Professional Documents
Culture Documents
Network Reqs Nexis and Mcent v2.8
Network Reqs Nexis and Mcent v2.8
MediaCentral
Eur-Ing David Shephard CEng MIET CCDP® CCNP® CCIP®
Consulting Cloud Network Engineer
MON 24 MAY 2021 – V2.8
Abstract
This NETREQS V2 document outlines the fundamental requirements for Avid NEXIS solutions with MediaCentral, and
initially was a slimmed down version of NETREQS V1 for Avid ISIS and Interplay, but has grown with subsequent
revisions. It is intended to provide a summary of many documents and site experience. The document sets out minimum
requirements where such direction is not explicitly documented, but experience from existing installations is applicable. The
document content may be updated in line with product S/W and H/W releases or when other content is added not in direct
relation to a recent software release. Externally available URLs will be provided where possible. Some forward-looking
content exists which may not occur as expected.
This NETREQS document can be shared with customers and used for SoW content.
Version 2 is primarily a reformatting exercise in a later version of word (from Word 2003
original) and also features some significant reorganization of content with some legacy
content moving to appendices.
Content removal
This new Version 2.x document dispenses with the majority of V1.x document content
related to ISIS and Interplay, which will remain available but NETREQS V1.X will not be
updated beyond V1.23. Some content will be migrated from the old V1.x document, but
hopefully the document size will reduce by at least 50%
Branding Changes.
This document was first issued as V1.0, 04 July 2007, during that time the products have
evolved significantly in nature and name, and the document has grown with them.
While many of the product names have changed, in some cases the product has not or there is
a logical evolution and in some cases a product revolution. While the headline document
name may change the old content will remain, where possible, and applicable or be marked
as Legacy content.
Table of Contents
Abstract ..................................................................................................................................... 1
Content removal ....................................................................................................................... 2
Branding Changes.................................................................................................................... 2
Additional Contributors .................................................................................................................. 7
Recent Revision history .................................................................................................................. 7
RECENT UPDATE 2.8 .................................................................................................................. 8
1.0 AVID NEXIS REQUIREMENTS .................................................................................... 9
1.0.1 NEXIS and Latency ............................................................................................................... 9
1.0.2 Switch Suitability status ....................................................................................................... 12
1.0.3 Zones - an evolved definition............................................................................................... 12
1.1 Qualified Switches for Avid NEXIS ........................................................................................ 13
1.1. Issues to be aware of with Dell S4100 Series Switches ......................................................... 15
1.1.2 Dell S4100 Series Switches Model Variants ....................................................................... 16
1.2 Approved Switches for Avid NEXIS ....................................................................................... 16
1.3 Architecturally Capable Network switches ............................................................................ 17
1.3.0 Known Cisco Issues impacting Avid Storage solutions....................................................... 20
1.3.1 Partially Tested Switches ..................................................................................................... 22
1.4 LEGACY Switches for Avid NEXIS ....................................................................................... 25
1.4.4 Using Force10 S60 with NEXIS .......................................................................................... 25
1.4.3 Using Force10 S25N with NEXIS ....................................................................................... 25
1.5 Transceivers and cables ............................................................................................................ 26
1.5.1 40G QSA or Breakout cables NEXIS .................................................................................. 26
1.5.2 Breakout cables NEXIS and NEXUS 93180 ....................................................................... 26
1.5.3 Breakout cables NEXIS and DELL S4048 .......................................................................... 27
1.5.4 Avid supplied 40G Transceivers and NEXIS ...................................................................... 27
1.5.5 3rd Party Transceivers and Switch Vendors ......................................................................... 28
1.5.6 Gigabit Media Converters .................................................................................................... 29
1.6 Switch combinations for E5 NEXIS and Big 40G deployments............................................ 29
1.6.1 1U Switch Families .............................................................................................................. 30
1.6.2 Chassis Based Switch Families ............................................................................................ 33
1.7 Cisco Catalyst Switches ............................................................................................................ 35
1.7.1 Catalyst 9000 - A series ...................................................................................................... 35
1.7.2 Catalyst 9000 - B series ....................................................................................................... 36
1.7.3 Catalyst 9000 - B series – USING SOFTMAX ONLY ....................................................... 38
1.8 Network Interface Cards .......................................................................................................... 39
1.8.1 Single-mode vs. Multi-mode................................................................................................ 39
1.8.2 USB-C NIC Information ...................................................................................................... 39
1.8.3 NICs in a VM environment – applies to bare metal too....................................................... 40
1.8.4 10GBASET Transceivers..................................................................................................... 42
1.8.5 I350-T2 NIC Eol – Replaced by I350T2V2......................................................................... 44
1.9 Airspeed 5500 (3rd GENERATION) network connection ..................................................... 44
1.10 NAT/PAT Incompatibility...................................................................................................... 45
1.10.1 Kubernetes – the “core” of the “network” problem with MCCUX ................................... 46
1.10.2 MCCUX “Kubernetes” – NO LONGER USING MULTICAST ...................................... 47
Table of Figures
Network Requirements for ISIS 7000 and Interplay PAM and MAM. This document is
available from:
http://avid.force.com/pkb/articles/en_US/Compatibility/en244197
Additional Contributors
Anthony Tanner
V2.7
27JAN2021 ADD 1.1.1 Issues to be aware of with Dell S4100 Series Switches
UPDATE 1.10.1 Kubernetes – the “core” of the “network” problem with MCCUX
191 pages ADD 1.7.3 Catalyst 9000 - B series – USING SOFTMAX ONLY
UPDATE 1.8.3 NICs in a VM environment – applies to bare metal too
ADD 4.6.4.1 LINUX TEAMING
UPDATE B.20.2.2 – Field Knowledge NEXUS & Multicast PART 2UPDATE
B.25 Serial connection alternatives to DB9 using USB (FIELD-TIP)
ADD B25.1. Use the management network on NEXUS switches & remote
connection
ADD B.36.6 DEPLOYMENT CONSIDERTATIONS with MEDIA CENTRAL
CLOUD UX
ADD B.46.1 DELL 0S10 IGMP SNOOPING
ADD B.50 Flow control with AVID Nexis storage – is it needed?
ADD B.51 Flow control in Cisco NEXUS switches with AVID Nexis storage
ADD B.52 Flow control in Dell S4048 switches with AVID Nexis storage
ADD B.53 Mellanox ConnectX-3 adapter firmware version in NEXIS
ADD B.54 DELL S4100 OS10 vs. OS9 LACP and VLT commands
V2.8
24 MAY 2021 ADD 1.1.2 Dell S4100 Series Switches Model Variants
UPDATE 1.3.0 Known Cisco Issues impacting Avid Storage solutions
222 pages ADD 1.3.1.5 Cisco Nexus 93180YC-FX3
ADD 1.5.6 Gigabit Media Converters
UPDATE 1.8.3 NICs in a VM environment – applies to bare metal too
UPDATE 1.6.1 1U Switch Families
UPDATE 1.10.1 Kubernetes – the “core” of the “network” problem with MCCUX
(added paragraph at end.)
ADD 1.10.2 MCCUX “Kubernetes” – NO LONGER USING MULTICAST
MINOR UPDATE B.20 Multicast Propagation Does Not Work in the same VLAN
in Catalyst and NEXUS Switches
ADD 2.5.2 ARISTA - PROVEN DEPLOYMENTS WITH NEXIS
UPDATE B.20.2.1 – Field Knowledge NEXUS & Multicast PART 1
UPDATE B.36.2 TEXT of COMMANDS for LACP
SIMILAR UPDATE B.36.4 LACP TEAMING CONCLUSIONS
SIMILAR UPDATE B.49 LACP for NEXIS clients – is it supported?
UPDATE B.36 (.0) LINUX TEAM CONFIGURATION FOR TEAMED
ADAPTERS
ADD B.36.7 CHECKING/DEBUGGING LACP BOND CONNECTION
STATUS in LINUX
ADD B.55 CISCO SWITCH HARDWARE BEACONS
ADD B.56 DELL N32224 FIRST SETUP
ADD B.57 DELL N3024 N2024 DEFAULT INTERFACE COMMANDS
ADD B.58 DELL N3024 N2024 PASSWORD RECOVERY
*Given that the speed of light constant in a vacuum, 'c' is exactly 299,792,458 meters per second, the
figure of 1 millisecond per 300km might be an accurate estimate for the purpose of latency calculation
over distance
However, propagation speed in media is significantly lower than c, for glass roughly 1/2 - 2/3 of light
speed in vacuum, depending on the refraction index of the media, so a figure of 1 millisecond per
200km is more appropriate.
Hence a round trip time (RTT) of 1 ms per 100KM is a working figure is applied to longer distances, but
this does not consider delays encountered by network equipment such optical/electrical translation and
networks switches.
Jitter or the variation in latency is also a factor, but tends to have less of an impact than
latency, 1mS of jitter added to 1mS of latency = 2mS of latency and the performance of the
client will suffer. However, the usability of the application is dependent upon the nature of
For 1G client it was necessary to change the autotuninglevel from the default setting of
DISABLED (after NEXIS client install)
C:\Windows\system32> netsh int tcp set global autotuninglevel=
disabled | highlyrestricted | restricted | normal
For a MAC client the setting is likely to be handled more intelligently by the operating
system.
For a 10G windows client the impact was more significant and this currently under
investigation
FPING was used to measure latency as this is accurate to 0.1ms and the
extra granularity is required because the default window ping is only
accurate to 1mS.
http://www.kwakkelflap.com/fping.html ( URL MAY NO LONGER
WORK IN 2018/9)
ALTERNATIVE URL's
https://github.com/dexit/fping-windows
(works MARCH 2020)
http://blog.perceptus.ca/2017/11/10/fping-windows-download-the-last-version/
(works MARCH 2020)
I have also added a ZIP file with FPING-300 to my Vanilla Configs V0.4
(APR 2019)
Generally Dark fibre vs DWDM, is largely irrelevant, and much depends on whether ISP
used true optical multiplexers or electro/optical transponders, and also consider that both
types may be used at different parts of the network, optical multiplexers should operate at the
speed of light, but electro/optical transponders will add latency, typically 15-100us according
the article below. Also consider that Some ISP services promoted as dark fibre are not, so
check the fine print of any SLA and product offering. Hence, budget we should budget for
0.1ms (combining both directions) at each termination point.
https://www.telcocloudbridge.com/blog/what-your-dwdm-vendor-did-not-tell-you-about-
latency-for-data-center-interconnect/
The table below offers some guidance, but is not an “irrevocable source”, it has been derived
from different testing engagements with customer specific workflows.
The real time nature of editing high bandwidth video in a collaborative environment means
that tolerance for delay and jitter is small. The table below shows that 5ms RTT is the
maximum latency, which should be considered acceptable.
10ms Particularly noticeable delay in scrubbing, Maybe useable for low bandwidth
1s delay from pressing play to material workflows
playing, may not be suitable for editors Unsuitable for non-real time high
bandwidth workflows
20ms NOT TESTED UNSUITABLE
50ms NOT TESTED NOT USEABLE
Based on the tests performed to determine maximum fibre optic distances, up to 5ms is an
acceptable latency, depending on the workflow and codec; this translates to a distance of a
connection of approx. 1000-1500km* where it would be acceptable to the operator.
*Given that the speed of light constant in a vacuum, 'c' is exactly 299,792,458 meters per second, the
figure of 1 millisecond per 300km might be an accurate estimate for the purpose of latency calculation
over distance
However, propagation speed in media is significantly lower than c, for glass roughly 1/2 - 2/3 of light
speed in vacuum, depending on the refraction index of the media, so a figure of 1 millisecond per
200km is more appropriate.
Hence a round trip time (RTT) of 1 ms per 100KM is a working figure is applied to longer distances but
this does not consider delays encountered by network equipment such optical/electrical translation and
networks switches.
Jitter or the variation in latency is also a factor, but tends to have less of an impact than
latency, 5mS of jitter added to 5mS of latency = 10mS of latency and the performance of the
client will suffer. However, the usability of the application is dependent upon the nature of
the application, for example an Interplay Production Browse client being used to review
material will be affected much less by latency than a Media Composer client actively editing.
Qualified
We sell it or will sell it soon, and it should be tested by Avid with every Major S/W version
Dell S4048, Dell N30xx, Cisco C4500X
Approved
It was tested at a point in time, probably as customer funded testing
It was subjected to and passed vendor performed simulation testing
Configuration files available on request from “similar projects”
Architecturally capable
It was subjected to and passed vendor performed simulation testing
http://avid.force.com/pkb/articles/en_US/Compatibility/Avid-NEXIS-Network-Switch-
Infrastructure
The following switches work with the Avid NEXIS | PRO, Avid NEXIS | E2, Avid NEXIS |
E4, and the System Director Appliance. The switches are listed in no particular order.
Note: The cisco N93180-YC-EX has distance limitation for 25G interfaces
(compared to published standards) which are addressed by the newer 93180YC-
FX, because it uses a pre-standard Forward Error Correction implementation (FC-
FEC)
See:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_Cisco_ACI_and_For
ward_Error_Correction.html#id_50152
And
https://supportforums.cisco.com/t5/application-centric/25g-ethernet-consortium-and-or-ieee-
standard/td-p/3182146
For 25 Gbps over 2M (5m typo correction) copper and for 25 Gbps multimode or
single mode the forward error correction mechanism is required because of the
high-speed transport of the packages over the cables.
The published IEEE standard chose for RS-FEC (Reed Solomon" or "Clause 91)
as Forward Error Correction mechanism which is used in the FX series 93000
Nexus switches. The ASIC design in the EX series uses FC-FEC ("FireCode" or
"BASE-R" or "Clause 74") because it was designed before the final IEEE
standards were defined.
The ASIC of the 93180YC-EX is designed before the 25G standard was
completed, the design of the ASIC of the 93180YC-FX is after the 25G standard.
For 25 Gbps over 5 metres copper and for 25 Gbps multimode or single mode the
forward error correction mechanism is required because of the high-speed
transport of the packages over the cables. In the standard is chosen for RS-FEC as
eventually error-correction mechanism.
When the ASIC of the – EX Nexus were produced, this choice for RS-FEC was
not yet known and there is just no RS-FEC in the ASIC but less powerful FC FEC
that allows: the-EX-Nexus up to 3 meters over copper and up to 10 meters with
active optical cable, SFP28-25G-SR not LR are not supported on Nexus 9300-EX
switches.
When the ASIC of the – FX Nexus were produced, the choice for RS-FEC was a
standard and therefore RS-FEC is in this ASIC: so, these FX Nexus can handle all
distances.
So, if you need more than 3 metres on the 93180YC-EX do use the AOC cables:
as you can see in the matrix you can with AOC up to 10 meters on the – EX:
This 25G distance limitation does not apply to the N9K-X97160-EX-LC line card
used in the NEXUS 9500 chassis.
Cisco Catalyst 4948E (END OF LIFE OCT 2017) effective replacement for AVID is Nexus
9348GC-FXP and not Catalyst 3850 as in URL below:
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4900-series-
switches/eos-eol-notice-c51-738116.html
Cisco Nexus 9372 PX/PXE/TX/TXE ( announced end of sale 01 MAY 18 Last day to order
is 30 OCT 2018, replacement switch is Nexus 93180 but this is not listed in the EOL notice)
at URL https://www.cisco.com/c/en/us/products/collateral/switches/nexus-9000-series-
switches/eos-eol-notice-c51-740713.html
https://www.cisco.com/c/en/us/support/switches/nexus-9372px-switch/model.html
This sub section describes some know issues with Dell Switches that impact Avid
deployments and may also provide remedial information. Other vendors are addressed in
other sections of this document.
See session 1.1.1 regarding know VLT-LACP to HOST in OS10.5.2.2 that will affect NEXIS
and possibly ESXi, and likely to affect other platform operating systems/devices too.
As this is a dynamic situation Dell release notes should be consulted for status.
They all use the same chipset so there is no appreciable difference in the capability of each
model in regard to operation with NEXIS and/or MediaCentral. It is possible that other model
variants may be added in time.
Cisco Nexus 5672 and Nexus 2248TPE FEX – Deployed Q1 2017 Europe
Any Cisco NEXUS 56xx parent switch with:
Nexus 2248TPE FEX, Nexus 2348 UPQ FEX, 2348 TQ/TQE FEX, 2232 TQ
FEX
NETREQS-NEW_for_NEXIS_and_MediaCentral_V2.8.docx Page 16 of 222
NETGEAR XS712T - for small NEXIS PRO solutions
https://www.cisco.com/c/dam/en/us/td/docs/Website/datacenter/fexmatrix/fexmatrix.html
In NOV 2017, Avid has decided to create a new “standard level” of Architecturally Capable,
in addition to Qualified and Approved, the URL below provides further information.
http://avid.force.com/pkb/articles/en_US/Compatibility/Avid-NEXIS-Network-Switch-
Infrastructure
• Qualified:
o Fully qualified for a broad range of applications. Qualified switches are
typically part of the Avid engineering and test labs and part of ongoing testing.
(Qualified switches are listed in the Avid NEXIS Network and Switch Guide
for your release version.)
• Approved:
o Approved for deployment as detailed in the Avid ISIS / NEXIS & Media
Central Network Requirements Document. (Approved switches are typically
tested at a customer site as part of a specific commissioning engagement.
Approved switches are listed in the Avid NEXIS Network and Switch Guide
for your release version.)
• Architecturally Capable:
o Architecturally Capable switches have been stress tested by the switch vendor
in coordination with Avid and subject to an Avid specific test plan (see below
for details). This Knowledge Base article is the only source of information for
architecturally capable switches with Avid NEXIS.
Architecturally Capable Switches (as at MAY 2021) Check URL Above for updates
Arista 2
7020TR-48 48x100/1000Mb and 6 SFP+
Networks
7020SR-24C2 24x10G and 2 QSFP100 3
7020SR-32C2 32x10G and 2 QSFP100
7050SX2 2
7050TX2
NOTE this BUG has since been found in later versions Nexus version S/W
version of NXOS version 7.0(3)I7(6) should be used with AVID ISIS
application, AVID NEXIS should not be impacted, but tis cannot be ruled
out.
This applies to all Nexus 93108, 93180, 9500 chassis-based switches using
2nd generation or 3rd generation hardware (I.E using the N9K-C95xx-FM-E
Fabric card.) should use this software.
Nexus 93000 FX series products should use a minimum Nexus version S/W
version of NXOS version 7.0(3)I7(6). (MAR 2019)
RELEASE NOTES:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-
x/release/notes/70376_nxos_rn.html?referring_site=RE&pos=2&page=https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-
x/release/notes/70377_nxos_rn.html
This has affected one deployment (Q2/20) that a using and unusually high
number of QSA instead of optical breakout.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-
x/release/notes/70378_nxos_rn.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/release/
notes/cisco-nexus-9000-nxos-release-notes-933.html
Not forgetting the “original” killer bugs CSCue96534 and CSCuj73571 – for Cisco Catalyst
4xxx in 2013/
The C2960X drop packets, and this was somewhat expected, but it has shown itself to be
capable of handling relatively high loads of NEXIS data. It must be state however that this
test used only 10 workstations, but those workstations were drawing a much higher load than
in normal workflows.
Dependent on the working video resolution that may well exceed normal operational
requirements these values suggest the C2960X, with two 10G uplinks is capable of
supporting AVID NEXIS video traffic for 1G clients connecting to 10G E4 engines (the
result for 40G connecting Engine could be quite different, even though there would be
buffering stages in between at the 40G to 10G transition.
The interface discard counters were monitored and also the interfaces statistics, which are
reported over the default 300 second/5 minute period. As can be seen below the discard
%age is approx. 0.02%
This switch should not be considered and approved switch, for use with NEXIS based on this
testing mini-test. However, based on this mini-test it is consider “acceptable deployment” but
without a commitment to explicitly support by Avid.
Note: This switch uses the 3rd generation Nexus 9000 chipset and has been
successfully field tested with ISIS 7500 (in March 2018) by a forward-
thinking customer using a small number of clients running AVCI-100
video resolution it was necessary to upgrade the switch to NXOS S/W
version of 7.0(3)I7(3) (FEB 2018). Earlier version supplied on the switch
did not operate correctly with ISIS 7500.
This applies to all Nexus 93108, 93180, 9500 chassis-based switches using
2nd generation or 3rd generation hardware (I.E using the N9K-C95xx-FM-E
Fabric card.) should use this software.
Nexus 93000 FX series products should use a minimum Nexus version S/W
version of nxos version 7.0(3)I7(6). (MAR 2019)
RELEASE NOTES:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-
x/release/notes/70376_nxos_rn.html?referring_site=RE&pos=2&page=https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-
x/release/notes/70377_nxos_rn.html
nxos.7.0.3.I7.6.bin
The Cisco Nexus 93180YC-FX3 launched Q1 2021 is an evolution of the Cisco Nexus
93180YC-FX (QUALIFIED MAY 2018) and has a very similar buffering. At the time of
writing this section (MAY 2021) there is no intention by Avid to test this device, as it is not
deemed necessary.
The FX3 variant is an evolution of the existing FX switch platform, with additional features
like FEX mode along with a few more not important of minimal relevance to Avid dataflows,
like Telecom PTP, and some telemetry features. Buffer is exactly the same as for FX, single
slice with 40MB of shared buffer.
However, this Platform required NXOS 10.x and at the time of writing (MAY 2020) Avid
has zero experience with this version.
From A FEX operation perspective this platform should exceed the capability of previously
tested FEX platforms, and NXOS 10 is required.
Late 2015 the S60 network switch became End of Sale. There appears to be no direct
replacement for the S60N that had very large buffers of 1.25 GB. As this is a legacy switch
there are no plans for Avid to test it. Avid does not explicitly support this switch with
NEXIS. However, it is considered architecturally suitable for any workflow. Generally, any
switch that was capable of supporting ISIS 5x00 data flows should be capable of supporting
NEXIS data flows. The limited quantity of 10G ports on this switch suggests it will only be
used on smaller NEXIS systems only or as a cascaded access switch from a higher capability
core switch.
In 2015 the S25N network switch became End of Sale. There direct replacement being the
Dell N3024. The S25N has small buffers (unlike the S60), just 2MB, and this is arranged as
1MB per 12 port group. Avid does not explicitly support this switch with NEXIS. Generally,
any switch that was capable of supporting ISIS 5x00 data flows should be capable of
supporting NEXIS data flows, however this switch is unlikely to be able to support
aggressive workflows, but is expect to be able to support limited workflows (i.e. 50Mbit/s
data rate) and/or client quantity.
Note that the S25N has TX and RX crossed on the RJ45 connector. For the Dell F10-S25 I
have used a RJ45 cat 5e coupler and a standard “twisted” Ethernet cable, as my “get out of
jail” solution to fit on the end of my Cisco rolled cable. Imperfect but seems to work.
I have successfully used a Cisco QSA adapter with a NEXUS 5648 while doing some ISIS
7500 testing.
The QSFP breakout cables is not something I have used myself, and the Cisco data sheet is
POOR
http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/transceiver-
modules/data_sheet_c78-660083.html
Apparently there is not a 40G to 10G x4 “empty” SFP+ option, that can be used in
conjunction with an SFP+ into of your choice (i.e. SR or LR etc.) Hence you would have to
use the
This gives the equivalent of four TWINAX cables that could be connected to NEXIS, so you
still get 40G worth of throughput. Avid has not tested this cable, but it should present exactly
the same as a single 10G TWINAX that Avid have tested.
Short answer: NOT TESTED but should be fine. This is all standards-based connections.
Long answer:
There are so many cable/transceiver/breakout variations, Avid will NEVER tested them all,
and probably only one or two!! Even Cisco has challenges with its new
The Nexus 93180 EX family all use the same chip inside. (Principle described below apply
equally to FX models)
The model variants have different external presentation. It is all based around a chip that has
100G ports that can present as 100G, or 2x50G or 4x25G or 1 x 40G or 4 x10G or…. with
So, the 10/25G SFP ports are just a (backend) 100G port externally (physically) presented at
four independent ports, to which one can connect and SFP+ or SFP28 or 10G TWINAX or
25G TWINAX (or AOC cables…. But that is another can of worms that Avid does not test
because the Mellanox CX3 NIC in NEXIS does not officially support AOC). Hence, a single
path TWINAX presents and SFP “style” connection the same a 4x10G TWINAX from
“single” 100G ports. It is just with breakout cable there is additional configuration necessary
versus a “hard port”.
To go to my favourite car metaphors: Same car…….. different style doors, some with tinted
windows some without.
Also never forget the 1/10G ports on a 93108TC-EX are just as fast capable as a 10G SFP+
port on the N93180YC-EX, it is just the distance options that differ based on transceiver
selection.
None of these are sold by Avid so must have been provide externally, in which case the
reseller should asked their supplier of the DELL switch.
Or you could use TWINAX, originally the was no Long Range option but that changed in SEP
2017 (from a Mellanox perspective) with the MC2210511-LR4 being supported in the NIC
when the later firmware Rev 2.42.5000 ( SEP 2017) or later is deployed in the controller.
The first is that this particular challenge has NO constant naming of this 40G connectivity
option between vendors, unlike other well defined 40GBASE standards like SR4 and LR4.
All apparently the same thing. Standards are a wonderful thing but sometimes the vendors
just add to the confusopoly for their own purposes. The other thing about the Cisco part and
again there appears to be a lack of commonality I expect that this applies to the others is that
the Cisco “extended” range devices also support 4x10G breakout while the standard version
do not, but for Mellanox it seems to be the opposite.
Apparently “standard” SR4 can interconnect with “extended” SR within the limits of
“standard” SR4, but I can only find ONE article to support that:
https://community.cisco.com/t5/other-data-center-subjects/interconnect-qsfp-40g-sr4-with-
qsfp-40g-csr4/td-p/3219528.
Another vendor has confirmed (APR 2020) that SR4E has a more powerful laser and a higher
power class, and that it can communicate with the lower power SR4 (100m, Short Range)
device within the capabilities of the lower power device.
Nexus 9k and Nexus 3k (and later version of Nexus 7K) don't have enforced ban of 3rd party
transceivers, when you plug in a 3rd party transceiver system (e.g. a different vendor
TWINAX cable) will display syslog that transceivers is not supported, but will allow port to
function correctly providing the cable/transceivers is in line with IEEE standard. Some other
Nexus switches need additional commands to service the unsupported transceiver (web
search will provide as it may not be "polite" to share this here).
Hence using a Mellanox cable from a Mellanox NIC to a Cisco Nexus 9000 switch will work,
but you may well get some benign "advisory/complaining" log entries in the switch.
Media converters are pretty basic devices, usually layer 1, so not much “invention” going
on….a bit like wheel and tyres, they are round and will (probably) always be round. Some
folk used to think there was a performance impact for these devices, but generally they just
work… there is no buffering to consider, light pulses go in and electrical pulse come out and
vice versa of course (no rocket science here)
https://www.tp-link.com/uk/business-networking/accessory/mc220l/
• Streep price EUR/USD 30, SFP transceiver extra
There are many other suitable vendors such as Black Box or Startec, they all do the same
simple job, as with many “things Ethernet” they are all made in the same group of factories
by OEM suppliers and given different paintjobs and branding.
The explicitly approved switches generally have limitation on the 40G ports, which limits the
size of E5 based solutions with full resilience.
Many switch vendors use the same merchant silicon, and product families of a single vendor
may share common silicon and hence buffering capability amongst 1U/2U products and
chassis-based products.
If 40G and 10G variants of 1U products can be stacked it might be possible to stack different
models from the same family subject to vendor OS capability/limitations.
The list below is not exhaustively tested or possibly explicitly supported and is provided for
information purposes only:
For Avid NEXIS storage is it the edge buffering toward the NEXIS clients that need the most
buffering.
Cisco Nexus 9332PQ for 40G with N9372 (also Avid approved) for 10/1G (all same
Broadcom Trident 2 chipset 12+ 25MB buffer in ALE chip)
Arista 7050QX for 40G and 7050SX/TX for 1/10G (all same Broadcom Trident 2 chipset)
(we have done “some tests”)
Cisco Nexus 93180YC-EX (1/10/25 & 40/100) 93108TC-EX, (1/10 & 40/100) and 93180LC
(25/40/50/100) all have same (Home-grown Cisco) chip, LSE "40MB" is 18.7MB per slice
and used 2 Slices.
Arista 7280 QR for 40G and 7280 SR/TR for 1/10G (all same Broadcom Jericho chipset with
4GB buffers, not tested -yet– but VERY capable)
As this is Nexis, also for 1G edge consider the Arista 7010T which is same chipset
(Broadcom Helix) as Dell N3048
The HPE FlexFabric 5930 uses same Broadcom Trident 2 chipset (and the 5900 was Trident
+ [like the F10-S4810] which would also be acceptable, but this is now considered a legacy
switch)
The HPE Altoline 6900 Switch uses Broadcom Helix and provides 48G 4XG 2QSFP
These alternative switches may not have been tested by Avid, and may not explicitly
supported by Avid, hence no guarantee of operation can be assumed. However, one
might consider the likelihood of successful operation with NEXIS clients, using one of these
products to be high. Many of the switches below could be used a Core or Edge in large
systems. Some switches categorized as “edge” could be use as the Core in small non-40G
systems.
The table below both summarizes and extends this information given above This is not an
exhaustive list as the product families are continually changing and evolving with newer
generations both merchant silicon and custom silicon. Some of then may already exist in
proven deployments.
As can be seen many of the newer devices now listed in Section 1.6.1.1 exceed the
capabilities of the switches mentioned at the beginning of section 1.6.1 (from Original V2.0
DEC 2017 release of this document). To use a car analogy (something I am well known for),
don’t get corralled into the thinking that a newer 3.0L Engine cannot do what an older 2.0L
engine could do……... of course, a modern 2.0L fuel injected engine can do twice what and
older carburettor based 3.0L could, but that is just another example of how technology
marches on and moves the goal posts too, and that is before we talk about electric cars (oops I
better stop now!). You always have to understand the machine, and not be dazzled by the
brochure.
There is also a deep buffer variant of the NEXUS 9500 family which is designated
9500R. This has not been teste with NEXIS but should be amply capable. However,
this deep buffer variant unexpectedly failed a test with ISIS 7x00 in 2018 probably
due to a firmware bug in conjunction with the high fragmented UDP payload used by
ISIS 7x00, which should not impact NEXIS which use a TCP Payload.
With the default settings, both of these models dropped packets with a dual 10G source (both
staggered and non-staggered), and a single 10G sources. The default setting does not allow
sufficient buffer depth for the packet stream from storage engine to NLE Client.
Applying a new single class of QoS profile with a deeper buffer configuration allowed the
simulated packet stream testing to be successful for a limited number of clients, in specific
port groups, during the simulated test, but this has not been tested with NEXIS clients.
Switch(config)#int ra te1/0/1-24
Switch(config-if-range)#service-policy output All
The C9300-24UX and the C9500-40X with 1G client ports and two 10G source ports could
support up to 8 clients in the simulated test emulating two 512KB chunks, and not using the
ports sequentially (this maximizes the capability of the architecture and is more akin to the
statistical spread of port usage during normal operations). This test used 24 Active receiver
ports. This is probably a good indication of the ability to support 16 x dual-stream NLE with
a 50Mbit/s codec. This would likely double with a 48 port device which has additional ASICs
and hence additional buffering.
With a lower active port count of 16 the C9500-40X, with 1G client ports and two 10G
source ports could support up to 16 clients in the simulated test emulating two 512KB
However, the C9500X is really not targeted as device for 1G client connection, which is
really the target market for the C9300.
It should be noted at the time of writing (JAN2018 updated MAR 2019) this device has not
been tested directly with NEXIS storage and NLE clients. It is recommended not to deploy
this for use with NEXIS storage and NEXIS clients.
C9300-24UB
C9300-48UB
C9300-24UXB
Following Vendor testing in 2019 this product has been marked as Architecturally Capable in
JAN 2020.
As with all use of Architecturally Capable products deployed. Of course, this is not carte
blanche, for Vendor or Customers, there is still a lot of work to do, and lessons to learn. The
risks remain with the customer and Vendor for solution using this product until a funded
approval is done with Avid professional services, also a funded approval may only get
limited approval depending on the workflows and deployment scenario.
It is necessary to modify the default buffer configuration which is not deep enough for correct
operation.
This product has double the buffer of the first series of Catalyst 9000, which was found to be
insufficiently capable during simulated testing.
First Generation Cisco Catalyst C9300 series are not considered Architecturally capable.
The command below provides the basic commands and port numbers that should be used. If
using a stacked configuration, the port numbers will have to be modified accordingly.
C9300-24UB
C9300-48UB
Switch(config)#int ra G1/0/1-48
Switch(config-if-range)#service-policy output ALLPORTS !!>> Release Hard MAX
buffers
Switch(config)#int ra T1/1/1-8
Switch(config-if-range)#service-policy output ALLPORTS !!>> Release Hard MAX
buffers
Switch(config)#qos stack-buffer disable
C9300-24UXB
Switch(config)# qos queue-softmax-multiplier 1200
Switch(config)# policy-map ALLPORTS
Switch(config-pmap)# class class-default
Switch(config-pmap-c)# bandwidth percent 100
Switch(config-pmap-c)# queue-buffers ratio 100
Switch(config)#int ra Ten1/0/1-24
Switch(config-if-range)#service-policy output ALLPORTS. !!>> Release Hard
MAX buffers
Switch(config)#int ra T1/1/1-8
Switch(config-if-range)#service-policy output ALLPORTS. !!>> Release Hard
MAX buffers
qos queue-softmax-multiplier 1200
policy-map ALLPORTS
The point to make clear is that SoftMax is the key command to successful buffers depth for
use with NEXIS clients. However, it must also be understood that the impact of this
command in a C9300 stackable device stays withing the stackable device, but in a C9400
chassis-based switch the buffers are more thinly spread as there are a great many more ports,
but there are also 3 ASICS (and hence 6 cores)
Hence it may be feasible to adopt a 3-stage buffer optimization to prevent packet discard
Assuming it is a number of bytes per buffer cell is 256 bytes, that means a UDP 2.0 XL
device has the following buffer depths below.
1.25 INGRESS 1
1.5 HOLDING 0.75
2.75 (MB) 1.75
16 (MB) 8
However, many large data centres are now deploying single mode only to have better
longevity of investment, and “protection” for future technologies. But most ACR in the
media world still used Multi-mode within a building and Single-mode between buildings.
I have not yet seen a native Mono-mode/Single mode 1G optical NIC, and I didn’t
understand why one would be needed, but there are always opportunities to learn. Based on
traditional deployments of Avid storage, the Intel I350F would be the natural choice but is
MMF, and as the URL below indicates it is “Intel inside” so I see no issue
http://www.silicom-usa.com/pr/server-adapters/networking-adapters/gigabit-ethernet-
networking-server-adapters/pe2g2sfpi35-server-adapter/
I thank a customer for bringing this NIC to our attention, and SFP based NIC of this calibre is
a good find. Looking elsewhere of their site they have some really interesting products.
Dell DA-200
Dell DBQBCBC064
Belkin F2CU040
These were tested using read, write, and mixed workflows both with ABU, PATHDIAG, and
Media Composer. As mentioned, there was an intermittent issue, with ABU only, that turned
out to have nothing to do with the adapters. It had to do with the retry logic, in the reporting
back from the benchmark agent to the system running ABU.
With the advent of NEXIS, the “special needs” are largely eliminated both 10G and 1G
clients. The NEXIS platform uses TCP for ALL primary data transport and only a little bit of
fragmented UDP (small fragments) for our “OTT” signalling protocols. So, in A NEXIS
world, most NICS will work fine, but some will be better than others in the performance
stakes. Also, NEXIS clients can survive in with less edge buffering and even a low
percentage of packet discard will not cause frame drop, because we use TCP with FRR
instead of Fragmented UDP as with ISIS 7x00.
Note: To This principle can also be applied to NLE, most Enterprise class
NICs will operate successfully as satisfy most workflows, but some will
perform better than others high demand workflows.
Note: The NIC is of much less importance in NEXIS than ISIS. Some
NICs will always perform better than others depending on platform
specifics, but maximum performance is not the only criterion, good
performance with stability is key. Also consider that virtualization abstracts
the REAL NIC too.
Avid chose Myricom 10G NIC for use with ISIS in 2010 (to replace the L2
only Chelsio card)……. for 2 reasons
1. It worked with ISIS 7x00 (there was no 5x00/2x00 at the time)
2. It had drivers for Windows and MAC. (Linux at the time was not a
consideration).…. Something which Intel 10G NICs did not have, even
though Intel was favoured for 1G operation with ISIS.
In the early 2010s Broadcom improved its NIC offerings for servers
workstations; and in some servers Avid started to use the BCM57800 10G
NIC in some servers as the Interplay engineering and the Storage
engineering started to use different criteria, partly due to the move away
When virtualisation is added to the mix the brand becomes even less
relevant, as the virtual NIC is abstracted from the REAL NIC, the on top of
virtualisation we had varying levels of convergence.
While Myricom 10G NIC was the “default” choice due to the legacy
elements I have explained above, it was never selected because of special
characteristics for Interplay/ MediaCentral applications.
That “historical ability” with 3rd party hardware is largely removed, as we move into a
Virtual machine world (and this could mean Cloud too where there is ZERO ability to specify
specific NIC vendors), the ability to control hardware is massively reduced, plus the adapter
presented is a Virtual NIC anyway, regardless of the real hardware which is being shared
with other VMs, and possibly non-avid applications. Also consider that some of the NICs
recommended by Avid the past when working in “known tin” (e.g. HP DL360 or Dell R630)
do not work well in a virtual environment.
Avid can only test a limited number of variations, and of key products it might sell or those
encountered on extremely large projects, but the silicon at the heart of most NICS are made
by a small number of providers, yes there will always be the specialists and innovators at the
leading edge of technology, but the bulk of NICs come from the few “foundries”. Also, many
of the Server manufactures re-brand (badge-engineer) well known NIC vendors’ products
although use different model numbers for the same basic chipset, but they are not completely
open about such facts unless one goes digging for the specifics.
The primary vendors of Server class NICS should all do a good job for Avid applications that
interfaces with Avid NEXIS storage. The extract from Interplay documentation below
suggest that Qlogic (Broadcom) and Mellanox are acceptable, but some older adapters should
be avoided. This does not mean ALL Intel NICS should be avoided, the X520 is a
particularly old one, and Avid would probably not attempt with the later X710 as this does
not come as standard in the server hardware for VM based solution that we have worked
with.
Network Adapters
The following network adapters are qualified and recommended:
• QLogic 57800, 57810, 578x0 (includes the 57840), QLE3442 (not for
iSCSI), QLE8442
• Mellanox ConnectX 3
The Avid NEXIS 2018.3 README Client is supported with VMWare ESXi v6.0.0 (Update
1) using a VMXNET3 adapter with the Mellanox ConnectX-3 adapter and the Mellanox ESX
OFED Driver version 1.9.10.2 or later.
Also consider that NEXIS controller uses Mellanox ConnectX-3 adapter, so I would not
expect any conflict with Mellanox ConnectX-4, ConnectX-5 (or later series), that you might
find in a server used for Virtual machine hosting.
The goal posts are forever moving, QLogic 57800 was a 10G NIC architecture, but I cannot
fine details of 40G product in this series. But there is QLogic FastLinQ QL4541xHLCU
40GbE Intelligent Ethernet Adapters. But 40G is an aging technology fast being replaced by
25/50/100G products such as there are new adapters from QLogic:
QLogic QL45000 25Gb and 50Gb Flex Ethernet Adapters (QL45214, QL45212 and
QL45262)
and also QLogic FastLinQ QL45611HLCU Single-Port 100G Intelligent Ethernet Adapter
Plus new “names” enter fray, in August 16, 2016 Cavium™ Completed Acquisition of
QLogic.
In April 2021 I was advised of successful deployment of Mellanox ConnectX5 100G NIC is a
Dell VM server hosting virtual Media Composers.
While this section (and Avid) cannot give a “carte blanche” for any NIC vendor to be used,
we can look at product families that have worked well before and consider their evolutions in
a favourable light until there is hard evidence of something that is broken and/or will not
work, that can be documented. If in doubt, contact Avid and we will do our best to at least
provide a judgement call on the suggested devices.
Some possible suppliers are given below (price & quality will vary):
https://www.flexoptix.net/en/
https://portal.prooptix.se/en/sfp/3805-sfp-10g-t-p-cisco-sfp
www.prolabs.com
www.startech.com
www.switchsfp.com
They show up as: type is 10Gbase-SR name is OEM as shown below even though there
are not 10Gbase-SR, but 10GBaseT.
Ethernet1/13
transceiver is present
type is 10Gbase-SR
name is OEM
part number is SFP-10G-SR
revision is 02
serial number is CSSSRI90012
nominal bitrate is 10300 MBit/sec
Link length supported for 50/125um OM2 fiber is 82 m
Link length supported for 62.5/125um fiber is 26 m
Link length supported for 50/125um OM3 fiber is 300 m
cisco id is 3
cisco extended id number is 4
The Intel I350T2 NIC (launch date Q2-2011) has been revised, the replacement is the I350-
T2V2 was launched Q3-2014, but the core controller is still the I350.
https://qdms.intel.com/dm/i.aspx/B3EAA66A-ED91-4822-AE37-
29781EC0930D/PCN113232-01.pdf
Avid tested native 10G interface link (with NEXIS storage, but not the EoL ISIS 7500 or
ISIS 5500) with no issues in both dual link AvidFOS configuration and teaming enabled for
link fault tolerance, below you will find the cable Selection that we are able to support,
additional cables and adaptors are also possible however Avid would be unable to provide
trouble shooting on additional interface modules.
The FCLF8520P2BTL uses the SFP’s RX_LOS pin for link indication, and
1000BASE-X auto-negotiation should be disabled on the host system. The
FCLF8521P2BTL is compatible with 1000BASE-X auto-negotiation, but does not
have a link indication feature (RX_LOS is internally grounded). See AN-2036,
“Frequently Asked Questions Regarding Finisar’s 1000BASE-T SFPs”, for a more
complete explanation on the differences between the two models and details on
applications issues for the products. The FCLF8522 shall support both RX_LOS pin
for link indication and 1000BASE-X auto-negotiation.
A typical price for this device I approximately USD $100 depending on purchased quantity
(at time of writing this section in MAY 2018)
Recent encounters (Q3/2019) with a LINUX VM based solution that tried to do this has
bought this issue to the fore.
The used of NAT/PAT/NPAT has never been supported in any ISIS 7x00/5x00/2x00 solution
that preceded NEXIS.
During installation, it is needed to define a Kubernetes network range which does not
conflict with any other network which provides servers/services which are needed by
CloudUX.
The Kubernetes network range can be defined during the initial/first installation as
part of the “avidctl platform host-setup” step. Changing at a later point is in principle
possible but difficult.
For example, it was not able to fix this particular test system – a new installation was
required.
Hence has the customer chosen 10.x.y.z or 192.168.y.z or any 172.16.y.z (except for
172.19.0.0/16) this problem would not have occurred .
This problem manifested itself in such a way as to “blame” the network path because packets
were getting “dropped,” but it was not the “fault of the network switches. Yes, it is a network
path issue but in the “last metre”, other Windows VMs worked fine. Below are some more
fine details taken from Avid internal systems that adds the necessary “colour” to the
challenge encountered by CS & Engineering in diagnosing the customer issue.
NEXIS Linux client connects to System Director and has functioning file metadata
services, but TCP data transfer to and from the Storage Managers fails. Small reads
and writes (which are piggybacked as “immediates” in the UDP control packets)
succeed correctly.
A log snippet exemplifies the issue. The client commands and successfully makes a
connection on (it thinks) its TCP port 50093, but port translation encapsulated beneath
the NEXIS components causes the actual connection to be made on TCP port 12476.
The client then sends a read request to the server, specifying target port 50093, the
one upon which it had just commanded the connection, but the server cannot find that
(address, port) tuple in its destination table, so it rejects the request with an
FSTATUS_NO_CONNECTION error.
Thankfully 10.254.x.x is a rarely used range, which when used is likely to be for point-to-
point /32 links. Still one to be wary of when “unexplained” problems occur.
FIELD KNOWLEDGE: In Jan 2021 there was an another “incident” resulting in “IP conflicts
and MCCUX Server. A customer was using a 172.17.248.0/22 as their range for their VPN
incoming devices into the Network range 10.61.191.0/24 for MediaCentral. The
MediaCentral Production elements could communicate successfully with the VPN clients, but
the VPN clients could not communicate with MCCUX server. The resolution was to change
the internal IP ranges used within the MCCUX Cocker/Kubernetes environment.
Media Central Cloud UX Server Kubernetes does not use multicast. Keepalived is configured
to use unicast by default (multicast configurations are not supported).
Most designs that work for ISIS 7x00 will work for NEXIS. Some Designs for ISIS 5x00 will
work for NEXIS. Other network designs need to be approved. Avid network consultants have
experience of many successful network deployments, plus they have learned some valuable
lessons from some deployments which encounters a few challenges.
This section provides basic detail on known successful deployments. Some of these products
may not yet have achieved formal approval but might have been tested as part of custom
funded testing.
The designs may not show the precise type of quantity of NEXIS engines, this is deliberate to
decrease the complexity of the drawing.
There some Vanilla Configs available at the same URL as this document. The feature some
Visio diagrams and VPC enabled config files for Nexus 5600 and Nexus 9300, and a VSS
config for C4500X.
