map management IP to SPB service
-
- Member
- Posts: 1
- Joined: 28 Nov 2018 05:06
map management IP to SPB service
Hi,
We are setting up an SPB network, and I am looking for some optimisations.
On the BCB switches which are OS6900, there are no VLANs or IP interfaces configured, except the Management IP interface.
In the current configuration we need to configure a loop (hairpin) between a SAP port and a 802.1q trunk port where the management VLAN is configured.
Is there a way I could eliminate this hairpin, and maintain the possibility of managing the switch remotely?
Or is it possible to map a management IP directly to a SPB service?
Cheers,
Bart
We are setting up an SPB network, and I am looking for some optimisations.
On the BCB switches which are OS6900, there are no VLANs or IP interfaces configured, except the Management IP interface.
In the current configuration we need to configure a loop (hairpin) between a SAP port and a 802.1q trunk port where the management VLAN is configured.
Is there a way I could eliminate this hairpin, and maintain the possibility of managing the switch remotely?
Or is it possible to map a management IP directly to a SPB service?
Cheers,
Bart
Re: map management IP to SPB service
Only with OS9900 and OS6900V72/C32 there is inline routing within SPB possible (bind ip interface to an service). For all other switches you need an other solution. You can create an overlay network (outside of SPB) only for management. You need only one hair pin (so only at one switch) to reach this network. Without this overlay net you need hair pin at every switch.
regards
Silvio
regards
Silvio
Re: map management IP to SPB service
Same "problem"....So for any BCB-Node you MUST have a phisical loop using 2 nic for the management of the Vlan-IP-Interface
Two 2-GB Phisical NIC for the management of a Virtual Vlan-IP interface ? It's a BUG ?
If my BCB-Node is a stack of two elements I need 4 Phisical interface....
Two 2-GB Phisical NIC for the management of a Virtual Vlan-IP interface ? It's a BUG ?
If my BCB-Node is a stack of two elements I need 4 Phisical interface....
Re: map management IP to SPB service
We can try to loop the EMP-Interface with a phisical-NIC (using only one NIC on the switch) and a Service mapped with sap:0 ...
And the L3 of the management-EMP behind a Router\Firewall with a sap:0 NIC or a sap:XX (802.1Q) with vlan-xlation enabled...
And the L3 of the management-EMP behind a Router\Firewall with a sap:0 NIC or a sap:XX (802.1Q) with vlan-xlation enabled...
Re: map management IP to SPB service
no Bug. The en-/decapsulation of all the packets for SPB occures in the PHY (means direct in HW) - f.e. with 40Gbs (this is not possible in the cpu). The design of the HW (beside 9900) doesn't allow the binding of a ip-interface to an service.Two 2-GB Phisical NIC for the management of a Virtual Vlan-IP interface ? It's a BUG ?
Always you need 2 ports - one SAP and one "normal" q-tagged. More ports are for more bandwith and redundance. For management you have to deside...If my BCB-Node is a stack of two elements I need 4 Phisical interface....
best regards
Silvio
Re: map management IP to SPB service
Hi Silvio
Thanks for your reply; can you help me in this little LAB ?
Thanks for your reply; can you help me in this little LAB ?
silvio wrote: ↑14 Apr 2019 07:46Two 2-GB Phisical NIC for the management of a Virtual Vlan-IP interface ? It's a BUG ?What's wrong there ???no Bug. The en-/decapsulation of all the packets for SPB occures in the PHY (means direct in HW) - f.e. with 40Gbs (this is not possible in the cpu). The design of the HW (beside 9900) doesn't allow the binding of a ip-interface to an service.
I'm trying to manage the SPB-switch with an IP interface on vlan 333 and a phisical LOOP between port 25/26 one and a SAP:333 and 802.1Q port...
If my BCB-Node is a stack of two elements I need 4 Phisical interface....Yes but if the stack is made of 2 elements you need 2 nic for any member; if member A fault you need the management on member B, so you need 2 NIC for any member of the stackAlways you need 2 ports - one SAP and one "normal" q-tagged. More ports are for more bandwith and redundance. For management you have to deside...
Re: map management IP to SPB service
Source:
Release Notes – Rev. B
OmniSwitch 6465, 6560, 6860(E)/6865/6900/9900
Release 8.5R4
SPB Inband Management Over Services
In previous releases an IP interface was not permitted on a BVLAN. With this feature enhancement an IPv4 management interface can now be configured on a control BVLAN to provide in-band management access in the SPBM domain. ISIS-SPB is the only protocol supported on this interface, no dynamic routing protols are supported.
Release Notes – Rev. B
OmniSwitch 6465, 6560, 6860(E)/6865/6900/9900
Release 8.5R4
SPB Inband Management Over Services
In previous releases an IP interface was not permitted on a BVLAN. With this feature enhancement an IPv4 management interface can now be configured on a control BVLAN to provide in-band management access in the SPBM domain. ISIS-SPB is the only protocol supported on this interface, no dynamic routing protols are supported.
Re: map management IP to SPB service
OmniSwitch AOS Release 8
Network Configuration Guide 8.5R4
Page 209:
Configuring an IP Interface on the Control BVLAN
To configure an IP interface on the Control BVLAN to support in-band management access in the SPBM
domain, use the ip interface command.
In the following example, IP interface configuration will be supported on BVLAN 4002:
-> ip interface "spb-mgmt" address 10.1.1.1/24 vlan 4002
Only one Control BVLAN can be configured on a switch, and only IPv4 interface is supported. ISIS-SPB
is the only protocol supported in the IP BVLAN domain for exchanging or advertising IP routing
information. No other routing protocol (including VRRP) is supported.
Network Configuration Guide 8.5R4
Page 209:
Configuring an IP Interface on the Control BVLAN
To configure an IP interface on the Control BVLAN to support in-band management access in the SPBM
domain, use the ip interface command.
In the following example, IP interface configuration will be supported on BVLAN 4002:
-> ip interface "spb-mgmt" address 10.1.1.1/24 vlan 4002
Only one Control BVLAN can be configured on a switch, and only IPv4 interface is supported. ISIS-SPB
is the only protocol supported in the IP BVLAN domain for exchanging or advertising IP routing
information. No other routing protocol (including VRRP) is supported.
Re: map management IP to SPB service
for your lab: your config is okay in my opinion. No idea about the reason for this strange behavior of reachablity.
You can do more troubleshooting if you activate stats at all the services, check the mac-tables etc. no better idea in this case.... or open a ticket at ALE
Meantime I have seen this new feature in 8.5R4 too - but not tested yet. I hope it will work. Have you configured this?
regards
Silvio
You can do more troubleshooting if you activate stats at all the services, check the mac-tables etc. no better idea in this case.... or open a ticket at ALE
Meantime I have seen this new feature in 8.5R4 too - but not tested yet. I hope it will work. Have you configured this?
regards
Silvio
Re: map management IP to SPB service
Hi Silvio
In my LAB if I enable the "vlan-xlation enable" on the SAP "LOOP-Management" port 1/1/26 it works; but "IMHO" this is only a workaround not the solution.
The new feature in 8.5R4 "Configuring an IP Interface on the Control BVLAN":
I have tested it, and it's working, you can assign an IP address at the VLAN-ID of the "Control BVLAN"; you do not need the phisical loop.
BUT you need one or more 802.1q or access port to connect the "managment SPB-Control-BVLAN" to another network...it's not possible use a SPB SAP port..
This my LAB
In my LAB if I enable the "vlan-xlation enable" on the SAP "LOOP-Management" port 1/1/26 it works; but "IMHO" this is only a workaround not the solution.
The new feature in 8.5R4 "Configuring an IP Interface on the Control BVLAN":
I have tested it, and it's working, you can assign an IP address at the VLAN-ID of the "Control BVLAN"; you do not need the phisical loop.
BUT you need one or more 802.1q or access port to connect the "managment SPB-Control-BVLAN" to another network...it's not possible use a SPB SAP port..
This my LAB