Data center networking and virtualization

Cisco BGP EVPN VXLAN- Part 1

Posted on 2015-12-28 by greathairengineer

Here is an overview of the Cisco implementation for VXLAN using BGP EVPN for distributed control-plane operations. anycast gateway, and unicast head-end replication. I am using Cisco 9396PX devices for leaf switches and Cisco 9508 chassis switches for the spine using iBGP. We’ll explore the basic setup with the leaf switches being vPC enabled, including the Border Leaf switches, while also going over a few scenarios which can blackhole traffic and how to avoid this without a OSPF adjacency between the leaf switches.

**Please note, this is an older post I am using from my old blog series and I made this in 2015, new switches and newer versions of code provide cleaner configuration and significant enhancements**

Continue reading →

Networking

Object groups in Nexus

Posted on 2015-04-29 by greathairengineer

Much like on firewalls you can create object groups in Nexus, which you can utilize when you’re implementing ACLs

object-group ip address {OBJECTNAME} {subnet/mask} {subnet/mask} {subnet/mask}... exit

ip access-list {ACL_NAME} permit ip addrgroup {OBJECTNAME} [destination]

Makes like simple, huh? What about showing the access-list that has been configured with an object group? Well, under the show access-lists summary you won’t see this, you’ll need to “expand”

show access-lists {ACL_NAME} expanded

Networking

Cisco MST 802.1s

Posted on 2015-04-28 by greathairengineer

All Cisco switches by default have PVST+ as their spanning-tree protocol (mode). PVST+ is Cisco proprietary and, in my humble opinion, should never be used in a production environment. The alternatives are: RPVST and MST. In a basic 1-3 VLAN network with little to no knowledge of spanning-tree you should run RPVST (802.1w) and be done with it. However, if you have a lot of VLANs and/or you need to ensure you’re not over utilizing the CPU resources, you should use MST (802.1s).

Continue reading →

Networking

Vmware load balance hashing with Nexus vPC ICMP unbalanced

Posted on 2014-10-29 by greathairengineer

There is an issue I have noticed with VMware systems deployed with Nexus vPC technology that involve traffic only making it out of the vPC by disabling half the vPC or getting rid of the vPC completely. Initially you’re thinking this is a Cisco issue and I am here to tell you that you’re wrong.

Continue reading →

Networking

Etherchannel load balancing – Explained

Posted on 2014-09-29 by greathairengineer

It is a common mistake to assume X number of ports in an etherchannel equates to the common port speed * X; however, this is grossly incorrect and I’ll attempt to explain this behavior to you in layman terms, but just to make it quick too, it is not load balanced in a round-robin fashion where bandwidth is utilized evenly.

Continue reading →

Uncategorized

Some interesting binary math

Posted on 2014-04-28 by greathairengineer

I recently was watching a CBTNuggets video when I heard mention that you could use a careful wildcard mask to select odd or even numbered subnets for route advertisement; however, I noticed there was something off about the comment and investigated a little deeper.

Continue reading →

Networking

Find CDP traffic on your Linux box

Posted on 2012-04-28 by greathairengineer

You can use tcpdump or wireshark but if you have a Linux box handy you can install: cdpr. It makes life easy like this:

cdpr -v

Just follow the prompts for selecting the interface and wait for the cdp transmission to come through. Understand that some values, like Native VLAN, are in hexidecimal and you’ll need to convert it to decimal. Otherwise, happy hunting.

Networking

Capturing DCHP with Wireshark

Posted on 2010-04-28 by greathairengineer

We’ll just do it the “quick and dirty” way. Just start capturing all traffic on an interface. Now, in the top portion by the word “Filter:” put this syntax in:

udp.port == 67 or udp.port == 68