Quanta LB6M (10GbE) -- Discussion

aero

Active Member
Apr 27, 2016
349
83
28
52
Keep up the good discussion with this vlan routing, I will be going through this shortly after I decommission my z9000 and set up my lb6m. One thing I am curious about is does this switch have dhcp helper address function? It took me two weeks to figure this out along with intervlan routing on a Cisco Nexus switch I was using so I could use 1 dhcp server to give out addresses to each vlan segment.i hope to not spend that much time this go around with the lb6m. Thank you.

Sent from my SM-N920T using Tapatalk
Why on earth would you replace a z9000 with lb6m? Please message me if you get rid of your z9000.
 

Sleyk

Your Friendly Knowledgable Helper and Techlover!
Mar 25, 2016
1,361
707
113
Stamford, CT
TCP/IP for dummies it is!
Think I will go with this one on Amazon instead:

Networking All-in-One For Dummies: Doug Lowe: 9781119154723: Amazon.com: Books

I was reading a few of the reviews and it seems like TCP/IP for dummies seems alittle dated as you mentioned Keoki. This one seems abit more of a recent all-rounder basics book for networking.

I already have alittle knowledge, and I know this book won't make me an expert in networking, but it should get me familiar with some more of the networking concepts I'm still not familiar with yet.
 

keoki

New Member
Jun 2, 2016
21
19
3
60
You cannot likely "dynamically" remove tags. However with Cisco equipment I can put one untagged vlan on a trunk port. This is a trick I have used to solve different problems, such as having a management network connection to a device on the same port as a trunk on a device that forces the use of $2500 SFP's just for a 1g connection... so they typically have 1 1g port for management, but if that port is fully configurable, I use it for both.

Another problem I solved this was was when we were using a carrier's managed ethernet service to connect two buildings. We saw weird problems that only affected specific packets. We think that the vendor was basically doing VLAN stacking, and our trunk was inside of a VLAN that the carrier used to seperate customers on their ethernet. Stacked vlans allow you to support 16 million vlans while observing the 4096 vlan limit. Carriers use this a lot, but I digress. One of our authentication protocols blasted an encrypted payload that could not get a critical packet through a stacked vlan. The solution was to map the one vlan carrying that payload to the one untagged vlan on the port.

The untagged vlan on a trunk port I have heard called the "native" vlan, but I don't know if that is an official term, or just local jargon. I think this is also known as the pvid.

Many (most?) devices can't do vlan tagging, so the usual thing to do is simply put them on a port in access mode. Some devices require a special firmware load, or at least a poorly documented configuration. Most enterprise systems support vlans on some level, but may have limitations. Under linux, for example, you use sub-interfaces which usually have a limit of 255 subinterfaces. A limit usually bypassed for linux based systems controlling enterprise network appliances like switches. I think the bypass comes from not using subinterfaces, and just tracking the vlans directly in the network port driver. But now I'm just screaming like godzilla... ;)

I just racked my switches up, I had to pull out two old servers from my home rack, I had not used them in a long time, and it was time for them to GO. Two very capable boat anchors. But I have not started the configuration, so I can't "see" your problem yet.

Ideas to solve a problem are rarely stupid.

To directly answer your question, many devices allow you to do a full trunk that includes ALL of your vlans, and a separate pvid for your vlan bypass purpose.

But if your SAN does not support vlans you should not be connecting it to a trunk port. So I'm not sure why you have this problem, unless all ports must be trunk ports. Most trunk ports support vlan filters, and probably pvid's too. So in that case, I would limit the trunk to one vlan that was either not connected to anything, or even shut down. then I would use the pvid to connect the port to the vlan you have for your SAN.

I'll be figuring out how to do all of this soon, but not today. Right now all of my windows machines in the office don't have 10g yet, and the cables to reach my wife's office has not yet arrived. She has a desktop with big storage, and a video editing system with fast SSD, so two valid machines for 10g connections to the home SAN. The 20 meter cables needed for those runs has not yet arrived, won't be here for a couple weeks, I'm guessing Amazon is shipping them out of China, based on the price I got.

