Nexus 1000v load balancing policy
what load balancing policy is used for the 1000v?
looks like the default is
port-channel load-balance ethernet source-mac
when shuld another policy be used?
dest-ip-port Destination IP address and L4 port
dest-ip-port-vlan Destination IP address, L4 port and VLAN
destination-ip-vlan Destination IP address and VLAN
destination-mac Destination MAC address
destination-port Destination L4 port
source-dest-ip-port Source & Destination IP address and L4 port
source-dest-ip-port-vlan Source & Destination IP address, L4 port and VLAN
source-dest-ip-vlan Source & Destination IP address and VLAN
source-dest-mac Source & Destination MAC address
source-dest-port Source & Destination L4 port
source-ip-port Source IP address and L4 port
source-ip-port-vlan Source IP address, L4 port and VLAN
source-ip-vlan Source IP address and VLAN
source-mac Source MAC address
source-port Source L4 port
source-virtual-port-id Source Virtual Port Id
vlan-only VLAN only
By the way,
Sample config to enable persistence rebalance for your existing config is as follows:
parameter-map type http persist
persistence-rebalance
policy-map multi-match VLAN300_LAYER4_POLICY
class VIP_WEBSITE_HTTPS
appl-parameter http advanced-options persist
Joel
Similar Messages
-
NFS and ISCSI using ip hash load balance policy
As i know all these days that the best practice for iscsi is to use single nic and one standby with " route based port id" ButI have seen in a client placethat NFS and iscsi are configured to use"route based ip hash" and multiple nic and it has been working all these days. i can not see that iscsi does multi path there.I was told by the sys admin that it is ok to use that since the both protocol are configured in same storage and it does not make sense to separate it ,his explanation that if we want separate policy then use separate storage that is one for nfs and other for iscsi, i do not buy that, i might be wrong.He pointed his link below saying that you can use ip hash.http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalI....Is it ok to use " route based ip hash for iscsi as on the link?
This topic first appeared in the Spiceworks CommunityWhen you create your uplink port profile you simply use the auto channel command in your config:
channel-group auto mode on
This will create a static etherchannel when two or more ports are added to the uplink port profile from the same host. Assuming your upstream switch config is still set to "mode on" for the etherchannel config, there's nothing to change.
Regards,
Robert -
Server Load-balancing Across Two Data centers on Layer 3
Hi,
I have a customer who would like to load balance two Microsoft Exchange 2010 CAS Servers which are residing across two data centers.
Which is the best solution for this? Cisco ACE or Cisco ACE GSS or both?I would go with source natting the clients ip addresses, so that return traffic from the servers is routed correctly.
It saves you the trouble with maintaining PBR as well.
Source NAT can be done on the ACE, by applying the configuration to either the load balancing policy, or adding the configuration to the class-map entries in the multi-match policy.
Cheers,
Søren
Sent from Cisco Technical Support iPad App -
OSB jms clustering - load balancing seems to be not working
Hi All,
I have one admin server and two managed servers running ( one of these managed server is running in the remote linux machine) in a cluster
I have connectionfactory created with load balance enabled with round robin
and server affinity is disabled
I have queue created as uniformly distributed Q
I have a proxy service with load balancing as roundrobin and endpoint URL as below
jms://rdoelapp001011:61703,rdoelapp001013:61703/synergyConnectionFactory1/MM_gridQ0
If I execute this proxy sending messages it always go to one server only. There is no message going to the other server.
If I shutdown the server that receives messages then the other server is receiving messages. Seems like fail-over is working but not the load-balancing
There is one point may be worth mentioning here is, from the admin console if I look at the servers for the clusters it has below information
Name State Drop-out Frequency Remote Groups Discovered Local Group Leader Total Groups Discovered Group Leaders Groups Primary
synergyOSBServer1 RUNNING Never 0 synergyOSBServer1 1 synergyOSBServer1 *{synergyOSBServer1}* 0
synergyOSBServer2 RUNNING Never 0 synergyOSBServer1 1 synergyOSBServer1 *{synergyOSBServer1, synergyOSBServer2}* 0
one server has groups as {synergYOSBServer1} instead of {synergyOSBServer1, synergyOSBServer2}. Does that look correct?
here is my jms xml file
<?xml version='1.0' encoding='UTF-8'?>
<weblogic-jms xmlns="http://xmlns.oracle.com/weblogic/weblogic-jms" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/weblogic-jms http://xmlns.oracle.com/weblogic/weblogic-jms/1.1/weblogic-jms.xsd">
*<connection-factory name="synergyConnectionFactory1">*
*<sub-deployment-name>synergySubDeploy1</sub-deployment-name>*
*<default-targeting-enabled>false</default-targeting-enabled>*
*<jndi-name>synergyConnectionFactory1</jndi-name>*
*<client-params>*
*<client-id-policy>Restricted</client-id-policy>*
*<subscription-sharing-policy>Exclusive</subscription-sharing-policy>*
*<messages-maximum>10</messages-maximum>*
*</client-params>*
*<transaction-params>*
*<xa-connection-factory-enabled>false</xa-connection-factory-enabled>*
*</transaction-params>*
*<load-balancing-params>*
*<load-balancing-enabled>true</load-balancing-enabled>*
*<server-affinity-enabled>false</server-affinity-enabled>*
*</load-balancing-params>*
*<security-params>*
*<attach-jmsx-user-id>false</attach-jmsx-user-id>*
*</security-params>*
*</connection-factory>*
<uniform-distributed-queue name="errorQ">
<sub-deployment-name>synergySubDeploy1</sub-deployment-name>
<default-targeting-enabled>false</default-targeting-enabled>
<jndi-name>errorQ</jndi-name>
<load-balancing-policy>Round-Robin</load-balancing-policy>
<forward-delay>-1</forward-delay>
<reset-delivery-count-on-forward>true</reset-delivery-count-on-forward>
</uniform-distributed-queue>
<uniform-distributed-queue name="undlvQ">
<sub-deployment-name>synergySubDeploy1</sub-deployment-name>
<default-targeting-enabled>false</default-targeting-enabled>
<jndi-name>undlvQ</jndi-name>
<load-balancing-policy>Round-Robin</load-balancing-policy>
<forward-delay>-1</forward-delay>
<reset-delivery-count-on-forward>true</reset-delivery-count-on-forward>
</uniform-distributed-queue>
*<uniform-distributed-queue name="MM_gridQ0">*
*<sub-deployment-name>synergySubDeploy1</sub-deployment-name>*
*<default-targeting-enabled>false</default-targeting-enabled>*
*<jndi-name>MM_gridQ0</jndi-name>*
*<load-balancing-policy>Round-Robin</load-balancing-policy>*
*<forward-delay>5</forward-delay>*
*<reset-delivery-count-on-forward>true</reset-delivery-count-on-forward>*
*</uniform-distributed-queue>*
<saf-imported-destinations name="synergySAFImportedDest1">
<sub-deployment-name>synergySubDeploy1</sub-deployment-name>
<default-targeting-enabled>false</default-targeting-enabled>
<saf-queue name="gridQ0">
<remote-jndi-name>MB_gridQ0</remote-jndi-name>
<local-jndi-name>gridQ0</local-jndi-name>
<non-persistent-qos>At-Least-Once</non-persistent-qos>
<time-to-live-default>0</time-to-live-default>
<use-saf-time-to-live-default>false</use-saf-time-to-live-default>
<unit-of-order-routing>Hash</unit-of-order-routing>
</saf-queue>
<jndi-prefix>MB_</jndi-prefix>
<saf-remote-context>synergySAFContext1</saf-remote-context>
<saf-error-handling>synergySAFErrorHndlr1</saf-error-handling>
<time-to-live-default>0</time-to-live-default>
<use-saf-time-to-live-default>false</use-saf-time-to-live-default>
<unit-of-order-routing>Hash</unit-of-order-routing>
</saf-imported-destinations>
<saf-remote-context name="synergySAFContext1">
<saf-login-context>
<loginURL>t3://rdoelapp001013:7001</loginURL>
<username>weblogic</username>
<password-encrypted>{AES}z9VY/K4M7ItAr2Vedvhx+j9htR/HkbY2LRh1ED+Cz5Y=</password-encrypted>
</saf-login-context>
<compression-threshold>2147483647</compression-threshold>
</saf-remote-context>
<saf-error-handling name="synergySAFErrorHndlr1">
<policy>Log</policy>
<log-format xsi:nil="true"></log-format>
<saf-error-destination xsi:nil="true"></saf-error-destination>
</saf-error-handling>
</weblogic-jms>
Any help will be greatly appriciated
Edited by: 818591 on Feb 16, 2011 11:28 AMI am not getting you here "the right approach is to make OSB run on the man server cluster and not on admin server. "
I have a jms proxy service that I created from admin console
And also I have gone thru the step 5 in the link below
http://download.oracle.com/docs/cd/E13159_01/osb/docs10gr3/deploy/config.html#wp1524235
If I am not wrong, the proxy service endpoint URI determines where it is pointing to. If it is a cluster environment, it should point to a clustered address
My proxy has below endpoint URI
jms://rdoelapp001011:61703,rdoelapp001013:61703/synergyConnectionFactory1/MM_gridQ0
and rdoelapp001011:61703,rdoelapp001013:61703 is my cluster address
As per your suggestion "To fix your problem, *make osb to run on the cluster* and specify the same URL for the jms proxy service"
Could you please provide some instruction how would I "make osb jms proxy service to run in a cluster"
As a note, I have Q defined as a distributed Q and connection factory targets to the cluster. UDQ also targtes to the cluster.
Just for a testing I have created another manged server running local to the machine where my admin server is running
And I created a proxy by following steps as I mentioned above and with endpoint URI as below
jms://rdoelapp001011:61703,rdoelapp001013:61703,*rdoelapp001011:61700*/synergyConnectionFactory1/MM_gridQ0
where the new address of my cluster is rdoelapp001011:61703,rdoelapp001013:61703,rdoelapp001011:61700
It did create consumers in both the managed servers in the cluster that are running locally, but no consumers in the remote managed server.
So I am kind of leaning towards thinking that there is some incorrect setup for the remote managed server and may be admin server is not able to communicate to the remote server for some reason but not sure about it..
As a note the cluster is setup to communicate using "unicast" channel
and I created a channel in each manged server with the same name
here is the cluster configuration
<name>synergyCluster1</name>
<cluster-address>rdoelapp001011:61703,rdoelapp001013:61703,rdoelapp001011:61700</cluster-address>
<default-load-algorithm>round-robin</default-load-algorithm>
*<cluster-messaging-mode>unicast</cluster-messaging-mode>*
*<cluster-broadcast-channel>synergyChannel1</cluster-broadcast-channel>*
*<number-of-servers-in-cluster-address>3</number-of-servers-in-cluster-address>*
</cluster>
here are the twoOSBserver configuration
<server>
<name>synergyOSBServer1</name>
<machine xsi:nil="true"></machine>
<listen-port>61703</listen-port>
<cluster>synergyCluster1</cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<server-debug>
<debug-scope>
<name>weblogic.jms.saf</name>
<enabled>true</enabled>
</debug-scope>
<debug-jmssaf>true</debug-jmssaf>
<debug-saf-sending-agent>true</debug-saf-sending-agent>
</server-debug>
<listen-address>localhost</listen-address>
<network-access-point>
*<name>synergyChannel1</name>*
*<protocol>cluster-broadcast</protocol>*
*<listen-address>localhost</listen-address>*
*<listen-port>61702</listen-port>*
<http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
<tunneling-enabled>false</tunneling-enabled>
*<outbound-enabled>true</outbound-enabled>*
*<enabled>true</enabled>*
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<client-certificate-enforced>false</client-certificate-enforced>
</network-access-point>
<jta-migratable-target>
<user-preferred-server>synergyOSBServer1</user-preferred-server>
<cluster>synergyCluster1</cluster>
</jta-migratable-target>
</server>
<server>
<name>synergyOSBServer2</name>
<ssl>
<enabled>false</enabled>
</ssl>
<machine xsi:nil="true"></machine>
<listen-port>61703</listen-port>
<listen-port-enabled>true</listen-port-enabled>
<cluster>synergyCluster1</cluster>
<web-server>
<web-server-log>
<number-of-files-limited>false</number-of-files-limited>
</web-server-log>
</web-server>
<listen-address>rdoelapp001013</listen-address>
<network-access-point>
*<name>synergyChannel1</name>*
*<protocol>cluster-broadcast</protocol>*
*<listen-address>rdoelapp001013</listen-address>*
*<listen-port>61702</listen-port>*
<http-enabled-for-this-protocol>true</http-enabled-for-this-protocol>
<tunneling-enabled>false</tunneling-enabled>
*<outbound-enabled>true</outbound-enabled>*
*<enabled>true</enabled>*
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<client-certificate-enforced>false</client-certificate-enforced>
</network-access-point>
<java-compiler>javac</java-compiler>
<jta-migratable-target>
<user-preferred-server>synergyOSBServer2</user-preferred-server>
<cluster>synergyCluster1</cluster>
</jta-migratable-target>
<client-cert-proxy-enabled>false</client-cert-proxy-enabled>
</server>
<server>
Edited by: 818591 on Feb 18, 2011 11:26 AM -
ACE30 Load balancing based on IP and using x-forward-for header
Hi Guys,
We currently have a load balancing policy setup to direct traffic to say FARM-A based on a particular range of source (client) IP addresses, and the default FARM-B for all the other traffic.
We are now looking to introduce a web application firewall (WAF) before the ACE. The WAF will be inserting the client IP address into the x-forward-for http header. Now I was wondering how best can be achieve the load balancing based on source IP given that we'll have to parse the HTTP header for this x-forward-for field? Are there any examples that anyone can point me to?
let me know if you have any questions.
thanks
SheldonHi Sheldon,
You might try creating a class map that matches on the XFF header. Then use that as the L7 load balance criteria (based on the hash value of the XFF header), using the predictor hash header.
-Alex -
Need help with ACE Load Balancing Base on URL pattern
This is the first time for me trying to configure something like this on the ACE load balancer. I need help configuring a load balancing policy base on URL pattern. URL https://ineedhelp.com base on /willuhelpme and /imlost
Key: ineedhelp_key
cert: ineedhelp_cert
serverfarmA
serverA 10.1.1.1 443
serverfarmB
serverB 10.1.1.2 443
ineedhelp.com/willuhelpme-------serverfarmA
ineedhelp.ocm/imlost---------------serverfarmBThis is the first time for me trying to configure something like this on the ACE load balancer. I need help configuring a load balancing policy base on URL pattern. URL https://ineedhelp.com base on /willuhelpme and /imlost
Key: ineedhelp_key
cert: ineedhelp_cert
serverfarmA
serverA 10.1.1.1 443
serverfarmB
serverB 10.1.1.2 443
ineedhelp.com/willuhelpme-------serverfarmA
ineedhelp.ocm/imlost---------------serverfarmB -
Distributed Queue - Unable To Load Balance Between Each Time A Send Method Is Called
Hi,
According to the JMS documentation, I should be able to get the
distributed queue to load balance
between each time the message producer calls Message.send(). I was not
able to achieve this, however,
I noticed the load balancing happens when a JMS client is stopped and
restarted (meaning totally
exit the JVM and restart the JVM).
