[c-nsp] Nexus 5K optimisation for iSCSI traffic

Geert Nijs geert.nijs at gmail.com
Sun Aug 7 14:59:46 EDT 2011 

Thanks Brad for this tip.
I was experiencing a similar problem where a downstream cisco bladeswitch
was preventing ISSU on my N5K (it was not considered an STP edge port).
I myself came up with the outbound BPDUfilter solution on the blade switch,
but flexlinks might be a safer solution.
1) Could you explain why flexlink is safer than bpdufilter for example ?
2) Can i use flexlinks if my blade switch only has one uplink (ie. there is
no backup port) (there is of course another blade switch in the chassis that
has an uplink to the alternative switch and blade switches are running
link state tracking, i am sure you are familiar with this setup)


regards,
Geert

2011/8/5 Brad Hedlund (brhedlun) <brhedlun at cisco.com>

> No. The FEX has BPDU Guard logic running in hardware. The moment a BPDU is
> received on the port it will be disabled.
>
> On the blade switches you can implement:
> 1) Flex Links (safe)
> 2) Egress BPDU filter (risky)
> 3) Disable STP (dangerous)
>
> For #2 and #3, a misconfigured or missing LACP config can cause a loop.
> For #3, a misconfigured server NIC teaming can cause a loop.
>
> Cheers,
> Brad
> http://bradhedlund.com
>
> Sent from my iPad
> (please excuse brevity, typos)
>
> On Aug 5, 2011, at 9:49 AM, "Matthew Melbourne" <matt at melbourne.org.uk>
> wrote:
>
> > Can P prevent a FEX port being disabled by implementing bpdufilter, or
> > do we need to ensure that BPDUs aren't receiving on FEX ports?
> >
> > We were hoping to use LACP between the downstream switch and the FEXes
> > as a poor-man's loop prevention mechanism.
> >
> > Cheers,
> >
> > Matt
> >
> > On 5 August 2011 15:17, John Gill <johgill at cisco.com> wrote:
> >> It would be filter toward the FEX ports on your blade switches, but not
> on
> >> the FEX ports themselves. Whether you turn STP off or not on the blades,
> the
> >> FEX doesn't know. Just remembering if you create a loop, you no longer
> have
> >> the protection of STP; you are intentionally tricking the FEX into not
> >> knowing there is a switch downstream.
> >>
> >> Regards,
> >> John Gill
> >> cisco
> >>
> >> On 8/5/11 9:59 AM, Matthew Melbourne wrote:
> >>>
> >>> Thanks for that - that's another issue we've encountered. I am hoping
> >>> we can implement bpdufilter on the FEX ports (as well as disabling STP
> >>> on downstream switches).
> >>>
> >>> On 5 August 2011 14:12, Brad Hedlund (brhedlun)<brhedlun at cisco.com>
> >>>  wrote:
> >>>>
> >>>> Note that the FEX will disable any port that receives a BPDU, by
> design
> >>>> in hardware.  You will need to disable STP on the blade-switch-to-FEX
> links
> >>>> for this to work. If it's Cisco blade switches you can use Flex Links.
> >>>>
> >>>> Cheers,
> >>>> Brad
> >>>> http://bradhedlund.com
> >>>>
> >>>> Sent from my iPad
> >>>> (please excuse brevity, typos)
> >>>>
> >>>> On Aug 5, 2011, at 6:08 AM, "Matthew Melbourne"<matt at melbourne.org.uk
> >
> >>>>  wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> We're implementing two pairs of N5Ks (and downstream N2k FEXes) to
> act
> >>>>> as separate iSCSI SAN fabrics, with SAN heads attached directly to
> >>>>> N5Ks and host ports (and downstream integrated blade switches)
> >>>>> connecting to the FEXes. Does anyone have any real-world experience
> of
> >>>>> using N5Ks for a large iSCSI deployment. I have enabled jumbo frames
> >>>>> through a network-qos policy-map as an obvious first-step, but wonder
> >>>>> whether anything can be optimised by tuning buffer sizes to
> >>>>> accommodate the bursty nature of iSCSI (etc)? This switches will only
> >>>>> be switching iSCSI traffic.
> >>>>>
> >>>>> Cheers,
> >>>>>
> >>>>> Matt
> >>>>>
> >>>>> --
> >>>>> Matthew Melbourne
> >>>>> _______________________________________________
> >>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
> >
> >
> > --
> > Matthew Melbourne
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list