WAN Vlan optimization between 2 Data Centers - 4451 Router

Similar Messages

• Requirements about delay and bandwith for using OTV in Nexus 7000 between two data centers separated 25 miles?

  We have two Nexus 7000, and I need use them with OTV between two data Centers separated 25 miles, but I don´t know what are the optimal values about bandwidth and delay (ms) for extended VLANs IDs (production and DAG replication) for Microsoft Exchange environment. Can somebody tell me please which are the values required for operate OTV in optimal conditions in this case? We have about 35 000 users that will use that platform of email. Thanks a lot for your comments. Regards.

  We have two Nexus 7000, and I need use them with OTV between two data Centers separated 25 miles, but I don´t know what are the optimal values about bandwidth and delay (ms) for extended VLANs IDs (production and DAG replication) for Microsoft Exchange environment. Can somebody tell me please which are the values required for operate OTV in optimal conditions in this case? We have about 35 000 users that will use that platform of email. Thanks a lot for your comments. Regards.

• Adding 2 New SItes between 2 Data Centers

  I have a current Site installed with default settings (no additional sites/subnets/site links), and we are plannig on creating 3 new DCs in our remote Data Center, which will be the second site.  I want to seperate desktop traffic between the 2
  Data Centers. My question is, what is the best way to do this?  I want to keep the Deafult First Name Site as a catch -all for all subnets that may be missed.

  1.  Why do you wish to keep clients from accessing DCs in the datacenter?  What harm do you think may occur?
  2.  Assuming a two-site topology with a site link associating each of them won't accomplish what you want, but can *reduce* the amount of authentication traffic from one site to another.
  3.  Keeping the Default First Site Name is fine - it won't hurt anything, but using it as a 'catch-all' for IP subnets not registered in AD indicates poor IP address management.  You should address that issue first.
  4.  It might be possible to completely eliminate client auth traffic in one site from reaching another site by creating three sites in series (Site A <-> Site B <-> Site C) and disabling "Bridge all site links".  With Site Link Bridging
  disabled, the connection from Site A to Site C will no longer be transitive and clients that are members of that site will not send authentication requests to DCs in Site C.  However, that's a lot of 'hoops' to jump through just to address a problem I'm
  not sure is all that important.
  -ds
  David Shaw [MSFT]

• Core switches between 2 data centers

  Existing data center has 2 X Cisco 6500 series core switches, new data center has 2 X Cisco nexus core switches. For the connection between 2 data center, it will be using leased line. To establish the network connection for both side, should it use trunk port with layer 2 connection directly or layer 3 ip routing (configure the ip on switchport interface) ? What is the better approach for its design? Please share your idea.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Normally, when dealing with off-site traffic, L3 is better as it limits traffic to only what needs to go off-site.
  However, as you're dealing with data centers, it's no longer uncommon that there's need to share L2 between them.  So, much depends on what your needs are.

• Can portal session cookies be used between two data centers

  OAS generates the following header information and session information for my application. However when I need to failover the originating OAS datacenter into my hot stand-by for maintenance or upgrades, the OAS in the other datacenter responds with a 503 web error. We are using Akamai's GTM to manage the liveness of the datacenter, so we would need the hot stand-by OAS portal in that datacenter to return a 302 error code. Is there some method that we can add to our portal application which would always return a 302 error code.
  See header information collected through wfetch. The 503 error is caused by the hot stand-by data center not accepting or recognizing the cookie. Both OAS datacenters are IDENTICAL in Oracle levels, application levels, web servers, portals and OS patches.
  resolve hostname "170.107.183.32"WWWConnect::Connect("170.107.183.32","80")\nsource port: 2182\r\n
  GET /portal/pls/portal/PORTAL.wwsec_app_priv.login?p_requested_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home&p_cancel_url=%2Fportal%2Fpls%2Fportal%2FPORTAL.home HTTP/1.1\r\n
  Accept: */*\r\n
  Accept-Language: en-us\r\n
  Accept-Encoding: gzip, deflate\r\n
  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)\r\n
  Host: www.thomson-pharma.com\r\n
  Connection: Keep-Alive\r\n
  Cookie: ORA_WX_SESSION="10.225.8.30:80-1#2"; portal=9.0.3+en-us+us+AMERICA+3D66674E7EED0801E04400144F41424E+BBAA98EEB32D58C086231A8D6CBE2E5D402D89B0E79D83A18C668BB0CA7417B4044DEA389C8B50DD37D9272A24B4753B22F29978861DE14503F8B9BEDC2014654B26A434CF074F4D8749B88610ADADF5084A90ADBF749E2A; DATACENTER=EAGAN\r\n
  \r\n
  HTTP/1.1 503 Service Unavailable\r\n
  Cache-Control: private\r\n
  Content-Type: text/html\r\n
  Set-Cookie: ORA_WX_SESSION="10.237.138.33:80-1#2"\r\n
  Set-Cookie: portal=; expires=Wednesday, 27-Dec-95 05:29:10 GMT; path=/\r\n
  Connection: Keep-Alive\r\n
  Keep-Alive: timeout=5, max=999\r\n
  Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server OracleAS-Web-Cache-10g/10.1.2.0.2 (N;ecid=208440262161,0)\r\n
  Content-Length: 710\r\n
  Date: Fri, 26 Oct 2007 14:58:07 GMT\r\n
  \r\n
  Thanks -John

  Hi John,
  This question is probably more appropriate in one of the Portal forums, but perhaps you can take a look at the information in section C.5 Configuring the Portal Session Cookie in Appendix C of the Portal Configuration guide.
  Here is a link: http://download.oracle.com/docs/cd/B14099_19/portal.1014/b19305/cg_app_c.htm#sthref1907
  Regards,
  Peter

• Physical connectivity required to support Nexus L2 extension across data centers

  my customer requires L2 extension across their data centers using Nexus 5596/Nexus 2248. I'm unable to find documentation to confirm my physical connectivity to confirm the logical requirement. Will the diagram below support the requirement to extend their vlans across the two data centers? Thanks for any help you can provide.

  I'm not a Cisco PM, who probably should answer this question; my 2c
  Don't know if you have ACI or simply the standalone N9k running NX-OS in mind.
  If you don't need/want APIC, I would not go for N9k/ACI Version.
  See also the newest information regarding integration of N7k..... into ACI
  http://www.networkworld.com/community/node/85429
  http://finance.yahoo.com/news/cisco-delivers-aci-vision-adds-120000751.html?.tsrc=applewf
  As you said, N9K / ACI doesn't support FCoE (its on the roadmap) and definitely not native FC.
  No Fabric Path, all is VXlan based.
  On the other hand, VXlan (and Fabric Path) support seems to show up on the N7k family (new line card)
  Walter.

• Extending VLAN across Data centers

  I hope you can help, I have 2 data centers connected via a L3 10gb (dark fiber) now I have a few more fiber strands available between the 2 data centers; so for Disaster Recovery and server clustering (requiring same subnet) does it make sense to extend certain vlans across using these extra fiber strands or is it best practice to keep the layer 3 separation, thanks in advance!

  Borman
  It does make sense in terms of clustering. Not sure exactly what you mean in terms of disaster recovery, that really depends on your topology/addressing.
  Basically i would route where you can and extend L2 when you have to. Be aware you are extending L2 between data centres and tha brings STP issues. Obvioulsy make sure you only allow the vlans you need on this link and route all else.
  There are other ways to extend a L2 vlan across a L3 link - L2TPv3 springs to mind.
  Jon

• Coherence - grid-data replication between data centers

  Hi All ,
  We have two data centers , each having a coherence data-grid. How can we replicate cached data in grid between these two data centers ? I looked at the , http://coherence.oracle.com/display/INCUBATOR/Push+Replication+Pattern
  but , ? I need more information on this ? Can someone direct me to some useful links and documentation ?

