Question

vdx-6740 NOS - logical chassis & fabric-virtual-gateway

  • 26 March 2019
  • 4 replies
  • 943 views

hi eveyone,

I' have a two-switch VCS and a fabric-virtual-gateway on it.
When I ssh to that fabric-virtual-gateway's IP I sometimes(I think) get this:
code:
 %Error: This operation is not supported from a secondary node  

while trying to configure something.

My question - how can I ensure that when I ssh as above I get to land on the primary/master node?

many thanks, P.

4 replies

Hi Pawel,

FVG is more for data traffic, to act as the gateway for hosts on the subnets and I don't think you can use it reliably for any TCP/UDP communication, where is has to be source or destination. Instead you could use "vcs virtual ip address" to have a management IP address, which will follow the principal switch in VCS.

Many thanks,
Sargis
The error you got is because the ssh session lands on a non-principal switch due to some principal switchover event, such as previous principal node had failed and switch to the other node. So your ssh to the management IP of the principal (previous principal) and it is no longer the principal switch for entering configuration. You can double check with sh vcs before enter in configuration mode to avoid the error msg.
As mentioned by Sargis, you take advantage of the "vcs virtual-ip" feature.
The virtual IP address should be configured on the same subnet as the management interface IP
address. It should not be a duplicate to any management IP addresses of the switches in the VCS cluster.
When the virtual IP address is configured, at principal switch, for the first time, the address is assigned to the
principal switch in global mode. You can then access the principal switch through the management port IP address or the virtual IP address. The virtual IP configuration is global in nature. All the nodes in the fabric will be configured with the same virtual IP address, but the address is always bound to the current Principal
switch.
Thus, if you ssh to this vcs virtual-ip, it guarantees that you land on the principal node to do your management of the VCS cluster.
In case of vdx-6740 - are mgmt ifaces exclusively rj-45 ports and it's not possible to have it on sfp ports?
And if it's not then is it possible via sfp ports (vlans + routing) to get to the mgmt interface (though then this would defeat the purpose of mgmg inface I guess)?

I understand that "vcs virtual-ip" cannot be part of a vlan.

many thanks, P.
Hi Pawel,

You should be able to do the following

code:
sw0(config)# do sh run rb int ve 10 
rbridge-id 3
interface Ve 10
ip proxy-arp
ip address 10.10.10.3/24
no shutdown
!
!
sw0(config)# do sh run vcs
vcs virtual ip address 10.10.10.10/24 inband interface ve 10


Many thanks,
Sargis

Reply