Here is my configuration:
WLS 8.1 SP2 on XP
One cluster with two nodes (running on the same machine w/ different port)
Each node hosts one JMS server, which hosts one physical queue and using
JDBC store
One distributed queue with two physical members from each of the JMS
server.
JMS Connection Factory is configured with "Load Balancing Enabled" set to
yes,
and "Server Affinity Enabled" to no. This connection factory is target to
the cluster.
The queue session for the queue sender is created with transaction setting
to false.
Any hints and ideas would greatly appreciated.
Here is the content of config.xml:
========================================================================
<?xml version="1.0" encoding="UTF-8"?>
<Domain ConfigurationVersion="8.1.0.0" Name="odh">
<Cluster ClusterAddress="localhost:8001,localhost:9001"
MulticastAddress="237.0.0.1" Name="odhCluster_1"/>
<Server ListenAddress="" ListenPort="7001" Machine="localhost"
Name="odhAdmin" NativeIOEnabled="true" ServerVersion="8.1.2.0">
<SSL Enabled="false" HostnameVerificationIgnored="false"
IdentityAndTrustLocations="KeyStores" Name="odhAdmin"/>
</Server>
<Server Cluster="odhCluster_1" ExpectedToRun="false"
IIOPEnabled="false" ListenAddress="" ListenPort="8001"
Machine="localhost" Name="odhManagedServer_1"
NativeIOEnabled="true" ServerVersion="8.1.2.0">
<SSL Enabled="false" IdentityAndTrustLocations="KeyStores"
Name="odhManagedServer_1"/>
<ExecuteQueue Name="weblogic.kernel.Default" ThreadCount="15"/>
</Server>
<Server Cluster="odhCluster_1" ExpectedToRun="false"
IIOPEnabled="false" ListenAddress="" ListenPort="9001"
Machine="localhost" Name="odhManagedServer_2"
NativeIOEnabled="true" ServerVersion="8.1.2.0">
<SSL Enabled="false" IdentityAndTrustLocations="KeyStores"
Name="odhManagedServer_2"/>
<ExecuteQueue Name="weblogic.kernel.Default" ThreadCount="15"/>
</Server>
<MigratableTarget Cluster="odhCluster_1"
Name="odhManagedServer_1 (migratable)"
Notes="This is a system generated default migratable target for a
server. Do not delete manually."
UserPreferredServer="odhManagedServer_1"/>
<MigratableTarget Cluster="odhCluster_1"
Name="odhManagedServer_2 (migratable)"
Notes="This is a system generated default migratable target for a
server. Do not delete manually."
UserPreferredServer="odhManagedServer_2"/>
<Machine Name="localhost">
<NodeManager ListenAddress="localhost" Name="localhost"/>
</Machine>
<JMSConnectionFactory AcknowledgePolicy="All"
DefaultDeliveryMode="Persistent"
JNDIName="com.neoforma.ConnectionFactory"
Name="odhConnectionFactory" ServerAffinityEnabled="false"
Targets="odhCluster_1" XAConnectionFactoryEnabled="true"/>
<JMSDistributedQueue JNDIName="com.neoforma.odhDistributedQueue_1"
LoadBalancingPolicy="Round-Robin" Name="odhDistributedQueue_1"
Targets="odhCluster_1">
<JMSDistributedQueueMember JMSQueue="odhQueue_1"
Name="DistributedQueueMember_1"/>
<JMSDistributedQueueMember JMSQueue="odhQueue_2"
Name="DistributedQueueMember_2"/>
</JMSDistributedQueue>
<JMSJDBCStore ConnectionPool="odhMessagePool"
Name="odhJMSJDBCStore_1" PrefixName="Order1_"/>
<JMSJDBCStore ConnectionPool="odhMessagePool"
Name="odhJMSJDBCStore_2" PrefixName="Order2_"/>
<JMSServer Name="odhJMSServer_1" Store="odhJMSJDBCStore_1"
Targets="odhManagedServer_1">
<JMSQueue CreationTime="1076439896999"
JNDIName="com.neoforma.odhQueue_1" Name="odhQueue_1"
StoreEnabled="true"/>
</JMSServer>
<JMSServer Name="odhJMSServer_2" Store="odhJMSJDBCStore_2"
Targets="odhManagedServer_2">
<JMSQueue CreationTime="1076439664343"
JNDIName="com.neoforma.odhQueue_2" Name="odhQueue_2"
StoreEnabled="true"/>
</JMSServer>
<JDBCConnectionPool
DriverName="oracle.jdbc.xa.client.OracleXADataSource"
Name="odhConnectionPool" Password="...."
Properties="user=..." Targets="odhCluster_1"
TestTableName="SQL SELECT 1 FROM DUAL" URL="................."/>
<JDBCConnectionPool DriverName="oracle.jdbc.driver.OracleDriver"
Name="odhMessagePool" Password="....."
Properties="user=....." Targets="odhCluster_1"
TestTableName="SQL SELECT 1 FROM DUAL" URL="............."/>
<JDBCMultiPool AlgorithmType="High-Availability"
Name="odhJDBCMultiPool_1"
PoolList="odhConnectionPool,odhMessagePool"
Targets="odhCluster_1"/>
<JDBCTxDataSource EnableTwoPhaseCommit="false"
JNDIName="com.neoforma.order.orderDS" Name="odhJDBCDataSource_1"
PoolName="odhConnectionPool" Targets="odhCluster_1"/>
<Security Name="odh" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm" RealmSetup="true"/>
<!--
<EmbeddedLDAP
Credential="{3DES}j+xkS9y1EYJUfic+M9ZJ+5DqGjiwTaVnt+Ti0TQWxXg="
Name="odh"/>
<SecurityConfiguration
Credential="{3DES}OiyDMEOJS4gPLumKeKYWC+Kj9xWib6MhbmrNjeBmjJ7bpJypNb6Z7bUtAQF/bvi2RrFMs+3kqKerWNyD3NyT3QsrsyPoBDT0"
Name="odh" RealmBootStrapVersion="1"/>
-->
<Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
<FileRealm Name="wl_default_file_realm"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<Application Deployed="true" Name="odh.ear"
Path="D:\bea\user_projects\domains\odh\applications\odh.ear"
StagedTargets="odhManagedServer_1,odhManagedServer_2"
StagingMode="stage" TwoPhase="true">
<EJBComponent Name="odh.jar" Targets="odhCluster_1" URI="odh.jar"/>
</Application>
<StartupClass ClassName="com.neoforma.startup.JMXMBeanStartup"
DeploymentOrder="1" Name="ODH MBean Startup Class"
Notes="ODH MBean Startup Class - Note" Targets="odhAdmin"/>
<EmbeddedLDAP
Credential="{3DES}YFY55/dsdxI9HL/AKGRXHuR1VwyJewNFdAHdrtk/WMM="
Name="odh"/>
<SecurityConfiguration
Credential="{3DES}ZCPa1Bsrj3z2DhVKVUbq32zTYipDVff+LDB9+1b2Dr4VLhz5yjZyHgPheqS/kum4VVZamDYN07Hyb6rALiCTHhwt1EzK5+M+"
Name="odh" RealmBootStrapVersion="1"/>
</Domain>
Thanks for the Makiey. I am surprise that BEA hasn't come back with any
info.
