Professional Documents
Culture Documents
Cisco Confidential
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
L3 L3 L2
vPC
L2MP
Access
L2 vPC vPC
Servers
STP+
STP Enhancements Bridge Assurance
vPC
NIC Teaming Simplified loop-free trees 2x Multi-pathing
Cisco L2MP
16x ECMP Low Latency / Lossless MAC Scaling Operational Flexibility
3
Cisco Confidential
vPC peer a vPC switch, one of a pair vPC member port one of a set of ports (port channels) that form a vPC vPC the combined port channel between the vPC peers and the downstream device vPC peer-link Link used to synchronize state between vPC peer devices, must be 10GbE vPC peer-keepalive link the keepalive link between vPC peer devices, i.e., backup to the vPC peer-link vPC VLAN one of the VLANs carried over the peer-link and used to communicate via vPC with a peer device.
CFS protocol
non-vPC VLAN One of the STP VLANs not carried over the peer-link CFS Cisco Fabric Services protocol, used for state synchronization and configuration validation between vPC peer devices
Cisco Confidential
vPC peer
Standalone Port-channel
2009 Cisco Systems, Inc. All rights reserved.
vPC
Cisco Confidential
Requirements:
Member ports must be 10GE interfaces one of the N7KM132XP-12 modules Peer-link are point-to-point. No other device should be inserted between the vPC peers.
Cisco Confidential
e1/ e1/
e1/ e1/ e1/ e1/ vPC PKL vPC PL e1/ e1/ e2/
L3 L2
vPC Primary
e2/
vPC Secondary
Characteristics:
Transparently enabled with vPC features CFS messages encapsulated in standard Ethernet frames delivered between peers exclusively on the peer-link Cisco Fabric Services messages are tagged as CoS=4 for reliable communication. Based on CFS from MDS product development Many years in service, robust protocol
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
10
Recommendations:
Should be a dedicated link (1Gb is adequate) Should NOT be routed over the Peer-Link Can optionally use the mgmt0 interface (along with management traffic) As last resort, can be routed over L3 infrastructure
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
11
Management Network
vPC_PK
vPC_PL
vPC1
vPC2
Cisco Confidential
12
13
14
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
15
16
Recommendations:
Use LACP when available for better failover and misconfiguration protection
Cisco Confidential
17
* VLAN that is NOT part of any vPC and not present on vPC peer-link
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
18
1. Dual Attached
P S
20
S P
SR
PR S
21
22
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
24
Switch
7k1 Po1
7k2
L3 ECMP
Router
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Router
25
vPC view
Layer 2 topology
Layer 3 topology
R R R
Port-channel looks like a single L2 pipe. Hashing will decide which link to chose
Cisco Confidential
26
S Po2
7k1 Po1
7k2
27
S Po2
Cisco Confidential
28
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
29
Requirements:
Needs to remain enabled, but doesnt dictate vPC member port state Logical ports still count, need to be aware of number of VLANs/port-channels deployed!
