Nexus 7000 with VPC and HSRP Configuration
Hi Guys,
I would like to know how to implement HSRP with the following setup:
There are 2 Nexus 7000 connected with VPC Peer link. Each of the Nexus 7000 has a FEX attached to it.
The server has two connections going to the FEX on each Nexus 7k (VPC). FEX's are not dual homed as far as I now they are not supported currently.
R(A) R(S)
| |
7K Peer Link 7K
| |
FEX FEX
Server connected to both FEX
The question is we have two routers connected to each of the Nexus 7k in HSRP (active and one is standby). How can I configure HSRP on the nexus switches and how the traffic will routed from the Standby Nexus switch to Active Nexus switch (I know HSRP works differently here as both of them can forward packets). Will the traffic go to the secondary switch and then via the peer link to the active switch and then to the active router ? (From what I read the packet from end hosts which will go via the peer link will get dropped)
Has anyone implemented this before ?
Thanks
Hi Kuldeep,
If you intend to put those routers on a non-vpc vlan, you may create a new inter-switch trunk between the N7K and allow that non-vpc vlan . However if those will be on a VPC vlan, best to create two links to the N7K pair and create a VPC, otherwise configure those ports as orphan ports which will leverage the VPC peer link .
HTH
Jay Ocampo
Similar Messages
-
Multicast: duplicated packets on nexus 7k with vpc and HSRP
Hi guys,
I'm testing multicast deployment on the lab shown below. The sender and the receiver are connected to the 6500 in two different vlans. The sender is in vlan 23 and the reciever in vlan 500. They are connected to the 6500 with a trunk link. There is VPc between the two nexus 7k and the 6500.
Furthermore, there is HSRP running on the two vlan interface 23 and 500 on both nexus.
I have configured the minimum to use PIM-SM with static RP. The RP is the 3750 above the nexus. (*,G) and (S,G) states are created correctly.
IGMP snopping is enabled on 6500, and the two nexus.
I'm using iperf to generate my flow, and netflow and snmp to monitor what happens.
All works correctly, my receiver receive the flow and it takes the good route. My problem is that I have four times more multicast traffic on the vlan interface 500 on both nexus but this traffic is only sent one time to the receiver (which is the good comportment) and the rest of the traffic is not shown on any other physical interface in outbound.
Indeed, I'm sending one flow, the two nexus receive it (one from peer link and the other from the 6500) in the vlan 23 (for example 25 packets inbound).
But when the flow is routed in the vlan 500, there is 100 packets on each interface vlan 500 on each nexus in outbound.
And when monitoring all physical interfaces, I only see 25 packets outbound on the interface linked with the receiver and the overflow isn't outgone.
I have joined the graphs I obtain on one of the nexus for the vlan 23 and the vlan 500. Netflow says the same things in bits/s.
Had someone already seen that? Any idea about the duplication of the packets?
Thanks for any comment,
Regards,
Configuration:
Nexus 1: n7000-s1-dk9.5.2.7.bin, 2 SUP1, 1 N7K-M132XP-12, 1 N7K-M148GS-11
Nexus 2: n7000-s1-dk9.5.2.7.bin, 2 SUP1, 1 N7K-M132XP-12, 1 N7K-M148GS-11
6500: s72033-adventerprisek9_wan-mz.122-33.SXI5.bin (12.2(33)SXI5)
3750: c3750-ipservicesk9-mz.122-50.SE5.bin (12.2(50)SE5)Hi Kuldeep,
If you intend to put those routers on a non-vpc vlan, you may create a new inter-switch trunk between the N7K and allow that non-vpc vlan . However if those will be on a VPC vlan, best to create two links to the N7K pair and create a VPC, otherwise configure those ports as orphan ports which will leverage the VPC peer link .
HTH
Jay Ocampo -
Nexus 7000, 2000, FCOE and Fabric Path
Hello,
I have a couple of design questions that I am hoping some of you can help me with.
I am working on a Dual DC Upgrade. It is pretty standard design, customer requires a L2 extension between the DC for Vmotion etc. Customer would like to leverage certain features of the Nexus product suite, including:
Trust Sec
VDC
VPC
High Bandwidth Scalability
Unified I/O
As always cost is a major issue and consolidation is encouraged where possible. I have worked on a couple of Nexus designs in the past and have levergaed the 7000, 5000, 2000 and 1000 in the DC.