Hien
On 7 Jul 2004 01:51:01 -0700, makiey <[email protected]> wrote:
>
> Hi Hien Luu,
>
> We also have a problem with load balancing, tested with WLS 7.0 SP4 and
> WLS 8.1
> SP2 (HP UX). The only "working" configuration is load-balancing policy =
> random
> (CF deployed to cluster, load balancing enabled, affinity disabled).
> With the
> "round-robin" policy we cannot utilize more than 50% dis. queue's
> members.
>
> I'm trying to prepare a reproducer...
>
> greetings,
> makiey
>
>
> "Hien Luu" <[email protected]> wrote:
>> Hi,
>>
>> According to the JMS documentation, I should be able to get the =
>>
>> distributed queue to load balance
>> between each time the message producer calls Message.send(). I was not
>> =
>> =
>>
>> able to achieve this, however,
>> I noticed the load balancing happens when a JMS client is stopped and
>> =
>>
>> restarted (meaning totally
>> exit the JVM and restart the JVM).
>>
>> Here is my configuration:
>>
>> WLS 8.1 SP2 on XP
>> One cluster with two nodes (running on the same machine w/ different
>> por=
>> t)
>> Each node hosts one JMS server, which hosts one physical queue and
>> using=
>> =
>>
>> JDBC store
>> One distributed queue with two physical members from each of the JMS
>> =
>>
>> server.
>> JMS Connection Factory is configured with "Load Balancing Enabled" set
>> t=
>> o =
>>
>> yes,
>> and "Server Affinity Enabled" to no. This connection factory is target
>> =
>> to =
>>
>> the cluster.
>>
>> The queue session for the queue sender is created with transaction
>> setti=
>> ng =
>>
>> to false.
>>
>> Any hints and ideas would greatly appreciated.
>>
>>
>> Here is the content of config.xml:
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
>>
>> <?xml version=3D"1.0" encoding=3D"UTF-8"?>
>> <Domain ConfigurationVersion=3D"8.1.0.0" Name=3D"odh">
>> <Cluster ClusterAddress=3D"localhost:8001,localhost:9001"
>> MulticastAddress=3D"237.0.0.1" Name=3D"odhCluster_1"/>
>> <Server ListenAddress=3D"" ListenPort=3D"7001" Machine=3D"localhost=
>> "
>> Name=3D"odhAdmin" NativeIOEnabled=3D"true" ServerVersion=3D"8.1=
>> .2.0">
>> <SSL Enabled=3D"false" HostnameVerificationIgnored=3D"false"
>> IdentityAndTrustLocations=3D"KeyStores" Name=3D"odhAdmin"/>=
>>
>> </Server>
>> <Server Cluster=3D"odhCluster_1" ExpectedToRun=3D"false"
>> IIOPEnabled=3D"false" ListenAddress=3D"" ListenPort=3D"8001"
>> Machine=3D"localhost" Name=3D"odhManagedServer_1"
>> NativeIOEnabled=3D"true" ServerVersion=3D"8.1.2.0">
>> <SSL Enabled=3D"false" IdentityAndTrustLocations=3D"KeyStores"
>> =
>> =
>>
>> Name=3D"odhManagedServer_1"/>
>> <ExecuteQueue Name=3D"weblogic.kernel.Default" ThreadCount=3D"1=
>> 5"/>
>> </Server>
>> <Server Cluster=3D"odhCluster_1" ExpectedToRun=3D"false"
>> IIOPEnabled=3D"false" ListenAddress=3D"" ListenPort=3D"9001"
>> Machine=3D"localhost" Name=3D"odhManagedServer_2"
>> NativeIOEnabled=3D"true" ServerVersion=3D"8.1.2.0">
>> <SSL Enabled=3D"false" IdentityAndTrustLocations=3D"KeyStores"
>> =
>> =
>>
>> Name=3D"odhManagedServer_2"/>
>> <ExecuteQueue Name=3D"weblogic.kernel.Default" ThreadCount=3D"1=
>> 5"/>
>> </Server>
>> <MigratableTarget Cluster=3D"odhCluster_1"
>> Name=3D"odhManagedServer_1 (migratable)"
>> Notes=3D"This is a system generated default migratable target
>> f=
>> or a =
>>
>> server. Do not delete manually."
>> UserPreferredServer=3D"odhManagedServer_1"/>
>> <MigratableTarget Cluster=3D"odhCluster_1"
>> Name=3D"odhManagedServer_2 (migratable)"
>> Notes=3D"This is a system generated default migratable target
>> f=
>> or a =
>>
>> server. Do not delete manually."
>> UserPreferredServer=3D"odhManagedServer_2"/>
>> <Machine Name=3D"localhost">
>> <NodeManager ListenAddress=3D"localhost" Name=3D"localhost"/>
>> </Machine>
>> <JMSConnectionFactory AcknowledgePolicy=3D"All"
>> DefaultDeliveryMode=3D"Persistent"
>> JNDIName=3D"com.neoforma.ConnectionFactory"
>> Name=3D"odhConnectionFactory" ServerAffinityEnabled=3D"false"
>> Targets=3D"odhCluster_1" XAConnectionFactoryEnabled=3D"true"/>
>> <JMSDistributedQueue JNDIName=3D"com.neoforma.odhDistributedQueue_1=
>> "
>> LoadBalancingPolicy=3D"Round-Robin" Name=3D"odhDistributedQueue=
>> _1" =
>>
>> Targets=3D"odhCluster_1">
>> <JMSDistributedQueueMember JMSQueue=3D"odhQueue_1" =
>>
>> Name=3D"DistributedQueueMember_1"/>
>> <JMSDistributedQueueMember JMSQueue=3D"odhQueue_2" =
>>
>> Name=3D"DistributedQueueMember_2"/>
>> </JMSDistributedQueue>
>> <JMSJDBCStore ConnectionPool=3D"odhMessagePool"
>> Name=3D"odhJMSJDBCStore_1" PrefixName=3D"Order1_"/>
>> <JMSJDBCStore ConnectionPool=3D"odhMessagePool"
>> Name=3D"odhJMSJDBCStore_2" PrefixName=3D"Order2_"/>
>> <JMSServer Name=3D"odhJMSServer_1" Store=3D"odhJMSJDBCStore_1"
>> =
>>
>> Targets=3D"odhManagedServer_1">
>> <JMSQueue CreationTime=3D"1076439896999"
>> JNDIName=3D"com.neoforma.odhQueue_1" Name=3D"odhQueue_1"
>> =
>>
>> StoreEnabled=3D"true"/>
>> </JMSServer>
>> <JMSServer Name=3D"odhJMSServer_2" Store=3D"odhJMSJDBCStore_2"
>> =
>>
>> Targets=3D"odhManagedServer_2">
>> <JMSQueue CreationTime=3D"1076439664343"
>> JNDIName=3D"com.neoforma.odhQueue_2" Name=3D"odhQueue_2"
>> =
>>
>> StoreEnabled=3D"true"/>
>> </JMSServer>
>> <JDBCConnectionPool
>> DriverName=3D"oracle.jdbc.xa.client.OracleXADataSource"
>> Name=3D"odhConnectionPool" Password=3D"...."
>> Properties=3D"user=3D..." Targets=3D"odhCluster_1"
>> TestTableName=3D"SQL SELECT 1 FROM DUAL" URL=3D"...............=
>> .."/>
>> <JDBCConnectionPool DriverName=3D"oracle.jdbc.driver.OracleDriver"
>> Name=3D"odhMessagePool" Password=3D"....."
>> Properties=3D"user=3D....." Targets=3D"odhCluster_1"
>> TestTableName=3D"SQL SELECT 1 FROM DUAL" URL=3D"............."/=
>>>
>> <JDBCMultiPool AlgorithmType=3D"High-Availability"
>> Name=3D"odhJDBCMultiPool_1"
>> PoolList=3D"odhConnectionPool,odhMessagePool" =
>>
>> Targets=3D"odhCluster_1"/>
>> <JDBCTxDataSource EnableTwoPhaseCommit=3D"false"
>> JNDIName=3D"com.neoforma.order.orderDS" Name=3D"odhJDBCDataSour=
>> ce_1"
>> PoolName=3D"odhConnectionPool" Targets=3D"odhCluster_1"/>
>> <Security Name=3D"odh" PasswordPolicy=3D"wl_default_password_policy=
>> "
>> Realm=3D"wl_default_realm" RealmSetup=3D"true"/>
>> <!--
>> <EmbeddedLDAP
>> Credential=3D"{3DES}j+xkS9y1EYJUfic+M9ZJ+5DqGjiwTaVnt+Ti0TQWxXg=
>> =3D" =
>>
>> Name=3D"odh"/>
>> <SecurityConfiguration
>> Credential=3D"{3DES}OiyDMEOJS4gPLumKeKYWC+Kj9xWib6MhbmrNjeBmjJ7=
>> bpJypNb6Z7bUtAQF/bvi2RrFMs+3kqKerWNyD3NyT3QsrsyPoBDT0"
>> Name=3D"odh" RealmBootStrapVersion=3D"1"/>
>> -->
>> <Realm FileRealm=3D"wl_default_file_realm" Name=3D"wl_default_realm=
>> "/>
>> <FileRealm Name=3D"wl_default_file_realm"/>
>> <PasswordPolicy Name=3D"wl_default_password_policy"/>
>> <Application Deployed=3D"true" Name=3D"odh.ear"
>> Path=3D"D:\bea\user_projects\domains\odh\applications\odh.ear"
>> StagedTargets=3D"odhManagedServer_1,odhManagedServer_2"
>> StagingMode=3D"stage" TwoPhase=3D"true">
>> <EJBComponent Name=3D"odh.jar" Targets=3D"odhCluster_1" URI=3D"=
>> odh.jar"/>
>> </Application>
>> <StartupClass ClassName=3D"com.neoforma.startup.JMXMBeanStartup"
>> DeploymentOrder=3D"1" Name=3D"ODH MBean Startup Class"
>> Notes=3D"ODH MBean Startup Class - Note" Targets=3D"odhAdmin"/>=
>>
>> <EmbeddedLDAP
>> Credential=3D"{3DES}YFY55/dsdxI9HL/AKGRXHuR1VwyJewNFdAHdrtk/WMM=
>> =3D" =
>>
>> Name=3D"odh"/>
>> <SecurityConfiguration
>> Credential=3D"{3DES}ZCPa1Bsrj3z2DhVKVUbq32zTYipDVff+LDB9+1b2Dr4=
>> VLhz5yjZyHgPheqS/kum4VVZamDYN07Hyb6rALiCTHhwt1EzK5+M+"
>> Name=3D"odh" RealmBootStrapVersion=3D"1"/>
>> </Domain>
>
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
-
ESXi 4.1 NIC Teaming's Load-Balancing Algorithm,Nexus 7000 and UCS
Hi, Cisco Gurus:
Please help me in answering the following questions (UCSM 1.4(xx), 2 UCS 6140XP, 2 Nexus 7000, M81KR in B200-M2, No Nexus 1000V, using VMware Distributed Switch:
Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?
Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned?
Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct?
Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES?
I would really appreciate if someone can help me clear these lingering doubts of mine.
God Bless.
SiMSim,
Here are my thoughts without a 1000v in place,
Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000? //Yes, for vPC to UCS the best practice is to bowtie uplink to (2) 7K or 5Ks.
Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned? //The port channel will be configured on both the UCSM and the 7K. The pro of a port channel would be both bandwidth and redundancy. vPC would be prefered.
Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct? //Without the 1000v, I always tend to leave to dvSwitch load balence behavior at the default of "route by portID".
Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES? UCS can perform L2 but Northbound should be performing L3.
Cheers,
David Jarzynka -
Nexus 6K: Port-Channel Load-Balance
Hi all,
I configured "port-channel load-balance ethernet source-dest-mac" on Nexus 6001. But when I use "show run all | in load-balance", it displays module 1 and module 2 are still using source-dest-ip for port-channel load-balance. And for command "show port-channel load-balance" and "show port-channel load-balance forwarding-path interface", it still shows switch using MAC for hash algorithm. The NXOS is 6.0(2)N1(2a).
Does anybody know:
- What is the function of "port-channel load-balance ethernet source-dest-ip module" and in which situation this command will be effective?
- It shows "port-channel load-balance ethernet source-dest-ip module" command for both module 1 and 2. Module 1 is N6K Supervisor and module 2 is 4xQSFP Ethernet Module. Is it possible to set different load-balance algorithm to these 2 modules?
# show run all | in load-balance
port-channel load-balance ethernet source-dest-mac
port-channel load-balance ethernet source-dest-ip module 1
port-channel load-balance ethernet source-dest-ip module 2
# show port-channel load-balance
Port Channel Load-Balancing Configuration:
System: source-dest-mac
Port Channel Load-Balancing Addresses Used Per-Protocol:
Non-IP: source-dest-mac
IP: source-dest-mac
# show port-channel load-balance forwarding-path interface port-channel 30 vlan 150 src-ip 172.25.228.6 dst-ip 172.25.226.97
Missing params will be substituted by 0's.
Load-balance Algorithm on switch: source-dest-mac
crc_hash: 977 Polynomial: CRC10b Outgoing port id Ethernet1/2
Param(s) used to calculate load-balance:
seed: 0x701
dst-mac: 0000.0000.0000
src-mac: 0000.0000.0000
# show module
Mod Ports Module-Type Model Status
1 48 Norcal 64 Supervisor N6K-C6001-64P-SUP active *
2 10 Nexus 4xQSFP Ethernet Module N6K-C6001-M4Q ok
Mod Sw Hw World-Wide-Name(s) (WWN)
1 6.0(2)N2(3) 1.0 --
2 6.0(2)N2(3) 1.0 --Hi all,
I configured "port-channel load-balance ethernet source-dest-mac" on Nexus 6001. But when I use "show run all | in load-balance", it displays module 1 and module 2 are still using source-dest-ip for port-channel load-balance. And for command "show port-channel load-balance" and "show port-channel load-balance forwarding-path interface", it still shows switch using MAC for hash algorithm. The NXOS is 6.0(2)N1(2a).
Does anybody know:
- What is the function of "port-channel load-balance ethernet source-dest-ip module" and in which situation this command will be effective?
- It shows "port-channel load-balance ethernet source-dest-ip module" command for both module 1 and 2. Module 1 is N6K Supervisor and module 2 is 4xQSFP Ethernet Module. Is it possible to set different load-balance algorithm to these 2 modules?
# show run all | in load-balance
port-channel load-balance ethernet source-dest-mac
port-channel load-balance ethernet source-dest-ip module 1
port-channel load-balance ethernet source-dest-ip module 2
# show port-channel load-balance
Port Channel Load-Balancing Configuration:
System: source-dest-mac
Port Channel Load-Balancing Addresses Used Per-Protocol:
Non-IP: source-dest-mac
IP: source-dest-mac
# show port-channel load-balance forwarding-path interface port-channel 30 vlan 150 src-ip 172.25.228.6 dst-ip 172.25.226.97
Missing params will be substituted by 0's.
Load-balance Algorithm on switch: source-dest-mac
crc_hash: 977 Polynomial: CRC10b Outgoing port id Ethernet1/2
Param(s) used to calculate load-balance:
seed: 0x701
dst-mac: 0000.0000.0000
src-mac: 0000.0000.0000
# show module
Mod Ports Module-Type Model Status
1 48 Norcal 64 Supervisor N6K-C6001-64P-SUP active *
2 10 Nexus 4xQSFP Ethernet Module N6K-C6001-M4Q ok
Mod Sw Hw World-Wide-Name(s) (WWN)
1 6.0(2)N2(3) 1.0 --
2 6.0(2)N2(3) 1.0 -- -
Nexus port channel load balance
Hi
I just want to clarify one setting for the port channel load balance on Nexus 6k switch. If I use the load balance option source-dest-ip-only, will following four converstions be load balanced?
10.10.10.1 -> 192.168.1.1
10.10.10.2 -> 192.168.1.1
10.10.10.1 -> 192.168.1.1
10.10.10.1 -> 192.168.1.2
Thanks. LeoHi Leo,
I think there may be typo in your question as I only see three conversations and not four. That aside I've not seen the Nexus port-channel load balancing sufficiently well documented to be able to give you the exact answer.
In their configuration guides Cisco only include the following statement:
Cisco NX-OS load balances traffic across all operational interfaces in a port channel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the channel.
There is other documentation that states the load balancing algorithm uses a CRC-8 based polynomial, but as we don't know exactly which parts of the frame are used in the calculation, I don't see it's possible to calculate the answer and so derive the link that will be used for a given conversation.
While I've not seen full documentation regarding the science used in the calculation, what Cisco have done is provide a command on the switch CLI that will allow you to determine which link of a port-channel will be used.
If you run the command show port-channel load-balance forwarding-path interface port-channel vlan src-ip dst-ip then one of the parts of the output is the member link of the port-channel that will be used for that flow.
You can find full details of the options for the show port-channel load-balance command in the command reference.
One other point to remember is that the load balancing across a port-channel is unidirectional, and the hashing might be completely different for the return flow of a conversation. For example it is entirely possible that traffic from A to B could use one link of a port-channel, while the return traffic from B to A for the same conversation could use a different link.
In general I would use the source-dest-port option for load balancing on the Nexus switches as this will obviously include the Layer-4 port numbers in the calculation, and so give you a better distribution of flows across all member links.
Regards -
Nexus - port-channel load balancing
Port-channel load balancing is a global command or interface command in Nexus switch?
Thanks,
ManuHi,
It's a global command; port-channel load-balance ethernet.
You can find details in the Configuring Load Balancing Using Port Channels section of the Nexus 5500 Series NX-OS Interfaces Configuration Guide.
Regards -
[Nexus 1000v] VEM can't be add into VSM
hi all,
following my lab, i have some problems with Nexus 1000V when VEM can't be add into VSM.
+ on VSM has already installed on ESX 1 (standalone or ha) and you can see:
Cisco_N1KV# show module
Mod Ports Module-Type Model Status
1 0 Virtual Supervisor Module Nexus1000V active *
Mod Sw Hw
1 4.2(1)SV1(4a) 0.0
Mod MAC-Address(es) Serial-Num
1 00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA
Mod Server-IP Server-UUID Server-Name
1 10.4.110.123 NA NA
+ on ESX2 that 's installed VEM
[root@esxhoadq ~]# vem status
VEM modules are loaded
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 128 3 128 1500 vmnic0
VEM Agent (vemdpa) is running
[root@esxhoadq ~]#
any advices for this,
thanks so muchHi,
i'm having similar issue: the VEM insatlled on the ESXi is not showing up on the VSM.
please check from the following what can be wrong?
This is the VEM status:
~ # vem status -v
Package vssnet-esx5.5.0-00000-release
Version 4.2.1.1.4.1.0-2.0.1
Build 1
Date Wed Jul 27 04:42:14 PDT 2011
Number of PassThru NICs are 0
VEM modules are loaded
Switch Name Num Ports Used Ports Configured Ports MTU Uplinks
vSwitch0 128 4 128 1500 vmnic0
DVS Name Num Ports Used Ports Configured Ports MTU Uplinks
VSM11 256 40 256 1500 vmnic2,vmnic1
Number of PassThru NICs are 0
VEM Agent (vemdpa) is running
~ # vemcmd show port
LTL VSM Port Admin Link State PC-LTL SGID Vem Port
18 UP UP F/B* 0 vmnic1
19 DOWN UP BLK 0 vmnic2
* F/B: Port is BLOCKED on some of the vlans.
Please run "vemcmd show port vlans" to see the details.
~ # vemcmd show trunk
Trunk port 6 native_vlan 1 CBL 1
vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
Trunk port 16 native_vlan 1 CBL 1
vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
Trunk port 18 native_vlan 1 CBL 0
vlan(111) cbl 1, vlan(112) cbl 1,
~ # vemcmd show port
LTL VSM Port Admin Link State PC-LTL SGID Vem Port
18 UP UP F/B* 0 vmnic1
19 DOWN UP BLK 0 vmnic2
* F/B: Port is BLOCKED on some of the vlans.
Please run "vemcmd show port vlans" to see the details.
~ # vemcmd show port vlans
Native VLAN Allowed
LTL VSM Port Mode VLAN State Vlans
18 T 1 FWD 111-112
19 A 1 BLK 1
~ # vemcmd show port
LTL VSM Port Admin Link State PC-LTL SGID Vem Port
18 UP UP F/B* 0 vmnic1
19 DOWN UP BLK 0 vmnic2
* F/B: Port is BLOCKED on some of the vlans.
Please run "vemcmd show port vlans" to see the details.
