Weird NX-OS stuff



Some weird NX-OS stuff!

For enabling 'FEX' feature on the Nexus 7K switches, following steps are required:

config t
vdc Production
install feature-set fex
feature-set fex

Wonder why FEX cannot be enabled by entering feature fex or feature-set fex on the switch. 

When you do a 'show feature', FEX shows up as disabled. On a 'show feature-set', FEX shows up as enabled.


After configuring an interface as a fex-fabric mode, 


Cisco developed two commands on NX-OS to do the same thing. Define a hostname for the switch. 'switchname' and 'hostname'. 


No feedback really required here. Boring post. I could just delete it. Naah I'll keep it. Peace m/.


Nexus 7000 vPC configuration



vPC configuration on a pair of NX7K switches

For a pair of Nexus 7009 switches running NX-OS 6.0(4), configuring vPC (virtual Port Channel) was an easy breezy task. In a few minutes and less than 15 commands, the two switches stood up as a vPC pair. There are 3 non default VDCs and each VDC has its own vPC domain, vpc peer-links and vpc peer-keepalive links. Cisco recommends each VDC has its own unique vPC domain ID. The port-channel ID need not be unique across the VDCs. Also, vPC will not work if port-channel members are interfaces allocated to separate VDCs. 

On the CLI, switch to the non default VDC.

Each feature needs to be enabled on individual VDCs. Simply enabling it on the admin VDC does not propagate the features to the non default VDCs. For vPC, we need link aggregation control protocol for port-channel load-balancing (LACP) and the vPC feature.

feature lacp
feature vpc

The two switches need to exchange heartbeats to maintain a vPC role over the vPC keep alive links. Cisco recommends this traffic must be isolated to a VRF. If we do not specify a VRF for the keep alive link, by default Continue reading

VPN-IPSEC

Its been a while but I am going to try to post weekly.

Here is a sample configuration for IPSEC VPN between in 2 routers.
Note: 172.16.1.X/32 are loopback interfaces.








R1
Define IKE Phase 1 Policy (ISAKMP)
(config)#crytpo isakmp policy 10
(config-isakmp)#encryption aes 256
(config-isakmp)#authentication pre-share
(config-isakmp)#hash sha
(config-isakmp)#group 2

Define pre-shared key
(config)#crypto isakmp key 0 $pass@word$ address 192.168.1.2

Define IKE Phase 2 Policy (IPSEC)
(config)#crypto ipsec transform-set TRANS-R1-R2 esp-aes 256 esp-sha-hmac

Create ACL to match interesting traffic
(config)#access-list 150 permit ip 172.16.1.1 0.0.0.0 172.16.1.2 0.0.0.0

Create Crypto Map
(config)#crypto map VPN-MAP-R1-R2 10 ipsec-isakmp
(config-crypto-map)#set peer 192.168.1.2
(config-crypto-map)#set transform-set TRANS-R1-R2
(config-crypto-map)#match address 150

Apply Cypto Map to Interface
(config)#interface fas0
(config-if)#crypto map VPN-MAP-R1-R2

Create a route
(config)#ip route 172.16.1.2 255.255.255.255 fas0

R2
Define IKE Phase 1 Policy (ISAKMP)
(config)#crytpo isakmp policy 10
(config-isakmp)#encryption aes 256
(config-isakmp)#authentication pre-share
(config-isakmp)#hash sha
(config-isakmp)#group 2

Define pre-shared key
(config)#crypto isakmp kep 0 $pass@word$ address 192.168.1.1

Define IKE Phase 2 Policy (IPSEC)
(config)#crypto ipsec transform-set TRANS-R1-R2 esp-aes 256 esp-sha-hmac

Create ACL to match interesting Continue reading

IPv6 Next-Hop Best Practices

The concept of a link-local address is new to some, seeing as the term is not widely talked about in IPv4 circles, despite the fact that some folks see them daily. In IPv4, the range 169.254.1.0 through 169.254.254.255 has been reserved for this purpose. You may see this in the “ipconfig” output of a windows host that failed to pull a DHCP address. In IPv6, fe80::/10 is reserved for this purpose, though link-local addresses are always configured with a fe80::/64 prefix.