The feedback that I am getting back from Customer seems to be mirrored in Cisco's technology roadmap. This relates specifically to the features supported in the Nexus 7000 and Nexus 5000.
Many large enterprise Customers ask the question of why they need to have the 7000 and 5000 in their topologies as many of the features they need are supported in both platforms and their environments will never scale to meet such a modular, tiered design.
I have a few specific questions that I am hoping can be answered:
The Nexus 7000 only supports the 2000 on the M series I/O Modules; can FCOE be implemented on a 2000 connected to a 7000 using the M series I/O Module?
Is the F Series I/O Module the only I/O Module that supports FCOE?
Are there any plans to introduce the native FC support on the Nexus 7000?
Are there any plans to introduce full fabric support (230 Gbps) to the M series I/O module?
Are there any plans to introduce Fabric path to the M series I/O module?
Are there any plans to introduce L3 support to the F series I/O Module?
Is the entire 2000 series allocated to a single VDC or can individual 2000 series ports be allocated to a VDC?
Is Trust Sec only support on multi hop DCI links when using the ASR on EoMPLS pwire?
Are there any plans to inroduce Trust Sec and VDC to the Nexus 5500?
Thanks,
ColmHello Allan
The only IO card which cannot co-exist with other cards in the same VDC is F2 due to specific hardware realisation.
All other cards can be mixed.
Regarding the Fabric versions - Fabric-2 gives much bigger throughoutput in comparing with Fabric-1
So in order to get full speed from F2/M2 modules you will need Fab-2 modules.
Fab2 modules won't give any advantages to M1/F1 modules.
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/data_sheet_c78-685394.html
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/prodcut_bulletin_c25-688075.html
HTH,
Alex -
Peer-Switch with vPC and non-vPC Vlan Port-Channels
Hi,
in a design guide i have noticed that it is best practice to split vPC and non-vPC vlans on different inter-switch port-channels. Now, if i want to use the Peer-Switch function, but the port-channel interface of the non-vPC-vlan channel moves into blocking state. The option spanning-tree pseudo-information has no influence. Is peer-switch possible in my kind of topology?
Greeting,
StephanI believe absolutly possible. specifically coz peer-switch and spt pseudo-info are specific and local to cisco fabric services running as part of vpc technology. Personally me has lab with vpc-domain compounded of 2 N5Ks. They are peer-switches with spt-pseudoinfo and they have MST running on non VPC links independantly from vpc.
-
Jboss with mapviewer and network configuration.
Hello All,
developped succesfully an application piece with mapviewer and network (10.x) ndm on OAS.
Now should integrate in solution running on JBoss 4.0.5.
First problem arises when cannot reach new mapviewer html admin pages.
Anybody has experience on this?
Thank you,
DavidThank you again Justin.
I think I'm getting closer but not working yet.
Was missing the step you pointed out.
Used succesfully the AdfInstaller from OTN after copying the 36 lib files to JBOSS_HOME/server/default/lib.
But can't run /mapviewer/faces/home.jspx yet.
Next I post errors for before (a) and after (b) having deleted folder jboss\server\default\deploy\jbossweb-tomcat55.sar\jsf-libs [Understood this as equivalent step from doc "JBoss Deployment Notes" although written for version 4.0.3]
Also tried to delete folders tmp, log and data, but get same error.
(A)
Error raised on executing
/mapviewer/faces/home.jspx
org.apache.jasper.JasperException
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:395)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:322)
On the log at the jboss cmd prompt:
22:22:08,421 ERROR [STDERR] Thu Dec 06 22:22:08 CET 2007 INFO [oracle.lbs.mapcac
he.mcservlet] *** Oracle MapCacheServer started. ***
22:22:55,812 ERROR [UIComponentTag] Faces context not found. getResponseWriter w
ill fail. Check if the FacesServlet has been initialized at all in your web.xml.
22:22:55,953 ERROR [[jsp]] Servlet.service() for servlet jsp threw exception
java.lang.NullPointerException
at javax.faces.webapp.UIComponentTag.setupResponseWriter(UIComponentTag.
java:929)
at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:310)
(B)
Error raised on executing
/mapviewer/faces/home.jspx
org.apache.jasper.JasperException: org.apache.myfaces.taglib.core.ViewTag
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810
On the log at the jboss cmd prompt:
22:50:56,156 INFO [STDOUT] INFO [oracle.lbs.mapserver.core.MapperConfig] settin
g logging level to error
22:51:01,859 ERROR [STDERR] Thu Dec 06 22:51:01 CET 2007 INFO [oracle.lbs.mapcac
he.mcservlet] *** Oracle MapCacheServer started. ***
22:51:47,687 ERROR [[jsp]] Servlet.service() for servlet jsp threw exception
java.lang.NoClassDefFoundError: org.apache.myfaces.taglib.core.ViewTag
at org.apache.jsp.home_jspx._jspx_meth_f_view_0(home_jspx.java:137)
at org.apache.jsp.home_jspx._jspService(home_jspx.java:118)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper
.java:334)
22:51:47,687 ERROR [[Faces Servlet]] Servlet.service() for servlet Faces Servle
threw exception
java.lang.NoClassDefFoundError: org.apache.myfaces.taglib.core.ViewTag
at org.apache.jsp.home_jspx._jspx_meth_f_view_0(home_jspx.java:137)
at org.apache.jsp.home_jspx._jspService(home_jspx.java:118)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
Also would like to solve error related to georaster that seems a missing class:
22:58:42,343 ERROR [STDERR] Exception in thread "Thread-81"
22:58:42,343 ERROR [STDERR] java.lang.NoClassDefFoundError: javax/media/jai/Data
BufferFloat
22:58:42,359 ERROR [STDERR] at oracle.sdovis.theme.GeoRasterThemeProducer.pr
epareData(GeoRasterThemeProducer.java:577)
22:58:42,359 ERROR [STDERR] at oracle.sdovis.GeoRasterTheme.prepareData(GeoR
asterTheme.java:90)
22:58:42,359 ERROR [STDERR] at oracle.sdovis.LoadThemeData.run(LoadThemeData
.java:66)
Regards,
David -
Nexus 7000 - Moving vPC keep alive
We have two Nexus 7010 switches running a vPC domain between the two switches. On one of the 7010B, the peer keep alive (from the mgmt VRF) is connected to a 3560B *and* that 3560B also has a data connection back to the same 7010B. Everything is fine with that setup.
Our second 7010A, the peer keep alive link is also connected to a coresponding 3560A switch. However, that 3560A switch is not connected to 7010A.
I want to move the uplink from the 3560A from where it is to the 7010A which will break the keep alive. However, I will not be breaking the vPC peer link as it is a pair of 10G connections between the two 7010 switches.
I have read that the vPC won't come up unless the peer keep alive is present, but it wasn't clear about taking down the keep alive link momentarily. Moving the cable would be quick, but I know the mac table will need to update since 7010B switch will now see the keep alive across it's peer link instead of some other direction.
Can I take the peer keep alive link down providing the peer link stays up?
We are running kickstart and system version 5.0(3).
Thanks!
/alanPeer keepalive works on UDP port 3200 over IP with 1 sec interval and 5 sec timeout.
Iit is not requirement to have peer-keepalive destination IP in same subnet but if you do not have it in same subnet then you need to make sure you route it properly and your IP routed infrastructure that carries keeplive satisfies above requirement to make sure not a single event cause on that IP infrastructure causes keeplives to loose packets since peer-keepalive is UDP it is not reliable delivery method.
Recommendation in past i heard was to use your managemet ports as peer-keepalive. But one problem happens during ISSU with dual sup, the each supervisor reboots and after it comes up role of active and standby gets switch at the end. So If you did not connect two managment ports(one from each supervisor) to your management network then you will loose keepalives during software upgrade because supervisor switch over occurs and new maangement port becomes active.
So second recomendation is to create one peer-keepalive vrf so that it will have its own address space, if you have M1 1 gig card in each switch then connect one cable between switch and assign IP address (like 1.1.1.1-2/30) and put it in peer-keepalive vrf. With this set up during ISSU you do not loose peer keepalives because line cards does not need to reboot and your peer-keepalive UDP traffic will not depend on any other switch or router. -
Problem with internet and mail configuration(From France)
Hey x)
I just got my Blackberry yesterday (I'm from France) with Universal Mobile- Bougues Telecome, forfait bloqué pour BlackBerry.
In that "package" i have SMS/mms ,internet and emails unlimited.
But i can't go to internet , its not working and when I'm trying to configure the mail option in "advanced option" , I don't have any kind of confirmation message.
I tried on the website but I got that error message:
"Cannot create account:
This BlackBerry(R) device is not registered with your wireless service provider.
Please register this device and verify that the URL of the current web site matches
the one provided by your wireless service provider.
To register:
1. In the Application list on your device, click Options, or click Settings Options.
2. Click Advanced Options > Host Routing Table.
3. Click the Menu key and click Register Now.
If the error persists, contact your wireless service provider."
And so as I said, I did that manipulation but I don't have a confirmation when I put "host routing table".
And In the email configuration I just have the professional thing.
Can you please help me ?Do you have a BlackBerry Data Plan enabled on your account with your carrier or mobile provider?
You must, in order to get the RIM push email functions you are looking for, as well as addtional BlackBerry data services such as the internet browser, Facebook for BlackBerry, BlackBerry Messenger, and much more.
So, call your carrier and inquire about having the BlackBerry Data Plan added to your account.
Good luck.
1. If any post helps you please click the below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes
Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
Need some help with WM and gkt configuration
Hello everybody.
I've installed Arch Linux few days ago and currently I'm having a problem with gtk apps. It's the classic problem that they look ugly under fluxbox, my WM. I've tried to put this on ~/.xinitrc:
exec fluxbox
# load this to have gtk2 apps look ok
GSDPID=`pidof gnome-settings-daemon`
if [ "x$GSDPID" == "x" ]; then
gnome-settings-daemon &
fi
or:
# load this to have gtk2 apps look ok
GSDPID=`pidof gnome-settings-daemon`
if [ "x$GSDPID" == "x" ]; then
gnome-settings-daemon &
fi
exec fluxbox
And nothing happened. I'm sure it's an easy issue to solve, but I'm stuck here with this. Thank you for reading and thank you for your help.
EDIT: I still have some time to lose on my laptop so can you recomend me which minimalist WM is better??
Last edited by xlasttrainhomex (2008-10-05 11:49:15)I highly recommend Openbox. It doesn't provide you a panel like Fluxbox does, so you'll need to find yourself a panel - if you're lost for choice I can recommend tint2 and bmpanel as starters.
Anyway, Openbox has session configurations for both GNOME and KDE, meaning that while GNOME will be sitting under all your applications, will try to manage your desktop, will try to launch panels, etc etc etc, Openbox will be managing your windows, and you can turn off whatever you don't want anyway - I have a highly configured, customized Openbox setup that gives me no indication except in my process listing that I'm using the GNOME session manager: the splash is disabled, Nautilus doesn't try to manage my desktop, I have no GNOME panels, and so on.
-dav7 -
Nexus 7000 - Fabric Failure and VOQ
I have been doing some research on the Nexus 7k and from what i am reading the following occurs:
1. Fabric Module Failure - Causes all traffic sent across that fabric modules crossbar to be lost
2. VOQ - protects against lack of buffer availability on the egress interface
Neither of these provide reliable transmission over the crossbar or acknowledgement of data crossing the crossbar fabric.
So my question is, if i have storage traffic (unicast based FCIP) that is crossing the fabric when a fabric module fails, is my understanding correct, that those frames are lost on the portion of the fabric that is controlled by the failed fabric module?
Even though the main fabric itself is intact for other traffic, this still means that I have loss in what is supposed to be a system built for zero-loss to support storage traffic.
Am i way off here or is this accurate.
Thanks.Thanks for the response. From what i have read the control plane and data plane are completely isolated in the nexus 7k. The supervisor modules control the control plane and the central arbiter and the fabric modules handle the VOQ and the xbar communication.
