Labs Ine Com Workbook View Nexus Technology Labs Task Active

pdfcrowd.com open in browser PRO version Are you a developer?
Try out the HTML to PDF API

Last updated: May 7, 2014
Diagram
Task
Nexus Technology Labs Data Center Technology Lab
Resources
Active Active NIC Teaming with vPC
Active Standby NIC Teaming without vPC | Nexus 7K Virtual Port Channels (vPC)
Resources
pdfcrowd.com open in browser PRO version Are you a developer? Try out the HTML to PDF API
Show task as rack:
Racks 1, 5, 9
Configure a vPC Domain between N5K1 and N5K2 as follows:
N5K1 and N5K2 are the vPC Peers.
Create vPC Domain 1 on the peers, and use the mgmt0 ports for the vPC Peer Keepalive Link.
Configure all links between the vPC peers as Port-Channel 1, and use this as the vPC Peer Link.
The vPC Peer Link should use LACP negotiation, be an 802.1q trunk link, and be an STP Network
Port.
Configure vPCs from N5K1 and N5K2 to Server 1 and Server 2 as follows:
Configure N5K1 and N5K2's links to Server 1 as Port-Channel 101.
Port-Channel 101 should be configured as an access port in VLAN 10, an STP Edge Port, and as
vPC 101.
Configure N5K1 and N5K2's links to Server 2 as Port-Channel 102.
Port-Channel 102 should be configured as an access port in VLAN 10, an STP Edge Port, and as
vPC 102.
Configure Active/Active NIC Teaming on Server 1 and Server 2 as follows:
Configure a NIC Team on Server 1 using 802.3ad (LACP); both links to N5K1 and N5K2 should be in
this team, and it should use the IP address 10.0.0.1/24.
Configure a NIC Team on Server 2 using 802.3ad (LACP); both links to N5K1 and N5K2 should be in
this team, and it should use the IP address 10.0.0.2/24.
When complete, ensure that Server 1 and Server 2 have IP connectivity to each other, and that traffic between
them uses both uplinks to N5K1 and N5K2 simultaneously.
Configuration
N5K1:
feature lacp
feature vpc
!
vlan 10
!
vpc domain 1
peer-keepalive destination 192.168.0.52
!
Active Active NIC Teaming with vPC
Expand all
Data Center Technology Lab Resources
Classical Ethernet Switching
Virtual Port Channels (vPC)
Fabric Extenders (FEX)
Overlay Transport Virtualization (OTV)
Storage Area Network (SAN)
Release Notes
C
O
N
T
E
N
T
S
interface port-channel1
switchport mode trunk
spanning-tree port type network
vpc peer-link
!
switchport mode access
switchport access vlan 10
spanning-tree port type edge
vpc 101
!
vpc 102
!
interface Ethernet1/1
channel-group 101 mode active
speed 1000
!
speed 1000
!
interface Ethernet1/3 - 5
N5K2:
feature lacp
feature vpc
!
vlan 10
!
vpc domain 1
peer-keepalive destination 192.168.0.51
!
vpc peer-link
!
vpc 101
!
vpc 102
!
speed 1000
!
speed 1000
!
interface Ethernet1/3 - 5
Verification
In this design, the end servers are dual attached to separate access switches, N5K1 and N5K2. Additionally,
N5K1 and N5K2 are configured for Virtual Port Channel (vPC), which is a type of Multi-Chassis EtherChannel
(MEC). vPC means that the downstream devices, Server 1 and Server 2 in this case, see the upstream
switches (the vPC Peers) as a single switch. In other words, while the physical topology is a triangle, the
logical topology is a point-to-point port channel.
vPC configuration is made up of three main components, the vPC Peer Keepalive Link, the vPC Peer Link,
and the vPC Member Ports. The vPC Keepalive Link is any layer 3 interface, including the mgmt0 port, that is
used to send UDP pings between the vPC peers. If the UDP ping is successful over the keepalive link, the
peers are considered to be reachable. The second portion, the vPC Peer Link, is used to synchronize the
control plane between the vPC Peers. The Peer Link is used for operations such as MAC address table
synchronization, ARP table synchronization, IGMP Snooping synchronization, and so on. The Peer Link is a
port channel made up of at least two 10Gbps links, and it should be configured as a layer 2 trunk link that
runs as STP port type network. The final portions, the vPC member ports, are the port channel interfaces that
go down the end hosts or downstream devices.
The first step in vPC verification is to ensure that the vPC Peer Keepalive is up and that the vPC Peer Link is
up, as shown below.
N5K1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 1,10
<snip>
Next, the vPC Member Ports are configured to the end hosts. In the output below, Port-Channel101 to Server
1 shows its vPC as down, because the vPC has been configured on the switch side but not yet on the server
side. The end result is that the link runs as a normal access port, as indicated by the Individual flag of the
show port-channel summary.
N5K1# show vpc 101
vPC status
----------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
------ ----------- ------ ----------- -------------------------- -----------
101 Po101 down* success success -
N5K1# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(SU) Eth LACP Eth1/3(P) Eth1/4(P) Eth1/5(P)
101 Po101(SD) Eth LACP Eth1/1(I)
102 Po102(SU) Eth LACP Eth1/2(P)
Next, the end server is configured for NIC Teaming. In the case of the Intel ANS software, an LACP-based
channel is called 802.3ad Dynamic Link Aggregation.
After the server signals the switch with LACP, the channel can form and the vPC comes up, as shown below.
N5K1#
2013 Mar 3 18:58:39 N5K1 %ETHPORT-5-IF_DOWN_INITIALIZING: Interface Ethernet1/1 is
down (Initializing)
2013 Mar 3 18:58:39 N5K1 %ETH_PORT_CHANNEL-5-PORT_INDIVIDUAL_DOWN: individual port
Ethernet1/1 is down
2013 Mar 3 18:58:39 N5K1 %ETHPORT-5-SPEED: Interface port-channel101, operational s
peed changed to 1 Gbps
2013 Mar 3 18:58:39 N5K1 %ETHPORT-5-IF_DUPLEX: Interface port-channel101, operation
al duplex mode changed to Full
2013 Mar 3 18:58:39 N5K1 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface port-channel101,
operational Receive Flow Control state changed to off
2013 Mar 3 18:58:39 N5K1 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface port-channel101,
operational Transmit Flow Control state changed to off
2013 Mar 3 18:58:42 N5K1 %ETH_PORT_CHANNEL-5-PORT_UP: port-channel101: Ethernet1/1
is up
N5K1# 2013 Mar 3 18:58:51 N5K1 %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel101: fi
rst operational port changed from none to Ethernet1/1
2013 Mar 3 18:58:51 N5K1 %ETHPORT-5-IF_UP: Interface Ethernet1/1 is up in mode acce
ss
2013 Mar 3 18:58:51 N5K1 %ETHPORT-5-IF_UP: Interface port-channel101 is up in mode
access
N5K1# show vpc 101
vPC status
----------------------------------------------------------------------------
------ ----------- ------ ----------- -------------------------- -----------
101 Po101 up success success 10
The IP configuration of the server goes on the logical NIC Team interface, similar to how NX-OS and IOS use
the logical Port-Channel interface to reference the physical members of the channel.
Testing the traffic flows over the vPC in the data plane becomes a little difficult in this case. Each device that
has a port channel configured ultimately controls the decision of how its outbound traffic flows. For example,
if a traffic flow is moving from Server 1 to Server 2, Server 1 first determines which links to send the flows out
on, and then the upstream switches choose which outbound links to send the flows out on, until the final
destination is reached. This is an issue because you will not see an even distribution of traffic among the NIC
Team and vPC Member Ports unless there is a sufficiently large number of flows from diverse source and
destination addresses. Although the port-channel load balancing method can be changed on the Nexus
switches, it cannot be changed in the Intel NIC drivers in this design. Therefore, to fully verify that
Active/Active forwarding is working, we need more than one destination address to send to. This is achieved
below by configuring a secondary IP address on the NIC Team of Server 1.
Next, Server 2 is configured to send separate UDP flows to each of the addresses on Server 1 with the iPerf
app, as shown below.
On the network side, the traffic flows in the data plane can be verified by looking at the interface counters of
the vPC Member Ports. If the input bandwidth counter from Server 2 is split between both N5K1 and N5K2,
we would then know that Server 2 is distributing the load between both members of its NIC Team in an
Active/Active manner. Furthermore, if we see that the output bandwidth counters from N5K1 and N5K2 to
Server 1 is split between them, we would also know that the switches are doing Active/Active forwarding to
the destination. This can be seen in the output below.
N5K1# show interface e1/1-2 | in rate|Ethernet
Ethernet1/1 is up
Hardware: 1000/10000 Ethernet, address: 000d.eca2.ed88 (bia 000d.eca2.ed88)
30 seconds input rate 946992 bits/sec, 198 packets/sec
30 seconds output rate 5899400 bits/sec, 926 packets/sec
input rate 946.99 Kbps, 198 pps; output rate 5.90 Mbps, 926 pps
Ethernet1/2 is up
Hardware: 1000/10000 Ethernet, address: 000d.eca2.ed89 (bia 000d.eca2.ed89)
input rate 5.90 Mbps, 926 pps; output rate 947.38 Kbps, 199 pps
N5K2# show interface e1/1-2 | in rate|Ethernet
Ethernet1/1 is up
Hardware: 1000/10000 Ethernet, address: 000d.eca4.7408 (bia 000d.eca4.7408)
input rate 40 bps, 0 pps; output rate 6.21 Mbps, 975 pps
Ethernet1/2 is up
Hardware: 1000/10000 Ethernet, address: 000d.eca4.7409 (bia 000d.eca4.7409)
input rate 6.21 Mbps, 975 pps; output rate 144 bps, 0 pps
Note that on N5K1 the input rate of E1/2, which connects to Server 2, matches the output rate of E1/1, which
connects to Server 1. Likewise, on N5K2 the input rate of E1/2, which connects to Server 2, matches the
output rate of E1/1, which connects to Server 1. Also note that these traffic flows do not cross the vPC Peer
Link between the Nexus 5Ks, because this link is excluded from the data plane under normal correct
operations. Verification of the counters of Port-Channel1, the vPC Peer Link, show little to no traffic being
sent or received on the port.
N5K1# show interface port-channel 1 | include rate
input rate 976 bps, 1 pps; output rate 1.07 Kbps, 1 pps
The output shown above indicates the normal forwarding logic of vPC, which is that the vPC Peer will first
attempt to forward traffic to a local vPC Member Port instead of crossing the vPC Peer Link. The only time
that this rule is normally broken for known unicast traffic is if the local vPC Member Port is down. For
example, if a failure occurs between N5K1 and Server 1, N5K1s traffic received from Server 1 going to Server
2 must be sent over the vPC Peer Link; otherwise it would be blackholed. This can be seen below.
Normally this detection is immediate based on link failure, but in this topology design Server 1 is a Virtual
Machine that is not directly physically connected to N5K1. When the LACP timer expires, N5K1 detects that
the vPC peer is gone, and the vPC Member Port goes down.
N5K1#
2013 Mar 3 22:54:34 N5K1 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel101: Ethernet1/
1 is down
2013 Mar 3 22:54:34 N5K1 %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel101: port-chann
el101 is down
<snip>
N5K1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 1,10
vPC status
----------------------------------------------------------------------------
------ ----------- ------ ----------- -------------------------- -----------
101 Po101 down* success success -
102 Po102 up success success 10
Now any traffic that comes in on N5K1 from Server 2 that is going toward Server 1 must transit the vPC Peer
Link.
N5K1# show interface port-channel 1 | include rate
input rate 992 bps, 1 pps; output rate 5.67 Mbps, 856 pps
This situation normally only happens during a failure event. It is highly undesirable for vPC because the vPC
Peer Link is usually much lower bandwidth (such as 20 Gbps) than the aggregate of the vPC Member Ports
(such as 400Gbps+, depending on port density), so the Peer Link can quickly become overwhelmed if it
needs to be used in the data plane.
Active Standby NIC Teaming without vPC | Nexus 7K Virtual Port Channels (vPC)
^ back to top
2014 INE Inc., All Rights Reserved

Labs Ine Com Workbook View Nexus Technology Labs Task Active

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Labs Ine Com Workbook View Nexus Technology Labs Task Active

Загружено:

Авторское право:

Доступные форматы

pdfcrowd.com open in browser PRO version Are you a developer?

Try out the HTML to PDF API

Вам также может понравиться