Nexus 1000v VEM module bouncing between hosts

Similar Messages

• Nexus 1000V VEM Issues

  I am having some problems with VSM/VEM connectivity after an upgrade that I'm hoping someone can help with.
  I have a 2 ESXi host cluster that I am upgrading from vSphere 5.0 to 5.5u1, and upgrading a Nexus 1000V from SV2(2.1) to SV2(2.2).  I upgraded vCenter without issue (I'm using the vCSA), but when I attempted to upgrade ESXi-1 to 5.5u1 using VUM it complained that a VIB was incompatible.  After tracing this VIB to the 1000V VEM, I created an ESXi 5.5u1 installer package containing the SV2(2.2) VEM VIB for ESXi 5.5 and attempted to use VUM again but was still unsuccessful
  I removed the VEM VIB from the vDS and the host and was able to upgrade the host to 5.5u1.  I tried to add it back to the vDS and was given the error below:
  vDS operation failed on host esxi1, Received SOAP response fault from [<cs p:00007fa5d778d290, TCP:esxi1.gooch.net:443>]: invokeHostTransactionCall
  Received SOAP response fault from [<cs p:1f3cee20, TCP:localhost:8307>]: invokeHostTransactionCall
  An error occurred during host configuration. got (vim.fault.PlatformConfigFault) exception
  I installed the VEM VIB manually at the CLI with 'esxcli software vib install -d /tmp/cisco-vem-v164-4.2.1.2.2.2.0-3.2.1.zip' and I'm able to add to to the vDS, but when I connect the uplinks and migrate the L3 Control VMKernel, I get the following error where it complains about the SPROM when the module comes online, then it eventually drops the VEM.
  2014 Mar 29 15:34:54 n1kv %VEM_MGR-2-VEM_MGR_DETECTED: Host esxi1 detected as module 3
  2014 Mar 29 15:34:54 n1kv %VDC_MGR-2-VDC_CRITICAL: vdc_mgr has hit a critical error: SPROM data is invalid. Please reprogram your SPROM!
  2014 Mar 29 15:34:54 n1kv %VEM_MGR-2-MOD_ONLINE: Module 3 is online
  2014 Mar 29 15:37:14 n1kv %VEM_MGR-2-VEM_MGR_REMOVE_NO_HB: Removing VEM 3 (heartbeats lost)
  2014 Mar 29 15:37:19 n1kv %STP-2-SET_PORT_STATE_FAIL: Port state change req to PIXM failed, status = 0x41e80001 [failure] vdc 1, tree id 0, num ports 1, ports  state BLK, opcode MTS_OPC_PIXM_SET_MULT_CBL_VLAN_BM_FOR_MULT_PORTS, msg id (2274781), rr_token 0x22B5DD
  2014 Mar 29 15:37:21 n1kv %VEM_MGR-2-MOD_OFFLINE: Module 3 is offline
  I have tried gracefully removing ESXi-1 from the vDS and cluster, reformatting it with a fresh install of ESXi 5.5u1, but when I try to join it to the N1KV it throws the same error.

  Hi, 
  The SET_PORT_STATE_FAIL message is usually thrown when there is a communication issue between the VSM and the VEM while the port-channel interface is being programmed. 
  What is the uplink port profile configuration? 
  Other hosts are using this uplink port profile successfully?
  The upstream configuration on an affected and a working host is the same? (ie control VLAN allowed where necessary)
  Per kpate's post, control VLAN needs to be a system VLAN on the uplink port profile.
  The VDC SPROM message is a cosmetic defect
  https://tools.cisco.com/bugsearch/bug/CSCul65853/
  HTH,
  Joe

• Nexus 1K VEM module shutdown (with DELL BLADE server)

