Embed Size (px)
Citation preview
DcNI-2 I
-
Im plem enting C isco
D ata C enter N etw orking- Infrastructure 2
v j m e jlontlnVe
Student G uide
- Text Part Nurrber: 97-2800-02
.111.111.C I 5 C O
*21. . . . . . . . ,. . . . . r
P rl rp t ed s n Ca n ad a
Student Gulde (Q 2009 Clsco Systerrs. Inc. AI1 Rlghts Reserved.
,111,111,C I S C O
Table of ContentsVolum e 1
Course Introduction 1
Overvlew 1Learner Skills and Knowledge 2
Course Goal and Objectives 3Course Flow 4Additional References 5
Clsco Glossary of Term s 6
Usinn the Cisco Nexus 7000 in Data Center Netw orks 1-1
Overvlew 1 -1Module Objectives 1-1
Understandinq the Cisco Nexus 7000 Series Switches 1-3Overview 1-3
Objectlves 1 -3Clsco Nexus 7000 Series Chassis Overvlew 1 -4Introducing Supervlsor Englne and Llne Cards 1 -1 1
Main Features of the Supervlsof Module 1 -12lntroduction to the Cisco Nexus f000 Series Fabric Modules 1 -24Virtual Output Queuing 1 -32VOQ Operation 1 -36Introducing Power Supplles and Cooling 1 -39Connectlvlty Management Processor 1 -45Cisco Nexus 7018 Chassis 1-53
Clsco Nexus 7000 18-S1ot Fabric Module 1-59Clsco Nexus 7000 Series Site Preparatlon 1 -61
Shock and Vibratlon 1 -65Grounding 1 -66Power Source 1 -66
Summ ary 1 --1%
Overview of the Cisco Nexus 7000 1-77Overvlew 1-77
Objectlves 1 -77Introducing Cisco NX-OS 1 -78
Supporled Options for Securlty Features 1-80Introducing Cisco NX-OS Process Recovery 1 -95Introducing Clsco NX-OS Supervlsor Redundancy 1-98Summ ary 1-1 12
Introducinq the Virtual Device Contexts in the Cisco Nexus 7000 1-113Overview 1-1 13
Objectives 1-1 13Introducing Virtuallzatlon 1 -1 14VDC Configuratlon 1 -1 32High Availability 1 -143Sum mary 1-145
Manaqinq the Cisco Nexus 7000 1-147Ove r'vl ew 1 - 1 4 7
Objectives 1 - 147S N M P a nd X M L 1 - 1 48Cisco Generic Online Diagnosis 1- 1 55Cisco Em bedded Event Manager 1-1 61Sm art Call Hom e 1 -1 66Clsco Data Center Network Manager 1 -1 72System Message Logging 1 -180Authentication. Authorlzatlon, and Accounting 1 -18 1
Role-Based Access Control 1 -1 83Conflguratlon Rollback 1-185Summ ary 1 -186
Cisco Nexus 7000 and Cisco NX-OS Laver 2 Protocols and Features 1 -187Overview 1 -1 87
Objectives 1 -1 87Cisco Nexus 7000 and Cisco NX-OS Layer 2 Overvlew 1 -1 88VLANS and PVLANS 1 -1 91Spanning Tree Protocol 1 -202
The Root Por't Role 1 -203The Deslgnated Port Role 1 -203Alternate and Backup Porl Roles 1 -204Using Fast Convergence 1 -207lST 1 -21 1CIST and CST 1 -21 1Spanning-Tree Operation W lthin ao M ST Reglon 1 -21 2Spanning-Tree Operations Between MST Reglons 1 -21 2MST Edge and Boundary Ports 1 -21 3
Portch a n n els 1 -22 7IGM P Snooping 1-229LlniDlrectlonal Link Detection 1-232Summ ary 1 -235
Cisco Nexus 7000 and Cisco NX-OS Laver 3 Protocols and Features 1-237Ovewlew 1 -237
Objectives 1-237Layer 3 Unicast Routlng Overview 1-238
Hardware Forwarding 1 -242Software Forwarding q -242
Flrst-Hop Routlng Protocols 1 -243Routing Protocols 1 -252
High Availabllity and Graceful Restart 1-254Vlrtualizatlon Support 1 -254Address Fam ily Configuration M ode 1 -271
