Documentos de Académico
Documentos de Profesional
Documentos de Cultura
BRKDCT-2048
Objectives
Session introduces basic concepts and terminology of the virtual Port-Channel technology Session reviews in detail actual designs and best practices of the virtual Port-Channel technology Session targets designs for aggregation/access layer and for Data-Center Interconnect Intended for network architects and engineers to improve Layer 2 scalability and the Network Operational Efficiency.
BRKDCT-2048
Cisco Public
Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison
vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKDCT-2048
Feature Overview
BRKDCT-2048
Cisco Public
Feature Overview
Intelligent L2 Domains POD Evolution
Nexus 7000 July 2010 Inter-POD Connectivity across L3
OTV
IP Cloud
L3 L3
Core
vPC
Aggregation
L2
vPC L2 vPC
FabricPath
vPC+
Access
Virtual Access
STP+
STP Enhancements Bridge Assurance
Shipping Nexus 7k/5k
BRKDCT-2048
vPC
NIC Teaming Simplified loop-free trees 2x Multi-pathing
Shipping Nexus 7k/5k
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
FabricPath
16x ECMP Low Latency / Lossless MAC Scaling
Nexus 7000 Oct 2010
6
Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison
vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKDCT-2048
Feature Overview
vPC Benefits Allow a single device to use a port channel across two upstream switches Eliminate STP blocked ports and uses all available uplink bandwidth Dual-homed server operate in active-active mode Provide fast convergence upon link/device failure Available on all current and future generation cards / platforms
Logical Topology without vPC
Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison
vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKDCT-2048
Feature Overview
How does vPC help with STP? (1 of 2) Before vPC
STP blocks redundant uplinks VLAN based load balancing Loop Resolution relies on STP Protocol Failure
Primary Root Secondary Root
With vPC
No blocked uplinks EtherChannel load balancing (hash) Loop Free Topology Lower oversubscription
BRKDCT-2048
Cisco Public
10
Feature Overview
How does vPC help with STP? (2 of 2)
smooth migration
BRKDCT-2048
Cisco Public
11
Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison
vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKDCT-2048
12
Feature Overview
vPC Terminology (1 of 2)
vPC Domain vPC peer-link
vPC Domain A pair of vPC switches vPC peera vPC switch, one of a pair
vPC peer
vPC vPC vPC member member port port vPC vPC member port
vPC member portone of a set of ports (port channels) that form a vPC vPCthe combined port channel between the vPC peers and the downstream device vPC peer-linklink used to synchronize state between vPC peer devices, must be 10GbE
BRKDCT-2048
Cisco Public
13
Feature Overview
vPC Terminology (2 of 2)
vPC Peer-keepalive link
CFS protocol
vPC peer-keepalive linkthe keepalive link between vPC peer devices, i.e., backup to the vPC peer-link vPC VLANone of the VLANs carried over the peer-link and used to communicate via vPC with a peer device non-vPC VLANOne of the STP VLANs not carried over the peer-link CFSCisco Fabric Services protocol, used for state synchronization and configuration validation between vPC peer devices
BRKDCT-2048
Cisco Public
14
Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison
vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKDCT-2048
15
Feature Overview
Data-Plane Loop Avoidance with vPC (1 of 2)
STP Domain vPC Domain
STP Failure