~ # vemcmd show port vlans
Native VLAN Allowed
LTL VSM Port Mode VLAN State Vlans
18 T 1 FWD 111-112
19 A 1 BLK 1
~ # vemcmd show trunk
Trunk port 6 native_vlan 1 CBL 1
vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
Trunk port 16 native_vlan 1 CBL 1
vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
Trunk port 18 native_vlan 1 CBL 0
vlan(111) cbl 1, vlan(112) cbl 1,
~ # vemcmd show card
Card UUID type 2: ebd44e72-456b-11e0-0610-00000000108f
Card name: esx
Switch name: VSM11
Switch alias: DvsPortset-0
Switch uuid: c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78
Card domain: 1
Card slot: 1
VEM Tunnel Mode: L2 Mode
VEM Control (AIPC) MAC: 00:02:3d:10:01:00
VEM Packet (Inband) MAC: 00:02:3d:20:01:00
VEM Control Agent (DPA) MAC: 00:02:3d:40:01:00
VEM SPAN MAC: 00:02:3d:30:01:00
Primary VSM MAC : 00:50:56:ac:00:42
Primary VSM PKT MAC : 00:50:56:ac:00:44
Primary VSM MGMT MAC : 00:50:56:ac:00:43
Standby VSM CTRL MAC : ff:ff:ff:ff:ff:ff
Management IPv4 address: 10.1.240.30
Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
Secondary VSM MAC : 00:00:00:00:00:00
Secondary L3 Control IPv4 address: 0.0.0.0
Upgrade : Default
Max physical ports: 32
Max virtual ports: 216
Card control VLAN: 111
Card packet VLAN: 112
Card Headless Mode : Yes
Processors: 8
Processor Cores: 4
Processor Sockets: 1
Kernel Memory: 16712336
Port link-up delay: 5s
Global UUFB: DISABLED
Heartbeat Set: False
PC LB Algo: source-mac
Datapath portset event in progress : no
~ #
On VSM
VSM11# sh svs conn
connection vcenter:
ip address: 10.1.240.38
remote port: 80
protocol: vmware-vim https
certificate: default
datacenter name: New Datacenter
admin:
max-ports: 8192
DVS uuid: c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78
config status: Enabled
operational status: Connected
sync status: Complete
version: VMware vCenter Server 4.1.0 build-345043
VSM11# sh svs ?
connections Show connection information
domain Domain Configuration
neighbors Svs neighbors information
upgrade Svs upgrade information
VSM11# sh svs dom
SVS domain config:
Domain id: 1
Control vlan: 111
Packet vlan: 112
L2/L3 Control mode: L2
L3 control interface: NA
Status: Config push to VC successful.
VSM11# sh port
^
% Invalid command at '^' marker.
VSM11# sh run
!Command: show running-config
!Time: Sun Nov 20 11:35:52 2011
version 4.2(1)SV1(4a)
feature telnet
username admin password 5 $1$QhO77JvX$A8ykNUSxMRgqZ0DUUIn381 role network-admin
banner motd #Nexus 1000v Switch#
ssh key rsa 2048
ip domain-lookup
ip domain-lookup
hostname VSM11
snmp-server user admin network-admin auth md5 0x389a68db6dcbd7f7887542ea6f8effa1
priv 0x389a68db6dcbd7f7887542ea6f8effa1 localizedkey
vrf context management
ip route 0.0.0.0/0 10.1.240.254
vlan 1,111-112
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile type ethernet Unused_Or_Quarantine_Uplink
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type ethernet system-uplink
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 111-112
no shutdown
system vlan 111-112
description "System profile"
state enabled
port-profile type vethernet servers11
vmware port-group
switchport mode access
switchport access vlan 11
no shutdown
description "Data Profile for VM Traffic"
port-profile type ethernet vm-uplink
vmware port-group
switchport mode access
switchport access vlan 11
no shutdown
description "Uplink profile for VM traffic"
state enabled
vdc VSM11 id 1
limit-resource vlan minimum 16 maximum 2049
limit-resource monitor-session minimum 0 maximum 2
limit-resource vrf minimum 16 maximum 8192
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 32 maximum 32
limit-resource u6route-mem minimum 16 maximum 16
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
interface mgmt0
ip address 10.1.240.124/24
interface control0
line console
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4a.bin sup-1
boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4a.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4a.bin sup-2
boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4a.bin sup-2
svs-domain
domain id 1
control vlan 111
packet vlan 112
svs mode L2
svs connection vcenter
protocol vmware-vim
remote ip address 10.1.240.38 port 80
vmware dvs uuid "c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78" datacenter-n
ame New Datacenter
max-ports 8192
connect
vsn type vsg global
tcp state-checks
vnm-policy-agent
registration-ip 0.0.0.0
shared-secret **********
log-level
thank you
Michel -
Nexus 1000v VSM can't comunicate with the VEM
This is the configuration I have on my vsm
!Command: show running-config
!Time: Thu Dec 20 02:15:30 2012
version 4.2(1)SV2(1.1)
svs switch edition essential
no feature telnet
banner motd #Nexus 1000v Switch#
ssh key rsa 2048
ip domain-lookup
ip host Nexus-1000v 172.16.0.69
hostname Nexus-1000v
errdisable recovery cause failed-port-state
vem 3
host vmware id 78201fe5-cc43-e211-0000-00000000000c
vem 4
host vmware id e51f2078-43cc-11e2-0000-000000000009
priv 0xa2cb98ffa3f2bc53380d54d63b6752db localizedkey
vrf context management
ip route 0.0.0.0/0 172.16.0.1
vlan 1-2
port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile type ethernet Unused_Or_Quarantine_Uplink
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type ethernet vmware-uplinks
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 1-3967,4048-4093
channel-group auto mode on
no shutdown
system vlan 2
state enabled
port-profile type vethernet Management
vmware port-group
switchport mode access
switchport access vlan 2
no shutdown
state enabled
port-profile type vethernet vMotion
vmware port-group
switchport mode access
switchport access vlan 2
no shutdown
state enabled
port-profile type vethernet ServidoresGestion
vmware port-group
switchport mode access
switchport access vlan 2
no shutdown
state enabled
port-profile type vethernet L3-VSM
capability l3control
vmware port-group
switchport mode access
switchport access vlan 2
no shutdown
system vlan 2
state enabled
port-profile type vethernet VSG-Data
vmware port-group
switchport mode access
switchport access vlan 2
no shutdown
state enabled
port-profile type vethernet VSG-HA
vmware port-group
switchport mode access
switchport access vlan 2
no shutdown
state enabled
vdc Nexus-1000v id 1
limit-resource vlan minimum 16 maximum 2049
limit-resource monitor-session minimum 0 maximum 2
limit-resource vrf minimum 16 maximum 8192
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 1 maximum 1
limit-resource u6route-mem minimum 1 maximum 1
interface mgmt0
ip address 172.16.0.69/25
interface control0
line console
boot kickstart bootflash:/nexus-1000v-kickstart.4.2.1.SV2.1.1.bin sup-1
boot system bootflash:/nexus-1000v.4.2.1.SV2.1.1.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart.4.2.1.SV2.1.1.bin sup-2
boot system bootflash:/nexus-1000v.4.2.1.SV2.1.1.bin sup-2
svs-domain
domain id 1
control vlan 1
packet vlan 1
svs mode L3 interface mgmt0
svs connection vcenter
protocol vmware-vim
remote ip address 172.16.0.66 port 80
vmware dvs uuid "ae 31 14 50 cf b2 e7 3a-5c 48 65 0f 01 9b b5 b1" datacenter-n
ame DTIC Datacenter
admin user n1kUser
max-ports 8192
connect
vservice global type vsg
tcp state-checks invalid-ack
tcp state-checks seq-past-window
no tcp state-checks window-variation
no bypass asa-traffic
vnm-policy-agent
registration-ip 172.16.0.70
shared-secret **********
policy-agent-image bootflash:/vnmc-vsmpa.2.0.0.38.bin
log-level
for some reason my vsm can't the the vem. I could before, but then my server crashed without doing a copy run start and when it booted up all my config but the uplinks was lost.
When I tried to configure the connection again it wasn't working.
I'm also attaching a screen capture of the vds
and a capture of the regular switch.
I will appreciate very much any help you could give me and will provide any configuration details that you might need.
Thank you so much.Carlos,
Looking at vds.jpg, you do not have any VEM vmkernel interface attached to port-profile L3-VSM. So fix VSM-VEM communication problem, you either migrate your VEM management vmkernel interface to L3-VSM port-profile of the vds, or create new VMkernel port on your VEM/host and attach it to L3-VSM port-profile. -
Cisco ACE - Firewall load balancing
I am using two sets of ACE load balancers for load balancing traffic across two firewalls (firewall load balancing).
