Beruflich Dokumente
Kultur Dokumente
Cisco Confidential
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
CFS protocol
vPC peer-link Link used to synchronize state between vPC peer devices, must be 10GbE
vPC peer-keepalive link the keepalive link between vPC peer devices, i.e., backup to the vPC peer-link vPC VLAN one of the VLANs carried over the peer-link and used to communicate via vPC with a peer device. non-vPC VLAN One of the STP VLANs not carried over the peer-link CFS Cisco Fabric Services protocol, used for state synchronization and configuration validation between vPC peer devices
Cisco Confidential
3. Configure (or reuse) an interconnecting port-channel between the vPC peer switches
4. Configure the inter-switch channel as Peer-link on both vPC devices (make sure is operational) 5. Configure (or reuse) Port-channels to dual-attached devices
6. Configure a unique logical vPC and join port-channels across different vPC peers
vPC peerkeepalive link vPC peer-link
vPC peer
Standalone Port-channel
2009 Cisco Systems, Inc. All rights reserved.
vPC
Cisco Confidential
Requirements:
Member ports must be 10GE interfaces one of the N7KM132XP-12 modules
Peer-link are point-to-point. No other device should be inserted between the vPC peers.
Cisco Confidential
e1/ e1/
e1/ e1/ e1/ e1/ vPC PKL vPC PL e1/ e1/ e2/
L3 L2
vPC Primary
e2/
vPC Secondary
Recommendations:
Should be a dedicated link (1Gb is adequate)
11
Management Network
vPC_PK
vPC_PL
vPC1
vPC2
Cisco Confidential
12
13
It is still necessary to have a separate vPC peer-link and vPC PeerKeepalive Link infrastructure for each VDC deployed.
Can vPC run between VDCs on the same switch? This scenario should technically work, but it is NOT officially supported and has not been extensively tested by our QA team. Could be useful for Demo or hands on, but It is NOT recommended for production environments. Will consolidate redundant points on the same box with VDCs (e.g. whole aggregation layer on a box) and introduce a single point of failure. ISSU will NOT work in this configuration, because the vPC devices can NOT be independently upgraded.
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
14
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
15
16
Recommendations:
Use LACP when available for better failover and misconfiguration protection
vPC Regular member Portport channel port
vPC
Cisco Confidential
17
* VLAN that is NOT part of any vPC and not present on vPC peer-link
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
18
1. Dual Attached
P
S
CONS: None
2. If (1) is not an option connect the device via two independent links using STP. Use nonvPC VLANs ONLY on the STP switch.* PROS: Ensures minimal disruption in case of peer-link failover and consistent behavior with vPC dual-active scenarios. Ensures full redundant Active/Active paths on vPC VLANs.
CONS: Requires an additional STP port-channel between the vPC devices. Operational burden in provisioning and configuring separate STP and vPC VLAN domains. Only Active/Standby paths on STP VLANs.
3. If (2) is not an option connect the device via two independent links using STP. (Use vPC VLANs on this switch) PROS: Simplify VLAN provisioning and does not require allocation of an additional 10GE port-channel. CONS: STP and vPC devices may not be able to communicate each other in certain failure scenarios (i.e. when STP Root and vPC primary device do not overlap). All VLANs carried over the peer-link may suspend until the two adjacency forms and vPC is fully synchronized". * Run the same STP mode as the vPC domain. Enable portfast/port type edge on host facing ports
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
20
S P
SR
PR S
Secondary vPC
Primary STP Root
21
22
Nexus 7000
16-port port-channel
Nexus 5000
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
24
Switch
Po2
7k1 Po1
7k2
L3 ECMP
Router
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Router
25
vPC view
Layer 2 topology
Layer 3 topology
Port-channel looks like a single L2 pipe. Hashing will decide which link to chose
Cisco Confidential
26
2) R does lookup in routing table and sees 2 equal paths going north (to 7k1 & 7k2) 3) Assume it chooses 7k1 (ECMP decision) 4) R now has rewrite information to which router it needs to go (router MAC 7k1 or 7k2) 5) L2 lookup happens and outgoing interface is port-channel 1
7k1
S Po2
7k2 Po1
27
S Po2
Cisco Confidential
28
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
29
Requirements:
Needs to remain enabled, but doesnt dictate vPC member port state Logical ports still count, need to be aware of number of VLANs/port-channels deployed!