  Hello, This is Vince.
  I am doing  one of PoC with important customer.
  Can anyone help me to explain what the problem is?
  I have been found couples of strange situation in a Nexus 1000V with DELL BLADE server)
  Actually, Network diagram is like below.
  I installed each two Vsphere Esxi on the Dell Blade server.
  As Diagram shows each server is connected to Cisco N5K via M8024 Dell Blade Switch.
  - two N1KV VM are installed on the Esxi. (of course as Primary and Secondary)
  - N5K is connected to M8024 in vPC.
  - VSM and VEM are checking each other via Layer3 control interface.
  - the way of uplink's port-profile port channel LB is mac pinning.
  interface control0
    ip address 10.10.100.10/24
  svs-domain
    domain id 1
    control vlan 1
    packet vlan 1
    svs mode L3 interface control0
  port-profile type ethernet Up-Link
    vmware port-group
    switchport mode trunk
    switchport trunk allowed vlan 1-2,10,16,30,77-78,88,100,110,120-121,130
    switchport trunk allowed vlan add 140-141,150,160-161,166,266,366
    service-policy type queuing output N1KV_SVC_Uplink
    channel-group auto mode on mac-pinning
    no shutdown
    system vlan 1,10,30,100
    state enabled
  n1000v# show module
  Mod  Ports  Module-Type                       Model               Status
  1    0      Virtual Supervisor Module         Nexus1000V          ha-standby
  2    0      Virtual Supervisor Module         Nexus1000V          active *
  3    332    Virtual Ethernet Module           NA                  ok
  4    332    Virtual Ethernet Module           NA                  ok
  Mod  Sw                  Hw     
  1    4.2(1)SV2(2.1a)     0.0                                             
  2    4.2(1)SV2(2.1a)     0.0                                             
  3    4.2(1)SV2(2.1a)     VMware ESXi 5.5.0 Releasebuild-1331820 (3.2)    
  4    4.2(1)SV2(2.1a)     VMware ESXi 5.5.0 Releasebuild-1331820 (3.2)    
  Mod  Server-IP        Server-UUID                           Server-Name
  1    10.10.10.10      NA                                    NA
  2    10.10.10.10      NA                                    NA
  3    10.10.10.101     4c4c4544-0038-4210-8053-b5c04f485931  10.10.10.101
  4    10.10.10.102     4c4c4544-0043-5710-8053-b4c04f335731  10.10.10.102
  Let me explain what the strange things happened from now on.
  If I move the Primary N1KV on the module 3 to the another Esxi of the module 4, VEM will be shutdown suddenly.
  Here is sys logs.
  2013 Dec 20 15:45:22 n1000v %VEM_MGR-2-VEM_MGR_REMOVE_NO_HB: Removing VEM 4 (heartbeats lost)
  2013 Dec 20 15:45:22 n1000v %VIM-5-IF_DETACHED_MODULE_REMOVED: Interface Ethernet4/7 is detached (module removed)
  2013 Dec 20 15:45:22 n1000v %VIM-5-IF_DETACHED_MODULE_REMOVED: Interface Ethernet4/8 is detached (module removed)
  2013 Dec 20 15:45:22 n1000v %VIM-5-IF_DETACHED_MODULE_REMOVED: Interface Vethernet1 is detached (module removed)
  2013 Dec 20 15:45:22 n1000v %VIM-5-IF_DETACHED_MODULE_REMOVED: Interface Vethernet17 is detached (module removed)
  2013 Dec 20 15:45:22 n1000v %VIM-5-IF_DETACHED_MODULE_REMOVED: Interface Vethernet9 is detached (module removed)
  2013 Dec 20 15:45:22 n1000v %VIM-5-IF_DETACHED_MODULE_REMOVED: Interface Vethernet37 is detached (module removed)
  2013 Dec 20 15:46:53 n1000v %VEM_MGR-2-MOD_OFFLINE: Module 4 is offline
  If I wanna make it works again then I have to do two things.
  First of all, It should be selected on the Source MAC Check the way of vSwitch's Load balance.
  (Port ID check is the default)
  Second of all, the the order of Switch's fail over is very important.
  If I change this order then VEM will be off in very soon.
  Here you go, the screen capture file of These option. (you may not understand these Korean letters.)
  In my opinion, the main problem is the link part between Esxi and M8024.
  As you saw, Each Esxi is connected to two M8024 Dell Blade switches separately.
  I saw the manual for the way N1K's uplink Load balance.
  Even though there are 16 different port-channel LB way,
  but It should be used only the way of src-mac  If there is no supporting port-channel option in the upstreaming switches.
  But I don't know exactly why this situation happened.
  Can anyone help me how I make it works better.
  Thanks in advance.
  Best Regards,
  Vince

  There's not enough information to determine the reason by those two outputs alone.  All those commands tell us is the VSM is removing/attaching the VEM.
  The normal cause for the VEM to flap is a problem with the Control VLAN communication.  The loss of 6 consecutive heart beats will cause the VEM to detach from the VSM.  We need to isolate the reason why.
  -Which version of 1000v & ESX?
  -Are multiple VEMs affected or just one?
  -Are the VSM's interfaces hosted on the DVS or vSwitch?
  -What is the network topology between the VEM and VSM (primarily the control VLAN)
  -Do you have the Cisco SR # I can take a look into it.  TAC is your best course of action for an issue like this.  There will likely need to be live troubleshooting into your network environment to determine the cause.
  Regards,
  Robert

• Nexus 1000v / pvlan promiscuous trunk / Cross-host communication.

