what did you learn today? (part 2)
- Thread starter continuum
- Start date
Migrating from a physical vCenter server to VCSA also requires a standard port.
Maybe I am weird, but I still prefer standard switches managed by host profiles to dvswitches. For me, the KISS philosophy is worth more than the extra features. I recognize that I give up private VLANS, etc, but I prefer a rock solid system over extra features I can get away with not using.
NIOC.
We share our uplinks between all services, and leverage NIOC to push vMotion to the bottom, VMs in the middle, and iSCSI on top.
dvSwitches pretty much "Just work".
We share our uplinks between all services, and leverage NIOC to push vMotion to the bottom, VMs in the middle, and iSCSI on top.
dvSwitches pretty much "Just work".
Dedicated for our BU? 0, but it's under my umbrella. The parent org as a whole has ~3-4.
dvSwitches are exceedingly simple, and provide huge benefits over standard switches. There is very little reason to buy E+ and not use them.
dvSwitches are exceedingly simple, and provide huge benefits over standard switches. There is very little reason to buy E+ and not use them.
I have two interfaces on each host (on different NICs) as a standard vSwitch for my VCSA. All the other ports are tied up in LACP bundles as the uplinks for my dvSwitches. My kingdom for a budget for 10G gear. So many fewer cables (currently 1x 10G, 9 GigE, 2 FC per host; the 1x 10G each is because I barely managed to beat a Netgear [ugh] out of the CFO for a vMotion backend).
LACP is almost never a good idea with dvSwitches. Simply set them to "route based on physical NIC load", which is another dvSwitch only option.
That when I pull up another users screen it automatically locks their PC. Makes troubleshooting an adventure.
What remote agent are you using? I know MS RDP does that unless it's a Windows remote help request. I remember Kaseya (from my time at a MSP) had the option to do so, but that was not the default.
Is there a failure condition or any guidance from VMWare on that? Just looking for examples. Since I can't get 10G gear in any reasonable time frame, anything I can do that will remove a failure point while improving performance is worth looking into.
We use Dameware. It has happened with remote support who use Citrix and one other that I don't remember. The only hit I find on Google is with someone who had the issue and used Teamviewer.
Rebooting did clear it up apparently.
I have me to cover the entire org while I'm also the manager and Windows server SME. I can't build anything that assumes someone else will know how to manage it. Also, we don't have E+ anywhere except our SoftLayer datacenter where we get 1 physical nic per box.
At the basic level dvSwitches are just as simple to set up as a standard switch, except less error prone because you don't have to manually ensure every network exists on every box with the exact same spelling.
dvSwitches *can* do much more than standards, but you don't have to use all the fancy functionality.
Anyone who can do standard switches can do dvSwitches.
dvSwitches *can* do much more than standards, but you don't have to use all the fancy functionality.
Anyone who can do standard switches can do dvSwitches.
Also note in 6.5 that you CANNOT have a dvswitch share the same name as the port group.
Yep. We use a pair of the onboard NICs (1G) for the management interfaces, and then everything else (guest, iscsi, vmotion) goes via the 10G/40G dvSwitches.
TIL one of our conference rooms has an unmanaged switch in the leg and some idiot decided to loop two of the table ports. Awesome.
TIL one of our conference rooms has an unmanaged switch in the leg and some idiot decided to loop two of the table ports. Awesome.
1. The 6500's ports are in portfast because these are supposed to be access/end user ports. I was unaware that there was an unmanaged switch.
2. Portfast or the lack of wouldn't help in this case, as the loop was created on the unmanaged switch, after the port was online and in forwarding (which is also why it didn't go into BPDUGuard). Once the port was cycled (shut/noshut) it basically then got stuck in err-disable since it would see it's own BPDU Frames.
We've talked to the offending user, and have a SG300-20 on order to replace the netgear.
2. Portfast or the lack of wouldn't help in this case, as the loop was created on the unmanaged switch, after the port was online and in forwarding (which is also why it didn't go into BPDUGuard). Once the port was cycled (shut/noshut) it basically then got stuck in err-disable since it would see it's own BPDU Frames.
We've talked to the offending user, and have a SG300-20 on order to replace the netgear.
Well, there was a cable that had only one end plugged in, and there was a port that was empty, so it must have fallen out and he helped because obviously that's where it goes
:facepalm:
Been there, done that (exact thing).
The table has 8 network jacks embedded in it, looks like someone got bored in a meeting.
https://i.imgur.com/Jy2eQur.jpg
Also in hunting this down I found out my linecards don't support broadcast suppression. *sigh*. I think we're going to try and budget for new 9k access switches next year.
https://i.imgur.com/Jy2eQur.jpg
Also in hunting this down I found out my linecards don't support broadcast suppression. *sigh*. I think we're going to try and budget for new 9k access switches next year.
