Cisco WAN :: W2K8 R2 / Unicast NLB And Distributed Routing And Switching
Feb 3, 2011
I was wondering if the following scenario would work:
2 Microsoft TMG servers (could be any W2K8 R2 based server, e.g. UAG, Exchange etc.) configured for Unicast NLB. The servers are connected to separate L2 switches which are connected to a highly available central L3 switch (see attached drawing).
Unicast NLB works in such a way that it uses a shared virtual IP and a virtual MAC addres which is not used as Source MAC address when the TMG servers are respondign to requests.Basically it relies onto the fact that the switch does not learn the virtual MAC address and floods all packets destined to the virtual MAC on all ports. The L3 switch would learn the MAC through ARP. The question now is, what the L3 switch would do, if it receives a packet destined for the NLB VIP. It should do an ARP request in order to receive the virtual MAC. How would he decide on which port(s) to forward the packet as he does not know on which port the MAC is found. Can he make a decision based on Layer 3 (IP/VLAN based) therefore he knows that the VLAN for the TMGs is connected on those two uplink ports?
View 7 Replies
ADVERTISEMENT
Apr 27, 2013
i recently identified all switch ports in my network on 6509 core were Transmitting Mail server Exchange traffic that was destined for Unicast NLB cluster. and it was impacting various HOST machines NIC cards/performance.After reading this article, i moved NLB CAS servers behind a dedicated cisco Switch.
[URL]
Now My core switch can learn mac address across its trunk port where CAS servers are connected on dedicated switch. but still i can see traffic Transmitting out to my all switch ports of same VLAN ( same as NLB VLAN).
View 5 Replies
View Related
Nov 28, 2011
I have a serious problem with nexus 7018, there're unicast flooding on one n7k, named n7k-1, which is the member of vPC domain combined with 2 N7Ks. [code]I had clean the mac-address-table, and all mac-address-tables had been synced fine, and the unicast flooding went away.
How could I fix the mac-address sync function between the modules ?
View 6 Replies
View Related
Jan 9, 2011
I'm having an issue with my network, where we're are experiencing random and brief network outages. They happen a couple times a day and last 5-10 seconds. when I check my two backbone switches (4506 : Supervisor: WS-X4516-10GE ,IOS : cat4500-ipbase-mz.122-31.SGA8.bin), STP remains normal and no topology change occurs.
View 16 Replies
View Related
Feb 27, 2013
There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).
View 11 Replies
View Related
Jul 12, 2012
LMS 4.2, W2K8 R2.I was having an issue with discovery adding devices to with corrupt information (seemingly random strings of characters in several fields). While I was trying to clean this up a scheduled discovery kicked off and further exacerbated the issues I was having. Frustrated, I deleted all entries from the discovery schedule until I could get things cleaned up.
Now I want to go back and troubleshoot the discovery process. Trouble is, I can't get discovery to do anything anymore. I disabled all modules but CDP. I added a single seed IP address under the CDP configuration. This is the address of a 3560V2 switch that is not in DCR. When I started discovery it completed in about 2 seconds and didn't discover anything, including the seed device. So I added another 3560V2 as a seed device under global settings. Same results. Thinking that it had been working using scheduled discovery, I set up a schedule and kicked it off that way. Same results. Finally I added one of these seed devices to DCR and let LMS fully learn about it. Ran another discovery. Still no joy.
I started an SNMP debug on the seed devices before starting discovery. I see the SNMP get coming from LMS, the switches respond and the discovery completes with 0 devices discovered.CS Discovery.log contains no meaningful information. Only messages about "No appenders could be found for logger".
View 1 Replies
View Related
Apr 6, 2011
I have win 2008 server as DC, i have installed acs 4.2 on menber server (win 2003) , but it doesn't work, how to let this one work.
View 6 Replies
View Related
Jul 31, 2012
LMS 4.2.1 W2K8 R2
I seem to be unable to generate a syslog report that contains > 10,000 records. And I don't mean with run type immediate either. I am scheduling them to run at the next 5 minute interval (incidentally, why not have an option that just says "run in background now"?)
I am facing an issue where a bunch of errors are being generated by a voice gateway and I want to determine when the problem started. My syslog contains 7 days of records. If I schedule a report to give me all syslog records for the last 1 week (or 7 days I have tried it both ways) for all devices at that location I get 10,000 records, and they are all for the current date. If I schedule a report and select a date range in the past, I get records within that date range, but only 10,000.
View 2 Replies
View Related
Nov 20, 2012
I have got a very basic/fundamental doubt.I would like to know how a bandwidth gets distributed in switches.for example consider a scenario where i have a coreswitch A and coreswitch B connected between each other througha a 1Giga Fiber now each of my core switche are connected to two edge switches through fiber links. all edge switches have giga ports. now if i connect a pc with giga link in th edge switch of coreswitch A and tansfer a file to a PC connnected to the edge switch in network B.how does the switch allocate/distribute bandwidth?
View 2 Replies
View Related
Apr 20, 2013
We would like to install a pair of ACS 5.4 apliance as primary /backup in our two datacentres.I have some question regarding degin.
1- We have 800+ network device to monitor , can we install by range of address instead of instlling one by one in device host database ?
2- Do We have to install all 800 device first on Primary and then again on backup or Primary will replicate to backup server?
3- We do not have real IP address yet, so if we built with dummy address and make them pair and all the database sync, then when we change their IP address, will the distributed primary pair will have any issue with backup ACS server?
View 7 Replies
View Related
Mar 22, 2012
what's the best way to apply a patch in ACS 5.2 distributed configuration ?
View 1 Replies
View Related
Oct 17, 2011
I just purchased a Dlink DSL-2750U today which I am using with my ADSL connection. I have three wired computers using this connection and no wireless systems at the moment. I would like to know if it's possible to share the bandwidth evenly amongst these three computers? The other two computers are hogging on the bandwidth leaving me with barely anything to work with.
View 6 Replies
View Related
Dec 23, 2011
I was looking to 6500 series switches. I saw DFC4 module (WS-F6K-DFC4-A, WS-F6K-DFC4-AXL) and (WS-F6K-DFC4-E, WS-F6K-DFC4-EXL). Data sheet for supervisor engine 2T wrote that for maximum performance you should DFC4. I'm a bit confused. I didn't any useful information about it:
1. DFC4 is a separate module(consumes 1 slot)? Does it have any ports on it?
2. Is it a daughter card? If yes, should it be installed on supervisor or it should be installed on line cards?
View 7 Replies
View Related
Feb 29, 2012
When UDP is more preferable over TCP in distributed systems? Why?
View 1 Replies
View Related
Dec 1, 2012
I am struggling in some areas to work out my firewall rules for a distributed deployment. The referenced documentation is not entirely clear in my opinion. In some instances it is easy to work out what ports need to be opened eg Admin node TCP 22,80,443 for management from administrator hosts/ranges. In other instances it difficult to work out eg TCP 1521 Database listener and AQ is this for ISE nodes only or for access devices aswell
My question is whether there is a better document that details these requirements. What rules are meant to be ISE node - ISE node communications and which rules are for access device - ISE, or ISE - access device. One of the rules I am pretty confused about is the PSN CoA ports. SHould the rule be WLC - PSN on 1700 and 3799 or is it the otherway round or unidirectional?
I am pretty sure that the ports are meant to be ISE-ISE in most instances barring the PSN for Radius and CoA.
View 3 Replies
View Related
Apr 17, 2012
I've been looking for a way to detect the level of traffic caused by unknown unicast traffic on a Catalyst 6509.I have found mechanisms to mitigate it but nothing to actually detect/measure what the levels might be.
View 3 Replies
View Related
Feb 8, 2013
I am planning to get the unicast streams from different 2-3 sources over internet, and I am doing NAT for port-forwarding all those unicast streams to a one private IP. Attached is the setup for your understanding.Setup: - Both unicast streams will be hitting to One Public IP (3.3.3.2) on UDP/TCP Port 1234, 1236 & 1238 only & the same ports need to be forwarded to natted One Private IP (10.10.10.4)
1)NATTING these 2 unicast streams into one private IP(10.10.10.4) by checking Source & Destination based IPs and ports, but in below configuration I cannot achieve on checking Source & Destination based IPs and ports
Router configuration:-
interface GigabitEthernet0/0
description ***Connected to Internet ***
ip address 3.3.3.2 255.255.255.252
no ip redirects
no ip unreachables
[code]...
View 5 Replies
View Related
Apr 15, 2013
We recently acquire a cisco 2921/K9 router to interface 2 networks
Network 1 : 169.254.XXX.XXX/16 on GigabitEthernet0/0 interface
Network 2 : 192.168.1.XXX/24 on GigabitEthernet0/1 interface
On the network 1 side there is a multicast source (169.254.200.200 destination : 225.0.0.1) on the network 2 side there is 1 receiver which is not multicast capable(old) but i want it to receive the multicast stream for the moment we configure the ip multicast-routing and each interface each interface with ip pim sparse-dense-mode then configure the GigabitEthernet0/1 in order to join the multicast group (using ip igmp static-group 225.0.0.1) and wireshark confirm that the multicast stream on the network 2 side from 169.254.200.200 -> 225.0.0.1 of course the receiver don't the stream, but if i force a "multicast to unicast" process inside the router it shall be ok.. after many hour of internet browsing i found 2 solution :
- NAT, [URL]
- multicast service reflection (Cisco documentation)
The NAT example don't work ,what is the best way to do this task.
View 8 Replies
View Related
Apr 8, 2013
We have a problem with NLB on a SG500-28P which is a major issue for us.
I am investigating a problem together with Microsoft Support about a download/upload performance issue with a Microsoft Forefront TMG array which is connected to a single SG300-28P. Àpparently this issue exist on every NLB array we implement. I am now at the point we asume the SG500-28P does not handle NLB in unicast mode very well.
We have a network topology as shown below:Please note the actual public IP Addresses are hidden and the internal IP Addresses are diffrent, for security reasons.
Our SG500-28P is configure in L3 mode. It hosts three subnets you see above. The two TMG servers are configured with NLB (in unicast mode) on the Internal Network and External Network interface. It is connected to the internet and our internal network. These TMG Servers are in fact Edge Servers. Our other servers and client are in a different VLAN. The default gateway flows through this NLB Cluster [10.250.0.254].
Problem: When a client uses its default to connect to the internet the performance is very and very slow. With an internet connection of 10/10 we get 10/2. With an internet connection 100/100 we only get 7/1!.
Now we have tried everyting we can imagine. I can't write down all, because that would be a lot. One thing is worth notice; When we move the client to the same VLAN as the NLB Cluster and the client uses 10.250.0.1 as its default gateway, the problem still exists. But... when the client uses 10.250.0.254 as its default gateway the performance is outstanding 95/95! Apparently if traffic for the NLB Cluster is routed through the SG300-28P the performance drops like a rock.
I have never seen this before with SG300 series switches, although this environment is different. Normally I would configure NLB in multicast mode. But the switch does not allow to add static ARP entries for multicast MAC Addresses.I know NLB in unicast mode introduces switch flooding and such. But why does the SG500 not handle this right? Is there anything I can do about it?
View 7 Replies
View Related
Feb 6, 2013
We have problems with 3 switches in our network.
Users continues receive adresse via DHCP, but no traffic was forwarded. After reboot switch works fine about one week and problem arrives.
I telnet to one problem switch and try to found reason by reaply acl and source guard and saw some strange message:
nov-20(config)#int r gi1-48
nov-20(config-if-range)#no service-acl input
nov-20(config-if-range)#service-acl input 2
Exceeded the maximum ACE allowed in the system. -repeated 48 times
Configuration and log int attachment (show tech-support)
port 52 - uplink, 1-47 - users, 49-51 - downlink switches (SPS224g4) with aprox 200 pc connected. 48-ups
View 11 Replies
View Related
May 26, 2013
Is it possible to convert multicast streams (224.0.0.1:1234) to unicast (Receiver 10.0.0.1:1234) at the router level.
View 4 Replies
View Related
Jan 29, 2013
I am buying a Nexus 5K (N5K-C5548UP-FA) with the layer 3 card (N55-D160L3 - Nexus 5548 Layer 3 - Daughter Card).The switching capacity of it is 960 Gbps but I know I should expect less doing the Layer 3 function (it will only be used with static routing).What switching/routing capacity should I expect? How can I estimate it? What else should I consider?
View 1 Replies
View Related
Jan 11, 2012
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
View 3 Replies
View Related
Oct 18, 2011
I am facing an isssues with 7609 for LAN switching , based on LAN (VRRP/HSRP) feature.Actually we are having ES+ cards (on 7609) and we are using multiple groups(say 350 vrrp groups) running on the router . the routers are connected as router 1>>> mux(which is working as switches)>>> router2
my questing are
1. does their will be "multicast packets" (for VRRP/HSRP group) "from backup router to Master router", when in stable state( ie when Master and backup are already chosen) , or the packet from backup to master should be unicast.I know for sure, the packet from master to back is multicast packets denstination to Multicast IP packet and To MAC address.I am not sure but I think from backup to master it should be multicast
2. what is frequency of these packets( from backup to master)
3. As i have multiper group on a single interface ( we are using q-in-q), when the connectivity from router's is broken, then does all the groups will muticast their active roll in the lan sengment "at once" or it will be in a groups say 100 groups at once, and after few ms few 100's and sone ( as is on OSPF or RIP)
we are in between troubleshooting I hope we get the ans( Actul problem we are seeing in the router's that we have 2 ports on active routers and 2 ports on standby router , but we are not seeing muticast on 1 port on standby router where as all other 3 ports are seeing multicast packets) [code]
View 5 Replies
View Related
Sep 10, 2012
I would like to know if Catalyst WS-C3750G-48TS-E recognizes and understand Cisco VSS ( Virtual Switching System) . Is there a List available which tells us which Old Catalyst Switches or current switches understand Cisco VSS?