  Hello,
  We are planning the deployment of Nexus 1000v with “promiscuous trunk” uplink ports. We want to be sure cross-host in isolated pvlan will not be possible .
  Looking at the picture, I was wondering if the communication between VM-A on ESX1 and VM-B on ESX 2 (both on isolated pvlan) will be impossible as expected.
  Example: If VM-A on ESX 1 tries to send traffic to VM-B on ESX-2, the vlan 11 tag is remapped to vlan 10 tag at the outgoing uplink on ESX 1.
  Then the flow arrives on ESX 2 with vlan 10 tag on the promiscuous trunk. I understand the promiscuous port can talk to all secondary pvlans, so VM-A can in this case talk with VM-B.
  Is my understanding correct ?
  Or does the Nexus 1000v have an enhanced cross-VEM mechanism which allow to check the source mac address and know that it comes from pan isolated pvlan and as a result cannot communicate.
  Best regards.
  Karim  

  Hello Karim,
  N1k enforces pVLANs across all hosts.  Think of all the N1k VEMs as a single switch.  In your example, VM-A will not be able to talk with VM-B.  We accomplish this isolation by poisoning VEM mac address tables with a null destination.  For example, ESX1 would contain a dynamic entry for VM-B that points to a null LTL value.  If VM-A attempted to send traffic to VM-B's mac, it would not leave the host.
  Please be aware that N1k can only enforce pVLANs for traffic behind the VEMs.  If you have other servers in VLAN 10 on the blue switch, it would be seen as a promiscuous port from N1k standpoint.  Additional configuration would be required to prevent communication.

• [Nexus 1000v] VEM can't be add into VSM

  hi all,
  following my lab, i have some problems with Nexus 1000V when VEM can't be add into VSM.
  + on VSM has already installed on ESX 1 (standalone or ha) and you can see:
  Cisco_N1KV# show module
  Mod  Ports  Module-Type                       Model               Status
  1    0      Virtual Supervisor Module         Nexus1000V          active *
  Mod  Sw                Hw
  1    4.2(1)SV1(4a)     0.0
  Mod  MAC-Address(es)                         Serial-Num
  1    00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8  NA
  Mod  Server-IP        Server-UUID                           Server-Name
  1    10.4.110.123     NA                                    NA
  + on ESX2 that 's installed VEM
  [root@esxhoadq ~]# vem status
  VEM modules are loaded
  Switch Name      Num Ports   Used Ports  Configured Ports  MTU     Uplinks
  vSwitch0         128         3           128               1500    vmnic0
  VEM Agent (vemdpa) is running
  [root@esxhoadq ~]#
  any advices for this,
  thanks so much

