VPC

From cwhite's wiki
Revision as of 20:01, 8 May 2016 by Cwhite (Talk | contribs) (Created page with "vPC allows for multichassis load balancing to any device that supports LACP (Catalyst, Nexus, Windows NIC teaming, Linux bonding, etc). There needs to be a few links connectin...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

vPC allows for multichassis load balancing to any device that supports LACP (Catalyst, Nexus, Windows NIC teaming, Linux bonding, etc). There needs to be a few links connecting the two chassis, a peer link and a peer keep-alive link; these are critical for vPC operations.

Terminology

Peer-link: One of the most important links; this should be a 10G+ link atleast and it is recommended having 2x10G+ links in the port-channel. The secondary switch will forward control plane protocols (STP, LACP) to the primary switch over this link. This link is also used to synchronize the MAC address tables between the peers. Additionally, any orphan port traffic may traverse this link. It will also carry HSRP messages over the peer link if we are using a L3 type of config. CFS is also carried over this link.

CFS: vPC services use Cisco Fabric Services to transfer a copy of the system configuration for a comparison process and to synchronize MAC and Internet Group Management Protocol (IGMP) state information between the two vPC peer switches.

Peer keep-alive link: This link is for a secondary test to ensure that both peers are communicating properly. This can be a very low bandwidth interface since a lot of traffic is not sent over it. The peer keepalive link is a logical link that often runs over an out-of-band management network.

Virtual port-channel member ports: Ports that form the virtual port-channel to the other devices.

vPC roles: Primary or secondary. The vPC role defines which of the two vPC peer devices processes Bridge Protocol Data Units (BPDUs) and responds to Address Resolution Protocol (ARP). Use "role priority #" to force a device the device to be a primary devices (lowest priority is the primary). If there is a tie, the system with the lowest mac address will become the primary. "show vpc role"


Configuring vPC

Switch1
Peer-link interfaces: eth1/47, eth1/48
Management interface: 192.168.1.0

Switch2
Peer-link interfaces: eth1/47, eth1/48
Management interface: 192.168.1.1

You need to enable "feature vpc" and "feature lacp" on both switches before starting.


1. Ensure you have your management interface and management VRF configured.

Switch1

N5K-1(config)# interface mgmt0
N5K-1(config-if)# description Peer keep-alive link
N5K-1(config-if)# ip address 192.168.1.0/31

Switch2

N5K-2(config)# interface mgmt0
N5K-2(config-if)# description Peer keep-alive link
N5K-2(config-if)# ip address 192.168.1.1/31

2. First, you must configure the vPC domain. Both switches MUST use the same vPC domain number.

N5K-1(config)# vpc domain 10

3. Configuring the vPC peer keep-alive link. This is done in the vPC domain configuration mode (vpc domain 10).

Switch1

N5K-1(config-vpc-domain)# peer-keepalive destination 192.168.1.1 source 192.168.1.0 vrf management

Switch2

N5K-2(config-vpc-domain)# peer-keepalive destination 192.168.1.0 source 192.168.1.1 vrf management

4. Configuring the peer link. This will be identical on both switches.

N5K-1(config)# interface port-channel 20
N5K-1(config-if)# vpc peer-link
N5K-1(config-if)# switchport mode trunk

5. Place peer links into your port-channel. This will also be identical on both switches.

N5K-1(config)# interface ethernet 1/47, ethernet 1/48
N5K-1(config-if)# channel-group 20

6. Configure vPC port members. This will be the same on both switches. This port will connect to another switch so it will be set as a trunk to pass VLAN traffic. If connecting to a host, you can configure this like an access port.

N5K-1(config)# interface port-channel 50
N5K-1(config-if)# switchport mode trunk
N5K-1(config-if)# vpc 13
###With the "vpc 13", this virtual port-channel ID needs to match on the N5K-2. This is what puts the interface into a multichassis port-channel. 

OPTIONAL:

vPC peer-gateway. Please see page 109 of http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

"The vPC Peer-Gateway enhancement allows vPC interoperability with some network-attached storage(NAS) or load-balancer devices that do not perform a typical default gateway ARP request at boot up. vPC Peer-Gateway allows a vPC peer device to act as the active gateway for packets addressed to the other peer device router MAC. It keeps the forwarding of traffic local to the vPC peer device and avoids use of the peer-link (by not bridging the traffic to the other vPC peer device)."

N5K-2(config)# vpc domain 10
N5K-2(config-vpc-domain)# peer-gateway

vPC ARP sync. When vPC peer link fails and then recovers, vPC ARP Sync performs an ARP bulk synchronization over Cisco Fabric Services (CFS) from vPC primary peer device to vPC secondary peer device.

N5K-2(config)# vpc domain 10
N5K-2(config-vpc-domain)# ip arp synchronize

A good document for optimizations: http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

Verification

To verify that everything is operational use "show vpc brief". If you are having issues with vPC adjacency, use "show vpc consistency-parameters global".