|
Is all the traffic on one vlan? If it's spread around you can split the spanning-tree priorities upstream so that one uplink switch is the root for half the VLANs and the other switch the other half. This is taking a lot of assumptions though. There are other things to consider like downstream traffic & routing
|
# ? Jun 1, 2018 16:36 |
|
|
# ? Apr 18, 2024 18:50 |
|
MC-LAG or stop running a single topology spanning tree.
|
# ? Jun 1, 2018 16:45 |
|
mythicknight posted:I have an access switch stack that has a single link to two different core switches. My problem is it seems to be pushing all traffic up one link right now, and its saturated. Anything I can do to tell it to use both? Port channel wouldnt work I think since each link is going to a different device upstream. Not sure why we didn't run multiple links for each connection but here we are Maybe escalate to a network person.
|
# ? Jun 1, 2018 17:03 |
|
Sepist posted:Is all the traffic on one vlan? If it's spread around you can split the spanning-tree priorities upstream so that one uplink switch is the root for half the VLANs and the other switch the other half. Mainly on one vlan for this stack. Though this did put me on the path of checking the core switches spanning tree, and they are indeed set to have everything downstream funneled to one, which is then going across to the other core switch to get out the WAN. This seems horribly inefficient to me so I'm probably going to reprioritize the other core just for this floor's stack and see what happens. Either the stack link is the issue and it'll keep happening, or its the cross link upstream and this'll bypass that. Or things will explode. cheese-cube posted:
I happily would, but they are all on vacation It's just me and another guy, and we just do the UC/voip side of things. On one hand, this is a good learning experience. On the other this is terrifying.
|
# ? Jun 1, 2018 17:33 |
|
mythicknight posted:I have an access switch stack that has a single link to two different core switches. My problem is it seems to be pushing all traffic up one link right now, and its saturated. Anything I can do to tell it to use both? Port channel wouldnt work I think since each link is going to a different device upstream. Not sure why we didn't run multiple links for each connection but here we are tortilla_chip posted:MC-LAG or stop running a single topology spanning tree. Yep, this is a key limitation with STP and traditional L2 switching - redundant links get shut down, not used. If your switch and the two it's uplinking to support multi-channel link aggregation and they are also connected that could be an option, but that's really kind of a redesign. Otherwise you need to do a different redesign to push routing to your access layer and enable L3 ECMP or you need to just run some more links to your core switches.
|
# ? Jun 1, 2018 17:36 |
|
Yeah there's no trivial easy way to fix the issue as described. Best you can do is make the one saturated link bigger with a port channel. The other options are multiple spanning tree or using L3.
|
# ? Jun 1, 2018 18:02 |
|
If you aren’t comfortable with what you’re doing then do not gently caress with spanning tree settings, especially on a Friday.
|
# ? Jun 1, 2018 18:05 |
|
Thanks Ants posted:If you aren’t comfortable with what you’re doing then do not gently caress with spanning tree settings, especially on a Friday. ... Unless you enjoy working on Saturday.
|
# ? Jun 1, 2018 18:09 |
|
CrazyLittle posted:... Unless you enjoy working on Saturday. And get paid overtime...
|
# ? Jun 1, 2018 18:20 |
|
Yeah, after talking with our (IT) management we're just gonna leave it alone for now and wait out the user complaints till the whole team is here to take a look at it. If it gets to the point that someone wants something done now, we'll try reprioritizing that vlan to use the other core and see what happens. Longer term fix is adding more links going up to each core. Read a bit about MCLAG and it sounds nice, and might work on the equipment there. We already do it at another site with vPCs, so why we dont do it at the affected site is... Heres a horrible phone drawing to make more sense of it. Thanks for the tips all.
|
# ? Jun 1, 2018 18:41 |
|
Are C1 and C2 stacked or linked in some other way that makes them a virtual chassis or similar?
|
# ? Jun 1, 2018 18:43 |
|
Just a port channel between those boxes currently.
|
# ? Jun 1, 2018 18:45 |
|
What model switches are at your core? That will answer if you can do vPC/MC-LAG at all. Otherwise if the upstream links from the stack is your point of contention, the easy option is to stick a second cable in between C1 and the stack and then port channel it. Changing your root bridge wouldn't help if that's the problem. If you don't have the extra cabling because its far away and uses fiber or whatever, you could steal the cable going to the other core. Its a lovely non redundant design but if it saves you a week or two of big production issues then it may be worth doing. Ahdinko fucked around with this message at 23:08 on Jun 1, 2018 |
# ? Jun 1, 2018 22:59 |
|
Port channels do not load balance traffic - it is selected per an algorithm with on a lot of equipment isn’t adjustable . In some cases you can add 7 more cables and accomplish nothing .
|
# ? Jun 1, 2018 23:12 |
|
mythicknight posted:I have an access switch stack that has a single link to two different core switches. My problem is it seems to be pushing all traffic up one link right now, and its saturated. Anything I can do to tell it to use both? Port channel wouldnt work I think since each link is going to a different device upstream. Not sure why we didn't run multiple links for each connection but here we are As mentioned spanning-tree will be blocking one of the links and there isn't anything (practical) you can do about it. The least disruptive option is to convert each link into a portchannel (so one portchannel per switch) then add additional links as required. You'll still end up only using 50% of the capacity but at least it'll be 50% of a much bigger number.
|
# ? Jun 2, 2018 00:36 |
|
Partycat posted:Port channels do not load balance traffic - it is selected per an algorithm with on a lot of equipment isn’t adjustable . In some cases you can add 7 more cables and accomplish nothing . Even src-mac load balancing will help unless all the traffic on their access stack is from a single host. Plus i think 95% of cisco switches you can buy in the last 8+ years have adjustable load balancing Ahdinko fucked around with this message at 11:53 on Jun 2, 2018 |
# ? Jun 2, 2018 11:47 |
|
I'm load balancing across 3 different PTP radios, but like Ahdinko said if it's different connections it will load them across the port channel. It's really awesome for my needs since the radio I use can drop due to rain fade and interference, so I have redundancy and load balancing.
|
# ? Jun 2, 2018 23:06 |
|
Ahdinko posted:Even src-mac load balancing will help unless all the traffic on their access stack is from a single host. Plus i think 95% of cisco switches you can buy in the last 8+ years have adjustable load balancing Yeah maybe if it’s all Cisco IOS. And yeah in my experience in typical LAN access, 95% of traffic is host -> router and sticks to one link , which implies that it’s not src max out of the box
|
# ? Jun 3, 2018 00:14 |
|
cheese-cube posted:
|
# ? Jun 3, 2018 14:50 |
|
It's too bad this thread lends itself to a short title because this is my favorite Cisco "bug" I've discovered recently. https://quickview.cloudapps.cisco.com/quickview/bug/CSCuu29995 quote:However there is no Cisco Documentation stating this and so customers have a concern that this cannot be explained during security audits. Hence filing this Documentation defect to document this. I've certainly seen plenty of undocumented stuff but this is the first time I've seen documentation of a lack of documentation of an issue. tadashi fucked around with this message at 14:41 on Jun 5, 2018 |
# ? Jun 5, 2018 14:37 |
|
When I worked in TAC, my favorite bugs to file were doc bugs. "Hey, document A says this is supported in version X and document B says it's supported in version Y and document C says it doesn't work at all. Figure out which is right and correct the other two." Less fun was when the technical writer would come to me as a TAC engineer and ask me which one is correct. "I don't know, I was trying to find that answer when I crawled down this rabbit hole. Go find the developer who wrote it and ask him."
|
# ? Jun 5, 2018 15:14 |
|
That developer in India no longer exists.
|
# ? Jun 5, 2018 17:52 |
|
Never had that happen with an documentation bug, but it did happen for an actual bug once - it was for a relatively niche product and the whole team had been reassigned after it didn't take off, so the only person we could find connected to it was the director. He started out acting like he couldn't help us but once we said "look, the buck stops with Engineering - we will give the case to you if you can't find someone to help with it" we got what we needed.
|
# ? Jun 5, 2018 18:54 |
|
GreenNight posted:That developer in India no longer exists. "What, we fired him?" "No, he's just gone. Vanished off this plane to go to the great business unit in the sky."
|
# ? Jun 5, 2018 19:12 |
|
quote:ERROR: Long VLAN name knob is not enabled, vlan-name >32 char is not allowed. Had a laugh at this one.
|
# ? Jun 5, 2018 23:45 |
|
Look at the deferral notice for the half dozen recent issues of CE software for the telepresence endpoints. Someone put a Star Wars joke in it where a robot shows up and it says “May the Fourth” . That someone is probably now relatively fired. Oops.
|
# ? Jun 6, 2018 00:03 |
|
Anyone else going to Live next week?
