In this episode, Sean Donahue is joined by Al Solorzano of E360 to discuss the worst disasters they've recovered from. Surprise twist, not all clouds are cumulonimbus and not all disasters are natural.<\/p><\/oembed>

Resources<\/p>

5个Nutanix节点,带有两个Cisco Nexus 9K核心网络最佳实践

s

我将5个Nutanix节点连接到两个Cisco Nexus 9K核心。

MGMT端口连接到TOR FEX,然后连接到1-10 GIG Fiber到Core1,并从每个节点连接到1-10 GIG Fiber到Core2。所有10个均为行李箱模式下的VPC端口,SwitchPort TRUNK本地VLAN#带有Spanning-Tree Type Edge Trunk。

我的问题是,我发现了针对Cisco Nexus推荐的Pratices的Nutanix文章#000002455,他们说您应该添加到spanning-tree bpduguaard enable和spanning-tree bpdufilter enable中。

思科说,他们不建议这些跨越树的设置。

谁是对的?

I am connecting 5 Nutanix Nodes\u00a0to two Cisco Nexus 9K cores.<\/p>

The MGMT ports are\u00a0connected to TOR FEX then\u00a01-10 Gig\u00a0Fibre to Core1 and 1-10 Gig\u00a0Fibre to Core2 from each node. All 10 are VPC ports in trunk mode, switchport trunk native vlan #\u00a0with\u00a0spanning-tree port type edge trunk.<\/p>

My question is, I found a Nutanix article #000002455 for Cisco Nexus Recommended Pratices\u00a0and they state you should add to the configuration spanning-tree bpduguaard enable and spanning-tree bpdufilter enable.<\/p>

Cisco says they dont recommend these spanning-tree settings.<\/p>

Who is right?<\/p>","quoteUsername":"ScooterHanson","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

2个答复

阿罗纳
秩
UserLevel 6
徽章 +5

嗨,Scooterhanson,

When choosing to follow vendor best practices and recommendations it is important to keep in mind the reasoning behind them, I think.

BPDU的守卫基本上是将环境与已接收BPDU框架的端口隔离。

BPDU过滤器忽略了端口上接收到的BPDU帧。

思科:

BPDU警卫可防止端口接收BPDU。如果端口仍然收到BPDU,则将其作为保护措施将其放在错误的状态下。

警告使用此命令时要小心。您应仅与连接到端站的接口一起使用此命令;否则,偶然的拓扑循环可能会导致数据包循环并破坏开关和网络操作。

nutanixKB-2455

考虑启用BDPU过滤器,并在全球范围内或以每个接口为基础进行防护。
这样一来,请确保每主机缓解跨越树问题。
潜在的问题是管理员或用户在VM内提出虚拟路由器或类似工作负载,并将BDPU从主机接口注入网络。

在面对Nutanix集群的港口上启用BPDU警卫似乎对我来说是一件合理的事情。

您对此有何看法?它的哪一部分使您感到困惑?

Hi ScooterHanson,<\/p>

\u00a0<\/p>

When choosing to follow vendor best practices and recommendations it is important to keep in mind the reasoning behind them, I think.<\/p>

What a BPDU guard is for basically is isolating the environment from the port that has received a BPDU frame while it should not have.<\/p>

BPDU filter ignores the BPDU frames received on the port.<\/p>

Cisco:<\/p>

BPDU Guard prevents a port from receiving BPDUs. If the port still receives a BPDU, it is put in the error-disabled state as a protective measure.<\/p>

Caution <\/strong>Be careful when using this command. You should use this command only with interfaces that connect to end stations; otherwise, an accidental topology loop could cause a data-packet loop and disrupt the switch and network operation.<\/p><\/blockquote>

Nutanix KB-2455<\/a>:<\/p>

consider enabling BDPU Filter and Guard either globally, or on a per-interface basis.
This ensure the mitigation of spanning tree issues on a per-host basis.
A potential issue would be an administrator or a user bringing up a virtual router or similar workload inside a VM, and injecting BDPUs into the network from a host interface.<\/p><\/blockquote>

Enabling BPDU guard on the ports facing Nutanix cluster seems like a reasonable thing to do to me.<\/p>

What\u2019s your take on it? Which part of it confuses you?<\/p>","quoteUsername":"Alona","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

s

感谢您的答复,我的困惑是思科不建议使用Spanning-Tree设置,而Nutanix则做到了。

最后,我接受了Nutanix的建议,并在每个端口上都添加了警卫和过滤器(主机)

Thank you for your reply, my confusion was Cisco did not recommend using the spanning-tree settings and Nutanix did.<\/p>

In the end I went with Nutanix\u2019s recommendation and added both guard and filter on each port (per-host)<\/p>","quoteUsername":"ScooterHanson","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

回复


条款和条件
Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
Functional","cookiepolicy.modal.level2":"Normal
Functional + analytics","cookiepolicy.modal.level3":"Complete
Functional + analytics + social media + embedded videos"}}}">
Baidu