vethx inteface support speed after bonding

hi, all

I have a DD6300, i have already configured veth0 – it’s bonded two eth3a, eth3c – they connect over fiber cable to SW Cisco 4500, two ports 10gb uplink,

On Sw Cisco 4500 : port-chanel up, BW 20 Gb/s



But my veth0 only 10Gb/s

Interface Name:

veth0

Auto Negotiate:

Disabled

Hardware Address:

00:60:16:85:22:c8

Duplex:

Full

Cable:

Fiber

Speed:

10 Gb/s

MTU:

1500

Supported Speeds:

10000

Any problem with my config, everybody help me to solve it ?

Here is my configuration :

lv@dd6300-backup# net show settings

port enabled state DHCP IP address netmask type additional setting

/prefix length

—– ——- ——- —- ————————– ————– —- ——————————-

ethMa yes running no 10.36.202.15 255.255.255.0 n/a

fe80::260:16ff:fe86:c7c6** /64

eth3a yes running n/a n/a n/a n/a bonded to veth0

eth3b no down no n/a n/a n/a

eth3c yes running n/a n/a n/a n/a bonded to veth0

eth3d no down no n/a n/a n/a

veth0 yes running no 10.36.202.16 255.255.255.0 n/a lacp hash xor-L2L3: eth3a,eth3c

fe80::260:16ff:fe85:22c8** /64

—– ——- ——- —- ————————– ————– —- ——————————-

** auto_generated IPv6 address

Thanks !

Related:

  • No Related Posts

Disaster Recovery options for QRadar

Hi Community!

I’ve read the entire QRadar SIEM High Availibility Guide for 7.3.1 and am still struggling to design a disaster recovery solution to our QRadar systems(two 3105 All in One). I’ve also read different topics on this subject with very good explanations by JonathanPechtaIBM.

We are looking for a solution which offers **almost no dataloss** in case of failure of site A. Yes..We have a Site A and a Site B.

There are three DR deployment scenarios according to the HA Guide.
Option1: Primary QRadar Console and backup console
Option2: Event and flow forwarding
Option3: Distributing the same events and flows to the primary and secondary sites.

**Option1** depicts the console failover in a scenario where I would have a hot console and a cold standby. In case of failure, I have to manually start the cold console, change the ip and apply the backup of the failed machine. In this scenario there is NO DATA SYNC. I have to restore data manually. In case my first machine gets restored, I must copy the delta data manually to the primary. Data can be lost during the failover period. Therefore, this option is discarded.

**Option2:** Event and flow forwarding. I have similar deployments on both sites. Both are active. Events and Flows have to be forwarded from the first system to the secondary system using:
A) off-site targets (configured under System and License Management)
B) routing rules.: There are two modes: Online and Offline. and are configured under “Forwarding Destinations” and “Routing Rules” .. (There is a very good explanation here: https://www.ibm.com/developerworks/community/forums/html/topic?id=b8be5e81-d1ed-452b-bf55-7659f78684fb)

Online mode uses best effort, which can cause data loss if there is no communication between sending and listening devices. Therefore, it is discarded.

Offline mode sends the data after being written to disk and there is a sync-delay of about >1 minute due to ariel writing data every minute. No data is lost because the offline process uses bookmarks to keep track of the last sent data. This seems to be a good method for fulfilling my requirements.

**[Question1]**: What is the difference between off-site targets and routing rules using the offline mode? If there is none, why there are the two options?

In the guide it also says on page 33 “Periodically, use the content management tool to update content from the primary QRadar to the secondary”.

**[Question2]**: What can be understood unter “content” in this sentence? Apps, DSMs? In general content that is not available in the backup file?

It is also mentioned on page 33 “In the case of a failure at site 1, you can use a high-availiability (HA) Deployment to trigger an automatic failover”.

**[Question3]:** In this case, one should be aware of the latency limitation between the two sites. Moreover, it is not anymore necessary to forwarding events and flows using one of both methods mentioned above, right?

**[Question4]**: Using routing rules and “online” modes it is possible to drop the data and bypass the CRE after being forwarded. What are the use cases for that? A system would send events to Qradar and we would like to forward some of them to another system, but not want to store them on Qradar?or let CRE test some of them but just store them for logging reasons?

**Option3**: Distributing the same events and flows to the primary and secondary sites

In this scenario I have a load balancer or another similar component which is reponsible for sending data to both sites. If Site A fails, Site B it is still active. Both components have different IP Addresses and it is not necessary to either forward data nor to backup or restore any data. This seems to be the most expensive option, because both sites should have similar architectures and there is the load balancer.

**[Question5]**: The load balancer represents a Single Point of Failured (SPOF) and should be therefore planned redundant? According to picture 3 on page 37, all data is sent to a Load balancer on site 1. What happens if it fails?

I know that if a whole site fails, I have more things to worry about than logging, but I would like to go through all the methods.

to sum up. The method to be chosen should be option2 with offline mode, right?

Thank you in advance

ps: This video: https://www-01.ibm.com/support/docview.wss?uid=swg21997652
provides a wrong definition at 0:27. it says “in **online** mode all data is stored in the database and then forwarded”. This is wrong, right?

Regards,

Bruno

Related:

  • No Related Posts

Case Manager Support for TLS v1.2

After upgrading Case Manager from 5.2.1 FP3 to FP4 we are not able to connect TLS v1.2 compatible F5 URL from the following components.But at the same time we are able to successfully connect while calling direct hostname.
1. From Code module to CPE F5 Load Balancer URL
2. During Solution Deployment to map F5 Load Balancer for WebService
3. EDS to APP F5 Load Balancer URL
4. FileNet Config Manager to ICN/ICM F5 Load Balancer URL
5. FileNet Deployment Manager to CPE F5 Load Balancer URL

Could somebody please confirm if

For TLSv1.2, this is not a protocol that is completely supported with ICM 5.2.1.x configuration tool. Full support of TLSv1.2 with the configuration tool was added in ICM 5.3.

Related:

  • No Related Posts

7022474: How to configure “external” network in network.json

Define an “external” network in network.json according to “Custom Network Configuration, Providing Access to External Networks” chapter in SUSE OpenStack Cloud 7 Deployment Guide.

“external” : {

“add_bridge” : false,

“vlan” : XXX,

“ranges” : {

“host” : {

“start” : “192.168.150.1”,

“end” : “192.168.150.254”

}

},

“broadcast” : “192.168.150.255”,

“netmask” : “255.255.255.0”,

“conduit” : “intf1”,

“subnet” : “192.168.150.0”,

“use_vlan” : true

}

To have this “external” network before configuring barclamps use ‘crowbarctl’ command for a particular node.

On admin node:

#crowbarctl network interface enable default d52-54-00-63-a1-01.example.com external

#crowbarctl network hostip allocate default d52-54-00-63-a1-01.example.com external host

Then on d52-54-00-63-a1-01.example.com:

#systemctl restart chef-client.service

Afterwards configure iscsi initiator on the nodes. Deploy pacemaker, rabbitmq and database barclamps.

Related:

  • No Related Posts

how to create domain based network hierarchy in QRadar ?

Hi Everyone,

We are using QRadar 7.3 and we are planning to create multiple domains to facilitate multi tenancy management.
I know that it is possible to group several log sources into a single domain. But what can we do if one subnet is shared between two domains ?

So I am asking if there is a way to create and assign one network hierarchy to a specific domain

Related:

  • No Related Posts

Not able to connect to the API/APIC/Datapower gateway consoles from Docker Toolbox

Hello everyone,
I have installed the Docker toolbox with API Connect.
I started all the components individually and below is the output:

$ docker-compose ps

Name Command State Ports

apim /tini — /startup.sh Up

datapower /start.sh Up 443/tcp

esmaster /docker-entrypoint.sh /bin … Up 9200/tcp, 9300/tcp

ibmlogstash /bin/sh -c /startup.sh Up

ibmportal /root/tini — /root/start_ … Up

make-ssh-keys /bin/sh -c /genkey.sh Exit 0

microservice /bin/sh -c /usr/bin/app.sh … Up 8080/tcp

nginx /bin/sh -c /run.sh Up 0.0.0.0:443->443/tcp, 80/tcp

I have also edited the /etc/hosts file with the following:
192.1**.*.* apim ibmportal datapower microservice

However, I am still not able to connect to any of the the consoles (apic/apim not datapower).

which ip do I have to mention in the /etc/hosts file ? (I gave the ip v4 for the virtualbox which I got from the ipconfig command).

Please throw some light here from your experiences, not sure what am I doing wrong.

Thanks in Advance!

Related:

  • No Related Posts

ShareFile Firewall Configuration and IP Address

Related:

  • No Related Posts

Isilon Mgmt pool configuration

Hi,

Can some one help me to configure new Mgmt pool under different subnet.

I want to release the IP’s from the existing MGMT pool and move the IP’s to NFS pool, so that I can configure Dynamic failover as there are not enough IP’s in the subnet and I dont want to configure New NFS and move the existing data to new pool as its hectic process and needs more downtime

We have 8 node cluster and the current NFS pool has 11 IP’s, so if I release the IP’s from MGMT pool it will have 22 IP’ which would be practically enough for NFS to have smooth dynamic failover.

Do we need to modify the interface from network side to use a new VLAN, as i just want to use mgmt pool a different subnet?

Related:

  • No Related Posts

Clearing Health Check state

I need a solution

One of the forwarding hosts defined in our ProxySG does not respod to the health check. I have set the health check to disabled unhealthy but the Global Health Status of the proxy is still Warning.
How do I clear the warning state, all active health checks are green?

Also I am not able to remove a forwarding group even though I have removed all references in the policy and removed all forwarding hosts from the group. The error message just tell me “cannot delete a group now in use by policy”. The health check for the group is at least OK since the forwarding group is empty (no hosts).

0

1512643203

Related:

  • No Related Posts

7007165: ifconfig shows dropped rx packets

Care should be taken to confirm that frames are not being legitimately dropped. A quick way to test this (WARNING: this test does not work for bonding interfaces) is to force the NIC into promiscuous mode:

host:~# ifconfig <interface> promisc

And then watching the rx_dropped counter. If it stops incrementing while the NIC is in promiscuous mode; then it is more than likely showing drops because of the reasons listed earlier. If frames continue to be shown as dropped, investigation should take place to determine root cause.

Many administrators find it useful to perform performance testing on their interfaces to see if the alleged drops are hurting actual performance. Using a tool like iperf can help determine if your interfaces are performing near to their advertised speed.

This effect is seen starting from SLES 11 SP2, as it utilizes a 3.x kernel series. Previous SLES versions do not exhibit it (that are using kernels prior to 2.6.37)

Additional information can be found by researching commit # caf586e5

Please also note, for an active/backup bond setup it is common that the inactive device drops all packages.

Related:

  • No Related Posts