INE's Implementing Nexus Bootcamp Lab Scenarios: Topology Overview

Implementing Nexus Bootcamp – Lab Scenarios Rev 0.
18
INE’s Implementing Nexus Bootcamp

Lab Scenarios
Topology Overview
The topology for INE’s Implementing Nexus Bootcamp is made up of 4 “racks” of equipment.
Along with a lab partner, you will be assigned a rack number 1 – 4, which will be referenced
throughout this document as X. Any reference to X in equipment numbers such as IP
addresses, hostnames, etc. in this document should be replaced with your rack number
that you are assigned.
Each rack consists of the following:
 2 x Nexus 7000 Virtual Device Contexts (VDCs)

 2 x Nexus 5020s
 2 x Dual GigE attached Win2K8 Virtual Machines
Shared equipment between racks includes the following:
 2 x Nexus 2232PP 10GigE Fabric Extenders (FEXes)

 1 x Win2K8 bare-metal server with 10GigE CNA
 2 x MDS 9200 SAN Switches
 1 x Fibre Channel SAN with dual fabrics
All racks are physically interconnected with one another per the class diagram. These
interconnections will be used later throughout this document to build larger topologies for
technologies such as FabricPath and Overlay Transport Virtualization (OTV).
The lab scenarios in this document are meant to be worked on collaboratively with your
assigned lab partner. Feel free to divide the work however you choose, for example one of
you being responsible for the odd device numbers (e.g. N5K1, N7K1, Server 1) and the other
being responsible for the even device numbers (e.g. N5K2, N7K2, Server 2). Many of the
technologies covered in these scenarios, such as vPC, require the devices to work in pairs in
order to build a successful configuration, so play nice 
For simplicity, references to device names and numbers will use Rack 1 throughout this
document. If you are assigned to a different rack number you will need to adjust your device
names, numbers, port assignments, etc. accordingly per the class diagrams to complete the
configuration. For example if a task references N5K1, but you are assigned Rack 4, then you
should configure device N5K7. Refer to the attached diagrams to see the specific device
assignments for your rack.
Copyright © INE www.INE.com

1
Implementing Nexus Bootcamp – Lab Scenarios Rev 0.18
Accessing the Nexus Switches

Access to the Nexus switches’ CLI is through regular telnet access over the Internet. To login
to these devices, simply telnet to dcracks.ine.com (75.140.41.202) with any terminal
software of your choice, such as PuTTY or SecureCRT. When the login prompt appears enter
the username/password rackX/rackX, and you will be presented with a menu for further
navigation. NX-OS device usernames/passwords will be admin/Cciedc01.
Accessing the Windows Servers

Access to the Windows servers’ GUI is through Windows Remote Desktop Connection. Open
your RDP client and connect to dcracks.ine.com:6001Y, where Y is the server number or
numbers that you are assigned per the diagram. Usernames/passwords for Windows are
administrator/Cciedc01. All server names and addresses are as follows:
Server Name RDP Address

Rack 1 Server 1 dcracks.ine.com:60011
Ensure that you are connecting to the correct servers for your rack and not someone
else’s. To double check, you can see the VM’s name under Windows Server Manager, as
seen below. You can also tell by the IP address assigned to the MGMT NIC, which should be
192.168.0.1Y/24. Do not make any changes to the MGMT NIC or you will lock yourself out
of the VM, but feel free to make whatever other changes you want to on these machines, as
their disks are non-persistent and will revert to the previous snapshot upon power cycling.

2
Section 1 - Device Initialization

1.1 Nexus 5000 Initialization
 All devices will begin with a completely blank configuration. To begin initializing them
telnet to dcracks.ine.com and login with your rack number, then connect to the console
of your assigned Nexus 5K. Note that the console only accepts one connection at a
time, so correlate with your lab partner so that you are not both logging into the same
device.
 Configure the password for the admin user as Cciedc01.
 Enable the telnet server, and configure the hostname & mgmt0 IP address per the
below table:
Hostname mgmt0 IP
N5K1 192.168.0.51/24
N5K2 192.168.0.52/24
N5K3 192.168.0.53/24
N5K4 192.168.0.54/24
N5K5 192.168.0.55/24
N5K6 192.168.0.56/24
N5K7 192.168.0.57/24
N5K8 192.168.0.58/24
1.2 Nexus 7000 VDC Allocation

