VMware Cloud Community
NetJnkie
Contributor
Contributor
‎08-07-2009 08:43 AM

Nexus 1000v System VLAN Ports Blocked

I'm trying to migrate the Nexus 1000v VSM from vSwitch port groups to those I created on the dvSwitch for Packet, Control, and Management. Management seems fine, but Packet and Control are not. When I move the network connections to the dvSwitch it appears the ports are blocked. A screenshot below shows the X icons. Why is it doing this?

6529_6529.png

0 Kudos
6 Replies
lwatta
Hot Shot
Hot Shot
‎08-07-2009 09:18 AM

I can't recall what my configuration shows. One thing I do remember is that the GUI is not always a good representation of whats going on.

After you move the VSM so that it's network ports are on the VEM module, you should still see the VEM modules with a "show module" command on the VSM command line. If you still see all the VEM modules show up then your control network is working.

There is no L3 connectivity between VSM and VEM on the control network. It could be that VC doesn't see L3 traffic so it does not turn the port green. All control traffic is L2 only.

As long as your VSM can still see all the VEM modules you are good to go. I'll duplicate in my lab and if the ports don't go green I'll file a bug.

One last thing. Make sure your port-profiles for control and packet have a "system vlan" directive in the configuration.

louis

NetJnkie
Contributor
Contributor
‎08-07-2009 09:47 AM

Thank you Louis. I had forgotten the "system vlan" lines in the Control and Packet port-profiles. So now it's working when I move it over but I'm getting:

2009 Aug 7 15:43:27 CRMCN1KvMcK %KERN-1-SYSTEM_MSG: Dropping received frames from duplicate VSM - kernel

I know this means it's seeing a loop, but why? I'm using vPC-HM and it appears to be correct. Below is config and output:

show int bri

-

Port VRF Status IP Address Speed MTU

-

mgmt0 -- up 10.180.0.10 1000 1500

-

Ethernet VLAN Type Mode Status Reason Speed Port

Interface Ch #

-

Eth3/5 1 eth trunk up none 10G(D) 1

Eth3/6 1 eth trunk up none 10G(D) 1

Eth4/5 1 eth trunk up none 10G(D) 2

Eth4/6 1 eth trunk up none 10G(D) 2

Eth5/5 1 eth trunk up none 10G(D) 3

Eth5/6 1 eth trunk up none 10G(D) 3

Eth6/5 1 eth trunk up none 10G(D) 4

Eth6/6 1 eth trunk up none 10G(D) 4

Eth7/5 1 eth trunk up none 10G(D) 5

Eth7/6 1 eth trunk up none 10G(D) 5

Eth8/5 1 eth trunk up none 10G(D) 6

Eth8/6 1 eth trunk up none 10G(D) 6

Eth9/5 1 eth trunk up none 10G(D) 7

Eth9/6 1 eth trunk up none 10G(D) 7

-

Port-channel VLAN Type Mode Status Reason Speed Protocol

Interface

-

Po1 1 eth trunk up none a-10G(D) none

Po2 1 eth trunk up none a-10G(D) none

Po3 1 eth trunk up none a-10G(D) none

Po4 1 eth trunk up none a-10G(D) none

Po5 1 eth trunk up none a-10G(D) none

Po6 1 eth trunk up none a-10G(D) none

Po7 1 eth trunk up none a-10G(D) none

-

Interface VLAN Type Mode Status Reason MTU

-

Veth1 404 virt access up none 1500

Veth2 403 virt access up none 1500

Veth3 403 virt access up none 1500

Veth4 404 virt access up none 1500

Veth5 401 virt access up none 1500

Veth6 401 virt access up none 1500

Veth7 401 virt access nonPcpt nonParticipating 1500

Veth8 403 virt access up none 1500

Veth9 403 virt access nonPcpt nonParticipating 1500

Veth10 404 virt access nonPcpt nonParticipating 1500

Veth11 404 virt access up none 1500

CRMCN1KvMcK(config-port-prof)#

port-profile system-uplink

capability uplink

vmware port-group

switchport mode trunk

switchport trunk allowed vlan all

channel-group auto mode on sub-group cdp

no shutdown

system vlan 403-404

state enabled

port-profile Management

vmware port-group

switchport mode access

switchport access vlan 401

no shutdown

state enabled

port-profile Control

vmware port-group

switchport mode access

switchport access vlan 403

channel-group auto mode on sub-group cdp

no shutdown

system vlan 403

state enabled

port-profile Packet

vmware port-group

switchport mode access

switchport access vlan 404

channel-group auto mode on sub-group cdp

no shutdown

system vlan 404

state enabled

0 Kudos
lwatta
Hot Shot
Hot Shot
‎08-07-2009 09:55 AM

You should not be getting duplicate frames if you are using vPC-HM.

The config below looks like 7 hosts with 2 nics each. Are the connections of the nics to different switches or the same switch? vPC-HM is meant to channel connections to two different switches. You'll get the duplicate frame error if you configure vPC-HM with multiple connections to the same switch.

The only other thing is that you have specified "channel-group auto mode on sub-group cdp" under the Control and Packet port-profiles.You only need to configure channel groups on the uplink port-profiles.

Take the channel-group command out of the control and packet port-profiles and see if the error goes away.

louis

0 Kudos
rob_ellison
Contributor
Contributor
‎08-12-2009 02:31 AM

i'd seriously suggest not moving the VSM inside the dvSwitch. if for some reason you have a problem, the whole of the network will die. i tried this initially but after a lot of testing decided on keeping the VSM on a separeate standard vSwitch. since then i have had no issues loosing the VSM.

0 Kudos
ViFXStu
Contributor
Contributor
‎11-28-2010 01:44 AM

Can you attach standard VM's to this port profile too? Can the vCenter server be on the same port profile when it is defined as a system VLAN?

Also, out of curiosity what's vswif3 for in the screenshot?

0 Kudos
lwatta
Hot Shot
Hot Shot
‎11-29-2010 02:30 PM

Yes you can have attach standard VMs to the port-profile. I do this all the time. I create on port-profile and stick my packet, control, and mgmt interfaces for my VSM as well as my vCenter server on the same port-profile.

louis

0 Kudos