Port Channel Best Practice

Similar Messages

• NWDS iFlow and Communication Channel best practice

  Hi,
  Is there a recommended best practice for creation of Communication Channels when using NWDS? I know that CC can be created:
  CC can be created automatically from the iFlow
  CC can be created manually against the Business System and then referenced in the iFlow
  When a CC is created from the iFlow it is not visible against the Business System in NWDS, which is annoying.
  Any advise? This is a fresh system so no CC migrated from the Integration Directory.
  Che

  Hi,
  to me this rather sounds an iFlow related question than NWDS or NWDI.
  I am not familiar with iFlow, I only found some guides after googleing like
  Introducing iFlow in PI 7.31 Configuration
  and
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/304eda9e-736f-2f10-7c99-a9b61353cc34?overridelayout=t…
  but I can't tell whether this is related to your question.
  What I could though definetely suggest is to raise this at:
  Process Integration (PI) & SOA Middleware
  Still I hope this helps.
  Regards,
  Ervin

• Trunk Port Threshold Best Practice?

  Using CiscoWorks LMS and I notice the notification threshold for switch port utilisation is set at 40%. I know I've seen this before, but I can't remember why 40% was the magic number. I've Googled and come up with nothing useful so I'm handing it over to the experts :)
  Does this have something to do with this value being an "average" rather than a peak? I'm struggling to understand why, in a fully switched network, 40% utilisation is something to be concerned about.
  Hope you can improve my education :)
  Cheers,
  Ben.

  Thanks Mohammed.
  I think I may have chosen my words poorly.
  What I'm really trying to understand is this:
  In a full-duplex, microsegmented network, which is essentially a collision-less environment, wouldn't it make more sense to set a utilisation threshold of around 80%? In that case, you'd actually be getting close to saturating your bandwidth and creating a bottleneck.
  At 40% utilisation, especially on a trunk port which you'd expect to run at a higher utilisation, you still have quite a large portion of free bandwidth.
  I'm still relatively new to the networking game, so I'm trying to get my head around something that others seem to take for granted. The question is really more general, about the 40% utilisation threshold figure, than about CW LMS specifically.
  Cheers,
  Ben.

• FC port channels between MDS and UCS FI best practice?

  Hi,
  We would like to create FC port channels between our UCS FI's and MDS9250 switches.
  At the moment we have 2 separate 8Gbps links to the FI's.
  Are there any disadvantages or reasons to NOT do this?
  Is it a best practice?
  Thanks.

  As Walter said, having port-channels is best practice.  Here is a little more information on why.
  Let's take your example of two 8Gbps links, not in a port-channel ( and no static pinning ) for Fibre Channel connectivity:
  Hosts on the UCS get automatically assigned ( pinned ) to the individual uplinks in a round-robin fashion.
  (1)If you have some hosts that are transferring a lot of data, to and from storage, these hosts can end up pinned to the same uplink and could hurt their performance. 
  In a port-channel, the hosts are pinned to the port-channel and not individual links.
  (2)Since hosts are assigned to an individual link, if that link goes down, the hosts now have to log back into the fabric over the existing working link.   Now you would have all hosts sharing a single link. The hosts will not get re-pinned to a link until they leave and rejoin the fabric.  To get them load balanced again would require taking them out of the fabric and adding them back, again via log out, power off, reload, etc...
  If the links are in a port-channel, the loss of one link will reduce the bandwidth of course, but when the link is restored, no hosts have to be logged out to regain the bandwidth.
  Best regards,
  Jim

• Catalyst 3750G and WLC 440x - Port Channel - Configuration - Best Pactice

  What is the best practice to use when configuring port channel between Catalystr 3750G switch stack and WLC 4402 / 4404 Wireless Lan Controllers:
  a) Negotiate to LACP
  b) Negotiate to PAgP
  or
  c) Hard-code to Port Channel without any negotiation.
  Any pointers to any useful links - much appreciated and configuration example as well.

  Answer is 'C'... channel-mode on
  Configuring Neighbor Devices to Support LAG
  The controller's neighbor devices must also be properly configured to support LAG.
  •Each neighbor port to which the controller is connected should be configured as follows:
  interface GigabitEthernet
  switchport
  channel-group mode on
  no shutdown
  •The port channel on the neighbor switch should be configured as follows:
  interface port-channel
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan
  switchport trunk allowed vlan
  switchport mode trunk
  no shutdown
  Here is a link that explains it. Hope this answers your question:
  http://www.cisco.com/en/US/docs/wireless/controller/4.2/configuration/guide/c42mint.html#wp1116136
  Here is a Best Practice doc:
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080810880.shtml

• Template(best practice) for Switch ports

  Hi,
  Looking for best practice advice on switchport config for client facing ports.
  We recently had an incident where an access port turned into a trunk(trunk mode desirable), which we obviously do not want to happen again!
  For Access Ports(First two should stop DTP I'm hoping?):
  switchport mode access
  switchport nonegotiate
  storm-control broadcast level 20.00
  storm-control action trap
  no cdp enable
  spanning-tree portfast
  spanning-tree bpdufilter enable
  spanning-tree guard root
  switchport port-security maximum 10
  switchport port-security
  switchport port-security aging time 10
  And for trunk ports to clients:
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk allowed vlan xxx,xxx
  switchport nonegotiate
  storm-control broadcast level 20.00
  storm-control action trap
  no cdp enable
  spanning-tree bpdufilter enable
  spanning-tree guard root
  Thanks in advance.

  Look here: http://www.cisco.com/en/US/docs/solutions/Enterprise/Branch/E_B_SDC1.html#wp68930
  That's Cisco's branch design doc from Design Zone.
  For those that want a fast answer:
  For VoIP phones and PC:
  interface GigabitEthernet1/0/6 - interface GigabitEthernet1/0/23
  description phone with PC connected to phone
  switchport access vlan 102
  switchport mode access
  switchport voice vlan 101
  switchport port-security maximum 2
  switchport port-security
  switchport port-security aging time 2
  switchport port-security violation restrict
  switchport port-security aging type inactivity
  ip arp inspection limit rate 100
  load-interval 30
  srr-queue bandwidth share 1 70 25 5
  srr-queue bandwidth shape 3 0 0 0
  priority-queue out
  mls qos trust device cisco-phone
  spanning-tree portfast
  spanning-tree bpduguard enable
  ip verify source
  ip dhcp snooping limit rate 100
  For data only:
  interface GigabitEthernet1/0/24- interface GigabitEthernet1/0/28
  description DATA only ports
  switchport access vlan 102
  switchport mode access
  switchport port-security maximum 3
  switchport port-security
  switchport port-security aging time 2
  switchport port-security violation restrict
  switchport port-security aging type inactivity
  ip arp inspection limit rate 100
  load-interval 30
  srr-queue bandwidth share 1 70 25 5
  srr-queue bandwidth shape 3 0 0 0
  priority-queue out
  spanning-tree portfast
  spanning-tree bpduguard enable
  ip verify source
  ip dhcp snooping limit rate 100
  That's Cisco's recommendation.
  And just my opinion is that I'd much rather shut a port down that receives a BPDU than just filter it. Reason being that you can't trust users not to do something stupid, like hook two switch ports to the same switch they're using at their desk in an effort to "make the network faster". For two, if someone malicious plugs in a switch into your environment, shut the port down. . .that makes it hard for them to do anything malicious.

• SAP Adapter Best Practice Question for Migration of Channels

  I have a best practice question on the SAP adapter when migrating an OSB project from one environment (DEV) to another (QA).
  If my project includes an adapter channel that (e.g., Inbound SAP Proxy listening on a channel), how do I migrate that project to another environment if the channel in the target environment is different.
  I tried using the search and replace mechanism in the sbconsole, but it doesn't find the channel name in the jca and wsdl files.
  What is the recommended way to migrate from one environment to the other when the channel name changes?

  I have a best practice question on the SAP adapter when migrating an OSB project from one environment (DEV) to another (QA).
  If my project includes an adapter channel that (e.g., Inbound SAP Proxy listening on a channel), how do I migrate that project to another environment if the channel in the target environment is different.
  I tried using the search and replace mechanism in the sbconsole, but it doesn't find the channel name in the jca and wsdl files.
  What is the recommended way to migrate from one environment to the other when the channel name changes?

• Looking for best practice Port Authentication

  Hello,
  I'm currently deploying 802.1x on a campus with Catalyst 2950 and 4506.
  There are lots of Printers and non-802.1x devices (around 200) which should be controlled by their mac-address. Is there any "best practice" besides using sticky mac-address learning.
  I'm thinking of a central place where alle mac-addresses are stored (i.e. ACS).
  Another method would be checking only the first part of the mac-address (vendor OID) on the switch-ports.
  Any ideas out there??
  regards
  Hubert

  check out the following link, this provides info on port based authentication, see if it helps :
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00801cde59.html

• Best practices available for web channel 2007

  Hi All
  Is there any best practices available for web channel 2007,
  can any one please guide where to get them
  regards
  Jaju

  Hi,
  [http://help.sap.com/bp_crmv12007/CRM_DE/HTML/index.htm|http://help.sap.com/bp_crmv12007/CRM_DE/HTML/index.htm]
  In the above link go to Technical Information >Building Block Library > C78: CRM Interaction Center
  Regards,
  Sateesh Chandra

• Cisco best practices on Channeling.

  All,
  Can anyone point me to a document that describes Cisco's best practices when it comes to channel settings in a Unified wireless infrastructure.  We know that AP's can be configured to communicate over a specific channel or they can be set to "global" ie auto.  Meaning that the AP will decide what channel is best to communicate over.
  Just looking for the best way to configure this, especially in a building that has hundreds of access points per floor.
  Thank you in advance
  izzy

  The best way to determine this is with a formal site survey...
  However take a look at this document.This is a really really good document!
  http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch3_WLAN.html

• Best practices whil using Iron Port as MTA..

  We are planning to deploy ironport in our environment as a MTA and Spam. Currently we use qmail as MTA and Trend was a spam.
  Mail Flow
  External --> Qmail (DMZ) --> Trend Micro Spam Server (LAN) --> Exchange
  Kindly suggest as best practice and important features should enable to block spam.

  Something that may aid you in your readings --->
  https://supportforums.cisco.com/discussion/11429111/ask-expert-best-practices-configuring-email-security-appliance
  Snippet from there:
  Because everyone's mail flow is different (my company will receive different targeted spam than yours, for instance), obtaining the maximum potential can be as much an art as a science.
  Since we often are asked what extra steps can be taken to get the maximum potential out of your IronPort, we've published an external Knowledge Base article that lists *several* things you can do to stop as much spam as possible:
  Article #493: IronPort Anti-Spam Efficacy Checklist Link: http://tinyurl.com/eqpk6
  I cannot stress enough to use Step 11: Report mis-classified messages to IronPort.  Anytime you catch an email making it through our systems, we want to know. You cannot submit too many samples. (The same holds true for misclassifed HAM messages.) 
  I hope this helps!
  -Robert
  (*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)

• Best Practice for Networking in UCS required

  Hi
  We are planning to deploy UCS n our environment. The Fabric Interconnects A and B will need to connect to pair of Catalyst 4900 M switch. Whats is the best practice to connect? How should the 4900 switch be configured? Can I do port channel in UCS?
  Appreciate your help.
  Regards
  Kumar

  I highly recommend you review Brad Hedlund's videos regarding UCS networking here:
  http://bradhedlund.com/2010/06/22/cisco-ucs-networking-best-practices/
  You may want to focus on Part 10 in particular, as this talks about running UCS in end-host mode without vPC or VSS.
  Regards,
  Matt

• What are Best Practice Recommendations for Java EE 7 Property File Configuration?

  Where does application configuration belong in modern Java EE applications? What best practice(s) recommendations do people have?
  By application configuration, I mean settings like connectivity settings to services on other boxes, including external ones (e.g. Twitter and our internal Cassandra servers...for things such as hostnames, credentials, retry attempts) as well as those relating business logic (things that one might be tempted to store as constants in classes, e.g. days for something to expire, etc).
  Assumptions:
  We are deploying to a Java EE 7 server (Wildfly 8.1) using a single EAR file, which contains multiple wars and one ejb-jar.
  We will be deploying to a variety of environments: Unit testing, local dev installs, cloud based infrastructure for UAT, Stress testing and Production environments. **Many of  our properties will vary with each of these environments.**
  We are not opposed to coupling property configuration to a DI framework if that is the best practice people recommend.
  All of this is for new development, so we don't have to comply with legacy requirements or restrictions. We're very focused on the current, modern best practices.
  Does configuration belong inside or outside of an EAR?
  If outside of an EAR, where and how best to reliably access them?
  If inside of an EAR we can store it anywhere in the classpath to ease access during execution. But we'd have to re-assemble (and maybe re-build) with each configuration change. And since we'll have multiple environments, we'd need a means to differentiate the files within the EAR. I see two options here:
  Utilize expected file names (e.g. cassandra.properties) and then build multiple environment specific EARs (eg. appxyz-PROD.ear).
  Build one EAR (eg. appxyz.ear) and put all of our various environment configuration files inside it, appending an environment variable to each config file name (eg cassandra-PROD.properties). And of course adding an environment variable (to the vm or otherwise), so that the code will know which file to pickup.
  What are the best practices people can recommend for solving this common challenge?
  Thanks.

  HI Bob,
  As sometimes when you create a model using a local wsdl file then instead of refering to URL mentioned in wsdl file it refers to say, "C:\temp" folder from where you picked up that file. you can check target address of logical port. Due to this when you deploy application on server it try to search it in "c:\temp" path instead of it path specified at soap:address location in wsdl file.
  Best way is  re-import your Adaptive Web Services model using the URL specified in wsdl file as soap:address location.
  like http://<IP>:<PORT>/XISOAPAdapter/MessageServlet?channel<xirequest>
  or you can ask you XI developer to give url for webservice and username password of server

• Best Practice for VPC Domain failover with One M2 per N7K switch and 2 sups

  I Have been testing some failover scenarios with 4 nexus 7000 switches with an M2 and an F2 card in each. Each Nexus has two supervisor modules.
  I have 3 VDC's Admin, F2 and M2
  all ports in the M2 are in the M2 VDC and all ports on the F2 are in the F2 VDC.
  All vPC's are connected on the M2 cards, configured in the M2 VDC
  We have 2 Nexus representing each "site"
  In one site we have a vPC domain "100"
  The vPC Peer link is connected on ports E1/3 and E1/4 in Port channel 100
  The peer-keepalive is configured to use the management ports. This is patched in both Sups into our 3750s. (this is will eventually be on a management out of band switch)
  Please see the diagram.
  There are 2 vPC's 1&2 connected at each site which represent the virtual port channels that connect back to a pair of 3750X's (the layer 2 switch icons in the diagram.)
  There is also the third vPC that connects the 4 Nexus's together. (po172)
  We are stretching vlan 900 across the "sites" and would like to keep spanning tree out of this as much as we can, and minimise outages based on link failures, module failures, switch failures, sup failures etc..
  ONLY the management vlan (100,101) is allowed on the port-channel between the 3750's, so vlan 900 spanning tree shouldnt have to make this decision.
  We are only concerned about layer two for this part of the testing.
  As we are connecting the vPC peer link to only one module in each switch (a sinlge) M2 we have configured object tracking as follows:
  n7k-1(config)#track 1 interface ethernet 1/1 line-protocol
  n7k-1(config)#track 2 interface ethernet 1/2 line-protocol
  n7k-1(config)#track 5 interface ethernet 1/5 line-protocol
  track 101 list boolean OR
  n7k-1(config-track)# object 1
  n7k-1(config-track)# object 2
  n7k-1(config-track)# object 5
  n7k-1(config-track)# end
  n7k-1(config)# vpc domain 101
  n7k-1(config-vpc-domain)# track 101
  The other site is the same, just 100 instead of 101.
  We are not tracking port channel 101, not the member interfaces of this port channel as this is the peer link and apparently tracking upstream interfaces and the peer link is only necessary when you have ONE link and one module per switch.
  As the interfaces we are tracking are member ports of a vPC, is this a chicken and egg scenario when seeing if these 3 interfaces are up? or is line-protocol purely layer 1 - so that the vPC isnt downing these member ports at layer 2 when it sees a local vPC domain failure, so that the track fails?
  I see most people are monitoring upstream layer3 ports that connect back to a core? what about what we are doing monitoring upstream(the 3750's) & downstream layer2 (the other site) - that are part of the very vPC we are trying to protect?
  We wanted all 3 of these to be down, for example if the local M2 card failed, the keepalive would send the message to the remote peer to take over.
  What are the best practices here? Which objects should we be tracking? Should we also track the perr-link Port channel101?
  We saw minimal outages using this design. when reloading the M2 modules, usually 1 -3 pings lost between the laptops in the diff sites across the stretched vlan. Obviously no outages when breaking any link in a vPC
  Any wisdom would be greatly appreciated.
  Nick

  Nick,
  I was not talking about the mgmt0 interface. The vlan that you are testing will have a link blocked between the two 3750 port-channel if the root is on the nexus vPC pair.
  Logically your topology is like this:
      |                             |
      |   Nexus Pair          |
  3750-1-----------------------3750-2
  Since you have this triangle setup one of the links will be in blocking state for any vlan configured on these devices.
  When you are talking about vPC and L3 are you talking about L3 routing protocols or just intervaln routing.
  Intervlan routing is fine. Running L3 routing protocols over the peer-link and forming an adjaceny with an router upstream using L2 links is not recommended. Teh following link should give you an idea about what I am talking here:
  http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
  HSRP is fine.
  As mentioned tracking feature purpose is to avoid block hole of traffic. It completely depends on your network setup. Don't think you would be needing to track all the interfaces.
  JayaKrishna

• Best Practice - Flexpod Design

  I am working thru a 5548, UCS, and Netapp design. We are using FC, not FCoE. I have followed the FlexPod deployment standard to a "T" but have a couple of questions. First, as we are following our physical layout, EoR, we are placing a pair (two 5548's) at the end of each row to handle FC within that row (client request). We have various FC devices throughout each row, with UCS in one row, Netapp in another, and so forth. The question I have is in regards to "best practice" with the FlexPod standard. No where have I found an FlexPod design document which shows a cascade/aggregation design using an EoR switch connected to another EoR switch with a target/initiator seperated by two 5548s (NPIV/NPV). Is such a design NOT recommended? Can it be done within the standard? The second question is in regards to actual configuration. In this mode, TARGET ---- 5548(row1)-----5548(row2)---- Initiator, I assume the first 5548 is NPV mode, the second NPIV mode. Correct?
  We have not implemented in this fashion before so I am looking for some standards document/configurations,etc related to this. Your help is greatly appreciated...

  The link between the NPV-NPIV Core is not an ISL.
  The link between the NPV-NPIV Core is  F-port type. NPV Switch does not run Fibre Channel services, therefore has NO Fibre Channel Domain ID. 
  NP - Node Proxy port type is introduced on the NPV Switch since it sends requests to the NPIV Core for processing and then relays any applicable information to the downstream hosts.
  As far as FLEXPOD this Doc talks about 5548 in NPIV with UCS in NPV mode.
  http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns224/ns944/whitepaper__c07-727095.html
  This might not a full match but it touches the features you are discussing.
  I hope this helps.
  Regards,
  Carlos