I think the most I will get done this weekend is to get my NAS/SAN machines moved off the toy switches and onto the big iron, and to get one of them on 10g. The other does not have the slots for 10g, so I need to replace the motherboard with something heaftier... it's a shame, it was a sweet board for a low power 36 drive NAS but with the mini itx form factor, only the hard drive controller has a slot. I guess they aren't officially SAN's till I have iscsi mounts feeding vmware... All in good time. Basically I have dozens of systems, most are off... I'm re-spinning the home network to be a smaller stack of vmware systems, and my stand-alone FreeNAS systems.

But that means that today and tonight I will be working on the configuration, hoping I don't hit any snags. There are ALWAYS snags...;)
 

keoki

New Member
Jun 2, 2016
21
19
3
60
Think I will go with this one on Amazon instead:

Networking All-in-One For Dummies: Doug Lowe: 9781119154723: Amazon.com: Books

I was reading a few of the reviews and it seems like TCP/IP for dummies seems alittle dated as you mentioned Keoki. This one seems abit more of a recent all-rounder basics book for networking.

I already have alittle knowledge, and I know this book won't make me an expert in networking, but it should get me familiar with some more of the networking concepts I'm still not familiar with yet.
Sounds like a great plan... a lot has changed. And TCP/IP is very dated in the context of IPv6...
 

keoki

New Member
Jun 2, 2016
21
19
3
60
Let's say I have 192.168.10.0/24 on VLAN 3 designated for traffic between hosts and SAN (192.168.10.3). If I hook the SAN to port 0/1, can I route VLAN3 tagged traffic with destination 192.168.10.3 to port 0/1 and add the VLAN3 tag to all traffic coming out of port 0/1? Would that allow machines on VLAN3 to communicate with the SAN that isn't on VLAN3? How would I go about doing this? Forgive me if it sounds stupid
Yes, basically most systems configured for IP are not configured to handle VLAN tags. So for those systems we set the ports to be in access mode, rather than trunking mode. In this case you want VLAN 3, so you make the access ports members of vlan3 that are connected to the SAN and the machines that use the SAN. In the case of SAN ports, assuming your SAN has a management port on a seperate vlan, and no non-SAN traffic exists on vlan 3, then vlan 3 does not need any IP address in the switches and routers. You don't /have/ to isolate your SAN VLAN, but it is a common practice to keep that vlan free of broadcasts, malware probes, and other traffic not associates with the SAN. My SAN has dual 10G nic ports, so I can set one 10g port for iSCSI mounts only, and the other can be the NFS , CIFS and other services. Of course if you only have the 1 10G nic port, you can do all of these services over the same port. But it is up to you how you do this... it depends on where you have the most traffic and need the most performance, or where you are the most sensitive to latency. iSCSI is a low latency service (usually), while NFS and CIFS have a lot of protocol latency and chatter, so while you can't make NFS much faster, but you can try and keep it from slowing down your iSCSI. But the quality of my advice here really depends on what you are trying to do.
 

Sleyk

Your Friendly Knowledgable Helper and Techlover!
Mar 25, 2016
1,361
707
113
Stamford, CT
Keoki my friend, you sure do write alot! I think its great though! So much to read and learn!

If at all possible, please continue to hang around this thread as you seem very knowledgeable about networking along with the other guys here. I would be very grateful to learn and ask questions of you, and from all the other experts here. We are glad to have you here, and you come in a great time to add your experience to the pool of people here as we continue figure out this switch!
 

revyve

New Member
Jun 11, 2016
6
0
1
43
So been playing around with this switch but wondering if anyone had any luck configuring anything multicast on this yet snooping or otherwise... thanks,
 

PigLover

Moderator
Jan 26, 2011
3,084
1,399
113
True multicast or IGMP snooping support for hosts doing multicast?

IGMP snooping works perfectly.

