05-05-2010 06:03 AM - edited 03-01-2019 09:39 AM
Hi, FI-A has 10GE uplink to LAN switch-A. Let's call this UplinkA FI-B has 10GE uplink to LAN switch-B. Let's call this UplinkB If UplinkA fails, but the server ports between FI-A and IOM-A is still up. Will traffic be sent to FI-A and then black hole there? I tried this in our setup and it seems to be the case. Then I try to apply Network control policy to the vnic.. In the policy, i specify {"CDP=disabled", Action on uplink fail=link down"} But it still did not work, when UplinkA is down, my ESX still see it's VMNIC as up and continue to send packet to FI-A and blackhole there. (1) Is Network Control policy required to detect FI uplink failure to work properly? (2) How do i see the operation status of the Palo vnic, i.e, whether it is up or down? Can't seem to find a place to see the status. Did i miss out anything? THanks Eng Wee
05-05-2010 06:11 AM
Forgot to mention that FI-A and FI-B is configured as switch mode.
05-05-2010 06:20 AM
Hi ...
If you have the Fabric Interconnects in Switch mode you need to have connectivity between them (some ports connecting both)
1 - When you create a vNIC you can enable failover directly there without using policy
2 - Until now I have not been able to find a really good method of troubleshooting the palo card ... So I have to miss this one
Cheers
Nuno Ferreira
05-05-2010 06:38 AM
Hi Ferreira, Thanks for the reply. The uplink LANSwitch is actually a VSS. If i connect the two FI together using some 10GE ports, a layer 2 loop will be formed unless i can etherchannel (Multichassis Etherchannel) the uplink of FI-A and FI-B when connecting to the VSS. I think MEC is not supported in the FI. Alternate solution would be to have each FI to dual home to the LANSwitch. Each FI then creates a port-channel to the LANSwitch. In this way, there will be no L2 loop and no single point of failure. Unfortunately, my client only purchase 1x10GE uplink on each FI. How does end-host mode solve this problem? WHen UplinkA is down, vnic will go down? Rgds Eng Wee
05-05-2010 10:04 AM
Yes you can define that behavior on the Network Control Policy but if you have failover (to the other fabric) enabled then the traffic will fail automatically to the other FIC.
Please note that even in End Host mode the FIC still does local switching as it keeps a local MAC address Table
Nuno Ferreira
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide