In this episode, Sean Donahue is joined by Al Solorzano of E360 to discuss the worst disasters they've recovered from. Surprise twist, not all clouds are cumulonimbus and not all disasters are natural.<\/p><\/oembed>

Resources<\/p>

5个Nutanix节点,带有两个Cisco Nexus 9K核心网络最佳实践


我将5个Nutanix节点连接到两个Cisco Nexus 9K核心。

MGMT端口连接到TOR FEX,然后连接到1-10 GIG Fiber到Core1,并从每个节点连接到1-10 GIG Fiber到Core2。所有10个均为行李箱模式下的VPC端口,SwitchPort TRUNK本地VLAN#带有Spanning-Tree Type Edge Trunk。

我的问题是,我发现了针对Cisco Nexus推荐的Pratices的Nutanix文章#000002455,他们说您应该添加到spanning-tree bpduguaard enable和spanning-tree bpdufilter enable中。

思科说,他们不建议这些跨越树的设置。

谁是对的?


2个答复

UserLevel 6
徽章 +5

嗨,Scooterhanson,

When choosing to follow vendor best practices and recommendations it is important to keep in mind the reasoning behind them, I think.

BPDU的守卫基本上是将环境与已接收BPDU框架的端口隔离。

BPDU过滤器忽略了端口上接收到的BPDU帧。

思科:

BPDU警卫可防止端口接收BPDU。如果端口仍然收到BPDU,则将其作为保护措施将其放在错误的状态下。

警告使用此命令时要小心。您应仅与连接到端站的接口一起使用此命令;否则,偶然的拓扑循环可能会导致数据包循环并破坏开关和网络操作。

nutanixKB-2455

考虑启用BDPU过滤器,并在全球范围内或以每个接口为基础进行防护。
这样一来,请确保每主机缓解跨越树问题。
潜在的问题是管理员或用户在VM内提出虚拟路由器或类似工作负载,并将BDPU从主机接口注入网络。

在面对Nutanix集群的港口上启用BPDU警卫似乎对我来说是一件合理的事情。

您对此有何看法?它的哪一部分使您感到困惑?

感谢您的答复,我的困惑是思科不建议使用Spanning-Tree设置,而Nutanix则做到了。

最后,我接受了Nutanix的建议,并在每个端口上都添加了警卫和过滤器(主机)

回复


Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu