You are on page 1of 80

Deploying Virtual Port Channel in NX-OS

BRKDCT-2048

Objectives
Session introduces basic concepts and terminology of the virtual Port-Channel technology Session reviews in detail actual designs and best practices of the virtual Port-Channel technology Session targets designs for aggregation/access layer and for Data-Center Interconnect Intended for network architects and engineers to improve Layer 2 scalability and the Network Operational Efficiency.

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison

vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

BRKDCT-2048

Feature Overview

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Feature Overview
Intelligent L2 Domains POD Evolution
Nexus 7000 July 2010 Inter-POD Connectivity across L3

OTV
IP Cloud

Failure Boundary Preservation

L3 L3

Core
vPC

Aggregation

L2
vPC L2 vPC

FabricPath
vPC+

Access

Virtual Access

STP+
STP Enhancements Bridge Assurance
Shipping Nexus 7k/5k
BRKDCT-2048

vPC
NIC Teaming Simplified loop-free trees 2x Multi-pathing
Shipping Nexus 7k/5k
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

FabricPath
16x ECMP Low Latency / Lossless MAC Scaling
Nexus 7000 Oct 2010
6

Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison

vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

BRKDCT-2048

Feature Overview
vPC Benefits Allow a single device to use a port channel across two upstream switches Eliminate STP blocked ports and uses all available uplink bandwidth Dual-homed server operate in active-active mode Provide fast convergence upon link/device failure Available on all current and future generation cards / platforms
Logical Topology without vPC

Reduce CAPEX and OPEX


Logical Topology with vPC
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison

vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

BRKDCT-2048

Feature Overview
How does vPC help with STP? (1 of 2) Before vPC
STP blocks redundant uplinks VLAN based load balancing Loop Resolution relies on STP Protocol Failure
Primary Root Secondary Root

With vPC
No blocked uplinks EtherChannel load balancing (hash) Loop Free Topology Lower oversubscription

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

10

Feature Overview
How does vPC help with STP? (2 of 2)

Reuse existing infrastructure

smooth migration

Build Loop-Free Networks

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

11

Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison

vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

BRKDCT-2048

12

Feature Overview
vPC Terminology (1 of 2)
vPC Domain vPC peer-link

vPC Domain A pair of vPC switches vPC peera vPC switch, one of a pair
vPC peer

vPC vPC vPC member member port port vPC vPC member port

vPC member portone of a set of ports (port channels) that form a vPC vPCthe combined port channel between the vPC peers and the downstream device vPC peer-linklink used to synchronize state between vPC peer devices, must be 10GbE

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

13

Feature Overview
vPC Terminology (2 of 2)
vPC Peer-keepalive link

CFS protocol

vPC peer-keepalive linkthe keepalive link between vPC peer devices, i.e., backup to the vPC peer-link vPC VLANone of the VLANs carried over the peer-link and used to communicate via vPC with a peer device non-vPC VLANOne of the STP VLANs not carried over the peer-link CFSCisco Fabric Services protocol, used for state synchronization and configuration validation between vPC peer devices

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

14

Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison

vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

BRKDCT-2048

15

Feature Overview
Data-Plane Loop Avoidance with vPC (1 of 2)
STP Domain vPC Domain

STP Failure

Data-Plane vs. Control-Plane Loop control vPC peers can forward all traffic locally Peer-link does not typically forward data packets (control plane extension) Traffic on the Peer-link is marked and not allowed to egress on a vPC
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

16

Feature Overview
Data-Plane Loop Avoidance with vPC (2 of 2) Exception for single-sided vPC failures Peer-link used as Backup path for optimal resiliency
vPC Domain

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

17

Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison

vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

BRKDCT-2048

18

Feature Overview
NEXUS vPC and Catalyst 6500 VSS Comparison
Functionality
Multi-Chassis Port Channel Loop-free Topology STP as a fail-safe protocol Control Plane

VSS (Virtual Switching System)



Single Logical Node

vPC (Virtual Port Channel)



Two Independent Nodes, both active

Support for Layer 3 portchannels Control Plane Protocols


10GE ports in the Channel

Single instance 8

Instances per Node 16 / 32 (with F series LC)

Device Configuration
Non Disruptive ISSU Support Inter-switch Link Hardware
BRKDCT-2048