Data-Plane vs. Control-Plane Loop control vPC peers can forward all traffic locally Peer-link does not typically forward data packets (control plane extension) Traffic on the Peer-link is marked and not allowed to egress on a vPC
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
16
Feature Overview
Data-Plane Loop Avoidance with vPC (2 of 2) Exception for single-sided vPC failures Peer-link used as Backup path for optimal resiliency
vPC Domain
BRKDCT-2048
Cisco Public
17
Agenda
Feature Overview
Intelligent L2 Domains POD Evolution vPC Benefits How does vPC help with STP? vPC Terminology Data-Plane Loop Avoidance with vPC vPC and VSS Comparison
vPC Design Guidance and Best Practices Convergence and Scalability vPC Hands-on Lab Information Reference Material
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
BRKDCT-2048
18
Feature Overview
NEXUS vPC and Catalyst 6500 VSS Comparison
Functionality
Multi-Chassis Port Channel Loop-free Topology STP as a fail-safe protocol Control Plane
Single instance 8
Device Configuration
Non Disruptive ISSU Support Inter-switch Link Hardware
BRKDCT-2048
Combined Configs
BRKDCT-2048
Cisco Public
20
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
21
Create a Peer link Reuse port-channels and Create vPCs Make Sure Configurations are Consistent
5 6 7 8
vPC member
vPC Domain 10
vPC Domain 20
vPC System MAC identifes the Logical Switch in the network toplogy
23
Requirements:
Member ports must be 10GE interfaces : - 32 port 10GE fiber card (M or F series) or 8 port 10GE-X2 modules - any 10G port on NEXUS 5000 series vPC Peer-link should be a point-to-point connection (No other device between the vPC peers)
24
Packet Structure:
UDP message on port 3200, 96 bytes long (32 byte payload), includes version, time stamp, local and remote IPs, and domain ID
25
Management Network
vPC_PKL
vPC_PL
vPC1
vPC2
BRKDCT-2048
Cisco Public
26
vPC Peer-keepalive
Check active status of the remote vPC peer via vPC peerkeepalive link (heartbeat) If both peers are active, then Secondary vPC peer will disable all vPC member ports to avoid Dual-Active scenario Data will automatically forward down remaining active port channel ports
SW3
SW4
P S
Keepalive Heartbeat
BRKDCT-2048
27
Definition:
Port-channel member of a vPC
NX7K-1
NX7K-2
Requirements:
Configuration needs to match other vPC peers member port config
In case of inconsistency a VLAN or the entire port-channel may be suspended (e.g. MTU mismatch)
vP C 201
Up to 16 active ports between both vPC peers with M series LC. Up to 32 active ports between both vPC peers with F series LC
NX7K-1 : interface port-channel201 switchport mode trunk switchport trunk native vlan 100 switchport trunk allowed vlan 100-105 vpc 201
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved.
NX7K-2 : interface port-channel201 switchport mode trunk switchport trunk native vlan 100 switchport trunk allowed vlan 100-105 vpc 201
Cisco Public
28
Separate vPC Peer-link and Peer-keepalive link infrastructure for each VDC deployed
Core
Core1
Core2
L3
Aggregation
SW-1a vPC SW-1b VDC1 VDC1 SW-1a VDC2
vPC SW-1b
VDC2
SW-2a VDC2
vPC SW-2b
VDC2
L3 L2 L2
29
Access
active
BRKDCT-2048
active
active
N7K-M148GT-11 N7K-M148GT-11L
N7K-M148GS-11 N7K-M148GS-11L
N7K-M108X2-12L
N7K-F132XP-15
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
30
BRKDCT-2048
Chassis
N5K-C5010P-BF
Picture
vPC Peer-link
(10 GE Only)
N5K-C5020P-BF
N5K-C5548P-FA
BRKDCT-2048
Cisco Public
31
Future release
Future release
32
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
33
BRKDCT-2048
Cisco Public
34
Recommendations:
Use LACP when available for graceful failover and mis-configuration protection
vPC Regular member Portport channel port
BRKDCT-2048
Cisco Public
35
P S
1. Dual Attached
3. Secondary inter switch PortChannel (non-vPC VLAN) All rights reserved. BRKDCT-2048 2010 Cisco and/or its affiliates.
36
38
Double-sided vPC architecture Nexus 7000 32-way port channel Nexus 5000
F-series Nexus 7000 line cards support 16 way active port-channel load balancing, providing for a 32 way vPC port channel
* Possible with Any Device Supporting vPC/MCEC and Eight-Way Active Port-Channels
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
39
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Designs Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
40
vPC view
Layer 2 topology
Layer 3 topology
R R R
Port-channel looks like a single L2 pipe. Hashing will decide which link to chose
Cisco Public
BRKDCT-2048
41
Switch
7k1 Po1
7k2
P
L3 ECMP
Routing Protocol Peer
Router
2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Router
44
7k2
Po1 Switch
P
L2 Transport only
Router/Switch
P
BRKDCT-2048
Cisco Public
45
7k1
7k1 7k2
7k2
Po1 Switch
P
2. Peering over an STP inter-connection NOT using a vPC VLAN (Orange VLANs/Links)
7k3 *
P
Switch Router/Switch
P
7k2 *
7k4 *
L2 Transport only
46
2. Peering over a vPC inter-connection (DCI case) on parallel Routed ports inter-connection
P P
7k1
Routed Link
7k3
Switch
Router/Switch
P
7k2
7k4
Cisco Public
47
7k2
Po1
Router
P
7k1
7k3
Router/Switch
7k2
7k4
48
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
49
Best Practices:
STP is running to manage vPC vPC loops outside of vPCs direct domain, or before initial vPC configuration
-Make sure all switches in you layer 2 domain are running with Rapid-PVST or MST (IOS default is non-rapid PVST+), to avoid
50
vPC Enhancements
vPC and STP BPDUs STP for vPCs is controlled by the vPC operationally primary switch and only such device sends out BPDUs on STP designated ports This happens irrespectively of where the designated STP Root is located The vPC operationally secondary device proxies STP BPDU messages from access switches toward the primary vPC
Primary vPC Secondary vPC
BPDUs
BRKDCT-2048
Cisco Public
51
Network port Edge or portfast port type Normal port type BPDUguard Rootguard Loopguard
R L
Primary vPC
HSRP ACTIVE Primary Root
R R R N
Aggregation
Layer 3
R R
Access
L
E B
E B
E B
E B
E B
BA (Bridge Assurance) not recommended with vPC (except for VPC peer-link)
Layer 2 (STP + BPDUguard)
BRKDCT-2048
Cisco Public
52
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
54
N E B F
BPDUguard
BPDUfilter Rootguard 802.1AE (Optional)
DC 2
vPC domain 21
CORE
CORE
E F
N E F F E
N R R N -
AGGR
R N
- R
AGGR
vPC domain 10
vPC domain 20
R R
E
B
vPC Domain id for facing vPC layers should be different BPDU Filter on the edge devices to avoid BPDU propagation STP Edge Mode to provide fast Failover times No Loop must exist outside the vPC domain No L3 peering between Nexus 7000 devices (i.e. pure layer 2)
ACCESS
ACCESS
E B
Server Cluster
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Server Cluster
56
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
57
Standby device communicates with vPC manager produces to determine if vPC peer is Active HSRP/VRRP peer
L3 L2
When running active/active aggressive timers can be relaxed (i.e. 2-router vPC case)
BRKDCT-2048
Cisco Public
58
OSPF/EIGRP
OSPF/EIGRP
VLAN 99
L3 L2
Primary vPC
P
OSPF/EIGRP
Secondary vPC
BRKDCT-2048
Cisco Public
60
Active
Standby
Listen
Listen
Support for Active/Active on one pair, and still allows normal HSRP behavior on other pair (all in one HSRP group) In the first phase L3 traffic will run across Intra-pod link for non Active/Active L3 pair
Traffic to HSRP MAC gets routed/L3 switched Traffic to HSRP MAC gets bridged to vPC Domain that is HSRP forwarding
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
61
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
62
Design considerations:
Access switches requiring services are connected to subaggregation VDC Access switches not requiring services may be connected to aggregation VDC If Peering at Layer 3 is required between vPC layers an alternative design should be explored (i.e. using STP rather than vPC to attach service chassis)