It works like this as i understand it:
1. packet arrives at the ingress of a line card and is passed on the port asic
2. port asic does its thing and forwards the packet to the replication engine
3. rep engine passes the packet onto the L2 and L3 Forwarding engines - they do their dance and pass the packet on to the fabric engine
4. Fabric Engine and VOQ mgmr consults the central arbiters to get credits to send traffic on the fabric
5. Central Arbiter checks the egress line card to ensure buffer space is available. If its available it grants credit to the fabric engine and VOQ engine to send the packet on the fabric.
The fabric crossbar is BW is determined by the amount of fabric modules installed - 1 FM = 23Gbs x 2. When 2 or more FM are installed to create more Fabric BW, they forwarding across the fabric for unicast traffic acts like a Etherchannel and performs some sort of hashing algorithm to send the packet across the fabric.
Lets say you have a 9216Byte packet and 3 Fabric modules installed. From what i am reading the packet would be broken up into 4 packets, around 2304 Bytes each (i think they might be 2460 can't recall), and passed across the fabric.
So you have 1 large packet, fragmented across the fabric cards, sent to the destination IO card.
While in transit, lets say one of the fabric Modules in the LB group dies. my understanding is the traffic on the trace goes with it.
The traffic is lost in this case since there is no acknowledgement of traffic sent across the fabric. I would think in a high bandwidth situtation this could be a lot of traffic, considering the speeds we are talking about here.
Is this a possibility or am i missing some redundancy here that will protect the traffic that would be lossed crossing the fabric?
Is this the case on the 65k as well for traffic crossing the fabric?
Thanks in advance.
Mike -
Problems with SVN and sync configuration
Hello,
I'm struggling with two 'features' of DW CS5.
The first is the following behavior of the integrated SVN-client in DW.
On every startup of the program DW sets the SVN-property to ignore the _notes directories (in wich DW stores the sync-information) to all the folders of my sites. I set the global property in my local SVN-client to ignore those anyway, because I don't want the property in the folders of my repositories. Is there any way to say DW to NOT set this property itself? It's really annoying to delete the property every day...
The second is when I have to start a sync to the remote-/testserver DW always marks all the files where just the date is different to mine but the content is the same. When a colleague is updating/sync'ing a whole site, with his IDE (not DW), all the files and folders get a new date and DW wants me to sync all these (10k files and growing...). That gets a little time intensive after a while. Is there a way to say DW to ignore the date of the file like in nearly every other sync-tool?
Thanks for your answer(s),
cTry this Re: Wi-Fi Sync not working in iOS 5
-
ESXi 4.1 NIC Teaming's Load-Balancing Algorithm,Nexus 7000 and UCS
Hi, Cisco Gurus:
Please help me in answering the following questions (UCSM 1.4(xx), 2 UCS 6140XP, 2 Nexus 7000, M81KR in B200-M2, No Nexus 1000V, using VMware Distributed Switch:
Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000?
Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned?
Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct?
Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES?
I would really appreciate if someone can help me clear these lingering doubts of mine.
God Bless.
SiMSim,
Here are my thoughts without a 1000v in place,
Q1. For me to configure vPC on a pair of Nexus 7000, do I have to connect Ethernet Uplink from each Cisco Fabric Interconnect to the 2 Nexus 7000 in a bow-tie fashion? If I connect, say 2 10G ports from Fabric Interconnect 1 to 1 Nexus 7000 and similar connection from FInterconnect 2 to the other Nexus 7000, in this case can I still configure vPC or is it a validated design? If it is, what is the pro and con versus having 2 connections from each FInterconnect to 2 separate Nexus 7000? //Yes, for vPC to UCS the best practice is to bowtie uplink to (2) 7K or 5Ks.
Q2. If vPC is to be configured in Nexus 7000, is it COMPULSORY to configure Port Channel for the 2 Fabric Interconnects using UCSM? I believe it is not. But what is the pro and con of HAVING NO Port Channel within UCS versus HAVING Port Channel when vPC is concerned? //The port channel will be configured on both the UCSM and the 7K. The pro of a port channel would be both bandwidth and redundancy. vPC would be prefered.
Q3. if vPC is to be configured in Nexus 7000, I understand there is a limitation on confining to ONLY 1 vSphere NIC Teaming's Load-Balancing Algorithm i.e. Route Based on IP Hash. Is it correct? //Without the 1000v, I always tend to leave to dvSwitch load balence behavior at the default of "route by portID".
