Unknown unicast in fabric ACI

Similar Questions

• FabricPath or OTV between two data center using Direct fiber cable

  Hello

  I have two data center both of them has the same equipment N7k, N5k and N2k, and we want the dataCenter being active/active, I'm really confused to use OTV or FabricPath characteristic, if someone can help me with my scenario and explain to me what is the best solution and advantage and disadvantage between OTV and PabrcPath.

  Many thanks in advance

  Hi Steven,

  No problem, I'll go through your points as completely as possible. I advise you to read more about these protocols, maybe if you have access to INE or similar, see their videos on this. I would also like to say again that I have not seen all documentation Cisco indicating that FabricPath to be used as a DCI.

  With regard to the way fabric you ask what follows...

   1. only can use it between two datacenters of you have more we can't, please correct me?

  No, you can use the path of fabric with more than two data centers, but even with OTV, you can use it with more than two data centers.

   2. HSRP localization can not be implemented as OTV. However You can have two differnet Gateways at the Data Center 1 and 2 using two different HSRP groups. If server is moved dynamically from, (i didn't understand this point can you please explain with example?

  OK, so this is a GREAT topic. Location of HSRP CAN be implemented with OTV, but cannot be implemented with fabric path. First hop redundancy protocols can be localized and is supported by Cisco with OTV, this basically allows the same default gateway to reside in two of your data centers providing the ACTIVE/ACTIVE configuration. So no matter where your VM is, they did not change their default, even if gateway your servers to move to the other datacenter.

  If we didn't have this, we would have only an active member of HSRP divided between DC and things would be extremely troublesome in regard to traffic flows. A virtual machine in DC2 VLAN needs to talk to host in VLAN B. But the default gateway is completely in DC1. So frame is sent to the ICD in DC1, then the gateway by default, routes packets VLAN B. This VLAN B lies in fact in DC2, so now it has to go all the way back to DC2. You get my point...? :)

  With localization happen only local to the domain controller. If all servers / VMS in the domain controller can speak locally to its "own" default gateway.

   3. unknown unicast flooding (can you give me an example?)

  Unknown unicast traffic is unicast packets/images with unknown destination mac address. By default, switches are flooding this type of traffic to all ports in the VLAN. With path of fabric that would take place during your DCI, but with OTV, it is all taken care locally, so massive savings on bandwidth here and it is much more effective.

   4. ARP optimization between Data Center (can you give an example regarding ARP optimization?)

  There is another function of OTV, which makes it far superior on the way of tissue. Essentially, we are reducing the volume of traffic passing through the transport infrastructure (i.e. ICD)

  When ARP, host in DC1 to host that responds in DC2, we use links and there is travel time of package that might be minimal, but is not the most optimal. OTV AED - or edge device spy ARP response and subsequently knows that this mapping exists from there. ARP takes place after the first Protocol, the EDA almost proxy ARP to DC1 so the ARP request locally does not have to travel to DC2.

   5. Typically two flows (Odd VLANs by OTV-VDC-1 and even vlans by OTV-VDC-2) carry the entire layer 2 traffic flow between the two Data Centes. Hence the load balancing the links is not efficient. ( (can you explain compare with FabricPath if you have example?)

  IMHO, it's bad and good. Balance the workload of the OTV if you have more than an AED on site. VLAN strange appointment via an AED, even numbered VLAN go through the other. Depending on traffic on VLANs, this could become unbalanced. Fabric used by all its links to mac addresses 'route' to the respective SID - ID switch she needs to do. So perhaps a better uniformity of split here.

   6. VLAN scalability for OTV is lower than FabricPath as of this content writing. (can you explain what this mean i didn't understand it)

  I completely disagree with this comment. I too do not understand.

   7. Resiliency of FabricPath network is better than OTV in some failure scenarios.(can me an example ?)

  I also disagree with that. Resilience of path of fabric could be same as OTV or perhaps better. However, my personal experience is that OTV fine tuning with things like BFD failover is much faster!

  Fabric is good because the control of aircraft ISIS and its operation is admirable, but could say the same for the OTV.

