, creating a management network.
However, from the above "VMWare and Host Prerequisites", does this means I cannot do this?
I need to have the ESX host management same VLAN as the control VLAN?
This means that my ESX host will reside in a different VLAN than my management subnet?
Thanks...

Control vlan is a totally seperate VLAN then your System Console. The VLAN just needs to be available to the ESX host through the upstream physical switch and then make sure the VLAN is passed on the uplink port-profile that you assign the ESX host to.
We only need an interface on the ESX host if you decide to use L3 control. In that instance you would create or use an existing VMK interface on the ESX host.

Search help (PREM) for personal no. is not coming in ALV grid table control

hi experts,
Search help (PREM) for personal no. is not coming in ALV grid table control.
i have assigned the srch help (prem) to my 'ZFIEXP_PROJALLOC' table for the emp_id.
but in output it is now showing the help.
ls_fcat-fieldname = 'EMPLOYEE CODE'.
ls_fcat-ref_table = 'ZFIEXP_PROJALLOC'.
ls_fcat-ref_field = 'EMP_ID'.
ls_fcat-outputlen = '10'.
ls_fcat-key = 'X'.
ls_fcat-edit = 'X'.
ls_fcat-coltext = 'EMPLOYEE CODE'.
ls_fcat-seltext = 'EMPLOYEE CODE'.
append ls_fcat to pt_fieldcat.
clear ls_fcat.
Then i tried to solve it using the PA0002 . ie.,
ls_fcat-fieldname = 'EMPLOYEE CODE'.
ls_fcat-ref_table = 'PA0002'.
ls_fcat-ref_field = 'PERNR'.
ls_fcat-outputlen = '10'.
ls_fcat-key = 'X'.
ls_fcat-edit = 'X'.
ls_fcat-coltext = 'EMPLOYEE CODE'.
ls_fcat-seltext = 'EMPLOYEE CODE'.
append ls_fcat to pt_fieldcat.
clear ls_fcat.
with this it is showing the help in employee code, but, when i click on an empl number, it is not added to my table control and allowing me to add the number by typing them.
plz help me.
thanks.

Hi
In the layout give layout-sel_mode = 'A'. and
pass 'A' to i_save exporting parameter to method set_table_for_first_display.
The same thing if you are working with function module
reuse_alv_grid_display.
Reward points for useful answer.
Venkat

Can a Nexus 1000v be configured to NOT do local switching in an ESX host?

Before the big YES, use an external Nexus switch and use VN-Tag. The question is when there is a 3120 in a blade chassis that connects to the ESX hosts that have a 1000v installed on the ESX host. So, first hop outside the ESX host is not a Nexus box.
Looking for if this is possible, if so how, and if not, where that might be documented. I have a client who's security policy prohibits switching (yes, even on the same VLAN) within a host (in this case blade server). Oh and there is an insistance to use 3120s inside the blade chassis.
Has to be the strangest request I have had in a while.
Any data would be GREATY appreciated!

Thanks for the follow up.
So by private VLANs, are you referring to "PVLAN":
"PVLANs: PVLANs are a new feature available with the VMware vDS and the Cisco Nexus
1000V Series. PVLANs provide a simple mechanism for isolating virtual machines in the
same VLAN from each other. The VMware vDS implements PVLAN enforcement at the
destination host. The Cisco Nexus 1000V Series supports a highly efficient enforcement
mechanism that filters packets at the source rather than at the destination, helping ensure
that no unwanted traffic traverses the physical network and so increasing the network
bandwidth available to other virtual machines"

AIP SSM Command/control Interface is not coming up

Hi to all,
kindly be informed that , i have AIP SSM for ASA, i configured it and its workign fine.but its command control interface is not coming up at all, i connect my lap top direct to AIP management interface but its status is always is down.kindly look at this configuration and guide me how i can communicate with AIP using mangement inerface.
My LapTop ip is 192.168.1.2/24
AIP Configuration
IPS1# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 6.2(1)E3
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S365.0 2008-10-31
Virus Update V1.4 2007-03-02
OS Version: 2.4.30-IDS-smp-bigphys
Platform: ASA-SSM-20
Serial Number: JAF1319AJRG
No license present
Sensor up-time is 13 days.
Using 1019777024 out of 2093604864 bytes of available memory (48% usage)
application-data is using 47.1M out of 166.8M bytes of available disk space (30% usage)
boot is using 39.7M out of 68.6M bytes of available disk space (61% usage)
MainApp E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500 Running
AnalysisEngine E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500 Running
CLI E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500
Upgrade History:
IPS-K9-6.2-1-E3 16:24:00 UTC Thu Oct 16 2008
Recovery Partition Version 1.1 - 6.2(1)E3
Host Certificate Valid from: 12-Jul-2009 to 13-Jul-2011
IPS1#sh conf
! Current configuration last modified Sun Jul 12 23:56:08 2009
! Version 6.2(1)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S365.0 2008-10-31
! Virus Update V1.4 2007-03-02
service interface
exit
service authentication
exit
service event-action-rules rules0
exit
service host
network-settings
host-ip 192.168.1.3/24,192.168.1.1
host-name Cinet-IPS1
telnet-option enabled
access-list 0.0.0.0/0
exit
time-zone-settings
offset 0
standard-time-zone-name UTC
exit
exit
service logger
exit
service network-access
exit
service notification
exit
service signature-definition sig0
exit
service ssh-known-hosts
exit
service trusted-certificates
exit
service web-server
exit
service anomaly-detection ad0
exit
service external-product-interface
exit
service health-monitor
exit
service analysis-engine
virtual-sensor vs0
physical-interface GigabitEthernet0/1
exit
exit

If the interface won't link Up, then it is likely a cabling problem.
Even with a bad configuration on the AIP you should at least get link UP if your cabling is correct, so I don't think configuration is your problem here.
If I remember right the command and control interface of the SSM is a 10/100 TX interface. When connecting from a laptop directly to the command and control interface it would require a cross over cable rather than the normal straight through cable.
If you don't have a cross over cable, then try connecting the SSM to a switch and see if the SSM will link UP. The switch is designed to internally do the cross over.

After upgarde Nexus 1000V the product Name still not update on vSphere Client

Hi All,
I encounter the problem after i upgrade the Nexus 1000v to new version 1.1a, but the vSphere Client console sill remain the old version Nexus 1000v 4a. Anyone know how to change it?
Attached screen capture for your reference.
Regards,
Jason

Hi,
Thank you for posting in Windows Server Forum.
From your description it seems that you are facing issue only with windows 8\8.1. So firstly suggest you to check with application support team, whether they have whole support for application with newer version. Also check once with application support team
regarding this issue.
This issue occurs because the local taskbar does not receive the EVENT_OBJECT_NAMECHANGE event from the system due to a timing issue. The EVENT_OBJECT_NAMECHANGE is needed to update the taskbar title information.
More information (For reference).
The taskbar may not show the application name correctly when using a Terminal Server RemoteApp
Hope it helps!
Thanks.
Dharmesh Solanki

Cisco Nexus 1000V InterCloud

Need download link for Cisco Nexus 1000V InterCloud

We had a simliar issue with 5.2(1)SV3(1.3) and found this in the release notes:
ERSPAN
If the ERSPAN source and destination are in different subnets, and if the ERSPAN source is an L3 control VM kernel NIC attached to a Cisco Nexus 1000V VEM, you must enable proxy-ARP on the upstream switch.
If you do not enable proxy-ARP on the upstream switch (or router, if there is no default gateway), ERSPAN packets are not sent to the destination.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_x/release_notes/b_Cisco_N1KV_VMware_521SV313_ReleaseNotes.html#concept_652D9BADC4B04C0997E7F6C29A2C8B1F
After enabling 'ip proxy-arp' on the upstream SVI it started working properly.

[Nexus 1000v] VEM can't be add into VSM

hi all,
following my lab, i have some problems with Nexus 1000V when VEM can't be add into VSM.
+ on VSM has already installed on ESX 1 (standalone or ha) and you can see:
Cisco_N1KV# show module
Mod Ports Module-Type                       Model               Status
1    0      Virtual Supervisor Module         Nexus1000V          active *
Mod Sw                Hw
1    4.2(1)SV1(4a)     0.0
Mod MAC-Address(es)                         Serial-Num
1    00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA
Mod Server-IP        Server-UUID                           Server-Name
1    10.4.110.123     NA                                    NA
+ on ESX2 that 's installed VEM
[root@esxhoadq ~]# vem status
VEM modules are loaded
Switch Name      Num Ports   Used Ports Configured Ports MTU     Uplinks
vSwitch0         128         3           128               1500    vmnic0
VEM Agent (vemdpa) is running
[root@esxhoadq ~]#
any advices for this,
thanks so much

Hi,
i'm having similar issue: the VEM insatlled on the ESXi is not showing up on the VSM.
please check from the following what can be wrong?
This is the VEM status:
~ # vem status -v
Package vssnet-esx5.5.0-00000-release
Version 4.2.1.1.4.1.0-2.0.1
Build 1
Date Wed Jul 27 04:42:14 PDT 2011
Number of PassThru NICs are 0
VEM modules are loaded
Switch Name     Num Ports   Used Ports Configured Ports MTU     Uplinks
vSwitch0         128         4           128               1500   vmnic0
DVS Name         Num Ports   Used Ports Configured Ports MTU     Uplinks
VSM11           256         40         256               1500   vmnic2,vmnic1
Number of PassThru NICs are 0
VEM Agent (vemdpa) is running
~ # vemcmd show port
LTL   VSM Port Admin Link State PC-LTL SGID Vem Port
   18               UP   UP   F/B*     0       vmnic1
   19             DOWN   UP   BLK       0       vmnic2
* F/B: Port is BLOCKED on some of the vlans.
Please run "vemcmd show port vlans" to see the details.
~ # vemcmd show trunk
Trunk port 6 native_vlan 1 CBL 1
vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
Trunk port 16 native_vlan 1 CBL 1
vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
Trunk port 18 native_vlan 1 CBL 0
vlan(111) cbl 1, vlan(112) cbl 1,
~ # vemcmd show port
LTL   VSM Port Admin Link State PC-LTL SGID Vem Port
   18               UP   UP   F/B*     0       vmnic1
   19            DOWN   UP   BLK       0       vmnic2
* F/B: Port is BLOCKED on some of the vlans.
Please run "vemcmd show port vlans" to see the details.
~ # vemcmd show port vlans
                       Native VLAN   Allowed
LTL   VSM Port Mode VLAN   State Vlans
   18             T       1   FWD   111-112
   19             A       1   BLK   1
~ # vemcmd show port
LTL   VSM Port Admin Link State PC-LTL SGID Vem Port
   18               UP   UP   F/B*     0       vmnic1
   19             DOWN   UP   BLK       0       vmnic2
* F/B: Port is BLOCKED on some of the vlans.
Please run "vemcmd show port vlans" to see the details.
~ # vemcmd show port vlans
                       Native VLAN   Allowed
LTL   VSM Port Mode VLAN   State Vlans
   18             T       1   FWD   111-112
   19             A       1   BLK   1
~ # vemcmd show trunk
Trunk port 6 native_vlan 1 CBL 1
vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
Trunk port 16 native_vlan 1 CBL 1
vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
Trunk port 18 native_vlan 1 CBL 0
vlan(111) cbl 1, vlan(112) cbl 1,
~ # vemcmd show card
Card UUID type 2: ebd44e72-456b-11e0-0610-00000000108f
Card name: esx
Switch name: VSM11
Switch alias: DvsPortset-0
Switch uuid: c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78
Card domain: 1
Card slot: 1
VEM Tunnel Mode: L2 Mode
VEM Control (AIPC) MAC: 00:02:3d:10:01:00
VEM Packet (Inband) MAC: 00:02:3d:20:01:00
VEM Control Agent (DPA) MAC: 00:02:3d:40:01:00
VEM SPAN MAC: 00:02:3d:30:01:00
Primary VSM MAC : 00:50:56:ac:00:42
Primary VSM PKT MAC : 00:50:56:ac:00:44
Primary VSM MGMT MAC : 00:50:56:ac:00:43
Standby VSM CTRL MAC : ff:ff:ff:ff:ff:ff
Management IPv4 address: 10.1.240.30
Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
Secondary VSM MAC : 00:00:00:00:00:00
Secondary L3 Control IPv4 address: 0.0.0.0
Upgrade : Default
Max physical ports: 32
Max virtual ports: 216
Card control VLAN: 111
Card packet VLAN: 112
Card Headless Mode : Yes
       Processors: 8
Processor Cores: 4
Processor Sockets: 1
Kernel Memory:   16712336
Port link-up delay: 5s
Global UUFB: DISABLED
Heartbeat Set: False
PC LB Algo: source-mac
Datapath portset event in progress : no
~ #
On VSM
VSM11# sh svs conn
connection vcenter:
   ip address: 10.1.240.38
   remote port: 80
   protocol: vmware-vim https
   certificate: default
   datacenter name: New Datacenter
   admin:
   max-ports: 8192
   DVS uuid: c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78
   config status: Enabled
   operational status: Connected
   sync status: Complete
   version: VMware vCenter Server 4.1.0 build-345043
VSM11# sh svs ?
connections Show connection information
domain       Domain Configuration
neighbors   Svs neighbors information
upgrade     Svs upgrade information
VSM11# sh svs dom
SVS domain config:
Domain id:   1
Control vlan: 111
Packet vlan: 112
L2/L3 Control mode: L2
L3 control interface: NA
Status: Config push to VC successful.
VSM11# sh port
           ^
% Invalid command at '^' marker.
VSM11# sh run
!Command: show running-config
!Time: Sun Nov 20 11:35:52 2011
version 4.2(1)SV1(4a)
feature telnet
username admin password 5 $1$QhO77JvX$A8ykNUSxMRgqZ0DUUIn381 role network-admin
banner motd #Nexus 1000v Switch#
ssh key rsa 2048
ip domain-lookup
ip domain-lookup
hostname VSM11
snmp-server user admin network-admin auth md5 0x389a68db6dcbd7f7887542ea6f8effa1
priv 0x389a68db6dcbd7f7887542ea6f8effa1 localizedkey
vrf context management
ip route 0.0.0.0/0 10.1.240.254
vlan 1,111-112
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile type ethernet Unused_Or_Quarantine_Uplink
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type ethernet system-uplink
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 111-112
no shutdown
system vlan 111-112
description "System profile"
state enabled
port-profile type vethernet servers11
vmware port-group
switchport mode access
switchport access vlan 11
no shutdown
description "Data Profile for VM Traffic"
port-profile type ethernet vm-uplink
vmware port-group
switchport mode access
switchport access vlan 11
no shutdown
description "Uplink profile for VM traffic"
state enabled
vdc VSM11 id 1
limit-resource vlan minimum 16 maximum 2049
limit-resource monitor-session minimum 0 maximum 2
limit-resource vrf minimum 16 maximum 8192
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 32 maximum 32
limit-resource u6route-mem minimum 16 maximum 16
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
interface mgmt0
ip address 10.1.240.124/24
interface control0
line console
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4a.bin sup-1
boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4a.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4a.bin sup-2
boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4a.bin sup-2
svs-domain
domain id 1
control vlan 111
packet vlan 112
svs mode L2
svs connection vcenter
protocol vmware-vim
remote ip address 10.1.240.38 port 80
vmware dvs uuid "c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78" datacenter-n
ame New Datacenter
max-ports 8192
connect
vsn type vsg global
tcp state-checks
vnm-policy-agent
registration-ip 0.0.0.0
shared-secret **********
log-level
thank you
Michel

Nexus 1000v VEM module bouncing between hosts

I'm receiving these error messages on my N1KV and don't know how to fix it. I've tried removing, rebooting, reinstalling host B's VEM but that did not fix the issue. How do I debug this?
My setup,
Two physical hosts running esxi 5.1, vcenter appliance, n1kv with two system uplinks and two uplinks for iscsi for each host. Let me know if you need more output from logs or commands, thanks.
N1KV# 2013 Jun 17 18:18:07 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.52.100 detected as module 3
2013 Jun 17 18:18:07 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 17 18:18:08 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_UNEXP_NODEID_REQ: Removing VEM 3 (Unexpected Node Id Request)
2013 Jun 17 18:18:09 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 17 18:18:13 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.51.100 detected as module 3
2013 Jun 17 18:18:13 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 17 18:18:16 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_UNEXP_NODEID_REQ: Removing VEM 3 (Unexpected Node Id Request)
2013 Jun 17 18:18:17 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 17 18:18:21 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.52.100 detected as module 3
2013 Jun 17 18:18:21 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 17 18:18:22 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_UNEXP_NODEID_REQ: Removing VEM 3 (Unexpected Node Id Request)
2013 Jun 17 18:18:23 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 17 18:18:28 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.51.100 detected as module 3
2013 Jun 17 18:18:29 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 17 18:18:44 N1KV %PLATFORM-2-MOD_DETECT: Module 2 detected (Serial number :unavailable) Module-Type Virtual Supervisor Module Model :unavailable
N1KV# sh module
Mod Ports Module-Type                       Model               Status
1    0      Virtual Supervisor Module         Nexus1000V          ha-standby
2    0      Virtual Supervisor Module         Nexus1000V          active *
3    248    Virtual Ethernet Module           NA                  ok
Mod Sw                  Hw
1    4.2(1)SV2(1.1a)     0.0
2    4.2(1)SV2(1.1a)     0.0
3    4.2(1)SV2(1.1a)     VMware ESXi 5.1.0 Releasebuild-838463 (3.1)
Mod MAC-Address(es)                         Serial-Num
1    00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA
2    00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA
3    02-00-0c-00-03-00 to 02-00-0c-00-03-80 NA
Mod Server-IP        Server-UUID                           Server-Name
1    192.168.54.2     NA                                    NA
2    192.168.54.2     NA                                    NA
3    192.168.51.100   03000200-0400-0500-0006-000700080009 NA
* this terminal session
~ # vemcmd show card
Card UUID type 2: 03000200-0400-0500-0006-000700080009
Card name:
Switch name: N1KV
Switch alias: DvsPortset-1
Switch uuid: e6 dc 36 50 c0 a9 d9 a5-0b 98 fb 90 e1 fc 99 af
Card domain: 2
Card slot: 3
VEM Tunnel Mode: L3 Mode
L3 Ctrl Index: 49
L3 Ctrl VLAN: 51
VEM Control (AIPC) MAC: 00:02:3d:10:02:02
VEM Packet (Inband) MAC: 00:02:3d:20:02:02
VEM Control Agent (DPA) MAC: 00:02:3d:40:02:02
VEM SPAN MAC: 00:02:3d:30:02:02
Primary VSM MAC : 00:50:56:b6:0c:b2
Primary VSM PKT MAC : 00:50:56:b6:35:3f
Primary VSM MGMT MAC : 00:50:56:b6:d5:12
Standby VSM CTRL MAC : 00:50:56:b6:96:f2
Management IPv4 address: 192.168.51.100
Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
Primary L3 Control IPv4 address: 192.168.54.2
Secondary VSM MAC : 00:00:00:00:00:00
Secondary L3 Control IPv4 address: 0.0.0.0
Upgrade : Default
Max physical ports: 32
Max virtual ports: 216
Card control VLAN: 1
Card packet VLAN: 1
Control type multicast: No
Card Headless Mode : No
       Processors: 4
Processor Cores: 4
Processor Sockets: 1
Kernel Memory:   16669760
Port link-up delay: 5s
Global UUFB: DISABLED
Heartbeat Set: True
PC LB Algo: source-mac
Datapath portset event in progress : no
Licensed: Yes
~ # vemcmd show card
Card UUID type 2: 03000200-0400-0500-0006-000700080009
Card name:
Switch name: N1KV
Switch alias: DvsPortset-0
Switch uuid: e6 dc 36 50 c0 a9 d9 a5-0b 98 fb 90 e1 fc 99 af
Card domain: 2
Card slot: 3
VEM Tunnel Mode: L3 Mode
L3 Ctrl Index: 49
L3 Ctrl VLAN: 52
VEM Control (AIPC) MAC: 00:02:3d:10:02:02
VEM Packet (Inband) MAC: 00:02:3d:20:02:02
VEM Control Agent (DPA) MAC: 00:02:3d:40:02:02
VEM SPAN MAC: 00:02:3d:30:02:02
Primary VSM MAC : 00:50:56:b6:0c:b2
Primary VSM PKT MAC : 00:50:56:b6:35:3f
Primary VSM MGMT MAC : 00:50:56:b6:d5:12
Standby VSM CTRL MAC : 00:50:56:b6:96:f2
Management IPv4 address: 192.168.52.100
Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
Primary L3 Control IPv4 address: 192.168.54.2
Secondary VSM MAC : 00:00:00:00:00:00
Secondary L3 Control IPv4 address: 0.0.0.0
Upgrade : Default
Max physical ports: 32
Max virtual ports: 216
Card control VLAN: 1
Card packet VLAN: 1
Control type multicast: No
Card Headless Mode : Yes
       Processors: 4
Processor Cores: 4
Processor Sockets: 1
Kernel Memory:   16669764
Port link-up delay: 5s
Global UUFB: DISABLED
Heartbeat Set: False
PC LB Algo: source-mac
Datapath portset event in progress : no
Licensed: Yes
! ports 1-6 connected to physical host A
interface GigabitEthernet1/0/1
description VMWARE ESXi Trunk
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
channel-group 1 mode active
! ports 7-12 connected to phys host B
interface GigabitEthernet1/0/7
description VMWARE ESXi Trunk
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
spanning-tree portfast trunk
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
channel-group 2 mode active

ok after deleteing the n1kv vms and vcenter and then reinstalling all I got the error again,
N1KV# 2013 Jun 18 17:48:12 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_STATE_CONFLICT: Removing VEM 3 due to state conflict VSM(NodeId Processed), VEM(ModIns End Rcvd)
2013 Jun 18 17:48:13 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 18 17:48:16 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.52.100 detected as module 3
2013 Jun 18 17:48:16 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 18 17:48:22 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_STATE_CONFLICT: Removing VEM 3 due to state conflict VSM(NodeId Processed), VEM(ModIns End Rcvd)
2013 Jun 18 17:48:23 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 18 17:48:34 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.52.100 detected as module 3
2013 Jun 18 17:48:34 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 18 17:48:41 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_STATE_CONFLICT: Removing VEM 3 due to state conflict VSM(NodeId Processed), VEM(ModIns End Rcvd)
2013 Jun 18 17:48:42 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 18 17:49:03 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.52.100 detected as module 3
2013 Jun 18 17:49:03 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 18 17:49:10 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_STATE_CONFLICT: Removing VEM 3 due to state conflict VSM(NodeId Processed), VEM(ModIns End Rcvd)
2013 Jun 18 17:49:11 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 18 17:49:29 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.51.100 detected as module 3
2013 Jun 18 17:49:29 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 18 17:49:35 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_STATE_CONFLICT: Removing VEM 3 due to state conflict VSM(NodeId Processed), VEM(ModIns End Rcvd)
2013 Jun 18 17:49:36 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 18 17:49:53 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.51.100 detected as module 3
2013 Jun 18 17:49:53 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
2013 Jun 18 17:49:59 N1KV %VEM_MGR-2-VEM_MGR_REMOVE_STATE_CONFLICT: Removing VEM 3 due to state conflict VSM(NodeId Processed), VEM(ModIns End Rcvd)
2013 Jun 18 17:50:00 N1KV %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
2013 Jun 18 17:50:05 N1KV %VEM_MGR-2-VEM_MGR_DETECTED: Host 192.168.52.100 detected as module 3
2013 Jun 18 17:50:05 N1KV %VEM_MGR-2-MOD_ONLINE: Module 3 is online
Host A
~ # vemcmd show card
Card UUID type 2: 03000200-0400-0500-0006-000700080009
Card name:
Switch name: N1KV
Switch alias: DvsPortset-0
Switch uuid: e6 dc 36 50 c0 a9 d9 a5-0b 98 fb 90 e1 fc 99 af
Card domain: 2
Card slot: 1
VEM Tunnel Mode: L3 Mode
L3 Ctrl Index: 49
L3 Ctrl VLAN: 52
VEM Control (AIPC) MAC: 00:02:3d:10:02:00
VEM Packet (Inband) MAC: 00:02:3d:20:02:00
VEM Control Agent (DPA) MAC: 00:02:3d:40:02:00
VEM SPAN MAC: 00:02:3d:30:02:00
Primary VSM MAC : 00:50:56:b6:96:f2
Primary VSM PKT MAC : 00:50:56:b6:11:b6
Primary VSM MGMT MAC : 00:50:56:b6:48:c6
Standby VSM CTRL MAC : ff:ff:ff:ff:ff:ff
Management IPv4 address: 192.168.52.100
Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
Primary L3 Control IPv4 address: 192.168.54.2
Secondary VSM MAC : 00:00:00:00:00:00
Secondary L3 Control IPv4 address: 0.0.0.0
Upgrade : Default
Max physical ports: 32
Max virtual ports: 216
Card control VLAN: 1
Card packet VLAN: 1
Control type multicast: No
Card Headless Mode : Yes
       Processors: 4
Processor Cores: 4
Processor Sockets: 1
Kernel Memory:   16669764
Port link-up delay: 5s
Global UUFB: DISABLED
Heartbeat Set: False
PC LB Algo: source-mac
Datapath portset event in progress : no
Licensed: No
Host B
~ # vemcmd show card
Card UUID type 2: 03000200-0400-0500-0006-000700080009
Card name:
Switch name: N1KV
Switch alias: DvsPortset-0
Switch uuid: bf fb 28 50 1b 26 dd ae-05 bd 4e 48 2e 37 56 f3
Card domain: 2
Card slot: 3
VEM Tunnel Mode: L3 Mode
L3 Ctrl Index: 49
L3 Ctrl VLAN: 51
VEM Control (AIPC) MAC: 00:02:3d:10:02:02
VEM Packet (Inband) MAC: 00:02:3d:20:02:02
VEM Control Agent (DPA) MAC: 00:02:3d:40:02:02
VEM SPAN MAC: 00:02:3d:30:02:02
Primary VSM MAC : 00:50:56:a8:f5:f0
Primary VSM PKT MAC : 00:50:56:a8:3c:62
Primary VSM MGMT MAC : 00:50:56:a8:b4:a4
Standby VSM CTRL MAC : 00:50:56:a8:30:d5
Management IPv4 address: 192.168.51.100
Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
Primary L3 Control IPv4 address: 192.168.54.2
Secondary VSM MAC : 00:00:00:00:00:00
Secondary L3 Control IPv4 address: 0.0.0.0
Upgrade : Default
Max physical ports: 32
Max virtual ports: 216
Card control VLAN: 1
Card packet VLAN: 1
Control type multicast: No
Card Headless Mode : No
       Processors: 4
Processor Cores: 4
Processor Sockets: 1
Kernel Memory:   16669760
Port link-up delay: 5s
Global UUFB: DISABLED
Heartbeat Set: True
PC LB Algo: source-mac
Datapath portset event in progress : no
Licensed: Yes
I used the nexus 1000v java installer so I don't know what it keeps assigning the same UUID nor do I know how to change it.
Here is the other output you requested,
N1KV# show vms internal info dvs
DVS INFO:
DVS name: [N1KV]
      UUID: [bf fb 28 50 1b 26 dd ae-05 bd 4e 48 2e 37 56 f3]
      Description: [(null)]
      Config version: [1]
      Max ports: [8192]
      DC name: [Galaxy]
     OPQ data: size [1121], data: [data-version 1.0
switch-domain 2
switch-name N1KV
cp-version 4.2(1)SV2(1.1a)
control-vlan 1
system-primary-mac 00:50:56:a8:f5:f0
active-vsm packet mac 00:50:56:a8:3c:62
active-vsm mgmt mac 00:50:56:a8:b4:a4
standby-vsm ctrl mac 0050-56a8-30d5
inband-vlan 1
svs-mode L3
l3control-ipaddr 192.168.54.2
upgrade state 0 mac 0050-56a8-30d5 l3control-ipv4 null
cntl-type-mcast 0
profile dvportgroup-26 trunk 1,51-57,110
profile dvportgroup-26 mtu 9000
profile dvportgroup-27 access 51
profile dvportgroup-27 mtu 1500
profile dvportgroup-27 capability l3control
profile dvportgroup-28 access 52
profile dvportgroup-28 mtu 1500
profile dvportgroup-28 capability l3control
profile dvportgroup-29 access 53
profile dvportgroup-29 mtu 1500
profile dvportgroup-30 access 54
profile dvportgroup-30 mtu 1500
profile dvportgroup-31 access 55
profile dvportgroup-31 mtu 1500
profile dvportgroup-32 access 56
profile dvportgroup-32 mtu 1500
profile dvportgroup-34 trunk 220
profile dvportgroup-34 mtu 9000
profile dvportgroup-35 access 220
profile dvportgroup-35 mtu 1500
profile dvportgroup-35 capability iscsi-multipath
end-version 1.0
      push_opq_data flag: [1]
show svs neighbors
Active Domain ID: 2
AIPC Interface MAC: 0050-56a8-f5f0
Inband Interface MAC: 0050-56a8-3c62
Src MAC           Type   Domain-id    Node-id     Last learnt (Sec. ago)
0050-56a8-30d5     VSM         2         0201      1020.45
0002-3d40-0202     VEM         2         0302         1.33
I cannot add Host A to the N1KV it errors out with,
vDS operation failed on host 192.168.52.100, An error occurred during host configuration. got (vim.fault.PlatformConfigFault) exception
Host B (192.168.51.100) was added fine, then I moved a vmkernel to the N1KV which brought up the VEM and got the VEM flapping errors.

Software ASA Similar To Nexus 1000v

Hello,
I was wondering if Cisco has a software version of the ASA similar to the Nexus 1000v I could run in a VM for UCS?
Thanks

There's a vASA coming out. This will be a fully featured virtual version of today's ASA product. Not sure the exact release date, but should be later this year.
Regards,
Robert

Port-security and Nexus 1000v

Is there really any true need for port-security on Nexus 1000v for vethernet ports? Can a VM be assigned a previously used vethernet port that would trigger a port-security action?

If you want to prevent admins or malicious users from being able change the mac address of a VM then port-security is a useful feature. Especially in VDI environments where users might have full admin control of the VM and can change the mac of the vnic.
Now about veths ports. A veth gets assigned to a VM and stays with that VM. A veth is only released when either the nic on the VM is deleted or the nic is assigned to another port-profile on the N1KV or a port-group on a vSwitch or VMware DVS. Now when the veth is released it does not retain any of the piror information. It's freed up and added to a pool of available veths. When a veth is needed for a VM in either the same port-profile or a different port-profile the free veth will be grabbed and initialized. It does not retain any of the previous settings.
So assigning a VM to a previsously used veth port should not trigger a violation. The MAC should get learned and traffic should be able to flow.

Nexus 1000v Layer3 Control not coming up

Similar Messages

Maybe you are looking for