web-archive-net.com » NET » M » MAJORNETWORK.NET

Total: 263

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Dual-layer vPC on Nexus 5000 – Majornetwork
    simplicity port configuration simplicity Say you are configuring 2 ports for a new server With VPC d 2k s for example you are configuring ports e100 1 1 and e101 1 1 on BOTH 5k s You have to note somewhere that fex 100 and fex 101 are a pair when it comes time to upgrade fex code and it needs a reboot With straight through fex s You know the fex s are a pair because they will share the same fex number on each 5k And when it comes to configuration you can just configure e100 1 1 on each 5k you do want to use vpc orphan port suspend command though thanks Ian Reply Markku Leiniö November 3 2011 at 22 05 Thanks for your comments Ian You have very valid points there For your first point I need to say that times have somewhat changed on the redundancy On Catalyst times we could run the same IOS for ages and not cause any disturbance due to the upgrades for the single connected server NICs Nowadays I have a feeling that the switches need to be upgraded all the time or at least more often than in the old days That s why I want to reserve the right to ISSU the Nexus 5500 at any time About the port configuration it really is a serious operational issue or it may become an issue at some point later so FEX numbering scheme is something that needs careful consideration Can you open up your meaning about suspending the orphan ports here Reply Ian Erikson November 3 2011 at 22 18 I agree about code upgrades I think best practice is moving towards staying at the latest code level This is probably because the complexity is increasing rapidly I find the fex numbering issue becomes a problem as you transition your catalyst friendly tech staff to nexus support As far as orphan ports go If you lose the vPC peer link it shuts down all vPC on the vPC secondary switch This includes the uplink Now with uplink down crosslink down but downstream port channels and links UP you are black holing your hosts Your straight through FEX s stay up So a server doesn t see a link down and continues to send traffic over that link I have found most NIC teaming software HP for instance eventually does a Rx Tx health check and noticed it can t get to the gateway and shuts down use of that NIC You can t really vouch for every server s NIC teaming method so I find its best to apply the vpc orphan port suspend command to make sure they get links down you can do a show vpc orphan ports to see ports at risk Reply Markku Leiniö November 3 2011 at 22 28 Right I read the context again and realized what you meant Yes I agree on the orphan port setting I think that sometimes the

    Original URL path: https://majornetwork.net/2011/11/dual-layer-vpc-on-nexus-5000/ (2016-04-25)
    Open archived version from archive


  • Nexus 5000 and Nexus 2000 Series Twinax Cables Certification Matrix – Majornetwork
    bonus sector data sheet for the 10G SFP modules is found in http www cisco com en US prod collateral modules ps5455 data sheet c78 455693 html Updated May 18 2012 10 15 Tags fex nexus 2000 nexus 5000 nexus 5500 twinax Previous Post Next Post Leave a Reply Cancel reply Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500 nexus 7000 nx os private vlan pvlan qsfp srx srx100 sup2t sup32 sup720 switch profile sxi sxj vmware vpc vpn vsphere Archives October 2015 July 2015 May 2015 February 2015 January

    Original URL path: https://majornetwork.net/2012/05/nexus-5000-and-nexus-2000-series-twinax-cables-certification-matrix/ (2016-04-25)
    Open archived version from archive

  • fex – Page 2 – Majornetwork
    FEX Pre provisioning Markku Leiniö November 9 2011 Networking 4 Comments Today in the highlight FEX pre provisioning What is a FEX It is Fabric Extender a remote line card used in Cisco Nexus series switches It is managed through its parent switch like Nexus 5000 or Nexus 7000 but looks externally like a traditional data center access switch In some cases you would like to configure Read Post Dual layer vPC on Nexus 5000 Markku Leiniö November 3 2011 Networking 6 Comments Doing some googling for the coming NX OS 5 1 3 N1 1 for Nexus 5000 I found this Cisco NX OS Software Release 5 1 3 N1 1 for Cisco Nexus 5000 Series Switches and 2000 Series Fabric Extenders https www cisco com en US prod collateral switches ps9441 ps9670 product bulletin c25 686744 pdf Update The same document in HTML http www cisco com en US prod collateral switches ps9441 ps9670 product bulletin c25 686744 html Yes there are the goodies like FabricPath and Adapter FEX and PTP but who cares about those Read Post Newer Posts Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500

    Original URL path: https://majornetwork.net/tag/fex/page/2/ (2016-04-25)
    Open archived version from archive

  • IOS Upgrade from Modular to Non-Modular – Majornetwork
    September 28 2011 22 29 Tags cat6500 ios modular non modular sxi Previous Post Next Post 1 Comment Add a Comment Ben Story February 2 2012 at 17 12 I can attest 100 that this is true I got stuck in a bad situation not realizing this on a VSS pair http showbrain blogspot com 2011 08 catalyst 6509 e vss software upgrade html Reply Leave a Reply Cancel reply Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500 nexus 7000 nx os private vlan pvlan qsfp srx srx100 sup2t sup32

    Original URL path: https://majornetwork.net/2011/09/ios-upgrade-from-modular-to-non-modular/ (2016-04-25)
    Open archived version from archive

  • majornetwork.net Is Now IPv6-Enabled – Majornetwork
    worldipv6launch org Updated March 1 2012 19 38 Tags ipv6 Previous Post Next Post 3 Comments Add a Comment N1x March 1 2012 at 21 53 great Reply Kaage March 2 2012 at 21 15 Seems to be working well Nice Reply Santiago June 30 2014 at 04 54 Congratulations Reply Leave a Reply Cancel reply Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500 nexus 7000 nx os private vlan pvlan qsfp srx srx100 sup2t sup32 sup720 switch profile sxi sxj vmware vpc vpn vsphere Archives October 2015 July 2015

    Original URL path: https://majornetwork.net/2012/03/majornetwork-net-is-now-ipv6-enabled/ (2016-04-25)
    Open archived version from archive

  • Juniper SRX100 and HE IPv6 Tunnel – Majornetwork
    don t like the idea of using plain packet filters or whatever instead of the stateful firewall at least that is now I understand using packet mode instead of flow mode you lose the stateful firewall policies This workaround was suggested in some discussions Creating a packet filter named outside First enable pings from HE servers they want to check the tunnel endpoint set firewall filter outside term allow pings from source address 66 220 2 0 24 set firewall filter outside term allow pings from icmp type echo request set firewall filter outside term allow pings then accept Deny other pings set firewall filter outside term discard pings from icmp type echo request set firewall filter outside term discard pings then discard And here is the actual fix protocol 41 packets to from the tunnel endpoint are handled in packet mode instead of the normal flow mode set firewall filter outside term fix 6in4 source from source address 216 66 80 90 set firewall filter outside term fix 6in4 source from protocol 41 set firewall filter outside term fix 6in4 source then packet mode set firewall filter outside term fix 6in4 destination from destination address 216 66 80 90 set firewall filter outside term fix 6in4 destination from protocol 41 set firewall filter outside term fix 6in4 destination then packet mode set firewall filter outside term accept the rest then accept Finally assign the packet filter in the outside IPv4 interface set interfaces fe 0 0 0 unit 0 family inet filter input outside After that the IPv6 flow mode started working I thought that the filter input statement there meant that the filter is only applied to packets coming in the interface but apparently there is also something else the filter fix did not work without the destination address 216 66 80 90 rule Don t ask me why but if you know please comment below But there you go anyway my Windows 7 workstation is happy with the router advertisements and everything seems to work just fine The tunnel obviously causes some additional latency tunnel traffic is being routed from Finland to Sweden and back but not necessarily anything huge C ping 4 www funet fi Pinging www funet fi 81 90 77 32 with 32 bytes of data Reply from 81 90 77 32 bytes 32 time 2ms TTL 58 Reply from 81 90 77 32 bytes 32 time 2ms TTL 58 Reply from 81 90 77 32 bytes 32 time 2ms TTL 58 Reply from 81 90 77 32 bytes 32 time 2ms TTL 58 C ping 6 www funet fi Pinging www funet fi 2a00 16a0 0 100 21 3 with 32 bytes of data Reply from 2a00 16a0 0 100 21 3 time 17ms Reply from 2a00 16a0 0 100 21 3 time 17ms Reply from 2a00 16a0 0 100 21 3 time 17ms Reply from 2a00 16a0 0 100 21 3 time 16ms user srx100 show security flow session family inet6 Session

    Original URL path: https://majornetwork.net/2012/02/juniper-srx100-and-he-ipv6-tunnel/ (2016-04-25)
    Open archived version from archive