  Lets say one of the DCI links had to die, the transmission of the tissue path would continue through the other links, then perhaps for low latency, high frequency, environments that would be beneficial. OTV will change the EDA and re - learn mac, announced by other AEDS, addresses, but as I said, the time could be extremely minimal and tuning. This isn't a big deal, unless you need under second time convergence!

  I hope that I have answered your questions, I recommend use for your DCI OTV, use the path of fabric for your inside of local switching in your DC. This has been implemented repeatedly and the links I sent you the models validated Cisco also point out.

  Remember - fabric has been built to be a step towards TRILL, and replacement of protocols spanning-tree, OTV was built especially for the dci. They are both built and examples of specific design. It makes no sense to get these confused or mixed up, unless there is a real and pressing the case.

  Joel conclusion is right, use the right tools for the job. If the use case is good for the FP then OK, if not, OTV.

  Rcmnd - reading http://www.packetmischief.ca/2013/04/23/DCI-series-overlay-transport-vir...

  These are just my thoughts.

  Bilal (CCIE #45032)

• VLAN Basics

  I read the books of Wendell Odom and I have a question about VLANS and trunking. As far I knew trunking is necessary when you have a network that is split in two between multiple switches. When a host sends a broadcast shall be issued to all hosts in this VLAN on all switches. Switches in turn need to know the VLAN ID when the package comes from another switch. Otherwise he won't know where to deliver the broadcast.

  So in short, my understanding is that trunking is only required for the provision of programming (or packages from unknown hosts, when the package is also flooded to all ports VLAN and trunk) between the switches and only in cases where the network is split between them.

  But I also read that the trunks are necessary between switches and default gateways for networks with the switch services. But I don't see the reason for it. Say, you switch1 switch2 vlanB, vlanA. There is no spread between the switches. And if the host vlanA must deliver unicast packets to host vlanB, then packet is routed using general rules. It comes to the default gateway, then the corresponding switch. Who needs to know the VLAN ID here and for what reason?

  I understand your concern in this way - if the MAC address is unique so why should we VLAN for unicast transfer of packages of L2 if this can be done simply using the destination MAC.

  In a very simple situation it is possible, YES. But the network is not that simple now. Accept this notion of VLAN began with the broadcast domain. And at the beginning of each unicast is unknown unicast to switch that is sent on all ports to get to the destination - then it's first use of the VLAN - limit the scope of unknown unicast.

  Once that known and learned switch destination MAC on his CAM it can transfer packets by dest MAC and no limit to reach necessary because we have unique destination port. But imagine switch is reloaded or CAM table age expired time-out and all MAC removed - now your unicast is unknown still - if you do not use of VLAN at this time here you will flood all ports with it until your learn the destination MAC in CAM. So it's not like--we have VLAN only for broadcast - we need for the unicast to the field of application of the limit of the outbound ports when dest MAC is unknown. And once configured this VLAN we cannot say - tag only these unicast packets and not tag other - we tag all - that's the concept.

  Another thing to support VLAN for unicast - imagine this package came to its final output port. You have this connected IP phone and PC port. Those of design in the field of different mailing - in different VLANS. PC VLAN is untagged, and voice VLAN is tagged as IP phone can understand this encapsulation. If you package was voice and you have lost your tag VLAN already - he will send you to the PC not identified even if you have the right destination MAC of the IP phone and it will be dropped on PC because of incorrect Mac

  Third situation is when the output port is connected to the server hostying multiple virtual machines. Those who can share the same physical MAC but server can support dot1q tagging and put them in different VLANS. Once again if you have lost your code of VLANS through switches you will not be able to achieve the correct server.

  So the questions of VLAN is not just about how to pass from one switch to another - is the notion of transfer from one side to the other packages L2. Package from one VLAN must always stay there if that's the L2 and the output of the last switch to VLAN correct (labeled or not identified based on the connected device).

  VLAN concept goes further L3 routing as explained above in my and Alans messages.

  I hope this helps.

  Nik

• How a loop shape in a misconfigured Etherchannel?

