As far as I know, no. In general running the management plane inband is bad practice. This is specifically what the OOB mgmt0 link is for. CFS isnb�t just for vPC but AFAIK it purposefully runs on the OOB mgmt0 ports so that the data plane cannot affect it.
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
bmcgahan_at_INE.com<mailto:bmcgahan_at_INE.com>
Internetwork Expert, Inc.
http://www.INE.com<http://www.ine.com/>
From: David Bloom [mailto:dbsg13_at_yahoo.com]
Sent: Monday, July 28, 2014 9:03 PM
To: Brian McGahan
Cc: CCIE Study
Subject: RE: Nexus 7000 CFS and NTP/TACACS+
Right, I completely understand the need for a separate management switch for the keep alive using dual sups.
One thing that I can't find documentation on though is if cfs can only run over the keep alive interfaces, and thus is bound by vpc.
Say you had a large environment with many switches and each switch had a management vlan of 900, each with an svi in the same subnet. Is there a way to use the cfs applications over this vlan?
Case 1 where there are no vpc peers.
Case 2 where there are vpc peers.
I guess I'm asking if cfs can be used as simply an application distribution method, or it is only intended for vpc and as you say, we are allowed to ride on top of that as a convenience?
________________________________
From: Brian McGahan<mailto:bmcgahan_at_ine.com>
Sent: b�7/b�28/b�2014 8:31 PM
To: David Bloom<mailto:dbsg13_at_yahoo.com>
Cc: CCIE Study<mailto:ccielab_at_groupstudy.com>
Subject: Re: Nexus 7000 CFS and NTP/TACACS+
Just so you're aware though, this isn't a CFS issue, it's a vPC keepalive issue. CFS sync of applications like NTP is a convenience. CFS sync of vPC is necessary for the data plane.
There are certain failure situations your setup can't recover from during a supervisor switchover when the peer keepalive failure occurs.
These failures are also deemed Resume Generating Events (RGEs)
;)
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
bmcgahan_at_INE.com<mailto:bmcgahan_at_INE.com>
Internetwork Expert, Inc.
http://www.INE.com<http://www.ine.com/>
On Jul 28, 2014, at 4:02 PM, "David Bloom" <dbsg13_at_yahoo.com<mailto:dbsg13_at_yahoo.com>> wrote:
That is exactly what we planned to do when these roll out to production. For now, they are in the lab and we don't have the separate switches yet. We did purchase a separate small management switch per pair. We could hook these together though.
Thanks for the reply Brian.
________________________________
From: Brian McGahan<mailto:bmcgahan_at_ine.com>
Sent: b�7/b�28/b�2014 3:50 PM
To: david bloom<mailto:dbsg13_at_yahoo.com>; CCIE Study<mailto:ccielab_at_groupstudy.com>
Subject: RE: Nexus 7000 CFS and NTP/TACACS+
Plug the MGMT0 ports into a separate management switch and then they will all be CFS adjacent. You don't want to connect the mgmt ports back-to-back for vPC peer keepalive on 7K anyways. If your primary supervisor goes down the standby supervisor won't be vPC keepalive adjacent with the other side and the vPC can fail.
Brian McGahan, 4 x CCIE #8593 (R&S/SP/SC/DC), CCDE #2013::13
bmcgahan_at_INE.com<mailto:bmcgahan_at_INE.com>
Internetwork Expert, Inc.
http://www.INE.com
-----Original Message-----
From: nobody_at_groupstudy.com<mailto:nobody_at_groupstudy.com> [mailto:nobody_at_groupstudy.com] On Behalf Of david bloom
Sent: Sunday, July 27, 2014 4:18 PM
To: CCIE Study
Subject: Nexus 7000 CFS and NTP/TACACS+
Hello all,
I've been unable to find documentation on this regarding the specific vrf that cfs uses and if that can be changed for other services. I know that vPC uses CFS.
We have 10 Nexus 7K's, mix of 7700 and 7000s, configured in 5 vPC pairs. The vPC keep-alive is set up via management interfaces.
I'm trying to use CFS to distribute some applications such as NTP and TACACS+, however the distribution only gets from one peer to the other, it won't cross over to any other pairs.
When I run a show cfs peers, I
see the management IP's of the local pair devices. Is it possible to run CFS over the management VLAN interface so they can all peer with one master Nexus?
David
Blogs and organic groups at http://www.ccie.net
Received on Mon Jul 28 2014 - 21:21:01 ART