These block designs can be used with any of the qualified, approved or architecturally
capable switches in the core and edge combinations. There may be 6 engines not 2 as shown,
there may be 4 edge switches not 2 and shown. Think of the diagrams below as foundational
building blocks, not limited designs.
STORAGE ENGINE
STORAGE ENGINE
LACP
FHRP
RSTP
EDGE SWITCH EDGE SWITCH
Note: HSRP style C4500X implementations deployed for use with ISIS
7x00 offer partial reliance for use with NEXIS, for full resilience with
NEXIS an VSS must be used and this will require downtime to convert
between from HSRP to VSS. Probably better to deploy a new MLAG
capable pair of switches. Avid PS NETWORK CONSULTANCY
RECOMMENDED.
STORAGE ENGINE
LACP
STORAGE ENGINE
MLAG/vPC/VSS
LACP
EDGE SWITCH EDGE SWITCH
STORAGE ENGINE
LACP
STORAGE ENGINE
MLAG/vPC/VSS
LACP
EDGE SWITCH EDGE SWITCH
STORAGE ENGINE
LACP
STORAGE ENGINE
MLAG LACP
LACP
EDGE SWITCH EDGE SWITCH
2.3.1.2 Cisco Nexus 5672 with Nexus 2348UPQ FEX and N2248TPE
This is an approved/deployed design. This solution is similar to the above and hosts both
NEXIS and ISIS 7500. The NEXUS 5672 connects to the ISIS 7500. The subordinate Nexus
Figure 7 – Custom design for NEXIS and ISIS 7500 with Cisco Nexus 5600
APRIL 2018
SERVER EDGE LAYER 2 CORE LAYER 3 CLIENT EDGE LAYER 2
N93180-YC-EX N9500 EX N93180-YC-EX
N9K-C9508-FM-E
N9K-X9736C-EX
The solution performed as expected in terms of supporting the video load with no errors.
Correct operation was observed with ISIS 7500 storage and clients for video and PATHDIAG
Correct operation was observed with ISIS 5500 storage and clients for video and PATHDIAG
Correct operation was observed with NEXIS storage and clients for video and PATHDIAG
This testing was done with a small number of clients and storage engines so does not
represent full load testing, but does reflect operational capability.
N9K-C9508-FM-R
N9K-X9636C-R
The solution performed as expected in terms of supporting the video load with no errors.
Correct operation was NOT OBSERVED with ISIS 7500 storage and clients for video but was
observed for PATHDIAG
Correct operation was observed with ISIS 5500 storage and clients for video and PATHDIAG
Correct operation was observed with NEXIS storage and clients for video and PATHDIAG
This testing was done with a small number of clients and storage engines so does not
represent full load testing, but does reflect operational capability.
Note the QFX5100 is a Trident 2 based device and was only tested as a Layer 2 switch.
The Juniper QFX 5100-48T (also applies to the QFX-5100-48S) as a layer 2 switch is
suitable for use with Avid NEXIS edge clients. By default it will drop packets, but the
NEXIS clients survive this. The buffers can be configured so as not to drop packets, and this
is recommended as the preferred configuration style. This switch was not tested as a layer 3
device with NEXIS storage directly connected, but it is expected that this would perform in a
similar manner as other approved Trident 2 based switches.
The Juniper QFX 5100-48T (also applies to the QFX-5100-48S) as a layer 2 switch is
suitable for use with Avid ISIS 7500 edge clients only when the enhanced buffer
configuration (described elsewhere in this document) are used to prevent packet dropping.
This device was not tested as a layer 3 device with ISIS 7500 storage directly connected, but
it is expected that this would perform in a similar manner as other approved Trident 2 based
switches.
The Juniper QFX 5100-24Q (as a stacked switch) was used to connect the ISIS 7500 engines
at 10G, via 40G-10G breakout, as a layer 2 switch, and is considered suitable for this task.
The edge buffering was not changed from default as the path toward 40G Engines would
normally be oversubscribed, but the deployed of the enhanced buffer command should not
have a detrimental effect. This device was not tested as a layer 3 device with ISIS 7500
storage directly connected, but it is expected that this would perform in a similar manner as
other approved Trident 2 based switches.
2.4.2.1 Juniper QFX-5100 Configuration statements used for setting the egress shared
buffer:
Setting the percentage of available (non-reserved) buffers used for the egress global shared
buffer pool -
#set class-of-service shared-buffer egress percent 100
Configuring the shared buffer for the egress based on the recommended values for unicast
traffic–
#set class-of-service shared-buffer egress buffer-partition lossless percent 5
#set class-of-service shared-buffer egress buffer-partition lossy percent 75
#set class-of-service shared-buffer egress buffer-partition multicast percent 20
The solution performed as expected in terms of supporting the video load with no errors.
Correct operation was observed with ISIS 7500 storage and clients for video and PATHDIAG
Correct operation was observed with ISIS 5500 storage and clients for video and PATHDIAG
Correct operation was observed with NEXIS storage and clients for video and PATHDIAG
This testing was done with a small number of clients and storage engines so does not
represent full load testing, but does reflect operational capability.
It was possible to create packet drop with default settings for buffering with BOTH ISIS 7500
and NEXIS.
It was possible to prevent packet drop with enhanced settings for buffering, with the
limitation of the testing resources. An enhanced buffer setting, as described in section 2.4.2,
should be used for a deployment, with a percentage split between LOSSY/LOSSLESS
suitable for all applications used in the desired deployment.
This testing was done with a small number of clients and storage engines so does not
represent full load testing but does reflect operational capability.
2.5.2.1 SPINE/LEAF
2.5.2.2 MULTITIER
Sometimes the full-on performance of a tightly specified bare metal hardware platform
cannot be matched by a blade server. In this situation, providing the solution still works
sufficiently, the benefits of a lower overall performance may be outweighed by the benefits
of a homogenous solution.
Some virtual machine hardware platforms also can support high performance video adapters
that used to be the domain of workstations, this allows centralize deployment alongside
suitable advance KVM platforms.
The UCS products enable a converged environment where Ethernet, Fiberchannel and ILO
are combined into a single adapter called a VIC, which can provide up to 256 virtual adapters
The Fabric Interconnect solutions are evolutions of Nexus 1U switches, running different s/w
to add new features. Some architectures that were not well suited to deployment ISIS 7500
storage servers and 1G edge clients do not encounter the same challenges when deployed
with 10G VMs and/or NEXIS storage servers.
The integrated FEX/IOM (Fabric Extender /Input Output Module Input) are evolutions of the
1U Nexus 2000 solutions.
• AS3000/Myricom
• R630/QLOGIC 57840
There was also some limited ISIS7x00 tests alongside the ISIS5x00 tests. The short answer is
that the cisco configuration performed as well as the other configurations for a single VM on
the UCS. When additional VMs were added to see if the result would scale, 2 VMs worked
OK, but the write latencies increased when a 3rd VM was added. That said, the test bed was
also hosting VMs for other Interplay development work, so those could have impacted the
linearity of these scalability tests. The customer deployment with ISIS 7500 is in production
without issue.
The FI 6248 platform is based on an enhanced version the Nexus 5548 platform. The FEX
2208 is based on a re-packaged version the Nexus 2248 platform.
This platform combination has not been exhaustively tested by Avid or received any official
sanction. However empirical evidence suggests that it is broadly suitable/field proven when
configured appropriately.
The URL will vary with version, which is currently V2.9 at time of writing this section
(MAR 2017).
http://avid.force.com/pkb/articles/en_US/readme/Avid-MediaCentral-Version-2-9-x-
Documentation
Avid used a Cisco UCS Blade Server as a validation system for the host server and
the vSphere cluster. Avid followed the VMware best practices for setting up the
validation environment.
• ESXi 6 installed on hard drives provided on the UCS blades
• Assigned Enterprise Plus license on all three blades.
The following table lists the technical details of the Cisco UCS 5108 Blade Server
used for VMware validation:
Networking
Cisco UCS VIC 1340 with UCS 2208XP Fabric Extenders and dual UCS 6248UP
Fabric Interconnects (FI)
Connections:
• Eight connections between the Cisco 5108 and the FI’s.
• Four 10GbE connections between the FI’s (as a port channel group) and the
iSCSI VLAN of the parent switch (Dell S4810).
Another major USA broadcaster also have a PoC system that we installed a few months ago
(written MAR 2017) running Interplay PAM and MAM on UCS B200-M4.
The FI 6332 platform is based on a version of the Nexus 9300 Trident 2 based switches
platform (but without the ALE). The FEX 2304 is based on a re-packaged version the Nexus
2348 platform.
This platform combination has not been exhaustively tested by Avid or received any official
sanction. However empirical evidence suggests that it is broadly suitable/field proven when
configured appropriately.
This document is not intended to educate the reader in these areas. There are many tutorials,
blogs and whitepapers which will are better placed to achieve such an objective.
4.1 MPLS
Multi Protocol Label Switching is essentially as a high-speed WAN technology provide by
Internet Service providers, which has been adopted by many companies that present IT
services internally on Service Provider model.
From a simplistic point of view MPLS is an encapsulation technology which add 4 bytes to
the packet for each encapsulation stage, generally there are 2 or 3 stages so a maximum of 12
bytes is added. This does not decrease the original packet MTU as the network path must be
able to cope with this. At the final stage of de-encapsulation, the original packet is sent to the
terminating device.
The new outer bytes allow a predetermined path to be taken with fast routing or switching of
the packet based on its label, rather than traditional hop-by-hop routing which is slower and
more CPU intensive.
For many years (since 2007) several Broadcasters have used MPLS on their campus
deployments, and WAN circuits between regions to Transport ISIS 7x00 and 5x00 traffic and
latterly NEXIS traffic.
This document is not intended to educate the reader in this area. There are many tutorials,
blogs and whitepapers which will are better placed to achieve such an objective.
So, to the principle; instead of sending white light between devices, send red green and blue
separately and triple the capacity, in fact it is all variation of red (dark almost invisible to
humans red),
CWDM is generally 4-16 colours and DWDM is generally 32-96 colours and a lot more
expensive.
The normal MMF (850nm) or SMF (1310nm) transceivers are referred to as “grey”
transceivers (but they are actually red too, as visible Red is 620–750 nm), and extra-long-
range device uses 1550nm.
https://en.wikipedia.org/wiki/Visible_spectrum
https://en.wikipedia.org/wiki/Small_form-factor_pluggable_transceiver
https://en.wikipedia.org/wiki/Wavelength-division_multiplexing
For use with Avid storage solution the best method is to use an electrical multiplexer, or if an
optical multiplexer is deployed, then a transceiver in the Switch is the better solution and not
a transceiver in a NIC, because a transceiver in a NIC servers one device only and also the
Avid supported NICs may not work with “coloured” transceivers.
This document is not intended to educate the reader in this area. There are many tutorials,
blogs and whitepapers which will are better placed to achieve such an objective.
4.4 VXLAN
VXLAN is an L2 overlay over an L3 network, Virtual Extensible LAN (VXLAN) uses
network virtualization overlay to mitigate the scalability problems in large data centers,
which often feature Spine & Leaf designs and quickly reach limitations of convention
VLANS. It is essentially and encapsulation, like MPLS, and borrow many techniques from
MPLS (such as Q-in-Q) but applies them differently.
Each overlay network is known as a VXLAN Segment and identified by a unique 24-bit
segment ID called a VXLAN Network Identifier (VNI).
Only virtual machines on the same VNI are allowed to communicate with each other. But
virtual machines will/may be mobile around the network estate.
VXLAN encapsulation may begin within the VM, at the virtual switch, or for real tin devices
it will begin at the physical switch. Essentially, just like MPLS, the encapsulation is removed
before it gets to the end device so packet should be exactly the same as when they began their
journey.
https://www.youtube.com/watch?v=YNqKDI_bnPM&list=PLDQaRcbiSnqFe6pyaSy-
Hwj8XRFPgZ5h8
https://www.youtube.com/watch?v=YNqKDI_bnPM
Best practice for VXLAN fabrics is adjusting MTU on the network equipment to
accommodate 50bytes overhead. Here is a snippet from a config guide:
With the advent of widespread use Merchant Silicon, in since 2012, I would guess that all the
major vendors offer enterprise class and above equipment is jumbo capable, so there should
be no need for MTU squeeze and hence likely fragmentation of packets. And I expect that
applies equally to vendor custom silicon and hence cloud providers.
The extracts below are from an and email exchange in FEB 2018.
1.VXLAN introduces 50-byte overhead to the original frames. Can this cause a problem with
AVID?
[DS] I am not aware that NEXIS has been explicitly tested in a VXLAN scenario, however
this would not be submitting a VXLAN frame directly to NEXIS, the VXLAN header would
be stripped beforehand at the edge switch just like MPLS. We have sites successfully using
ISIS 7500 with MPLS for many years. If the ability of the network infrastructure to carry the
VXLAN overhead in a mini-jumbo frame exists, and the NEXIS frame is not reduced the
existence of VXLAN should be transparent as with MPLS.
[DS] The NEXIS solution has not been tested in a jumbo frame environment, and a max
MTU of 1500 is what we expect. However, some of the restriction of the ISIS infrastructure
which absolutely made jumbo frames impossible are not part of NEXIS. Nexis still use small
UDP fragments, and this part has not been tested. For TCP, there would be a negotiation of
MSS between the endpoints which would restrict the MTU anyway.
[DS] The NEXIS solution has not been tested in a jumbo frame environment, and a max
MTU of 1500 is what we expect.
[DS] The NEXIS solution has not been tested in a SDN environment. However, our products
are being developed for use in the Azure cloud, which means we lose control of the network
environment, and VXLAN encapsulation is a “given” based on the automated/portable
deployment nature of the virtual machines that are used. SDN is just a control protocol, what
is important for successful operation of Avid applications is low latency and edge buffering.
Nexis clients can survive in with less edge buffering and even a low percentage of packet
discard will not cause frame drop, because we use TCP with FRR instead of Fragmented
UDP as with ISIS 7x00.
See section below in Appendix B - B.20.4 Some other useful Multicast URL & Information
Unfortunately, what some folk refer to as Spine/Leaf deployment could almost be applied to
simple (classical/legacy) C4500X deployments with multiple C4948E edge switches, but true
Spine/Leaf brings a host on new challenges and protocols to address.
Spine/Leaf is likely to have BGP-EVPS and VXLAN encapsulation and off device portability
of virtual machines. How the underlay network deals with the overheads of the overlay
network needs to be better understood. Possibly even throw in SDN as part of the recipe too.
However, if the underlying MTU of 1500 bytes common in the “traditional” network
environment is maintained/preserved and the switches have sufficient edge buffering to
address the needs of the speed transition experiences along the path and from source to
destination, then such a transport path should be transparent to the Avid applications. I have
customer that have been using MPLS with ISIS 7x00 for 10 years without issue. For me
Spine/Leaf means 2-6 spine switches and tens or hundreds of leaves and a data centre
environment with homogenous server hardware. Is the user-edge e.g. for the NLE, within a
campus element of a network deployment another leaf, or is it a separate network with the
appropriate segregation, perhaps via firewall? Avid would need to know a lot more about
any intend deployment to give a anything more than a general answer.
Historically many systems in the file have deployed INTEL NIC teaming with Clients on
Windows 7 and Servers on Windows 2008, but with Windows 10 and Server 2012/2016 the
https://www.intel.co.uk/content/www/uk/en/support/articles/000005667/network-and-i-
o/ethernet-products.html
Adapter teaming with Intel® Advanced Network Services (Intel® ANS) uses an intermediate
driver to group multiple physical ports. You can use teaming to add fault tolerance, load
balancing, and link aggregation features to a group of ports.
https://www.intel.co.uk/content/www/uk/en/support/articles/000021723/network-and-i-
o.html
Enable NIC Teaming in Windows® 10 Using PowerShell*
Last Reviewed: 08-Nov-2017
Article ID: 000021723
Teaming for Avid application is still possible by using multiple NICs and
the “integrated AALB” functionality, and this can be very useful when
additional bandwidth is necessary, but the “next NIC size” is not viable.
• Bandwidth aggregation
This feature has been a requirement for independent hardware vendors (IHVs) to enter the
server network adapter market, but until now NIC Teaming has not been included in
Windows Server operating systems.
For more information about NIC Teaming in Windows Server® 2012, see Windows Server
2012 NIC Teaming User Guide.
https://gallery.technet.microsoft.com/windows-server-2012-nic-bae6d72e
For more information about NIC Teaming in Windows Server® 2012 R2, see Windows
Server 2012 R2 NIC Teaming User Guide.
https://gallery.technet.microsoft.com/windows-server-2012-r2-nic-85aa1318
NIC Team member network adapters must all be installed in the same physical host computer
to be placed in a team.
There are 7 modes of Bonding, and these are explained in more detail in the reference article.
The modes are
layer2 Uses XOR of hardware MAC addresses to generate the hash. This algorithm will place
all traffic to a particular network peer on the same slave.
layer2+3 Uses XOR of hardware MAC addresses and IP addresses to generate the hash. This
algorithm will place all traffic to a particular network peer on the same slave.
layer3+4 This policy uses upper layer protocol information, when available, to generate the
hash. This allows for traffic to a particular network peer to span multiple slaves, although a
single connection will not span multiple slaves.
encap2+3 This policy uses the same formula as layer2+3 but it relies on skb_flow_dissect to
obtain the header fields which might result in the use of inner headers if an encapsulation
protocol is used.
encap3+4 This policy uses the same formula as layer3+4 but it relies on skb_flow_dissect to
obtain the header fields which might result in the use of inner headers if an encapsulation
protocol is used.
The default value is layer2. This option was added in bonding version 2.6.3. In earlier
versions of bonding, this parameter does not exist, and the layer2 policy is the only policy.
The layer2+3 value was added for bonding version 3.2.2.
Source:
https://help.ubuntu.com/community/UbuntuBonding#Descriptions_of_balancing_algorithm_
modes
https://tobyheywood.com/network-bonding-vs-teaming-in-linux/
https://access.redhat.com/documentation/en-
us/red_hat_enterprise_linux/7/html/networking_guide/sec-
comparison_of_network_teaming_to_bonding
https://access.redhat.com/documentation/en-
us/red_hat_enterprise_linux/7/html/networking_guide/sec-
understanding_the_network_teaming_daemon_and_the_runners
The teaming mode is “bonding with active-backup redundancy” which can be best compared
with AFT and SFT modes listed for Windows.
https://www.kernel.org/doc/Documentation/networking/bonding.txt
See article at
https://community.cisco.com/t5/optical-networking/sfp-10g-lr-s-vs-sfp-10g-lr/td-p/2630525
The use of iSCSI is not impacted because it is contained within Ethernet frames.
This make Cisco parts more price competitive because often the lower cost third party
products are Ethernet only and not “Carrier class” and able to support different layer 2
protocols.
Avid does not test its applications in a Jumbo frame enable environment, as at SEP 2019.
Non jumbo frame TCP application can work successfully over a Jumbo frame enabled
environment, because the MSS (and hence MTU) is negotiated before transmission. Hence if
the local MTU of the device is set within the OS to 1500 (as normal) all should be fine.
HOWEVER, UDP applications, especially those that use fragments such as ISIS/NEXIS, can
have issue in a jumbo frame, especially when “helpful” intermediate devices might adjust the
size of fragments (or fully reassemble) based on larger MTU sizes. A prime example of this
is EVS where separate adapter must be used with different MTU settings, although using
jumbo frames fixes a problem which no longer exists at 1/10G but will become apparent
again as we move to 100G+ applications.
VXLAN overlay networks are a prime example of a Jumbo Frame technology which is used
to carry no-jumbo frame messages (to ensure VM portability), and this is common in a
spine/leaf architecture, but with VXLAN the VTPE (VXLAN tunnel Endpoint) is responsible
for local connection at appropriate MTU (which may differ by application).
Regarding NEXIS and jumbo frames, in theory it is capable of accepting Jumbo frames
because the NIC is capable but not configured to do so as shown below.
gx0
Link encap:Ethernet HWaddr e4:1d:2d:4f:4f:80
inet addr:10.42.25.146 Bcast:10.42.25.255 Mask:255.255.255.128
inet6 addr: fe80::e61d:2dff:fe4f:4f80/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:91132536 errors:0 dropped:0 overruns:0 frame:0
TX packets:89538034 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:28596021094 (26.6 GiB) TX bytes:79158572019 (73.7 GiB)
Also see section 4.4 VXLAN to understand how jumbo frames are used in an overlay
network.
4.9 NO specific VPN requirements for use with Thin Client applications
While Avid has not done any testing of vendor specific VPN solutions, it probably does not
need to. The requirement to do testing on network switches has always been about the need
for edge buffering because of speed changes between storage server and FAT clients, this
should not be an issue for VPN, as the speed change has probably already occurs at the edge
NETREQS-NEW_for_NEXIS_and_MediaCentral_V2.8.docx Page 79 of 222
switch in front of the VPN server (unless it is 10G connected), or it happens somewhere in
the path from VPN server egress toward the receiving client where no control is possible.
Also, when using solutions based around the MediaCentral THIN client applications, the hard
work has already been done by the MCS Server and it delivers a low bandwidth TCP stream
toward the receiving client.
There are many different types of VPN, and many different names that get associated with
them, but all do the same basic thing, tunnel, encrypt, authenticate and restrict (firewall). So,
you have IPSEC VPN, SSL VPN, L2TP VPN, INTRANET VPN, EXTRANET VPN,
Dynamic Multipoint VPN, SITE-TO-SITE VPN, GRE VPN, MPLS VPN. Many of these
features overlap or are a mixture of the others.
The URL below from which this next image is taken provide a good explanation of the
various concepts that can be applied in Virtual Private Networks
https://en.wikipedia.org/wiki/Virtual_private_network
http://resources.avid.com/SupportFiles/attach/MediaCentral_Cloud_UX/MCCUX_2017_2_0
_ReadMe.pdf
The following table presents single-user bandwidth guidelines for MediaCentral Cloud UX
playback. The table is provided for guidance, and is not an indication of performance
guarantees.
Item Description
Width aspect ratio. The table assumes an aspect ratio of 16:9.
Quality Refers to the quality setting in the Player set via the UI.
Compatibility Notes and Issues
14
Value Each quality setting has a numeric value. In JPEG
compression literature, these are often thought of as
percentages of original image (e.g. 100% is equivalent to
uncompressed; 1% represents a severely degraded image).
Peak Video with high color variation (e.g. wide shot of a crowd)
Valley Video with low color variation (e.g. half of frame consists of a
clear blue sky)
Typical A wide range of footage (e.g. interiors, exteriors, interviews).
The typical shot tends closer to valley values than peak values.