|
# ? Jun 8, 2018 22:48 |
|
I'm skipping live this year, probably won't go until Vegas again
|
# ? Jun 9, 2018 13:57 |
|
Nope, holding out for Orlando. edit: Oops, this was Orlando. Guess I should have got on that. FatCow fucked around with this message at 02:23 on Jun 11, 2018 |
# ? Jun 9, 2018 18:42 |
|
Sepist posted:I'm skipping live this year, probably won't go until Vegas again Same here.
|
# ? Jun 9, 2018 23:31 |
|
Those free Meraki MS220-8P switches you get from watching a webinar, how much is the license after 3 years?
|
# ? Jun 19, 2018 18:58 |
|
https://www.cdw.com/product/Cisco-Meraki-Enterprise-subscription-license-1-switch/3067946
|
# ? Jun 19, 2018 19:06 |
|
Thanks. Not completely terrible but eh.
|
# ? Jun 19, 2018 19:07 |
|
The 3 year is $100 which was low enough to not with replacing it. https://m.cdw.com/product/Cisco-Meraki-Enterprise-subscription-license-1-switch/3059936
|
# ? Jun 21, 2018 05:19 |
|
Anyone else have fun with the massive fiber cut in the Secaucus, NJ area yesterday morning? Something like 2000+ fibers had to be respliced, work still ongoing.
|
# ? Jun 22, 2018 15:27 |
|
ate poo poo on live tv posted:Anyone else have fun with the massive fiber cut in the Secaucus, NJ area yesterday morning? Something like 2000+ fibers had to be respliced, work still ongoing. They just had that man hole fiber gently caress poo poo up in New York too.
|
# ? Jun 25, 2018 00:01 |
|
I had a JFK-ATL 10G wave down for almost a week due to that one.
|
# ? Jun 25, 2018 00:57 |
|
We have HP switches but I’ll ask here anyway. Previously some genius here set the network up as a /16 and used a scheme to organize groups of addresses. 10.1.5.x are workstations 10.1.100.x are printers 10.1.200.x are servers Etc Again no real subnets or routing just one flat network with about 200 devices on it. There are vlans for video cameras and public WiFi but they’re just used to split the switches up into different physical networks. Firewall is a Fortinet 100D. Now, 10.4.x.x is our IPSec connected office across the state. There’s a couple computers and a printer over there. We are installing a voip phone system and we need to create an actual subnet to put it on. So 100 phones plus the physical voice switch and some vm’s. I hired a local MSP to setup a new HP layer 3 switch (we have all 2530’s that are only L2), but the guy they sent over has ten years experience working at the local cable company and only been at the MSP three months and hasn’t seen to many goofed up small business networks. He’s too dense to understand how it’s setup and offer any real advice. Would setting up a /24 in the same ip scheme work at all? 10.1.99.x or something. It seems like that would be asking for trouble, mixing a 24 and 16 with the same possible ip’s I know the right answer is subnet this network before going any further. I asked if we could just make another /16 subnet like 10.10.x.x for all the voice stuff but they guy won’t shut up about packet storms. Bob Morales fucked around with this message at 09:53 on Jun 27, 2018 |
# ? Jun 27, 2018 09:51 |
|
It would be good practice to build subnets for voice that are aligned with a physical location. That could be a campus, building, or even floor or floor area depending on density. That will help a bunch with planning things like e911. It could be a /8 or worse if it was still compliant with that concept. If you take a class C out of your /16 and make it voice, as long as nothing outside of that block is talking directly to the voice devices it would work. Anything that does will try and communicate directly but will be replied to via the network gateway which will probably not work correctly. But yes you could do that probably if you’re careful, and subsequently segment addressing. What used to be a problem in the past (may still be) would be device ARP tables being small and easily flooded by too much poo poo talking to them on a segment - that would be a larger concern of mine than traffic storms with 100 hosts.
|
# ? Jun 27, 2018 10:09 |
|
|
# ? Apr 18, 2024 18:50 |
|
I think you can use proxy arp to do what you want, assuming the new switch supports that feature (I know fuckall about HP networking). That should take care of the overlap issue. edit: I don't recommend this approach, but I think it would technically work? http://www.practicalnetworking.net/series/arp/proxy-arp/ But having a big flat network sucks for a variety of reasons and you should really be asking this MSP for a quote to help you break it up into VLANs. Docjowles fucked around with this message at 14:31 on Jun 27, 2018 |
# ? Jun 27, 2018 13:27 |