Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1951
Views
2
Helpful
6
Replies

L3 to VSM to VEM tunnel protocol

Go to solution
Patrick Colbeck
Level 3
Level 3

‎02-07-2012 02:14 AM

Hi

In a L3 deployment what is the protocol that is used to tunnel the VSM to VEM control traffic ? I though it was GRE but I have seen several bits of dicumentation that state that it uses UDP 4785 where as GRE is IP protocol 47. Also is this birderectional or does the VSM alwasy open the connection as I need to get the firewall guys to open some holes for this.

Thanks

Pat

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mipetrin
Cisco Employee
Cisco Employee
In response to Patrick Colbeck

‎02-07-2012 02:52 AM

All that I am aware of is that Layer 3 mode will encapsulate the packet of the Layer 2 mode. This happens over UDP port 4785.

The VSM to VEM and VSM to VSM communication makes use of a proprietary low-level control protocol. Please note that these control messages are also encrypted.

Thanks,

Michael

View solution in original post

0 Helpful
6 Replies 6

Go to solution
mipetrin
Cisco Employee
Cisco Employee

‎02-07-2012 02:16 AM

Hi Pat,

Have a look at the following post:

https://supportforums.cisco.com/thread/2070391

Thanks,

Michael

Go to solution
Patrick Colbeck
Level 3
Level 3
In response to mipetrin

‎02-07-2012 02:26 AM

Thanks Michael, taht confirms the port numbers and that comms are biderectional. Out of interest though what is the tunnel between teh VSM and VEM is it a modified GRE running over UDP or is it something else ? Also is it encrypted at all ? (This deploymnet is for a large bank and I know their security guys are going to ask).

Pat

0 Helpful

Go to solution
mipetrin
Cisco Employee
Cisco Employee
In response to Patrick Colbeck

‎02-07-2012 02:52 AM

All that I am aware of is that Layer 3 mode will encapsulate the packet of the Layer 2 mode. This happens over UDP port 4785.

The VSM to VEM and VSM to VSM communication makes use of a proprietary low-level control protocol. Please note that these control messages are also encrypted.

Thanks,

Michael

0 Helpful

Go to solution
Patrick Colbeck
Level 3
Level 3
In response to mipetrin

‎02-07-2012 02:56 AM

Encrypted is good, it will make the security guys happy

Final question. Do the 1010s still make any use of the CTRL VLAN at all between themselves (eg for HA) when we have the VSMs in HA mode or do I simply need the management VLAN bewteen the 1010 pair ?

Thanks Michael.

0 Helpful

Go to solution
mipetrin
Cisco Employee
Cisco Employee
In response to Patrick Colbeck

‎02-07-2012 03:01 AM

Correct. The Nexus 1010's will make use of a control VLAN, as well, to communicate with each other, such as for redundancy purposes. Please read through the following post where I have discussed the differences between Nexus 1010 and Nexus 1000v VLANs.

https://supportforums.cisco.com/thread/2124261

Hope that helps

Thanks,

Michael

Go to solution
Patrick Colbeck
Level 3
Level 3
In response to mipetrin

‎02-07-2012 03:05 AM

Alles klar now Michael !

Many thanks

Pat

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents