[PVE-User] PVE and Cisco Catalyst switched...

[PVE-User] PVE and Cisco Catalyst switched...

[Marco Gaiarin]

I'm a bit (ab)used to different switches brand, mostly HP/Aruba, but
now i've o work on cisco catalyst ones.

But i've a trouble...


I've to manage some little clusters of two servers, where the second
server is a little/backup one; primary server have a two gigabit link
bond, spare server only one link.

But for a sake of symmetry and mental health, i've defined in switches
two bond/trunk, and i was supposing that, as in HP, i can simply connect
only one port of the trunk.

But port led never get green, keep in amber color...


Catalyst side:

 interface range GigabitEthernet1/0/14, GigabitEthernet2/0/14
  switchport mode trunk
  channel-group 9 mode active
  exit
 interface port-channel 9
  description Trunk LAN Server 2
  switchport mode trunk
  switchport trunk allowed vlan 1,90,99
  exit

and PVE side:

 auto vmbr0
 iface vmbr0 inet static
	address 10.15.5.21/21
	gateway 10.15.0.1
	bridge-ports eno1
	bridge-stp off
	bridge-fd 0
	bridge-vlan-aware yes
	bridge-vids 2-4094

With this configuration, if i connect 'eno1' cable to port 14 (switch1
or switch2, it is the same), switch port led never get 'green'.


What i'm missing? Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

Re: [PVE-User] PVE and Cisco Catalyst switched...

[Naumann, Thomas]

Hi,

our working config with cisco nexus switches:

cisco side:

interface port-channelxxx
  switchport mode trunk
  switchport trunk allowed vlan xxx
  flowcontrol receive on
  flowcontrol send on

proxmox side:

auto bond1
iface bond1 inet manual
        up ip link set $IFACE up
        bond-slaves xxx xxx
        bond-mode 802.3ad
        bond-miimon 100
        bond-lacp-rate 1
        bond-xmit-hash-policy layer2+3
        bond-min-links 1

best regards
-- 
Thomas Naumann

Abteilung Netze und Kommunikation
Otto-von-Guericke Universität Magdeburg
Universitätsrechenzentrum
Universitätsplatz 2
39106 Magdeburg

fon: +49 391 67-58563
email: thomas.naumann@ovgu.de

On Wed, 2021-07-14 at 18:19 +0200, Marco Gaiarin wrote:
> I'm a bit (ab)used to different switches brand, mostly HP/Aruba, but
> now i've o work on cisco catalyst ones.
> 
> But i've a trouble...
> 
> 
> I've to manage some little clusters of two servers, where the second
> server is a little/backup one; primary server have a two gigabit link
> bond, spare server only one link.
> 
> But for a sake of symmetry and mental health, i've defined in
> switches
> two bond/trunk, and i was supposing that, as in HP, i can simply
> connect
> only one port of the trunk.
> 
> But port led never get green, keep in amber color...
> 
> 
> Catalyst side:
> 
>  interface range GigabitEthernet1/0/14, GigabitEthernet2/0/14
>   switchport mode trunk
>   channel-group 9 mode active
>   exit
>  interface port-channel 9
>   description Trunk LAN Server 2
>   switchport mode trunk
>   switchport trunk allowed vlan 1,90,99
>   exit
> 
> and PVE side:
> 
>  auto vmbr0
>  iface vmbr0 inet static
> 	address 10.15.5.21/21
> 	gateway 10.15.0.1
> 	bridge-ports eno1
> 	bridge-stp off
> 	bridge-fd 0
> 	bridge-vlan-aware yes
> 	bridge-vids 2-4094
> 
> With this configuration, if i connect 'eno1' cable to port 14
> (switch1
> or switch2, it is the same), switch port led never get 'green'.
> 
> 
> What i'm missing? Thanks.
> 

Re: [PVE-User] PVE and Cisco Catalyst switched...

[Marco Gaiarin]

Mandi! Daniel via pve-user
  In chel di` si favelave...

> check the Cisco log "sh logg" when the LED stays orange it could be an STP problem.

OK. I will try next week.


> Why you didn’t configure it as a port-channel interface? (bond on Linux)

...because i have only one NIC. ;-)

You (and Thomas, too, thanks!) are meaning that i need anyway to create
an LACP bond with only one member to talk to an LACP cisco trunk?

With HP (and Ubiquity, also) it is not needed!


Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

Re: [PVE-User] PVE and Cisco Catalyst switched...

[Naumann, Thomas]

Hi,

LACP is not a "must have", you need it if you want to have physical HA.
If there is only one physical interface on proxmox node then you can
configure one switchport on cisco side as acces/trunk-port - for
example:

proxmox side:

auto vmbrxxx
iface vmbrxxx inet static
        address xxx
        gateway xxx
        bridge_ports xxx
        bridge_stp on
        bridge_fd 3

cisco side:

interface GigabitEthernetxxx
 description xxx
 switchport
 switchport access vlan xxx
 switchport mode access
 no vtp
 spanning-tree portfast edge
 spanning-tree guard root

best regards
-- 
Thomas Naumann

Abteilung Netze und Kommunikation
Otto-von-Guericke Universität Magdeburg
Universitätsrechenzentrum
Universitätsplatz 2
39106 Magdeburg

fon: +49 391 67-58563
email: thomas.naumann@ovgu.de

On Thu, 2021-07-15 at 12:29 +0200, Marco Gaiarin wrote:
> Mandi! Daniel via pve-user
>   In chel di` si favelave...
> 
> > check the Cisco log "sh logg" when the LED stays orange it could be
> > an STP problem.
> 
> OK. I will try next week.
> 
> 
> > Why you didn’t configure it as a port-channel interface? (bond on
> > Linux)
> 
> ...because i have only one NIC. ;-)
> 
> You (and Thomas, too, thanks!) are meaning that i need anyway to
> create
> an LACP bond with only one member to talk to an LACP cisco trunk?
> 
> With HP (and Ubiquity, also) it is not needed!
> 
> 
> Thanks.
> 

Re: [PVE-User] PVE and Cisco Catalyst switches...

[Marco Gaiarin]

Mandi! Daniel via pve-user
  In chel di` si favelave...

> When i am correct you also need to enable igmp.
> That was in older Versions mandantory. Maybe it is already enabled on your switch.

Seems just enabled on recent firmwares.

	https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swigmp.html#28646

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)