02-07-2012 02:14 AM
Hi
In a L3 deployment what is the protocol that is used to tunnel the VSM to VEM control traffic ? I though it was GRE but I have seen several bits of dicumentation that state that it uses UDP 4785 where as GRE is IP protocol 47. Also is this birderectional or does the VSM alwasy open the connection as I need to get the firewall guys to open some holes for this.
Thanks
Pat
Solved! Go to Solution.
02-07-2012 02:52 AM
All that I am aware of is that Layer 3 mode will encapsulate the packet of the Layer 2 mode. This happens over UDP port 4785.
The VSM to VEM and VSM to VSM communication makes use of a proprietary low-level control protocol. Please note that these control messages are also encrypted.
Thanks,
Michael
02-07-2012 02:16 AM
Hi Pat,
Have a look at the following post:
https://supportforums.cisco.com/thread/2070391
Thanks,
Michael
02-07-2012 02:26 AM
Thanks Michael, taht confirms the port numbers and that comms are biderectional. Out of interest though what is the tunnel between teh VSM and VEM is it a modified GRE running over UDP or is it something else ? Also is it encrypted at all ? (This deploymnet is for a large bank and I know their security guys are going to ask).
Pat
02-07-2012 02:52 AM
All that I am aware of is that Layer 3 mode will encapsulate the packet of the Layer 2 mode. This happens over UDP port 4785.
The VSM to VEM and VSM to VSM communication makes use of a proprietary low-level control protocol. Please note that these control messages are also encrypted.
Thanks,
Michael
02-07-2012 02:56 AM
Encrypted is good, it will make the security guys happy
Final question. Do the 1010s still make any use of the CTRL VLAN at all between themselves (eg for HA) when we have the VSMs in HA mode or do I simply need the management VLAN bewteen the 1010 pair ?
Thanks Michael.
02-07-2012 03:01 AM
Correct. The Nexus 1010's will make use of a control VLAN, as well, to communicate with each other, such as for redundancy purposes. Please read through the following post where I have discussed the differences between Nexus 1010 and Nexus 1000v VLANs.
https://supportforums.cisco.com/thread/2124261
Hope that helps
Thanks,
Michael
02-07-2012 03:05 AM
Alles klar now Michael !
Many thanks
Pat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide