Topics in Cumulus Networks┬« 1970-01-01T00:00:00Z 648 438 31 84 0 79 6771700 Does Cumulus Linux support the MSTP? 2018-03-19T13:56:00Z 2015-09-09T07:40:29Z Li Hongguang li_hongguang Does Cumulus Linux support the MSTP?<br />If it does, how to&nbsp;configure,&nbsp;manage,&nbsp;and&nbsp;monitor&nbsp;it?&nbsp; question 15 8 2 comment 7655483 evpn type 5 routes 2018-03-18T12:53:07Z 2017-12-27T16:43:43Z Vikram A vikram_a <img src="" title="Image https//d2r1vs3d9006apcloudfrontnet/s3_images/1686342/RackMultipart20171227-49394-1vz8h42-evpn-type_5_routes_inlinepng1514392700" /><br />I have setup bgp evpn peering between leaf1 and leaf4 in Cumulus VX&nbsp;, trying to get evpn type 5 routes exchanged for vrf RED ( followed the instructions as per "Announcing EVPN Type-5 Routes" from&nbsp;<a href="" rel="nofollow" target="_blank" title="Link https//docscumulusnetworkscom/display/DOCS/EthernetVirtualPrivateNetwork-EVPN"></a>&nbsp;).&nbsp;<br /><br />I couldn't get this to work,&nbsp; not sure if i have configured incorrectly.<br /><br /><br />Any help is appreciated.&nbsp;<br /><br />is there an option to upload the configs over here ? question pending 11 4 1 comment 7704546 NCLU: the need for declarative semantics 2018-03-16T13:28:28Z 2018-03-15T20:54:45Z Ryan Goodfellow ryan_goodfellow We make use of NCLU primarily through its Ansible module. Because NCLU currently only supports an operational model (e.g. add, delete) for modifying the state of the switch, it makes it difficult to create idempotent playbooks that are independent of current state. This is what makes Ansible modules like the iptables module so nice. We can declaratively specify the the state of a rule as either present or absent, so it does not matter how many times the playbook gets executed, we always land in the desired state.<br /><br />As a concrete example of a sticking point we currently have. Consider the following simple Ansible NCLU fragment<br /><pre>nclu:<br />&nbsp; commands:<br />&nbsp;&nbsp;&nbsp; - add interface swp1 bridge access 10<br />&nbsp;&nbsp;&nbsp; - add interface swp2 bridge access 10<br />´╗┐ - del interface swp3 bridge access 10<br />´╗┐ - del interface swp4 bridge access 10<br />&nbsp; atomic: true</pre><br />If that play gets run twice in a row it will fail because the bridge state is already set. What would be better would be to have something along the lines of the following.<br /><pre>nclu:<br />&nbsp; configs:<br />&nbsp;&nbsp;&nbsp; - interface swp1 bridge access 10&nbsp;&nbsp;&nbsp; <br /> - interface swp2 bridge access 10<br />&nbsp; state: present<br /><br />nclu:<br /> configs:<br /> - interface swp3 bridge access 10<br /> - interface swp4 bridge access 10<br /> state: absent</pre> idea 2 3 2 comment 7703163 ONIE Finds onie-installer on dhcp server, but does not install CL 2018-03-13T22:10:22Z 2018-03-13T17:31:40Z Troy MacDonald troy_macdonald_446ms2t0se6jv Working to set up a dhcp server to mass-install cumulus linux.&nbsp; Running tail -f /etc/httpd/logs/access_log, this is what I'm seeing:<br /><br /> - - [13/Mar/2018:13:25:31 -0400] "GET /onie-installer HTTP/1.1" 200 180724182 "-" "onie/1.0 (Linux-3.2.35-onie+master-201508292210.2.5.4-dirty; BusyBox-v1.20.2)"<br /> - - [13/Mar/2018:13:25:47 -0400] "GET /onie-installer.preseed HTTP/1.1" 404 220 "-" "cumulus-installer/1.0 (Linux-3.2.35-onie+; BusyBox-v1.20.2)"<br /> - - [13/Mar/2018:13:25:47 -0400] "GET /onie-installer.ztp HTTP/1.1" 404 216 "-" "cumulus-installer/1.0 (Linux-3.2.35-onie+; BusyBox-v1.20.2)"<br /><br /><br />Two switches on this closed network are pulling IPs and the default URL for the installer image, and the image as been placed in /var/www/html/ with a symlink created named "onie-installer" linked to the cumulus-linux.3.5.3-bcm-armel.bin file.&nbsp;&nbsp;<br /><br />Looks like the switches see and connect to the URL, but cannot find the .preseed and .ztp&nbsp; files needed to the installation actually started.