What is vPC-Virtual Port-Channel and how to configure them – Nexus 5K,7K

We all know what a Port-Channel is right ? A port-channel is nothing but bundling a bunch of ports together, so that is seems like one big pipe. Why do we do that ? For redundancy,for higher throughput.

A server can have 4 NICs connecting to a switch. If one of them goes down, in a port-channel the other one takes over without any delay. This can be true for connecting two switches. That’s why we see lots and lots of port channels running between core switches and core and dist or access switches.

This also allows us to have a loop free layer 2 network. Well.. to get a loop free layer 2 network, we also have to run Spanning Tree. Spanning-Tree protocol will block the redundant link , and will only open it if the first port goes down. It’s fine for a 100 meg port or 1 gig port.

What if you have a network, specially in a datacenter where you have 10 Gig ports ? And two 10gig ports forming  a Port-Channel ? One of them will be blocked !! Cisco recognizes this as a waste of Bandwidth.

So Cisco came up with vPC, it’s a port-channel, but it’s virtual. On a traditional port-channel, all the ports needed to be connected to the same device to form a port-channel, with vPC, you don’t ! You can connect one port to one core, and second one to second core. And use vPC, your switch will see both of those connection as One Uplink. Since there are no multiple paths, there are no Loops ,  and Spanning tree will not block anything !

imporving layer2 with vpc

 

vPC is supported on both Nexus 5000 and 7000 models.

Don’t think vPC can only be between switches. We can also deploy vPC between Servers and Switches too. If a server had 4 NICs and running ESXi, we can configure 2 NICs to go to one switch and other two to go to other switch. Incase one of the switch fails, we will be still up and running.

Now let’s take a look at what’s in a vPC ? Or what do we need to have a vPC.

  1. vPC Peers – a pair of vPC enabled swtiches.Two nexus 7K or 5Ks. 
  2. vPC peer Link – this link will carry the vPC control traffic between peers.
  3. vPC Peer Keepalive link- We need a layer 3 , routed interface for both peer to talk.
  4. CFS – Cisco Fabric Service protocol , Nexus 5k and 7K support this.
  5. vPC – the actual vPC port, which will be usually on the Nexus end.
  6. vPC Member Port – this is one of the ports in one of the switches which will be part of the vPC
  7. vPC Domain – it’s a number, all switches has to be part of same domain

vpc arch

 

Configuring vPC: 

  1. Configure the vPC domain
  2. Configure/Establish the vPC Peer keepalive link
  3. Configure the vPC peer-link
  4. Configure the vPCs
  5. Optimize vPC

1.Configure the vPC domain

Tulip-Tech-N7K-Core1# conf t
Tulip-Tech-N7K-Core1(config)#feature vpc
Tulip-Tech-N7K-Core1(config)# vpc domain 2
Tulip-Tech-N7K-Core1(config-vpc-domain)#

Tulip-Tech-N7K-Core1# sh vpc role

vPC Role status
—————————————————-
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:02

See here .. the last part of the mac address of the vPC system-mac co-relates to domain number we used. If we used vpc domain 10 , last portion will be 0a.

 

 2.Configure/Establish the vPC Peer keepalive link

Tulip-Tech-N7K-Core1(config-vpc-domain)# peer-keepalive destination 10.1.2.1 source 10.1.2.2

Tulip-Tech-N7K-Core2(config-vpc-domain)# peer-keepalive destination 10.1.2.2 source 10.1.2.1

Note, I did not mention a vrf here, in this case management vrf will be used. We can also specify a specific vrf for this keepalive.

Tulip-Tech-N7K-Core1(config-vpc-domain)# peer-keepalive destination 10.1.2.1 source 10.1.2.2 vrf VPC-KEEPALIVE

Rule of thumb: Do not use a cross over cable to connect the management port. Use a dedicated management switch or OOB switch .

3.Configure the vPC peer-link

The peer-link is the link connecting two Nexus switches. Refer to my previous diagram. Here are the rules..

  • peer-link should be a port-channel
  • It should be configured as trunk
  • Should have atleast 2 10gig ethernet ports in the port-channel.

Tulip-Tech-N7K-Core1(config)#interface port-channel1
Tulip-Tech-N7K-Core1(config-if)# description VPC Peer Link
Tulip-Tech-N7K-Core1(config-if)# switchport
Tulip-Tech-N7K-Core1(config-if)# switchport mode trunk
Tulip-Tech-N7K-Core1(config-if)# spanning-tree port type network
Tulip-Tech-N7K-Core1(config-if)# vpc peer-link

And here’s the interfaces I configured to be part of Port-Channel 1 . See I have used one port on module 8 and another port on module 18. So in case we have one of the module fail, we will still have 10G connectivity.
Tulip-Tech-N7K-Core1#sh run interface Ethernet8/32
description Port Channel to Tulip-Tech-N7K-Core2
switchport
switchport mode trunk
channel-group 1 mode active
no shutdown

Tulip-Tech-N7K-Core1# sh run int e18/32
interface Ethernet18/32
description Port Channel to Tulip-Tech-N7K-Core2
switchport
switchport mode trunk
channel-group 1 mode active
no shutdown

 

4.Configure the vPCs:

I used to get confused between vPCs and vpc-peer links. Remember, vpc peer-link is between your main nexus switches,  and vpcs will be connecting whatever device (another nexus 5k, or non nexus switch, or even servers) . And to have vPCs we need Ether Channels.

In our example Etherchannel 1 was configured as our vpc peer-link. And now we need to configure a VPC to connect say another swtich. We will use VPC 101 . We will also need to have an Etherchannel to have this VPC 101 up . So we will create a Port-Channel 101.

One of more physical interfaces has to be part of that port channel. I am going to use only 1 interface for Port-channel 101. This will be configured on both Tulip-Tech-N7K-Core1 and Tulip-Tech-N7K-Core2.
Tulip-Tech-N7K-Core1# sh run int e1/1
description Tulip-Tech-N5K1
switchport
switchport mode trunk
channel-group 101 mode active
no shutdown

Tulip-Tech-N7K-Core2# sh run int e1/1
description Tulip-Tech-N5K1
switchport
switchport mode trunk
channel-group 101 mode active
no shutdown

And now configure vpc on the Port-channel 101 on both both core switches..

Tulip-Tech-N7K-Core1(config-if)# interface port-channel 101
Tulip-Tech-N7K-Core1(config-if)# description description VPC to Tulip-Tech-N5K1
Tulip-Tech-N7K-Core1(config-if)# switchport mode trunk
Tulip-Tech-N7K-Core1(config-if)# vpc 101

Tulip-Tech-N7K-Core2(config-if)# interface port-channel 101
Tulip-Tech-N7K-Core2(config-if)# description description VPC to Tulip-Tech-N5K1
Tulip-Tech-N7K-Core2(config-if)# switchport mode trunk
Tulip-Tech-N7K-Core2(config-if)# vpc 101

 

5. Optimize vPC

We can use peer-gateway to optimize the traffic flow via vPCs.
Tulip-Tech-N7K-Core1(config)# vpc domain 2
Tulip-Tech-N7K-Core1(config-vpc-domain)#peer-gateway

Tulip-Tech-N7K-Core1(config-vpc-domain)#peer-switch

The peer-gateway feature allows a vPC switch to act as the active gateway for packets addressed to the peer router MAC. This keeps forwarding of traffic local to the vPC node and avoids using the peer-link.

peer-switch allows a pair of vPC devices to appear as one root bridge in the STP by using the same bridge-ID , this make the STP topology simpler, and make the convergence time faster in times of failure.

Couple of commands to verify vPC will be very handy..

show running config vpc

show vpc

show vpc consistency-parameters global

show vpc peer-keepalive

Here’s a vPC troubleshooting command chart which might come handy..

vpc troubleshoot

 

 

That’s all folks.. I know this is a very long post and sometime hard to get our head around. But knowing this will really make a difference and a must for the next generation switching technology.

Adios !

I have received few emails asking which book covers the most of these topics.

I have enjoyed reading and certainly can recommend
NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures (2nd Edition) (Networking Technology) By Ron Fuller.

Cheers!!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>