Ansible Hints

Ansible works against multiple systems in your infrastructure at the same time. It does this by selecting portions of systems listed in Ansible’s inventory, which defaults to being saved in the location /etc/ansible/hosts. You can specify a different inventory file using the -i <path> option on the command line. To ingore RSA key fingerprint concerns: Setting the environment variable ANSIBLE_HOST_KEY_CHECKING to False. Put it in an ansible.cfg file, either set that globally (at system or user level, in /etc/ansible/ansible.

Continue reading

Nexus 5k FC Storage

将5k类具有UP功能的NEXUS变成FC口的方法如下: 将E1/45-48变成FC口,此命令执行完需要重启! slot 1 port 45-48 type fc 定义VSAN,和接口指定为ACCESS的VSAN号 vsan database vsan 1000 vsan 1000 interface fc1/48 定义VSAN的VLAN vlan 1000 fcoe vsan 1000 name fcoe_test 定义FC口为F口,因为对面连接FI,FI的VHBA对外是一个开启NPV功能的FC交换机,而5K是FI和STORAGE间的中转,所以需要5K开启NPIV来帮助解答NPV数据,在这种关系中,5k对外的口是F,FI上的口是NP。 interface fc1/48 switchport mode F FEATURE FCOE如果不开启,重启后的NEXUS就看不到新配的FC口,配置文件都在,只是看不到口,需要FCOE license。 5596Top(config)# feature fcoe FC license checked out successfully fc_plugin extracted successfully FC plugin loaded successfully FCoE manager enabled successfully FC enabled on all modules successfully Enabled FCoE QoS policies successfully 如果一切正常就会在5K上看到UCS上的vhba: 5596Top(config)# sh flogi database fc1/48 1000 0xd20040 20:30:8c:60:4f:5b:2b:80 23:e8:8c:60:4f:5b:2b:81 fc1/48 1000 0xd20041 20:00:00:25:b5:ff:06:8f 20:00:00:25:b5:ff:02:8f fc1/48 1000 0xd20042 20:00:00:25:b5:ff:06:9f 20:00:00:25:b5:ff:02:9f fc1/48 1000 0xd20043 20:00:00:25:b5:ff:06:6f 20:00:00:25:b5:ff:02:6f fc1/48 1000 0xd20044 20:00:00:25:b5:ff:06:4f 20:00:00:25:b5:ff:02:4f fc1/48 1000 0xd20045 20:00:00:25:b5:ff:06:7f 20:00:00:25:b5:ff:02:7f fc1/48 1000 0xd20046 20:00:00:25:b5:ff:06:5f 20:00:00:25:b5:ff:02:5f fc1/48 1000 0xd20047 20:00:00:25:b5:ff:06:2f 20:00:00:25:b5:ff:02:2f fc1/48 1000 0xd20048 20:00:00:25:b5:ff:06:3f 20:00:00:25:b5:ff:02:3f

Continue reading

The initial series of line cards launched by Cisco for Nexus 7k series switches were M1 and F1. M1 series line cards are basically used for all major layer 3 operations like MPLS, routing etc, however, the F1 series line cards are basically layer 2 cards and used for for FEX, Fabric Path, FCoE etc. If there is only F1 card in your chassis, then you cannot achieve layer 3 routing.

Continue reading

VSM 总结

version 4.2(1)SV2(2.2)

svs switch edition essential

no feature telnet

feature lacp

banner motd #Nexus 1000v Switch#

ip domain-lookup

ip host Nexus1000v 10.10.1.101

hostname Nexus1000v

errdisable recovery cause failed-port-state

vem 3

host id 2fb52500-0000-0000-0000-000000000004

vem 4

host id 2fb52500-0000-0000-0000-000000000003

vem 5

host id 2fb52500-0000-0000-0000-000000000002

vem 6

host id 2fb52500-0000-0000-0000-000000000001

Continue reading

OSPF Over VPC

如果OSPF使用下图这种两个VPC Peer Link Group相连(TOP一组,BTM一组),就不能以VLAN Int为OSPF宣告口(各NEXUS都有此VLAN Int),必须单独引一条纯3层的线路用于OSPF。否则会造成卡在Exstart/DR无限循环的问题。     如果OSPF宣告口只是同过VPC PEER就能学到,就不存在问题。

Continue reading

Nexus OTV

OTV (Overlay Transport Virtualization) 是一种借助3层传输2层协议的技术,用于在NEUXS之间传递本地2层信息,让远端设备认为自己是在想2层对象传输信息。 Internal Interface:本地2层接口 OTV Join Interface:用于交换3层信息,建立邻接关系的纯3层接口(可以是独立接口也可以是Port Channel) Overlay Interface:在邻接接口之上的逻辑链路,2层信息在此传输 根据OTV VDC的位置,可以分为stick和inline两种。stick是OTV自己没有直接去往CE的三层链路,需要通过连接Aggregation VDC,从那里路由出去;inline是OTV自己有三层链路去往CE,所有数据通过OTV三层出去。一般来说STICK会好一些,因为它不论是在冗余还是布局以及以后规划中都有优势,INLINE的问题是所有数据都从它走容易给OTV VDC造成压力,同时还造成三层路由管理上比较复杂,不容易统一管理。 当OTV和AGG VDC相连涉及到F1卡的时候,记住OTV中无论三层还是二层都要用M卡,不可以用F卡,因为OTV需要M卡进行编码。即OTV中二层M卡,AGG中二层F卡。如果是MULTICAST MODE,那么HOST和PIM路由器间的第一跳接口都需要IGMP V3,之后其他路由器之间可以不用IGMP V3。因为只有OTV只需要IGMP JOIN,HOST连入路由器之后JOIN就结束了。OTV VDC本身不需要开启PIM,无论STICK还是INLINE,因为它扮演的角色只是PIM中的一台HOST,只有上家路由器的所有参与MULTICAST的端口才需要开启PIM,以及设定RP。默认SSM DATA GROUP RANGE是232.0.0.0/8。ip pim ssm range 可以改变这个值。因为/8 RANGE很大,只有GROUP RANGE超出这个范围才需要改。OTV Control Group只要不是在这个范围内就可以,OTV会把IGMP V3 JOIN信息发到这个地址。OTV DATA GROUP应该是在232.0.0.0/8内的,例如232.1.2.3/24。IGMP开启时邻接关系建立的方法: 默认一般的广播流量都会被禁止,当然也可以手动指定允许某些特定MAC的广播。 Authoritative edge device (AED)是用来代表本SITE和其他SITE进行会话的EDGE,这样可以防止因为同时是同多个EDGE造成LOOP。当有两台EDGE在同一个SITE中时,默认高SYSTEM ID的EDGE负责基数VLAN,低SYS ID负责偶数VLAN。 Site-Adjacency:OTV EDGE面向本地VLAN设备方向的邻接设备,同一个SITE中的所有EDGE应该具有相同的ID,类似VPC; Overlay-Adjacency:OTV EDGE面向远端邻接的OTV EDGE设备; 强烈建议过滤FHRP信息,因为如果OTV上可以随意交流FHRP,会造成站点A的信息影响站点B,比如HSRP10在A用来,B上就不能用。 otv site-identifier 0001.0001.0001 vlan 999 name OTV_Site_Vlanotv site-vlan 999 interface Overlay0 otv join-interface Ethernet3/1 otv control-group 239.1.1.1 otv data-group 232.

Continue reading

Nexus vPC

Building a vPC Domain: Guidelines and RestrictionsTo build a vPC domain, use the following configuration guidelines: ● You must enable feature vPC (conf t; feature vpc) before you can start configuring a vPC domain. ● You must configure peer-keepalive link before peer-link in order for vPC system to come up.● You must configure both vPC peer devices; the configuration is not sent from one device to the other. ● To configure double-sided vPC topology, you must assign a unique vPC domain ID for each respective vPC layer.

Continue reading

Nexus FEX

Nexus 7009是在Nexus 7010后出的小型轻量化Nexus核心交换机,和7010的主要区别是体积小,使用左右风冷(7010是前后通风),只有9个Slot。 7009, 7010, 7018 7000系列核心交换机作为6500的继任者,可以外接多达32个Fex 2000系列 Fabric extender,Fex2232有32口,Fex2248有48口,每个Fex上的口都是G口,通过4个10G口上连7000核心交换机 7010使用2个Supervisor Module(Active/Standby,Cli控制模块),8个I/O模块。

Continue reading

Author's picture

LuLU

Love coding and new technologies

Cloud Solution Consultant

Canada