Sent from my SM-G925V using Tapatalk
 

axemann

New Member
Jul 7, 2013
25
3
3
Not to derail the multicast questions, but is there any way to set the time zone on the '6M? I have SNTP configured but didn't find a way to config the time zone...


Sent from my iPad using Tapatalk
 

revyve

New Member
Jun 11, 2016
6
0
1
43
True multicast or IGMP snooping support for hosts doing multicast?

IGMP snooping works perfectly.

Sent from my SM-G925V using Tapatalk
Yeah just saw the snooping working which makes happy, but hoping for true multicast support? can't find the commands to see
 

Terry Kennedy

Well-Known Member
Jun 25, 2015
1,123
574
113
New York City
www.glaver.org
Not to derail the multicast questions, but is there any way to set the time zone on the '6M? I have SNTP configured but didn't find a way to config the time zone...
On a different brand of switch running the same software:

Code:
sntp unicast client enable
sntp server aaa.bbb.ccc.ddd
clock summer-time recurring USA zone "EDT"
clock timezone -5 minutes 0 zone "EST"
 

axemann

New Member
Jul 7, 2013
25
3
3
On a different brand of switch running the same software:

Code:
sntp unicast client enable
sntp server aaa.bbb.ccc.ddd
clock summer-time recurring USA zone "EDT"
clock timezone -5 minutes 0 zone "EST"
Thanks Terry, I'll give that a shot here shortly...


Sent from my iPad using Tapatalk
 

axemann

New Member
Jul 7, 2013
25
3
3
Thanks @Terry Kennedy for the kick in the right direction. :)

I was able to set the default timezone to CDT using your last command, and once I fixed an issue with the SNTP server I was trying to contact (I switched servers), my time and timezone are showing correctly using 'show clock detail' (although summer time is still showing disabled).

According to the switch, it wants the command to set DST in this format:

clock summer-time recurring {<week> <day> <month> <hh:mm> <week> <day> <month> <hh:mm>} [offset <offset>] [zone <acronym>]

I was able to get it set by using the following:

clock summer-time recurring 2 Sun Mar 02:00 2 Sun Nov 02:00 zone "CDT"

Notice that the above doesn't include the 'offset <offset>' value, as the switch would not accept anything I fed it for that setting.

I had some initial issues figuring out exactly what it wanted with respect to <day> and <month> (I thought it wanted the actual numeric date and month), but with some fiddling I finally got it to work.

Hope this helps any folks out there with time/timezone issues (or OCD like me). :D
 
  • Like
Reactions: Sleyk

Sleyk

Your Friendly Knowledgable Helper and Techlover!
Mar 25, 2016
1,361
707
113
Stamford, CT
Thanks for the tidbit of info Axeman and Terry. Can prove useful to someone looking for that bit of information. I actually never wanted to set my clock before, now that you posted the commands, my OCD is kicking in...
 
  • Like
Reactions: axemann

keoki

New Member
Jun 2, 2016
21
19
3
60
So I hit a big snag... Heat! Everything but a laptop, and the parts needed to get Internet running are off right now, as I let the room cool back down. My office doesn't have enough HVAC for the equipment in here. On first glance, it was easy to point the finger at the two new switches that I was bringing on-line, but once I started doing measurements, I realized the largest issue was the second FreeNAS system, the new switches just pushed me over the tipping point. I can't run this much heat load in this room. I can probably get away with moving the new FreeNAS system into my wife's office, as her office is an open-air room with plenty of open ceiling space to flow the heat out, and there is a much larger cooling register in there... My wife just complained that the house is too warm, and I see the house is 3 degrees warmer that it should be, based on the thermostat setting. So clearly my over-heat problem is more complex than turning on two large switches, but I'm not going to be able to go much father for the moment.

After having the freenas systems off for a few hours, the room is cooled off again...

But with regard to bringing up the network itself, the management port ever came up, it is set to use DHCP by default, and that failed to do anything.

