Ok, this one takes a bit of explaining so here goes.
My company is in the middle of a Token Ring/Ethernet Migration and as part of this we are converting our servers to Ethernet. Each server currently has a Token Ring card as it's primary and an Ethernet card to connect to our backup devices on a seperate LAN. No problem so far everything is working.
We are upgrading by installing another Ethernet card for a primary connection, and changing the binding order in NT and NOVELL to make the Token Ring card a secondary. Still no problems.
Despite my warnings ("What to you know you're just the network guy" that we needed to remove the token ring cards (or at least disable them) I was overruled by the server team who said that it would not cause an issue and so the servers end up with one primary connection to Ethernet, one secondary to Token Ring and the backup LAN Ethernet card. The server guys do not always remove the Gateway IP address for the Token Ring card hence we end up with two gateways and two routes out of the server, which is a problem compounded by the following.
We are also taking the opportunity to upgrade our core 5500 switch to a brand new 6500. The 5500 has an RSM and the 6500 has an MSFC.The 5500 has two Token Ring Blades and the 5500 has two 48 port FastEthernet Blades the uncoverted servers are in the 5500 on the Token Ring blade and as the servers are migrated they are patched into the 6500.
The original plan was to run the two in parallel but to start using the MSFC for all the routing tasks and just using the 5500 as another switch. During the course of this swap over we had a problem with the MSFC system routing IPX (I believe it was an IOS version problem - which we have now fixed) and ended up using the RSM as the main router and the 6500 as a switch into which all our converted servers are patched.
Ok, so the RSM is running at about 90%-95% utilisation (Whoa!!!) and I decide to implemet MLS on the 5500 switch to try and drop this down a bit. Everything seems OK except, and this is where the problem is.
A server (WinNT 4.0 & MS SQL 6.5 in case its relevant) was converted to Ethernet and the server guy left the gateway IP address in as usual. I get in to work the next day and find that people cannot access the server properley. I initially deduce that the server is routing through the backup VLAN (since this has a gateway address in as well?????) and since this does not have a router associated with it the traffic is going nowhere. I correct this by removing the gateway address and all seems OK. People within the same VLAN as the server can access everything OK, but people on other VLANS cannot access it. This is mainly our development team who reside on a different VLAN and use SQL Enterprise Manager as to connect to the DBS server.
After a lot of investigating I decide that the cause of the issue is that traffic is routing into the server via Ethernet but routing out via Token Ring (remember what I said about the server guys not removing the gateway addresses). Well I remove the gateway address from the Token Ring card and am confident that it will solve the problem - it doesn't. People outside the VLAN cannot access the server.
This morning I turned off MLS on this VLAN, and everyone can work OK.
Questions..
1) Why was MLS failing to function correctly? I have an idea it was down to the server connections but all help would be happily received.
2) Are all server people such arrogant so-and-so's?
My company is in the middle of a Token Ring/Ethernet Migration and as part of this we are converting our servers to Ethernet. Each server currently has a Token Ring card as it's primary and an Ethernet card to connect to our backup devices on a seperate LAN. No problem so far everything is working.
We are upgrading by installing another Ethernet card for a primary connection, and changing the binding order in NT and NOVELL to make the Token Ring card a secondary. Still no problems.
Despite my warnings ("What to you know you're just the network guy" that we needed to remove the token ring cards (or at least disable them) I was overruled by the server team who said that it would not cause an issue and so the servers end up with one primary connection to Ethernet, one secondary to Token Ring and the backup LAN Ethernet card. The server guys do not always remove the Gateway IP address for the Token Ring card hence we end up with two gateways and two routes out of the server, which is a problem compounded by the following.
We are also taking the opportunity to upgrade our core 5500 switch to a brand new 6500. The 5500 has an RSM and the 6500 has an MSFC.The 5500 has two Token Ring Blades and the 5500 has two 48 port FastEthernet Blades the uncoverted servers are in the 5500 on the Token Ring blade and as the servers are migrated they are patched into the 6500.
The original plan was to run the two in parallel but to start using the MSFC for all the routing tasks and just using the 5500 as another switch. During the course of this swap over we had a problem with the MSFC system routing IPX (I believe it was an IOS version problem - which we have now fixed) and ended up using the RSM as the main router and the 6500 as a switch into which all our converted servers are patched.
Ok, so the RSM is running at about 90%-95% utilisation (Whoa!!!) and I decide to implemet MLS on the 5500 switch to try and drop this down a bit. Everything seems OK except, and this is where the problem is.
A server (WinNT 4.0 & MS SQL 6.5 in case its relevant) was converted to Ethernet and the server guy left the gateway IP address in as usual. I get in to work the next day and find that people cannot access the server properley. I initially deduce that the server is routing through the backup VLAN (since this has a gateway address in as well?????) and since this does not have a router associated with it the traffic is going nowhere. I correct this by removing the gateway address and all seems OK. People within the same VLAN as the server can access everything OK, but people on other VLANS cannot access it. This is mainly our development team who reside on a different VLAN and use SQL Enterprise Manager as to connect to the DBS server.
After a lot of investigating I decide that the cause of the issue is that traffic is routing into the server via Ethernet but routing out via Token Ring (remember what I said about the server guys not removing the gateway addresses). Well I remove the gateway address from the Token Ring card and am confident that it will solve the problem - it doesn't. People outside the VLAN cannot access the server.
This morning I turned off MLS on this VLAN, and everyone can work OK.
Questions..
1) Why was MLS failing to function correctly? I have an idea it was down to the server connections but all help would be happily received.
2) Are all server people such arrogant so-and-so's?