Cisco Nexus 9000 update 2016

This blog is about recent updates on the Cisco Nexus 9000 series datacenter switches. This describes my view on the switches and technologies.Nexus9k
Nexus 9000 series is currently Cisco’s flagship on datacenter networking. This is today and still for tomorrow.  Mounting the Nexus 9000 switches should be the last physical and configuration work you’ve done in the (future?) datacenter. All upcoming tasks (aka.. Configuring and provisioning the switches) should be done automatically by any automation tool. We have to move from our traditional networking tools to more automating and orchestration tools from today on. Nobody wants or has time to manually configure all these switches like in the old days.
The Nexus 9000 series switches are ready to achieve this with many on-the-box features like automation with PoAP, REST CALL with NXAPI and the “unix-way of management”. This, to program and configure the network / fabric.
Read more

Cisco 3850 LAN Base license slow throughput

I was working on a installation and configuration of a C3850 switch with LAN base license.
What is in the name with LAN Base license…  As we all know from previous licenses (like 3750-X licenses), there is no routing available but… there is basic routing functionality available in the LAN base license for C3850 switches!
There are some limitations for routing with LAN base license though:

  • Maximum of 15 static routes
  • no routing protocols, only static routing

During the test phase of our implementation, we encountered performance issues:

  • File transfers inside VLAN’s: no issues
  • Inter-VLAN file transfers: slow throughput with a maximum of ~10Mb/s

Read more

IP helper with ACL on SVI

Just another short post about IP helpers:
It took me last week a few minutes to figure out why my new configured IP helpers were not working.
The starting config was like:

interface Vlan6
 description Voice VLAN
 ip address 192.168.1.251 255.255.255.0
 ip access-group Voice in
 ip helper-address 192.168.15.1
 ip helper-address 192.168.15.3
 no ip redirects
 no ip unreachables
 standby 6 ip 192.168.1.254
 standby 6 timers 1 2
 standby 6 priority 110
 standby 6 preempt
ip access-list extended Voice
 permit ip host 192.168.1.9 192.168.254.0 0.0.0.255
 permit ip host 192.168.1.2 192.168.254.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 192.168.15.0 0.0.0.255
 permit ip any host 224.0.0.2

Read more

Etherchannel – suspended port state

I’ve seen a few suspended ports in etherchannels lately. Not everyone is familiar with this port status. So let’s take a minute to talk about this:
There is one important rule when configuring etherchannels: All interfaces in the etherchannel need the same speed and duplex settings, trunking encapsulation (dot1q/isl) or the same access VLAN in case of an access port, same STP cost and last but not least: no etherchannel port can be configured in a monitor session (SPAN port).
Read more

IP helper

We all are familiar with the IP helper command to allow DHCP requests (broadcast) passthrough a router to get as a unicast packet to a DHCP server. Pretty easy and simple.. But the IP helper can do more!
When there is a network with multiple vlans and you need the use the good old “net send” command from Windows computers on all computers on all the VLAN’s, you have to configure the IP helper.
Read more

Frame-Relay Traffic Shaping

Frame-Relay Traffic Shaping (FRTS) can be hard to understand.
Traffic shaping vs policing
The most important difference between these two is the fact that shaping is designed to delay excess traffic, whereas policing drops the excess traffic.
Shaping uses credits. Before a packet can be sent, the amount of credits equaling the packet size in bits have to be available. Policing is not designed to guarantee bandwidth, it’s designed to limit bandwidth.
Terminology:
Read more

Private VLANs

Private VLAN configuration could be tricky:
A Private VLAN environment consist of a few VLANs:

  • Primary VLAN
  • Secondary VLAN
    • Community VLAN
    • Isolated VLAN

Every Secondary VLAN will be associated to a primary VLAN. Every primary VLAN can exist of multiple community VLANs but only 1 isolated VLAN.
Read more

Storm-control and unicast-flooding

When a broadcast storm occurs, even with STP enabled, there is another option to protect your network from broadcast flooding. This method is called storm-control. The technics of this protocol are simple:
Stom control configuration is based on a per-port bases and storm control can be enabled for broadcasts, unicasts and/or multicasts. When configuring stormcontrol, you have to specify the rising and falling values: the rising value is the value on which an action should occur (rate-limit the traffic to this value, err-disable this port or send a SNMP trap). The rising value is the value on which the action will be undone.
Read more

Spanning-tree

My first day of study: it’s a spanning-tree day! Most of the information is a fresh-up from the CCNP course, but still very usefull to know. Below a summary of some key-parts of spanning-tree, rapid-spanning-tree and mst.   
Spanning-tree bridge ID format   
The “old” version of spanning-tree, also known as 802.1d, uses the following bridge ID format:   
   
The priority is a 2 bytes (16 bits) field with all possible values between 0 and 65535. The MAC address is used as a tiebraker.   
Read more