Again, what is the pro and con here with regard to application behaviours when Layer 2 or 3 is concerned? Or what is the BEST PRACTICES? UCS can perform L2 but Northbound should be performing L3.
Cheers,
David Jarzynka -
With Vignesh R. P.
Welcome to the Cisco Support Community Ask the Expert conversation.This is an opportunity to learn and ask questions of Cisco expert Vignesh R. P. about the Cisco® Nexus 7000 Series Switches and support for the Cisco NX-OS Software platform .
The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.
Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.
Remember to use the rating system to let Vignesh know if you have received an adequate response.
Vignesh might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum shortly after the event. This event lasts through through January 18, 2013. Visit this forum often to view responses to your questions and the questions of other community members.Hi Vignesh
Is there is any limitation to connect a N2K directly to the N7K?
if i have a an F2 card 10G and another F2 card 1G and i want to creat 3 VDC'S
VDC1=DC-Core
VDC2=Aggregation
VDC3=Campus core
do we need to add a link between the different VDC's
thanks -
Nexus 5000 vpc and fabricpath considerations
Hello community,
I'm currently in the process of implementing a fabricpath environment which includes Nexus 5548UP as well Nexus 7009
NX OS on N5K is 6.0(2)N1(2)
Regarding the FP config on the N5K I wonder what is the best practice for the peer-link. Is it necessary to configure the Portchannel like below:
interface port-channel2
description VPC+ Peer Link
switchport mode fabricpath
spanning-tree port type network
vpc peer-link
There are several VLANs configured as FP.
As I understand we can remove the command:
spanning-tree port type network
Can anyone confirm this ?
Also I noticed a "cosmetic" problem. On two port 1/9 and 1/10 on both N5K it isn't possible to execute the command "speed"?!
When the command speed is executed I receive the following error:
ERROR: Ethernet1/9: Configuration does not match the port capability
Also please notice after the vPC and FP configuration we don't do a reload!
Thanks
UdoHi Simon -
Have done some testings in the lab on ISSU with FEXes either in Active/Active and Straight-through fashion, and it works.
Disabling BA on N5K(except the vPC peer link) is one of the requirements for ISSU .
In a lately lab testing with the following topo, BA is configured on the vpc 101 between the N5Ks and Cat6k. We have a repeated regular ping between the SVI interfaces of c3750 and Cat6K.
c3750
||
vPC
||
N5K =====vPC====== N5K
||
vpc 101
||
Cat6k
When we changed the network type to disable BA, we observed some ping drops, which around 20-30.
I am not sure what your network looks like, hopefully this will give you some ideas about the ISSU. As a general recommendation, schedule a change window for some changes or even ISSU.
regards,
Michael -
Smart call home - HTTPS transport from the Nexus 7000 to Cisco
hi
i try configured call home on nexus 7000 with https transport and proxy server
i follow this guide -
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/QuickStart_NX7000.pdf
and configured this :
callhome
email-contact XXXXXXXXXXX
phone-contact XXXXXXXXXXX
streetaddress XXXXXXXXXXXXXXXX
destination-profile CiscoTAC-1 transport-method http
destination-profile CiscoTAC-1 http https://tools.cisco.com/its/service/oddce/services/DDCEService
transport http use-vrf management
transport http proxy server XXXXXXXXXX port 8080 --------- XXXXXXXXX = my proxy server
transport http proxy enable
enable
periodic-inventory notification interval 30
i have a problem to install the security certificate , i follow thw guide but i get the error :
failed to load or parse certificate
could not perform CA authentication
when i try test call home eith the command : callhome test
trying to send test callhome message
warning:no callhome message sent
email configuration incomplete for destination profile:full_txt
email configuration incomplete for destination profile:short_txt
Error in transporting http message for CiscoTAC-1
http: Received HTTP code 407 from proxy after CONNECT
i guess the problem is because i didnt install the certificate , how can i install the certificate ?
is this the real problem ?I agree with Bryan that the easiest proxy server to setup for the nexus 7000 is the Transport Gateway. The documentation (certificates) is setup to allow you to connect to a Cisco Transport Gateway or directly into tools.cisco.com. Both have a Cisco certificate.