(FASTPATH Routing) #show serviceport

Interface Status............................... Up
IP Address..................................... 0.0.0.0
Subnet Mask.................................... 0.0.0.0
Default Gateway................................ 0.0.0.0
Configured IPv4 Protocol....................... DHCP
Burned In MAC Address.......................... 08:9E:01:17:96:8C

I think I saw some talk about that earlier in the thread...

But the trunking from my netgear switch to the Cisco and to the 6M is all functional, and the "home" vlan IP on the 6m is pingable, so in general I had no problems getting the 6m running. I can telnet into the IP on the vlan port, so clearly I don't /need/ the management port. My telnet is passing through every bit of my network stack... Wireless router, to the firewall switch, to the netgear switch to the Cisco to the 6m...

I have not configured snmp yet, nor ssh, so I can't say the management configuration is done by a long shot, but that is all secondary. I also need to go tweak the idle timeouts on my terminal sessions, it is constantly logging me off... but that is pretty normal.

But the bottom line is I hit no real snags. everything "just worked". When things "just work" I feel like I didn't learn anything. It was a bit more simple than configuring a Cisco, but not by much. The command line is different from the Cisco, but close enough that it all felt pretty easy. The context help was more useful than the manuals. The manuals mostly didn't have the right commands for the things I was looking up, so the context help was the main source of documentation I found to be useful.

I'm not doing any multicast here at home, so the temptation to dig into that isn't very strong. At the office I have multicast configured for IPTV head-end simulation, but I have no nead for streaming multicast at home... All of my home IPTV is from Plex, Directv, or o0ne of the many OTT video sources, and all of that is unicast.
 
  • Like
Reactions: PGlover and Chuntzu

keoki

New Member
Jun 2, 2016
21
19
3
60
actually just found stuff under configure# set igmp
Happy day!
So I can't resist asking... What are you using multicast for? Do you have a uverse connection, or doing security video feeds or something? I'm intrigued by what you might be doing. At the office I have a bank of video streams that feed several TV headend simulations in the lab, but I don't hear a lot of people talking about multicast so I'm curious...
 
  • Like
Reactions: Chuntzu

Chuntzu

Active Member
Jun 30, 2013
383
98
28
So I can't resist asking... What are you using multicast for? Do you have a uverse connection, or doing security video feeds or something? I'm intrigued by what you might be doing. At the office I have a bank of video streams that feed several TV headend simulations in the lab, but I don't hear a lot of people talking about multicast so I'm curious...
I was curious as well.

Sent from my SM-N920T using Tapatalk
 

josh

Active Member
Oct 21, 2013
611
181
43
But the trunking from my netgear switch to the Cisco and to the 6M is all functional, and the "home" vlan IP on the 6m is pingable, so in general I had no problems getting the 6m running. I can telnet into the IP on the vlan port, so clearly I don't /need/ the management port. My telnet is passing through every bit of my network stack... Wireless router, to the firewall switch, to the netgear switch to the Cisco to the 6m...
How did you manage to trunk to the 6m? Can't find the switchport mode trunk option.

Also, if anyone would like to help with some weird routing issues over the 6m it would be great. I'm having problems accessing the internet from machines on the LAN after placing a pfsense box in between the 6m and the edgerouter. I've disabled the firewall on the pfsense just to make sure it wasn't the firewall blocking stuff.

Routes have been set up:
ER:
1. 192.168.5.0/24 -> x.x.x.14 (pfsense WAN ip)
pfsense:
1. 192.168.5.0/24 -> 172.16.1.2 (6m LAN ip)
2. 0.0.0.0 -> x.x.x.1 (gateway of ER, same subnet as pfsense WAN ip)
6m:
1. 0.0.0.0 -> 172.16.1.1 (pfsense LAN ip)
2. 192.168.5.0/24 is a VLAN with routing enabled

Running traceroute to a 192.168.5.x machine from the switch turns up 0.0.0.0 as the first hop. But pinging the same machine from the switch turns up successful.
Pinging from the 192.168.5.x machine is only successful up to 172.16.1.2 (6m LAN ip). Seems like the packet is getting lost between the 6m and the pfsense box.
Traceroute works fine from 6m to 192.168.2.x machine. Which doesn't really make sense as the only difference is 192.168.2.0/24 is the default VLAN. Why is the 6m routing 192.168.5.0/24 through the default gateway when there's a clear route set up as seen in the routing table?