  Dear friends,

  It is a question frequently observed and practically proven that if both switches are interconnected by a number of parallel links that are grouped in an Etherchannel on a switch (of course, using the mode on ) while being unbundled on the second switch, a loop of Layer2 may well be created. However, I do not understand the exact mechanism of the formation of this loop.

  I am well aware of the basic principles behind: I know that STP treats interface Port-Channel as a single interface, and all Member links grouped in that Etherchannel share the same role/State PLEASE. I also understand that a frame of broadcast/multicast/unknown unicast sent by a port in the Etherchannel will reach the switch in front and cross flooded all the other links, arriving finally at the switch with the Etherchannel configuration.

  And right there, that is where my understanding ends: the framework came back and its destination is still unknown. However, from the point of view of the switch, the frame came in through a specific Port-Channel interface. If this switch flooding the frame, there he will flood through all ports except the port through which the framework was, which means that the frame will never sent through the Port-Channel. How the loop is created, then?

  Thank you so much for helping me with this!

  Best regards

  Peter

  Peter,

  The packages will be flooded with all interfaces for unknown broadcast/unicast packets with the exception of the interface when the flood came.

  In a 2 switch topology, switch A (which has the bundle) will flood the package on the members of the group waiting B switch to receive the package on its package.

  However, switch B will not receive the package on one of its physical interfaces and may experience flooding to B switch off its other physical interface connected which causes the STP loop.

  Kind regards

  Edison.

• UCS B200M3, quirk of connectivity to the Switch 3750 G

  Morning all,

  Hoping someone can help, I have a strange situation that occurs with my new installation of UCS.

  The configuration is:

  UCS chassis connected to a pair of interconnections of tissue 6248UP, using 2208XP/o Modules.

  I connect this to a stack of distribution 3750, I configured 2 etherchannels on the pile of 3750 and in the UCS Manager, these are configured to pass all the VLANS relevant, I have three blades (B200M3), installed in the chassis with VMWare ESXI 5 installed.

  Once they have all been implemented, they can communicate both feel to and from the network without problem, both vmware networks and local network.

  2 a night or more (without modification) blades (slots 2 and 3) stop communicating on the network. I can get them working again by making a few changes to network settings and everything will be ok until the next day.

  I am at a loss as to what may be causing this.

  Any help would be great.

  Thank you

  Chris

  That should solve your problem.  UCS will not pass unknown unicast, so if a MAC of UCS blade/VM address aging of your 3750, the outside world will be not able to reach it.  Under production operation normal/servers are normally talkative enough to avoid depleting and aging timers you only will see probably this at this time during the installation when there is little or no send/receive VMs.  Another option is to increase the timers of aging on the 3750.

  Let me know that he's going tomorrow.

  Kind regards

  Robert

• Are these viable designs for NIC teaming on UCS C-Series?

  Is this a viable design on ESXi 5.1 on UCS C240 with 2 Quad port nic cards?

  Option A) VMware consolidation of NIC with the load balancing of interfaces vmnic in an configuration active/active through alternate and redundant physical paths to the network.

  Option B) VMware consolidation of NIC with the load balancing of the interfaces in a configuration vmnic Active/Standy by alternate and redundant paths of material to the network.

  Option A:

  

  Option B:

  

  Thank you.

  She really comes down to what means active/active N ° and type of switches upstream.  For ESXi NIC teaming - Active/Active load balancing provided the opportunity for all network links be active for devices different comments.  Grouping can be configured in a few different methods.  The default value is by ID of virtual port where each guest computer is assigned to an active port and then also a spare port.  Traffic to this host would be only sent on a connection at a time.

  For example, suppose 2 Ethernet connections and 4 guests on the ESX host.  Link 1 for switch 1 would be active for 1 and 2 and 2 link to switch 2 backup for 1 and 2.  However 2 link to switch 2 would be active for 3 guests and 4 and 1 link 1 switch backup for 1 and 2 comments.

  The following provides details on the configuration of the card NETWORK is teaming up with VMWare:

  http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=1004088

  There are also opportunities for LACP configuration in some situations, but there is a material special considerations on the side of the switch, but also on the host side.

