Spanning-tree root switch determination

STP, RSTP and MSTP are well known solutions for both loop detection and redundancy. Spanning-tree will determine the root switch and from that point it will calculate the link cost to the device. After the determination of the shortest path it will disable the more costly paths.

But this won’t always result in the best network topology. So how is this root switch appointed? Root switches are chosen because of two things their priority settings and after that who has the lowest MAC-address. This is why if you just let it determine the paths it won’t always be the best topology.

HP ProCurve (and maybe also other) switches are configured with the default priority 8. This way when you enable STP on them they just look at the lowest MAC-address. To optimize the topology you might want to set the priority of your main switch lower as the default priority (8). This way your switch is chosen as root switch and all paths are calculated from there.

The way to change the priority on HP ProCurve switches from CLI goes as follows:

[hostname]#config
[hostname](config)#spanning-tree priority [n]
[hostname](config)#write mem

[n] can be anything from 0 to 15. 0 being the highest priority and 15 being the lowest.

Beacon probing resulting in excessive broadcasts

Not so long ago I posted a link to a VMWare blog in which beacon probing was demystified. This article stated that you only should use beacon probing when there is no link state tracking on the physical switches and you could consider beacon probing as a nice software solution for replacing it.

Well we’ve got our ESX environment set up by a local supplier and they advised us to use beacon probing instead of link state tracking. But for some reason beginning from that moment I got major events from my ProCurve switches stating excessive broadcasts. This wasn’t often, but especially during peak hours I was getting this notification.

When I started sniffing the network packets on the uplink of the switches I noticed what kind of packets it were. It was an almost continuous flow of RARP packets coming from the ESX servers. RARP packets are meant as MAC address table updates for switches. This way when a node is suddenly available on a different MAC address the switch already knows the new path. This is also what happens when a virtual switch detects a link is not functional. It will switch the uplink and notify the switches. When beacon probing isn’t working as expected ESX constantly thinks the uplink isn’t functional so it is constantly switching the uplink and as a result constantly sending out RARP packets.

While you can define both the notify switches parameter and the network failure detection, it isn’t good to just put notify switches to ‘No’. This way the failover is still constantly changing uplinks and this can result in errors (in my case timeouts with TFTP). The real problem was the failure detection. Beacon probing for some reason just didn’t work in our environment. When I changed the failure detection to ‘Link Status only’ all the RARP packets disappeared and my excessive broadcasts were gone.

In my case just link status only is sufficient, but I can imagine there are cases where you would want to use beacon probing. If you enable beacon probing and this results in excessive broadcasts (or just more broadcasts) I do advise to look if you could find those RARP packets. This can indicate that beacon probing is just not working correctly in your environment.

I want to thank Scott Lowe for giving me a push in the right direction.

Windows Server 2008 DHCP server assigns broadcast adresses

Not long ago we expanded the range of our network segments. This meant reconfiguring our DHCP server to assign IP addresses using the new ranges. While normally if you configure a 255.255.255.0 segment it isn’t possible to set the address range to x.x.x.0 to x.x.x.255. Those x.x.x.0 and x.x.x.255 addresses are normally used for broadcast messages and so they can’t be assigned.

Now when we wanted to set the ranges to 255.255.252.0 the address ranges got expanded from x.x.x.1 to x.x.x+3.254. However we couldn’t select x.x.x.0 or x.x.x+3.255 to be within the range, but we could select the range to be from x.x.x.1 to x.x.x+3.254. Since Windows DHCP server was smart enough to not include the broadcast addresses in the 255.255.255.0 mask I thought it wouldn’t assign the broadcast addresses in the 255.255.252.0 range either.

However when I looked at the DHCP leases it was assigning those addresses to computers. Addresses like x.x.x.255 or x.x.x+1.0 were assigned to computers making them not able to use the network as it should. So what I did was add every x.x.x+[1,2,3].0 and x.x.x+[0,1,2].255 within the range to the exclusion list and deleted the leases from the DHCP server. This way those broadcast addresses wouldn’t be assigned to workstations and the network connections would work perfectly again.

Standard ESX networking tasks from command line (Part 2)

In part 1 I covered some NIC operations from command line. In part 2 I will cover some standard virtual switch tasks like adding and deleting a virtual switch and making and configuring PortGroups. So here goes for virtual switch operations…

Listing all virtual switches

esxcfg-vswitch -l

This commands gives you a list of all the configured virtual switches with their PortGroups and connected uplinks. Further more a lot of properties are shown about the vSwitches and PortGroups. For vSwitches it shows among other things the name, the uplinks, the number of used ports and the number of configured ports. For PortGroups it shows the PortGroup name, VLAN ID and uplinks.

Add a virtual switch called ‘TestSwitch1′

It’s really simple to add a virtual switch to an ESX server. You simply use the following command:

esxcfg-vswitch -a TestSwitch1

This creates a virtual switch with the name ‘TestSwitch1′. It still has no PortGroups and it has been set with the default amount of configured ports (64). To see all the properties use the command provided earlier to list the virtual switches. If you want to specify the number of configured ports you can use the following command:

esxcfg-vswitch -a TestSwitch1:16

This gives you a virtual switch named ‘TestSwitch1′ with 16 configured ports.

(more…)

Standard ESX networking tasks from command line (Part 1)

As I was looking around in the command line interface (which is pretty new for me) I came around the esxcfg- command set. In particular the commands to manage the NIC’s (part 1) and the vSwitches (part 2) raised my interest. I decided to explore a bit further and write down how to do some standard actions. So here goes for NIC operations…

Listing all NIC’s

esxcfg-nics -l

This commands gives you a nice list of all the available NIC’s and all their properties. Those properties include name, link, speed, duplex and description.

Setting a specific link speed and duplexity of a NIC

The thing I want to do here is set my ‘vmnic3′ (the name I got from my previous command) to a speed of 100Mbps and I want to set it to full duplex. The command to do this is:

esxcfg-nics -s 100 -d full vmnic3

The ‘-s’ parameter defines the speed. This parameter can hold the values 10, 100, 1000 and 10000 respectively defining the speed to 10Mbps, 100Mbps, 1000Mbps and 10000Mbps.

The ‘-d’ parameter defines the duplexity. This parameter can hold the value ‘full’ for full duplex and ‘half’ for half duplex.

Setting link speed and duplexity of a NIC to automatic detection

To set my ‘vmnic3′ back to automatic detection I use the following command:

esxcfg-nics -a vmnic3

The ‘-a’ parameter simply sets the link speed and duplexity of the NIC back to automatic.

I hope this was useful to someone. At least I got better understanding and a little reminder for myself how to do these things. In part 2 I will cover some standard networking tasks considering virtual switches using the command esxcfg-vswitch.

Switch meshing ProCurve switches unless…

… you are using those switches for routing. Great so the only option for improving my networking environment for load balancing my ESX environment was crushed by these two HP documents: Switch Meshing and LAN Aggregation Through Switch Meshing.

Apparently there is a whole list of requirements for switch meshing. This list is most clearly defined in Switch Meshing (starting from page to 5 and ending at page 7). Just a short beginning of the list:

• A meshed switch can have some ports in the meshed domain and other ports outside the meshed domain. That is, ports within the meshed domain must be configured for meshing, while ports outside the meshed domain must not be configured for meshing.
• Meshed links must be point-to-point switch links.
• On any switch, all meshed ports belong to the same mesh domain.
• A switch can have up to 24 meshed ports.
• A mesh domain can include up to 12 switches.
• Up to five inter-switch, meshed hops are allowed in the path connecting two nodes through a switch mesh domain. A path of six or more meshed hops between two nodes is unusable. However, in most mesh topologies, there would normally be a shorter path available, and paths of five hops or fewer through the same mesh will continue to operate.
• ….

I have four HP ProCurve 5300 series switches and they all do routing. Switch meshing was my only option left after exploring NIC teaming articles from Scott Lowe and Lukas Kubin. Those articles describe perfectly how you could do NIC teaming and VLAN trunking on one ProCurve switch, but not how to do it with two of them. After some searching the only option to accomplish what I wanted was a HP patented technique called switch meshing.

So this is not an article explaining how to configure switch meshing for use with ESX, but to warn people for all the requirements. If your environment complies with all the requirements made for switch meshing the two documents named above will do sufficiently as far as it goes how to configure and what switch meshing exactly is.

If I ever end up in an environment where I am able to configure switch meshing I will certainly post how I did it. During my search for what switch meshing was I found out about another technology called XRRP. With that technology at least I can make a really good failover for my gateways, but later more on that.

Beacon probing explained

I was browsing through the VMWare blogs and I ran into the VMWare networking blog. They posted a really nice article about when to use beacon probing. Although it was already posted on the 10th of december I thought it was worth mentioning.

Beaconing is one of those features that often confuses even the most experienced networking admin.

Shudong Zhou, one of our senior engineers, recently posted an entry on the internal blog explaining how it works and how you might use it. He gave me permission to cut and paste his entry. Here it is …

Read the rest of the article here at the VMWare Networking Blog

There’s no place like ::1!

My girlfriend and I want to buy a new doormat, but never I would have imagined that she would suggest it would be a doormat with the text “There’s no place like 127.0.0.1″. A lot of people in IT know the phrase “There’s no place like 127.0.0.1″, but “There’s no place like ::1″ isn’t that common yet. ::1 is the IPv6 equivalent of 127.0.0.1 which is the IPv4 address for localhost or as meant in the saying “home”.

A quick search on the internet for ”There’s no place like ::1″ didn’t turn up any doormats or any other merchandise, but i’m sure it will appear someday. So I will probably settle for a doormat with “There’s no place like 127.0.0.1″ for now, but when IPv6 becomes widely accepted I also want a doormat that is IPv6 compatible.

P.S.: Because of the doormat my interest in IPv6 grew again and I surely will post more about that later.