Audio All bandwidth figures include audio consisting of 44.1 kHz
sample rate x 16-bit/sample x 2 tracks = 1.4 Mbps
This so-site testing was conducted in NOV 2018 for an APAC customer. This section
contains the Executive Summary and some of Conclusions appropriate for this section.
This was done with Media Central Cloud UX Server V2018.9 and the deployment will be
upgrade to 2018.11 before deployment. It is high likely that it is full backward compatible
with earlier version as far back as Media Central Server 2.x. The NIC use for this testing was
Broadcom 57412 2 x 10Gb SFP+ (see section 7.2 for more details)
7.1.1 Primary Objective
The primary objective is to test resilient connections with Media Central Cloud UX Server
which has never been explicitly supported (or even tested) by Avid.
The testing will attempt using Switch Fault tolerant connection mode=1 (Active backup) and
mode=4 (802.3ad) LACP. This will require some config changes on the Switch.
The testing has proven that using two 10G connections as a teamed connection configured
with 802.1ad LACP in conjunction with a switch that supports MLAG (Multi-Chassis Link
Aggregation) provides significant reliability improvements for connection disruption vs a
single connected device. A single “adaptor” is presented to the NEXIS client by the
operating system. The enhanced robustness is a major improvement in reliability.
Active/Standby failover (Switch Fault Tolerant) connections will failover as expected, but
not fail back as expected, hence their suitability for a resilient connection is this workflow is
limited.
This testing with example workflows has proved that teamed connections offer and increased
level of resilience, however, fail-over and fail-back conditions may not be seamless.
First testing with REAL data using a simulated workflow on Media Central Cloud UX clients
showed that a resilient connection using LACP is quite robust to link disconnection.
Remedying a failed link or a failed switch is probably best delayed until a suitable
maintenance window at the end of the day to minimise disruption.
This so-site testing was conducted in NOV 2018 for an APAC customer. This section
contains the Executive Summary and some of Conclusions appropriate for this section.
This was done with Media Central Cloud UX Server V2018.9 and DELL R640 Servers.
7.2.1 Secondary Objective
A secondary objective was to use/test the Broadcom 57400 series adapter (approx. 2017
launch date) which offer 10/25G connectivity. The specification exceeds that of the qualified
(but older approx. 2010 launch date) Broadcom 57810 series I/O card, in several aspects.
This work was not a formal test of the NIC capabilities, but just a quick test to ascertain basic
capability. Insufficient time and resources were available to achieve such a test which would
have been a minimum of one full day in itself.
This I/O card performed well in the Dell R640 server, but extensive performance testing was
not possible due to time and resource limitations.
This card was used for the workflow tests with adapter teaming as described above in section
7.1.
This testing used the plug-in option card with SFP+ connection at 10G.
New PCI-E Broadcom 57412 Dual port Optical cards were purchased and will be used for
testing, there are 3 cards for 3 servers with 6 connections (using teaming).
While the Broadcom 57412 interfaces has not been officially tested by Avid, this is not
considered a problem.
The Broadcom 57400 series is a newer family 57800 series, that is recommend use in
NETREQS-NEW_for_NEXIS_and_MediaCentral_V2.8.docx Page 84 of 222
http://resources.avid.com/SupportFiles/attach/Interplay_Virtualization_Best_Practices.pdf
but Qlogic 57810 (There is a “relationship” between Qlogic and Broadcom)
The Qlogic 57810 uses PCI 2.x and is a 10/40G family (40G as 4 x 10G QUAD port)
https://www.broadcom.com/products/ethernet-connectivity/controllers/bcm57416/
https://lenovopress.com/lp0705.pdf
This uses PCI 3.x and is a 10/25/40/100G product family.
The Broadcom/Qlogic 57810 NIC tested by Avid in a Dell R630 platform as part of Avid
Interplay® | Production Virtual Environment with VMware® Best Practices Guide (DEC
2017) This card used PCIe 2.x Specification to communicates with the host platform. This
card was launched in 2010 and is 10G operation only.
Therefore, a Broadcom 57400 series device should exceed the capability of the older Qlogic
57800 series.
The testing for this project will use Broadcom 57412 series I/O cards in the servers and the
results will be equally valid for Copper or Optical variants.
The I/O card will be connected to Riser 1. I/O card p/n: BCM957412A4120DLPC_08
This is not an exhaustive list of best practices, as these may vary from site to site based on
customer policies and procedures and security requirements.
B.1 Document your configs with DESCRIPTIONS
Use the description command to apply simple description to interfaces and VLANS
such as AIRSPEED, MEDIA INDEXER, INTERPLAY ENGINE
A simple description
conf t
interface g1/1
description AIRSPEED
CISCO
PWDEMO-Cisco4948#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PWDEMO-Cisco4948(config)#int t1/49
PWDEMO-Cisco4948(config-if)#desc CONNECTION TO ISIS VLAN LEFT
PWDEMO-Cisco4948(config-if)#int t1/50
PWDEMO-Cisco4948(config-if)#desc CONNECTION TO ISIS VLAN RIGHT
PWDEMO-Cisco4948(config-if)#exit
PWDEMO-Cisco4948(config)#exit
PWDEMO-Cisco4948#
Looking at these configs I have some concerns, but I am not trying to shoot messenger, and
they might also be a work in progress, in fact I do hope this is not the finished article.
I am a stickler for in-config documentation, and I do not see much here, and what there is, is
sparse. For me in-config documentation is a massive helper when it comes to fault diagnosis.
A well-documented file is like having a torch in a dark tunnel, and logged events ideally to an
external syslog server is a gold-plated bread-crumb trail.
I want to see named VLANs, described Switched Virtual interfaces, accurately described
10G interfaces for ALL devices with port information.
There interface description of Server and clients and uplinks will help with identifying what
SHOULD be connected, versus what MIGHT be connected, versus what is UNLIKLEY or
SHOULD NOT be connected
Now none of these suggestions will make the network run any faster, but it will definitely
reduce your diagnostic time by 90% or more, in 90% or more diagnostic situations. I would
say that is a pretty good investment. And even more important when you ask an external
resource who is unfamiliar with the network and solution as a whole.
FOUNDRY
BigIron(config)# spanning-tree 802-1w
or
BigIron(config)# vlan 10
BigIron(config-vlan-10)# spanning-tree rstp
When costing up links this can be done on a per link basis or on a per VLAN basis across a
given link
PER LINK/INTERFACE
PWDEMO-Cisco4948(config-if)#spanning-tree cost 10
The value of 10 is appropriate when the short method is used spanning-tree path cost. When
using the long method for spanning-tree path cost, a value if 5,000 is appropriate. This value
is chosen so as not to reflect a pre-define value.
ISIS can be described as a Layer 1.5 device, it is half switch, half hub! Hence when ISIS is
connected to two switches and uses a FHRP setup, spanning tree will always need to be
configured to achieve the required operation. Each customer will have slightly different
preferences on which path to block, some will chose to block one of the ports facing ISIS
other will choose the block some (the ISIS) VLANs via the SW-SW link. The option most
suited will depend on which FHRP is deployed and how it is configured and the polices of
the site, so no specific recommendation can be given in this document.
B.2.2 Spanning Cost type
Spanning tree cost can be Long or Short, different value applied as per the links below
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12.1e/command/reference/
S1.html#wp1029022
This command applies to all the spanning tree instances on the switch.
The long path cost calculation method uses all the 32 bits for path cost calculation and yields
values in the range of 1 through 200,000,000.
The short path cost calculation method (16 bits) yields values in the range of 1 through
65,535.
Examples
This example shows how to set the path cost calculation method to long:
This example shows how to set the path cost calculation method to short:
http://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Data_rate_and_STP_path_cost
The table below shows the default cost of an interface for a given data rate.
PWEMO-Cisco4948#conf t
PWDEMO-Cisco4948(config)#spanning-tree vlan [NUM] root primary
PWDEMO-Cisco4948(config)#exit
PWDEMO-Cisco4948#
The command that actually gets entered in to Cisco running config will look like this
FOUNDRY
BigIron(config)#spanning-tree priority 24576
PWEMO-Cisco4948#conf t
PWDEMO-Cisco4948(config)#spanning-tree vlan [NUM] root secondary
PWDEMO-Cisco4948(config)#exit
PWDEMO-Cisco4948#
The command that actually gets entered in to Cisco running config will look like this
spanning-tree priority 28672 but the number will be changed depending on the VLAN
numbers
FOUNDRY
BigIron(config)#spanning-tree priority 28672.
The PORTFAST setting should only be used on ports 1G or 10G that connect clients and
servers
• 10G ports which face ISIS switches should NOT use the portfast setting
• 10G ports which connect to other switches (e.g. 4900M to 4900M inter-switch link,
or 4900M to cascaded 4948) should NOT use the portfast setting
BPDU Guard will administratively shutdown any port which receives BPDUs.
Also consider that when STP BPDU guard disables the port, the port remains in the disabled
state unless the port is enabled manually. You can configure a port to re-enable itself
automatically from the errdisable state. Issue these commands, which set the errdisable-
timeout interval and enable the timeout feature:
Note: The default timeout interval is 300 seconds and, by default, the timeout feature is
disabled.
Note spanning-tree bpduguard can be enabled individually on any interface that is not
protected by PORTFAST
B5.1 Use ROOT GUARD on any interfaces that cascade to other switches
Even though the root Primary and root secondary switch may be set, there are still situation
which they can be superseded. ROOT GUARD can circumvent this.
For example, in a typical 4900M HSRP configuration with cascaded 4948 switches this can
be enabled on all ports 4900M ports which downlink to a 4948 or that are unused.
LAB-4948-10GE-S(config)#interface TenGigabitEthernet1/4
LAB-4948-10GE-S(config-if)# spanning-tree guard root
LAB-4948-10GE-S(config-if)#
interface TenGigabitEthernet1/4
switchport access vlan 10
switchport mode access
spanning-tree guard root
What Is the Difference Between STP BPDU Guard and STP Root Guard?
BPDU guard and root guard are similar, but their impact is different. BPDU guard disables
the port upon BPDU reception if PortFast is enabled on the port. The disablement effectively
denies devices behind such ports from participation in STP. You must manually re-enable the
port that is put into errdisable state or configure errdisable-timeout.
Root guard allows the device to participate in STP as long as the device does not try to
become the root. If root guard blocks the port, subsequent recovery is automatic. Recovery
occurs as soon as the offending device ceases to send superior BPDUs.
ROOT GUARD should be disabled on all switch interfaces that face ISIS
7000 ISS ports. As ISIS 7x00 ISS will transparently pass BPDU there can
be some undesirable effects when more than one network switch is
connected such as in and FHRP (HSRP/GLBP/VRRP etc.) deployment.
B5.2 Using spanning-tree port type edge with Cisco Nexus and AVID NEXIS
Most NEXIS solutions that are deployed on Cisco NEXUS switches will benefit from using
this command toward all storage engines and all NLE clients.
should use this command as they should connected as fast as possible and not wait for
spanning-tree normal processes.
But this does not enable the fast transition of port coming up.
Additionally, bpduguard default can also be added to ensure the port shots down as “err
disabled” if a switch is connected:
CISCO
PWDEMO-Cisco4948#conf t
Enter configuration commands, one per line. End with CNTL/Z.
PWDEMO-Cisco4948(config)#int g1/40
PWDEMO-Cisco4948(config-if)#desc SHUTDOWN – INTERFACE NOT USED
PWDEMO-Cisco4948(config-if)#exit
PWDEMO-Cisco4948(config)#exit
PWDEMO-Cisco4948#
This will apply Cisco level 7 encryption to all clear text passwords such as line console and
VTY
A Cisco switch will need an enable secret before allowing telnet access, this is in addition to
a telnet password, but the can be the same e.g. avid.
line con 0
logging synchronous
stopbits 1
line vty 0 4
password avid
login
!
B.12 Get Putty 0.06
Hyper terminal which comes with Windows is liability. It may corrupt data outside the main
display window.
Putty is freeware, and v0-60 supports serial ports too. This product can be configured with a
large scroll back buffer. Can be re-sized and run multiple instances to allow communications
with multiple devices concurrently.
B.13 Logging
– Sep 14 at 15:39 is a whole lot more useful than 7 weeks and 4 days!!
Visual Syslog Server for Windows: Syslog Server for Windows with a graphical user
interface
http://maxbelkov.github.io/visualsyslog/
Also this TFTP application provide an Syslog server too (64 bit version is available).
http://tftpd32.jounin.net/tftpd32.html
KIWI syslog used to be FREE too, but since it was purchased by Solarwinds that has changed
to a 14 days trial .
Also consider KLEVERS SOFTWARE;s free syslog server. I am a great fan of KLEVER
software for TFPF too with PUMKIN
http://kin.klever.net/klog#.WXcRQdPytmM
B.15 Timestamps
• service timestamps log uptime
7w4d: %SYS-5-CONFIG_I: Configured from console by vty0 (10.134.132.86)
or even
Peers are a class that allows for both responses to NTP Requests as well as acceptance of NTP Updates, while an NTP Server
will only respond to requests and not permitting updates.
There is more information available from the INE's CCIEBlog -URL - http://blog.internetworkexpert.com/tag/ntp/ - that may
clear up some of the intricate detail.
Should also set the timezone and daylight savings parameters (or just use UTC), below are
command that work in CISCO CATALYST, Cisco Nexus has different syntax, see section
B.16.1
For Europe
For USA –
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00 60
http://www.networkworld.com/community/node/11875
And
http://www.timeanddate.com/library/abbreviations/timezones/
And
http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/frf012.html
http://www.cisco.com/en/US/docs/voice_ip_comm/bts/4.1/command/reference/91TMZ.pdf
Also consider using the update calendar command for devices like C49XX series which has
in internal H/W clock
SWITCH> clock update-calendar
For Europe
• A tool on Cisco and Foundry to do a dump of the system and all the status
information
– Shows state of all interfaces in brief and detail
• Another reason why interface descriptions are important!
– More information from Cisco than Foundry
• Approx 2MB from a 4948!
– Can be piped to a file on a tftp server
– 2611XM-BLUE#show tech-support | redirect
tftp://10.124.87.87/redirect-sh-tech.txt
What is listed varies between switch models and s/w versions, but below is an indication
• Telnet Access to switch and PIPE via Gigabit Ethernet to TFTP server
– about 10 seconds
• CLI access to a switch and PIPE via Fast Ethernet (management port) to TFTP server
– About 60 seconds
show version
show module
show interface status
show interface description
show running-config
show cdp neighbor
show cdp neighbor detail
show interface counter errors < do twice 10 minutes apart>
show Etherchannel summary | show portchannel summary
show hsrp | glbp | vrrp brief
Show spanning-tree
http://kin.klever.net/pumpkin#.WXcSDNPytmN
For MAC OSX, it has a built in tftp server, but it needs CLI access, but I found this TFTP
“application” which does the hard work.
https://www.macupdate.com/app/mac/11116/tftpserver#
http://ww2.unime.it/flr/
Also consider TFTP application provide an tftp server (and sysylog, DHCP etc) too (64 bit
version is available).
http://tftpd32.jounin.net/tftpd32.html
Tftpd32 is a free, opensource IPv6 ready application which includes DHCP, TFTP, DNS,
SNTP and Syslog servers as well as a TFTP client.
The TFTP client and server are fully compatible with TFTP option support (tsize, blocksize
and timeout), which allow the maximum performance when transferring the data.
-- show version
-- show running-config
-- show interfaces status
The latter command will show which interfaces are connected and which have descriptions,
so connected interfaces without descriptions can be easily identified without
Below is a sample
Port Name Status Vlan Duplex Speed Type
Gi1/1 WEBSERVER connected 51 a-full a-1000 10/100/1000-TX
Gi1/2 ** MC Nitris 1 notconnect 51 auto auto 10/100/1000-TX
Gi1/3 ** Protools connected 51 a-full a-1000 10/100/1000-TX
Gi1/4 ** MC Nitris 3 connected 51 a-full a-1000 10/100/1000-TX
Gi1/5 ** DS connected 51 a-full a-1000 10/100/1000-TX
Gi1/6 notconnect 51 auto auto 10/100/1000-TX
Gi1/7 >> Interlink VLAN connected 410 a-full a-1000 10/100/1000-TX
Gi1/8 notconnect 51 auto auto 10/100/1000-TX
Gi1/19 notconnect 51 auto auto 10/100/1000-TX
Gi1/20 DOWNLINK TO 3750 V connected 51 a-full a-1000 10/100/1000-TX
Gi1/21 notconnect 52 auto auto 10/100/1000-TX
Gi1/22 connected 52 a-full a-1000 10/100/1000-TX
Gi1/23 connected 52 a-full a-1000 10/100/1000-TX
Gi1/24 notconnect 52 auto auto 10/100/1000-TX
Gi1/25 connected 52 a-full a-1000 10/100/1000-TX
Cisco 4948 switches supplied by Avid are configured with a Configuration Register value of
0x2101, which means the switch will boot from the first IOS that appears in bootflash. Cisco
instructs you to set the Configuration Register to 0x2102, which means the switch will look
for a boot string that points to the IOS from which to boot.
Beginning Interplay 3.0 the mechanisms for media indexers to communicate with each other
started to change changed, beginning Interplay V3.5, JINI is no longer used and the ASF
(Avid Service Framework) is not used.
Beginning Interplay V3.5 everything that was using ASF to keep two or more server Media
Indexers (in a High Availability Group that is now replaced by a Network of Media
Indexers (NOMI)) synchronized and ready for failover is now done using the local multicast
introduced with Interplay V3.0. These Multicast messages are only needed in the Interplay
VLAN so no Multicast Routing is required.
This is one reason why Interplay 2.7.x can no longer be used with Interplay 3.5.
http://avid.force.com/pkb/articles/en_US/How_To/Multicast-Time-to-Live-adjustment
Note that the local Media Indexers on the editors do not require Multicast
communication with the servers. Multicast communication is only required
between the Media Indexer servers. The multicast address used is
239.255.2.3 on UDP port 6155.
Note: for Interplay Central Services ICS 1.4 and 1.5 (H1/2013) the default
multicast address is 239.192.1.1
corosync_mcast_addr=${corosync_mcast_addr:-"239.192.1.1”
This must be applied in the appropriate VLAN, it does not have to be applied to all VLANs.
The above example assume that VLAN 30 is the location for the Interplay Common Services
“cluster” of nodes
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-series-switches/68131-
cat-multicast-prob.html#igmp
Below is an extract from that document ID: 68131 manually edited/“Tailored” toward Avid
configuration for C45xx/C49XX switches.
Switch 2 receives the same PIM hellos on its T1/1 interface. So it assigns
that port as its Mrouter port.
When the source on Switch 1 starts to stream multicast traffic, Switch 1 forwards the
multicast traffic to the Receiver 1 found via IGMP snooping (i.e., out port Te 1/8) and to the
mrouter port (i.e., out port Te 1/1).
The issue is explained from an Avid perspective here and applied equally to MCS servers
connected across two switches or Media Indexer servers can be explained with the help of the
diagram below. In the early days of Ethernet, multicast packets (to be correct they should be
termed FRAMES, but the two terms will be used interchangeably) they were treated a little
like broadcast packets, but as multicast become more popular that posed challenges for
bandwidth use and CPU cycle use on clients that did not need to receive multicast frames.
One of the tools
In the early days of Ethernet, a multicast frame from SOURCE-1 one would be received by
RECIEVER 1-4, and a multicast frame from SOURCE-2 one would be received by
RECIEVER 1-4. This was not scalable.
Also consider that a multicast capable device can be both and source and a receiver.
With the Advent of IGMP Snooping, the default state became NOT TO ACCEPT to
multicast frames from another switch without some sort of pre-configuration to do so.
Hence the current state in most switches arranged as above is:
Receiver 3 will be forwarded multicast frames from Source 1 as on the same switch, but not
from Source 2 because it is on a different switch.
Receiver 4 will be forwarded multicast frames from Source 2 as on the same switch, but not
from Source 1 because it is on a different switch.
To enable the Media Indexers (or Media Central Servers) to communicate with multicast
across a switch boundary then one of the methods described in the articles referenced in this
section B.20 must be deployed.
The articles below, reference similar issues, but the Nexus 5000 documentation from Cisco is
not sufficiently clear with regards to configuring IGMP snooping to overcome the issue
and these are the VLANs where multicast needs to be propagated within VLANs (not
routed):
1241
1251
These commands were entered on both N5672, multicast routing was not enabled, it is not
required, using PIM in this way allows the L2 features and/or “side effects” of PIM to be
used to address the problem of insufficient “local” multicast propagation.
conf t
feature pim
int vl 1241
ip pim sparse-mode
int vl 1251
ip pim sparse-mode
The issues was resolved after these commands were entered into BOTH Nexus 5672
switches. Interplay NOMI and the EVS devices were able to communicate within their own
VLAN.
Also see
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide
/cli/CLIConfigurationGuide/IGMPSnooping.html
It is possible that command below will have the net effect as ip pim sparse-mode in a
VLAN.
The software keeps the multicast forwarding state synchronized on both of the vPC peer
devices. The IGMP snooping process on a vPC peer device shares the learned group
information with the other vPC peer device through the vPC peer link; the multicast states are
always synchronized on both vPC peer devices. The PIM process in vPC mode ensures that
only one of the vPC peer devices forwards the multicast traffic to the receivers.
Each vPC peer is a Layer 2 or Layer 3 device. Multicast traffic flows from only one of the
vPC peer devices. You might see duplicate packets in the following scenarios:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/92x/multicast/b-
cisco-nexus-9000-series-nx-os-multicast-routing-configuration-guide-92x/b-cisco-nexus-
9000-series-nx-os-multicast-routing-configuration-guide-92x_chapter_0110.html
Config
Vlan configuration <vlan id>
ip igmp snooping querier <ip of the gateway in the vlan>
ip igmp snooping fast-leave
A field engagement with FastServe and Pivot apparently needed these commands, but it was
never conclusively proved that was the case. This should be done on all switches. The
example below uses the VIP of the HSRP supported SVI
Config t
vlan config 103
ip igmp snooping querier 10.1.3.1
It is unclear whether as SVI must be configured ion the L2 edge switch but as a precautionary
measure I would advise this is also done.
Some of these commands will produce 100,000 plus lines so best to have putty logging
(printable output) setup to harvest to a text file.
NOTE: The two command that seem to give the best “short” output are:
EXAMPLE CONFIG
SW1 CORE
conf
int lo9
desc LOOPBACK FOR MCAST ip igmp snooping querier
ip address 1.1.1.101/32
exit
vlan configuration 10,20,30
ip igmp snooping querier 1.1.1.101
end
SW2. CORE
conf
int lo9
desc LOOPBACK FOR MCAST ip igmp snooping querier
ip address 1.1.1.102/32
exit
vlan configuration 10,20,30
ip igmp snooping querier 1.1.1.102
end
SW3. EDGE
SW4. EDGE
conf
vlan configuration 10,20,30
ip igmp snooping querier 1.1.1.104
exit
int lo9
desc LOOPBACK FOR MCAST ip igmp snooping querier
ip address 1.1.1.104/32
end
TO REMOVE
This Windows program that might help one understand multicast better but will need some
“playtime” on a suitable network, it supports Win 10 but not explicitly and of the server OS.