  Keep in mind that the vSwitch does not blindly broadcast/multicast/unknown unicast on all ports.  He has a strict set of rules that prevents loopback.  It is not a traditional L2 redirector so loops are not taken into account in an active/active environment.

  In addition, this document explains VMWare Virtual Networking Concepts.

  http://www.VMware.com/files/PDF/virtual_networking_concepts.PDF

  Steve McQuerry

  UCS - Technical Marketing

• ACI - cannot reach hosts outside the fabric until the traffic is inititated from a host outside in a host connected to the fabric

  I have a group of the same EPG and VLAN statically mapped ports on my fabric of ACI.  One port connects to a port on a stack of 3750 x uplink.  Hosts on the fabric, I cannot ping hosts on the 3750 until I have initiated traffic from hosts on the 3750 in the fabric.  Once it done on each host of 3750, they can talk to each other.  Why is this happening?

  Thank you!

  When traffic is a failure, the destination will probably not learned as an EP in the fabric.  You can check by looking at the operational tab of the EPG.

  Once you ping the 3750, we learn the EP and traffic works from the original source.  When the BD "Equipment Proxy" mode, the destination must be learned.

  If you change the mode of the 'Flood' comic, then inundate us and learn as a normal switch.

  Joey

• HP laptop - 15-r132wm: unknown device - device Instance path (ACPI\INT33BD\1)

  I have an unknown device in Device Manager. When I plug in my power cord to charge I get a black screen as soon as I unplug the windows screen comes back. Not sure if they are related or not.

  Hello:

  I'm sure that you need this driver.  The most recent is for W8.1.

  This package provides the driver that allows the Intel SidebandFabric. Intel sideband fabric device driver is a bridge to the Intel platform dynamic and thermal setting. This gift package for models of laptop computers that are running an operating system supported.

  File name: sp65474.exe

  I don't know if he's not having the driver installed is related to the issue of the black screen.

• Are there special procedures when I update mode NX - OS (standalone) mode ACI of NX - 9 K?

  Hello world

  I have two questions.

  First of all, are there special procedures when I update mode NX - OS (standalone) mode ACI of NX - 9 K? For examples, NX - OS version, cards online, EPLDs, licenses and so on. And is it possible back ACI mode mode NX - OX, too?

  Secondly, I know that fabric module (below, FM) s are paired FM1 and 2, 3 and 4, 5 and 6, respectively when there are 48-Port 1 / 10 G T/F Module in the chassis. In this case, if the FM in slot 2 to lose, both links to slots 1 and 2 would be lost because the mux detects the loss of slot 2 and therefore takes traffic slot 1 also, that is, the slots are paired. If so, what are the benefits of an investment FM full? Please share your knowledge with me clear ^ ^

  All your help will be appreciated.

  Paul

  Paul,

  Sorry for the delay... Answers to your two questions.

  1. FM can go in one of the remaining slots. The line cards have Muxes them bound to each FM which is "installed" in the switch.

  2. you original question was related to the switches in the mode of the AIT.  As of today, there is limited line cards that operate in mode of the AIT.  3 FMs provide the necessary conditions for the rate of the line more most of the previously mentioned such line cards.  That said, once you install a N9K X9736PQ a minimum of 6 FMs are needed.  So if you have a failure on one FM, your BW system in the tissue deteriorates. The BW is shared across all line cards until the failed FM is replaced.

  T.

• Check IP unicast reverse path does not

  I configured the ip ip verify unicast reverse path on a Cisco 2611 runs code 12.3 (26). IP cef is enabled at level global but disabled using the no command of cef of cache to route ip on all interfaces except the interface WAN face (serial 0/0).

  !

  interface Serial0/0

  Description connected to the internet

  bandwidth 768

  IP 100.100.20.10 255.255.255.252

  Check IP unicast reverse path

  no ip redirection

  no ip unreachable

  no ip proxy-arp

  property intellectual accounting-access violations

  NAT outside IP

  route IP cache flow

  no ip mroute-cache

  no fair queue

  No cdp enable

  !

