Spanning-tree Requirements for Cisco ISSU
I had a great conversation with a coworker regarding the requirements for the In-Service Software Upgrade (ISSU) feature on Cisco switches. For this post, I’m using Nexus 5548UP switches as a distribution layer to my Cisco UCS environment, and at the core is sitting a pair of Catalyst 6500s, set up in a VSS pair. For those unfamiliar with ISSU, it is a way for Cisco devices to upgrade their running firmware without the need for a disruptive reboot of the device, which is what has traditionally been used for upgrades to IOS, NX-OS, etc.Spanning-tree Requirements for Cisco ISSU
I had a great conversation with a coworker regarding the requirements for the In-Service Software Upgrade (ISSU) feature on Cisco switches. For this post, I’m using Nexus 5548UP switches as a distribution layer to my Cisco UCS environment, and at the core is sitting a pair of Catalyst 6500s, set up in a VSS pair. For those unfamiliar with ISSU, it is a way for Cisco devices to upgrade their running firmware without the need for a disruptive reboot of the device, which is what has traditionally been used for upgrades to IOS, NX-OS, etc.Book list
It is time I’ll place the list online, so with no farther delays and in the order of importance: 1 Routing TCP/IP, Volume 1 (2nd Edition) - By far, the most important book you must read. ...And remember, if you are using Private VLANs or plan to, make sure you visit my Private VLAN appliance site.When NTP access-control needs ACL for 127.127.7.1?
The very simple answer is when the local NTP master controller is synching to the IP address 127.127.7.1 instead of 127.127.1.1. Ok, I think I need to clarify few things. In a number of CCIE workbooks, you’ll get a task to configure NTP access-control on the master NTP router to only peer with R1. After trying for a long time, you lookup the solution guide and realize that you were missing an ACL entry for the local address 127.127.7.1. Or you finished the task, everything works, you check the solution guide and ask yourself “why did they have an ACL for the IP address 127.127.7.1? I did it without it and it worked.”
This is something that I found to be very frustrating and without any information on the web. After doing some of my own research, it appears Cisco made few changes that are not very clearly documented.
To give you an example, R4 is the NTP master and R6 (150.1.6.6) is the NTP peer.
R4#sh run | i ntp | access-list
ntp master 4
ntp access-group peer 1
access-list 1 permit 150.1. Continue reading
The Pros/Cons of Public DNS
I strongly believe that every route/switch engineer, even highly experienced ones, should have at least a fundamental understanding of DNS architectures and best practices. More importantly, it should be understood how DNS is being used in today’s service providers and enterprises. DNS is one of those services that has been applied to many different use cases, such as a form of load balancing, or even an additional layer of security.The Pros/Cons of Public DNS
I strongly believe that every route/switch engineer, even highly experienced ones, should have at least a fundamental understanding of DNS architectures and best practices. More importantly, it should be understood how DNS is being used in today’s service providers and enterprises. DNS is one of those services that has been applied to many different use cases, such as a form of load balancing, or even an additional layer of security.ESXi 5 on Cisco UCS – No Local Disks Showing Up
I am installing ESXi 5 on a Cisco UCS B440 M1 blade, and ran into some local disk issues. I used both the stock ESXi 5 image from VMware, as well as the recently released image from Cisco that contains the latest UCS drivers. Same issue on both. The issue was that when I got to the disk selection screen on the ESXi installation, I did not see any disks:ESXi 5 on Cisco UCS – No Local Disks Showing Up
I am installing ESXi 5 on a Cisco UCS B440 M1 blade, and ran into some local disk issues. I used both the stock ESXi 5 image from VMware, as well as the recently released image from Cisco that contains the latest UCS drivers. Same issue on both. The issue was that when I got to the disk selection screen on the ESXi installation, I did not see any disks:ESXi 5 on Cisco UCS – No Local Disks Showing Up
I am installing ESXi 5 on a Cisco UCS B440 M1 blade, and ran into some local disk issues. I used both the stock ESXi 5 image from VMware, as well as the recently released image from Cisco that contains the latest UCS drivers. Same issue on both. The issue was that when I got to the disk selection screen on the ESXi installation, I did not see any disks:My CCIE Journey Begins
I am happy to say that I have officially started putting things together for my CCIE R/S studies. I have been and will continue to be pulled in many different directions, but since my CCNP was completed a few months ago, and I recently passed my VCP exam, I decided that the time was now to begin the long journey ahead. I have a few other certifications in mind, and I will have to carefully weigh how they impact (or preferably do not impact) my CCIE studies, but this journey is important to me personally and professionally, so I’m pulling the trigger.My CCIE Journey Begins
I am happy to say that I have officially started putting things together for my CCIE R/S studies. I have been and will continue to be pulled in many different directions, but since my CCNP was completed a few months ago, and I recently passed my VCP exam, I decided that the time was now to begin the long journey ahead. I have a few other certifications in mind, and I will have to carefully weigh how they impact (or preferably do not impact) my CCIE studies, but this journey is important to me personally and professionally, so I’m pulling the trigger.IPv6 and flows (using nfsen)
This will be about already having nfsen/nfdump configured, and are looking to just make a flow profile to graph IPv6 traffic from your routers. If you are looking to get nfsen iniitially configured, definitely follow their instructions on their site.