 The rack topology is made up of two physical Nexus 7000s. Each physical N7K will be
allocated four VDCs. These VDC allocations are as follows:
VDC Hostname Interface Allocations mgmt0 IP

N7K1 E1/1-8, E2/1-8 192.168.0.71/24
N7K2 E1/1-8, E2/1-8 192.168.0.72/24
N7K3 E1/9-16, E2/9-16 192.168.0.73/24
N7K4 E1/9-16, E2/9-16 192.168.0.74/24
N7K5 E1/17-24, E2/17-24 192.168.0.75/24
N7K6 E1/17-24, E2/17-24 192.168.0.76/24
N7K7 E1/25-32, E2/25-32 192.168.0.77/24
N7K8 E1/25-32, E2/25-32 192.168.0.78/24
1.3 Interface Initialization

 Configure N5K1 and N5K2’s links to Server 1 and Server 2 as 1Gbps, and verify in the
MAC address table that communication with the servers is established.

3
Section 2 – Classical Ethernet Switching

2.1 VLANs & Trunking
 Disable the links connecting N5K1 & N5K2, and the diagonal links in the diagram
between N5K1 & N7K2 and N5K2 & N7K1.
 Configure IP addressing on the servers as follows, where Y is the server number:
o Server 1’s link to N5K1 should be 10.0.0.1Y/24.
 Create VLANs 10 & 20 on N5K1, N5K2, N7K1, & N7K2.
 Assign the access VLANs to the servers as follows:
o Server 1’s link to N5K1 should be in VLAN 10.
 Configure the following links as 802.1q trunks:
o N5K1’s links to N7K1.
 Edit the trunking allowed list so that only VLANs 10 & 20 forward over trunk links.
 Once complete, verify that Server 1 & Server 2 have IP connectivity to each other in
both VLANs 10 & 20.
2.2 Port-Channels
 Modify the previously configured trunk links so that they are grouped together as Port-
Channels, as follows:
o N5K1’s links to N7K1 should use no Port-Channel negotiation.
o N5K2’s links to N7K2 should actively send LACP negotiation for Port-Channel
creation, while N7K2 should passively listen for LACP.
o Links connecting N7K1 & N7K2 should all actively send LACP negotiation for
Port-Channel creation.
 All Port-Channels should use the most granular load balancing method available for that
platform.
 Generate bulk TCP flows between Server 1 & Server 2 to verify that their traffic flows
are being load distributed amongst the member links of the Port Channels.

4
2.3 STP Edge Ports

 Configure the Nexus 5K’s links to the servers as STP Port Type Edge.
 Flap a link from one of the Nexus 5K’s to a server, and verify that when the link comes
back it is not subject to the STP forwarding delay.
2.4 STP Network Ports

 Create VLANs 30 & 40 on N5K1 & N7K1 and VLANs 50 & 60 on N5K2 & N7K2.
 Activate the additional links previously disabled between N5K1 & N7K2 and N5K2 &
N7K1, and configure them as Port-Channels and 802.1q trunk links.
 Configure all Port-Channels to so that all VLANs are administratively allowed, and verify
that all locally created VLANs are forwarding on local trunk links.
 Configure all Port-Channels as STP Port Type Network, and verify how this change
affects for forwarding state of local VLANs.
2.5 RSTP Root Bridge Placement

 Activate the links connecting N5K1 & N5K2, and configure them as a Port-Channel and
802.1q trunk link.
 Configure N7K1 as the STP Root Bridge for VLAN 10, and N7K2 as the backup root.
 Configure N7K2 as the STP Root Bridge for VLAN 20, and N7K1 as the backup root.
 Use the lowest possible STP priority values.
2.6 RSTP Traffic Engineering

 Modify STP path selection so that VLAN 10 traffic received from Server 1 going to
Server 2 should forward over the following path and back:
o N5K1 > N7K2 > N7K1 > N5K2
 Modify STP path selection so that VLAN 20 traffic received from Server 1 going to
Server 2 should forward over the following path and back:
o N5K2 > N7K1 > N5K1
 Do not modify any STP priority values to accomplish this.
 Once complete verify in the MAC address table that traffic is forwarding as requested.

