Professional Documents
Culture Documents
Chance Hinchman
TACDCN-2005
#CiscoLive
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
https://eurl.io/#EMbNoJMRn
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Objective
• Disjointed Layer 2 configuration is a common task for server
administrators. However, a simple misconfiguration could lead to
major network outage. This presentation will be focused on
implementation of Disjointed Layer 2 in Intersight Managed Mode, as
opposed to UCS Manager. We will cover common misconfiguration
scenarios, how to identify those issues, and how to avoid those
configuration mistakes.
• Ideally the target audience for this presentation will have a working
knowledge of UCS in IMM.
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Disjointed Layer 2
Concept
Disjointed Layer 2 Concept
• By default, UCS data traffic works on the principle of mutual inclusion. All
traffic for all VLANs travels along all uplinks.
*This applies to Fabric Interconnects in End Host Mode, which is the default.
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Disjointed Layer 2 Topology
Prod
DMZ
Newly added Preexisting
VLANs 20-30 VLANs 101-998
FI-A FI-B
chassis
No overlap between Prod
Server 3/1 A
Server 3/1 B I.E., the selective exclusion
and DMZ VLANs on either
the uplinks or vNIC's vNIC eth0
vNIC eth1 that we mentioned earlier
vlan 1,101-998
vlan 1,101-998
vNIC eth3
vNIC eth2
vlan 1,20-30
vlan 1,20-30
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Disjointed Layer 2
Implementation
Deploying Disjoint Layer 2 Order of Operations
• When adding disjoint VLANs, deploy the domain profile first, and confirm it
is successful before deploying the server profile. If the VLANs are added to
the server vNICs before the uplinks, a pinning failure may occur.
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
A breakdown of the configuration steps
1. Add the disjoint VLAN range to the VLAN Configuration Policy used in the domain profile
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure and Deploy
Domain Profile
Adding Disjoint VLANs
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating Ethernet Network Groups (Prod)
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Creating Ethernet Network Groups (DMZ)
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Adding Network Group to Uplinks (DMZ)
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Adding Network Group to Uplinks (Prod)
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Deploy Domain Profile
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Deploy Domain Profile
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Configure and Deploy
LAN Connectivity Policy
Adding Network Group to LAN Connectivity Policy (DMZ)
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Adding Network Group to LAN Connectivity Policy (Prod)
You'll rinse and repeat for all vNIC's using the DMZ
and Prod ethernet network groups accordingly.
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Deploy Server Profile
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Deploy Server Profile
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Verifying the
configuration
Determining a Servers vNICs
F340-24-21-IMM-1-A# connect nxos F340-24-21-IMM-1-B# connect nxos
F340-24-21-IMM-1-A(nx-os)# show run interface | grep prev 1 FCH251372LZ F340-24-21-IMM-1-B(nx-os)# show run interface | grep prev 1 FCH251372LZ
interface Vethernet800 interface Vethernet803
description SP chhinchm-1, vNIC eth0, Blade:FCH251372LZ description SP chhinchm-1, vNIC eth1, Blade:FCH251372LZ
-- --
interface Vethernet813 interface Vethernet822
description SP chhinchm-1, vNIC eth2, Blade:FCH251372LZ description SP chhinchm-1, vNIC eth3, Blade:FCH251372LZ
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Confirming vNIC Programming
F340-24-21-IMM-1-A(nx-os)# show running-config interface vethernet 800 F340-24-21-IMM-1-B(nx-os)# show running-config interface vethernet 803
F340-24-21-IMM-1-A(nx-os)# show running-config interface vethernet 813 F340-24-21-IMM-1-B(nx-os)# show running-config interface vethernet 822
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Confirming FI Configuration and Veth Pinning
F340-24-21-IMM-1-A(nx-os)# show running-config interface ethernet 1/15-16 F340-24-21-IMM-1-B(nx-os)# show running-config interface ethernet 1/15-16
F340-24-21-IMM-1-A(nx-os)# show pinning server-interfaces | include Veth F340-24-21-IMM-1-B(nx-os)# show pinning server-interfaces | include Veth
---------------+-----------------+------------------------+----------------- ---------------+-----------------+------------------------+-----------------
SIF Interface Sticky Pinned Border Interface Pinned Duration SIF Interface Sticky Pinned Border Interface Pinned Duration
---------------+-----------------+------------------------+----------------- ---------------+-----------------+------------------------+-----------------
Veth800 No Eth1/16 1:14:42
Veth807 No - - Veth803 No Eth1/16 1:20:5
Veth810 No - - Veth808 No - -
Veth811 No - - Veth809 No - -
Veth813 No Eth1/15 1:14:42 Veth812 No - -
Veth821 No - - Veth820 No - -
Veth822 No Eth1/15 1:20:5
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 1
Overlapping VLANs
Failure Scenario 1 – Overlapping VLANs
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 1 – Overlapping VLANs
DMZ Prod
FI-A FI-B
chassis
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 1 – Overlapping VLANs
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 1 – Overlapping VLANs
• The absence of Spanning Tree on the FIs in End Host Mode means we
rely on other mechanisms to avoid loops. This mechanism is referred to
as the Designated Receiver.
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Determining a VLANs Designated Receiver
F340-24-21-IMM-1-A(nx-os)# show platform software enm internal info F340-24-21-IMM-1-B(nx-os)# show platform software enm internal info
vlandb id 20 vlandb id 20
vlan_id 20 vlan_id 20
------------- -------------
Designated receiver: Eth1/15 Designated receiver: Eth1/15
Membership: Membership:
Eth1/15 Eth1/15
F340-24-21-IMM-1-A(nx-os)# show platform software enm internal info F340-24-21-IMM-1-B(nx-os)# show platform software enm internal info
vlandb id 101 vlandb id 101
• This can be a useful command when t-shooting network connectivity issues in DJL2 networks.
• For instance, if you were performing a packet capture or SPAN and you wanted to know
what interface broadcast traffic should be received on.
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Overlapping VLANs - Remediation
• Remove Production VLANs from the DMZ uplinks and reapply Domain Profile.
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 2
ENM Source Pin Fail
Failure Scenario 2 – ENM Source Pin Fail
In this scenario the uplinks Prod
DMZ
VLANs 20-30
carry EITHER production or VLANs 101-998
DMZ VLANs…
FI-A FI-B
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 2 – ENM Source Pin Fail
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 2 – ENM Source Pin Fail
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 2 – ENM Source Pin Fail
F340-24-21-IMM-1-A(nx-os)# show interface brief | include Veth F340-24-21-IMM-1-B(nx-os)# show interface brief | include Veth
Vethernet VLAN Type Mode Status Reason Vethernet VLAN Type Mode Status Reason
Speed Speed
Veth800 1 virt trunk down ENM Source Pin Fail auto Veth803 1 virt trunk down ENM Source Pin Fail auto
Veth807 110 virt trunk down nonPartcipating auto Veth808 110 virt trunk down nonPartcipating auto
Veth810 1 virt trunk down nonPartcipating auto Veth809 1 virt trunk down nonPartcipating auto
Veth811 1 virt trunk down nonPartcipating auto Veth812 1 virt trunk down nonPartcipating auto
Veth821 1010 virt access down nonPartcipating auto Veth820 1011 virt access down nonPartcipating auto
Veth32768 1 virt trunk down nonPartcipating auto Veth32768 1 virt trunk down nonPartcipating auto
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Failure Scenario 2 – ENM Source Pin Fail
F340-24-21-IMM-1-A(nx-os)# show running-config interface ethernet 1/15-16 F340-24-21-IMM-1-B(nx-os)# show running-config interface ethernet 1/15-16
F340-24-21-IMM-1-A(nx-os)# show running-config interface vethernet 800 F340-24-21-IMM-1-B(nx-os)# show running-config interface vethernet 803
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Resources
These points help you get on the leaderboard and increase your chances of winning daily and grand prizes
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
• Visit the Cisco Showcase
for related demos
TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Webex App
Questions?
Use Cisco Webex App to chat
with the speaker after the session
How
https://eurl.io/#EMbNoJMRn
#CiscoLive TACDCN-2005 © 2023 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Thank you
#CiscoLive
#CiscoLive