Combined Configs

Common Configs (w/ consistency checker)

Virtual Switching Supervisor 720-10G, 6708, 6716 series


Cisco Public

NEXUS 7000 and 5000 All shipping 10GE ports


19

2010 Cisco and/or its affiliates. All rights reserved.

vPC Design Guidance and Best Practices

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

20

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

21

Building a vPC Domain


Configuration Steps
Following steps are needed to build a vPC (Order does Matter!) Define domains* Establish Peer Keepalive connectivity
1 2 3 4

Create a Peer link Reuse port-channels and Create vPCs Make Sure Configurations are Consistent
5 6 7 8

vPC member

*See Configuration details in the note section


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

Routed Interface Host Port


22

Building a vPC Domain


vPC Domains
vPC Domain defines the grouping of switches participating in the vPC Provides for definition of global vPC system parameters The vPC peer devices use the vPC domain ID to automatically assign a unique vPC system MAC address You MUST utilize unique Domain ids for all vPC pairs defined in a contiguous layer 2 domain
! Configure the vPC Domain ID It should be unique within the layer 2 domain NX-1(config)# vpc domain 20 ! Check the vPC system MAC address NX-1# show vpc role <snip> vPC system-mac : 00:23:04:ee:be:14
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

vPC Domain 10

vPC Domain 20

vPC System MAC identifes the Logical Switch in the network toplogy
23

Building a vPC Domain


vPC Peer-Link Definition:
Standard 802.1Q Trunk Carries CFS (Cisco Fabric Services) messages Carries flooded traffic from the vPC peer Carries STP BPDUs, HSRP Hellos, IGMP updates, etc.
vPC peer-link

Requirements:
Member ports must be 10GE interfaces : - 32 port 10GE fiber card (M or F series) or 8 port 10GE-X2 modules - any 10G port on NEXUS 5000 series vPC Peer-link should be a point-to-point connection (No other device between the vPC peers)

Recommendations (strong ones!)


Minimum 2x 10GE ports (on NEXUS 7000 : use 2 separate cards for best resiliency)
10GE ports in dedicated mode (for oversubscribed modules)
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

24

Building a vPC Domain


vPC Peer-Keepalive link
Definition:
Heartbeat between vPC peers Active/Active detection (in case vPC Peer-Link is down)
vPC peerkeepalive link

Packet Structure:
UDP message on port 3200, 96 bytes long (32 byte payload), includes version, time stamp, local and remote IPs, and domain ID

Recommendations (in order of preference):


1.Dedicated link(s) (1GE LC on NEXUS 7000 or 1/10GE ports on NEXUS 5000) 2.Can optionally use the mgmt0 interface (along with management traffic) 3.As last resort, can be routed over L3 infrastructure vPC Peer-Keepalive messages should NOT be routed over the vPC Peer-Link
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

25

Building a vPC Domain

vPC Peer-Keepalive link NEXUS 7000 Best Practices


When using dual supervisors and mgmt0 interfaces to carry the vPC peer-keepalive, do not connect them back to back between the two switches Only one management port will be active a given point in time and a supervisor switchover may break keep-alive connectivity Use the management interface when you have an out-of-band management network (management switch in between)
Management Switch vPC_PKL

Management Network
vPC_PKL

Standby Management Interface Active Management Interface

vPC_PL

vPC1

vPC2

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

26

Building a vPC Domain


vPC Peer-Keepalive link up & vPC Peer-Link down
vPC peer-link failure (link loss):
P S

vPC Peer-keepalive

Check active status of the remote vPC peer via vPC peerkeepalive link (heartbeat) If both peers are active, then Secondary vPC peer will disable all vPC member ports to avoid Dual-Active scenario Data will automatically forward down remaining active port channel ports

vPC_PLink Suspend secondary vPC Member Ports vPC1 vPC2

SW3

SW4

P S

Primary vPC Secondary vPC

Keepalive Heartbeat

Failover gated on CFS message failure, or UDLD/Link state detection


Cisco Public

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

27

Building a vPC Domain


vPC Member Port

Definition:
Port-channel member of a vPC

NX7K-1

NX7K-2

Requirements:
Configuration needs to match other vPC peers member port config
In case of inconsistency a VLAN or the entire port-channel may be suspended (e.g. MTU mismatch)
vP C 201

vPC member port

Up to 16 active ports between both vPC peers with M series LC. Up to 32 active ports between both vPC peers with F series LC
NX7K-1 : interface port-channel201 switchport mode trunk switchport trunk native vlan 100 switchport trunk allowed vlan 100-105 vpc 201
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved.

NX7K-2 : interface port-channel201 switchport mode trunk switchport trunk native vlan 100 switchport trunk allowed vlan 100-105 vpc 201
Cisco Public

28

Building a vPC Domain


VDC Interaction
VDCs are virtual instances of a device running on the Nexus 7000

vPC works seamlessly in any VDC based environment


Each VDC can have its own vPC domain (one vPC domain per VDC is allowed)

Separate vPC Peer-link and Peer-keepalive link infrastructure for each VDC deployed
Core

Core1

Core2

L3

L3 Channel L3 link L2 Channel L2 link

Aggregation
SW-1a vPC SW-1b VDC1 VDC1 SW-1a VDC2

vPC SW-1b
VDC2

SW-2a vPC SW-2b VDC1 VDC1

SW-2a VDC2

vPC SW-2b
VDC2

L3 L2 L2
29

Access
active
BRKDCT-2048

vPC standby active


Cisco Public

vPC standby active active

active

active

2010 Cisco and/or its affiliates. All rights reserved.

vPC supported hardware


NEXUS 7000 I/O modules
vPC is supported on all existing I/O modules
I/O Module N7K-M132XP-12 N7K-M132XP-12L Picture vPC Peer-link (10 GE Only) VPC Member Port

N7K-M148GT-11 N7K-M148GT-11L
N7K-M148GS-11 N7K-M148GS-11L

N7K-M108X2-12L

N7K-F132XP-15

2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

30

BRKDCT-2048

vPC supported hardware


NEXUS 5000 platform
vPC is supported on all existing chassis

Chassis
N5K-C5010P-BF

Picture

vPC Peer-link

(10 GE Only)

VPC Member Port

N5K-C5020P-BF

N5K-C5548P-FA

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

31

vPC supported hardware


NEXUS 2000 platform
vPC is supported on all existing Fabric Extender
FEX Picture vPC Peerlink VPC Member Port NEXUS 5000 parent switch N2K-C2148T-1GE NEXUS 7000 parent switch
Future release Future release

N2K-C2224TP-1GE N2K-C2224TF-1GE N2K-C2248TP-1GE N2K-C2248TF-1GE N2K-C2232PP-10GE N2K-C2232PF-10GE


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

Future release

Future release
32

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

33

Attaching to a vPC Domain


The Most Important Rule

Dual Attach Devices to a vPC Domain!!!

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

34

Attaching to a vPC Domain


IEEE 802.3ad and LACP Definition:
Port-channel for devices dual-attached to the vPC peer devices
Provides local load balancing for port-channel members STANDARD 802.3ad port-channel

Access Device Requirements:


STANDARD 802.3ad capability LACP or static port-channels (mode ON)

Recommendations:
Use LACP when available for graceful failover and mis-configuration protection
vPC Regular member Portport channel port

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

35

Attaching to a vPC Domain


Dual Homed vs. Single Attached
P

P S

Primary vPC Secondary vPC

1. Dual Attached

2. Attached via VDC/Secondary Switch


Orphan Ports

3. Secondary inter switch PortChannel (non-vPC VLAN) All rights reserved. BRKDCT-2048 2010 Cisco and/or its affiliates.

4. Single Attached to vPC Device


Cisco Public

36

Attaching to a vPC Domain


16 active ports between 8 active port-channel devices and 16 active port-channel devices vPC peer load-balancing is LOCAL to the peer device
Each vPC peer has only 8 active links, but the pair has 16 active load balanced links to the downstream device supporting 16 active ports
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved.