MPING
https://www.microsoft.com/en-us/download/details.aspx?id=52307
OMPING
https://www.claudiokuenzler.com/blog/656/test-multicast-connectivity-working-omping-
linux
I have not had the opportunity to trial them at the time of writing (DEC 2019).
We found that Pivot/FastServe communication would fail if ip pim sparse-mode was not
configured on the (VLAN103) NEXUS CORE switch(es) along with the igmp querier.
Note: While using the feature PIM technically requires the enhanced licensing for
NEXUS switches, only the most basic features of PIM necessary to “apparently”
correctly deal with L2 multicast are used, and no multicast routing is involved, so
morally this is not exploiting the “honor based” system. If only good reliable, tried
and tested application note were provided by Cisco (and other vendors) this would
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-
x/multicast/configuration/guide/b_Cisco_Nexus_9000_Series_NX-
OS_Multicast_Routing_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_N
X-
OS_Multicast_Routing_Configuration_Guide_7x_chapter_0100.html#reference_15
77C753E1C24CCC8AE12104FC84AC78
Using the commands directly below that seem to give the best “short” output the following
information was tabulated:
The IP addresses Associated with FastServe and Pivot were the only ones using 225.1.1.1
ping multicast 239.255.255.253 interface vl 164 count 1 - may not get any replies to this
ping multicast 239.255.102.18 interface vl 164 count 1 - may not get any replies to this
By doing this:
switch(config)# vlan configuration 5
switch(config-vlan-config)# no ip igmp snooping
You disable IGMP snooping on VLAN 5. Also if you chose range for VLAN configuration,
this can be executed for multiple VLANs at the same time.
This has to be done for all necessary VLANs in all NEXUS switches that use that VLAN
Note: This is the “simplest method” but may not be the “best method”
where there is lots of multicast routing in progress …... in which case it is
necessary to get “busy” with igmp snooping queriers as described in
NETREQS appendix B20.2.1. Multicast is a “dark art” and I prefer simple
solutions.
You can do this with NXOS, should be across the board from N3K to N9K and anything in
between, by configuring IGMP snooping per VLAN, more info for N9K, but other should
have same section: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/multicast/b-cisco-nexus-9000-
series-nx-os-multicast-routing-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-multicast-routing-configuration-guide-
93x_chapter_0110.html#task_767AD7DE9F554649B7C7D5071521752B
Some might consider this method to be a bit of a blunt instrument. I have published other
methods in this section should more granularity/complexity be desired. But I do not consider
this a dangerous option, as it is used only on specific VLAN, especially as other vendors
products have IGMP disabled globally as default. If there is no multicast routing into this
VLAN, and why on earth would there be in the Avid SERVER VLAN, then this is not an
issue?
The IGMP snooping RFC and subsequent implementations have a major flaw IMHO, they
should have excluded 239.x.x.x link local addresses and allowed them to propagate as
normal, they are generally small and insignificant. After all IGMP was brought in to dampen
the burden of Multicast ROUTED packets, not L2 multicast.
Maybe it would be nice if vendors enabled the exclusion of IP ranges from IGMP operations
based on an access list, but I don’t not think they do. I am not a multicast guru and prefer
simple solutions where possible.
In this Section B.20 I have re-published some Cisco articles from Catalyst days…. But I have
yet to find similar article for NEXUS.
Using ip pim sparse-mode has licensing implications in NEXUS (which was not the case in
Catalyst and may not be an issue for CBS), needing the enhanced Cisco licenses even though
IGMP forwarding functionality is the tip of the iceberg and when we have used it…. Avid
needs, with link local multicast use a side effect of pim sparse-mode not any multicast
routing functionality.
Of course TVSTATIONS makes a lot of use of multicast in in corporate LANs, to watch user
selected channels via their workstations, so have lots of experience to bring to the table when
it used for MROUTING, but as I stated above I would question why any such MROUTING
would need to exist in the Avid VLANs, and if these production network switches are a
shared environment with other equipment vendors where MROUTING does exists for other
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_pim/configuration/xe-
3s/asr903/imc-pim-xe-3s-asr903-book/ip_multicast_technology_overview.pdf
https://www.cisco.com/c/dam/en/us/support/docs/ip/ip-multicast/ipmlt_wp.pdf
https://www.tldp.org/HOWTO/Multicast-HOWTO-2.html
TTL.
The TTL (Time To Live) field in the IP header has a double significance in multicast. As
always, it controls the live time of the datagram to avoid it being looped forever due to
routing errors. Routers decrement the TTL of every datagram as it traverses from one
network to another and when its value reaches 0 the packet is dropped.
The TTL in IPv4 multicasting has also the meaning of "threshold". Its use becomes evident
with an example: suppose you set a long, bandwidth consuming, video conference between
all the hosts belonging to your department. You want that huge amount of traffic to remain in
your LAN. Perhaps your department is big enough to have various LANs. In that case you
want those hosts belonging to each of your LANs to attend the conference, but in any case
you want to collapse the entire Internet with your multicast traffic. There is a need to limit
how "long" multicast traffic will expand across routers. That's what the TTL is used for.
Routers have a TTL threshold assigned to each of its interfaces, and only datagrams with a
TTL greater than the interface's threshold are forwarded. Note that when a datagram traverses
a router with a certain threshold assigned, the datagram's TTL is not decremented by the
value of the threshold. Only a comparison is made. (As before, the TTL is decremented by 1
each time a datagram passes across a router).
TTL Scope
----------------------------------------------------------------------
0 Restricted to the same host. Won't be output by any interface.
1 Restricted to the same subnet. Won't be forwarded by a router.
<32 Restricted to the same site, organization or department.
<64 Restricted to the same region.
<128 Restricted to the same continent.
<255 Unrestricted in scope. Global.
The TTL-trick is not always flexible enough for all needs, specially when dealing with
overlapping regions or trying to establish geographic, topologic and bandwidth limits
simultaneously. To solve this problems, administratively scoped IPv4 multicast regions were
established in 1994. (see D. Meyer's "Administratively Scoped IP Multicast" Internet draft).
It does scoping based on multicast addresses rather than on TTLs. The range 239.0.0.0 to
239.255.255.255 is reserved for this administrative scoping.
Also consider that some of the reading on VXLAN suggests that 239.x.y.x addresses
are also used for propagation of BUM traffic between VTEPs, and NOMI uses .
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094640.sh
tml
The STP loop guard feature provides additional protection against Layer 2 forwarding loops
(STP loops). An STP loop is created when an STP blocking port in a redundant topology
erroneously transitions to the forwarding state. This usually happens because one of the ports
of a physically redundant topology (not necessarily the STP blocking port) no longer receives
STP BPDUs. In its operation, STP relies on continuous reception or transmission of BPDUs
based on the port role. The designated port transmits BPDUs, and the non-designated port
receives BPDUs.
Speed and Duplex are negotiated during the first few milliseconds of communication
between NIC and Switch. Once negotiated, it won't change. So, if 'auto' negotiates to 1000
Mbps Full Duplex, as it almost always does, then manually setting the NIC and Switch to
1000 Full will not get you better performance - and you will have to remember to re-
configure the NIC and Switch Port if you want to use it for something else.
All situations have different variables. Also considered that devices that are turned off will
report a lower speed, when connected but "dormant" and physically powered.
This is one reason why interface descriptions are a MASSIVE help when diagnosing
problems, this combined with commands like show interfaces status
(Cisco). Yes, it takes time, but interface descriptions and good documentation are like a
pension payment, and investment in the future that WILL pay back.
If SNMP and/or a simple logging is correctly configured, that will show such things as speed
changes, but you do not want to configure logging on devices that are regularly disconnected
or powered off because that just generate "noise", I.E. useless event data.
One European (Q4 2017) customer reported SEMAPHORE Errors with ISIS 7x00 clients and
connecting via a FEX 2248TPE. There were multiple FEXs all with same configuration, but
one FEX had clients that showed intermittent SEMAPHORE errors, there was no pattern to
the occurrence of errors. As a diagnostic step the customer set some clients to a fixed
connection of speed 1000 full duplex and left others to use auto-negotiation. The clients that
were fixed to1000 FDX no longer exhibited the error. The theory here is that while all the
FEX ports showed operation at Gigabit speed, that a possible cabling or NIC issue was
causing intermittent renegotiation to 100 Mbps operation, and then flipping back 1000 Mbps
operation, this would not cause link status events to be reported but it would upset the NLE
operation.
The interface commands below will assist. If having intermittent disconnect problems
perhaps select some ports to monitor logging status to see if NEXIS disconnect events
coincide with port status changes (of course need to record timing a look for a match.
And
2019 Mar 27 12:23:27.063 TVS-EDITOR-N9K %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface
Ethernet1/36 is down (Link failure)
2019 Mar 27 12:23:31.325 TVS-EDITOR-N9K %ETHPORT-5-SPEED: Interface Ethernet1/36,
operational speed changed to 1 Gbps
2019 Mar 27 12:23:31.325 TVS-EDITOR-N9K %ETHPORT-5-IF_DUPLEX: Interface
Ethernet1/36, operational duplex mode changed to Full
2019 Mar 27 12:23:31.325 TVS-EDITOR-N9K %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface
Ethernet1/36, operational Receive Flow Control state changed to on
2019 Mar 27 12:23:31.325 TVS-EDITOR-N9K %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface
Ethernet1/36, operational Transmit Flow Control state changed to off
2019 Mar 27 12:23:31.336 TVS-EDITOR-N9K %ETHPORT-5-IF_UP: Interface Ethernet1/36 is
up in mode access
2019 Mar 27 12:23:49.321 TVS-EDITOR-N9K %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface
Ethernet1/36 is down (Link failure)
2019 Mar 27 12:23:53.832 TVS-EDITOR-N9K %ETHPORT-5-SPEED: Interface Ethernet1/36,
operational speed changed to 1 Gbps
2019 Mar 27 12:23:53.832 TVS-EDITOR-N9K %ETHPORT-5-IF_DUPLEX: Interface
Ethernet1/36, operational duplex mode changed to Full
2019 Mar 27 12:23:53.832 TVS-EDITOR-N9K %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface
Ethernet1/36, operational Receive Flow Control state changed to on
2019 Mar 27 12:23:53.832 TVS-EDITOR-N9K %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface
Ethernet1/36, operational Transmit Flow Control state changed to off
2019 Mar 27 12:23:53.842 TVS-EDITOR-N9K %ETHPORT-5-IF_UP: Interface Ethernet1/36 is
up in mode access
And
My Vanilla Configs always use the minimum required setting to create expected normal
operation and hence additional polices may be applied, based on each site methods and
specific requirements.
However, one might conclude that 1G clients must always work at 1G, so why not disable
auto-negotiation it offers no benefit. Under normal circumstances setting a fixed speed will
not be harmful, setting the duplex is “belt and braces” because 1G and above should only
function in Full Duplex mode anyway. The same applies to 10G and 40G devices. But really
the end device should negotiate the highest speed available, the fact that this is showing
disconnects/reconnects is suggesting other issues might be the root cause, and that setting
fixed speed/duplex might overcome the issue while masking root cause.
interface Ethernet1/32
description MEDIA COMPOSER NLE HP workstation Z840
switchport
switchport access vlan 20
speed 1000
duplex full
spanning-tree port type edge
no shutdown
The command below, added to cisco ports connecting to ISIS engines to control "ip device
tracking" feature of later Cisco IOS, can be used to address this problem.
http://www.cisco.com/image/gif/paws/116529/116529-problemsolution-product-00.pdf
http://communities.labminutes.com/routing-and-switching/device-tracking-issue-on-catalyst-
switches-15-2(1)e/
False duplicate IP address detected on Microsoft Windows Vista and later virtual machines
on ESX/ESXi when using Cisco devices on the environment (1028373)
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC
&externalId=1028373
Symptoms
• When you assign an IP address on Windows Vista and later versions, you see a
duplicate IP address conflict.
• When you restart Windows Vista and later versions, you receive a 169.254.x.x IP.
• When you set up the same virtual machine on a vSwitch with no uplink port on
the vSwitch, the IP address is assigned successfully.
• When you assign the same IP address to a Windows 2003 virtual machine on the
same vSwitch, the IP address is assigned successfully.
Cause
This issue occurs when the Cisco switch has gratuitous ARPs enabled or the ArpProxySvc
replied to all ARP requests incorrectly.
WinMerge (http://winmerge.org) is an open source and free differencing and merging tool for
Windows. It allows you to open two text files (in our case switch config files) in a split
screen, the two files are automatically aligned and all the different lines are highlighted.
Furthermore, the specific differences are additionally highlighted within that line. It is a very
effective tool to compare the configuration files of redundant switches to make sure there are
no unintentional differences and it helps you spot configuration mistakes. A second usage
case is to compare the before- and after- configurations to verify what was really changed.
Example: comparison of two core switches where the automatic highlighting helped us
identify a miyconfigured HSRP interface – a crucial line has been omitted on Core 1!
For serial connectivity I use STARTEC adapter. This works on Windows 7 x64 using since
2010),and Windows XP32 (using since 2008). I have also made it work on a MAC in
conjunction with iTERM2, and in a Windows VM so I can use Putty. I have been doing this
on a MAC too since 2014.
http://us.startech.com/product/ICUSB232-USB-to-RS232-DB9-Serial-Adapter-Cable-Male-
to-Male-Serial-Adapter-USB-to-Serial
This I use in combination with a Cisco rolled cable for my connectivity, or via various other
adapters and flat cable for some of the NON-CISCO vendors who have different
presentation.
In 2016 I was advised about a combined cable which integrates the USB-Serial adapters and
works with. When us techy-types congregate, we always have to swap tips!
B25.1. Use the management network on NEXUS switches & remote connection
While on Catalyst switches using the management interface ports was and extremely painful
process, on NEXUS switches it is a breeze. When setting up a common network
deployments style such as two Core and two Edge devices, having two USB sunflower cables
and a cheap 8 port unmanaged network switch, and 5 Ethernet patch cords costing less than
50 EUR/GBP/USD, will save a massive amount of time and will repay it outlay several times
over. After doing basic setup via slow console cables, you can telnet/ssh to all switches at the
same time. Such improved speed and flexibility this could save a day (or more) in config and
diagnostics. It is worth buying for EVERY project even if it is never used again, but more
environmentally sustainable if moved from site to site. Amazon next day delivery (or local
equivalent) is your friend. Have this in your toolbox for site. This is even MORE important
for doing this with the restriction that are placed upon us in during the Covid 19 Pandemic
where a lot more has to be done remotely.
Although this diagram shows VNC, RDP is just fine too, probably better in an all Windows
environment. With a 1U server and eight LAN ports, the config JUMP workstation and all
the Dumb hosts can exist in one physical device. The serial ports in the Windows JUM
device appear and COM6, COM 7, COM 8, COM9.
At the site in Mainland Europe where the above diagram is taken from, we are using the open
source OPENVPN (https://openvpn.net/) solution, which can be deployed as a virtual
appliance in the SAME host server and the first two connections are no recurring cost. And I
will be doing something similar for a project in USA next month. All from the comfort of my
Desk in UK.
Considering most recent 1U servers come with 4 x 1G, adding another 4 ports card is not
expensive and any cheap NIC will do for the task of a DUMB PING host. Again, on Amazon
I have seen then for less than 50 EUR/GBP/USD, but certainly less than 100
EUR/GBP/USD.
If all you need on site is a basic connection for telnet and TFTP into switches than a simple
USB 2.0 LAN Adapter to Ethernet RJ45 Network Cable 10/100Mbps Mac Windows 7/8
will cost a less than $10. Mine came from Ebay, and works just fine, normally I use it in the
Windows VM, but often the windows VM must have a ROUTE ADD statement at
CLI/COMMAND Window (must be RUN AS ADMIN) to direct packets to the test networks
(or VLANS being configured) instead of the primary bound path of the VM to the “outside
world”.
You can have 5 out 5 good replies multiple times in a row, but when you send 10,000 pings
and only get 9946 replies – it means something fishy is going on, that 0.5% failure rate
should not be there. It takes only a couple of minutes to finish if all goes well.
Note that this is about pink testing at the CLI between directly connected Cisco devices, amd
not at the windows CLI which would take an epoc!
B.28 Service Timestamps and Time setting in F10 S4810 & S60
To correctly view logs it is important that the correct time exists and that the switch is
configured to timestamp the logs otherwise you get a used log entry such as the one below.
This config example was extracted from a running S4810 and the S60 was identical/
Note this example is for USA but give then flavor of how to do this for any time Zone
In the Dell N3024/3048 logs are automatically time stamped, there is no service timestamps
command to be manipulated but the syntax of the summer-time command is different, as the
is NTP setting.
Note that SNTP needs a second command sntp unicast client enable otherwise it
will not pickup the time.
The CLI output below shows that the ntp server and ntp status and that time source is SNTP.
KLAB_ACCESS03#show clock
Unicast servers:
Server Status Last response
--------------- ---------------------- --------------------------
10.229.252.150 Success 09:11:09 Jan 21 2019
SNTP Servers
------------
KLAB_ACCESS03#
AFTER
Jul 11 09:50:19 UTC: %STKUNIT1-M:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable authentication success on vty0 (
10.134.133.221 ) for user avid
Jul 11 09:50:14 UTC: %STKUNIT1-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user avid on line vty0 ( 10.134.133.221 )
Jul 11 09:50:07 UTC: %STKUNIT1-M:CP %SEC-5-LOGOUT: Exec session is terminated for user avid on line vty0 ( 10.134.133.221 )
Jul 11 09:49:27 UTC: %STKUNIT1-M:CP %SYS-5-CONFIG_I: Configured from vty0 ( 10.134.133.221 )by avid
BEFORE
2w5d13h: %STKUNIT1-M:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable authentication success on vty0 (
10.134.133.221 ) for user avid
2w5d13h: %STKUNIT1-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user avid on line vty0 ( 10.134.133.221 )
2w5d13h: %STKUNIT1-M:CP %SEC-5-LOGOUT: Exec session is terminated for user avid on line vty0 ( 10.134.133.221 )
2w5d13h: %STKUNIT1-M:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable authentication success on vty0 (
10.134.133.221 ) for user avid
2w5d13h: %STKUNIT1-M:CP %SEC-5-LOGIN_SUCCESS: Login successful for user avid on line vty0 ( 10.134.133.221 )
This config example was extracted from a running S4810 and the S60 was identical/
Note this example is for USA but give then flavor of how to do this for any time Zone
Note: that the Dell S4048 logs are listed with newest first (unlike Cisco)
the command below will list them in natural order and also no ask for you
to press the space bar after each page
The CLI output below shows that the ntp server status and associations
KLAB_VLTCORE1#sh ntp status
Clock is synchronized, stratum 3, reference is 10.229.252.150, vrf-id is 0
frequency is -20.796 ppm, stability is 0.066 ppm, precision is -19
reference time dff01867.51c59290 Mon, Jan 21 2019 10:07:35.319 UTC
clock offset is -1.265075 msec, root delay is 10.630 msec
root dispersion is 54.397 msec, peer dispersion is 15.435 sec
peer mode is client
KLAB_VLTCORE1#
KLAB_VLTCORE1#sh ntp associations
remote vrf-Id ref clock st when poll reach delay
offset disp
===========================================================================
=========
169.254.1.13 0 0.0.0.0 16 - 1024 0 0.00000
0.00000 0.00000
*10.229.252.150 0 216.239.35.0 2 940 1024 377 0.34600 -
1.2650 0.61500
* master (synced), # backup, + selected, - outlier, x falseticker
KLAB_VLTCORE1#
And voila! The device of port e1/5 has a mac address of 0060.dd43.2bd8 and an IP
address of 10.64.124.35
An open source variant for Windows, called Switch Miner which appears
to do much the same job is available from
https://sourceforge.net/projects/switchminer/
It is a little buggy but does the job, and is fine for occasional use. It work
well on Cisco Catalyst (not been able to try NEXUS at the time of writing
FEB 2019) devices, that is designed for, less good on other vendors
DELL/F10 as is to be expected .
A Google search "minimum length network cable” and found these two articles
https://networkengineering.stackexchange.com/questions/7483/minimum-ethernet-cable-
length
There is no minimum cable length when talking about standard copper-cables. When
it comes to fiber, there is a minimum length depending on technology, diodes and so
on.
note, fibre minimums are a function of power. longer reach (ie. higher power) expects
higher attenuation; at short lengths the signal can blind (and even damage) the
receiver. –
http://boards.straightdope.com/sdmb/showthread.php?t=599432
I did check 802.3, to find that the 2.5m minimum length applies to CSMA/CD
networks, per IEEE 802.3, where overly short cables can cause the collision detection
to malfunction. This might apply to half-duplex gigabit lines as well. It should not
apply to switch based networks which won't have physical layer collisions.
This can be done on the management ports or via a front panel ports, when an aggregate link
can be used for “double protection”.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/interfaces/con
figuration/guide/b-cisco-nexus-9000-nx-os-interfaces-configuration-guide-93x/b-cisco-
nexus-9000-nx-os-interfaces-configuration-guide-93x_chapter_01000.html
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-
x/interfaces/configuration/guide/b_Cisco_Nexus_9000_Series_NX-
OS_Interfaces_Configuration_Guide/configuring_vpcs.pdf
Design and Configuration Guide: Best Practices for Virtual Port Channels (vPC) on Cisco
Nexus 7000 Series Switches Revised: June 2016
https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_b
est_practices_design_guide.pdf
https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-
switches/configuration_guide_c07-543563.html
interface port-channel77
description VPC-PEER-LINK
switchport
switchport mode trunk
spanning-tree port type network
no lacp suspend-individual
vpc peer-link
feature vpc
vpc domain 77
peer-switch
role priority 4096
system-priority 4096
peer-keepalive destination 10.10.10.2 source 10.10.10.1
delay restore 150
peer-gateway
interface mgmt0
vrf member management
ip address 10.10.10.1/30
interface port-channel77
description VPC PEER-LINK
switchport
switchport mode trunk
spanning-tree port type network
no lacp suspend-individual
vpc peer-link
feature vpc
vpc domain 77
peer-switch
role priority 8192
system-priority 4096
peer-keepalive destination 10.10.10.1 source 10.10.10.2
delay restore 150
peer-gateway
interface mgmt0
vrf member management
ip address 10.10.10.2/30
The vPC peer keepalive must be present for successful vPC pairing. The
loss of a vPC peer keepalive path on a running switch while the vPC peer
link is active will not break the pairing, but if the vPC peer link fails while
there is no active vPC peer keepalive path, unexpected operation can occur,
hence additional resilience in the vPC peer keepalive but using Port
channel with two members and a dedicate VRF context is desirable. On a
Nexus 93180YC the most cost-effective option is to use 10G TWINAX on
while on a Nexus 9336C either two 100G have to be “sacrificed” with 40G
TWINAX or optical BREAKOUT is used possible on two different ports s
6 more 10G ports main available. Do not use QSA and optics as this is
more expensive and inefficient than TWINAX.