BRKDCT-2048 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
63
Connect service appliances to vPC domain via vPC and configure static routes to HSRP address
Implementing a separate L2 port channel for non-vPC VLANs to support single attached devices without creating orphan ports
vPC_PL
Static VIP
L3 FW routing agg1b
Static VIP Non-vPC VLANs peer
agg1a
routing peer
L3 FW
vPC_PKL State/Keepalive
agg1a
Non-vPC VLANs
Static FHRP
L3 FW
VPC
VPC
L3 FW Static
FHRP
BRKDCT-2048
Cisco Public
64
Active
Core IP1
Core IP2
Standby
L2 S1
vPC Peer-link
L2 S2
vPC1
vPC2
S3
S4
65
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
66
vPC enhancements
Feature
vPC Object Tracking
Benefit
Increase High-availability Service continuity
Overview
Tracking links states of a vPC peer device (single 10G LC in chassis) Allows a vPC switch to act as the active gateway for packets addressed to the peer router MAC Improved multicast convergence on active forwarder failure
vPC Peer-Gateway
Improve Convergence for Layer 3 flows after vPC peer-link is UP allows the one vPC device to assume STP / vPC primary role and bring up all local vPCs in case other vPC peer device is down after DC power outage Virtualize both vPC peer devices so they appear as a unique STP root
vPC Peer-Switch
BRKDCT-2048
Cisco Public
67
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
77
4.2(x)
4.2(x)
4.2(x) / 5.0(x)
5.0(x)
4.2(x)
4.2(x) / 5.0(x)
5.0(x)
5.0(x)
5.0(x)
BRKDCT-2048
Cisco Public
78
FEX Active-Active
FEX Straight-Through
Throughout the ISSU process, VPC roles will remain intact and the MCEC Manager (MCECM) is responsible for coordinating this process. It is the peer switchs responsibility to hold onto its state until ISSU process is complete
BRKDCT-2048
Cisco Public
80
Agenda
Feature Overview and Terminology vPC Design Guidance and Best Practices
Building a vPC Domain Attaching to a vPC Domain Layer 3 and vPC Spanning Tree Recommendations Data Center Interconnect HSRP with vPC vPC and Network Services vPC Enhancements ISSU DCNM for vPC Management
81
Logical View
Physical View
82
No need for interacting with 3 cli consoles, a wizard guides the user step by step with clear indication of the task being completed.
DCNM tracks and enforces configuration consistency between the VPC peers for all matching variables.
BRKDCT-2048
Cisco Public
83
BRKDCT-2048
Cisco Public
85
86
VLAN/vPC Scalability
up to 192 vPCs and 200 VLANs
L3 and Multicast
200 SVI/HSRP Groups 40K MACs & 40K ARPs 10K (S,G) w. 66 OIFs (L3 sources) 3K (S,G) w. 34 OIFs (L2 sources)
4.2(1)
Same as 4.1(x)
256 vPCs with *260 VLANs/SVIs (with L3 protocol HSRP) 36 vPCs with *500 VLANs/SVIs Groups with one or more Sources in (with L3 protocol HSRP) the vPC domain: 4,000 mroutes
87
BRKDCT-2048
Cisco Public
88
BRKDCT-2048
Cisco Public
89
BRKDCT-2048
Cisco Public
90
Key Takeaways
NX-OS vPC Key Takeaways The Key Takeaways of the Session are: Propose and leverage vPC technology to extend and scale Layer 2 Networks. Follow the design guidelines and Best Practices to successfully deploy your vPC architecture. Use latest NX-OS code to leverage convergence optimizations provided to assist Layer 2 and Layer 3 Unicast and Multicast Applications.
Leverage ISSU and vPC to provide a hitless software upgrade with the benefits of a multi-chassis technology.
BRKDCT-2048
Cisco Public
91
Reference Material
BRKDCT-2048
Cisco Public
92
Reference Material
Solution Testing and vPC Documentation
vPC white Paper: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11516396.html vPC design guides: http://www.cisco.com/en/US/partner/products/ps9670/products_implementation_design_ guides_list.html vPC and VSS Interoperability white Paper: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_58 9890.html Data Center DesignIP Network Infrastructure: http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/DC3_0_IPInfra.html Layer 2 Extension Between Data Centers: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11_49 3718.html Implementing Nexus 7000 in the Data Center Aggregation Layer with Services: https://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/nx_7000_dc.html
BRKDCT-2048
Cisco Public
93
BRKCRS-3035
Recommended Reading
95
Questions?
BRKDCT-2048
Cisco Public
96
BRKDCT-2048
Cisco Public
97
BRKDCT-2048
Cisco Public
99