  Hi,
  i'm having similar issue: the VEM insatlled on the ESXi is not showing up on the VSM.
  please check from the following what can be wrong?
  This is the VEM status:
  ~ # vem status -v
  Package vssnet-esx5.5.0-00000-release
  Version 4.2.1.1.4.1.0-2.0.1
  Build 1
  Date Wed Jul 27 04:42:14 PDT 2011
  Number of PassThru NICs are 0
  VEM modules are loaded
  Switch Name     Num Ports   Used Ports Configured Ports MTU     Uplinks  
  vSwitch0         128         4           128               1500   vmnic0  
  DVS Name         Num Ports   Used Ports Configured Ports MTU     Uplinks  
  VSM11           256         40         256               1500   vmnic2,vmnic1
  Number of PassThru NICs are 0
  VEM Agent (vemdpa) is running
  ~ # vemcmd show port    
  LTL   VSM Port Admin Link State PC-LTL SGID Vem Port
     18               UP   UP   F/B*     0       vmnic1
     19             DOWN   UP   BLK       0       vmnic2
  * F/B: Port is BLOCKED on some of the vlans.
  Please run "vemcmd show port vlans" to see the details.
  ~ # vemcmd show trunk
  Trunk port 6 native_vlan 1 CBL 1
  vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
  Trunk port 16 native_vlan 1 CBL 1
  vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
  Trunk port 18 native_vlan 1 CBL 0
  vlan(111) cbl 1, vlan(112) cbl 1,
  ~ # vemcmd show port
  LTL   VSM Port Admin Link State PC-LTL SGID Vem Port
     18               UP   UP   F/B*     0       vmnic1
     19            DOWN   UP   BLK       0       vmnic2
  * F/B: Port is BLOCKED on some of the vlans.
  Please run "vemcmd show port vlans" to see the details.
  ~ # vemcmd show port vlans
                         Native VLAN   Allowed
  LTL   VSM Port Mode VLAN   State Vlans
     18             T       1   FWD   111-112
     19             A       1   BLK   1
  ~ # vemcmd show port
  LTL   VSM Port Admin Link State PC-LTL SGID Vem Port
     18               UP   UP   F/B*     0       vmnic1
     19             DOWN   UP   BLK       0       vmnic2
  * F/B: Port is BLOCKED on some of the vlans.
  Please run "vemcmd show port vlans" to see the details.
  ~ # vemcmd show port vlans
                         Native VLAN   Allowed
  LTL   VSM Port Mode VLAN   State Vlans
     18             T       1   FWD   111-112
     19             A       1   BLK   1
  ~ # vemcmd show trunk
  Trunk port 6 native_vlan 1 CBL 1
  vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
  Trunk port 16 native_vlan 1 CBL 1
  vlan(1) cbl 1, vlan(111) cbl 1, vlan(112) cbl 1, vlan(3968) cbl 1, vlan(3969) cbl 1, vlan(3970) cbl 1, vlan(3971) cbl 1,
  Trunk port 18 native_vlan 1 CBL 0
  vlan(111) cbl 1, vlan(112) cbl 1,
  ~ # vemcmd show card
  Card UUID type 2: ebd44e72-456b-11e0-0610-00000000108f
  Card name: esx
  Switch name: VSM11
  Switch alias: DvsPortset-0
  Switch uuid: c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78
  Card domain: 1
  Card slot: 1
  VEM Tunnel Mode: L2 Mode
  VEM Control (AIPC) MAC: 00:02:3d:10:01:00
  VEM Packet (Inband) MAC: 00:02:3d:20:01:00
  VEM Control Agent (DPA) MAC: 00:02:3d:40:01:00
  VEM SPAN MAC: 00:02:3d:30:01:00
  Primary VSM MAC : 00:50:56:ac:00:42
  Primary VSM PKT MAC : 00:50:56:ac:00:44
  Primary VSM MGMT MAC : 00:50:56:ac:00:43
  Standby VSM CTRL MAC : ff:ff:ff:ff:ff:ff
  Management IPv4 address: 10.1.240.30
  Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
  Secondary VSM MAC : 00:00:00:00:00:00
  Secondary L3 Control IPv4 address: 0.0.0.0
  Upgrade : Default
  Max physical ports: 32
  Max virtual ports: 216
  Card control VLAN: 111
  Card packet VLAN: 112
  Card Headless Mode : Yes
         Processors: 8
  Processor Cores: 4
  Processor Sockets: 1
  Kernel Memory:   16712336
  Port link-up delay: 5s
  Global UUFB: DISABLED
  Heartbeat Set: False
  PC LB Algo: source-mac
  Datapath portset event in progress : no
  ~ #
  On VSM
  VSM11# sh svs conn
  connection vcenter:
     ip address: 10.1.240.38
     remote port: 80
     protocol: vmware-vim https
     certificate: default
     datacenter name: New Datacenter
     admin:  
     max-ports: 8192
     DVS uuid: c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78
     config status: Enabled
     operational status: Connected
     sync status: Complete
     version: VMware vCenter Server 4.1.0 build-345043
  VSM11# sh svs ?
  connections Show connection information
  domain       Domain Configuration
  neighbors   Svs neighbors information
  upgrade     Svs upgrade information
  VSM11# sh svs dom
  SVS domain config:
  Domain id:   1  
  Control vlan: 111
  Packet vlan: 112
  L2/L3 Control mode: L2
  L3 control interface: NA
  Status: Config push to VC successful.
  VSM11# sh port
             ^
  % Invalid command at '^' marker.
  VSM11# sh run
  !Command: show running-config
  !Time: Sun Nov 20 11:35:52 2011
  version 4.2(1)SV1(4a)
  feature telnet
  username admin password 5 $1$QhO77JvX$A8ykNUSxMRgqZ0DUUIn381 role network-admin
  banner motd #Nexus 1000v Switch#
  ssh key rsa 2048
  ip domain-lookup
  ip domain-lookup
  hostname VSM11
  snmp-server user admin network-admin auth md5 0x389a68db6dcbd7f7887542ea6f8effa1
  priv 0x389a68db6dcbd7f7887542ea6f8effa1 localizedkey
  vrf context management
  ip route 0.0.0.0/0 10.1.240.254
  vlan 1,111-112
  port-channel load-balance ethernet source-mac
  port-profile default max-ports 32
  port-profile type ethernet Unused_Or_Quarantine_Uplink
  vmware port-group
  shutdown
  description Port-group created for Nexus1000V internal usage. Do not use.
  state enabled
  port-profile type vethernet Unused_Or_Quarantine_Veth
  vmware port-group
  shutdown
  description Port-group created for Nexus1000V internal usage. Do not use.
  state enabled
  port-profile type ethernet system-uplink
  vmware port-group
  switchport mode trunk
  switchport trunk allowed vlan 111-112
  no shutdown
  system vlan 111-112
  description "System profile"
  state enabled
  port-profile type vethernet servers11
  vmware port-group
  switchport mode access
  switchport access vlan 11
  no shutdown
  description "Data Profile for VM Traffic"
  port-profile type ethernet vm-uplink
  vmware port-group
  switchport mode access
  switchport access vlan 11
  no shutdown
  description "Uplink profile for VM traffic"
  state enabled
  vdc VSM11 id 1
  limit-resource vlan minimum 16 maximum 2049
  limit-resource monitor-session minimum 0 maximum 2
  limit-resource vrf minimum 16 maximum 8192
  limit-resource port-channel minimum 0 maximum 768
  limit-resource u4route-mem minimum 32 maximum 32
  limit-resource u6route-mem minimum 16 maximum 16
  limit-resource m4route-mem minimum 58 maximum 58
  limit-resource m6route-mem minimum 8 maximum 8
  interface mgmt0
  ip address 10.1.240.124/24
  interface control0
  line console
  boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4a.bin sup-1
  boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4a.bin sup-1
  boot kickstart bootflash:/nexus-1000v-kickstart-mz.4.2.1.SV1.4a.bin sup-2
  boot system bootflash:/nexus-1000v-mz.4.2.1.SV1.4a.bin sup-2
  svs-domain
  domain id 1
  control vlan 111
  packet vlan 112
  svs mode L2
  svs connection vcenter
  protocol vmware-vim
  remote ip address 10.1.240.38 port 80
  vmware dvs uuid "c4 be 2c 50 36 c5 71 97-44 41 1f c0 43 8e 45 78" datacenter-n
  ame New Datacenter
  max-ports 8192
  connect
  vsn type vsg global
  tcp state-checks
  vnm-policy-agent
  registration-ip 0.0.0.0
  shared-secret **********
  log-level
  thank you
  Michel

