vpc notes
DESCRIPTION
Cisco Virtual port-channel technology introduction for CCIE DC prep.TRANSCRIPT
www.silantia.com1
Virtual Portchannels
Virtual port-channel is Multichassis link aggregation technology. You can configured a port-channel connected to two different switches.
Since it is a port-channel advantage here is to avoid spanning tree blocking ports for any given VLAN that are allowed on that vPC.
Two switches that emulate as a single switch has to part of a new entity called a Domain ID. These two switches are called vPC peers.
vPC peer-link
vPC 10
vPC peer keepalive -link
www.silantia.com2
Virtual Portchannels
Peer-link: A Layer 2 trunked port-channel between two Nexus switches that are part of same domain.
In each vPC domain one switch is elected as a primary and other is secondary. Only 10 Gig ports are supported as peer-link port-channel member ports.
vPC peer-link ports can reside on F1 series line cards but it has to be a 10G port, When using M1 32 port line card for peer-link make sure peer-link ports are in dedicated rate mode otherwise peer-link won’t come up.
Peer-link is used for control functions like synch ARP tables, MAC address table and IGMP snooping table between vPC peers.
www.silantia.com3
Virtual Portchannels
Peer-link keep alive link: This is Layer 3 routed link used for heartbeat between two vPC peers.
Peer-keepalive uses UDP port 3200 and every one second sends packet to check health of the peer.
In case peer-link fails peer-keepalive link is used to find out if other peer is alive and active.
Configuring peer-keepalive in management vrf is best practice because you do not need to dedicate a1 G port for peer-keepalive and management port give direct access to CPU for health check.
vPC vlan: Any vlan that is allowed on vpc peer-link is called vPC vlan.
Peer-keepalive link can be formed using supervisor mgmt ports or using a routed port on M1 line card.
www.silantia.com4
Virtual Portchannels
Consistency parameters: There are some configuration parameters has to be same on both vPC peers in order for vPC to work properly.
Some configuration settings has to be same on Global level and some has to be same at interface level. E.g MTU settings, Network QoS, Spanning tree mode, etc.
There are two types of consistency parameters Any type-1 consistency parameter mismatch will
suspend the vPC. Any type-2 consistency parameter mismatch keeps vpc
up but causes odd forwarding behavior
www.silantia.com5
Virtual Portchannels
A vPC port is a port that is assigned to a vPC channel group. The ports that form the vPC are split between two vPC peers and are referred to as vPC member ports.
Orphan ports: Any port that is connected to any one vPC peer and are not port of any vPC is called orphaned port.
Virtual port-channels Domain ID has to be unique. It is imp to remember that vPC is layer 2 bundling
technology. You can only configure Layer 2 virtual port-channels and both vpc peers are two independent routers. No L3 routing information synchronizes with each other.
NX-OS uses Cisco Fabric Services (CFS) to synchronize the state information (MAC address table, IGMP snooping database etc) between vpc peers.N7010A-Dist# show cfs ? application Show locally registered applications internal Show internal infomation lock Show state of application's logical/physical locks merge Show cfs merge information peers Show all the peers in the physical fabric regions Show all the applications with peers and region
information status Show current status of CFS
Role priority can be configured to manually elect vPC role. vPC does not support role preemption. (Primary, Operational Secondary)
www.silantia.com7
Virtual Portchannels
# 1 Design rule for VPC topologies : Always dual attach devices to both vpc peers to get predictable traffic flow. For L3 connections use routed ports and routing protocol’s ECMP.
vPC will not allow traffic that was RECEIVED over a vPC peer-link to be sent out a vPC member port. This is a vPC loop prevention logic.
www.silantia.com8
Configuring vPC
Step 1: Enabled feature vpc and LACP.Step 2: Configure vdc Domain and define role priority etc.Step 3: Configure L3 routed ports for Peer-keepalive link in a
separate VRF. Verify peer-keepalive is working before proceeding to next step.
Step 4: Configure a Layer 2 LACP portchannel with two 10 Gig ports as members. Make it as trunk link.
Step 5: Configured this portchannel as vpc peer-link.Step 6: Configure vPCs with same vPC number on both
switches.Step 7: Verify using show vpc command.
Above steps should be followed in order.
Configuring vPC
N7010B-Dist# sh run vpcfeature vpcvpc domain 1 peer-switch peer-keepalive destination
10.23.242.220 source 10.23.242.225 vrf management
peer-gateway ipv6 nd synchronize ip arp synchronizeinterface port-channel1 switchport mode trunk vpc peer-linkinterface port-channel10 vpc 10
Use VRF management
Presents both vpc peers as single
switch to access switches
To enable local forwarding of
packets destined to peer’s MAC
address
To enable ARP/ND sych on
both peer switches for
faster convergence
N7010A-Dist# sh run vpc
feature vpc
vpc domain 1
peer-switch
peer-keepalive destination 10.23.242.225 source 10.23.242.220 vrf management
peer-gateway
ipv6 nd synchronize
ip arp synchronize
interface port-channel1
switchport mode trunk
vpc peer-link
interface port-channel10
vpc 10
www.silantia.com10
Configuring vPC
“peer-switch” command presents both vPC peers as single switch to access switches. Emulates same Bridge ID for BPDUs.
“peer-gateway” command allows a vPC peer to respond both the the HSRP virtual and the real MAC address of both itself and it’s peer.
vPC primary switch election is based on role priority, lower priority wins if not, lower system mac wins.
Role determines who will process BPDUs and LACPDUs.
Monitoring and troubleshooting vPC
show vpc show vpc peer-keepalive show vpc orphan-ports
L2 Ports that are not part of vpc and attached to only one vpc peer.
show vpc consistency-parameter global Shows global consistency paramters.
show vpc role Shows who is primary and secondary.
Unsupported vPC topologies
L2L3
OSPF
OSPF OSPF
OSPF
Vpc peer-link
OSPF
supported
unsupported
Supported vPC topologies
L2L3
OSPF
OSPF OSPF
OSPF
Vpc peer-link
vPC 10
vPC Failure Scenario
When peer-link fails both vPC communicates over peer keepalive-link to find if it is active. In this case secondary vPC switch suspends all its interface.
When peerkeepalive-link fails no impact to existing vPC because peer-link is up.
When peer-link and peer-keepalive link both fails then both peers enters into a dual active scenario.
When primary switch fails secondary switch assumes role of primary (operational primary) but when original primary switch recovers it stays in operational secondary mode.
www.silantia.com15
Virtual Portchannels
Double sided vPC: In double-sided vPC both the Nexus 7000 and Nexus 5000 switches run vPC. Each vPC pair of Nexus 5000 switches is connected to the Nexus 7000 vPC pair using a unique vPC
www.silantia.com16
Virtual Portchannels and FEX
FEX ports can be a member ports for vPC. FEX can be dual attached to both vPC peers.
www.silantia.com17
Enhanced vPC
FEX is dual attached to each Nexus 5500 and Severs are also dual attached to both FEX with active active NIC teaming.
Logically a similar HA model to that currently provided by dual supervisor based modular switch.
Full redundancy for supervisor, linecard, fabric via vPC and cable or NIC failure via Port-channeling.
www.silantia.com18
vPC+
vPC can be used in conjunction with fabricpath which allowes servers to be connected to two fabricpath enabled switches.
Configure vPC peer-link in fabricpath mode.interface po 10
switchport mode fabricpath Both switches emulates a new switch id. vpc domain 70
fabricpath switch-id 70
Hence converting from vPC to vPC+ is distruptive process because it requires peer-link to be reconfigured.
www.silantia.com19
vPC and vPC+
Q & A.