Beruflich Dokumente
Kultur Dokumente
virtual Port-Channel
Best Practices & Design
Guidelines
Roberto Mari
Technical Marketing Engineer
Data Center Business Unit
Cisco Confidential
November 2009
version 1.1
1
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
Cisco Confidential
vPC peer-link
CFS protocol
vPC peer
vPC
vPC
vPC
member
member
port
port
vPC
non-vPC
device
Cisco Confidential
vPC peer-link
vPC peer
Standalone
Port-channel
2009 Cisco Systems, Inc. All rights reserved.
vPC
Cisco Confidential
vPC peer-link
Requirements:
Member ports must be 10GE interfaces one of the N7KM132XP-12 modules
Peer-link are point-to-point. No other device should be inserted
between the vPC peers.
Cisco Confidential
Cisco Confidential
e1/ e1/
e1/ e1/
e1/
L3
L2
vPC PL
e1/
e1/
e1/
vPC PKL
vPC
Primary
e2/
e2/
vPC
Secondary
Cisco Confidential
Recommendations:
Should be a dedicated link (1Gb is adequate)
Should NOT be routed over the Peer-Link
Can optionally use the mgmt0 interface (along with management
traffic)
As last resort, can be routed over L3 infrastructure
2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Management
Network
vPC_PK
Standby Management
Interface
Active Management
Interface
vPC_PL
vPC1
vPC2
Cisco Confidential
12
Cisco Confidential
vPC
member
port
13
Cisco Confidential
14
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
15
ALWAYS
dual attach
devices to a vPC
Domain!!!
2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
Recommendations:
Use LACP when available for better failover and misconfiguration protection
Cisco Confidential
vPC
Regular
member
Portport
channel
port
17
ALWAYS try to dual attach devices using vPC (not applicable for routed links).
PROS: Ensures minimal disruption in case of peer-link failover and consistent behavior with vPC dualactive scenarios. Ensures full redundant active/active paths through vPC.
CONS: None
2. If (1) is not an option connect the device via a vPC attached access switch (could use VDC to create a
virtual access switch).
PROS: Ensures minimal disruption in case of peer-link failover and consistent behavior with vPC dualactive scenarios. Availability limited by the access switch failure.
CONS: Need for an additional access switch or need to use one of the available VDCs. Additional
administrative burden to configure/manage the physical/Virtual Device
3. If (2) is not an option connect device directly to (primary) vPC peer in a non-vPC VLAN * and provide
for a separate interconnecting port-channel between the two vPC peers.
PROS: Traffic diverted on a secondary path in case of peer-link failover
CONS: Need to configure and manage additional ports (i.e. port-channel) between the Nexus 7000
devices.
4. If (3) is not an option connect device directly to (primary) vPC peer in a vPC VLAN
PROS: Easy deployment
CONS: VERY BAD. Bound to vPC roles (no role preemption in vPC) , Full Isolation on peer-link failure
when attached vPC toggles to a secondary vPC role.
* VLAN that is NOT part of any vPC and not present on vPC peer-link
2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
1. Dual Attached
Orphan
Ports
S
P
Primary vPC
Secondary vPC
Cisco Confidential
19
Cisco Confidential
20
SR
PR
S
Primary vPC
Secondary vPC
PR
SR
Cisco Confidential
21
Nexus
7000
16-way port
channel
Nexus
5000
Cisco Confidential
22
Cisco Confidential
Nexus
7000
16-port port-channel
Nexus
5000
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
24
Switch
Po2
7k1
Po2
7k2
L3 ECMP
Po1
Router
2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Router
25
vPC view
Layer 2 topology
Layer 3 topology
7k vPC
7k1
7k1
7k2
7k2
R
R
26
Po2
7k1
7k2
Po1
Cisco Confidential
27
S
Po2
7k1
7k2
Po1
Cisco Confidential
28
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
29
Requirements:
Needs to remain enabled, but doesnt dictate vPC member port
state
Logical ports still count, need to be aware of number of
VLANs/port-channels deployed!
Best Practices:
Not recommended to enable Bridge Assurance feature on vPC
channels (i.e. no STP network port type). Tracked by
CSCsz76892.
Make sure all switches in you layer 2 domain are running with
Rapid-PVST or MST (IOS default is non-rapid PVST+), to avoid
slow STP convergence (30+ secs)
vPC
vPC
STP
is running to manage
loops outside of vPCs
direct domain, or before
initial vPC configuration
Cisco Confidential
30
Primary
vPC
vPC
Domain
Primary
Primary
Root
Root
R
Network port
BPDUguard
Rootguard
Loopguard
Secondary
vPC
HSRP
HSRP
ACTIVE
ACTIVE
Aggregation
HSRP
HSRP
STANDBY
STANDBY
Secondary
Secondary
Root
Root
R
Layer 3
Access
-
Cisco Confidential
31
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
32
BPDUguard
BPDUfilter
Rootguard
DC 2
R
R
- R
N
N
R
vPC domain 10
vPC domain 20
Key Recommendations
E
B
Server Cluster
Key Recommendations
Cisco Confidential
ACCESS
ACCESS
AGGR
AGGR
vPC domain 21
Long Distance
Network port
CORE
CORE
vPC domain 11
Server Cluster
33
DC-1
Nexus 7010
Nexus 7010
vPC
vPC
Nexus 7010
Nexus 7010
Cisco Confidential
34
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
35
HSRP/VRRP
Active:
Active for
shared L3 MAC
HSRP/VRRP
Standby:
Active for
shared L3 MAC
L3
L2
Cisco Confidential
36
GW
VLAN 100, 200
VLAN 100
2009 Cisco Systems, Inc. All rights reserved.
STANDBY HSRP
GW
L2/L3
Aggregation
VLAN 200
Cisco Confidential
37
L3
L2
OSPF
OSPF
Primary
vPC
Cisco Confidential
Secondary
vPC
38
Standby
Listen
Listen
Cisco Confidential
39
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
40
Design considerations:
Access switches requiring services are connected to subaggregation VDC
Access switches not requiring services may be connected to
aggregation VDC
May be extended to support multiple virtualized service
contexts by using multiple VRF instances in the subaggregation VDC
Design Cautions:
Be aware of the Layer 3 over vPC design caveat. If Peering at
Layer 3 is required across the two vPC layers an alternative
solution should be explored (i.e. using STP rather than vPC to
attach service chassis)
2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
41
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
42
Cisco Confidential
43
Scenario:
Interoperability with non RFC compliant
features of some NAS devices (i.e.
NETAPP Fast-Path or EMC IP-Reflect)
NAS device may reply to traffic using
the MAC address of the sender device
rather than the HSRP gateway.
vPC PL
vPC PKL
L3
L2
Cisco Confidential
N7k(config-vpc-domain)# peer-gateway
44
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
45
4.1(3)
4.2(1)
4.1(3)
4.2(1)
4.1(3)
4.2(1)
Begin
End
Caveats
4.1(x)
4.2(x)
None
4.2(x)
4.1(x)
None
Cisco Confidential
46
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC latest enhancements
ISSU
Cisco Confidential
47
L3 Core
Nexus
7000
OSPF
OSPF
/
E2
N7K-1
14
E2
/1
4
N7K-2
OSPF
OSPF
Po10
16-way port-channel
4-way port-channel
Po16
0
L2/L3
Aggregation
Nexus 7000
vPC
Po20
L2 Access
Nexus 5000
Failure Topology
Convergence Time
Failure
Failure of
secondary vPC
peer*
Failure of a
primary vPC peer*
Failover of the
vPC Peer Link
Restoration
4.1(4)
4.1(4)
North-Bound: ~700 ms
South-Bound: ~2.5 sec
North-Bound: ~3 sec
South-Bound: ~3.4 sec
4.2(1)
4.2(1)
4.1(4)
4.1(4)
North-Bound: ~150 ms
South-Bound: ~3 sec
North-Bound:~4.5 secs
South-Bound: ~5 secs
4.2(1)
4.2(1)
North-Bound: ~50 ms
South-Bound: ~100 ms
4.1(4)
4.1(4)
North-Bound: ~1.3 s
South-Bound: ~1.8 s
North-Bound: ~900 ms
South-Bound: up to 10+ s (CSCsz88998)
4.2(1)
4.2(1)
North-Bound: 100-300 ms
South-Bound: 50-500 ms
NOTE: Convergence numbers may vary depending on the specific configuration (i.e. scaled
number of VLANs/SVIs or HSRP groups) and traffic patterns (i.e. L2 vs L3 flows).
2009 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
49
Supported Scalability
4.1(5)
Latest
Ankara
4.2(1)
NOTE: Supported numbers of VLANs/vPCs are NOT related to an hardware or software limit but reflect what
has been currently validated by our QA. The N7k BU is planning to continuously increase these numbers as
soon as new data-points become available.
Cisco Confidential
50
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
51
N7K-Aggr
Pod 2
Pod 1
Cisco Confidential
N7K-1
POD 1-2 VPC
N7K-2
POD 1-2 VPC
Pod 1
Pod 2
N7K-3
POD 3-4 VPC
N7K-4
POD 3-4 VPC
Pod 3
Pod 4
N7K-7
POD 5-6 VPC
N7K-8
POD 5-6 VPC
Pod 5
Pod 6
52
Cisco Confidential
53
Agenda
Feature Overview & Terminology
vPC Design Guidance & Best Practices
Building a vPC domain
Attaching to a vPC domain
Layer 3 and vPC
Spanning Tree Recommendations
Data Center Interconnect (& Encryption)
HSRP with vPC
vPC and Services
vPC latest enhancements
ISSU
Cisco Confidential
54
Reference Material
Logical
E2
/
14
L3 Core
N7K-1
E2
/1
4
N7K-2
L2/L3
Aggregation
6
E1 Po10
/2
1
/2
E
5
E1/26
Te1/2/
1
E1/25
2/
1/
e
T 2
6K-1
Po100
Te
2/
Te2/2/
2 2/
1
6K-2
Po10
0
Nexus 7000
vPC
L2 Access
6500 VSS
Cisco Confidential
55
Reference Material
Cisco Confidential
56
Reference Material
Cisco Confidential
57
Cisco Confidential
58