• Cisco Nexus 1000V InterCloud

  Need download link for Cisco Nexus 1000V InterCloud

  We had a simliar issue with 5.2(1)SV3(1.3) and found this in the release notes:
  ERSPAN
  If the ERSPAN source and destination are in different subnets, and if the ERSPAN source is an L3 control VM kernel NIC attached to a Cisco Nexus 1000V VEM, you must enable proxy-ARP on the upstream switch.
  If you do not enable proxy-ARP on the upstream switch (or router, if there is no default gateway), ERSPAN packets are not sent to the destination.
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus1000/sw/5_x/release_notes/b_Cisco_N1KV_VMware_521SV313_ReleaseNotes.html#concept_652D9BADC4B04C0997E7F6C29A2C8B1F
  After enabling 'ip proxy-arp' on the upstream SVI it started working properly.

• Nexus 1000v port-channels questions

  Hi,
  I’m running vCenter 4.1 and Nexus 1000v and about 30 ESX Hosts.
  I’m using one system uplink port profile for all 30 ESX Host; On each of the ESX host I have 2 NICs going to a Catalyst 3750 switch stack (Switch A), and another 2 NICs going to another Catalyst 3750 switch stack (Switch B).
  The Nexus is configured with the “sub-group CDP” command on the system uplink port profile like the following:
  port-profile type ethernet uplink
  vmware port-group
  switchport mode trunk
  switchport trunk allowed vlan 1,800,802,900,988-991,996-997,999
  switchport trunk native vlan 500
  mtu 1500
  channel-group auto mode on sub-group cdp
  no shutdown
  system vlan 988-989
  description System-Uplink
  state enabled
  And the port channel on the Catalyst 3750 are configured like the following:
  interface Port-channel11
  description ESX-10(Virtual Machine)
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 500
  switchport trunk allowed vlan 800,802,900,988-991
  switchport mode trunk
  switchport nonegotiate
  spanning-tree portfast trunk
  end
  interface GigabitEthernet1/0/18
  description ESX-10(Virtual Machine)
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 500
  switchport trunk allowed vlan 800,802,900,988-991
  switchport mode trunk
  switchport nonegotiate
  channel-group 11 mode on
  spanning-tree portfast trunk
  spanning-tree guard root
  end
  interface GigabitEthernet1/0/1
  description ESX-10(Virtual Machine)
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 500
  switchport trunk allowed vlan 800,802,900,988-991
  switchport mode trunk
  switchport nonegotiate
  channel-group 11 mode on
  spanning-tree portfast trunk
  spanning-tree guard root
  end
  Now Cisco is telling me that I should be using MAC pinning when doing a trunk to two different stacks , and that each interface on 3750 should not be configured in a port-channel like above,  but should be configured as individual trunks.
  First question: Is the above statement correct, are my uplinks configured wrong?  Should they be configured individually in trunks instead of a port-channel?
  Second questions: If I need to add the MAC pinning configuration on my system uplink port-profile can I create a new system uplink port profile with the MAC pinning configuration and then move one ESX host (with no VM on them) one at a time to that new system uplink port profile? This way, I could migrate one ESX host at a time without outages to my VMs. Or is there an easier way to move 30 ESX hosts to a new system uplink profile with the MAC Pinning configuration.
  Thanks.

  Hello,
  From what I understood, you have the following setup:
       - Each ESX host has 4 NICS
       - 2 of them go to a 3750 stack and the other 2 go to a different 3750 stack
       - all 4 vmnics on the ESX host use the same Ethernet port-profile
            - this has 'channel-group auto mode on sub-group cdp'
       - The 2 interfaces on each 3750 stack are in a port-channel (just 'mode on')
  If yes, then this sort of a setup is correct. The only problem with this is the dependance on CDP. With CDP loss, the port-channels would go down.
  'mac-pinning' is the recommended option for this sort of a setup. You don't have to bundle the interfaces on the 3750 for this and these can be just regular trunk ports. If all your ports are on the same stack, then you can look at LACP. The CDP option would not be supported in the future releases. In fact, it is supposed to be removed from 4.2(1)SV1(2.1) but I still see the command available (ignore 4.2(1)SV1(4) next to it) - I'll follow up on this internally:
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_2_1_s_v_2_1_1/interface/configuration/guide/b_Cisco_Nexus_1000V_Interface_Configuration_Guide_Release_4_2_1_SV_2_1_1_chapter_01.html
  For migrating, the best option would be as you suggested. Create a new port-profile with mac-pinning and move one host at a time. You can migrate VMs off the host before you change the port-profile and can remove the upstream port-channel config as well.
  Thanks,
  Shankar

• VN-Link Hardware require Nexus 1000v yes or not?

  I have a problem about VN-Link Hardware. When i create port profile on UCS Manager and Create Port Profile Client then vCenter will create Port Group too. But when i apply network in Virtual Machine by select Port Group in vCenter i can't see Virtual Maching Guest in VM tab on UCS Manager.
  Finally question VN-Link Hardware require Nexus 1000v install on ESX yes or not? in UCS Manager GUI document say need require DVS Switch.

  Thank you for reply. I have successfully turn on VN-Link hardware by follow this video --> http://tinyurl.com/23p896k
  and i have install Nexus 1000v VEM in ESX for turn on VN-Link hardware.
  I need test performance of CNA Card (palo) and report to my CEO.
  - How to test it?
  - What is tool for test?
  PS.Sorry for English language

• Nexus 1000V - port-profile for VSM and VEM on same host

  Hello,
  I'm trying to run the VSM and VEM on the same host. At first I connected the VSM to the vSwitch. This works fine. Then I tried to move the VSM behind its own VEM.
  I have 3 different VLANs for management, control and packet traffic. Is it possible to connect the three VSM interfaces (management, control and packet) to only one port-profile, in which these three different VLANs are configured in a trunk? Or do I have to configure for each interface a separate port-profile, if I am using three different VLANs?
  Thanks
  Tobias

  Hello,
      The VSM does not emit VLAN-tagged frames. Therefore, its ports need to be configured in access mode. If your Control and Packet VLANs are the same, you could use the same port profile for both.
  Please make sure that the access VLAN is a system VLAN for all three ports.
  On a related note, if the VSM's storage is on NFS or iSCSI, the storage vmknic needs a system port profile as well. More info at:
  http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0_4_s_v_1_3/getting_started/configuration/guide/n1000v_gsg_5vsm_behind_vem.html

• Firewall between Nexus 1000V VSM and vCenter

  Hi,
  Customer has multiple security zones in environment, and VMware vCenter is located in a Management Security Zone. VSMs in security zones have dedicated management interface facing Management Security Zone with firewall in between. What ports do we need to open for the communication between VSMs and vCenter? The Nexus 1000V troubleshooting guide only mentioned TCP/80 and TCP/443. Are these outbound from VSM to vCenter? Is there any requirements from vCenter to VSM? What's the best practice for VSM management interface configuration in multiple security zones environment? Thanks.

