Understanding Network Paths from SRE-V through host ISR

Version 1
    This document was generated from CDN thread

    Created by: Dave Williams on 28-06-2011 07:27:38 AM
    Hi,
    I have set up a 2951 with SRE-V module mainly following the Self Training guide but with reference to other associated Cisco docs too. I dont have an EWHIC fitted so I have configured a Layer 3 routed solution as per Section 3-3 of the Installation guide. My ISR is connected only loosly to my company network fabric - ie. it is not integrated with any routing discovery or suchlike - only a mgt interface NIC and the faceplate NIC on the ISR. Although I might get to persuade our IT dept but I dont currently have the ability to add external routes back into the ISR for my network infrastucture other than on closely connected PC's yet I want to talk to the box from elsehwere.
     
    Whilst it is notionally working I am left a little baffled by the resulting network topology.
    The salient excerpts from my setup are shown below. My issues/questions (as well as I can describe them with my current knowledge) are:
     
    A/ Should i have configured the SM IP and Console manager IP addresses in the 10.10.65.x subnet (as per my main ISR management address) or am I correct to give them addresses on a different subnet (10.1.20.x)? If so should I be adding routes maybe via another Gigabit NIC to integrate with my external network infrastructure. Currently they appear somewhat "isolated" from the outside world.
     
    B/ When installing the SRE-V I had problems with uploading the images via ftp. The system appeared to use source addresses in both the 10.1.20.x and 10.1.30.x ranges and I had to add routes for both subnets to my external PC on which the server was running to get the packets back to the SRE-V via the IOS mgt port on.10.10.65.x.
     
    C/ it appears that Vlan1 was set  up as a communuication path between SRE-V and the host ISR. Why do I get no Vlans configured when I do "show Vlans" on the ISR? Is it possible to add ports to that VLAn or is it meant to be private??
     
    D/ To get the VM's some connectivity I had to generate another virtual switch and use the RJ45 on the SRE faceplate to connect to another VLAN subnet within my lab setup. I could then add network adapters to the VM's and they grabbed DHCP addresses fine. Why cant I get connectivity via vmswitch0? It appears to be on the 10.10.30.x subnet. Is this related to question A\?
     
    E/ If I want to, say, create a VM containing a soft phone what setup would I need to use to connect it to the internal CUCME (which I have yet to set up). Presume I would need to create a Voice VLAN and route through somehow?
     
    I am sorry, I am a humble engineer with 40 years of general computer/networking experience - not a Cisco or IOS guru! Maybe I am missing something straight forward and you can point me in the right direction.
     
    Thanks
    Dave
     
     
     
     
    interface GigabitEthernet0/0
     description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$
     ip address 10.10.65.82 255.255.255.0
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/2
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface SM2/0
     ip address 10.1.20.1 255.255.255.0
     service-module ip address 10.1.20.2 255.255.255.0
     !Application: SRE-V Running on SMV
     service-module ip default-gateway 10.1.20.1
     service-module mgf ip address 10.1.30.2 255.255.255.0
    !
    interface SM2/1
     description Internal switch interface connected to Service Module
     switchport mode trunk
     no ip address
    interface Vlan1
     ip address 10.1.30.1 255.255.255.0
    !
    ip default-network 10.10.0.0
    ip route 10.10.0.0 255.255.0.0 10.10.65.1
     
     
    show vlans
    No Virtual LANs configured.
     
    On SRE Engine:
    se-10-1-20-2# show ip route
    Main Routing Table:
               DEST            GATE            MASK IFACE
        169.254.1.0         0.0.0.0   255.255.255.0 eth2
          10.1.20.0         0.0.0.0   255.255.255.0 eth0
            0.0.0.0       10.1.20.1         0.0.0.0 eth0
     
    On VSphere I have the following switches:
    Vswitch0: with Managerment Network (10.1.30.2) and VM's on guest side and vmnic2 (0.0.0.0) on host side
    ciscoSwitchLocal: connected to CiscoReservedLocal (169.254.1.1.) on client side and No adaptors on uplink
    ciscoSwitch: connected to CiscoReserved (no IP ) on client side and vmnic1 (10.1.20.1) on host side
    Vswitch1: with VM's on guest side and vmnic0 on host side (connected to another network on 10.10.64.x)  using the SRE faceplate NIC.

    Subject: RE: Understanding Network Paths from SRE-V through host ISR
    Replied by: Brett Tiller on 28-06-2011 05:45:39 PM
    Hi Dave,

    I've answered your questions below in the order provided.

    A.  The choice of creating a point-to-point connection via binding the SM 1/0 interface to your Gig0/0 interface via an ip unnumbered command or using a separate static route is strictly up to you.  Using the separate static route as you did provides more flexibility in that broadcasts are supported.  However, using a point-to-point connection saves an ip address and is typically easier to understand.  If you create a point-to-point connection you must also create an ip route to the interface as well referencing the service-module ip.

    B. When installing the SRE-V platform via the router, the ftp server must be able to ping the router, (obviously), as well as the service module.  I've been able to install the platform without the mgf interface being configured, so the only salient IPs for installation are the physical interface for the router and SM interface.   In short, I'm not sure why the mgf interface ip was referenced as a source ip during installation.

    C. In the SRE-V platform the vlan1 interface is a special interface used for mgf communication.  The command 'show vlans' only shows trunk sub-interfaces utilizing 802.1q encapsulation. The proper router command in this case to see the vlans is 'show vlan-switch'.

    D. Vswitch0 should work for VM packet transport without using the external SRE port.  We have not seen any issues with it.  Since you are not using other vlans the VMs should reside on the same subnet as vlan1.  In addition, make sure you have the mgf default gateway ip set up on this same subnet and that all interfaces are up.

    E.  You can pose the CUCME configuration question to our more general support community forum @ https://supportforums.cisco.com .

    Thanks,

    Brett