IPv6 Next-Hop Best Practices

The concept of a link-local address is new to some, seeing as the term is not widely talked about in IPv4 circles, despite the fact that some folks see them daily. In IPv4, the range 169.254.1.0 through 169.254.254.255 has been reserved for this purpose. You may see this in the “ipconfig” output of a windows host that failed to pull a DHCP address. In IPv6, fe80::/10 is reserved for this purpose, though link-local addresses are always configured with a fe80::/64 prefix.

Surprised by Spam

I attended my first in person meeting of the ISOC Advisory Council this last week — I’m a newly minted co-chair, and already haven’t been participating as much as I should (just like I don’t blog here as much as I should, a situation I’m undertaking to resolve!). We had a long discussion on the […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White has scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, nibbled and noodled at a lot of networks, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, and his author page on Amazon.

The post Surprised by Spam appeared first on Packet Pushers Podcast and was written by Russ White.

IPv6 Host Networking and Insomnia

I’ve been running IPv6 on my home network for a while. The solution in place has evolved over time, from terminating tunnels to a linux VM using gogo6 all the way to front-ending with a Cisco ISR using Hurricane Electric, the goal has always been the same - to practice what I preach. Running IPv6 at home and REFUSING to turn it off when problems arise is one of the best ways to learn the protocol.

IPv6 Host Networking and Insomnia

I’ve been running IPv6 on my home network for a while. The solution in place has evolved over time, from terminating tunnels to a linux VM using gogo6 all the way to front-ending with a Cisco ISR using Hurricane Electric, the goal has always been the same - to practice what I preach. Running IPv6 at home and REFUSING to turn it off when problems arise is one of the best ways to learn the protocol.

Juniper PTX3000 – thin is in…

Juniper just launched the PTX3000, which has some nice features – such as being small enough to be installed by one technician, and pushing 0.5Gbps per cubic inch.  The thing is, we still can’t work out who is going to buy these things…

Anywhoo, here’s the info on the Juniper website, with a nice side-view so you can marvel at its 10 inches:

http://www.juniper.net/us/en/dm/ptx-3000/?utm_source=promo&utm_medium=home_page&utm_content=carousel&utm_campaign=ptx3000


Six Things About F5 BIGIP v11 iApps

F5 Networks’ Local Traffic Manager (LTM) is my load balancer – okay, Application Delivery Controller, if you insist – of choice. The LTM platform is as feature-rich and well-supported as they come, with all sorts of customizability as well as the iRule scripting language (a superset of TCL) that lets you do fancy transaction manipulation. […]

Author information

Ethan Banks

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks

The post Six Things About F5 BIGIP v11 iApps appeared first on Packet Pushers Podcast and was written by Ethan Banks.

Packet Design Acquired by Private Equity Firm; Appoints New CEO

Leader in IP Network Route Analytics Receives Cash Infusion to Accelerate Growth

SANTA CLARA, CA — March 19, 2013 — Packet Design, the leading provider of IP network route analytics software announced today that it has been acquired by Lone Rock Technology Group, an Austin-based private equity firm specializing in enterprise software. S3 Ventures, an early stage venture firm with a focus on information technology and also based in Austin, joins Lone Rock as a major investor in the company. With the deal, Packet Design announced it has appointed Scott Sherwood, a network and systems management industry veteran, as its new CEO. 

Since it was founded in 2003, Packet Design has pioneered the complex science of route analytics. Its patented technology provides unique visibility into routing and traffic behavior across the entire cloud. Network managers at hundreds of the largest service providers, mobile operators, cable and broadband providers, enterprises and government agencies spanning five continents rely on the intelligence Packet Design provides to optimize the performance and control of their networks. 

“We believe Packet Design’s technology, world-class talent, and marquee customers position it extremely well in a market growing over 12% CAGR, and we are excited by the Continue reading

My Tools for Studying

Anyway, I thought it would be neat to document the tools I'm using today. It'll be interesting to read this in a couple of years to see how things have changed again and maybe it'll give a fellow cert-chaser some ideas for today.

A Contest of Protocols: EIGRP or OSPF?

Ah, the age old question that nearly every CCNA and CCNP candidate asks of themselves and others at some point. We see a minimum of 4 routing protocols in our networking studies, more if you decide to take on the Service Provider track. What makes one routing protocol better than another? I think it’s clear why (at least mostly) these particular two protocols are different, keeping in mind that one is distance vector (yes, distance vector, not hybrid distance vector) and the other is link state.