Best Practices:
Not recommended to enable Bridge Assurance feature on vPC channels (i.e. no STP network port type). Tracked by CSCsz76892.
vPC vPC STP is running to manage Make sure all switches in you layer 2 domain are running loops outside of vPCs with Rapid-PVST or MST (IOS default is non-rapid PVST+), direct domain, or before to avoid slow STP convergence (30+ secs) initial vPC configuration Remember to configure portfast (edge port-type) on host facing interfaces to avoid slow STP convergence (30+ secs)
Cisco Confidential
30
Network port Edge or portfast port type Normal port type BPDUguard Rootguard Loopguard
Primary vPC
HSRP ACTIVE
Aggregation
Layer 3
Primary Root
R R R
R R
Access
L
E B
E B
E B
E B
E B
Cisco Confidential
31
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
32
N E B F R
Network port Edge or portfast port type Normal port type BPDUguard
BPDUfilter
Rootguard
Long Distance
DC 2
CORE
N R R N -
AGGR
R N
- R
AGGR
vPC domain 10
vPC domain 20
R R
Key Recommendations
ACCESS ACCESS
E B
vPC Domain id for facing vPC layers should be different No Bridge Assurance on interconnecting vPCs BPDU Filter on the edge devices to avoid BPDU propagation No L3 peering between DCs (i.e. L3 over vPC)
E B
Server Cluster
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Server Cluster
33
DC-2
Nexus 7010
vPC
vPC
Nexus 7010
Nexus 7010
Cisco Confidential
34
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
35
Standby device communicates with vPC manager produces to determine if vPC peer is Active HSRP/VRRP peer General HSRP best practices still applies. When running active/active aggressive timers can be relaxed (i.e. 2-router vPC case)
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
L3 L2
36
STANDBY HSRP GW
L2/L3 Aggregation
VLAN 100
VLAN 200
37
Cisco Confidential
L3 L2
Primary vPC
OSPF
Secondary vPC
Cisco Confidential
38
Standby
Listen
Listen
Cisco Confidential
39
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
40
Design considerations:
Access switches requiring services are connected to subaggregation VDC Access switches not requiring services may be connected to aggregation VDC May be extended to support multiple virtualized service contexts by using multiple VRF instances in the subaggregation VDC
Design Cautions:
Be aware of the Layer 3 over vPC design caveat. If Peering at Layer 3 is required across the two vPC layers an alternative solution should be explored (i.e. using STP rather than vPC to attach service chassis)
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
41
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
42
vPC Object Tracking vPC Peer-Gateway vPC Delay Restore Multi-layer vPC with single HSRP group vPC unicast ARP handling vPC Exclude Interface-VLAN vPC single attached device Listing vPC Convergence and Scalability
For more details: 4.2 Release Notes
http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/release/notes/42_nxos_release_note.html#wp218085
Cisco Confidential
43
vPC PL
vPC PKL
L3 L2
Packet reaching vPC for the non local Router MAC address are sent across the peer-link and can be dropped if the final destination is behind another vPC.
vPC Peer-Gateway Solution: Allows a vPC switch to act as the active gateway for packets addressed to the peer router MAC (CLI command added in the vPC global config) N7k(config-vpc-domain)# peer-gateway
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
44
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
45
4.1(3) 4.2(1)
Begin
End
Caveats
4.1(x)
4.2(x)
4.2(x)
4.1(x)
None
None
Cisco Confidential
46
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
Cisco Confidential
47
OSPF
N7K-2
16-way port-channel
Po160 Po20
vPC Peer Link LACP Channel (2x10 GigE) vPC Peer-Keepalive (GigE)
2009 Cisco Systems, Inc. All rights reserved.
4.1(4)
4.1(4) North-Bound: ~1.3 s South-Bound: ~1.8 s 4.2(1) North-Bound: 100-300 ms South-Bound: 50-500 ms
NOTE: Convergence numbers may vary depending on the specific configuration (i.e. scaled number of VLANs/SVIs or HSRP groups) and traffic patterns (i.e. L2 vs L3 flows).
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
49
NOTE: Supported numbers of VLANs/vPCs are NOT related to an hardware or software limit but reflect what has been currently validated by our QA. The N7k BU is planning to continuously increase these numbers as soon as new data-points become available.
Cisco Confidential
50
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
51
Pod 1
Pod 2
Pod 1
Pod 2
Instructor-led hands-on lab introducing the vPC (virtual Portchannel) feature for the Nexus 7000. Participants exposed to the configuration of vPC with NX-OS. Lab needs to be manually booked through Nexus 7000 TMEs.
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Pod 3
Pod 4
Pod 5
Pod 6
52
Cisco Confidential
53
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain
54
Reference Material
vPC/VSS Interop Test Details
Physical Logical L3 Core
N7K-1
N7K-2
Po10
E1/26 E1/25
Po100
Te1/2/1 Te2/2/1
Po100
6K-1
6K-2
vPC Peer Link LACP Channel (2x10 GigE) vPC PeerKeepalive (GigE) VSS VSL Channel (2x10 GigE)
Cisco Confidential
55
Reference Material
vPC/VSS Interop Test Details
Cisco Confidential
56
Reference Material
Other Solution Tests and Recent vPC Documentation
Enterprise Solutions Engineering:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/DC-3_0_IPInfra.html
Implementing Nexus 7000 in the Data Center Aggregation Layer with Services:
https://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/nx_7000_dc.html
Cisco Confidential
57