Say you have an sFlow capable router like…picking one totally not at random…..a Brocade XMR or MLX(e), and you want some basic flow data, especially IPv6. Depending on how many routers you are going to collect flow data from, will determine how beefy of a machine you will need. I know that at $lastjob, it was a hefty CPU (and definitely more than 1), tons of RAM, and hardware RAID. Right now, I’m using dual quad-core Xeon, tons of RAM and a small hardware RAID, but this machine serves many purposes. Right now I’m also only polling 4 MLX routers.
Go ahead and access your nfsen website, and on the Profiles pulldown, select “New Profile …”. In the creation dialog, give the profile whatever title you like; I went with the generic title of “IPv6″. If you want to add it to a group or make one for it, do as you please. I left that alone so I’d Continue reading
Thoughts on vXLAN and Cisco 1000v
I know vXLAN has been around for a year now, but because of the reviews it got from the community immediately upon announcement, I decided to let it mature as an idea before I got involved. Here are some of my thoughts after attending a vXLAN session by Cisco at VMworld 2012. vXLAN really just solves one problem. Most virtual infrastructures depend on L2 connectivity. vMotion is a good example of this.Thoughts on vXLAN and Cisco 1000v
I know vXLAN has been around for a year now, but because of the reviews it got from the community immediately upon announcement, I decided to let it mature as an idea before I got involved. Here are some of my thoughts after attending a vXLAN session by Cisco at VMworld 2012. vXLAN really just solves one problem. Most virtual infrastructures depend on L2 connectivity. vMotion is a good example of this.What’s New in vSphere 5.1 Networking
I attended the VMworld 2012 session that covered the new features in vSphere 5.1 with regards to networking. Many features were rolled out to both VDS and the standard switch, and other features just had improved functionality. First off, apparently it’s now VDS, not vDS. This announcement came hours after the announcement that VXLAN was being changed to vXLAN. Um…okay, I guess? Anyways - The speaker pointed out at the beginning that a big change was that many of these features were being rolled out to both the standard and distributed switches.What’s New in vSphere 5.1 Networking
I attended the VMworld 2012 session that covered the new features in vSphere 5.1 with regards to networking. Many features were rolled out to both VDS and the standard switch, and other features just had improved functionality. First off, apparently it’s now VDS, not vDS. This announcement came hours after the announcement that VXLAN was being changed to vXLAN. Um…okay, I guess? Anyways - The speaker pointed out at the beginning that a big change was that many of these features were being rolled out to both the standard and distributed switches.What the fex is a FEX anyways?
This is a quick, high level rundown of Cisco's various fabric extender technologies and where each fits into the data center.
Junos Load Balancing – PART 3 – Troubleshooting
Troubleshooting Load-balancing is quite complex. Working on an operational team, I often need to know on which interface a given stream (IP or MPLS) will get out... Cisco IOX provides several cli commands to quickly compute and display the result of a...Junos Load Balancing – PART 3 – Troubleshooting
Troubleshooting Load-balancing is quite complex. Working on an operational team, I often need to know on which interface a given stream (IP or MPLS) will get out... Cisco IOX provides several cli commands to quickly compute and display the result of a...OSPF Area Range – Active vs Passive Advertisment
I was troubleshooting an OSPF area range summarization and came upon something I haven’t seen before called Passive Advertisement. There weren’t too many Cisco documents that explained it so I decided to post a really quick description explaining it in little detail and where you could see it . This could be useful for the CCIE troubleshooting section, when dealing with OSPF area summarization problems.
I will use R3 to demonstrate. This router is connected to area 0 and area 1 which makes it the only ABR connecting the two areas. R3 should be sending a summary route 4.4.0.0/16 for the two component routes 4.4.4.0/24 and 4.4.5.0/24. Looks pretty simple. To verify, I check the output of show ip ospf to make sure the area 0 range 4.4.0.0 255.255.0.0 command is configured:
R3#sh ip ospf
Routing Process "ospf 1" with ID 10.3.3.3
Start time: 00:00:23.404, Time elapsed: 00:01:06.080
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
It is an area border and autonomous system boundary router
Redistributing External Routes from,
rip
Router is Continue reading