A Contest of Protocols: EIGRP or OSPF?

Ah, the age old question that nearly every CCNA and CCNP candidate asks of themselves and others at some point. We see a minimum of 4 routing protocols in our networking studies, more if you decide to take on the Service Provider track. What makes one routing protocol better than another? I think it’s clear why (at least mostly) these particular two protocols are different, keeping in mind that one is distance vector (yes, distance vector, not hybrid distance vector) and the other is link state.

Packet Design’s Route Explorer Integrated with Juniper Networks Junosphere Lab

SANTA CLARA, Calif., October 4, 2011 – Packet Design has integrated its Route Explorer route analytics solution with the Juniper Networks® Junosphere™ Lab cloud-based service, giving Juniper customers a way to visualize and analyze complex Layer 3 routed networks created in the Junosphere virtual environment.

Route Explorer provides real-time, network-wide Layer 3 visibility across an enterprise or service provider's IP/MPLS/VPN network, delivering an intuitive graphical view of control plane operation, including IP forwarding paths, RSVP-TE tunnels and Layer 3 VPN services. Integration with Junosphere will allow users to see a real-time topology map of their virtual network, monitor routing changes, perform in-depth analyses, including the ability to rewind network event history, and graphically depict what-if scenarios for failure analysis or to understand the impact of changes before they are deployed. Route Explorer functionality is provided free of charge to Junosphere Lab users.

Judy Beningson, vice president and general manager, Virtual Junos Business Unit at Juniper Networks , said, “We are excited to expand our partnership with Packet Design, and to bring Route Explorer’s powerful network visualization and analysis capabilities to Junosphere Lab users. Route Explorer will give users of our ground-breaking cloud-based service additional flexibility, allowing our customers to Continue reading

Broadview Networks Deploys Packet Design’s VPN Explorer to Manage Converged Services Network

IP Routing and MPLS VPN Visibility Increases Network Operations Efficiency, Reduces Mean-Time-to-Repair

SANTA CLARA, Calif., December 20, 2010 – Broadview Networks, a business communications service provider, has deployed VPN Explorer, an IP/MPLS VPN routing analysis solution from Packet Design, Inc. Broadview will use VPN Explorer to manage their IP network, which provides business customers with VoIP, Internet, VPN and MPLS-enabled data communications.

Broadview Networks installed VPN Explorer earlier this year to monitor its large router network, which runs the Open Shortest Path First (OSPF), Border Gateway Protocol (BGP) and Multi-Protocol BGP (MP-BGP) MPLS VPN routing protocols. VPN Explorer uses a technology known as ‘route analytics’ that lets the company's network engineering staff look at otherwise hidden aspects of routing behavior – undetectable by conventional SNMP-based management tools – and understand its impact on network reliability, redundancy, and customer service delivery.

George Carey, managing director of ISP Operations for Broadview Networks, said the need for more visibility into IP and MPLS VPN routing has increased with the growth of Broadview’s service portfolio and the expansion of the network. “Our IP backbone network has grown to support many diverse services, including more than 50,000 OfficeSuite™ hosted IP phone stations, SIP trunking, Continue reading

Quiz #10 &#8211 OSPF on CE-PE links

Company ABC has multiple offices interconnected via an MPLS provider and each office runs OSPF with a separate Area number.
In one of the offices, there is an internal router that uses VRFs. You notice that some routes are not learned. Why ?

Show 140 – Introduction OpenStack and Quantum Projects

OpenStack is progressively developing into a product that networking needs to be a part of. One way to describe OpenStack is to say it’s an API for infrastructure. OpenStack is a combination of open source plus a significant number of hardware vendors who see contributions to OpenStack as a way of growing or maintaining their own markets and customers.

Customers want OpenStack as an alternative to VMware or other commercial software - not all applications and service need to have expensive software licenses and maintenance. We need to be able to build a core of functional services that can deliver services.

In the future, it seems likely that OpenStack Quantum API will be important. We discuss Open Vswitch and how it’s changing from being a “switch” to including routing, firewall and load balancing features. If you don’t like that, you could consider using Quantum API as a way to consume load balancers from your preferred vendor - the API exists to simplify the consumption of network resources.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working Continue reading