map management IP to SPB service

[bartsalien]

Hi,

We are setting up an SPB network, and I am looking for some optimisations.
On the BCB switches which are OS6900, there are no VLANs or IP interfaces configured, except the Management IP interface.
In the current configuration we need to configure a loop (hairpin) between a SAP port and a 802.1q trunk port where the management VLAN is configured.

Is there a way I could eliminate this hairpin, and maintain the possibility of managing the switch remotely?
Or is it possible to map a management IP directly to a SPB service?

Cheers,

Bart

[silvio]

Only with OS9900 and OS6900V72/C32 there is inline routing within SPB possible (bind ip interface to an service). For all other switches you need an other solution. You can create an overlay network (outside of SPB) only for management. You need only one hair pin (so only at one switch) to reach this network. Without this overlay net you need hair pin at every switch.
regards
Silvio

[Muttley]

Same "problem"....So for any BCB-Node you MUST have a phisical loop using 2 nic for the management of the Vlan-IP-Interface

Two 2-GB Phisical NIC for the management of a Virtual Vlan-IP interface ? It's a BUG ?


If my BCB-Node is a stack of two elements I need 4 Phisical interface....

[Muttley]

We can try to loop the EMP-Interface with a phisical-NIC (using only one NIC on the switch) and a Service mapped with sap:0 ...
And the L3 of the management-EMP behind a Router\Firewall with a sap:0 NIC or a sap:XX (802.1Q) with vlan-xlation enabled...

[silvio]

Two 2-GB Phisical NIC for the management of a Virtual Vlan-IP interface ? It's a BUG ?

no Bug. The en-/decapsulation of all the packets for SPB occures in the PHY (means direct in HW) - f.e. with 40Gbs (this is not possible in the cpu). The design of the HW (beside 9900) doesn't allow the binding of a ip-interface to an service.

If my BCB-Node is a stack of two elements I need 4 Phisical interface....

Always you need 2 ports - one SAP and one "normal" q-tagged. More ports are for more bandwith and redundance. For management you have to deside...

best regards
Silvio

[Muttley]

Hi Silvio
Thanks for your reply; can you help me in this little LAB ?

Two 2-GB Phisical NIC for the management of a Virtual Vlan-IP interface ? It's a BUG ?

no Bug. The en-/decapsulation of all the packets for SPB occures in the PHY (means direct in HW) - f.e. with 40Gbs (this is not possible in the cpu). The design of the HW (beside 9900) doesn't allow the binding of a ip-interface to an service.

What's wrong there ???
I'm trying to manage the SPB-switch with an IP interface on vlan 333 and a phisical LOOP between port 25/26 one and a SAP:333 and 802.1Q port...

If my BCB-Node is a stack of two elements I need 4 Phisical interface....

Always you need 2 ports - one SAP and one "normal" q-tagged. More ports are for more bandwith and redundance. For management you have to deside...

Yes but if the stack is made of 2 elements you need 2 nic for any member; if member A fault you need the management on member B, so you need 2 NIC for any member of the stack

[Muttley]

Source:
Release Notes – Rev. B
OmniSwitch 6465, 6560, 6860(E)/6865/6900/9900
Release 8.5R4

SPB Inband Management Over Services
In previous releases an IP interface was not permitted on a BVLAN. With this feature enhancement an IPv4 management interface can now be configured on a control BVLAN to provide in-band management access in the SPBM domain. ISIS-SPB is the only protocol supported on this interface, no dynamic routing protols are supported.

[Muttley]

OmniSwitch AOS Release 8
Network Configuration Guide 8.5R4
Page 209:

Configuring an IP Interface on the Control BVLAN
To configure an IP interface on the Control BVLAN to support in-band management access in the SPBM
domain, use the ip interface command.
In the following example, IP interface configuration will be supported on BVLAN 4002:
-> ip interface "spb-mgmt" address 10.1.1.1/24 vlan 4002
Only one Control BVLAN can be configured on a switch, and only IPv4 interface is supported. ISIS-SPB
is the only protocol supported in the IP BVLAN domain for exchanging or advertising IP routing
information. No other routing protocol (including VRRP) is supported.

[silvio]

for your lab: your config is okay in my opinion. No idea about the reason for this strange behavior of reachablity.
You can do more troubleshooting if you activate stats at all the services, check the mac-tables etc. no better idea in this case.... or open a ticket at ALE

Meantime I have seen this new feature in 8.5R4 too - but not tested yet. I hope it will work. Have you configured this?

regards
Silvio

[Muttley]

Hi Silvio
In my LAB if I enable the "vlan-xlation enable" on the SAP "LOOP-Management" port 1/1/26 it works; but "IMHO" this is only a workaround not the solution.

The new feature in 8.5R4 "Configuring an IP Interface on the Control BVLAN":
I have tested it, and it's working, you can assign an IP address at the VLAN-ID of the "Control BVLAN"; you do not need the phisical loop.
BUT you need one or more 802.1q or access port to connect the "managment SPB-Control-BVLAN" to another network...it's not possible use a SPB SAP port..

This my LAB