&nbsp;&nbsp;<br /><br />made sure selinux and firewalld were disabled.<br /><br />the dhcpd.conf looks like this:<br /><br />subnet netmask {<br />&nbsp; &nbsp;range;<br />&nbsp; &nbsp;option routers;<br />&nbsp; &nbsp;option subnet-mask;<br />&nbsp; &nbsp;option default-url = "<a href=";" rel="nofollow" title="Link:;">"</a>;<br /><br />&nbsp; }<br /><br />What am I missing here? question 3 2 1 comment 7702946 Support for next-gen ASICs Broadcom Tomahawk 2/3 or Broadcom Trident 3 2018-03-13T15:41:32Z 2018-03-13T11:47:00Z Rainbow Dash sascha_frey Hi folks,<br />the Broadcom Tomahawk (1) does not support RIOT. Broadcom already released Tomahawk 2 and 3 ASICs as well as Trident 3. I can't find any switches with these ASICs available. Does somebody know when switches with these ASICs and Cumlulus Linux support will be released? question 2 3 1 comment 7702944 Production Cumulus VX 2018-03-13T14:16:30Z 2018-03-13T11:38:49Z Mark Hemsley mark_hemsley Are Cumulus going to release a production version of Cumulus VX? question 4 2 1 comment 7697185 SNMP bug in in Cumulus VX 3.5.1- all LAGs have same OperKey 2018-03-07T12:48:51Z 2018-03-02T23:30:24Z Oliver Gorwits oliver_gorwits The values for&nbsp;dot3adAggPortActorOperKey and&nbsp;dot3adAggActorOperKey are always the same, meaning that all LAG members map to a single master, regardless of which LAG they are within.<br /><br />For example in the&nbsp;cldemo-config-mlag sample topology, the leaf switch has three separate LAGs (peerlink, server1, server2) but the device returns the same ActorOperKey for all LAGs.<br /><br />The cause seems to be that in&nbsp;/usr/share/snmp/ the code is looking for attributes "actor_key" and "actor_port_key" which do not exist in the JSON output of&nbsp;/usr/share/snmp/showprocnetbonding.<br /><br />A solution is to use the following:<br /><ul><li>for&nbsp;dot3adAggActorOperKey use attribute "ifindex"</li><li>for&nbsp;dot3adAggPortActorOperKey use attribute "masterifindex"</li></ul>I have tested this patch and it works well. problem 5 3 1 comment 7699407 Cumulus Linux and Cumulus VX 3.5.3 now available! 2018-03-07T02:22:15Z 2018-03-07T02:22:15Z Pete B pete_b_7033546 Hi everyone,<br />We recently released Cumulus Linux and Cumulus VX version 3.5.3.&nbsp;<br /><br />If you're using Vagrant Cloud to get your Cumulus VX images, they're available at&nbsp;<a href="" rel="nofollow" target="_blank"></a><br /><br />The release notes for 3.5.3 have been updated:&nbsp;<a href="" rel="nofollow" title="Link:"></a> update 0 1 1 create 7695764 dynamic BGP Peering 2018-02-28T20:55:57Z 2018-02-28T20:10:48Z Ashwin Gopalan ashwin_gopalan Since which release is dynamic BGP peering supported ? question 1 2 1 comment 7678563 vrf and mgmt-vrf packages from Cumulus Networks 2018-02-27T21:32:47Z 2018-01-31T15:23:36Z Troy Kau troy_kau In reading through your tutorial related to VRF's (<a href="" rel="nofollow" target="_blank" title="Link http//schdws/hosted_files/ossna2017/fe/vrf-tutorial-osspdf"></a>)&nbsp;I've come to a point where I am having troubles getting services on a vrf&nbsp;and note that the article mentions vrf &amp; mgmt-vrf packages from Cumulus &amp; includes a link (<a href="" rel="nofollow" target="_blank" title="Link https//githubcom/CumulusNetworks/vrf"></a>) however there are not configuration files such that we could just pull the git repo and run 'configure', 'make' and then 'make install'.<br />Does that exist elsewhere/can you point me to other documentation that might get me past this point?<br />I am specifically to a point of switch services to @mgmt that fail due to missing files/directories (which are all auto-generated in Cumulus) thus I believe I'm missing something that is in the referenced package. This is on an Ubuntu host: 16.04 on 4.14 kernel with updated iproute2 and the ifupdown2 package that the above referenced tutorial suggested.&nbsp; question 11 2 1 comment 7694941 how to rate limite with Policer - bytes, packets...? 2018-02-27T17:47:18Z 2018-02-27T17:47:18Z Troy MacDonald troy_macdonald_446ms2t0se6jv Need to rate limit an interface to a range that is not withing the standard range of "link speed..." and I am&nbsp;trying to accomplish this with POLICER and ACLs.&nbsp;<br /><br />The documentation here:&nbsp;<a href="" rel="nofollow" target="_blank" title="Link https//docscumulusnetworkscom/display/DOCS/Netfilter-ACLs"></a>&nbsp;says that policer modes are either packets or kilobytes, but when it's configured/applied inside of iptables.&nbsp;&nbsp;<br />Now, configuring the same under NCLU, when you step out the command, the only mode option is packets.&nbsp;<br />Knowing that packets can vary in sizes, between IPv4, IPv6, protocol, playload, etc, how does one effectively utilize policer and acl's to rate limit a port?&nbsp;<br />By way of testing, I want to limit all traffic on a 10G trunk port to 100K (NOT production environement): and this is how want to accomplish this:<br /><br />policer-template 100K mode packet rate 13 burst 20<br />acl mac MAC-100Kb-RATE priority 10 police 100K source-mac any dest-mac any<br /><br />iface swp49<br />&nbsp; &nbsp;acl mac MAC-100Kb-RATE inbound<br />&nbsp; &nbsp;acl mac MAC-100Kb-RATE outbound<br /><br />here is the logic: if the units are KB we'd want 100/8 or 12.5 so round up to 13 to get to ~100Kbps<br /><br />really could use some deeper insight in how this is all broken down question 0 1 1 create 7670143 Cumulus VX 3.5.1 images available 2018-02-27T15:30:10Z 2018-01-18T01:10:26Z Pete B pete_b_7033546 Hi everyone, we released Cumulus Linux/Cumulus RMP/Cumulus VX 3.5.1 a little while ago. I just posted the Cumulus&nbsp;3.5.1 libvirt and VirtualBox images on Vagrant Cloud/Hashicorp: <a href="" rel="nofollow" title="Link:"></a> update 1 2 1 comment 7694685 Static VXLAN tunnel state 2018-02-27T09:51:18Z 2018-02-27T09:51:18Z Kostiantyn Fedorenko kostiantyn_fedorenko Hello!<br /><br />I am testing Cumulus static VXLAN configuration.<br />I use this guide -&nbsp;<a href="" rel="nofollow" target="_blank" title="Link https//docscumulusnetworkscom/display/DOCS/StaticVXLANTunnels"></a>.<br /><br />My config looks like this:<br /><br /><b>leaf1:</b><br /><pre>interface lo<br />&nbsp; address 1&#46;1&#46;1&#46;1/32<br />interface eth0<br />&nbsp; address dhcp<br />interface swp1<br />&nbsp; bridge-access 10<br />interface swp3<br />&nbsp; ipv6 nd ra-interval 10<br />&nbsp; no ipv6 nd suppress-ra<br />interface bridge<br />&nbsp; bridge-ports swp1 vni-10<br />&nbsp; bridge-vids 10<br />&nbsp; bridge-vlan-aware yes<br />interface vni-10<br />&nbsp; bridge-access 10<br />&nbsp; mstpctl-bpduguard yes<br />&nbsp; mstpctl-portbpdufilter yes<br />&nbsp; vxlan-id 10<br />&nbsp; vxlan-local-tunnelip 1&#46;1&#46;1&#46;1<br />&nbsp; vxlan-remoteip 4&#46;4&#46;4&#46;4 router bgp 65001 bgp router-id 1&#46;1&#46;1&#46;1 coalesce-time 1050 neighbor swp3 interface remote-as external address-family ipv4 unicast network 1&#46;1&#46;1&#46;1/32 neighbor swp3 soft-reconfiguration inbound</pre><b>spine1:</b><br /><pre>interface lo<br />&nbsp; address 2&#46;2&#46;2&#46;2/32<br />interface eth0<br />&nbsp; address dhcp<br />interface swp3<br />&nbsp; ipv6 nd ra-interval 10<br />&nbsp; no ipv6 nd suppress-ra<br />interface swp4<br />&nbsp; ipv6 nd ra-interval 10<br />&nbsp; no ipv6 nd suppress-ra<br /><br />router bgp 65000<br />&nbsp; bgp router-id 2&#46;2&#46;2&#46;2<br />&nbsp; coalesce-time 1100<br />&nbsp; neighbor swp3 interface remote-as external<br />&nbsp; neighbor swp4 interface remote-as external<br />&nbsp; address-family ipv4 unicast<br />&nbsp; &nbsp; network 2&#46;2&#46;2&#46;2/32<br />&nbsp; &nbsp; neighbor swp3 soft-reconfiguration inbound<br />&nbsp; &nbsp; neighbor swp4 soft-reconfiguration inbound</pre><br /><b>leaf2:</b><br /><pre>interface lo<br />&nbsp; address 4&#46;4&#46;4&#46;4/32<br />interface eth0<br />&nbsp; address dhcp<br />interface swp1<br />&nbsp; bridge-access 10<br />interface swp4<br />&nbsp; ipv6 nd ra-interval 10<br />&nbsp; no ipv6 nd suppress-ra<br />interface bridge<br />&nbsp; bridge-ports swp1 vni-10<br />&nbsp; bridge-vids 10<br />&nbsp; bridge-vlan-aware yes<br />interface vni-10<br />&nbsp; bridge-access 10<br />&nbsp; mstpctl-bpduguard yes<br />&nbsp; mstpctl-portbpdufilter yes<br />&nbsp; vxlan-id 10<br />&nbsp; vxlan-local-tunnelip 4&#46;4&#46;4&#46;4<br />&nbsp; vxlan-remoteip 1&#46;1&#46;1&#46;1<br /><br />router bgp 65004<br />&nbsp; bgp router-id 4&#46;4&#46;4&#46;4<br />&nbsp; coalesce-time 1100<br />&nbsp; neighbor swp4 interface remote-as external<br />&nbsp; address-family ipv4 unicast<br />&nbsp; &nbsp; network 4&#46;4&#46;4&#46;4/32<br />&nbsp; &nbsp; neighbor swp4 soft-reconfiguration inbound </pre>Topology works fine, but what I try to understand is how to track state of VXLAN tunnels?<br />I can see the VXLAN interface is up on <b>leaf1</b>:<br /><br /><pre>cumulus@cumulus:~$ net show interface | egrep "Name|vni"<br />&nbsp; &nbsp; &nbsp; &nbsp;Name&nbsp; &nbsp; Master&nbsp; &nbsp; Speed&nbsp; &nbsp; MTU&nbsp; &nbsp; Mode&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;Remote Host&nbsp; &nbsp; Remote Port&nbsp; &nbsp; Summary<br />UP&nbsp; &nbsp; &nbsp;vni-10&nbsp; bridge&nbsp; &nbsp; N/A&nbsp; &nbsp; &nbsp; 1500&nbsp; &nbsp;Access/L2</pre><br />But if I shut down VXLAN interface on <b>leaf2</b>&nbsp;I do not see anything that would indicate this on <b>leaf1</b>.&nbsp;<br />I understand that I can use for example EVPN where I can see remote endpoints for each VNI if they are accessible.<br />Is it possible for static VXLAN configuration to track the state of the tunnel?<br />Thank you! question 0 1 1 create 7693971 ansible - getting operational structured data from cumulus switch 2018-02-27T05:47:35Z 2018-02-26T08:16:10Z Reynold reynold_tabuena Hi all,<br /><br />I noticed that Cumulus Switch has a built-in JSON&nbsp;formatting in the NCLU <b>'net show'</b> command but how to use it using ansible to get an operational structured data? And also I tried using the <b>'</b><b class="">nclu</b><b>'</b> Network Module for example below;<br /><br /><b>- </b><b class="">nclu</b><b>:</b><br /><b>&nbsp; &nbsp; &nbsp;commands: show interface eth0 </b><b>json</b> <br /><br />But it did not return anything, maybe I just miss something there. but then when I use an ansible 'command' module for example&nbsp;below.<br /><br /><b>- command: net show interface eth0 </b><b class="">json</b><br /><br />It did return&nbsp;something but not a structured one.<br /><br />Thanks in advance. question 3 3 1 comment 7693104 "msg": "python2 bindings for rpm are needed for this module. python2 yum module is needed for this module" 2018-02-25T02:47:33Z 2018-02-24T09:30:04Z Paul Zhang paul_zhang When I execute an comman to install httpd&nbsp;via yum to some controlled agent, it failed and poping out with the errors as below:<br /><br />[root@localhost ansible]# ansible lab -m yum -a "name=bwm-ng state=present"&nbsp;<br /> | FAILED! =&gt; {<br />&nbsp; &nbsp; "changed": false,&nbsp;<br />&nbsp; &nbsp; "msg": "python2 bindings for rpm are needed for this module. python2 yum module is needed for this&nbsp; module"<br />}<br /> | FAILED! =&gt; {<br />&nbsp; &nbsp; "changed": false,&nbsp;<br />&nbsp; &nbsp; "msg": "python2 bindings for rpm are needed for this module. python2 yum module is needed for this&nbsp; module"<br />}<br />[root@localhost ansible]#&nbsp;<br /><br />Not sure if someone met this issue before?&nbsp; I am new to Ansible, forgive the entry level questions.&nbsp;<br /><br />Thanks&nbsp;<br />Paul&nbsp; question 1 2 1 comment