  Whenever I reboot the router, it works for awhile, then no longer works. The traffic meter see ip Unicast RPF drop unexpectedly closed escalating after a few minutes and stays where it stopped.

  Industrial property statistics:

  RCVD: 35015 total, 346 local destination

  format 0 errors, 0 checksum error, 0 number of bad jumps

  0 unknown protocol, 17 not a gateway

  security failures 0, 0 bad options, 0 with options

  Opts: 0 end, nop 0, 0, 0 route open source basic security

  timestamp 0, 0 extended security, road record 0

  0 stream ID, 0 source route strict, alert 0, cipso 0 0 ump

  0 other

  Frags: 0 up, 0 time 0 could not back up

  0 fragmented, fragments of 0, 0 could not fragment

  BCAST: 6 received, 0 envoys

  MCAST: 0 a 0 a received, sent

  Envoy: 265 generated, 23074 transmitted

  Drop: 1 encapsulation failure, 0 pending, 0 without adjacency

  120 none route, 467 unicast RPF, 0 forced fall

  options 0 denied

  Fall: 0 packets with source IP address zero

  Fall: 0 packages with inner loop back IP address

  Can anyone think of a reason it works for a few seconds after starting, and then stops?

  [edit]

  I took out the declaration route ip cache flow thought that was up here the problem, but still no change in the meter.

  There are several ways you can use for the same purpose, here are some examples:

  > LCD

  > Policy Based Routing + ACL (two interfaces, scoring on one, deletion via ACL)

  > MPF 'drop' keyword

  > Black Hole routing (Routes null 0)

  > uRPF

  Each method has its advantages and disadvantages, ACLs and static routes are difficult to maintain and operate. ACL with the keyword "log" is process switched, making it slower.

  Routing black hole works by sending a spoofed traffic (hit the Bogon) to Null0 Null0 being a direct adjacency (sort of the interface) of all routers CEF, it is relatively faster.

  uRPF is commonly used with Blackhole triggered remote routing (RTBH). For example, we manage a large organization with several points of entry into the network. Now you know that your network is under attack from back of Source 1.2.3.0/24 with RTBH, all border routers have active uRPF and there is an internal router, known as a 'Router Trigger. You could inject a route in your area of IGP, something like:

  IP route 1.2.3.0 255.255.255.0 null0 tag 255

  And then all the edge routers would receive this route and with the help of uRPF drop all packets 'source' from the network of the attacker. The process is a little more complicated than that, but I hope you get the idea.

  Concerning

  Farrukh

• SOA 12.1.3: REST adapter generates or execution "" unknown media type "Exception"

  Hi all

  We are working with a client looking to migrate from BPEL 10 g to Oracle 12 c. The current implementation incorporates a number of RESTFUL services through JAVA components that are called via BPEL. We seek, as part of the migration to migrate and simplify these with the use of new adapters REST. The use cases and the question is this:

  We have a customer who exposes a REST service via the usual principles. This service is provided by a 3rd independent provider such as an external service for 3rd part of customer applications. The REST service provides a number of resources and operations (GET, PUT, DELETE) to manipluate and retrieve data as directed by the interface that is provided.

  Based on one of these to MAKE Simple, we tried to create a new adapter IS based on the interface. The provider does not offer a w, so the REST adapter has been generated using the adapter REST within JDeveloper and configuration of the resources, operations, and application / types of responses as required. This generates the required w (see table).

  When you test the w via JDeveloper, the response is returned as expected. However when you deploy this SOA Suite 12.1.3, errors in the adapter a runtime. The error encountered is this:

  < Summary >oracle.fabric.common.FabricInvocationException: java.lang.RuntimeException: unknown media type: application/atom + xml; charset = utf-8; type = food< / summary >

  When you look at the response HTTP service through SOAP Ui I see the content type is set to application/atom + xml.

  After reviewing the Oracle Documentation, it doesn't seem to provide any indication on this issue or any possible reasons for its occurrence.

  Anyone had similar problems or shed some light on this issue? It appears on face value, that the adapters are not compatiable with this type of support, which can prove to be a big limitation

  What about Dave

  All,

  For any future reference is others get a similar question:

  I have been in contact with Oracle Support via a request of Service Oracle (SR). Development have provided a single patch to solve our problem. The patch number is 19580101 (Patch 19580101: cannot call REST services for mediatypes unsupported) and can be obtained via the Support of Oracle (metalink)

  We are in the early days of tests; However, this seems to be addressed to our problem.

  Concerning
  Dave

• I buy I phone 5 s of unknown source and I need for my apple ID to open

  I buy a new iphone from an unknown source and I need to unlock

  Sorry, but if you mean that it is locked to another Apple ID, then you're going to need help from the former owner or that the device doesn't help. If you do not find the former owner then your only option would be to try to get a refund there where you bought it. See find my iPhone Activation Lock - Apple Support

• Unknown error (-50) when you try to synchronize the phone

  I have a 6 s (iOS 10.0.2). iphone I have an iMac (27 inch, end 2012) running macOS Sierra version 10.12.

  I've recently updated my phone and my mac, (do not know if this is my problem). Tonight when I try to sync my phone, I get a message saying that "my phone can not be synchronized. An unknown error occurred (-50). »

  What is this error and how do I know what to do about an unknown error? When I looked for info and what to do, it seemed I might have to reset my phone to original settings and restore it. I'd rather not have to completely restore my phone (or mac) unless I absolutely have to. Any ideas or suggestions?

  Any help would be appreciated!

  This statement can help you If you see the error-54 when you synchronize with iTunes - Apple Support

• An unknown error occurred (9006) in restoring Iphone 5s

  OK, Im trying to restore my Iphone 5s, IE already I had updated to IOS 10 through my home Wifi connection page.

  At Midway after its done when he says "iPhone update software (file management)" error appears saying ".

  "" There was a problem downloading the software for the iPhone "iPhone" an unknown error has occurred (9006).

  Make sure your network settings are correct and your connection is active and try again. "

  I tried like 3 times and continues to be the same thing!

  My network settings are active and connected,

  Nothing works! :/

  Help, please!

  Have you ever tried these troubleshooting tips?

  Follow these steps to see if the problem is with your USB cable, a USB port or computer. Try again after each step:

  1. Use the USB cable supplied with your device. If you do not, try a different cable USB Apple.
  2. Switch to a different USB port on your computer. Do not connect on your keyboard.
  3. Plug it into another computer.
  4. If you still see the error, you can check for any other problem USB, with the third-party security softwareand the problems with hardware.

  copied from: get help with iOS update and restore errors

  If you try to restore through Wi - Fi, see if using iTunes on your computer will work instead. You will be able to download the firmware first, before it will be installed on the phone in a second time.

• Phone no ID number does not after updating ios 10, showing "unknown"

  Hi, I have recently updated to ios 10 on my iPhone 5s, after which my phone in the tab displays "unknown". Also I am not able to change a put my number inside. How to solve the problem? Asked me again activate Facetime and iMessage.

  Hello Milan_Mumbai,

  I think I understand your unknown phone number display in your settings. Also, you are being invited to activate new iMessage and FaceTime. These two issues have started after the update to iOS 10. I know not when it can be on your iPhone is not behave as expected after an update. I'm happy to help you.

  If there is a problem with your phone number in the settings, it could impact the iMessage and activations of FaceTime. First of all, I recommend you restart your iPhone. Restarting may solve many unexpected behaviours. Please use the steps below to restart if necessary.

  1. Press and hold the sleep/wake button until the Red slider appears.
  2. Drag the slider to turn off your device completely off.
  3. Once the device turns off, press and hold the sleep/wake button again until you see the Apple logo.

  Restart your iPhone, iPad or iPod touch

  If the problem persists, follow the steps below.

  1. Make sure that you are connected to a Wi-Fi network or cellular data. If you use an iPhone, you will need the SMS messaging to activate your phone number with iMessage and FaceTime. Depending on your operator, you might be charged for the SMS.
  2. Go to settings > general > Date & time and make sure you have properly configured your zone.

  If you get an error when you try to activate FaceTime or iMessage

  Have a wonderful day!