  • Nexus 5000 Series NX-OS 5.1(3)N1(1) is out – Majornetwork
    1 Nexus5000 Release Notes 5 1 3 N1 html Note The Dual layer vPC I talked about is called Enhanced vPC EvPC in the release notes Updated December 8 2011 19 49 Tags enhanced vpc EvPC fex issu nexus 5000 nexus 5500 nx os Previous Post Next Post Leave a Reply Cancel reply Search for Markku Leiniö Senior Network Architect Senior Technology Consultant and CCIE 26438 Routing Switching in Finland Majornetwork on Twitter Markku Leiniö on Google Your IPv4 IPv6 Status You are using IPv4 address 81 198 240 36 Recent Posts majornetwork net Is Now TLS Enabled IPsec VPN Tunnel between F5 BIG IP and Juniper SRX SoftEther VPN with a VPN Address Pool Juniper SRX IPsec LAN to LAN VPN Part 2 Juniper SRX IPsec LAN to LAN VPN Part 1 Tags 15 0SY 15 1SY ba bridge assurance cat6500 catalyst 6500 cisco cli cmp console cygwin dual homed esxi fabric extender fabricpath fast hello fex hypervisor ios ipsec ipv6 issu juniper junos lacp linux nexus 5000 nexus 5500 nexus 7000 nx os private vlan pvlan qsfp srx srx100 sup2t sup32 sup720 switch profile sxi sxj vmware vpc vpn vsphere Archives October 2015 July 2015 May 2015 February

    Original URL path: https://majornetwork.net/2011/12/nexus-5000-series-nx-os-5-1-3-n1-1-is-out/ (2016-04-25)
    Open archived version from archive

  • Juniper SRX100 Junos Upgrade Process – Majornetwork
    domestic Information for snapshot on internal dev da0s2a backup Creation date Oct 14 12 37 21 2012 JUNOS version on snapshot junos 11 4R1 6 domestic Install the new Junos package admin srx100 request system software add var tmp usb junos srxsme 11 4R5 5 domestic tgz no copy NOTICE Validating configuration against junos srxsme 11 4R5 5 domestic tgz NOTICE Use the no validate option to skip this if desired Formatting alternate root dev da0s2a dev da0s2a 297 9MB 610044 sectors block size 16384 fragment size 2048 using 4 cylinder groups of 74 47MB 4766 blks 9600 inodes super block backups for fsck b at 32 152544 305056 457568 Checking compatibility with configuration Initializing Verified manifest signed by PackageProduction 11 4 0 Verified junos 11 4R1 6 domestic signed by PackageProduction 11 4 0 Using junos 11 4R5 5 domestic from altroot cf packages install tmp junos 11 4R5 5 domestic Copying package Verified manifest signed by PackageProduction 11 4 0 Hardware Database regeneration succeeded Validating against config juniper conf gz cp cf var validate chroot var etc resolv conf and etc resolv conf are identical not copied cp cf var validate chroot var etc hosts and etc hosts are identical not copied mgd commit complete Validation succeeded Validating against config rescue conf gz mgd commit complete Validation succeeded Installing package altroot cf packages install tmp junos 11 4R5 5 domestic Verified junos boot srxsme 11 4R5 5 tgz signed by PackageProduction 11 4 0 Verified junos srxsme 11 4R5 5 domestic signed by PackageProduction 11 4 0 JUNOS 11 4R5 5 will become active at next reboot WARNING A reboot is required to load this software correctly WARNING Use the request system reboot command WARNING when software installation is complete Saving state for rollback admin srx100 request system reboot Reboot the system yes no no yes Shutdown NOW pid 7028 admin srx100 FINAL System shutdown message from admin srx100 System going down IMMEDIATELY Remove the USB stick as soon as the device goes off and on otherwise it will disturb the boot process After the reboot see that the second partition is now running as the primary the first partition still has the previous OS intact admin srx100 show system snapshot media internal Information for snapshot on internal dev da0s1a backup Creation date Feb 28 17 16 02 2012 JUNOS version on snapshot junos 11 4R1 6 domestic Information for snapshot on internal dev da0s2a primary Creation date Oct 14 17 14 26 2012 JUNOS version on snapshot junos 11 4R5 5 domestic admin srx100 Updated October 31 2012 22 08 Tags juniper junos srx100 upgrade Previous Post Next Post 3 Comments Add a Comment viplav December 28 2015 at 06 32 Hi Marrku Is there is any downtime while upgrading SRX Which is in high availability Viplav Patil Reply Markku Leiniö December 28 2015 at 22 29 Hi Viplav Downtime is expected especially in the branch series SRX100 SRX650 I would start in http kb juniper net

    Original URL path: https://majornetwork.net/2012/10/juniper-srx100-junos-upgrade-process/ (2016-04-25)
    Open archived version from archive



  •