02-07-2013 09:36 PM
Let me first say that I'm almost ashamed to post such a novice question. I've read the manuals, but I must be missing something(s). I'm so desperate, I'll draw some ASCII art at midnight.
+--------+ eth0 +------------+ (u)82 +-----------+
| |--------| ICX6430 |---------| | lag +------+ lag
| host | +------------+ | VDX6720 |=======| MLXe |======> Site
| |-------------------------------| |=======| |======> Core
+--------+ eth2 (u)182 +-----------+ +------+
The host is connected through the two separate switches to a single MLX router. (The ICX handles my 1Gb connection, the VDX my 10Gb connection.) eth0 is 10.12.82.10/24; eth2 is 10.12.182.10/24.
The port-channel on the VDX6720 is set to allow VLANs 82 and182. The MLX lag to the VDX uses ports e 1/1 and e 1/2; both ports are tagged with VLAN 82 and 182.
Host can ping from 10.12.82.10 -> 10.12.82.1 on the MLX
Host can ping from 10.12.182.10 -> 10.12.182.1 on the MLX
This tells me that all the switch connections are good, that VLAN tagging is happening, and that the traffic is crossing the LAG to the MLX.
Host can ping/traceroute out to an external IP, say 184.108.40.206, through eth2.
What doesn't work:
Host cannot ping/traceroute out to an external IP, say 220.127.116.11, through eth0.
Also, if I use a test workstation on the WAN side of the router, I get different results when I traceroute to 10.12.82.10 and 10.12.182.10. Both traces go through the router's external address. The last visible IP seen while tracing to 10.12.82.10 shows the router's external address, then nothing else (* * *). If I traceroute to 10.12.182.10, I see the router's external address, then "10.12.182.10 !X". I understand the !X means that the traffic has been administratively disallowed, but I have no idea how that would have happened. There are no ACLs on any of this equipment.
Any ideas? I'd really appreciate any help you could give me.
02-08-2013 12:33 PM
The diagram you show above is going to give you async routing to the host at the left. The host at the left has some sort of default route (either 0.0.0.0/0 to 10.12.182.1 or default gateway of 10.12.182.1). The means that when traffic is going to any outside subnet it will pass over the eht0 interface and go to the MLX router over vlan 182. Unless you have another route on the host that specifies the next hop peer as 10.12.82.1 all external traffic will stay on the 182 subnet.
Not sure why you would want to do what you describe above right now. You have indicated that eth2 is a 10Gb interface - why not use that for all traffic? I assume you have both vlan 82 and 182 tagged on the LAG going from the VDX to the MLX device.
02-13-2013 11:56 AM
This is just a quick gentle reminder in regards to the response you received from danderson on ‘Newbie question about multiple vlans on a lag’. If you are satisfied with the answer, could you please mind marking the ‘Correct Answer’ which is right at the bottom of danderson’s reply?
02-13-2013 05:19 PM
as danderson mentioned you probably have asymmstric routing in your setup. This *could* be a problem if you have RPF enabled on the host or on the MLX. I would check this and the IP Default Gateway config on your host.
02-14-2013 03:11 AM
You were exactly right. I was asked to set the servers up that way, but it was a mistake. We're now using eth0 exclusively for IPMI and eth2 for WAN connectivity. There's no problem with this setup. Thank you so much!