This blog is about recent updates on the Cisco Nexus 9000 series datacenter switches. This describes my view on the switches and technologies.
Nexus 9000 series is currently Cisco’s flagship on datacenter networking. This is today and still for tomorrow. Mounting the Nexus 9000 switches should be the last physical and configuration work you’ve done in the (future?) datacenter. All upcoming tasks (aka.. Configuring and provisioning the switches) should be done automatically by any automation tool. We have to move from our traditional networking tools to more automating and orchestration tools from today on. Nobody wants or has time to manually configure all these switches like in the old days.
The Nexus 9000 series switches are ready to achieve this with many on-the-box features like automation with PoAP, REST CALL with NXAPI and the “unix-way of management”. This, to program and configure the network / fabric.
I was working on a installation and configuration of a C3850 switch with LAN base license.
What is in the name with LAN Base license… As we all know from previous licenses (like 3750-X licenses), there is no routing available but… there is basic routing functionality available in the LAN base license for C3850 switches!
There are some limitations for routing with LAN base license though:
- Maximum of 15 static routes
- no routing protocols, only static routing
During the test phase of our implementation, we encountered performance issues:
- File transfers inside VLAN’s: no issues
- Inter-VLAN file transfers: slow throughput with a maximum of ~10Mb/s
Just another short post about IP helpers:
It took me last week a few minutes to figure out why my new configured IP helpers were not working.
The starting config was like:
description Voice VLAN
ip address 192.168.1.251 255.255.255.0
ip access-group Voice in
ip helper-address 192.168.15.1
ip helper-address 192.168.15.3
no ip redirects
no ip unreachables
standby 6 ip 192.168.1.254
standby 6 timers 1 2
standby 6 priority 110
standby 6 preempt
ip access-list extended Voice
permit ip host 192.168.1.9 192.168.254.0 0.0.0.255
permit ip host 192.168.1.2 192.168.254.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 192.168.15.0 0.0.0.255
permit ip any host 22.214.171.124
I’ve seen a few suspended ports in etherchannels lately. Not everyone is familiar with this port status. So let’s take a minute to talk about this:
There is one important rule when configuring etherchannels: All interfaces in the etherchannel need the same speed and duplex settings, trunking encapsulation (dot1q/isl) or the same access VLAN in case of an access port, same STP cost and last but not least: no etherchannel port can be configured in a monitor session (SPAN port).
We all are familiar with the IP helper command to allow DHCP requests (broadcast) passthrough a router to get as a unicast packet to a DHCP server. Pretty easy and simple.. But the IP helper can do more!
When there is a network with multiple vlans and you need the use the good old “net send” command from Windows computers on all computers on all the VLAN’s, you have to configure the IP helper.
Frame-Relay Traffic Shaping (FRTS) can be hard to understand.
Traffic shaping vs policing
The most important difference between these two is the fact that shaping is designed to delay excess traffic, whereas policing drops the excess traffic.
Shaping uses credits. Before a packet can be sent, the amount of credits equaling the packet size in bits have to be available. Policing is not designed to guarantee bandwidth, it’s designed to limit bandwidth.
Private VLAN configuration could be tricky:
A Private VLAN environment consist of a few VLANs:
- Primary VLAN
- Secondary VLAN
- Community VLAN
- Isolated VLAN
Every Secondary VLAN will be associated to a primary VLAN. Every primary VLAN can exist of multiple community VLANs but only 1 isolated VLAN.
When a broadcast storm occurs, even with STP enabled, there is another option to protect your network from broadcast flooding. This method is called storm-control. The technics of this protocol are simple:
Stom control configuration is based on a per-port bases and storm control can be enabled for broadcasts, unicasts and/or multicasts. When configuring stormcontrol, you have to specify the rising and falling values: the rising value is the value on which an action should occur (rate-limit the traffic to this value, err-disable this port or send a SNMP trap). The rising value is the value on which the action will be undone.
This is another (short) post about three more important features of spanning-tree, as discussed on my previous blog.
Spanning-tree root guard is useful in avoiding layer 2 loops during network anomalies. Root guard forces an interface to become a designated port to prevent switches from becoming a root switch.
My first day of study: it’s a spanning-tree day! Most of the information is a fresh-up from the CCNP course, but still very usefull to know. Below a summary of some key-parts of spanning-tree, rapid-spanning-tree and mst.
Spanning-tree bridge ID format
The “old” version of spanning-tree, also known as 802.1d, uses the following bridge ID format:
The priority is a 2 bytes (16 bits) field with all possible values between 0 and 65535. The MAC address is used as a tiebraker.