Vpc notes
Download as PPTX, PDF5 likes4,507 views
Virtual port channels (vPC) allow links that are physically connected to two different switches to appear as a single port channel, avoiding STP blocking. Two switches are considered vPC peers and form a vPC domain. A peer link connects the two switches to synchronize information. A peer keepalive link provides a backup communication path if the peer link fails. VLANs allowed on the peer link are considered vPC VLANs.
Vpc notes
- 1. Virtual Portchannels www.silantia.com1 Virtual port-channel is Multichassis link aggregation technology. You can configured a port-channel connected to two different switches. Since it is a port-channel advantage here is to avoid spanning tree blocking ports for any given VLAN that are allowed on that vPC. Two switches that emulate as a single switch has to part of a new entity called a Domain ID. These two switches are called vPC peers. vPC peer-link vPC 10 vPC peer keepalive - link
- 2. Virtual Portchannels www.silantia.com2 Peer-link: A Layer 2 trunked port-channel between two Nexus switches that are part of same domain. In each vPC domain one switch is elected as a primary and other is secondary. Only 10 Gig ports are supported as peer- link port-channel member ports. vPC peer-link ports can reside on F1 series line cards but it has to be a 10G port, When using M1 32 port line card for peer-link make sure peer-link ports are in dedicated rate mode otherwise peer-link won’t come up. Peer-link is used for control functions like synch ARP tables, MAC address table and IGMP snooping table between vPC peers.
- 3. Virtual Portchannels www.silantia.com3 Peer-link keep alive link: This is Layer 3 routed link used for heartbeat between two vPC peers. Peer-keepalive uses UDP port 3200 and every one second sends packet to check health of the peer. In case peer-link fails peer-keepalive link is used to find out if other peer is alive and active. Configuring peer-keepalive in management vrf is best practice because you do not need to dedicate a1 G port for peer- keepalive and management port give direct access to CPU for health check. vPC vlan: Any vlan that is allowed on vpc peer-link is called vPC vlan. Peer-keepalive link can be formed using supervisor mgmt ports or using a routed port on M1 line card.
- 4. Virtual Portchannels www.silantia.com4 Consistency parameters: There are some configuration parameters has to be same on both vPC peers in order for vPC to work properly. Some configuration settings has to be same on Global level and some has to be same at interface level. E.g MTU settings, Network QoS, Spanning tree mode, etc. There are two types of consistency parameters Any type-1 consistency parameter mismatch will suspend the vPC. Any type-2 consistency parameter mismatch keeps vpc up but causes odd forwarding behavior
- 5. Virtual Portchannels www.silantia.com5 A vPC port is a port that is assigned to a vPC channel group. The ports that form the vPC are split between two vPC peers and are referred to as vPC member ports. Orphan ports: Any port that is connected to any one vPC peer and are not port of any vPC is called orphaned port.
- 6. Virtual port-channels Domain ID has to be unique. It is imp to remember that vPC is layer 2 bundling technology. You can only configure Layer 2 virtual port-channels and both vpc peers are two independent routers. No L3 routing information synchronizes with each other. NX-OS uses Cisco Fabric Services (CFS) to synchronize the state information (MAC address table, IGMP snooping database etc) between vpc peers. N7010A-Dist# show cfs ? application Show locally registered applications internal Show internal infomation lock Show state of application's logical/physical locks merge Show cfs merge information peers Show all the peers in the physical fabric regions Show all the applications with peers and region information status Show current status of CFS Role priority can be configured to manually elect vPC role. vPC does not support role preemption. (Primary, Operational Secondary)
- 7. Virtual Portchannels www.silantia.com7 # 1 Design rule for VPC topologies : Always dual attach devices to both vpc peers to get predictable traffic flow. For L3 connections use routed ports and routing protocol’s ECMP. vPC will not allow traffic that was RECEIVED over a vPC peer-link to be sent out a vPC member port. This is a vPC loop prevention logic.
- 8. Configuring vPC www.silantia.com8 Step 1: Enabled feature vpc and LACP. Step 2: Configure vdc Domain and define role priority etc. Step 3: Configure L3 routed ports for Peer-keepalive link in a separate VRF. Verify peer-keepalive is working before proceeding to next step. Step 4: Configure a Layer 2 LACP portchannel with two 10 Gig ports as members. Make it as trunk link. Step 5: Configured this portchannel as vpc peer-link. Step 6: Configure vPCs with same vPC number on both switches. Step 7: Verify using show vpc command. Above steps should be followed in order.
- 9. Configuring vPC N7010B-Dist# sh run vpc feature vpc vpc domain 1 peer-switch peer-keepalive destination 10.23.242.220 source 10.23.242.225 vrf management peer-gateway ipv6 nd synchronize ip arp synchronize interface port-channel1 switchport mode trunk vpc peer-link interface port-channel10 vpc 10 Use VRF management Presents both vpc peers as single switch to access switches To enable local forwarding of packets destined to peer’s MAC address To enable ARP/ND sych on both peer switches for faster convergence N7010A-Dist# sh run vpc feature vpc vpc domain 1 peer-switch peer-keepalive destination 10.23.242.225 source 10.23.242.220 vrf management peer-gateway ipv6 nd synchronize ip arp synchronize interface port-channel1 switchport mode trunk vpc peer-link interface port-channel10 vpc 10
- 10. Configuring vPC www.silantia.com10 “peer-switch” command presents both vPC peers as single switch to access switches. Emulates same Bridge ID for BPDUs. “peer-gateway” command allows a vPC peer to respond both the the HSRP virtual and the real MAC address of both itself and it’s peer. vPC primary switch election is based on role priority, lower priority wins if not, lower system mac wins. Role determines who will process BPDUs and LACPDUs.
- 11. Monitoring and troubleshooting vPC show vpc show vpc peer-keepalive show vpc orphan-ports L2 Ports that are not part of vpc and attached to only one vpc peer. show vpc consistency-parameter global Shows global consistency paramters. show vpc role Shows who is primary and secondary.
- 12. Unsupported vPC topologies L2 L3 OSPF OSPF OSPF OSPF Vpc peer-link OSPF supported unsupported
- 13. Supported vPC topologies L2 L3 OSPF OSPF OSPF OSPF Vpc peer-link vPC 10
- 14. vPC Failure Scenario When peer-link fails both vPC communicates over peer keepalive-link to find if it is active. In this case secondary vPC switch suspends all its interface. When peerkeepalive-link fails no impact to existing vPC because peer-link is up. When peer-link and peer-keepalive link both fails then both peers enters into a dual active scenario. When primary switch fails secondary switch assumes role of primary (operational primary) but when original primary switch recovers it stays in operational secondary mode.
- 15. Virtual Portchannels www.silantia.com15 Double sided vPC: In double-sided vPC both the Nexus 7000 and Nexus 5000 switches run vPC. Each vPC pair of Nexus 5000 switches is connected to the Nexus 7000 vPC pair using a unique vPC
- 16. Virtual Portchannels and FEX www.silantia.com16 FEX ports can be a member ports for vPC. FEX can be dual attached to both vPC peers.
- 17. Enhanced vPC www.silantia.com17 FEX is dual attached to each Nexus 5500 and Severs are also dual attached to both FEX with active active NIC teaming. Logically a similar HA model to that currently provided by dual supervisor based modular switch. Full redundancy for supervisor, linecard, fabric via vPC and cable or NIC failure via Port- channeling.
- 18. vPC+ www.silantia.com18 vPC can be used in conjunction with fabricpath which allowes servers to be connected to two fabricpath enabled switches. Configure vPC peer-link in fabricpath mode. interface po 10 switchport mode fabricpath Both switches emulates a new switch id. vpc domain 70 fabricpath switch-id 70 Hence converting from vPC to vPC+ is distruptive process because it requires peer-link to be reconfigured.
- 19. vPC and vPC+ www.silantia.com19 Q & A.