  Unfortunately, what you've seen is about as far as it goes, I'm afraid.
  I've just got it working, but it was a pain to have to dig through so much API docs and source code in order to get it working. It really should have a much better set of documentation, including a tutorial, IMHO. The crazy thing is, once you have got it working, it turns out it's not actually that difficult!
  I've also posted some questions on the Incubator forums, but they've mainly fallen on deaf ears (except for one guy, Neville, who I don't think works for Oracle.) I've been trying to get PublishingTransfomers to work, but the documentation for them is very, very poor. Also, none of the "examples" have any Transformers.
  It's a shame that something so heavily "pushed" at the Coherence SIGs, PR, is so poorly documented/supported... (Take a look at the low post counts of those supporting it from Oracle, and the number of unanswered messages.)
  Anyway, give it a shot and let me know if you have any specific questions. I guess they should really be posted on the Incubator forum rather than here, but as it's such a "ghost town" over there I wouldn't be too hopeful of a reply! :)
  NB. Make sure you download and look at the Examples: http://coherence.oracle.com/display/INCUBATOR/Coherence+Incubator+Examples

• Long distance application failover between data centers.

  Hello:
  I am working a project where there is a requirement to have a primary server and a secondary for application failover. The requirements dictate that the servers must be geographically separate at separate data centers but yet on the same IP subnet so that heartbeat messages are not natively routed. What protocol can I use to bridge the subnet over an IP routed network? GRE? L2TP?

  GRE will not work as according to the last information I have you cannot bridge over a GRE tunnel. We had one such application with similar requirements and we ended up using L2TPv3 that allows transparent LAN extension. We have not had any issues with it and if you are only going to use it for heartbeats you should not run into any performance issues. L2TPv3 does tend to drive the CPU utilization high in case you have a lot of data traversing the tunnel.

• 10G wan etherchannel bundling between 12410 routers or between CRS-1 router

  How etherchannel/bundle ether will behave on the N*10G wan links between the 12410 routers and when running between the 12410 and CRS-1 routers and also when running between 2 CRS-1 routers ??
  How it is advantageous compared to the normal CEF based load balancing on these above routers without etherchannel or bundle ether configured on them.
  Any suggestions on this ??

  Hello Rajesh,
  we are speaking of high end routers that are expected to process tens of thousands of flows per second even just differentiating on source and destination ip addresses there should be enough variety in your traffic to use the parallel CEF links in a fair way.
  CEF uses an EXOR of ip source and ip destination and an hash seed that changes only when the system is reloaded.
  etherchannel can use EXOR of different fields:
  MAC SA exor MAC DA
  IP SA exor IP DA
  L4 SA port exor L4 DA port
  but only one of them applies to a type of traffic at a specific time.
  Or you expect a few very high volume flows on the links (DR or DB synchronization just to say)
  So to answer your question, unless used for connecting two data centers, I don't expect to gain in fairness by using a bundle.
  Hope to help
  Giuseppe

• Can you cluster Coherence over data centers?

  We're currently running two separate Coherence clusters in different data centers. One is prod, the other DR.
  Would it be possible to cluster the nodes from each of these to create one cluster spanning both data centers? Then in a failover scenario the data would already be available.
  I know Coherence nodes heartbeat to one another to retain cluster membership and that there is a TTL setting to determine packet life. Would have nodes in different data centers result in heartbeats being missed or TTLs killing packets?
  Has anyone had any success with this?

  Coherence performance is related to the latency between nodes. Having one cluster spread over 2 data centers could harm performance (some timeouts could have to be changed to prevent nodes from data center A to claim another node in datacenter B is out of reach/possibly dead).
  When you lose network connectivity between the 2 data centers (note i'm not saying "if you lose connectivity". It WILL happen), you're welcome into the "split brain world", each half of the grid believing the other is dead and claiming to be the "master". And thus, if you have data replicated on N nodes, the master/backups are redispatched all over each datacenter, harming performance for a few minutes (the timing depending of course on many parameters...). And of course the data will no longer be synchronized between the 2 data centers. The quorum has to be thought of, and stuff like that...
  I might be wrong, but AFAIK I'd rather have 2 separate clusters. I believe 12.1 has new features to replicate data the the master grid to the DR one, I have not been through all the new documentation.