These principle apply equally to other vendors network switch products but the syntax
necessary to achieve it may differ.
Cisco Nexus 93180LC-EX NX-OS Mode Hardware Installation Guide | Managing the Switch
| Configuring Ports
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/hw/n93180lcex_hig/g
uide/b_c93180lcex_nxos_mode_hardware_install_guide/b_c93180lcex_nxos_mode_hardwar
e_install_guide_chapter_01011.html
Configuring Ports
This switch has 32 ports of which 28 are configured as 40/50-Gigabit ports and 4 are
configured as 40/100-Gigabit ports. You can change the ways that these ports are used
by using templates to configure all the ports in commonly used ways or by configuring
ports individually. Three of the templates that you can use are the following:
• 18 40/100-Gigabit ports
You can individually configure the ports 1 to 28 as indicated in the following table:
Odd Numbered Port (1 Even Numbered Port (2 to 28) below the Odd
to 27) Numbered Port
• 40/100-Gigabit QSFP+/QSFP28 uplink port can be individually broken out with the
4x10-Gigabit or 4x25-Gigabit breakout feature.
For information on configuring ports for this switch, see the Cisco Nexus 9000 Series
NX-OS Interfaces Configuration Guide.
Also see
Cisco 40-Gigabit Ethernet Transceiver Modules Compatibility Matrix | Cisco Nexus 9000
Series (Fixed 9300)
https://www.cisco.com/c/en/us/td/docs/interfaces_modules/transceiver_modules/compatibilit
y/matrix/40GE_Tx_Matrix.html#_Toc501460917
This also applies to Nexus 93240YC-FX2 and 93360YC and also other family model with
100G QSFP28 ports.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/hw/n93108tcex_hig/g
uide/b_c93108tcex_nxos_mode_hardware_install_guide/b_c93108tcex_nxos_mode_hardwar
e_install_guide_chapter_01011.html#concept_efn_m5q_4x
NETREQS-NEW_for_NEXIS_and_MediaCentral_V2.8.docx Page 135 of 222
Chapter: Connecting the Switch to the Network
Uplink Connections
The six 40- and 100-Gigabit Ethernet QSFP28 uplink ports support 4 x 10-Gigabit and 4 x
25-Gigabit breakout cables and 1- and 10-Gigabit Ethernet with QSFP-to-SFP adapters.
The six 40- and 100-Gigabit Ethernet QSFP28 uplink ports support 10-, 25-, 40-, 50-, and
100-Gigabit connectivity. You can use 4x10-Gigabit and 4x25-Gigabit breakout cables with
these ports.
For a list of transceivers and cables used by this switch for uplink connections, see http://
www.cisco.com/c/en/us/support/interfaces-modules/transceiver-modules/products-device-
support-tables-list.html.
Software
Hardware
cisco Nexus9000 93180YC-EX chassis
The ports would show as shown below, in this example ports 1/1 and 1/1 on a NEXUS
9336C-FX2 are broken out to 10G using the command
While 40G was a “development” of 10G, not all QSFP+ support breakout so the equipment
vendor should be consulted for the correct devices. For Cisco see 40GBASE QSFP
Modules Data Sheet:
https://www.cisco.com/c/en/us/products/collateral/interfaces-modules/transceiver-
modules/data_sheet_c78-660083.html
So just as a 40G port can be broken out to a 4 x 10G TWINAX, an optical QSFP+ can to the
same thing, it just needs some extra parts for the physical connection. A
and
https://www.youtube.com/watch?v=HER-Cu83AbI
and
http://www.fiberopticshare.com/modular-patch-panel-breakout-cabling-choose-future-
proofing-network.html
Of course the same principles apply to 100G >> 4 x 25G (or 4x10G)
Here are some pictures of product that I found with a Google search of “QSFP breakout
panel”. No special cables have to be made, a COTS MTP cable connects from the QSFP to
the back of the breakout box, and the front provided the LC connection for onward patching
to end 10/25G device
Outer sheath yellow fibre cables indicate it is a Long Range (LR) optical solution and cyan
cable indicate it is a Short Range (SR) optical solution (OM3 or OM4)
Or, in some cases use a simple patch cable like below typically available as 1-100M length:
Another great video: Direct Attach Cable (DAC) vs Active Optical Cable (AOC) - Which Do
I Need To Buy For My Rack? https://www.youtube.com/watch?v=ACTMTHg-FVk
These devices are usually multivendor capable if purchased from a reputable source.
A port using a QSA adapter can use SFP+ transceivers and SFP transceivers.
When using a QSA adapter, it may be necessary to apply port speed and duplex commands to
the new broken out interfaces, bit in most case this is unlikely as the devices used are likely
to have fixed parameters.
The use of QSA is a very blunt tool for reducing port speed. It is a very inefficient use of a
highly capable port. It is much more efficient to use a QSFP+ device which is capable of
breakout s described above.
For example:
Q.
What does the "=" mean in Cisco part number? It seems there is no difference between the
parts with a "=" and the parts without a "=", such as "GLC-SX-MM" and "GLC-SX-MM="
A.
• A part with the = sign at the end is what is called a "FRU" part; where FRU
stands for "Field Replaceable Units".
• Those are the parts that can be used as "spare" or be shipped individually to
replace damaged units.
• The new parts that are ordered directly from a reseller or from Cisco usually
don't come with the = sign.
This example provides the command based on the physical interfaces being called p1p1 and
p1p2 and the teamed device being called team0. Of course, the “binding” to the NEXIS
clients must still be performed using the documented procedure such as shown below.
30APR 2019
This has not been tested by Engineering, hence not fully ratified,
and not fully supported, hence exists in the grey area.
IMHO it is better to have it, than not to have it…. Like a space-
saver spare tyre. It is not perfect, but better than no spare tyre.
Depending on the version of Linux, a GUI option such as NMUTILS might also be available.
For CENTOS 7 used by MediaCentral Cloud UX server this resource is very helpful
https://www.snel.com/support/setup-lacp-bonding-interface-centos-7/
One of the key files that might need editing is to change the load balancing HASH:
nano /etc/sysconfig/network-scripts/ifcfg-bond0
https://www.unixmen.com/linux-basics-create-network-bonding-on-centos-76-5/
The default is load balancing hash is layer 2 (parameter=0). But layer 2+3 is a much better
(parameter=2). Later 3+4 should be avoided as it does not work well with the UDP based
NEXIS signalling protocol.
# cat /etc/sysconfig/network-scripts/ifcfg-Bond0
BONDING_OPTS="downdelay=0 miimon=1 mode=802.3ad xmit_hash_policy=2 updelay=0"
runner.tx_hash (array)
List of fragment types (strings) which should be used for packet Tx hash
computation. The following are available:
l4 — Uses source and destination TCP and UDP and SCTP ports.
Beginning with March 2021 NEXIS release the TEAMD configuration will use “l3”. Because
it works better with the UDP based NEXIS signalling protocol.
ifcfg_p1p1 ifcfg_p1p2
TYPE=Ethernet TYPE=Ethernet
PROXY_METHOD=none PROXY_METHOD=none
BROWSER_ONLY=no BROWSER_ONLY=no
BOOTPROTO=dhcp BOOTPROTO=dhcp
DEFROUTE=yes DEFROUTE=yes
IPV4_FAILURE_FATAL=no IPV4_FAILURE_FATAL=no
IPV6INIT=yes IPV6INIT=yes
IPV6_AUTOCONF=yes IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy IPV6_ADDR_GEN_MODE=stable-privacy
NAME=p1p1 NAME=p1p2
UUID=82f52b69-92e9-3d0b-bf74- UUID=34668a02-c7c4-3df4-b23a-
f62d5de380e1 50837d949d9b
DEVICE=p1p1 DEVICE=p1p2
ONBOOT=yes ONBOOT=yes
AUTOCONNECT_PRIORITY=-999 AUTOCONNECT_PRIORITY=-999
ifcfg_team0_slave1 ifcfg_team0_slave2
TYPE=Ethernet TYPE=Ethernet
NAME=team0_slave1 NAME=team0_slave2
UUID=fcac276b-94b3-430b-83c3- UUID=8254f867-968c-42d8-8805-
24120fbbd924 f9033855d401
DEVICE=p1p1 DEVICE=p1p2
ONBOOT=yes ONBOOT=yes
MASTER=team0 MASTER=team0
SLAVE=yes SLAVE=yes
MASTER_UUID=c5efe9fc-7c5a-4622-885c- MASTER_UUID=c5efe9fc-7c5a-4622-885c-
8bceaedc5591 8bceaedc5591
DEVICE=team0
BONDING_OPTS="resend_igmp=1 updelay=0 use_carrier=1 miimon=100
arp_all_targets=any min_links=0 downdelay=0 xmit_hash_policy=layer2
primary_reselect=always fail_over_mac=none lp_interval=1 mode=802.3ad
all_slaves_active=0 ad_select=stable num_unsol_na=1 num_grat_arp=1"
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.18.10.34
PREFIX=24
GATEWAY=172.18.10.1
DNS1=172.18.10.28
DNS2=172.18.10.29
DOMAIN=thk-avid.local
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
NAME=team0
UUID=c5efe9fc-7c5a-4622-885c-8bceaedc5591
ONBOOT=yes
Here is another CENTOS example (FEB2021 deployment), as can be seen the defaults seem
to be omitted
Deployment of a Bonded Interface or Teamed Interface after the installation of Media Central
Cloud UX server will require several configuration files to be modified to re-focus keep-alive
communication to the “correct” named interface, as it does not bond to an IP address but to a
NAMED interface.
At the time of writing (DEC 2020) using teamed/bonded connection is not explicitly
supported on Bare Metal server deployments (Linux or Windows), but with Kubernetes
Containers the network connection of the Pod/Application is abstracted from the external
physical connection, hence there should be no conflict or issues……and many data centres
successfully deploy in this manner.
https://backdrift.org/lacp-configure-network-bonding-linux
and
https://serverfault.com/questions/810649/how-does-one-diagnose-linux-lacp-issues-at-the-
kernel-level
The text extracts below are best viewed on a bigger screen but have been squeezed into a
table below for comparison convenience.
Ethernet Channel Bonding Driver: v3.7.1 Ethernet Channel Bonding Driver: v3.7.1
(April 27, 2011) (April 27 2011)
Bonding Mode: IEEE 802.3ad Dynamic link Bonding Mode: IEEE 802.3ad Dynamic link
aggregation aggregation
Transmit Hash Policy: layer2 (0) Transmit Hash Policy: layer2 (0)
MII Status: up MII Status: up
MII Polling Interval (ms): 1 MII Polling Interval (ms): 1
Up Delay (ms): 0 Up Delay (ms): 0
Down Delay (ms): 0 Down Delay (ms): 0
Note the “oper key” is 328231, when 32768 LOCAL MAC ADDRESS
subtracted = 63, the vpc and po ID used on this 00:06:dd:42:24:fb
port just happened to be 61 too, no coincidence. ss MYRICOM
We will see it the same applies for another
po….#61
Bonding Mode: IEEE 802.3ad Dynamic link Bonding Mode: IEEE 802.3ad Dynamic link
aggregation aggregation
Transmit Hash Policy: layer2 (0) Transmit Hash Policy: layer2+3 (2)
MII Status: up
MII Status: up
MII Polling Interval (ms): 1
MII Polling Interval (ms): 1
Up Delay (ms): 0 Up Delay (ms): 0
Note: The offered MAC address is the same for each link, is controlled but
the sending device in this case vPC, ad is the same for every link, but as
this is a dedicated segment (not shared/hub) that is not an issue for correct
Ethernet operation.
CORE2# sh vpc role
Bonding Mode: IEEE 802.3ad Dynamic link Bonding Mode: IEEE 802.3ad Dynamic link
aggregation aggregation
Transmit Hash Policy: layer2+3 (2) Transmit Hash Policy: layer2+3 (2)
MII Status: down <<<<<<<< MII Status: up
MII Polling Interval (ms): 1 MII Polling Interval (ms): 1
From what I have seen of TEAMD is does not really offer many advantages, for “basic
teaming” and the way it is used is NEXIS it becomes "bound" to the application/FW version
which could be considered a disadvantage. It is not documented (and that frustrates me too)
but NEXIS is ALWAYS using “teaming” of sorts, but TEAMD controls what type of
teaming from within the GUI, either SFT (or other variations of the same meaning such as
MS LBFO or active-backup in *IX speak) or LACP. I think TEAMD is "necessary" to get
GUI functionality, while bonding cannot do that (now you understand the reference above to
auto vs. manual gearbox!!)
Three useful articles below to help the reader understand some more of the fine detail without
too much glossy marketecture.
https://tobyheywood.com/network-bonding-vs-teaming-in-linux/
https://www.redhat.com/en/blog/if-you-bonding-you-will-love-teaming
https://www.admin-magazine.com/Articles/Link-aggregation-with-kernel-bonding-and-the-
Team-daemon/(offset)/6
So, after reading those I think one could also use another metaphor… do you want “DIY” or
“Silver Service” both have their places and appropriate optimal deployment scenarios.
Also look at section 4.6 for details on Naming that have been round for a LONG time,
unfortunately every different OS seems to interpret the details a little differently and add a
fresh dialect.
Using the pipe modifier allows a reduces set of pertinent information from the show interface
output to be viewed, with regular updating of 2 seconds.
Some of example output from the screen shot above is show below
Every 2.0s: vsh -c "sh int e1/17 | section rate" Wed Nov 21 14:47:17 2018
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-software-releases-122-
mainline/46741-backup-config.html#ab
B.38.2 NEXUS
http://crazyitpro.blogspot.com/2013/07/schedule-automatic-backup-config-in.html
Nexus-Sw1(config-schedule)# time ?
daily Specify a daily schedule
monthly Specify a monthly schedule
start Specify a future time schedule
weekly Specify a weekly schedule
Example :
Nexus-Sw1(config-schedule)# time start now repeat 00:00:05
Schedule starts from Mon Mar 4 10:44:41 2013
Nexus-Sw1(config-schedule)# job name backup-daily // Job Name to be
schedule in Scheduler
Nexus-Sw1(config-schedule)# exit
Nexus-Sw1(config)# exit
Nexus-Sw1# show scheduler config
Nexus-Sw1# show scheduler logfile
OR can do manually
Using SHOW TECH-SUPPORT on a NEXUS switch is not as useful as it was for Catalyst as
now it creates a 200-800MB file with up to 8 million lines (depending on model) rather than
a 2MB file, and 99% of it is useless unless “distilled” by a computer. Hence below are listed
some of the most useful commands for diagnostic purposes.
These show commands were taken from NEXUS 7.x show tech-support Some command may
differ or not exist between NEXUS versions; or depend on configured features and elements.
Some commands may not apply depending on which NEXUS “features” exist in the config
file
Commands with longer output can use the syntax show command | n to avoid having to keep
pressing the space bar to continue.
COMPACT SET
This is a great command, so distil just the counter information but is show ALL the
interfaces, and depending on the switch that can be a LOOONNNNGG list and give lot of
information about counters that are (hopefully) all zero
Depending on the NXOS version it will need a bit of tweaking because different version
report counter errors in a differing ways i.e. more/less columns
Often the management interfaces always show because the column presentation is different
BEWARE when this document is save as a PDF the spacing will mess up
So, the ZEROS section may need to copied from a “REAL” show interface counters
errors show command which are zeros to re-cred the text correctly (thanks Adobe!!!)
Of course with Arista CLI…….. the -nz command can be used to do this
The command below creates an alias of your choice, mine is wrc (write config) to do this
task, but it could be anything (I successfully tried “qaz” too for lazy typist!!), which does not
match and existing command.
N9000_EDGE4# wrc
[########################################] 100%
Copy complete, now saving to disk (please wait)...
Copy complete.
N9000_EDGE4#
10.140.165.157
0026.55d9.7459
00:26:55:d9:74:59
Being a slow and poor typist. I might use my alias cooand above
shmaa 9440.c930.7b0d
To make copying to TFTP via the management interfaces easier when building configs:
This assumes there are 4 switches, and each switch will have its OWN version of the alias to
avoid confusion.
These command below will show some of the Multicast addresses in use and who is using
them. I would not expect most reader of this document to go anywhere near this level of
debugging, but this documents is a great repository for the author to keep stuff for future use.
This CLI OUTPUT below shows some content extracted from a show tech support saved
form a single NEXUS 90000 switch that was in a live broadcaster environment.
MI 1 and 2 connected to eth1/4 and 1/5 on VLAN20. With IP addresses 172.18.10.30 and 31
IGMP
L3VM Lookup Errors: 0
`show ip igmp route vrf all`
IGMP Connected Group Membership for VRF "default" - 4 total entries
Type: S - Static, D - Dynamic, L - Local, T - SSM Translated, H - Host Proxy
Group Address Type Interface Uptime Expires Last Reporter
224.0.1.84 D Vlan20 5w4d 00:02:27 172.18.10.31
224.0.1.85 D Vlan20 5w4d 00:02:29 172.18.10.28
225.0.0.64 D Vlan20 5w4d 00:02:33 172.18.10.180
229.111.112.12 D Vlan20 03:56:43 00:02:33 172.18.10.108
2019 Nov 11 13:32:19.768262 igmp [25143]: [25573]: Updating oif entry from
M2RIB PSS forvlan_id = 20, src = 0.0.0.0, grp = 224.0.1.84
2019 Nov 11 13:32:19.768211 igmp [25143]: [25573]: Updating oif entry from
M2RIB PSS forvlan_id = 20, src = 0.0.0.0, grp = 224.0.1.84
In Early 2019, as part of a network refresh and NEXIS deployment, one European customer
deployed ISIS 7500 on a Nexus 9336C-FX2 (used as an access layer device with a Nexus
9500-EX core) via breakout connection and encountered the same problems as had been seen
in 2017 with ISIS 7500 1G windows clients (UDP) but where 10G windows clients (TCP)
operated successfully. NEXIS 1G clients operated successfully.
This customer site has previously tested with Cisco Nexus 9500 EX with Nexus N93180 YC
EX, as described in section 2.3.2.2 Cisco Nexus 9500 EX with Nexus N93180 YC EX of this
document.
The “solution” was to connect ISIS 7500 (using a breakout connection from a 40/100G port)
to a Nexus N93180YC-FX (an alternative/nearby access layer device).
This is related to information discussed in NETREQS V1.x section 1.5.7 and summarised in
section 1.3.1.2 Cisco Nexus 9348-GC-FXP Field testing (FEB 2018) of this document:
The challenge with 9336C-FX2 is considered to be “structural” and not a physical layer
dependency.
Customer connected ISIS 7x00 with 4x10G copper breakout (not supported but seems to
work), 10G Windows clients worked OK but 1G windows clients did not, so it feels like the
same bugs as they had previously “fixed” on 9500-EX core.
Any 1G NEXIS or ISIS client connection that use UDP for primary data transport (See
NETREQS V1.x section 1.0.4 for more details) client traffic for ISIS storage is likely fail (as
at MAY 2019) if is transits an FX2 series product. During data migration from ISIS to
NEXIS the “active client” should be placed as close to ISIS storage as possible to mitigate
encountering such issues, however such issues would not be expected for 10G connected
“transfer/migration) clients.
Of course, NEXIS storage itself must use STATIC, there is no provision (at the time of
writing) for DHCP and this is not expected to change.
Generally, server class devices are fixed so will most likely use a STATIC IP address, but
with the correct configuration a DYNAMIC address should be viable, and as devices move
into VMs or containers or cloud-based deployments this might become mandatory. There is
not a one-shot silver bullet answer that can be offered, because as always “it depends” on
various factors. Potentially “statically assigned dynamic addresses” might be solution where
the IP address is tied to the MAC address, which make IP renumbering exercises much
easier, but that adds a different OAM task if the hardware changes, but can be very helpful in
a VMAWARE type of deployment where MAC addresses can be “sticky-coded”.
As for workstations/clients, it depends on portable vs. fixed and where they might connect as
to the best choice, plus DHCP for Avid client devices in corporate networks will be
dependent on customers’ policies. A mobile laptop is likely to get its IP address via DHCP,
while dedicated workstation might use either STATIC or DHCP depending on whether it
connects via an “Avid” administered network or a corporate IT administered network.
When using STATIC IP addresses, the DNS systems must be correctly configured for
FORWARD and REVERSE lookup otherwise some Avid application will not work correctly,
especially where FQDN is used.
A FORWARD lookup entry in Windows Server A REVERSE lookup entry in Windows Server
DNS, using a STATIC IP address. DNS using a STATIC IP address.
While with NEXIS everything can be in the same VLAN, but that I not always best
depending on many criteria. I like to reduce the “blast radius” and keep my subnets small
where viable. Also, for better security implementation I like to have NLE Workstations in a
different subnet to NEXIS and MediaCentral Application servers, so different rule sets can be
applied easily. Also, sometimes Media Central Cloud UX servers might be in yet another
subnet, and Media Central Cloud UX web clients are likely to be on the corporate IT
network.
When sharing a subnet for servers and users, I tend to prefer putting user devices in the upper
half of the subnet and server devices in the lower half, to allow for access lists to be applied if
required, and not use “100’s” as a border point, such “borders” should be on “subnet
boundaries” such as 64 or 128.
There are three Nexus families that Avid has been deployed ion at many sites are NEXUS
5600, Nexus 7000/7700 and NEXUS 9000 (9300, 93000, 9500)
As at JUN 2019 this URL is a great starting point but some of the URLs on this page do not
point where might be expected
https://www.cisco.com/c/en/us/products/ios-nx-os-software/nx-os/index.html
Obviously not wanting to read lots of verbose release notes, and develop an encyclopaedic
knowledge (which of course would be a life’s work), this helps to obtain for a simplified
version. For instance on Nexus 9000 there is no version 8.x, but on Nexus 7000 there is V8.x
but not 8.x as on Nexus 9000.
Here are two solutions I have used, because they are simple and work well.
Also, I found this one FIREFOX SEND https://send.firefox.com which I like too. Again:
Simple file-sharing, No registration, It's free; Plus: you can password protect and also set
expiry parameters, it has a 1GB “basic” limit.
One of the first things that MUST be done is to ad these two commands, otherwise it is a
non-starter
feature scp
feature bash
Use WINSCP
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(2)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.2.bin
NXOS compile time: 7/21/2016 8:00:00 [07/21/2016 11:09:32]
once this is done the config must be saved, and then the switch must be reloaded to boot into
new code.