The solution works fine. I have a virtual address of 0.0.0.0 in either direction to match traffci going from the internal users to the internet and vice versa.
The problem is that when I try to manage the load-balanced firewalls (either using SSH (or) HTTPS) from outside, then that connection also gets load balanced and when I try to connect to FW1 then sometimes this connection ends up on FW2 and vice versa and the connection gets dropped. I have a workaround in place where i am using a virtual address per firewall to connect to the real IP address of the firewall.
Is there any other way of managing firewalls (which are defined as real-servers) in a FWLB setup.
Attached is the configuration of the external ACE which has the two firewalls defined as the real-servers.
access-list ALL line 8 extended permit ip any any
probe icmp ICMP-Probe
interval 15
passdetect interval 60
rserver host FW1-ASA
ip address 10.11.71.10
inservice
rserver host FW2
ip address 10.11.71.11
inservice
serverfarm host Firewalls
transparent
predictor leastconns
rserver FW1-ASA
inservice
rserver FW2
inservice
serverfarm host Firewalls-NO-LB
rserver FW1-ASA
inservice
serverfarm host Firewalls-NO-LB1
rserver FW2
inservice
sticky ip-netmask 255.255.255.255 address source new-sticky
timeout activeconns
serverfarm Firewalls
This is my workaround for connection to the IP address of the firewalls (for management)
class-map match-any FW-Real
2 match virtual-address 10.11.71.254 any
class-map match-any FW-Real2
2 match virtual-address 10.11.71.253 any
class-map type management match-any Remote-Access
201 match protocol telnet any
202 match protocol http any
203 match protocol https any
204 match protocol ssh any
205 match protocol snmp any
206 match protocol icmp any
class-map match-any fwlb
2 match virtual-address 0.0.0.0 0.0.0.0 any
policy-map type management first-match Remote-Management-Policy
class Remote-Access
permit
policy-map type loadbalance first-match FWLB-No-LB
class class-default
serverfarm Firewalls-NO-LB
policy-map type loadbalance first-match FWLB-No-LB1
class class-default
serverfarm Firewalls-NO-LB1
policy-map type loadbalance first-match FWLB-l7slb
class class-default
serverfarm Firewalls
policy-map multi-match Firewall-No-LB
class FW-Real
loadbalance vip inservice
loadbalance policy FWLB-No-LB
policy-map multi-match Firewall-No-LB1
class FW-Real2
loadbalance vip inservice
loadbalance policy FWLB-No-LB1
policy-map multi-match int70
class fwlb
loadbalance vip inservice
loadbalance policy FWLB-l7slb
interface vlan 70
description "Client side"
ip address 10.11.70.2 255.255.255.0
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
service-policy input Firewall-No-LB --> connect to the real IP address of the firewall for management
service-policy input Firewall-No-LB1 --> connect to the real IP address of the firewall for management
service-policy input int70
no shutdown
interface vlan 71
description "Firewall side"
ip address 10.11.71.2 255.255.255.0
mac-sticky enable
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
no shutdownHello,
as i know, there is no others ways.
You can only reduce your configuration by puting all your class undert the same policy-map:
policy-map multi-match int70
class FW-Real
loadbalance vip inservice
loadbalance policy FWLB-No-LB
class FW-Real2
loadbalance vip inservice
loadbalance policy FWLB-No-LB1
class fwlb
loadbalance vip inservice
loadbalance policy FWLB-l7slb
interface vlan 70
description "Client side"
ip address 10.11.70.2 255.255.255.0
no icmp-guard
access-group input ALL
access-group output ALL
service-policy input Remote-Management-Policy
service-policy input int70
no shutdown -
ACE load balancing servers on different subnets...
Hello,
I have the following issue.... need to load balance traffic between two servers already working in two different subnets (vlans), at this point is highly desirable to avoid changing IP addresses. Is it possible to accomplish this goal using ACE? routed or bridged mode? is it strictly necessary to have all servers belonging to a serverfarm in the same subnet?
Thanks in advanced for your support.Hi,
You can do this, but you have to use client-NAT (Source-NAT) to force the return traffic to pass back through the ACE. You also then need static routes in the ACE context to point at each server. PBR is an alternative approach but I have not implemented that in a live network. The important thing is that the ACE sees both sides of the conversation.
The following extract from a configuration shows the basic principle:
rserver host master
ip address 10.199.95.2
inservice
rserver host slave
ip address 10.199.38.68
inservice
serverfarm host FARM-web2-Master
description Serverfarm Master
probe PROBE-web2
rserver master
inservice
serverfarm host FARM-web2-Slave
description Serverfarm Slave
probe PROBE-web2
rserver slave
inservice
class-map match-any L4VIPCLASS
2 match virtual-address 10.199.80.12 tcp eq www
3 match virtual-address 10.199.80.12 tcp eq https
policy-map type management first-match REMOTE-MGMT-ALLOW-POLICY
class REMOTE-ACCESS
permit
policy-map type loadbalance first-match LB-POLICY
class class-default
serverfarm FARM-web2-Master backup FARM-web2-Slave
policy-map multi-match L4POLICY
class L4VIPCLASS
loadbalance vip inservice
loadbalance policy LB-POLICY
loadbalance vip icmp-reply active
loadbalance vip advertise
nat dynamic 1 vlan 384
service-policy input L4POLICY
interface vlan 383
description ACE-web2-Clientside
ip address 10.199.80.13 255.255.255.248
alias 10.199.80.12 255.255.255.248
peer ip address 10.199.80.14 255.255.255.248
access-group input ACL-IN
access-group output PERMIT-ALL
no shutdown
interface vlan 384
description ACE-web2-Serverside
ip address 10.199.80.18 255.255.255.240
alias 10.199.80.17 255.255.255.240
peer ip address 10.199.80.19 255.255.255.240
access-group input PERMIT-ALL
access-group output PERMIT-ALL
nat-pool 1 10.199.80.20 10.199.80.20 netmask 255.255.255.240 pat
no shutdown
ip route 0.0.0.0 0.0.0.0 10.199.80.9
ip route 10.199.95.2 255.255.255.255 10.199.80.21
ip route 10.199.38.68 255.255.255.255 10.199.80.21
HTH
Cathy
Maybe you are looking for
-
How can I move my left over money from my UAE account into USD for my American itunes account?
How can I move my left over money from my UAE account into USD for my American itunes account?
-
Solution for blinking yellow LED despite the fact it works
I've seen a bunch of questions/comments about frustrations about having blinking yellow LEDs even when everything seems to work. Here's how to fix this: 1) Launch AirPort Utility 2) Select your base station in the list at the left 3) Select "Manual S
-
Activated phone but still can't get it to work.
I have spent all day activating my iphone, set up an account, etc. and now it when I send a text or someone tries to text me it tells me "recipient has insufficient funds to receive message". I have tried to call customer service only to be disconne
-
How to flush apps from iPad2 using a "Restore from backup"
When I receive an iPad back from loan (library environment) it frequently has additional apps loaded by the borrower, over and above the small set of apps that we provide when the iPad is checked out. If we reset the iPad (Settings/General/Reset/Eras
-
Guys.........need your help very badly........ I have a requirement and need your guidance in terms of UCM Licensing in Canada. My client wants to convert all his hard copies into soft copies and make those documents searchable. I suggested Oracle UC