I had the ADD CEO of a company do exactly that in a training room. He knocked out C row which was across from the room and on the same switch but BPDUGuard kept it from taking down the rest of the company. Luckily the CPU wasn't yet massively overloaded when I consoled in so I could ID the offending ports. We ended putting labels on all the training desk saying plug only into laptops (saving face for CEO).
Well, my next deployment will probably be dvswitches, but I've gotten a ton of mileage from pairs of 10Gbit nics with no storage traffic going over them. The next project will probably end up being a vsan pilot, so I'll have little choice at that point.
6148 instead of 6748?
6748 with DFC3C is all of $38 on eBay
Add another $30 or $40 for more RAM for the line card and you're sitting pretty.I can't wait until the DFC4 equipped line cards drop in value. Another year or 18 months oughta do it and then my lab gear at work will be humming along nicely.
Yup, good guess. It's not really that big of an issue, but annoying when it happens. Our parent org is likely going to pay or give us new Nexus 9k's, so I'm not too worried about the current solution.
One of my 6500's has 2 x WS-X6148X2-RJ-45 which I didn't even know was a thing before this job. They go to 2U port expanders and give 96 x 100Mb + PoE in 1 card slot.
One of my 6500's has 2 x WS-X6148X2-RJ-45 which I didn't even know was a thing before this job. They go to 2U port expanders and give 96 x 100Mb + PoE in 1 card slot.
Wow, that card is cool, both because of the port density (though the RJ21 card did the same AFAIR) but also because you can do the splitting at the wall plate. Being able to run two lines off of one switch port without active components and without running additional cable could be a major win in a lot of situations.
Offending user? I see no fault in the non-IT person. It's really all on the IT org who left this in place when it didn't need to be. It may have made the IT folk happy to talk down to someone with no reason to know any different, but the failing is having a network deployed in that config.
We're a goddamn internet security company. Your traffic goes through our boxes. This is our primary R&D facility. Not intentionally creating network loops shouldn't be a reach too far.
Internet security company can't set up their internal network to be resilient to that type of mistake? This isn't getting better
Yeah, I see loops from time to time on the last leg where end users sometimes fiddle with unmanaged switches. They're just not from much of technical background. No biggie at least from my standpoint (userwise) other than the aggravation of having to have a port cleared.
The real joy lies in investigating reports of equipment not functioning only to find out an engineer plugged a powerstrip back onto itself (any power port in a storm I suppose) and didn't realize it. That's a little bit outside the server room, granted, but I roam far and wide in my journies.
In .edu IT, it's often because it's a different fiefdom
The Media Services (A/V) group is under a different division/VP. Their stuff is essentially crap and they haven't kept up on maintenance or equipment replacements, so they have a horrible rep.
One of their "brilliant" schemes was to use small unmanaged switches everywhere with their gear, which is fine if it's on their own private network within each room and not connected to the rest of the network.
And then they tried to push that as being the campus network standard.
Uh, no.
TIL, the key to smooth transition from windows vCenter to VCSA is making sure the windows vCenter is solid and simple. Back before the upgrade to 6.0 (U3), I went through and cleaned up any/all extensions/plugins/WTF that were giving off error alerts in the GUI.
That included a non removable Nexus 1000v install.
While the migration took some time, everything went by the book. Woulda been faster on faster storage, but that's always how it goes.
That included a non removable Nexus 1000v install.
While the migration took some time, everything went by the book. Woulda been faster on faster storage, but that's always how it goes.
Do you have links to a doc on how to purge 1000v if it's been left as artifacts because I have one.
We just redid the A/V in our Main Meeting room and replaced all the Equipment with all IP based system. The AV Company was going to put in a dumb switch. So glad we decided to put in a managed switch since it connects back the Corporate Network for some remote access bits.
Same. I actually have to do NAT for a boardroom because all the gear is 192.168.1 on its own dumb switch. The switch got removed but we can't re ip everything without blowing it up or paying a bunch for reprogramming
I know that pain. One of the big issues I deal with is that whomever programmed our system pretended that the attached Cisco codec only supported one output even though the install team connected both outputs. I can go into the IP interface and convince the system to actually treat the Cisco codec as a dual-output device so that my users can actually keep self-view or the PC display during a conference...but if any user touches the mode select button, it goes back to pretending it's a single-display device and will only render a cloned display to both side-by-side screens.
And it's a 192.168 IP set for the AV system even though the codec's on the network.
That, and Cisco keeps assuming I want self-view on the primary screen by default.
Our 6.0u3 VCSA keeps giving password errors when we try to upgrade to 6.5u1?2? and we've had a ticket open with VMware for almost a month. It's been about as productive as you would expect. We can log in with the password we have, we can manage everything, but we can't run the upgrade.
And of course, on the more important production cluster, the whole thing went belly up.
Awesome sauce
Restoring from backups would be nice, but there are bits of the backup that ties into vCenter....
Chicken and Egg yo!
I'm tempted to just install fresh and import hosts. It's not like I need any historical data in this case.
Try resetting the SSO Administrator password to something else. I want to say I had a password issue on my upgrade.