A personal guide to basic vPC setup

Continuing further on our discussion about vPC or not to vPC blog; We implemented our Data Center design with Nexus 4.1.4 NX-OS code version ( 7010 ) with vPC enabled.

Reasons we decided to go vPC; - To support Virtualization in our Data Center design (which warrants a huge Layer two Access domain) ... Killing Spanning tree in that Layer-two domain alone was a huge Pro for vPC. - Having all links Forwarding and no SPT blocked ports was the another convincing factor. - HSRP Enhancements and Forwarding on both paths v/s bringing everything back to the HSRP primary switch was also a neat option. - Inherent Fall back Mechanisms built into the vPC feature and Nexus 7000 line are also attractive - CPOC Testing and interactions with Cisco Account, BU and AS Teams were necessary closing factors. For more information on vPC please refer Cisco vPC CCO link Below is a high-level diagram of our Access level setup ... [IMG]http://i706.photobucket.com/albums/ww66/kamalvyas/vpcsetup-1.jpg[/IMG] In above diagram all orange links are 10 Gig links and all blue links are copper links.... - Access Switch (Nexus 5K in this case) even though they connect to two separate Aggregation Nexus 7K; All uplinks are part of a single port channel (Po1). So from a Nexus 5K perspective it's a single Port Channel with all links forwarding. - Each Nexus 7000 has a corresponding port-channel ... Note the port-channel number has to be same for e.g Po10 on both 7K for Switch A and Po11 for Switch B. - vPC peer keepalive link is leveraging a layer-3 port-channel with couple of 1xGig links (Po1) - vPC peer link is leveraging a layer-2 port-channel with couple of 10xGig gig links (Po2) Below is basic config script for setting up the above environment; ============================================ N7K-01 ============================================ ! feature vpc ! ! vrf context vpckeepalive ! interface port-channel1 description vpc peer keepalivelink vrf member vpckeepalive ip address 1.1.1.1/30 ! vpc domain 1 role priority 10 peer-keepalive destination 1.1.1.2 source 1.1.1.1 vrf vpckeepalive ! interface Ethernet1/1 description vpc peer keepalivelink member channel-group 1 mode active no shutdown ! interface Ethernet1/48 description vpc peer keepalivelink member channel-group 1 mode active no shutdown ! ! interface port-channel2 description vpc peerlink switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy vpc peer-link spanning-tree port type network spanning-tree guard loop ! interface Ethernet2/10 description vpc peerlink member switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy spanning-tree port type network udld aggressive channel-group 2 mode active no shutdown ! interface Ethernet3/10 description vpc peerlink member switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy spanning-tree port type network udld aggressive channel-group 2 mode active no shutdown ! interface port-channel10 description to port-channel to Swithc-A shutdown switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy vpc 10 spanning-tree port type network spanning-tree guard root ! interface port-channel11 description to port-channel to Swithc-B shutdown switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy vpc 11 spanning-tree port type network spanning-tree guard root ! ============================================ N7K-02 ============================================ ! feature vpc ! ! vrf context vpckeepalive ! interface port-channel1 description vpc peer keepalivelink vrf member vpckeepalive ip address 1.1.1.2/30 ! vpc domain 1 peer-keepalive destination 1.1.1.1 source 1.1.1.2 vrf vpckeepalive ! interface Ethernet1/1 description vpc peer keepalivelink member channel-group 1 mode active no shutdown ! interface Ethernet1/48 description vpc peer keepalivelink member channel-group 1 mode active no shutdown ! ! interface port-channel2 description vpc peerlink switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy vpc peer-link spanning-tree port type network spanning-tree guard loop ! interface Ethernet2/10 description vpc peerlink member switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy spanning-tree port type network udld aggressive channel-group 2 mode active no shutdown ! interface Ethernet3/10 description vpc peerlink member switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy spanning-tree port type network udld aggressive channel-group 2 mode active no shutdown ! interface port-channel10 description to port-channel to Swithc-A shutdown switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy vpc 10 spanning-tree port type network spanning-tree guard root ! interface port-channel11 description to port-channel to Swithc-B shutdown switchport switchport mode trunk switchport trunk native vlan xx switchport trunk allowed vlan xx - yy vpc 11 spanning-tree port type network spanning-tree guard root ! ============================================ N5K (both Switch-A and Switch-B) ============================================ ! ! interface port-channel1 switchport mode trunk description uplink port-channel to Nexus 7Ks switchport trunk native vlan xx switchport trunk allowed vlan xx - yy spanning-tree port type network ! Our Network Configuration worked really great with the above config. We tested most of failure scenarios we listed in my earlier blog vPC or not to vPC . And a network level all functions and failovers worked as advertised. Servers and Applications are being deployed in next few weeks and I will share how my experience goes with end to end testing. Overall vPC feature looks quite promising and plan to leverage it heavily for out current DC project. Please feel free to share any comments/questions/suggestions you might have regarding this topic. More to come on our end-to-end Nexus Design … Stay tuned. Thanks for Reading! I'll be posting regularly now that I've resolving some issues with my blog at Network World and have found time between work and family (got a 2 month old) Finally I get time to continue our data center blog.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2009 IDG Communications, Inc.