[e-nsp] Extreme newbie questions...

Luis Mercado lmercado at logicworks.net
Wed Aug 7 13:26:15 EDT 2013 

Oh we are also running ospf v3 for some clients. My issue is not with dynamic routing. 
My issue is filtering on these. It's a hack job essentially. There are no built in functions 
that handle establish/related (TCP/UDP) between vlans so you have to Filter based on 
syn flags and allow 1023 or greater for UDP.  


There is no concept of object-group like in cisco or juniper. This means what you can accomplish
with two object groups and a single line acl on a cisco or juniper device, it would take 50 or 60 lines 
on an extreme switch policy file. Their filtering its terrible. It's a throwback to the 90s.

We built policy files for a client with 20 vlans on a six node stack (x460s). The filtering is granular
Host to host/ layer 4. After we modify an policy we can't use the refresh feature because the is a risk 
That the recompiling takes down the switch. (In our case it took down our switch.) This is a bug that 
Is affecting  15.1.2.12 and lower versions. The fix is a patch that requires taking down the entire stack
which means a complete outage. 

We do nfs ESX mounts through these switches, which means we have to shut down 100s of VMS prior and
post to maintenance upgrade. 

Per extreme networks the refresh feature is not worth it which you have a stack of more than 4 nodes. 
The best approach is to remove the policy from the interface after you modify the file and reattach to 
the interface after bootup is completed.

Extreme Neworks has seen cases where it takes a 6 node stack 4 hours to come up after reboot because of the 
filtering issue. Part of the bootup process is to parse/compile  all policies across all slots  etc...  The fix for that is to remove all 
filters from vlan interfaces prior to the reload. Do the reload and reattach the policies to the interfaces after the 
reload. What a mess..


My two cents..


-LM


-----Original Message-----
From: Bruno Lebayle [mailto:lebayle at esrf.fr] 
Sent: Wednesday, August 07, 2013 1:47 AM
To: Luis Mercado
Cc: Simon Lockhart; extreme-nsp at puck.nether.net
Subject: Re: [e-nsp] Extreme newbie questions...

Hello,

On 08/06/2013 10:06 PM, Luis Mercado wrote:
> Hi Simon,
>
> [1]
> We are using extreme switches mainly for their layer 2 functionality 
> (EAPS) . Quite frankly I don't trust them as layer III  devices. We 
> are using x650s and x460s. I don't have a ospf problem you are having. 
> It sounds like

Funny enough, we are using many X670/X650 and BD8810/8910/X8 as layer 3 devices with VRRP. We have even BGP on our site routers (couples of X650s using MLAG).
Just my two cents.

Cheers,
Bruno.
_____________________________________________________________________
         o
      o  o  o       Bruno LEBAYLE - Systems and Communications group
   o   o o o   o    E.S.R.F (European Synchrotron Radiation Facility)
     o  ooo  o      6 rue Jules Horowitz BP220 38043 GRENOBLE CEDEX 9
o o o ooooo o o o  phone (33)4-7688-2258
     o  ooo  o      fax   (33)4-7688-2020
   o   o o o   o    email lebayle at esrf.fr
      o  o  o
         o          http://www.esrf.fr
_____________________________________________________________________

More information about the extreme-nsp mailing list