  Avi -
  You need the connection between vCenter and the VSM anytime you want to add or make any changes to the existing port-profiles.  This is how the port-profiles become available to the virtual machines that reside on your ESX hosts.
  One problem when the vCenter is down is what you pointed out - configuration changes cannot be pushed
  The VEM/VSM relationship is independent of the VSM/vCenter connection.  There are separate VLANs or L3 interfaces that are used to pass information and heartbeats between the VSM and its VEMs.
  Jen

• Nexus 1000V VMotion between 2 different 1KV Switches

  Hello Virtual Experts,
  I was informed that you cannot Vmotion from one N1kv in one domain ID instance to another N1kv in a different domain ID. 
  As I understand, every Nexus 1000v switch needs to be in its own domain. 
  If this is the case, how does Cisco facilitate VMotion between switches?  How does Cisco facilitate long range Vmotion?
  Any response is much appreciated.
  /r
  Rob

  Robert,
  You are correct, just as with any vDS and a standard vSwitch you can't VMotion them between (while the Network interfaces are connected anyway).  VMotion will fail the Network Port Group validation.  The networking is what is tripping you up here, and it's not specific to Cisco, it's a VMware validation requirement.
  With long distance vMotion, the VMs are still part of the same DVS so there's no issue here. 
  You have a couple options here.
  1. You can do a cold migration, then re-assign the network binding on the destination switch.  This would require VM downtime.
  2. If going from a Host connected to a vDS to a Host using a vSwitch, you can create a temporaty vSwitch on the source host, create the Port Group with the same name as the Destination host's Port Group, give it an uplink and then migrate it that way from there.  This can be done online w/o downtime of the VM.
  Not sure of any other methods, but if anyone else has an idea, feel free to share!
  Regards,
  Robert

• Nexus 1000v VSM can't comunicate with the VEM

  This is the configuration I have on my vsm
  !Command: show running-config
  !Time: Thu Dec 20 02:15:30 2012
  version 4.2(1)SV2(1.1)
  svs switch edition essential
  no feature telnet
  banner motd #Nexus 1000v Switch#
  ssh key rsa 2048
  ip domain-lookup
  ip host Nexus-1000v 172.16.0.69
  hostname Nexus-1000v
  errdisable recovery cause failed-port-state
  vem 3
    host vmware id 78201fe5-cc43-e211-0000-00000000000c
  vem 4
    host vmware id e51f2078-43cc-11e2-0000-000000000009
  priv 0xa2cb98ffa3f2bc53380d54d63b6752db localizedkey
  vrf context management
    ip route 0.0.0.0/0 172.16.0.1
  vlan 1-2
  port-channel load-balance ethernet source-mac
  port-profile default max-ports 32
  port-profile type ethernet Unused_Or_Quarantine_Uplink
    vmware port-group
    shutdown
    description Port-group created for Nexus1000V internal usage. Do not use.
    state enabled
  port-profile type vethernet Unused_Or_Quarantine_Veth
    vmware port-group
    shutdown
    description Port-group created for Nexus1000V internal usage. Do not use.
    state enabled
  port-profile type ethernet vmware-uplinks
    vmware port-group
    switchport mode trunk
    switchport trunk allowed vlan 1-3967,4048-4093
    channel-group auto mode on
    no shutdown
    system vlan 2
    state enabled
  port-profile type vethernet Management
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  port-profile type vethernet vMotion
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  port-profile type vethernet ServidoresGestion
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  port-profile type vethernet L3-VSM
    capability l3control
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    system vlan 2
    state enabled
  port-profile type vethernet VSG-Data
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  port-profile type vethernet VSG-HA
    vmware port-group
    switchport mode access
    switchport access vlan 2
    no shutdown
    state enabled
  vdc Nexus-1000v id 1
    limit-resource vlan minimum 16 maximum 2049
    limit-resource monitor-session minimum 0 maximum 2
    limit-resource vrf minimum 16 maximum 8192
    limit-resource port-channel minimum 0 maximum 768
    limit-resource u4route-mem minimum 1 maximum 1
    limit-resource u6route-mem minimum 1 maximum 1
  interface mgmt0
    ip address 172.16.0.69/25
  interface control0
  line console
  boot kickstart bootflash:/nexus-1000v-kickstart.4.2.1.SV2.1.1.bin sup-1
  boot system bootflash:/nexus-1000v.4.2.1.SV2.1.1.bin sup-1
  boot kickstart bootflash:/nexus-1000v-kickstart.4.2.1.SV2.1.1.bin sup-2
  boot system bootflash:/nexus-1000v.4.2.1.SV2.1.1.bin sup-2
  svs-domain
    domain id 1
    control vlan 1
    packet vlan 1
    svs mode L3 interface mgmt0
  svs connection vcenter
    protocol vmware-vim
    remote ip address 172.16.0.66 port 80
    vmware dvs uuid "ae 31 14 50 cf b2 e7 3a-5c 48 65 0f 01 9b b5 b1" datacenter-n
  ame DTIC Datacenter
    admin user n1kUser
    max-ports 8192
    connect
  vservice global type vsg
    tcp state-checks invalid-ack
    tcp state-checks seq-past-window
    no tcp state-checks window-variation
    no bypass asa-traffic
  vnm-policy-agent
    registration-ip 172.16.0.70
    shared-secret **********
    policy-agent-image bootflash:/vnmc-vsmpa.2.0.0.38.bin
    log-level
  for some reason my vsm can't the the vem. I could before, but then my server crashed without doing a copy run start and when it booted up all my config but the uplinks was lost.
  When I tried to configure the connection again it wasn't working.
  I'm also attaching a screen capture of the vds
  and a capture of the regular switch.
  I will appreciate very much any help you could give me and will provide any configuration details that you might need.
  Thank you so much.