Best Practices:
Not recommended to enable Bridge Assurance feature on vPC channels (i.e. no STP network port type). Tracked by CSCsz76892. vPC vPC STP is running to manage Make sure all switches in you layer 2 domain are running loops outside of vPCs with Rapid-PVST or MST (IOS default is non-rapid PVST+), direct domain, or before to avoid slow STP convergence (30+ secs) initial vPC configuration Remember to configure portfast (edge port-type) on host facing interfaces to avoid slow STP convergence (30+ secs)
Cisco Confidential
30
Network port Edge or portfast port type Normal port type BPDUguard Rootguard Loopguard
Primary vPC
HSRP ACTIVE Primary Root
R R R N
Aggregation
Layer 3
R R
Access
L
E B
E B
E B
E B
E B
Cisco Confidential
31
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
32
N E B F R
Network port Edge or portfast port type Normal port type BPDUguard BPDUfilter Rootguard
Long Distance
DC 2
CORE
N R R N -
AGGR
R N
- R
AGGR
vPC domain 10
vPC domain 20
R R
Key Recommendations
ACCESS ACCESS
E B
vPC Domain id for facing vPC layers should be different No Bridge Assurance on interconnecting vPCs BPDU Filter on the edge devices to avoid BPDU propagation No L3 peering between DCs (i.e. L3 over vPC)
E B
Server Cluster
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Server Cluster
33
DC-2
Nexus 7010
vPC
vPC
Nexus 7010
Nexus 7010
Cisco Confidential
34
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
35
Standby device communicates with vPC manager produces to determine if vPC peer is Active HSRP/VRRP peer General HSRP best practices still applies. When running active/active aggressive timers can be relaxed (i.e. 2-router vPC case)
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
L3 L2
36
STANDBY HSRP GW
L2/L3 Aggregation
VLAN 100
VLAN 200
37
Cisco Confidential
L3 L2
Primary vPC
OSPF
Secondary vPC
Cisco Confidential
38
Standby
Listen
Listen
Cisco Confidential
39
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
40
Design considerations:
Access switches requiring services are connected to subaggregation VDC Access switches not requiring services may be connected to aggregation VDC May be extended to support multiple virtualized service contexts by using multiple VRF instances in the subaggregation VDC
Design Cautions:
Be aware of the Layer 3 over vPC design caveat. If Peering at Layer 3 is required across the two vPC layers an alternative solution should be explored (i.e. using STP rather than vPC to attach service chassis)
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
41
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
42
vPC Object Tracking vPC Peer-Gateway vPC Delay Restore Multi-layer vPC with single HSRP group vPC unicast ARP handling vPC Exclude Interface-VLAN vPC single attached device Listing vPC Convergence and Scalability
For more details: 4.2 Release Notes
http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/release/notes/42_nxos_release_note.html#wp218085
Cisco Confidential
43
vPC PL
vPC PKL
L3 L2
44
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
45
4.2(1) 4.1(3)
Cisco Confidential
46
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC latest enhancements ISSU
Cisco Confidential
47
OSPF
N7K-2
16-way port-channel
Po160 Po20
vPC Peer Link LACP Channel (2x10 GigE) vPC Peer-Keepalive (GigE)
2009 Cisco Systems, Inc. All rights reserved.
4.1(4) P S North-Bound: ~150 ms South-Bound: ~3 sec 4.2(1) North-Bound: ~50 ms South-Bound: ~100 ms
4.1(4) North-Bound: ~1.3 s South-Bound: ~1.8 s 4.2(1) North-Bound: 100-300 ms South-Bound: 50-500 ms
NOTE: Convergence numbers may vary depending on the specific configuration (i.e. scaled number of VLANs/SVIs or HSRP groups) and traffic patterns (i.e. L2 vs L3 flows).
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
49
NOTE: Supported numbers of VLANs/vPCs are NOT related to an hardware or software limit but reflect what has been currently validated by our QA. The N7k BU is planning to continuously increase these numbers as soon as new data-points become available.
Cisco Confidential
50
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
51
Pod 1
Pod 2
Pod 1
Pod 2
Instructor-led hands-on lab introducing the vPC (virtual Portchannel) feature for the Nexus 7000. Participants exposed to the configuration of vPC with NX-OS. Lab needs to be manually booked through Nexus 7000 TMEs.
2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Pod 3
Pod 4
Pod 5
Pod 6
52
Cisco Confidential
53
Agenda
Feature Overview & Terminology vPC Design Guidance & Best Practices
Building a vPC domain Attaching to a vPC domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect (& Encryption) HSRP with vPC vPC and Services vPC latest enhancements ISSU
54
Reference Material
Physical
N7K-1
N7K-2
Po10
E1/26 E1/25
Po100
Te1/2/1 Te2/2/1
Po100
6K-1
6K-2
vPC Peer Link LACP Channel (2x10 GigE) vPC PeerKeepalive (GigE) VSS VSL Channel (2x10 GigE)
Cisco Confidential
55
Reference Material
Cisco Confidential
56
Reference Material
Implementing Nexus 7000 in the Data Center Aggregation Layer with Services:
https://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/nx_7000_dc.html
http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11516396.html
Cisco Confidential
57