16-Way Port-Channel Single-sided vPC

Nexus 7000 16-port port-channel Nexus 5000

Nexus 5000 16-port port-channel support introduced in 4.1(3)N1(1a) release


Cisco Public

38

Attaching to a vPC Domain


Multilayer vPC can join eight active member ports of the port-channels in a unique 16-way port-channel* vPC peer load-balancing is LOCAL to the peer device Each vPC peer has only eight active links, but the pair has 16 active load balanced links (M-series LC)

32-Way Port-Channel Double-sided VPC

Double-sided vPC architecture Nexus 7000 32-way port channel Nexus 5000

F-series Nexus 7000 line cards support 16 way active port-channel load balancing, providing for a 32 way vPC port channel

* Possible with Any Device Supporting vPC/MCEC and Eight-Way Active Port-Channels
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

39

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Designs Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

40

Layer 3 and vPC Interactions


Router Interconnection: different angles

vPC view

Layer 2 topology

Layer 3 topology

7k vPC 7k1 7k2 7k1 7k2

R R R

R could be any router, L3 switch or VSS building a port-channel

Port-channel looks like a single L2 pipe. Hashing will decide which link to chose
Cisco Public

Layer 3 will use ECMP for northbound traffic

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

41

Layer 3 and vPC Designs


Layer 3 and vPC Design
Use L3 links to hook up routers and peer with a vPC domain Dont use L2 port channel to attach routers to a vPC domain unless you statically route to HSRP address If both, routed and bridged traffic is required, use individual L3 links for routed traffic and L2 port-channel for bridged traffic
Switch Po2 Po2

Switch

7k1 Po1

7k2
P

L3 ECMP
Routing Protocol Peer

Dynamic Peering Relationship


P
BRKDCT-2048

Router
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

Router
44

Layer 3 and vPC Designs


Layer 3 and vPC Interactions: Supported Designs
1. Peering between Routers
P

2. Peering with an external Router on Routed ports inter-connection

7k1 7k1 * 7k2 *


P

7k2

Po1 Switch
P

Routed Link Switch

* Nexus 7000 configured for

L2 Transport only
Router/Switch
P

Routing Protocol Peer Dynamic Peering Relationship

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

45

Layer 3 and vPC Designs


Layer 3 and vPC Interactions: Supported Designs
P P

7k1

7k1 7k2

7k2

Po1 Switch
P

1. Peering between vPC Device


7k1 *
P

2. Peering over an STP inter-connection NOT using a vPC VLAN (Orange VLANs/Links)
7k3 *
P

Switch Router/Switch
P

Routing Protocol Peer Dynamic Peering Relationship

7k2 *

7k4 *

* Nexus 7000 configured for


3. Peering between 2 routers with vPC devices as transit Switches
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

L2 Transport only

46

Layer 3 and vPC Designs


Layer 3 and vPC Interactions: Supported Designs
1. Peering with an external Router on parallel Routed ports inter-connection
7k1 7k2

2. Peering over a vPC inter-connection (DCI case) on parallel Routed ports inter-connection
P P

7k1
Routed Link

7k3

Switch
Router/Switch
P

7k2

7k4

Routing Protocol Peer Dynamic Peering Relationship


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

47

Layer 3 and vPC Designs


Layer 3 and vPC Interactions: Unsupported Designs
7k1
7k2 7k1

7k2

Po1

Router
P

1. Peering over a vPC inter-connection


P

2. Peering over an STP inter-connection using a vPC VLAN


P

7k1

7k3

Router/Switch

7k2

7k4

Routing Protocol Peer Dynamic Peering Relationship

3. Peering over a vPC inter-connection (DCI case)


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

48

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

49

Spanning Tree Recommendations


STP and vPC Interoperability
STP Uses: -Loop detection (failsafe to vPC) -Non-vPC attached device -Loop management on vPC addition/removal Requirements: -Needs to remain enabled, but doesnt dictate vPC member port state -Logical ports still count

Best Practices:

STP is running to manage vPC vPC loops outside of vPCs direct domain, or before initial vPC configuration

-Make sure all switches in you layer 2 domain are running with Rapid-PVST or MST (IOS default is non-rapid PVST+), to avoid

slow STP convergence (30+ secs)


-Remember to configure portfast (edge port-type) on host facing interfaces to avoid slow STP convergence (30+ secs)
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

50

vPC Enhancements
vPC and STP BPDUs STP for vPCs is controlled by the vPC operationally primary switch and only such device sends out BPDUs on STP designated ports This happens irrespectively of where the designated STP Root is located The vPC operationally secondary device proxies STP BPDU messages from access switches toward the primary vPC
Primary vPC Secondary vPC

