Re: Layer 3 switching on single switch

NathanGau4996 · ‎08-15-2019

Hey guys, I'm not really a switching and routing expert, and I've been combing the internet looking for answers to what I suspect would be a simple problem for people who do this regularly, but I've had no luck so far.

I'm dealing with a couple of issues.

What I have is a NX 5548 switch with a daughter card to enable Layer 3. It also connected via FEX to an N2k switch for what that's worth since I have fiber cards on my servers.

I have 3 VLANS setup on said switch (vlan 1,2, and 3). I have a grand total of 2 physical servers (with about 8 VMs in total) and a couple more laptops connected to them. The servers are using teamed NICs and hyperV is running on both the servers and workstation (each workstation has 2 VMs). Trunking is enabled on the fiber ports for the servers, for what that's worth. Layer 3 switching is working for what that's worth, but there are a lot of dropped packets between the VLANs and (not sure it's related) I'm unable to relay DHCP addresses from a windows DHCP server (which sits on VLAN 1) to VLAN3.

What I've done so far:

feature dhcp

feature ip routing

feature interface-vlan

interface vlan 1

description servers

ip address 192.168.1.1/24

no shutdown

interface vlan 2 (note this only for when I need to connect to the internet, nothing is on this presently but it does periodically get used)

description internet

ip address 192.168.2.1/24

no shutdown

interface vlan 3

description workstations

ip address 192.168.3.1/24

no shutdown

ip dhcp relay address 192.168.1.10 <-- IP address of my Windows DHCP server.

I can, for what it's worth successfully ping between 1 and 3, but even ping -t is showing lag and occasional dropped packets. RDP across the VLANs is very slow, as is moving files between the workstations and servers. Within VLANs everything works fine. If I do a show interface of the specific ports connected to these VLANs, I'm seeing very slow through put in the statistics essentially confirming what I already know. DHCP to VLAN 3 does not work. I'm assuming at this point though that the problem is likely throughput related. Note that I've tried adding the broad cast address as dhcp relay as well. I'm using the default VRF with not much else configured.

I should note I'm a windows guy, so this is not something I've had to do a lot of. I'm assuming this is probably something simple that people who do this every day will catch, but I'm not seeing it. Any ideas as to why my throughput is bad and why DHCP isn't working?

superego · ‎08-15-2019

Can you enable IGP like OSPF?

NathanGau4996 · ‎08-16-2019

there are routing protocols I can turn on. I'm not in today, but I'll be in on Monday and will check. Question though, I thought that stuff was for if you were connecting a router. Are you saying I need some sort of routing protocol to make layer 3 work efficiently?

Side question, is it simply a matter of turning them on or is there some sort of configuration required?

superego · ‎08-16-2019

Reason why I ask if you can turn on some dynamic routing protocol just to see if the inter-vlan routing is not working properly.

If you can connect 2 test device like a laptop directly to 5k or 2k, assign to vlan 1 and vlan 3 and do connectivity test.

If this works with no issue then the issue will be is on how nexus switchport and windows is configured.

You mentioned that you did nic teaming, is nexus configured as port-channel or vpc facing the Windows server?

Can you show run-config of nexus? And if you can provide a simple diagram.

superego · ‎08-16-2019

For DHCP issue.

Can you provide the output of the CLI commands below from Nexus:

show running-config dhcp

show ip dhcp relay

NathanGau4996 · ‎08-19-2019

show run dhcp:

Version 7.2(3) N1(1)

feature dhcp

service dhcp

ip dhcp relay

interface Vlan3

ip dhcp relay address 192.168.1.10 (this is address of dhcp server that sits on Vlan 1)

Show IP DHCP Relay

DHCP relay service is enabled

Insertion of option 82 is disabled

option 82 suboption circuit ID customize is disabled

Insertion of VPN suboptions is disabled

Insertion of cisco suboptions is disabled

V4 Relay Source Address HSRP Globally disabed

Relay Source Address HSRP is enabled on the following interfaces

_____________________________________

Helper addresses are configured on the following interfaces:

Interface Relay Address VRF Name

_____________________________________

Vlan3 192.168.1.10

superego · ‎08-19-2019

DHCP config looks good.

Can you provide the output of "show ip dhcp snooping"

I checked NX-OS version you have 7.2(3) N1(1) and didn't see it in the downloads. Cisco might have removed it if it is not a stable version or is deferred.

Is it possible for you to upgrade to

7.3(5)N1(1)

Richard Burts · ‎08-19-2019

To back up slightly to the suggestion about enabling a routing protocol. Using a dynamic routing protocol is appropriate when you are making routing decisions to destinations that are remote and for which there might be more than one path to the destination. The advantage of the dynamic routing protocol is that it dynamically leans all available paths to the destination and chooses the best path. And it has the ability to respond to changes in the network, to remove forwarding paths that no longer are viable and to choose alternative paths toward the destination that will work. When you are routing between locally connected subnets (as is the situation described by the original poster) then a dynamic routing protocol will not make any difference.

HTH

Rick

HTH

Rick

NathanGau4996 · ‎08-19-2019

that's how I understand it, but I'm not the expert :)

So what would cause a delay on the same device simply going from one vlan to another? That move alone takes a ping from the standard <1mS to a minimum of 3, and usually more along with dropped packets. Moving a 500 MB file takes the better part of a day.

NathanGau4996 · ‎08-19-2019

I went ahead and upgraded the switch to the latest OS. It did not fix my problem. Packets between the vlans are still being dropped and DHCP still does not work:

sh ip dhcp snooping tells me snooping is enabled on vlan 3. Gives me the same things about option 82 that the other command did.

superego · ‎08-19-2019

Can you disable dhcp snooping globally? DHCP snooping validates DHCP messages received from untrusted sources and filters out invalid messages.

no ip dhcp snooping

superego · ‎08-19-2019

Can you provide the running-config? Just mask-out or delete username/password/community or anything you don't want to share.

NathanGau4996 · ‎08-20-2019

I appreciate your help. I'll get this posted today. It's a bit of a pain due to being in a disconnected space... that said, I'm already masking a bit. My CX uses a Class A, and I've posted generic private addresses... I doubt that makes a difference, but worth noting.

NathanGau4996 · ‎08-20-2019

Attached. Ignore the snooping stuff as I turned it off after running exporting the config

superego · ‎08-20-2019

I see "management" is configured in both interface vlan1 and interface vlan3.

Can you remove it?

interface vlan 1

no management

interface vlan 3

no management

The management VRF is for management purposes only.