Beruflich Dokumente
Kultur Dokumente
1(5)
Overview of vPC
vPC overview
A virtual port channel (vPC) allows links that are physically connected to two different Cisco Nexus 7000 Series devices to appear as a standard single port channel by a third device
LACP/static
Static/PAgP/PAgP+/LACP
vPC overview
The third device can be a switch, server, or any other networking device. You can configure up to 192 vPCs per device. A vPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bisectional bandwidth by enabling multiple parallel paths between nodes and load balancing traffic where alternative paths exist.
vPC Benefits
Allows a single device to use a port channel across two upstream devices Eliminates Spanning Tree Protocol (STP) blocked ports Provides a loop-free topology Uses all available uplink bandwidth Provides fast convergence if either the link or a device fails Provides link-level resiliency Assures high availability
vPC limitations
You can use only Layer 2 port channels in the vPC. All members in a single vPC on each device must belong to a single VDC on the device. The vPC peer link must use 10-Gigabit Ethernet ports Each VDC must be configured individually Separate Peer links are required Building a vPC between two VDCs on the same chassis is not supported To ensure that you have the correct hardware to enable and run vPC beginning with Cisco NX-OS Release 4.1(5), enter the show hardware feature-capability command. If you see an X across from vPC, your hardware cannot enable the vPC feature. (an EPLD update may be required)
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-7
vPC configuration
You configure the port channels by using one of the following: No protocol - When you configure the port channels without using LACP, each device can have up to eight active links in a single port channel. Link Aggregation Control Protocol (LACP) - When you configure the port channels in a vPC using LACP, each device can have eight active links and eight standby links in a single port channel.
vPC links
Peer-keepalive link - sends heartbeat messages between the two vPC peer devices. Peer link makes two linked Nexus devices to appear as one device to a third device. Port channel recommended to use two or more of the 10Gigabit Ethernet ports in dedicated mode. (on at least two different N7K-M132XP-12 modules) Recommend: you configure the Layer 2 port channels as a trunks
vPC Domain
vPC domain includes: both vPC peer devices vPC peer-keepalive link the vPC peer link all of the port channels in the vPC domain connected to the downstream device vPC domain limitations: You can have only one vPC domain ID on each device. In this version, you can connect each downstream device to a single vPC domain ID using a separate port channel.
vPC Terminology
vPCThe combined port channel between the vPC peer devices and the downstream device. vPC peer device One of a pair of devices that are connected with the special port channel known as the vPC peer link. vPC peer link The link used to synchronize states between the vPC peer devices. Both ends must be on 10-Gigabit Ethernet interfaces. vPC domain This domain is formed by the two vPC peer link devices. It is also a configuration mode for configuring some of the vPC peer link parameters. vPC peer-keepalive link The peer-keepalive link between vPC peer devices to ensure that both devices are up. (IP connectivity) vPC member port Interfaces that belong to the vPCs.
You can have only two devices as vPC peers Each device/VDC can serve as a vPC peer to only one other vPC peer. Note: The vPC peer devices can also have non-vPC links to other devices.
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-13
When you configure the vPC peer link, the vPC peer devices negotiate that one of the connected devices is the primary device and the other connected device is the secondary device. The NX-OS software uses the lowest MAC address to elect the primary device. If the primary device fails, the secondary device becomes the new primary when the system recovers and the previously primary device is now the secondary device. You can also configure which of the vPC devices is primary. (Changing the priority of the vPC peer devices can cause link flap.)
The software keeps all traffic forwarding across the vPC peer devices local. That is, a packet ingressing the port channel uses one of the local links rather than moving across the vPC peer link.
Unknown unicast, multicast, and broadcast traffic (including STP BPDUs) are flooded across the vPC peer link.
vPC synchronization
CFSoE
The software keeps the multicast forwarding state synchronized on both of the vPC peer devices. All MAC addresses for those VLANs configured on both devices are synchronized between vPC peer devices. The software uses CFSoE for these synchronizations.
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-17
An artificial "peer link traffic filter" was introduced between the lower vPC member ports and the upper non-vPC ports (of course, this filter is just a logical representation that has no relation with the real hardware implementation.) Traffic that has crossed the peer link is tagged internally and will not be allowed to be forwarded through the filter. This mechanism will allow the traffic received from the vPC member port to be locally forwarded, while still providing connectivity to the ports that are not part of a vPC.
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-18
When switch B sends a frame to switch D, the destination address for switch D is unknown and the traffic must be flooded. Again, all the devices belonging to a vPC can be reached directly and S1 replicates the frame to the vPC member ports leading to switches C and D. However, the frame must also be flooded to the non-vPC members. When it is sent on the peer link, an internal header carrying a special bit is added to the frame in order to specify that this traffic has already been sent to the vPC members. As a result, when vPC peer S2 receives the frame, the filter prevents it from being duplicated to its local vPC members and it is only forwarded to switch E. At the same time, a software update carried by CFS advertises to S2 that MAC address B was learnt on vPC. This information will allow S2 to send the reply from switch D to switch B directly on its local vPC member port, even if S2 never received traffic from switch B on this port.
During the vPC domain setup, a vPC peer is elected as primary. The primary peer will be responsible for running STP on all the vPC ports of the vPC domain. So logically, a vPC is a simple channel located on the primary vPC peer switch from the perspective of STP. The state of the vPC member ports located on the secondary peer is controlled remotely by the primary. Still, BPDUs can be exchanged on all the physical links belonging to a vPC. Primary switch S1 can send and receive BPDUs on both paths available to bridge C. Switches S1 and S2 are programmed so that the BPDUs can be switched in hardware toward their final destination.
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-20
If the switch A vPC peer link fails ( ), the software checks the status of the remote vPC peer B using the peer-keepalive link. If the vPC peer B is up, the secondary vPC A disables all vPC ports on its device, ( ) to prevent loops and blackholing or flooding traffic. The data then forwards down the remaining active links of the port channel.
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-22
The software learns of a vPC peer device failure when the keepalive messages are not returned over the peer-keepalive link You use a separate link (vPC peer-keepalive link) to send configurable keepalive messages between the vPC peer devices. The keepalive messages on the vPC peer-keepalive link determines whether a failure is on the vPC peer link only or on the vPC peer device. The keepalive messages are used only when all the links in the peer link fail.
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-23
Features That You Must Manually Configure on the Primary and Secondary Devices STP root Configure the primary vPC peer device as the highest STP root priority, and configure the secondary device with a lower root priority. STP hello time Configure the STP hello time on both the primary and secondary root switch to 4 seconds. Layer 3 VLAN network interface Configure Layer 3 connectivity from each vPC peer device by configuring a VLAN network interface for the same VLAN from both devices. HSRP active If you want to use HSRP and VLAN interfaces on the vPC peer devices, configure the primary vPC peer device with the HSRP active highest priority. Configure the secondary device to be the HSRP standby. And ensure that you have VLAN interfaces on each vPC device. Configure Unidirectional Link Detection (UDLD) on both sides of the vPC peer link.
vPC Domain
You can use the vPC domain ID to identify the vPC peer links and the ports that are connected to the vPC downstream devices. The vPC domain is also a configuration mode that you use to configure the keepalive messages, and configure other vPC peer link parameters. To create a vPC domain, you must first create a vPC domain ID on each vPC peer device using a number from 1 to 1000. You can have only one vPC domain per VDC. You must explicitly configure the port channel that you want to act as the peer link on each device. You associate the port channel that you made a peer link on each device with the same vPC domain ID to form a single vPC domain. Within this domain, the system provides a loop-free topology and Layer 2 multipathing. You can only configure port channels and vPC peer links statically.
Compatibility Parameters for vPC Peer Links that MUST match 1/4
Port-channel mode: on (static), passive or active (LACP) Link speed per channel Duplex mode per channel Trunk mode per channel: Native VLAN Tagging of native VLAN traffic Spanning Tree Protocol (STP) mode STP region configuration for Multiple Spanning Tree Enable/disable state per VLAN
Compatibility Parameters for vPC Peer Links that MUST match (cont.) 2/4
STP global settings: Bridge Assurance setting Port type settingWe recommend that you set all vPC interfaces as network ports. Loop Guard settings STP interface settings: Port type setting Loop Guard Root Guard Maximum Transmission Unit (MTU)
Compatibility Parameters for vPC Peer Links that SHOULD match 3/4
MAC aging timers Static MAC entries VLAN interfaceEach device on the end of the vPC peer link must have a VLAN interface configured for the same VLAN on both ends and they must be in the same administrative and operational mode. Those VLANs configured on only one device of the peer link do not pass traffic using the vPC or peer link. You must create all VLANs on both the primary and secondary vPC devices, or the VLAN will be suspended. All ACL configurations and parameters Quality of Service (QoS) configuration and parameters STP interface settings: BPDU Filter BPDU Guard Cost Link type Priority VLANs (Rapid PVST+)
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-29
Compatibility Parameters for vPC Peer Links that SHOULD match (cont.) 4/4
VLANs allowed on trunk Port security Cisco Trusted Security (CTS) Network Access Control (NAC) Internet Group Management Protocol (IGMP) snooping Hot Standby Routing Protocol (HSRP) Protocol Independent Multicast (PIM) Gateway Load-Balancing Protocol (GLBP) All routing protocol configurations
CFSoE
The Cisco Fabric Services over Ethernet (CFSoE) is a reliable state transport mechanism that is used to synchronize the actions of the vPC peer devices. CFSoE carries messages and packets for many features linked with vPC, such as STP and IGMP. When you enable the vPC feature, the device automatically enables CFSoE, and you do not have to configure anything. The CFSoE transport is local to each VDC. Cisco Fabric Services can also be used data over IP or IPv6 (both unicast or multicast).
Virtualization Support
All ports in a given vPC must be in the same VDC. This version of the software supports only one vPC per VDC. You can use the numbers from 1 to 4096 in each VDC to number the vPC and you can reuse these vPC numbers in a different VDC.
Configuring vPC
Enabling vPC
SwitchX(config)#
feature vpc
no feature vpc
You must enable the vPC functionality before you can configure and use vPCs. Ensure that you are in the correct VDC (or use the switchto vdc command).
2008 Cisco Systems, Inc. All rights reserved. Course acronym vx.x#-38
Creates a vPC domain on the device and enters the vpc-domain configuration mode for configuration purposes. There is no default; the range is 1 to 1000
This example shows how to create or enter a vPC domain: switch# config t switch(config)# vpc domain 5 switch(config-vpc-domain)#
peer-keepalive destination ip [hold-timeout secs | interval msecs {timeout secs} | {precedence {prec-value | network | internet | critical | flash-override | flash | immediate priority | routine}} | tos {tos-value | max-reliability | max-throughput | min-delay | min-monetary-cost | normal}} |tos-byte tos-byte-value} | source ip | vrf {name | management vpc-keepalive}]
Configures the IPv4 address for the remote end of the vPC peerkeepalive link.
This example shows how to configure the destination IP address for the link: switch# config t switch(config)# feature vpc switch(config)# vpc domain 100 switch(config-vpc-domain)# peer-keepalive destination 10.1.152.91
vpc peer-link
Configures the selected port channel as the vPC peer link and enters the vpc-domain configuration mode.
This example shows how to configure a vPC peer link: switch# config t switch(config)# interface port-channel 20 switch(config-if)# vpc peer-link switch(config-vpc-domain)#
Displays the status of those parameters that must be consistent across all vPC interfaces.
After you have configured the vPC peer link on both vPC peer devices, check that the configurations are consistent on all vPC interfaces.
To connect to the downstream device, you create a port channel from the downstream device to the primary vPC peer device and you create another port channel from the downstream device to the secondary peer device. Finally, working on each vPC peer device, you assign a vPC number to the port channel that connects to the downstream device. You will experience minimal traffic disruption when you are creating vPCs. The vPC number that you assign to the port channel connecting to the downstream device from the vPC peer device must be identical on both vPC peer devices.
Default Settings
I part
NX 8B NX 6B
NX 9A
NX 5A
vPC 9
vPC 5
NX 8A
NX 6A
vPC Domain 8
vPC Domain 6
II part
NX 6B 1/1
1/25 2/25
1/1 1/2 NX 5A
vPC 9
vPC 5
NX 8A vPC Domain 8
vPC 62
NX 6A vPC Domain 6
III part
NX 8B 1/1
9/9 1/17
1/9 2/17
NX 6B 1/1
1/25 9/25
1/25 2/25
vPC 8
vPC 6
vPC 9
vPC 5