"Default" vrf context for ntp, syslog on N1k/N5k

Manuel Muetsch · ‎06-13-2012

Hi,

regarding the configuration of ntp/syslog within a vrf context I have a problem.

I have one N1k and several N5k with the following system versions:

Several N5k:

System version: 5.1(3)N1(1)

One N1k:

system: version 4.2(1)SV1(5.1)

On both are two vrf instances configured: default, management

But in use is only the management vrf context.

Only within the vrf management context is a default route configured.

N1k# show vrf all

VRF-Name VRF-ID State Reason

default 1 Up --

management 2 Up --

N1k# show ip route vrf all

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

IP Route Table for VRF "management"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

0.0.0.0/0, ubest/mbest: 1/0

*via X.X.X.X, mgmt0, [1/0], 04:38:22, static

X.X.X.X/X, ubest/mbest: 1/0, attached

*via X.X.X.X, mgmt0, [0/0], 04:38:23, direct

X.X.X.X/X, ubest/mbest: 1/0, attached

*via

X.X.X.X, mgmt0, [0/0], 04:38:23, local

I configured on the N1k system message logging to a syslog server without using a vrf context.

(config)#logging server X.X.X.X 6

As you can see the syslog server isn't assigned to any vrf context.

BUT, it's working!

N1k# show logging server

Logging server: enabled

{X.X.X.X}

server severity: information

server facility: local7

server VRF:

I read a lot through configuration guides and in common they say, the nexus should use the default vrf context if not else specified.

The N5k instead obviously uses the management vrf context as a default for the configured syslog server.

N5k# show logging server

Logging server: enabled

{X.X.X.X}

server severity: information

server facility: local7

server VRF: management

So I suppose the N1k is also using the management vrf context as a default for the configured syslog server but does not show it.

Even in the running-config of both N1k and N5k the use-vrf parameter is missing.

N1k# show run | i logging

logging server X.X.X.X 6

N5k# show run | i logging

logging server X.X.X.X 6

Now it get's weird.

When I configure a syslog server with the parameter "use-vrf" on both N1k and N5k sometimes the nexus does not include the use-vrf parameter in its running-config:

(config)#logging server X.X.X.X 6 use-vrf management

N1k# show run | i logging

logging server X.X.X.X 6

Repetition and reconfiguration does not work.

Furthermore the vrf context "management" will not be offered via tab.

You have to write it out.

-----------------------------------------------------------

With NTP its the same, with the difference that the vrf context "management" will be offered as a value of the parameter "use-vrf".

So the question is:

Which NX-OS features use per default the management vrf context?

If you need any more information don't hesitate to ask.

Thanks in advance.

Manuel

krun_shah · ‎06-16-2012

Nexus 1000v is layer 2 switch so it might be possible that it only uses default vrf. You may find that any connectivity to an ip host on nexus 1000v Is reachable via default and management vrf BOTH. I find same thing while copying file from tftp ftp or scp server. server is reachable via both default and management vrf.

However, nexus 5500 is not just layer 2 it is layer 3 capable so you can define and use multiple vrf.

Sent from Cisco Technical Support iPhone App

tiwang · ‎06-18-2012

Please remember that some of us still are using nx 5000 - which is solely L2 - where the newer nx 5500 also is L3 capable.

I am observing the same problems with our nx 5000 as described here. We have a setup with 8 nx5k's which will stay alive for some years still.

If you have found the correct way to define a syslog server on a nx5k (nx5000 - not nx5500) couldn't you please try to show us a simple sample?

Best regards /ti

Manuel Muetsch · ‎09-28-2012

Well I don't know if it is the official correct way but the following works on all four Nexus5010 because we just use the management vrf:

logging server X.X.X.X 6 use-vrf management

On three Nexus5010 the running config looks like the following output:

logging server X.X.X.X 6 use-vrf management

But on the last Nexus5010:

logging server X.X.X.X 6

As I already wrote out, all of them using the same NX-OS version.

tiwang · ‎09-28-2012

hi again

thanks for the note - I have done some similar but there are still some issues - f.ex try to send a tac-pac to a tftp-server from these boxes - as far as I can see I cannot define the default vrf as the management vrf - hereby will f.ex this application not be able to copy to a remote tftp-server but we have to store it locally first and then copy the file afterwards (so we need to have space on the local filesystem ;-)

cheers ti