• Need suggestion for ISE distributed deployment model in two different data centers along with public certificate for HTTPS

  Hi Experts,
  I am bit confused about ISE distributed deployment model .
  I have two data centers one is DC & other one is as a DR I have  requirement of guest access service implementation using CWA and get public certificate for HTTPS to avoid certificate error on client devices :
  how do i deploy ISE persona for HA in this two data centers
  After reading cisco doc , understood that we can have two PAN ( Primary in DC  & Secondary in DR ) like wise for MnT (Monitoring will be as same as PAN ) however I can have 5 PSN running in secondary i.e. in DR ISE however I have confusion about HA for PSN .. since we have all PSN in secondary , it would not work for HA if it fails
  Can anybody suggest me the best deployment solution for this scenario ?
  Another doubt about public certificate :
   Public Certificate: The ISE domain must be a registered or part of a registered domain name on the Internet. for that I need Domain name being used from customer .
  Please do correct me if I am wrong about certificate understanding :
  since Guest will be the outside users , we can not use certificate from internal CA , we need to get the certificate from service provider and install the same in both the ISE servers
  Can anybody explain the procedure to opt the public certificate for HTTPS from service provider ? And how do i install it in both the ISE servers ?

  Hi there. Let me try answering your questions:
  PSN HA: The PSNs are not configured as "primary" or "secondary" inside your ISE deployment. They are just PSN nodes as far as ISE is concerned. Instead, inside your NADs (In your case WLCs) you can specify which PSN is primary, which one is secondary, etc. You can accomplish this by:
  1. Defining all PSN nodes as AAA radius servers inside the WLC
  2. Then under the SSID > AAA Servers Tab, you can list the AAA servers in the order that you prefer. As a result, the WLC will always use the first server listed until that server fails/gets reloaded, etc. 
  3. As a result, you can have one WLC or SSID prefer PSN server A (located in primary DC) while a second WLC or SSID prefer PSN server B (located in backup DC)
  Last but not the least, you could also place PSNs behind a load balancer and that way the traffic would be equally distributed between multiple PSNs. However, the PSN nodes must be Layer 2 adjacent, which is probably not the case if they are located in two different Data Centers
  Certificates: Yes, you would want to get a public certificate to service the guest portal. Getting a public/well known certificate would ensure that most devices out there would trust the CA that signed your ISE certificate. For instance, VeriSign, GoDaddy, Entrust are some of the ones out there that would work just fine. On the other hand, if you use a certificate that was signed by your internal CA, then things would be fine for your internal endpoints that trust your internal CA but for any outsiders (Guests, contractors, etc) that do not trust and do not know who your internal CA is would get a certificate error when being redirected to the ISE guest portal. This in general is only a "cosmetic" issue and if the users click "continue" and add your CA as a trusted authority, the guest page would load and the session would work. However, most users out there would not feel safe to proceed and you will most likely get a lot of calls to your helpdesk :)
  I hope this helps!
  Thank you for rating helpful posts!

• Guest N+1 redundancy & load balancing in seperate data centers

  I need assistance in aquiring documentation to setup N+1 redundancy & load balancing between two seperate guest anchor controllers installed in seperate data centers. Can you explaing how it should be setup or point me in the right direction for documentation? If you can't point me in the right direction to aquire documentation; can you answer the following questions?
  1) How do I setup my mobility groups on my guest anchor controllers installed in the DMZ? Should both guest anchor's be in the same mobility group.
  2) Do both guest anchors share the same virtual IP or do they need to be seperate (DMZ01 - 1.1.1.1 / DMZ02 - 2.2.2.2)? I think seperate!
  3) Are there any configuration parameters on the guest anchors for load balancing?
  4) Do either on of the guest anchors need to be setup as a master controller? I'm not sure?
  5) Are there any configuration parameters on the foreign controllers for load balancing?
  6) How do I setup my foreign controllers? Should both guest controllers be added to the mobility group on the foreigh controller? I would think both of them would be added to the foreign controller mobility group.
  7) Should both guest anchors be added as an anchor on the WLAN? I would think both controllers would need to be added as anchors under the WLAN!
  8) Am I missing anything here? This is how I think it should logically work?
  Thanks,
  Gordon

  I need to elaborate on my questions:
  1) Do both of my guest DMZ anchors need to be in a seperate mobility group on their own or can the guest anchors be in completely seperate mobility groups? All 100 + foreign controllers are in seperate mobility groups.
  I) Example #1: Guest anchor number 1 (Mobility group: DMZ) / Guest anchor number 2 (Mobility group: DMZ)
  II) Example #2: Guest anchor number 1 (Mobility group: DMZ01) / Guest anchor number 2 (Mobility group: DMZ02)
  2) Do both guest anchor controllers have to be configured with seperate virtual IP's or do they share the same address?
  I) Follow up to this question: I want to register the DMZ controllers with our DNS servers so that my clients receive a name when authenticating through my customized webauth. I am currently using 1.1.1.1 as the virtual address and I'm pretty sure this is the address I need to register with my external DNS server. My question is this. Does the address I use for the virtual interface matter? 1.1.1.1 is not a valid address with my network. Do I need to assign a valid address registered with my network if I'm going to add this address to my external DNS servers?
  3) No change to my original question.
  4) No change to my original question.
  5) No change to my original question. I have run into Cisco documentation that mentions guest anchor load balancing, but the documentation is very vague. I'd love to be able to load balance as the network group wants to limit my guest traffic to the internet. I could double my pipe if I could load balance the guest anchors.
  6) No change to my original question, but the answer to question one is key to the setup of my foreign controllers.
  7) Elaboration: Should both guest controllers be added as an anchor under the WLAN on the foreign controllers? I would think both of them would be added.
  8) No change:
  9) Should my secondary guest controller be added as an anchor on the WLAN of the primary guest DMZ controller and visa versa?
  Can my Cisco expert answer this or do I need to open a TAC case?
  Thanks,
  Gordon Shelhon
  SR. Wireless Services Engineer
  Company: Not specified

• Date difference between two dates

  hi All,
  i have to right a stored proc to find the difference between two dates. 
  for example of i give
  startdate as 4/1/2015 and enddate 14/1/2015
  i should get 1 year , 10 days and 0 months .
  i have tried the DateDiff function but it does not calculate the leap year.
  please help.

  DECLARE @from datetime
  DECLARE @to   datetime
  SET @from = '20150104  8:00'
  SET @to   = '20150114  10:30'
  SELECT DATEDIFF(minute,@from, @to) % 60 as Minutes
  SELECT (DATEDIFF(minute,@from, @to) / 60) % 24 as Hours
  SELECT DATEDIFF(minute,@from, @to) / (60 * 24) as Days
  SELECT DATEDIFF(month,@from, @to) as Months
  SELECT DATEDIFF(year,@from, @to) as Year
  Best Regards,Uri Dimant SQL Server MVP,
  http://sqlblog.com/blogs/uri_dimant/
  MS SQL optimization: MS SQL Development and Optimization
  MS SQL Consulting:
  Large scale of database and data cleansing
  Remote DBA Services:
  Improves MS SQL Database Performance
  SQL Server Integration Services:
  Business Intelligence

• IP mobility solution for a Data Centers

  Hello guys
  Please give me an advice.
  Now I try to work out a networking solution for a two geo separated data centers (DCs).
  Both the data centers will contain a virtualised server infrastructure (VMware).
  Now the main design problem is to choose good solution for IP mobility and  for the DCs interconnect. We need to have an ability of moving a VM machines both for maintanance and for disaster recovery between the DCs. And users must seamlessly without any advanced knowledge about routing  be connected to the VM machines that were moved. For now the users work in 1100 different offices around the Ukraine country.
  Yes I know a little about Cisco OTV, RHI and LISP solutions. But all this solutions require the top level switches and routers like Nexus 7000 and Cat 6500. And they are very costly.
  Is there cheaper solution for the IP Mobility?
  Maybe the NHRP protocol that is a part of the DMVPN could be a good solution? 
  Are there any features in NHRP or in other protocol for monitoring the health of a VM machine, customising and propagation the routing info in case of VM machine motion?
  Thank you for help.

  Hi Lavanya,
  Required data from a legacy system(generate data only in the form of flat files)to SAP R3 as FB01 journals - use BDC for this thing because it will be better for large source files.
  the output file should be generated periodically(daily,weekly,fortnightly etc…)  - if this output file contains acknowledgment for the data uploaded by the above process, create a ABAP report for it and schedule it..........but if this output contains some other IDOC data which you need to send as a file to a third-party system, then go for SAP XI provided the IDOC data is not too large... but if the IDOC size is huge, then just create a ABAP report for outputting data to a file on application server and FTP the file to third-party system.
  Regards,
  Rajeev Gupta