  Carlos,
     Looking at vds.jpg, you do not have any VEM vmkernel interface attached to port-profile L3-VSM. So fix VSM-VEM communication problem, you either migrate your VEM management vmkernel interface to L3-VSM port-profile of the vds, or create new VMkernel port on your VEM/host and attach it to L3-VSM port-profile.

• Can a Nexus 1000v be configured to NOT do local switching in an ESX host?

  Before the big YES, use an external Nexus switch and use VN-Tag. The question is when there is a 3120 in a blade chassis that connects to the ESX hosts that have a 1000v installed on the ESX host. So, first hop outside the ESX host is not a Nexus box.
  Looking for if this is possible, if so how, and if not, where that might be documented. I have a client who's security policy prohibits switching (yes, even on the same VLAN) within a host (in this case blade server). Oh and there is an insistance to use 3120s inside the blade chassis.
  Has to be the strangest request I have had in a while.
  Any data would be GREATY appreciated!

  Thanks for the follow up.
  So by private VLANs, are you referring to "PVLAN":
  "PVLANs: PVLANs are a new feature available with the VMware vDS and the Cisco Nexus
  1000V Series. PVLANs provide a simple mechanism for isolating virtual machines in the
  same VLAN from each other. The VMware vDS implements PVLAN enforcement at the
  destination host. The Cisco Nexus 1000V Series supports a highly efficient enforcement
  mechanism that filters packets at the source rather than at the destination, helping ensure
  that no unwanted traffic traverses the physical network and so increasing the network
  bandwidth available to other virtual machines"

• Nexus 1000v: Control VLAN must be same VLAN as ESX hosts?

  Hello,
  I'm trying to install nexus 1000v and came across the below prerequisite.
  The below release notes for Nexus 1000v states
  VMware and Host Prerequisites
  The VSM VM control interface must be on the same Layer 2 VLAN as the ESX 4.0 host that it manages. If you configure Layer 3, then you do not have this restriction. In each case however, the two VSMs must run in the same IP subnet.
  What I'm trying to do is to create 2 VLANs - one for management and the other for control & Data (as per latest deployment guide, we can put control & data in the same vlan).
  However, I wanted to have all ESX host management same VLAN as the VSM management as well as the vCenter Management. Essentially, creating a management network.
  However, from the above "VMWare and Host Prerequisites", does this means I cannot do this?
  I need to have the ESX host management same VLAN as the control VLAN?
  This means that my ESX host will reside in a different VLAN than my management subnet?
  Thanks...

  Control vlan is a totally seperate VLAN then your System Console. The VLAN just needs to be available to the ESX host through the upstream physical switch and then make sure the VLAN is passed on the uplink port-profile that you assign the ESX host to.
  We only need an interface on the ESX host if you decide to use L3 control. In that instance you would create or use an existing VMK interface on the ESX host.

• Nexus 1000V overdraft license - How to force the vem to change from an overdraft to a permanent license

  Hi all,
  We installed a new VEM module on the N1K. As we did not had enough installed licenses at this time, the vem took 2 overdraft licenses.
  Now, another vem has been removed from the VSM and then, we recovered those 2 licenses from the removed Vem to the license-pool.
  Is it a way to force the vem ( currently using the overdraft licenses) to use the 2 licenses from the pool without service disruption.
  Thanks a lot.
  Regards.
  Frédéric

  Hi Frédéric,
  You could migrate the VMs off that host, do the license procedure, then move the VMs back.
  Thanks,
  Joe