5
2.7 STP Filtering

 Configure the Nexus 5Ks so that their links to the servers do not send STP BPDUs. If
the servers are misconfigured to send STP BPDUs into the network the ports
connecting to them on the Nexus 5K’s should be automatically disabled for two minutes.
 Configure the Nexus 7Ks so that if they receive a BPDU with a better cost to the root
bridge from either of the Nexus 5Ks that the trunk links to these devices are disabled for
the VLAN in question.
2.8 Multiple Spanning-Tree Protocol

 Remove all of the previous STP traffic engineering configuration.
 Configure VLANs 10, 20, 30, 40, 50, & 60 on both Nexus 5Ks and 7Ks.
 Split the STP network into two MST instances, as follows:
o Instance 1 should include VLANs 10, 20, & 30.
o Instance 2 should include VLANs 40, 50, & 60.
o N7K1 should be the root bridge for MST Instance 1, with N7K2 as the backup.
o N7K2 should be the root bridge for MST Instance 2, with N7K2 as the backup.
o N5K2 should be the CIST root bridge.
 Modify MSTP path calculation so that VLAN 10 & 20 traffic forwards over the Port-
Channel directly between the Nexus 5Ks.

6
Section 3 - Virtual Port Channels (vPC)

3.1 Active Standby NIC Teaming Without vPC
 Assign VLAN 10 as the access VLAN for all of N5K1 & N5K2's connections to Server 1
& Server 2.
 Remove the previous IP configuration on the server’s NIC cards, and configure
Active/Standby NIC Teaming on Server 1 & Server 2 as follows:
o Server 1 should use the link to N5K1 as primary, and the link to N5K2 as a
backup.
o Server 2 should use the link to N5K2 as primary, and the link to N5K1 as a
backup.
o Use the IP addresses 10.0.0.1Y/24 on the NIC team, where Y is the server
number.
 Once complete ensure that Server 1 & Server 2 have IP connectivity to each other, and
that they maintain connectivity if either of the primary links of the NIC team goes down.
3.2 Active Active NIC Teaming With vPC

 Configure a vPC Domain between N5K1 & N5K2 as follows:
 N5K1 & N5K2 are the vPC Peers.
o Create vPC Domain 1 on the peers, and use the mgmt0 ports for the vPC Peer
Keepalive Link.
o Configure all links between the vPC peers as a Port-Channel, and use this as the
vPC Peer Link.
o The vPC Peer Link should use LACP negotiation, be an 802.1q trunk link, and be
an STP Network Port.
 Configure vPCs from N5K1 & N5K2 to Server 1 & Server 2 as follows:
o Configure N5K1 & N5K2's links to Server 1 as Port-Channel 101.
o Port-Channel 101 should be configured as an access port in VLAN 10, an STP
Edge Port, and as vPC 101.
o Configure N5K1 & N5K2's links to Server 2 as Port-Channel 102.
o Port-Channel 102 should be configured as an access port in VLAN 10, an STP
Edge Port, and as vPC 102.
 Configure Active/Active NIC Teaming on Server 1 & Server 2 as follows:
o Configure the NIC Teams to use 802.3ad (LACP)
o Use the IP addresses 10.0.0.1Y/24, where Y is the server number.
 Once complete ensure that Server 1 & Server 2 have IP connectivity to each other, and
that traffic between them uses both uplinks to N5K1 & N5K2 simultaneously.

7
3.3 Nexus 7K vPCs

 Configure a vPC between N7K1, N7K2, and N5K1 as follows:
o N7K1 & N7K2 are the vPC Peers
o Configure all available F1 ports between the vPC peers as Port-Channel 1, and
use this as the vPC Peer Link
o Use the mgmt0 ports for the Peer Keepalive Link
o Configure all available links from N7K1 & N7K2 to N5K1 in Port-Channel 51, and
as vPC 51
o All Port-Channels should be trunks, and use LACP for negotiation.
3.4 vPC Native Layer 3 Routed Keepalive

 Configure a Layer 3 Routed Port-Channel on the M1 ports that connect N7K1 & N7K2.
 Create a VRF named VPC_PEER_KEEPALIVE and assign it to this Port-Channel.
 Use the subnet 169.254.0.0/24 for this Port-Channel.
 Modify your previous vPC configuration to use this Port-Channel as the Peer Keepalive
link.
3.5 vPC SVI Keepalive

 Remove the previous Layer 3 Routed Port-Channel configuration.
 Configure interface VLAN 169 on N7K1 & N7K2 using the subnet 169.254.0.0/24, and
place the SVI into VRF VPC_PEER_KEEPALIVE.
 Configure the M1 ports between the Nexus 7Ks as a Port-Channel, and as an 802.1q
trunk link.
 Modify your configuration so that VLAN 169 only forwards over the M1 Port-Channel
and not the vPC Peer Link Port-Channel.
 Modify the previous vPC configuration to use the SVI as the Peer Keepalive link.

8
3.6 Back-to-Back vPC

 Remove all Port-Channels that connect the Nexus 5Ks to the 7Ks, and vice versa.
 Configure Back-to-Back vPC between these devices as follows:
o Configure all available links from the Nexus 7Ks to the 5Ks as Port-Channel 70,
and as vPC 70.
o Configure all available links from the Nexus 5Ks to the 7Ks as Port-Channel 50,
and as vPC 50.
o These Port-Channels should be 802.1q trunks, be configured as STP Network
Ports, and use LACP for negotiation.
3.7 vPC & HSRP

 Modify the vPC and NIC Teaming configuration of the Nexus 5Ks and Servers as
follows:
o The vPC to Server 1 should be in VLAN 10.
o Server 1 should use the IP address 10.0.0.1Y/24, where Y is the server number,
with a default gateway of 10.0.0.254.
o The vPC to Server 2 should be in VLAN 20.
o Server 2 should use the IP address 20.0.0.1Y/24, where Y is the server number,
with a default gateway of 20.0.0.254.
 Configure routing on the Nexus 7Ks as follows:
o Create VLAN interfaces 10 & 20 on N7K1 & N7K2 with IP address 10.0.0.Z/24 &
20.0.0.Z/24 respectively, where Z is the same number as the last octet of their
mgmt0 IP address. E.g. N7K1 should use 10.0.0.71/24 for VLAN 10 and N7K2
should use 10.0.0.75/24 for VLAN 10.
o Configure HSRP on these interfaces using the virtual IP addresses 10.0.0.254
and 20.0.0.254 for VLANs 10 & 20 respectively.
 Verify that Server 1 & Server 2 have IP reachability to each other.
 Generate bulk TCP flows between the servers, and verify that this traffic is load
balanced across all vPC links, but that it is not sent between the vPC Peer Links or the
vPC Peer Keepalive links of either vPC domain.
3.8 vPC Peer Switch

 Configure N7K1 as the STP Root Bridge for VLANs 10 & 20.
 Modify N7K2’s vPC configuration so that it shares the same STP Bridge ID as N7K1,
and that both vPC Peers appear to be the STP Root Bridge.

9
3.9 vPC Customization

 Customize the vPC configuration on N7K1 and N7K2 as follows:
o The vPC peers should use the vPC system MAC address of 1234.5678.9ABC
and an LACP system priority of 1000.
o N7K1 should be the primary vPC peer with a role priority of 10, while N7K2
should be the secondary vPC peer with a role priority of 20.
o In the case that one of the vPC peers is reloaded, vPCs should be delayed from
coming up for 60 seconds after the vPC peer adjacency is re-established.
o In the case that a Type 1 mismatch occurs for a particular VLAN, that VLAN
should be suspended on the vPCs of both the primary and the secondary vPC
peers.
o In the case that the vPC Peer Link flaps, both the IPv4 ARP Cache and IPv6
ICMP ND Cache should be synchronized between the vPC peers upon
reconvergence of the vPC Peer Link.
o In the case that both vPC Peers fail, but only one of them is able to be restored,
the newly restored peer should wait five minutes before declaring itself the active
vPC Peer and bringing its vPCs up.
o In the case that hosts over the vPC are using non-standard applications such as
F5’s Auto Last Hop or EMC Packet Reflect, the N7K vPC Peers should proxy for
both the MAC address of the HSRP Virtual IP, as well as the physical MAC
addresses of their SVI interfaces.

10
Section 4 – Fabric Extenders (FEX)

4.1 Fabric Extenders (FEX)
 Configure N5K1 to pair with the Fabric Extender N2K1 as follows:
o Enable the Fabric Extender feature.
o Configure N5K1's link connecting to N2K1 as a FEX port.
o N2K1 should be module number 101.
 Configure N5K1's links to Server 1 and the Emulex CNA Server in VLAN 10.
 These links should both be STP Edge Ports.
 Configure Server 1 with the IP address 10.0.0.1Y/24 on this link, where Y is your server
number.
 Configure the Emulex CNA Server with the IP address 10.0.0.10/24 on this link.
 When complete, Server 1 and the Emulex CNA Server should have IP reachability to
each other.
4.2 FEX Active Standby

 Configure N5K2 to pair with the Fabric Extender N2K2 as follows:
Enable the Fabric Extender feature.
o Configure N5K2's link connecting to N2K2 as a FEX port.
o N2K1 should be module number 102.
 Configure N5K2's links to Server 2 and the Emulex CNA Server in VLAN 10.
 Configure Server 2 with the IP address 10.0.0.1Y/24 on this link, where Y is your server
number.
 Configure the Emulex CNA Server to do Active Standby NIC teaming as follows:
o Use the IP address 10.0.0.10/24 for the NIC Team.
o Use the link to N2K1 as the primary active path and the link to N2K2 as the
secondary standby path.
o Verify that both Server 1 & Server 2 have connectivity to the Emulex CNA
Server, and that traffic to the server is flowing only through N2K1.
o Disable the FEX port from N5K1 to N2K1, and verify that connectivity to the CNA
Server is maintained by using the backup path through N2K2.

11
4.3 FEX Host vPC

 Using the previously created vPC domain on N5K1 & N5K2, configure N5K1 and
N5K2's links to the Emulex CNA Server as Port-Channel 10 and vPC 10.
 Port-Channel 10 should be an access port in VLAN 10.
 Configure the Emulex CNA Server with LACP NIC Teaming, and use the IP address
10.0.0.10/24 for the NIC Team.
 Verify that both Server 1 & Server 2 have connectivity to the Emulex CNA Server, and
that traffic to the server is being load balanced across both links through N2K1/N5K1 &
N2K2/N5K2.
4.4 FEX Active Active Fabric vPC

 Remove the previous FEX Host vPC configuration on N5K1 & N5K2.
 Modify the FEX configuration as follows:
o Configure both N5K1 & N5K2 to pair with N2K1 using FEX number 101.
o Configure both N5K1 & N5K2 to pair with N2K2 using FEX number 102.
o Configure the FEX Fabric ports from N5K1 & N5K2 to N2K1 as Port-Channel
101, and as vPC 101.
o Configure the FEX Fabric ports from N5K1 & N5K2 to N2K2 as Port-Channel
 Configure the Emulex CNA Server to do Active Standby NIC teaming as follows:
o Use the link to N2K2 as the primary active path and the link to N2K1 as the
secondary standby path.
o Use the IP address 10.0.0.10/24 for the NIC Team, and assign its links to VLAN
10.
 Verify that both Server 1 & Server 2 have connectivity to the Emulex CNA Server, and
that traffic to the CNA Server is flowing only through N2K2.
 Disable the link from the CNA Server to N2K2, and verify that connectivity is maintained
by using the backup path through N2K1.

12
4.5 FEX and Nexus 5K Config Sync

 Erase and reload the Nexus 5Ks, and reinitialize them per Task 1.1.
 Enable Cisco Fabric Services over IP (CFSoIP) distribution between N5K1 and N5K2.
 Configure vPC domain 1 between N5K1 and N5K2, and use the mgmt0 link for the vPC
Peer Keepalive.
 Create a Config Sync session on both N5K1 and N5K2, and use the switch profile name
N5K.
 Use the mgmt0 IP addresses as the config sync peers destination.
 Verify that N5K1 and N5K2 can reach each other over CFSoIP for the config sync
session.
 Without making any additional changes on N5K2, use the switch profile on N5K1 to
replicate the following configuration to both switches:
o Pre-provision FEX modules 101 and 102, both of type N2K-C2232P.
o Create VLAN 10.
o All links to Server 1 and Server 2 should be access ports in VLAN 10.
o Configure all links between the vPC peers as Port-Channel 1, and use this as the
vPC Peer Link.
o Configure N5K1 and N5K2 to pair with N2K1 using FEX number 101.
o Configure N5K1 and N5K2 to pair with N2K2 using FEX number 102.
o Configure the FEX Fabric ports from N5K1 and N5K2 to N2K1 as Port-Channel
o Configure the FEX Fabric ports from N5K1 and N5K2 to N2K2 as Port-Channel
o Configure the links to the Emulex CNA Server in VLAN 10.
o Commit the config and verify that both N5K1 and N5K2 identically accept it into
their running configuration.

13
Section 5 – FabricPath
The goal of this section is to establish FabricPath reachability between Rack 1 & Rack 2, and
between Rack 3 & Rack 4. Note that you will have to work collaboratively with the students
assigned to these other racks to complete the below tasks.
5.1 FabricPath Pre-Setup

 Modify your previous configuration per the below requirements:
o Remove all vPC configuration on all N5Ks and N7Ks.
o Disable the links connecting the Nexus 5Ks, and the diagonal links connecting
the Nexus 5Ks to the 7Ks.
o Configure N5K1’s link to Server 1 in VLAN 10, with the server using the IP
address 10.0.0.1Y/24, where Y is your server number.
o Configure N5K2’s link to Server 2 in VLAN 10, with the server using the IP
address 10.0.0.1Y/24, where Y is your server number.
o Disable the links on N5K1 to Server 2, and on N5K2 to Server 1.
o Disable all the M1 ports on the Nexus 7Ks.
o Configure trunking between N5K1 & N7K1, N7K1 & N7K2 on the F1 ports, and
between N5K2 & N7K2.
o Once complete Server 1 and Server 2 should have IP reachability to each other,
where traffic is following the path of Server 1 > N5K1 > N7K1 > N7K2 > N5K2 >
Server 2 and back.
5.2 FabricPath
 Configure FabricPath on N7K1 & N7K2 as follows:
o Links to the N5Ks will be Classical Ethernet trunk ports.
o All links connecting the N7Ks within your rack and to the adjacent rack should be
FabricPath Core Ports.
o VLAN 10 should be a FabricPath VLAN.
 Once complete, Servers 1 & 2 in Rack 1 should have IP reachability to Servers 3 & 4 in
Rack 2, and Servers 5 & 6 in Rack 3 should have IP reachability to Servers 7 & 8 in
Rack 4.
 Disable the links between the N7Ks within your rack, and verify that connectivity is still
maintained between the servers by FabricPath through the other adjacent rack.

14
5.3 vPC+
 Configure vPC+ between the Nexus 7K’s as follows:
o Create vPC domain 7X, where X is your rack number on the 7Ks.
o Use the FabricPath Switch-ID 7X on both switches.
o Configure the vPC Peer Link between the 7Ks as a FabricPath Core Port.
o Configure the links to N5K1 as vPC 51.
o Configure the links to N5K2 as vPC 52.
 Once complete verify that the end servers still have reachability to each other between
racks, and that the FabricPath core sees the vPC+ emulated Switch-IDs.
5.4 FabricPath Authentication

 Configure the FabricPath peers to authenticate the IS-IS control plane between each
other using an MD5 hash of the password CISCO.
5.5 FabricPath Traffic Engineering

 Modify the FabricPath domain so that the diagonal connections between the racks are
preferred.
 Configure the lowest numbered VDC of N7K1 to be the root for the multicast multi-
destination tree, and the lowest numbered VDC of N7K2 to be the root for the broadcast
multi-destination tree.

15
Section 6 – Overlay Transport Virtualization (OTV)

The goal of this section is to establish layer 2 reachability between servers in two different
Data Centers by connecting them together using OTV tunnels. Rack 1 & Rack 2 will make up
DC1, and Rack 3 & Rack 4 will make up DC2. The OTV Edge Devices will be N7K1 & N7K3 in
DC1, and N7K6 & N7K8 in DC2. Note that you will have to work collaboratively with the
students assigned to these other racks to complete the below tasks.
6.1 OTV Pre-Setup Part 1 – Intra-DC Connectivity

 Remove all previous FabricPath and vPC configuration.
 Refer to the attached OTV diagram, and disable any links that do not appear in the
diagram.
 Configure all F1 ports in the diagram as layer 2 trunk links, and all M1 ports in the
diagram as native layer 3 routed interfaces.
 Configure the odd servers (Servers 1, 3, 5, & 7) in VLAN 11 with IP addresses
11.0.0.Y/24, where Y is the server number, and with a default gateway of 11.0.0.254.
 Configure the even servers (Servers 2, 4, 6, & 8) in VLAN 22 with IP addresses
22.0.0.Y/24, where Y is the server number, and with a default gateway of 22.0.0.254.
 For DC1 configure N7K1 as the STP root for VLAN 11, and N7K3 as the STP root for
VLAN 22.
 For DC2 configure N7K6 as the STP root for VLAN 11, and N7K8 as the STP root for
VLAN 22.
 For DC1 configure N7K2 & N7K4 as the HSRP gateways for VLANs 11 & 22, with N7K2
the active router for VLAN 11 and N7K4 the active router for VLAN 22. Use HSRP
group numbers 11 & 22 respectively.
 For DC2 configure N7K5 & N7K7 as the HSRP gateways for VLANs 11 & 22, with N7K5
the active router for VLAN 11 and N7K7 the active router for VLAN 22. Use HSRP
group numbers 11 & 22 respectively.
 Once complete, all servers within DC1 should be able to reach each other, and all
servers within DC2 should be able to reach each other.

16
6.2 OTV Pre-Setup Part 2 – Inter-DC Connectivity

 Layer 3 connectivity will be provided between the DCs by using OSPF as the IGP. To
begin, configure the M1 ports between the following switches as Layer 3 Port-Channels:
o N7K1 & N7K2
o N7K3 & N7K4
o N7K5 & N7K6
o N7K7 & N7K8
 Next, configure IPv4 addressing on the layer 3 connections between the devices as
follows. Using the scheme 7Y, where Y is the device number, the second and third
octet of the IPv4 address indicates which devices are connected on that link, and the
fourth octet indicates the local device. For example on N7K1, the address on its link to
N7K2 will be 10.71.72.71/24. Specifically the addresses should be configured as
follows:
Devices Subnet
N7K1 - N7K2 10.71.72.0/24
N7K3 - N7K4 10.73.74.0/24
N7K2 - N7K4 10.72.74.0/24
N7K5 - N7K6 10.75.76.0/24
N7K7 - N7K8 10.77.78.0/24
N7K5 - N7K7 10.75.77.0/24
N7K2 - N7K5 10.72.75.0/24
N7K4 - N7K7 10.74.77.0/24
N7K2 - N7K7 10.72.77.0/24
N7K4 - N7K5 10.74.75.0/24
 Enable OSPF area 0 on all of these links. Once complete the N7Ks should have full IP
reachability to all of these links.
 Enable PIM Sparse Mode for multicast routing on all of the native layer 3 interfaces, as
well as the SVI interfaces of the HSRP gateways.
 N7K2 should create a Loopback interface with the address 72.72.72.72/32, and
advertise it into OSPF. Use this address as the PIM Rendezvous Point (RP).

17
6.3 OTV
 Configure the OTV Edge Devices N7K1 & N7K3 in DC1 as follows:
o The Edge Device layer 3 Port-Channels will be the OTV Join Interface.
o Enable IGMPv3 on the Join Interface.
o Use the OTV site VLAN 1111, and OTV site identifier 0x101.
o Use interface Overlay1 for the tunnel.
o Use the OTV control-group 224.1.1.1 and data-group 232.1.1.0/24.
o Extend VLANs 11 & 22 over the OTV tunnels.
 Configure the OTV Edge Devices N7K6 & N7K8 in DC2 as follows:
o The Edge Device layer 3 Port-Channels will be the OTV Join Interface.
o Enable IGMPv3 on the Join Interface.
o Use the OTV site VLAN 2222, and OTV site identifier 0x102.
o Use interface Overlay1 for the tunnel.
o Use the OTV control-group 224.1.1.1 and data-group 232.1.1.0/24.
o Extend VLANs 11 & 22 over the OTV tunnels.
 Once complete, all servers in VLAN 11 should have reachability to each other, and all
servers in VLAN 22 should have reachability to each other. This should include both
unicast and multicast reachability.
6.4 OTV Filtering

 Configure filtering on the OTV tunnel so that the devices in DC1 use the HSRP
gateways local to DC1, and so that the devices in DC2 use the HSRP gateways local to
DC2.
6.5 OTV Authentication

 Configure the OTV peers to authenticate the IS-IS control plane between each other
using an MD5 hash of the password CISCO.

18

INE's Implementing Nexus Bootcamp Lab Scenarios: Topology Overview

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

INE's Implementing Nexus Bootcamp Lab Scenarios: Topology Overview

Uploaded by

Copyright:

Available Formats

Implementing Nexus Bootcamp – Lab Scenarios Rev 0.

INE’s Implementing Nexus Bootcamp

Each rack consists of the following:

 2 x Nexus 7000 Virtual Device Contexts (VDCs)

Shared equipment between racks includes the following:

 2 x Nexus 2232PP 10GigE Fabric Extenders (FEXes)

Copyright © INE www.INE.com

Accessing the Nexus Switches

Accessing the Windows Servers

Server Name RDP Address

Copyright © INE www.INE.com

Section 1 - Device Initialization

1.2 Nexus 7000 VDC Allocation

VDC Hostname Interface Allocations mgmt0 IP

1.3 Interface Initialization

Copyright © INE www.INE.com

Section 2 – Classical Ethernet Switching

Copyright © INE www.INE.com

2.3 STP Edge Ports

2.4 STP Network Ports

2.5 RSTP Root Bridge Placement

2.6 RSTP Traffic Engineering

Copyright © INE www.INE.com

2.7 STP Filtering

2.8 Multiple Spanning-Tree Protocol

Copyright © INE www.INE.com

Section 3 - Virtual Port Channels (vPC)

3.2 Active Active NIC Teaming With vPC

Copyright © INE www.INE.com

3.3 Nexus 7K vPCs

3.4 vPC Native Layer 3 Routed Keepalive

3.5 vPC SVI Keepalive

Copyright © INE www.INE.com

3.6 Back-to-Back vPC

3.7 vPC & HSRP

3.8 vPC Peer Switch

Copyright © INE www.INE.com

3.9 vPC Customization

Copyright © INE www.INE.com

Section 4 – Fabric Extenders (FEX)

4.2 FEX Active Standby

Copyright © INE www.INE.com

4.3 FEX Host vPC

4.4 FEX Active Active Fabric vPC

Copyright © INE www.INE.com

4.5 FEX and Nexus 5K Config Sync

Copyright © INE www.INE.com

5.1 FabricPath Pre-Setup

Copyright © INE www.INE.com

5.4 FabricPath Authentication

5.5 FabricPath Traffic Engineering

Copyright © INE www.INE.com

Section 6 – Overlay Transport Virtualization (OTV)

6.1 OTV Pre-Setup Part 1 – Intra-DC Connectivity

Copyright © INE www.INE.com

6.2 OTV Pre-Setup Part 2 – Inter-DC Connectivity

Copyright © INE www.INE.com

6.4 OTV Filtering

6.5 OTV Authentication

Copyright © INE www.INE.com

You might also like