But that doesn't explain your issue. To answer your issue, you need to look here
http://www.cisco.com/en/US/docs/switches/lan/smart_call_home/SCH31_Ch6.html#wp1039385
except you need your proxy server's chained certificate in PEM format since the Nexus 7000 is going to terminate at your proxy server. Take a look at this line in the documentation.
Input (cut & paste) the CA certificate (chain) in PEM format
The error code 407 you indicated makes sense and indicates "Proxy Authentication Required". You need the certificate installed first. NX-OS uses the openssl crypto library to implement the cert-pki feature if that helps. A complete certificate chain is required. Also, you might make sure the CRL (certificate revocation list) is set to none so it doesn't do that first.
revocation-check none
The 4 chained certificates given in the documentation are tools.cisco.com.cer, Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer. The non-nexus 7000 devices just use the last one. Most likely you need a certificate that looks like
your proxy server.cer,Verisign-G3-SSCA.cer, Verisign-G3-PRCA.cer, Verisign-Root-CA.cer
If you are using your own root CA (which typically are taken off-line after authorizing subordinate CAs for security reasons) , then make sure that their certificates are in the correct order to be processed so each can be authenticated.
Now you can see why a Cisco proxy server (Transport Gateway) is easier to setup. -
Hi all,
A few months ago I have configured netflow on a Nexus 7000 with NX-OS version 6.0.2.
This was my config:
flow exporter Fluke_NetflowTracker
description export netflow to Fluke_NetflowTracker
destination x.x.x.x use-vrf management
transport udp 2055
source mgmt0
version 9
flow exporter Fluke_Optiview
description export netflow to Fluke_Optiview
destination x.x.x.x transport udp 2055
source Vlanx
version 9
flow monitor MonitorTrafficToFluke
record netflow-original
exporter Fluke_NetflowTracker
exporter Fluke_Optiview
This flow was activated on some SVI's. "ip flow monitor MonitorTrafficToFluke input"
Recently we have upgraded the NX-OS to version 6.1.3. The netflow keeps on working, but the syntax of the netflow configuration has changed. Now you have to add a sampler as well.
So I have created the following sampler.
sampler NetFlow-Sampler
description Netflow Sampler
mode 1 out-of 1000
When I want to update the current configuration with the sampler I can't adapt or remove the existing netflow configuration on the SVI.
NK7(config-if)# no ip flow monitor MonitorTrafficToFluke input
ERROR: A sampler must be configured for an interface on an F2 card
NK7(config-if)# ip flow monitor MonitorTrafficToFluke input sampler NetFlow-Sampler
An additional 1:100 sampler, over the configured sampler is applicable for F2 ports
Error: Sampler can not be changed on Interface Vlanx. Remove flow monitor first.
ERROR: Command has failed
How do I update or remove the existing configuration on the SVI.
I want the config to be "ip flow monitor MonitorTrafficToFluke input sampler NetFlow-Sampler"
Thank you,
Best Regards,
JorisHi Joris,
Try no feature netflow under the interface and try to re-apply the whole configs. Since its a F2 we dont support config changes until 6.2(2) only way is to remove the configs using no feature netflow and re-applying it.
Thanks,
Richard.
*Rate if its useful
Maybe you are looking for
-
Timeout of session / entity bean
Hi all We are facing "RollbackException: The transaction has been marked for rollback (timed out)" excpetion. please help us in resolving this. Here is problem description. Code Description: Step1: Action class calls Session bean Step2:Session Bean d
-
Select data from another database
Hi, Is it possible to retrieve data from a table from another database? For instance, I have two databases db_1 and db_2 I login to the database db_1 using sqlplus username/psw@db1 and to the database db_2 using sqlplus username/psw@db2 In SQL> db1 I
-
My mac won't recognize an external monitor. The screen Goes Blue Once, then goes blue again and the second monitor just turns off. I am using an HDMI adapter to a visio TV. I also have my xbox on the tv. Can anyone Help??
-
my computer is very slow
-
Ejecutable cvi 8.0.1
Tengo un problema al crear el ejecutable en CVI 8.0.1 . En la ayuda sale un mensaje de que si algun archivo aparece en rojo es porque ha sido movido o borrado, en mi caso es el propio ejecutable el que me aparece n rojo. adjunto un pantallazo para mo