BPDUs

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

51

Spanning Tree Recommendations


Port Configuration Overview
N E -

Network port Edge or portfast port type Normal port type BPDUguard Rootguard Loopguard

Data Center Core

R L

Primary vPC
HSRP ACTIVE Primary Root
R R R N

Secondary vPC vPC Domain


N

Aggregation

HSRP STANDBY Secondary Root


R R R

Layer 3

R R

Layer 2 (STP + Rootguard)

Access
L

E B

E B

E B

E B

E B

BA (Bridge Assurance) not recommended with vPC (except for VPC peer-link)
Layer 2 (STP + BPDUguard)

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

52

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

54

Data Center Interconnect


Multi-layer vPC for Aggregation and DCI
DC 1
vPC domain 11 Long Distance

N E B F

Network port Edge or portfast port type Normal port type

BPDUguard
BPDUfilter Rootguard 802.1AE (Optional)

DC 2
vPC domain 21

CORE

CORE

E F

N E F F E

N R R N -

AGGR

R N

- R

AGGR

vPC domain 10

vPC domain 20

R R

Best Practice Checklist:


-

E
B

vPC Domain id for facing vPC layers should be different BPDU Filter on the edge devices to avoid BPDU propagation STP Edge Mode to provide fast Failover times No Loop must exist outside the vPC domain No L3 peering between Nexus 7000 devices (i.e. pure layer 2)

ACCESS

ACCESS

E B

Server Cluster
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

Server Cluster
56

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

57

HSRP with vPC


FHRP Active/Active
Support for all FHRP protocols in Active/Active mode with vPC
No additional configuration required

HSRP/VRRP Active: Active for shared L3 MAC

HSRP/VRRP Standby: Active for shared L3 MAC

Standby device communicates with vPC manager produces to determine if vPC peer is Active HSRP/VRRP peer

L3 L2

When running active/active aggressive timers can be relaxed (i.e. 2-router vPC case)

Recommendation is to use default HSRP timers

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

58

HSRP with vPC


Backup Routing Path
Point-to-point dynamic Routing Protocol adjacency between the vPC peers to establish a L3 backup path to the Core through in case of uplinks failure Use an L3 point-to-point link between the vPC peers to establish a L3 backup path to the Core in case of uplinks failure A single point-to-point VLAN/SVI will suffice to establish a L3 neighbor
P P

OSPF/EIGRP

OSPF/EIGRP

VLAN 99

L3 L2
Primary vPC
P

OSPF/EIGRP
Secondary vPC

Routing Protocol Peer

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

60

HSRP with vPC


Dual L2/L3 Pod Interconnect
Scenario:
Provide L2/L3 interconnect between L2 Pods, or between L2 attached Datacenters (i.e. sharing the same HSRP group)

DCI with a single HSRP:

Active

Standby

Listen

Listen

Support for Active/Active on one pair, and still allows normal HSRP behavior on other pair (all in one HSRP group) In the first phase L3 traffic will run across Intra-pod link for non Active/Active L3 pair
Traffic to HSRP MAC gets routed/L3 switched Traffic to HSRP MAC gets bridged to vPC Domain that is HSRP forwarding
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

61

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

62

vPC and Network Services


Services Chassis w. Services VDC Sandwich
Two Nexus 7000 Virtual Device Contexts to sandwich services between virtual switching layers Layer-2 switching in Services Chassis with transparent services Services Chassis provides Etherchannel capabilities for interaction with vPC vPC running in both VDC pairs to provide Etherchannel for both inside and outside interfaces to Services Chassis

Design considerations:
Access switches requiring services are connected to subaggregation VDC Access switches not requiring services may be connected to aggregation VDC If Peering at Layer 3 is required between vPC layers an alternative design should be explored (i.e. using STP rather than vPC to attach service chassis)
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

63

vPC and Network Services (1/2)


Service appliances
Dedicate a L2 port-channel for the service appliances state and keepalive VLANs
A

Connect service appliances to vPC domain via vPC and configure static routes to HSRP address
Implementing a separate L2 port channel for non-vPC VLANs to support single attached devices without creating orphan ports

vPC_PL
Static VIP

L3 FW routing agg1b
Static VIP Non-vPC VLANs peer

agg1a

routing peer

L3 FW

vPC_PKL State/Keepalive

agg1a

Non-VPC VLANs agg1b vPC_PKL vPC_PL State/Keepalive

Non-vPC VLANs

Static FHRP

L3 FW

VPC

VPC

L3 FW Static
FHRP

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

64

ASA Etherchannel (8.4) Integration with NEXUS 7000 vPC


ASA supports Link Aggregation Control Protocol (LACP) with 8.4 release Each port-channel supports up to 8 active and 8 standby links Supported methods of aggregation: Active, Passive & On Etherchannel ports are treated just like physical and logical interfaces on ASA
BRKDCT-2048

Active

Core IP1

Core IP2

Standby

L2 S1

vPC Peer-link

L2 S2

vPC1

vPC2

S3

S4

Validated configurations : ASA in routed mode ASA in transparent mode


Cisco Public

2010 Cisco and/or its affiliates. All rights reserved.

65

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

66

vPC enhancements
Feature
vPC Object Tracking

Benefit
Increase High-availability Service continuity

Overview
Tracking links states of a vPC peer device (single 10G LC in chassis) Allows a vPC switch to act as the active gateway for packets addressed to the peer router MAC Improved multicast convergence on active forwarder failure

vPC Peer-Gateway

Pre-build SPT for multicast

Improve Convergence time

vPC ARP SYNC vPC Reload Restore

Improve Convergence time Increase High-availability

Improve Convergence for Layer 3 flows after vPC peer-link is UP allows the one vPC device to assume STP / vPC primary role and bring up all local vPCs in case other vPC peer device is down after DC power outage Virtualize both vPC peer devices so they appear as a unique STP root

vPC Peer-Switch

Improve Convergence time

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

67

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

77

In-Service Software Upgrade


vPC System Upgrade/Downgrade
ISSU is still the recommended system upgrade in a multi-device vPC environment vPC system can be independently upgraded with no disruption to traffic Upgrade is serialized and must be run one at the time (i.e. config lock will prevent synchronous upgrades) Configuration is locked on other vPC peer during ISSU
A 4.2(x) 4.2(x) 5.0(x) B 5.0(x) 5.1(x) 5.1(x) Behavior Non-disruptive Non-disruptive Non-disruptive

4.2(x)

4.2(x)

4.2(x) / 5.0(x)

5.0(x)

4.2(x)

4.2(x) / 5.0(x)

5.0(x)

5.0(x)

5.0(x)

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

78

Nexus 5000 ISSU


VPC Topologies
VPC topologies are fully supported with ISSU. Three types of VPC topologies are supported with 4.2(1)N1(1) release for the Nexus 5000 and Nexus 2000 FEX.

Blade or Access Switch

FEX Active-Active

FEX Straight-Through

Throughout the ISSU process, VPC roles will remain intact and the MCEC Manager (MCECM) is responsible for coordinating this process. It is the peer switchs responsibility to hold onto its state until ISSU process is complete

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

80

Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management

Convergence and Scalability vPC Hands-on Lab Information Reference Material


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

81

Managing vPC with DCNM


Virtual PortChannel Automation: Managing both Devices as One Configuration - Step by Step Wizard Aided Set up - Configuration Audit between Primary and Secondary - Automatic Resolution of Configuration Conflicts - Easy Role Switch - HSRP and STP Failover Settings VPC Peer Link and VPC Fault Tolerant Link Monitoring Per VPC Events Filtering VPC Traffic Aggregation for Links Utilization, Keep Alive Statistics Topology Representation - Physical View - Logical View
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

Logical View

Physical View

82

DCNM for vPC Management


VPC Pre-Deployment Validation

No need for interacting with 3 cli consoles, a wizard guides the user step by step with clear indication of the task being completed.

DCNM tracks and enforces configuration consistency between the VPC peers for all matching variables.

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

83

Convergence and Scalability

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

85

Convergence and Scalability


vPC convergence Results

Measured Unicast vPC failover and recovery time


Converge time is measured in the following scenarios*
vPC link member failure (Sub-second)

vPC port-channel failover (Sub-Second)


vPC Peer-link Failure (Sub-Second) vPC peer-keepalive Failure (Hitless) vPC primary/secondary device failure (Sub-Second) vPC Supervisor Failover/Switchover (Hitless) vPC ISSU device Upgrade/Downgrade (Hitless)
*NOTE: Convergence numbers may vary depending on the specific configuration (i.e. scaled number of VLANs/SVIs or HSRP groups) and traffic patterns (i.e. L2 vs L3 flows).
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

86

Convergence and Scalability


Scalability Figures
Release
4.1(5)

VLAN/vPC Scalability
up to 192 vPCs and 200 VLANs

L3 and Multicast
200 SVI/HSRP Groups 40K MACs & 40K ARPs 10K (S,G) w. 66 OIFs (L3 sources) 3K (S,G) w. 34 OIFs (L2 sources)

4.2(1)

up to 256 vPCs and 260 VLANs

Same as 4.1(x)

256 vPCs with *260 VLANs/SVIs (with L3 protocol HSRP) 36 vPCs with *500 VLANs/SVIs Groups with one or more Sources in (with L3 protocol HSRP) the vPC domain: 4,000 mroutes

4.2(6) & 5.x


A larger number of VLANs with NO Groups with no Sources in the vPC SVI/L3/HSRP can be deployed with domain: 10,000 mroutes limited convergence degradation: *1200 VLANs*
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

87

vPC Hands-on Lab Information

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

88

vPC Hands-on Lab Information


Current Lab Offers (1 of 2) E-learning (PEC) Lab
Hands-on experience on real Nexus 7000 with a "run now" format. Students log in and if a pod is available can use it (no need for a lab proctor) . You must be registered as an employee of a Cisco Channel Partner company (cisco.com account is required) . Lab can be accessed via : http://www.cisco.com/go/pec

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

89

vPC Hands-on Lab Information


Current Lab Offers (2 of 2) E-learning (PEC) Lab
Hands-on experience on real Nexus 7000 with a "run now" format. Students log in and if a pod is available can use it (no need for a lab proctor) . You must be registered as an employee of a Cisco Channel Partner company (cisco.com account is required) . Lab can be accessed via : http://www.cisco.com/go/pec

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

90

Key Takeaways
NX-OS vPC Key Takeaways The Key Takeaways of the Session are: Propose and leverage vPC technology to extend and scale Layer 2 Networks. Follow the design guidelines and Best Practices to successfully deploy your vPC architecture. Use latest NX-OS code to leverage convergence optimizations provided to assist Layer 2 and Layer 3 Unicast and Multicast Applications.

Leverage ISSU and vPC to provide a hitless software upgrade with the benefits of a multi-chassis technology.

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

91

Reference Material

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

92

Reference Material
Solution Testing and vPC Documentation
vPC white Paper: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11516396.html vPC design guides: http://www.cisco.com/en/US/partner/products/ps9670/products_implementation_design_ guides_list.html vPC and VSS Interoperability white Paper: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_58 9890.html Data Center DesignIP Network Infrastructure: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/DC3_0_IPInfra.html Layer 2 Extension Between Data Centers: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_49 3718.html Implementing Nexus 7000 in the Data Center Aggregation Layer with Services: https://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/nx_7000_dc.html

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

93

BRKCRS-3035

Recommended Reading

Source: Cisco Press


BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public

95

Questions?

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

96

Please complete your Session Survey


We value your feedback - don't forget to complete your online session evaluations after each session. Complete 4 session evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Networkers 20th Anniversary t-shirt.
All surveys can be found on our onsite portal and mobile website: www.ciscoliveeurope.com/connect/mobi/login.ww You can also access our mobile site and complete your evaluation from your mobile phone:
1. Scan the Access Code
(See http://tinyurl.com/qrmelist for software, alternatively type in the access URL)

2. Login 3. Complete and Submit the evaluation

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

97

Breakout / Techtorial Sessions


BRKCRS-3930 - Advanced VSS & VPC: Operations & Troubleshooting

BRKARC-3470 - Advanced Cisco Nexus 7000 Switch Architecture


BRKDCT-2951 - Deploying Nexus 7000 in Data Center Networks BRKDCT-2049 - Overlay Transport Virtualization BRKDCT-2081 - Cisco FabricPath Technology and Design BRKARC-3471 - Advanced Cisco NXOS Software Architecture

BRKIPM-2999 - LISP - A Next Generation Networking Architecture

TECDCT-2001 - Next Generation Data Center Infrastructure

BRKDCT-2048

2010 Cisco and/or its affiliates. All rights reserved.

Cisco Public

99