Route table from 6m:
Code:
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
       B - BGP Derived, IA - OSPF Inter Area
       E1 - OSPF External Type 1, E2 - OSPF External Type 2
       N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2

S      0.0.0.0/0 [1/0] via 172.16.1.1,   13h:27m:59s,  0/28
C      172.16.1.0/24 [0/1] directly connected,   0/28
C      192.168.2.0/24 [0/1] directly connected,   2/1
C      192.168.5.0/24 [0/1] directly connected,   2/2
 

keoki

New Member
Jun 2, 2016
21
19
3
60
Basically what I discovered is that all ports are trunk ports. If a port is unconfigured, it appears to be a trunk port still. any thing I did, seemed to leave the port as a trunk port. But I could, in theory, at least control the VLANs by either including, or excluding specific vlans or ranges of vlans... except that doesn't seem to work.

So I have vlan1 by default (one of the reasons most network people never use vlan 1) and I added vlan 100 and 200. I put an IP on VLAN 100.

I started trying different configuration statements, while I was running a ping "from afar", and nothing would stop the pings, including "vlan participation exclude 100" on the port I was using for trunking.

I did notice it adds config lines for you sometimes, for example if I exclude 1,100, it added the line "vlan tagging 200" to the interface, but my pings to vlan 100 continue to run on that port. I deleted all config, causing the port to disappear from the config, and my pings continued...

If you are a network specialist, you realize this is crazy insecure, and on a big network would probably take the network down with broadcast storms. But it will run some fast ethernet to my san and other servers.

I tried a command to set vlan tagging for all ports but one, the 1-4093 range, and it complained once for every valid vlan.

So early on I thought it assumed vlan tagging by simply using "vlan participation exclude/include vlan#" but when I started testing the exclude/include function it fell short of showing that they did anything.

I did not test every possible configuration, but as far as I can tell, it will trunk on every port for every vlan that is defined, unless the port is in the shutdown state. The only real control was setting the PVID, which sets the untagged vlan for the port.

This switch with the software that is on it, it for a trusted network. A trusted network that has some smart devices in places to prevent one big broadcast storm. This is the trunking version of a really dumb switch... at least until we find some proper software to install.

So to sum it up, to trunk a set of vlans, the vlans must be defined in the switch, and the port must not be shut down. If those are true, it is a trunk port.

Now I didn't test ALL possible commands. I tried several, and they appeared to just simply work, but when I tried to un-do the commands, trunking continued to work, no matter what. The only thing I appeared to be able to steer is what vlan it would trip for access mode traffic.

The software is crap, as far as I can tell. Pretty buttons that mostly don't do anything. And I tried rebooting a few times, just to be sure I was really running the new config, including the blank config.

The software I have, anyway, appears to be demo level software that only lets the broadcom chips do default things. As if it is a framework of commandline stubs, with none of them actually implemented. It is like a baby's toy car console, it has a steering wheel, a horn, some buttons that go click, but none of it does much.

I think the command line is mostly stubs, with very little code behind it. Some input validation, and a whole bunch of things on the to-do list for a programmer. I think we know why Amazon is dumping these... It is a 10g busybox (not to be confused with the software package with the same name).

So if you are looking for a software feature, don't get excited just because you found the commands you think you need, there is a good chance the commands don't do anything. Vlan tag stripping for the PVID seems to be the only feature implemented besides shutdown. The chips just do whatever they do by default.

Now I need to find some real software to load on this thing.

FYI I'm running this:
System Description............................. Quanta LB6M, 1.2.0.14, Linux
2.6.21.7


"Look at me mommy!!! I'm configuring a big switch all by myself, and it actually works!!! I'm a big admin now!"
 
Last edited:
  • Like
Reactions: qamaro and Fritz