View 3 Replies
View Related
Jul 4, 2012
We are in the process of switching our infrastructure of our routing/firewalls/vpns over to cisco. We are switching our first location and one of the issues I'm struggling with is windows authentication pass-through for internally hosted web pages. Meaning, user inside our network has the 2921 as their default gateway, they try to access a web page that is hosted on the internal network but is secured with windows authentication. In the past, because they are logged into the domain internally, the website authenticates and loads. After switching to the Cisco, it asks for a password even though they are logged in.
Because its the web server that actually authenticates I'm not sure why the router isn't allowing that to happen, but I can't think of anything else that could be causing this behavior.
View 4 Replies
View Related
Apr 9, 2010
Does the nexus 7010 support virtual switching yet? All of the posts I have found from about a year ago say that it is going to be supported, but there were no dates listed. I heard the same thing from Cisco a while back, but haven't followed up with it.If it is supported finally are there any configuration guides available for it?
View 7 Replies
View Related
May 12, 2013
I have the following devices :
-1 VM Host
-2 Layer 3 switches
I would like to provide full redundancy for all vlans being used by VM Guests on the VM Host as well as the management vlan being used by the VM Host.I have created two LACP etherchannel connections on the VM Host. Each etherchannel from the host consists of 4 ports spanning a single NIC. One etherchannel connection goes to a trunked etherchannel connection on switch 1, and the other etherchannel connection goes to a trunked etherchannel connection on switch 2.Switch 1 and switch 2 have an etherchannel connection between them that carries all of the vlans in the topology.Vlan 2 is the managment vlan. Vlans 3, 4, and 5 are vlans that VM guest systems will be using for normal data traffic.
I intend to use switch 1 as the VRRP active router and spanning-tree root bridge for vlans 2 and 3.I intend to use switch 2 as the VRRP active router and spanning-tree root bridge for vlans 4 and 5.The spanning-tree configuration is using multiple spanning-tree with two instances. Instance 1 has vlans 2 and 3 associated and Instance 2 has vlans 4 and 5 associated. I would like to have this topology be fault tolerant to the point where if one of the etherchannel links between the host and one of the switches goes down, (for example, if switch 1 was powered off) traffic will be automatically redirected through the other functional link. I believe that my VRRP configuration would allow for a fairly quick failover of layer 3 services, but I am not certain that my design will be functional at a layer 2 level.
What I am uncertain about is how spanning-tree will converge. I am assuming that the virtual switch on the VM host will not be forwarding any BPDUs being sent by either switch. Would either of the links connecting to the host be considered a redundant link by either switch?Would the link between switch 2 and the host be inactive for all vlans in MST instance 1 during normal operation?Conversely, would the link between switch 1 and the host be inactive for all vlans in MST instance 2 during normal operation? Would all links remain active for ALL vlans? Would this mean that some traffic may travel through switch 2 to reach switch 1 instead of going directly to switch 1?
View 1 Replies
View Related
Jan 21, 2012
As per my understanding 6509 all slots are dual channel, so 9 slot * 40 per slot (20 g in and 20 g out) = 360 GB How cisco claim the 720 ?? What about the 6513 chassic switch fabric connection?
View 5 Replies
View Related
Aug 6, 2012
It is said that the switching fabric of WS-C3750X-24T-E is 160Gbps.Could any body tell me what is switching fabric, any relevance or difference from forwarding rate?,Is there any document to know how will the switch reach the 160Gbps full switching fabric performance?
View 5 Replies
View Related
Mar 21, 2012
I got Two Distribution Switches of Cisco 3750G. Each Distribution have two 3750G switches stacked. I also have one Cisco 3750V2 Access Switch connected to both Distribution. When I am checking for redundancy, I can only get redundancy test pass for one link not atall for other. If I have a link up with Distribution 1 only then its fine; but disappointment with Distribution 2 link. I can see that the switch priorities of Dist 2 is not correct ie. Master's priority is 10 and Member's is 15.
My question is that due to misconfigured priorities on Distribution 2 stack switches I am failing with redundancy if ONLY Dist 2 is up and Dist 1 is down.
View 4 Replies
View Related
Sep 20, 2012
I am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
View 1 Replies
View Related
Jul 24, 2011
It is understood that sub-50 ms ERPS convergence can be achieved with certain HW/SW combinations.
1) What are the platforms supported (and with what FW/SW) has this been tested ?any results that can be shared?
2) Link failure detection in GigE on Copper is slower compared to GigE over "pure" Fibre; so no sub-50ms would be possible with Copper ring ports.is sub-50ms convergence achievable with "combo SFP ports" ?
View 1 Replies
View Related