I left the old code there just in case and there. Was plenty of space available in bootflash
Two features must be enabled on the NEXUS switch (ideally - for safety- they should be
removed after the upgrade) and some specific setting need to be made in WIN SCP settings
for the site details.
https://community.cisco.com/t5/data-center-documents/getting-winscp-on-n9k-to-work-
settings-config-required/ta-p/3818490
The transfer is rather slow expect approx. 20-30 minutes for a 9.3 Code set which it approx.
1.6GB, it does not occur anywhere need line speed
BEFORE:
AFTER TRANSFER
https://www.dell.com/support/manuals/us/en/04/force10-s4048-on/s4048-on-9.14.0.0-
cli/igmp-snooping-commands?guid=guid-d4f08dbc-eeca-4616-9d00-
aa954a573972&lang=en-us
https://www.dell.com/support/manuals/us/en/04/force10-s4048-
on/s4048_on_9.9.0.0_cli_pub/igmp-snooping-commands?guid=guid-d4f08dbc-eeca-4616-
9d00-aa954a573972&lang=en-us
One might assume that IGMP snooping is not enable by default on an S4048, and that it has
to be enable on a VLAN by VLAN basis in which case Link level multicast in 239.x.y.z
would be propagated in a similar manner to broadcasts.
Again, this suggests IGMP snooping it is not active by Default in this switch
KLAB_ACCESS05_RACK7#show ip igmp
A similar article seems to suggest the same as above that by default multicast packets are
flooded
https://www.dell.com/community/Networking-General/N2000-IGMP-snooping-filtering/td-
p/4688311
Which is not a problem for me as for MediaCentral applications the need only exists in the
239.x.x.x link-local range within a small network diameter of /23 max but more likely /24.
On OS9 and OS6 Dell switches have IGMP disabled and normally flooding is done
for multicast.
Extract from Pages 830-834. Dell EMC SmartFabric OS10 User Guide Release 10.5.1
ip igmp snooping
Enables IGMP snooping on the specified VLAN interface.
Parameters None
Default Default Depends on the global configuration.
Command Mode VLAN INTERFACE
Usage When you enable IGMP snooping globally, the configuration
Information applies to all VLAN interfaces. You can disable IGMP snooping
on specified VLAN interfaces. The no version of this command
disables IGMP snooping on the specified VLAN interface.
Example OS10(config)# interface vlan 100
OS10(conf-if-vl-100)# no ip igmp snooping
IGMP snooping should be disabled on MediaCentral VLANS that need to use Link Level
Layer 2 multicast (239.x.x.x) for local lookup such as Media Indexer NOMI and MCCUX
clustering. THIS IS NOT ABOUT MUTLICAST ROUTING.
https://www.arista.com/assets/data/pdf/user-manual/um-
eos/Chapters/IGMP%20and%20IGMP%20Snooping.pdf
see https://www.arista.com/en/um-eos/eos-igmp-and-igmp-snooping
Demystifying Ethernet Types— Difference between Cat5e, Cat 6, and Cat7 (FEB 2016)
https://planetechusa.com/demystifying-ethernet-types-difference-between-cat5e-cat-6-and-
cat7/
Great article: How to Decipher the Data Center Fiber Alphabet Soup
https://www.commscope.com/Blog/How-to-Decipher-the-Data-Center-Fiber-Alphabet-Soup/
Know your GBASE-SR from your GBASE-DR, and your LR4 from your SR16
and
https://en.wikipedia.org/wiki/Terabit_Ethernet
One of our customers in NALA wants to double check with us the network configuration
attached.
I do not see a problem, but we would like your blessing since they use Arista switches and
my experience with them is limited.
As far as I understand, they need path redundancy, but with only one controller inside their
NEXIS E2s. I rather have two, but budget limits won’t allow them to do so.
I am unaware of ANY testing done at the client level with LACP by Avid Engineering? More
is the pity I have been saying we should do this for years, but it never makes the cut. IMHO
this is low hanging fruit and I have recently been talking with Dana and Tim about things we
need to do better that would be low cost but great benefit. Product Management and
Engineering have always gone down the AALB route, which worked well for ISIS/NEXIS
but had some unfortunate shortcomings for Interplay (and probably this still lurk in Media
central because Asset Management group don’t test NEXIS/resilience features.
The last testing I did was with ISIS 4.x in 2014 and windows 7 with the Intel driver Pro 1000
series of NICS, while on a PS Job in South Korea I had the opportunity so seized it with both
hands. It worked really well with NEXUS 7000 and the M148 1G card, the one small
bugbear was that ISIs client only “saw” 1G of BW, but it was the most robust connection I
have ever had the pleasure of causing distress in the name of testing and learning.
As far as LACP a lot of things have altered with Windows 10 vs 7, the way NIC drivers
operate has undergone BIG changes. Interface teaming has always been more of a server
class function not client class, after all the Intel Pro 1000 was a server class NIC.
I have never done it on a MAC but this Article suggest it will work for OSX 10.14/15
https://support.apple.com/en-gb/guide/mac-help/mchlp2798/mac
As per the articles below, later version of Window 10 PRO can do it, perhaps that is why
NEXIS engineering stayed well clear…. Limited support for Microsoft an Apple
NIC Teaming Windows 10 (Works)
https://linustechtips.com/main/topic/1003888-nic-teaming-windows-10-works/
https://www.intel.co.uk/content/www/uk/en/support/articles/000032008/network-and-i-o/ethernet-products.html
LACP does not need MLAG to test, it can be tested on a single switch, and that is where I
would start. Of course, for extra BW there is always AALB…. Which is just 2 NIC with
discrete IP addresses in the same VLAN.
https://blogs.cisco.com/perspectives/to-flow-or-not-to-flow
two good explanation on Priority Flow Control, one from Ivan Pepelnjak and another from
Juniper
https://blog.ipspace.net/2010/09/introduction-to-8021qbb-priority-flow.html
https://www.juniper.net/documentation/en_US/junos/topics/concept/cos-priority-flow-
control.html
and
https://www.cisco.com/c/en/us/products/collateral/switches/nexus-7000-series-
switches/white_paper_c11-542809.pdf
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/qos/configuration/guide/b_Cisco_Nexus_9000_Series_NX-
OS_Quality_of_Service_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-
OS_Quality_of_Service_Configuration_Guide_7x_chapter_01011.html
In SEP/OCT 2020 has a customer with multiple 40G engines which were mirrored, and a
HEAVY write workflow was a factor. The systems could provide the desired READ
bandwidth but could not achieve the desired WRITE bandwidth, only hitting about 60% of
target. This customer has 3 x E5 engines (with a fourth due to be added) connecting via two
NEXUS 9364C switches (access L2) in an MLAG pair with a 400G vPC peer link and 400G
uplinks to core N9364C MLAG pair and the Edge switches were N93180YC with 200G
uplinks, so a very capable network, but the “system” appeared to be struggling. Was it the
NEXIS or the network? Testing in Burlington indicated a similarly configured NEXIS system
with multiple of 2x10G clients could achieve a full WRITE bandwidth. For the desired Media
Pack quantity.
The WRITE performance increased jumped from 1800MB/S to 3200MB/S (reaching the
target figure of 3000MB/S and eventually got to 4000MB/S) when flow control was applied
to the NEXUS interface ports facing NEXIS. This size of WRITE bandwidth is an extreme
figure and unlikely to feature in the operational workflows for the site, as it was based on all
WRITE capable device operating concurrently at full projected load, even 50% of that value
is unlikely in normal operation, regardless of whether or not the system was sized to achieve
it.
They key point here is that when there is a mirrored NEXIS system, there is a lot of cross
engine bandwidth to fulfil the mirrored writes, this is different to client bandwidth, but it
means the 40G ports are having to work a lot harder. Even though the N9364C is a BIG 100G
switch, it has moderate buffers, and the incoming data from the uplinks was considerable.
Along with that data between the engines there would have been congestion which cause
write request to go unfulfilled between engines which in turn cause a push back on the write
requests. This is not the type of congestion that could have been addressed with a QoS profile
because all the data was of the same class/value. Also it might not be the Engine/Media-
Packs that is struggling but the NIC
This is a great example of how the targeted use of Link Level Flow Control (where not using
class-based indicator) with in a single switch is the correct approach to maximise
performance of similarly capable servers with heavy bidirectional communication.
I did not have access to the systems to look at what was happening on the NEXUS switch
ports, which apparently did not show interfaces discards or buffer utilisation, before or after
flow control was applied. I could not see the full extent of any QoS policies that were
associated with the flow control and I am reliably informed that without then a pause frame
(802.3x or 802.1Qbb) will have little effect on what the switch is doing.
Basically RECEIVE 802.3 flow control is a way for a NIC to exert back pressure for a very
short period of time and ask the device that receives the pause frame to stop sending for up to
3.35ms at 10G or 0.83ms at 40G. So, if a receiving NIC in an NLE is having difficulty
processing incoming traffic and sending data up the stack, the NIC will issue a pause frame,
if connected to a switch it is “asking” the switch to buffer the traffic, but the switch may not
send an onward frame to the sending device.
TRANSMIT 802.3 flow control from a switch would send a pause frame to a sending device
(or all ports configured as TX=ON) when it buffer reaches a certain FILL point.
As Avid NEXIS does not implement any flow control it is up to the NIC driver and/or OS to
react (or not).
Tested on a Dell S4048 network switch, this single 40G client to a single 40G storage server
will perform below expectations when flow control RX=off on client port and (e.g.)
<2000MB/S and then with flow control RX=on we get approx. 3200MB/S, no changes made
to the storage server port. There should be no oversubscription between the two devices, so
no need to send pause frames to/from this switch.
Using 40G without Jumbo frames (NEXIS MTU =1500 bytes) will cause a lot of TCP
processing to be required, but surely a Modern 40G NIC has sufficient TCP offload
capabilities, but it is probable in this case that the NIC needs a little breathing space and each
PAUSE if using the maximum quanta value at 4G will cause a 0.8ms hiatus and allow
equivalent to approx. 4MB of data
BITS BYTES KB MB
33553920 4194240 4095.938 4.000
Below is another situation one that WILL cause congestion that can be helped by flow
control, regardless of whether devices are 10G or 40G, and it may need RX=ON and
TX=ON, because there is a Potential 3:1 oversubscription on the Storage Engines as not only
must the WRITE form the NEXIS client be fulfilled, but also the MIRROR write to a
different engine. Of cause such congestion will only occur under a HIGH WRITE LOAD
scenario
B.51 Flow control in Cisco NEXUS switches with AVID Nexis storage
NEXUS QoS is quite different to Catalyst and deploys many new and innovative tools, but
some of the tools supporting elements that are used by default are well hidden. Help
gratefully received from my friendly Cisco NEXUS Guru who is well known to many.
NOTE AVID NEXIS DOES NOT SUPPORT IEEE 802.1Qbb Priority Flow Control (PFC)
at time of writing but commands included for completeness
S1 S2
1/20-21,
PO2000 1/1,
1/1, 1/4, PO100 1/3,
PO100 1/2, 1/3,
PO100 PO101 1/2, PO101 1/4,
PO101
PO100 PO101
Network-qos policy applies to all devices as determines which class is non-drop, and as such
configuration must be uniform across all switches, all switches will have same configuration:
Switch(config-pmap-c-que)# policy-map type network-qos N_AVID_POLICY1
Switch(config-pmap-nqos)# class type network-qos c-8q-nq3
Switch(config-pmap-nqos-c)# pause pfc-cos 3
Switch(config-pmap-nqos-c)# exit
Switch(config-pmap-nqos)#
Switch(config-pmap-nqos)# system qos
Switch(config-sys-qos)# service-policy type network-qos N_AVID_POLICY1
Traffic is remarked to DSCP CS3 that will be later used for classification on spine layer and
on uplinks from spine on leaf switches, into qos-group 3
Configuration – Classification on uplink ports on leaf switches, and all ports on spine,
and peer-link
All traffic that we want to match should be marked with DSCP CS3, and we are matching it
on uplinks on switch, on peer-link, and on all links on spine:
Switch(config)# class-map type qos AVID_TRAFFIC1
Switch(config-cmap-qos)# match dscp CS3
Switch(config-cmap-qos)# policy-map type qos AVID_POLICY1
Switch(config-pmap-qos)# class type qos AVID_TRAFFIC1
Switch(config-pmap-c-qos)# set qos-group 3
Traffic marked as DSCP CS3 is mapped to qos-group 3 on spine layer and on uplinks from
spine on leaf switches
Switch(config-sys-qos)# interface port-channel 100-101, port-channel 1000
Switch(config-if)# service-policy type qos input AVID_POLICY1
system qos
service-policy type network-qos N_AVID_POLICY1
e.g.
NEW_TEST_3# sh interface flowcontrol | n
--------------------------------------------------------------------------------
Port Send FlowControl Receive FlowControl RxPause TxPause
admin oper admin oper
--------------------------------------------------------------------------------
Eth1/1 off off off off 0 0
Or
slot 1
=======
============================================================
Port Mode Oper(VL bmap) RxPPP TxPPP
============================================================
Or to see the default/hidden commands too (it is a. Long list so use | no-more)
B.52 Flow control in Dell S4048 switches with AVID Nexis storage
In OS9 for S4048 Dell has a very different way of handling 802.3x flow control in
comparison to Cisco. There are no supporting policies needed. Apparently, there is little way
to influence the buffer management, the outcome is in the hands of the OS
flowcontrol rx {off | on} tx {off | on} [pause- threshold {<1-12480>] [resume-
offset <1-12480>] [negotiate]
Enter the keywords rx on to process the received flow control frames on this
rx on
port.
Enter the keywords rx off to ignore the received flow control frames on this
rx off
port.
Enter the keywords tx on to send control frames from this port to the
tx on
connected device when a higher rate of traffic is received.
Enter the keywords tx off so that flow control frames are not sent from this
tx off
port to the connected device when a higher rate of traffic is received.
pause-
Enter the buffer threshold limit for generating PAUSE frames.
threshold
resume-
Enter the offset value for generating PAUSE frames to resume traffic.
offset
The firmware version of the Mellanox NIC in the NEXIS controller is not directly related to
NEXIS version. It cannot be field upgraded, hence replacement controllers may have a
different version to existing controller. Since mid 2018 new systems should have firmware-
version: 2.42.5000.
Firmware-version 2.42.5000 This added support for a SINGLE long-range optic 40GbE
MC2210511-LR4 Mellanox® optical module, 40Gb/s, QSFP, LC-LC, 1310nm, LR4 up to
10km, which of course will be compatible with Cisco LR Cisco QSFP-40G-LR4-S
transceiver at the other end.
The maximum TWINAX distance supported in the NEXIS controller NIC remains as 5M
Before that systems used firmware-version: 2.40.5030, so as a rough guide, systems delivered
in 2017 will probably be fitted with 2.40.5030 which does support 40GbE QSFP-40G-SR-
BD Cisco 40G BD Module, but no long range optics
Earlier systems 2016 and before will probably have firmware-version: 2_34_5000
In order to confirm driver version, user can go to the agent page of the engine
(https://<engine ip or hostname>:5015, go to the Advanced tab and under System Tools use
the op3on “Issue Shell Command”. In that window user type “ethtool -i gt0”. If user prefers
to use Putty and ssh to the engine, the same information is available using the same
command. ALL engines should be checked.
B.54 DELL S4100 OS10 vs. OS9 LACP and VLT commands
OS 10 and OS 9 have different syntax.
See session 1.1.1 regarding known VLT-LACP to HOST in OS10.5.2.2 that will affect
NEXIS and possibly ESXi, and likely to affect other platform operating systems/devices too.
OS10 OS9
interface port-channel31 !
description NEXIS ENGINE AGGREGATE interface Port-channel 70
no shutdown description PORT CHANNEL TO NEXIS
switchport access vlan 30 no ip address
! switchport
interface ethernet1/1/1 no shutdown
description NEXIS CONTROLLER P1
Syntax Description
Command Modes
/exec
locator-led fex
[no] locator-led fex chas_no
Syntax Description
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-
x/command_reference/config_612I22/b_n9k_command_ref/b_n9k_command_ref_chapter_0
1110.html
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/16-
10/command_reference/b_1610_9500_cr/stackwise_virtual_commands.html#wp3778239026
Here’s a quick guide that an ACSR has written. The PDF version is here:
https://www.dropbox.com/s/3yl7fzr13dvwxo5/Quick%20Setup%20of%20DELL%20
N3224%20Switches%20for%20NEXIS%20use.pdf?dl=0
To address this, you will have to setup the switch for remote access and change the
ports speed. This process can also be achieved using the switches CLI but for people
who are not familiar with the commands here’s how to change the ports to be 10GbE
through the web interface.
If this is the first time you have booted the switch you will be asked…
Would you like to run the setup wizard (you must answer this question within 60
seconds)? (y/n) At this point enter Y.
Follow the onscreen requests to setup the initial access to the switch> Here you will
need to be able to supply IP addresses to be used to access it as well as an admin
username and password. Once you have this complete you should be able to access
the switch using a browser.
Login with your username and password.
At the web interfaces left hand menu navigate to Switching > Ports > Port
Configuration.
On the Port selection window at the top of this page choose TW1/0/1 from the drop
down menu ( this is marked as port 25 on the front of the unit and is the left most SFP
slot)
NETREQS-NEW_for_NEXIS_and_MediaCentral_V2.8.docx Page 192 of 222
Now go to the Admin Port Speed drop down menu and change this from 25000 to
10000.
Note that Operational Auto Negotiation is marked as Disable and that the Auto
Negotiate Speed radio buttons below cannot be chosen unlike the other 24 copper
ports. This is why the port will not switch down to 10GbE automatically.
Choose Apply at the bottom of the page to make this port 10GbE.
Repeat for other ports as needed.
IMHO, it is probably easier to do this at the CLI ,but as ever it depends on one comfort level
at the coal face.
The default interface command is a joy in Cisco but is “missing in DELL OS6 until….
https://www.dell.com/community/Networking-General/Delete-all-configuration-from-a-port-
N4000-N2000/td-p/6069920
default gi1/0/29
For those who are on lower version this same article contains other useful nuggets that are
not TOTALLY accurate, depending on you OS version.
no description
no spanning-tree portfast
no switchport mode
no switchport access vlan
no switchport trunk allowed vlan
no switchport trunk native vlan
to clean out
!
interface Gi1/0/2
switchport mode trunk
to
!
interface Gi1/0/2
So I could get to
!
interface Gi1/0/2
description "TVS-ESXnn_VM MANAGEMENT CONNECTION_ NON CRITICAL"
switchport access vlan 152
exit
Also the interface range command takes some wrangling and “helpfully” DELL OS 6 wants
more than just a G or a T for interfaces…. It wants Gi or Te
Historically, Avid products use the standard “kettle” type lead for a power connection and
been 100-240V PSU. The IEC 60320 C13 connection or the C15 if it is key like a REAL
kettle lead is the standard type of connection is prevalent on PC/Workstations, and has a
current rating of 10 Amps.
https://en.wikipedia.org/wiki/IEC_60320#C13.2FC14_coupler
Be prepared about power installation of the Cisco Catalyst 4500X – the power supply does
not use the common IEC C13/C14 power cable which can normally be found in a data centre
rack environment, but the less common C15/C16 power cable. The power cable that is
provided with the switch is terminated may be a country-specific wall socket plug, which
typically cannot be used in the rack PDU system or even have the wrong county spec. if it
was a GREY IMPORT. A possible solution performed successfully many times is to modify
the provided C15/C16 power cable and terminate it with the IEC C13/C14 to match the
datacentre PDU. This should be considered, planned and executed well in advance to avoid
unpleasant surprises at the time of switch installation.
The ISIS 2000/2500 with more demanding power supplies, needs a high current capacity
connection and this is the C19 connection and has a current rating of 16 Amps.
https://en.wikipedia.org/wiki/IEC_60320#C19.2FC20_coupler
The process for do this is well documented in the Avid documentation, but only from a
NEXIS perspective, not what happens at the switch.
This system has a single SDA with redundant controllers, and five E4 NEXIS engines also
with redundant controllers, so that is a total of 24 physical connections all at 10G.
The required method is to do basic configuration on the NEXIS engines and prepare them
with IP addresses and then to connect them one by one, with the SDA being first. When
applying Link aggregation on the controller, this requires a re-start.
The CLI output below shows what happens on a C4500X-VSS (it will be slightly different on
a NEXUS switch as there is better support for INDIVIDUAL mode of LACP and some
command are different).
Virtual switching system (VSS) Configuration For Cisco 4500 series switches
https://supportforums.cisco.com/t5/network-infrastructure-documents/virtual-switching-
system-vss-configuration-for-cisco-4500-series/ta-p/3147865
and
https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-
2/XE_340/configuration/guide/config/vss.html
and
D.1.1 SDA
!! BELOW we have NO SHUT the ports for the SDA, all 4 of them on both controllers
!! We gets a message that the ports are not able to join the Aggregate
!! - note on NEXUS they will come up in individual mode (I) and not (s)
!! NOW enable the SDA for LACP and restart the controllers
!! then the interfaces come on line, and then the SECOND controller goe off again
AVID-CORE1-VSS(config-if-range)#
*Jul 19 07:57:53.040: %EC-5-L3DONTBNDL2: Te2/1/1 suspended: LACP currently not enabled on the
remote port.
*Jul 19 07:58:25.896: %EC-5-L3DONTBNDL2: Te2/1/17 suspended: LACP currently not enabled on
the remote port.
*Jul 19 07:58:57.056: %EC-5-BUNDLE: Interface Te1/1/1 joined port-channel Po10
*Jul 19 07:58:57.152: %EC-5-BUNDLE: Interface Te2/1/1 joined port-channel Po10
*Jul 19 07:58:57.153: %EC-5-BUNDLE: STANDBY:Interface Te1/1/1 joined port-channel Po10
*Jul 19 07:58:57.252: %EC-5-BUNDLE: STANDBY:Interface Te2/1/1 joined port-channel Po10
*Jul 19 07:59:30.336: %EC-5-BUNDLE: Interface Te1/1/17 joined port-channel Po40
*Jul 19 07:59:30.787: %EC-5-BUNDLE: Interface Te2/1/17 joined port-channel Po40
*Jul 19 07:59:30.454: %EC-5-BUNDLE: STANDBY:Interface Te1/1/17 joined port-channel Po40
*Jul 19 07:59:30.887: %EC-5-BUNDLE: STANDBY:Interface Te2/1/17 joined port-channel Po40
*Jul 19 07:59:34.078: %EC-5-UNBUNDLE: Interface Te1/1/17 left the port-channel Po40
*Jul 19 07:59:34.135: %EC-5-UNBUNDLE: Interface Te2/1/17 left the port-channel Po40
*Jul 19 07:59:34.079: %EC-5-UNBUNDLE: STANDBY:Interface Te1/1/17 left the port-channel Po40
*Jul 19 07:59:34.154: %EC-5-UNBUNDLE: STANDBY:Interface Te2/1/17 left the port-channel Po40
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#
D.1.2 ENGINE 1
!! NOW LETS DO ENGINE 1, the procedure will be the same but with different PO
NUMBERS,
!! and the intervening states are not shown,
!! NOR are enable the ENGINE 1 for LACP and restart the controllers
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#int ran t1/1/2,t1/1/18,t2/1/2,t2/1/18
AVID-CORE1-VSS(config-if-range)#no shut
AVID-CORE1-VSS(config-if-range)#
*Jul 19 08:07:51.399: %EC-5-L3DONTBNDL2: Te2/1/2 suspended: LACP currently not enabled on the
remote port.
*Jul 19 08:07:52.175: %EC-5-L3DONTBNDL2: Te2/1/18 suspended: LACP currently not enabled on
the remote port.
*Jul 19 08:07:56.444: %EC-5-L3DONTBNDL2: Te1/1/18 suspended: LACP currently not enabled on
the remote port.
*Jul 19 08:08:08.676: %EC-5-L3DONTBNDL2: Te1/1/2 suspended: LACP currently not enabled on the
remote port.
*Jul 19 08:09:55.827: %EC-5-L3DONTBNDL2: Te2/1/2 suspended: LACP currently not enabled on the
remote port.
*Jul 19 08:10:05.907: %EC-5-L3DONTBNDL2: Te2/1/18 suspended: LACP currently not enabled on
the remote port.
*Jul 19 08:10:58.564: %EC-5-BUNDLE: Interface Te1/1/18 joined port-channel Po41
*Jul 19 08:10:58.682: %EC-5-BUNDLE: STANDBY:Interface Te1/1/18 joined port-channel Po41
*Jul 19 08:11:00.455: %EC-5-BUNDLE: Interface Te2/1/18 joined port-channel Po41
*Jul 19 08:11:00.764: %EC-5-BUNDLE: Interface Te1/1/2 joined port-channel Po11
*Jul 19 08:11:00.556: %EC-5-BUNDLE: STANDBY:Interface Te2/1/18 joined port-channel Po41
*Jul 19 08:11:00.885: %EC-5-BUNDLE: STANDBY:Interface Te1/1/2 joined port-channel Po11
*Jul 19 08:11:02.536: %EC-5-BUNDLE: Interface Te2/1/2 joined port-channel Po11
*Jul 19 08:11:02.635: %EC-5-BUNDLE: STANDBY:Interface Te2/1/2 joined port-channel Po11
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if-range)#
D.1.3 ENGINE 2
!! ENGINE 2
!! and here is what happens when a mistake is made, one port was not turned on correctly due
to a typo
!! T2/1/13 is enable instead of T2/1/3, so only three ports come up and SH
ETHERCHANNEL SUM
!! shows that port T2/1/3 is DOWN (D) while others expected ports are just suspended (s)
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#int ran t1/1/3,t1/1/19,t2/1/13,t2/1/19
AVID-CORE1-VSS(config-if-range)#no shut
AVID-CORE1-VSS(config-if-range)#
*Jul 19 08:22:57.280: %EC-5-L3DONTBNDL2: Te1/1/3 suspended: LACP currently not enabled on the
remote port.
*Jul 19 08:22:58.524: %EC-5-L3DONTBNDL2: Te1/1/19 suspended: LACP currently not enabled on
the remote port.
*Jul 19 08:23:02.080: %EC-5-L3DONTBNDL2: Te2/1/19 suspended: LACP currently not enabled on
the remote port.
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if-range)#int t2/1/3
AVID-CORE1-VSS(config-if)#no shut
AVID-CORE1-VSS(config-if)#int t2/1/13
AVID-CORE1-VSS(config-if)#shut
AVID-CORE1-VSS(config-if)#
*Jul 19 08:25:04.112: %EC-5-L3DONTBNDL2: Te2/1/3 suspended: LACP currently not enabled on the
remote port.
AVID-CORE1-VSS(config-if)#
AVID-CORE1-VSS(config-if)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if)#
!! NOW enable the ENGINE 2 for LACP and restart the controllers
!! first activity after 1.5 minutes
AVID-CORE1-VSS(config-if)#do sh clock
*11:30:41.139 AST Wed Jul 19 2017
AVID-CORE1-VSS(config-if)#
*Jul 19 08:32:03.396: %EC-5-L3DONTBNDL2: Te2/1/19 suspended: LACP currently not enabled on
the remote port.
*Jul 19 08:32:07.984: %EC-5-L3DONTBNDL2: Te2/1/3 suspended: LACP currently not enabled on the
remote port.
*Jul 19 08:33:07.351: %EC-5-BUNDLE: Interface Te1/1/19 joined port-channel Po42
*Jul 19 08:33:07.471: %EC-5-BUNDLE: STANDBY:Interface Te1/1/19 joined port-channel Po42
*Jul 19 08:33:09.147: %EC-5-BUNDLE: Interface Te2/1/19 joined port-channel Po42
*Jul 19 08:33:09.248: %EC-5-BUNDLE: STANDBY:Interface Te2/1/19 joined port-channel Po42
*Jul 19 08:33:12.008: %EC-5-BUNDLE: Interface Te1/1/3 joined port-channel Po12
*Jul 19 08:33:12.127: %EC-5-BUNDLE: STANDBY:Interface Te1/1/3 joined port-channel Po12
*Jul 19 08:33:13.720: %EC-5-BUNDLE: Interface Te2/1/3 joined port-channel Po12
*Jul 19 08:33:13.831: %EC-5-BUNDLE: STANDBY:Interface Te2/1/3 joined port-channel Po12
AVID-CORE1-VSS(config-if)#
AVID-CORE1-VSS(config-if)#do sh etherchannel sum
AVID-CORE1-VSS(config-if)#do sh clock
*11:33:45.238 AST Wed Jul 19 2017
AVID-CORE1-VSS(config-if)#
!! the Portchannels are online after approx. 3 minutes but the engine is still in the restart
cycle.
D.1.4 ENGINE 3
AVID-CORE1-VSS(config-if-range)#
!! NOW enable the ENGINE 2 for LACP and restart the controllers
!! first activity after 1.5 minutes
VID-CORE1-VSS(config-if-range)#
*Jul 19 11:40:55.175: %EC-5-L3DONTBNDL2: Te2/1/20 suspended: LACP currently not enabled on
the remote port.
*Jul 19 11:40:55.819: %EC-5-L3DONTBNDL2: Te2/1/4 suspended: LACP currently not enabled on the
remote port.
*Jul 19 11:42:01.020: %EC-5-BUNDLE: Interface Te1/1/4 joined port-channel Po13
*Jul 19 11:42:01.141: %EC-5-BUNDLE: Interface Te1/1/20 joined port-channel Po43
*Jul 19 11:42:01.720: %EC-5-BUNDLE: Interface Te2/1/20 joined port-channel Po43
*Jul 19 11:42:01.895: %EC-5-BUNDLE: Interface Te2/1/4 joined port-channel Po13
*Jul 19 11:42:01.139: %EC-5-BUNDLE: STANDBY:Interface Te1/1/4 joined port-channel Po13
*Jul 19 11:42:01.260: %EC-5-BUNDLE: STANDBY:Interface Te1/1/20 joined port-channel Po43
*Jul 19 11:42:01.830: %EC-5-BUNDLE: STANDBY:Interface Te2/1/20 joined port-channel Po43
*Jul 19 11:42:02.001: %EC-5-BUNDLE: STANDBY:Interface Te2/1/4 joined port-channel Po13
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if-range)#
D.1.5 ENGINE 4
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#int ran t1/1/5,t1/1/21, t2/1/5, t2/1/21
AVID-CORE1-VSS(config-if-range)#no shut
AVID-CORE1-VSS(config-if-range)#do sh clock
*11:50:32.242 AST Wed Jul 19 2017
AVID-CORE1-VSS(config-if-range)#
*Jul 19 11:50:40.744: %EC-5-L3DONTBNDL2: Te1/1/5 suspended: LACP currently not enabled on the
remote port.
*Jul 19 11:50:44.327: %EC-5-L3DONTBNDL2: Te1/1/21 suspended: LACP currently not enabled on
the remote port.
*Jul 19 11:50:46.832: %EC-5-L3DONTBNDL2: Te2/1/21 suspended: LACP currently not enabled on
the remote port.
*Jul 19 11:50:53.432: %EC-5-L3DONTBNDL2: Te2/1/5 suspended: LACP currently not enabled on the
remote port.
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if-range)#do sh clock
*11:51:16.817 AST Wed Jul 19 2017
AVID-CORE1-VSS(config-if-range)#
*Jul 19 11:52:33.504: %EC-5-L3DONTBNDL2: Te2/1/21 suspended: LACP currently not enabled on
the remote port.
*Jul 19 11:52:38.067: %EC-5-L3DONTBNDL2: Te2/1/5 suspended: LACP currently not enabled on the
remote port.
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if-range)#
*Jul 19 11:53:38.892: %EC-5-BUNDLE: Interface Te1/1/21 joined port-channel Po44
*Jul 19 11:53:38.939: %EC-5-BUNDLE: Interface Te2/1/21 joined port-channel Po44
*Jul 19 11:53:38.940: %EC-5-BUNDLE: STANDBY:Interface Te1/1/21 joined port-channel Po44
*Jul 19 11:53:39.064: %EC-5-BUNDLE: STANDBY:Interface Te2/1/21 joined port-channel Po44
*Jul 19 11:53:44.047: %EC-5-BUNDLE: Interface Te1/1/5 joined port-channel Po14
*Jul 19 11:53:44.055: %EC-5-BUNDLE: Interface Te2/1/5 joined port-channel Po14
*Jul 19 11:53:44.058: %EC-5-BUNDLE: STANDBY:Interface Te1/1/5 joined port-channel Po14
*Jul 19 11:53:44.194: %EC-5-BUNDLE: STANDBY:Interface Te2/1/5 joined port-channel Po14
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if-range)#
D.1.6 ENGINE 5
!! AND now the final engine Engine 5
AVID-CORE1-VSS(config-if-range)#int ran t1/1/6,t1/1/22,t2/1/6, t2/1/22
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh clock
*11:59:30.056 AST Wed Jul 19 2017
AVID-CORE1-VSS(config-if-range)#no shut
AVID-CORE1-VSS(config-if-range)#
*Jul 19 11:59:47.442: %EC-5-L3DONTBNDL2: Te1/1/6 suspended: LACP currently not enabled on the
remote port.
*Jul 19 11:59:55.577: %EC-5-L3DONTBNDL2: Te2/1/22 suspended: LACP currently not enabled on
the remote port.
*Jul 19 12:00:04.007: %EC-5-L3DONTBNDL2: Te2/1/6 suspended: LACP currently not enabled on the
remote port.
*Jul 19 12:00:04.280: %EC-5-L3DONTBNDL2: Te1/1/22 suspended: LACP currently not enabled on
the remote port.
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if-range)#do sh clock
*12:00:23.799 AST Wed Jul 19 2017
AVID-CORE1-VSS(config-if-range)#
*Jul 19 12:01:46.936: %EC-5-L3DONTBNDL2: Te2/1/22 suspended: LACP currently not enabled on
the remote port.
*Jul 19 12:01:52.179: %EC-5-L3DONTBNDL2: Te2/1/6 suspended: LACP currently not enabled on the
remote port.
*Jul 19 12:02:52.188: %EC-5-BUNDLE: Interface Te1/1/22 joined port-channel Po45
*Jul 19 12:02:52.340: %EC-5-BUNDLE: Interface Te2/1/22 joined port-channel Po45
*Jul 19 12:02:52.306: %EC-5-BUNDLE: STANDBY:Interface Te1/1/22 joined port-channel Po45
*Jul 19 12:02:52.455: %EC-5-BUNDLE: STANDBY:Interface Te2/1/22 joined port-channel Po45
AVID-CORE1-VSS(config-if-range)#
AVID-CORE1-VSS(config-if-range)#do sh etherchannel sum
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
AVID-CORE1-VSS(config-if-range)#
!! THEN SAVE THE CONFIG, which is copied to the other VSS member.
AVID-CORE1-VSS(config-if-range)#do wr
Building configuration...
Compressed configuration from 20872 bytes to 7338 bytes[OK]
AVID-CORE1-VSS(config-if-range)#
*Jul 19 12:03:41.450: %C4K_REDUNDANCY-5-CONFIGSYNC: The private-config has been successfully
synchronized to the standby supervisor
*Jul 19 12:03:41.736: %C4K_REDUNDANCY-5-CONFIGSYNC: The startup-config has been successfully
synchronized to the standby supervisor
http://www.mellanox.com/blog/author/bradsmith/
Active Optical Cable (AOC) – Rising Star of Telecommunications & Datacom Transceiver
Markets
https://community.fs.com/blog/active-optical-cable-aoc-rising-star-of-telecommunications-
datacom-transceiver-markets.html
Avid does NOT test any AoC products (active over optical). While AoC
might work between a Switch and relatively recent NIC (happily passing
NEXIS traffic) , you are likely to encounter problems if this is connected
directly to a NEXIS engine, the Mellanox CX3 adapter (an old legacy 1-
/40G device in Mellanox terms because there are so many newer 10/25G
products) does not support any AoC vendor that I am aware of. AoC is a
great, reduced cost short haul fibre method with “sealed” transceivers at
each end and hence fixed lengths up to 150m (for MMF variants).
However just like TWINAX (that was not supported with ISIS7x00) the
firmware on the terminating devices need to support AoC too.
~SECTION END~
Many of the principle apply equally well to NXOS and the minimum recommended version
is listed elsewhere in this document. There is no sun-section for NXOS in this appendix F at
this tim.
Avid does not routinely test any/new IOS or NXOS, but I list ones which I know have given
Avid problems, and hence this should be avoided.
There are rare situations when in extended deployment (not direct connect
to ISIS with vanilla configuration), with special features that certain
commands are required. One example of this is with the Foundry and
IEEE802.1q trunks on 10G links that is described elsewhere in this
document.
Minimum s/w versions are described in The Avid ISIS 7000 Ethernet Switch Reference
Guide available at:
http://resources.avid.com/SupportFiles/attach/AvidISIS/AvidNetworkSwitchGuide_v4.7.3_R
ev_F.pdf
C4900M, C4948E, C4948-10GE and C4500E devices using 12.2.x IOS will not
exhibit the BFD problems and do not need to be upgraded.
When projects purchase their own product, I am often asked what I recommend as a suitable
software version. Well the answer is “IT DEPENDS….”, which at first sight is unhelpful.
Initially understand that for Avid solutions the additional features in the new release are
extremely unlikely to be needed by the Avid applications, so the major version and point
version may be of little relevance, but the maintenance version might be critical in terms of
avoiding bugs. Secondly consider that when you are reading this content and when it was
written will have significant bearing on any suggestion of version number, as they keep
advancing with all vendors. And also there may be corporate policies of the destination
deployment that will restrict the choices that can be made.
Using cisco and an example see the screen shot below form their website
So the key thing when looking at release notes is to pick a recent version, that is above the
maintenance version and not too new and not too old, and that has a long maintenance
window. The h
So I WOULD ALWAYS AVOID a version that was X.0.0, and one that was X.Y.0
The hypothetical version 8 and 9 is used below for explanation, and we will assume that the
minimum version Avid was 7.8.9 and that was 5 years from the reading date
Hence lest us consider:
9.0.x = AVOID
9.1.0 = AVOID
9.1.1 = GOOD
9.1.2 = GOOD
9.2.0 = AVOID LATEST VERSION
So again, to use hypothetical situation of the 9.2.x thread was release in 1/JAN/2001 I would
not even consider is until 1/JUL/2001 and would want 9.1.1 minimum
Avid does not MANDATE the version beyond the MINIMUM tested and specific version to
avoid as listed by Avid or Cisco deprecation.
At the time of writing this section [APRIL2016], below is the information from Cisco
http://www.cisco.com/c/en/us/support/switches/catalyst-4900-series-switches/products-
release-notes-list.html
I would be considering IOS- 15.2(3)E2 or 15.2(2)E4 , the most recent update for them are 2
months old (or more) and the base software has a maturity level that in comforting. IOS-
15.2(4)E was first published in First Published: October 1, 2015 and Last Updated: January
29, 2016, so this new kid on the block is probably too young for my preferences, the
minimum version Avid supports is 12.2.(46) and the latest 12.2.(54) version is—AUG 2014
so this would be suitable too.
BUT, by the time you read this, in 4 weeks, 3 months or 2 years on (you het the gist I hope),
the paragraphs/screenshots immediately above will almost certainly be superseded by newer
information. The point is to apply the principles.
Avid does not MANDATE the version beyond the MINIMUM tested and specific version to
avoid as listed by Avid or Cisco deprecation.
At the time of writing this section [APRIL2016], below is the information from Cisco
http://www.cisco.com/c/en/us/support/switches/catalyst-4500-x-series-switches/products-
release-notes-list.html [STILL VALID FEB 2019]
NETREQS-NEW_for_NEXIS_and_MediaCentral_V2.8.docx Page 216 of 222
I would be considering IOS-XE 3.7.x or 3.6.x, the most recent update for them are 2 months
old and the software has a maturity level that in comforting. IOS-XE 3.8.x was first
published in First Published: October 1, 2015 and Last Updated: April 25, 2016
So this new kid on the block is probably too young for my preferences, the minimum version
Avid supports is 3.4.1 and the latest 3.4.x version is IOS XE 3.4.7SG—Dec 07, 2015 so this
would be suitable
BUT, by the time you read this, in 4 weeks, 3 months or 2 years on (you het the gist I hope),
the paragraphs/screenshots immediately above will almost certainly be superseded by newer
information. The point is to apply the principles.
Also be aware that some upgrades from older version might need a
ROMMON upgrade too, if in doubt set up a TFTP boot to see if the desired
code will RUN before doing the REAL upgrades into NVRAM via TFTP.
As the C4948 10GE has been end of sales since AUG 2013 and is approaching end of
Vulnerability S/W support and has less than 2 years until end of HW support, this is a
difficult question. The best advice is to replace with C4948E or C4500X (or both), but in
many cases that cannot be done in the short term.
As Avid no longer sells this device, and it only really likely to be used a “dumb” layer 2
switch with good buffers for ISIS clients, cascaded from a newer higher function switch, it is
not possible to give comprehensive advise as for other currently sold products. Hence
keeping it running as 12.2(25) EWA8 or 12.2.46 will be satisfactory for these duties. There
are a small number of legacy sites with little need for 10G connections sites still using these
old switches as a L3 Primary switch, which should really be considering a MAJOR upgrade
as soon as possible rather than worry about how to upgrade a C4948-10GE IOS. The running
version on IOS is sufficient to provide all the necessary software features needed by a
currently running legacy ISIS implementation.
Also be aware that some upgrades from older version might need a
ROMMON upgrade too, if in doubt set up a TFTP boot to see if the desired
code will RUN before doing the REAL upgrades into NVRAM via TFTP.
~SECTION END~
Revision history
Note Version for this document number DOES NOT directly correlate to ISIS or Interplay
Production version
Initial Issue V2.0 Major reformatting, re-write and removal of ISIS and Interplay content to
15 DEC 2018
David Shephard
Version, Name & Comment
Date
Initial Issue V1.0 04 July 2007 David Shephard
V1.23
15 DEC 2017 UPDATE & Restructure SECTION 11 for move to NETREQS V2
ADD 12.0 Network Designs for NEXIS
David Shephard (OLD SECTION 12 becomes SECTION 13)
340 Pages (from UPDATE (and correct typo) 1.4.19.2 New product naming for Nexus 6000
324) family
FINAL VERSION
of V1.x UPDATE 1.5.7.3 Interim testing Nexus 93000
ADD INFOR on Catalyst auto backup for config file (SEE END OF DOC
AND SAME FOR NEXUS
V2.6
20JUL2020 UPDATE section 1.3 in regard of Minimum S/W version for NXOS on 93000
FX series to use 7.0(3)I7(6)
173 pages ADD 1.5.4 Avid supplied 40G Transceivers and NEXIS
ADD 1.5.5 3rd Party Transceivers and Switch Vendors
UPDATE 1.10.1 Kubernetes – the “core” of the “network” problem
UPDATE 2.2.1 The Traditional/Legacy way
UPDATE 2.2.2 MLAG/vPC/VSS Single Controller
UPDATE 2.2.3 MLAG/vPC/VSS Dual Controller
ADD 4.9 NO specific VPN requirements for use with Thin Client applications
UPDATE B.20.2 – Nexus switches Multicast Propagation
UPDATE B.33 Cisco Nexus vPC Best Practices
UPDATE B.39.1 SHOW COMMANDS NEXUS 93xxx USEFUL
COMMANDS FROM SHOW TECH
V2.7
27JAN2021 ADD 1.1.1 Issues to be aware of with Dell S4100 Series Switches
UPDATE 1.10.1 Kubernetes – the “core” of the “network” problem with
191 pages MCCUX
ADD 1.7.3 Catalyst 9000 - B series – USING SOFTMAX ONLY
UPDATE 1.8.3 NICs in a VM environment – applies to bare metal too
ADD 4.6.4.1 LINUX TEAMING
UPDATE B.20.2.2 – Field Knowledge NEXUS & Multicast PART 2UPDATE
B.25 Serial connection alternatives to DB9 using USB (FIELD-TIP)
ADD B25.1. Use the management network on NEXUS switches & remote
connection
ADD B.36.6 DEPLOYMENT CONSIDERTATIONS with MEDIA CENTRAL
CLOUD UX
ADD B.46.1 DELL 0S10 IGMP SNOOPING
ADD B.50 Flow control with AVID Nexis storage – is it needed?
ADD B.51 Flow control in Cisco NEXUS switches with AVID Nexis storage
ADD B.52 Flow control in Dell S4048 switches with AVID Nexis storage
ADD B.53 Mellanox ConnectX-3 adapter firmware version in NEXIS
ADD B.54 DELL S4100 OS10 vs. OS9 LACP and VLT commands
V2.8
24MAY2021 ADD 1.1.2 Dell S4100 Series Switches Model Variants
UPDATE 1.3.0 Known Cisco Issues impacting Avid Storage solutions
222 pages ADD 1.3.1.5 Cisco Nexus 93180YC-FX3
ADD 1.5.6 Gigabit Media Converters
UPDATE 1.8.3 NICs in a VM environment – applies to bare metal too
UPDATE 1.6.1 1U Switch Families
UPDATE 1.10.1 Kubernetes – the “core” of the “network” problem with
MCCUX (added paragraph at end.)
ADD INFOR on Catalyst auto backup for config file (SEE END OF DOC
AND SAME FOR NEXUS
~END~