Vlrtual Routing and Forwardlng 1 -279Pollcy-Based Routing 1-283Layer 3 Pod Channel 1-286Tunnels 1-289Layer 3 M ulticast 1 -292Sum mary 1 -299
Cisco Nexus 7000 and Cisco NX-OS Qualitv of Service 1-301Overvlew 1 -3:)1
Objectives 1-301Clsco Nexus 7000 Series QoS Ovewiew 1-302
Uslng QoS 1 -302Classlficatlon 1-302Marking 1 -302Mutation 1 -303Policing 1 -303Queuing and Scheduling 1 -303l-llgh Availability 1 -303
Pod QoS 1 -304Folwarding Engine QoS 1 -307Modular QoS CLI Overview 1 -308Class M a p 1 -31 0Ta bIe Ma p 1 -3 1 4Po1 i cy Map 1 -3 1 6Service Policy 1 -323Sum mary 1 -330
1, lr1l plementrng Clsco Dala Center Network Infrastructu re 2 ( DCN I -2 ) v3 0 çç 2009 Clsco Systems . Inc
Cisco Nexus 7000 and Cisco NX-OS Securitv 1-331Overvlew 1 -331
Oblectlves 1 -331lntroductlon to Clsco Nexus 7000 and Clsco NX-OS Security 1 -332Trafflc Integrlty 1 -334
Checks on lPv4 Packets 1 -337Checks on IPv6 Packets 1 -338
Control Plane Protectlon 1 -346Access Control 1 -351Adm lsslon Control 1 -367Data Confldentlallty 1 -376Rote-Based Access Control 1 -378Sum mary 1 -380
Troubleshootinq 1-381Overvlew 1 -381
Oblectives 1 -381Ethanalyzer: W ireshark in Cisco NX-OS Software 1 -382SPAN and RSPAN 1 -386Cisco NX-OS Software Troubleshooting Process 1 -394Sum mary 1 -405
DC N I-Z
C ourse Introduction
O verview
Learner Skills and Know ledge
Fam iliarity with TCP/IP protocol suite
Knowledge of Layer 2 switching
Knowledge of Layer 3 routlng protocols
Background in SANS
Course Goal and Objectives
. '- @ .
.- * - I I I I I I . . I I I . .. @ .
Implementing C?sco Data Ce/qfer Networking Infrastructuro 2
%u, 2009 C, sco Systems . Inc. Course Irltroductlon 3
Course Flow.'F11 i s ltlj3 ic I'l'cstzl'lts tllc Lstlggchtcd 11(.'b'$&' (.,1' tl'lc cotlrsc Ileltltcrl'al s.
vlrtual Layer 3 Securily uab Exerclse 11Device Protocols andContexts FeaturesA Clsco Nexus
Fibre Channel7000 Lab Exerclse 3V Oven/iew Lab Exercise 5 g-ab sxercise 8 OveWieW
Managlng theClsco Nexus
70(j0 Lab Exercise 6 Lab Exerclse 12
l-ab Exerclse 1 ouailty of Lab Exerclse 9 Implementingice FCOE NetworksSel'v
TroubieshootlngLayer 2P Clscl, NX-OS erotocols and Lab Pxercpse 13
t-ab Exercfse 10u overvlew y'eaturesLab Exerclse 14Cisco Nexus
Lab Exercise I 5000 and 2000
Lab Exerclse 2 Lab Exerclse 4 Overvlew Lab Exercise 15
*
*
4 Implementlng Crsco Data Center N etworklng 1 nfrastruclure 2 (DCNI-Z ) v3 0 %' 2009 Clsco Systems . Inc
A dditional References
l 'az'% - -cisco Nexus 700: - ' ' ''- CISCO r Jektls 2000
. -.- rv.ltlltrha y'er Esttn ehrl) eht. Clsco Nexus 5000 Svbfttch I Clsco-*- C;- a ta I .
.,s t ê. 5 0 i) i
-1 clsco uos asoo .-:'42..-1 - Etse'net sa,tcr'
' vlultlpayer oprecta ) - :j ': t)o - I P Router
- - sl clsco uos :2 .* ....-. ' Multllayel switch
. C I s c o M D S 9 1 0 0 IF F I r e wa 1 1v Sï F a bri c Swlt c h
' ' '' ' - ) '$ ' '. . . ';, .r; .) .T j r-k p ,'%zz ; y )' q t ; .j t-. (. ? j. . .z ';. . : ..; j ) )
. .-. yrjtjre cjjasnel J BoD..- Appjlcatlon Server''
:!.:,!jy
'
.
'
'
'
- ' . Fibre Channel RAID- .-
'.
'. subsystem
W orkslatlon
Flbre Channel TapeSubsystem
@ 2009 Clsco Systems. lnc. Course lntroductlon 5
Cisco G lossary of Term s
Cisco Learning Network
Developing a world of talent through collaboration,
social Iearning, online assessm ents and m entoring
. . y . . s. ''hl. kkr ,. '
! l . , . .. y-; ùj . 4. fîtj f!$ 1i7 k j .j J;!i) ;r() h. ( 111,r
, : . . . , uI yy . '! . :..(y . oj;1$ I .. zkt jj j
m pu ' ; ' . y ? ' 'E;s f. Ljklp. .1 î. .. . d: h .... . t.? t, ' kl, .1l0 , . a .).)Lî' vjy '.' .''''. e2$..v).''a. .L k , -.<t(f) qy,; , ..r , ..: .. . : . u 9 .. h . z . kL?. .,. ' r ... . ' . 31. h:é.ë . 7. ii / '
.. , ) . (. . rt . jr .' . '
' cRl 1 '' ' ',.' ; t / . '. .. . ' .( $
...ai.çr';#' . j j,k d
. . l < 'ku ....... ! .skx .? S ' ' ' '
è' y
6 Inhpiementlng Clsco Dala Center N etworklng Infrastructure 2 (DCN 1-2 ) v3 0 i($ 2009 Clsco Systems. Inc
M odule 1
U sing the C isco N exus 7000 in
D ata C enter N etw orks
O verview
Module Objectives
:-2 lmplementlng Clsco Data Center Networklng I nfrastructure 2 ( DCNl.2 ) v3 0 Ct. 2009 Clsco Systems . Inc
Lesson 1
U nderstanding the C isco
N exus 7000 Series Sw itches
O verview
Objectives
C isco Nexus 7000 Series C hassis O verview
High density: 256 10-G and 384 N?K-C70101-G ports -..--
Performance at release: 8k rUp to 1
.2 Tb/s system bandwidth
Up to 480 mpps system SwitchingUp to 80 Gb/s and 60 m pps per slot , - v .
- '
' kl'tlI :iy .1 f1, . k i.Future proof:' , :,,$1 ilt
-lp to 4. ! Tb/s system bandwidth (230 il I 11 11 11 lG per slot) with initial fabric modules ' ijl! t iltl -
Scalable to 1 5+ Tb/s system . -True front-to-back airflow * * -**
, s1>* 1.::1Redundancy for aII components
1-4 Implernentlng Clsco Data Center Networklng Infrastruclure 2 (DCNI-2) v3.O tt ) 2009 Cisco Systems, 1nc
Front
Syslem Status LEDS
F!'
! i! ii 1r.. ..f f'rl )rl' ii'1y!!i1!k '- '.' l $' #Two Supervlsor Slots (5-6) . ! . j
I ; I 1 l 1!1 jl! 1.E,stat F'ayload slots t.1...-4. z..1a) ** :- 1. ç l i.1 @I1 ljh
Iilsl' '' -11 I lr .. l k . ' Ii
..
W ..-.-.w .ee r
111111111111111111
. ' ). l . s, .
' )I .1
. . 'j. Backi
j ' +
=. . .. j Two Systenn Fan Trays. ' . . . (.
. . : y joajiuc yuas yraysWO
! . . . - . , .(; $
k
G > < . ,
' j
. I q.. ,)
@ 2009 Cisco Systems, Inc Uslng the Clsco Nexus 7000 in Data Center Nelworks 1-7
/ ï ' . 'C( '. .. i % 41 : ;:. .; z: t' > 1*I ..
' uo 1.. xm ,qa xm' 1
a j '.,w.
e j I - s y s l e , n L E r? s@ - Ii . j .B.1.,e Eteacon LEos : l .@ .- ' .
I
i .
Loc klng Electol Leh/ers
1 -1$ I mplementlng Clsco Data Center Networklng Infrastructure 2 (DCN (-2 ) v3.0 ti) 2009 Clsco Systems. Inc
Note Currently. the clock modures are not used. and there is no systemwlde clock
1 . 1 0 I rnplementrng Chsco Dala Center Networklng lnfrastructtlre 2 ( DC N I-2 ) v3.0 i 2009 CI sco Systems . I nc
Introducing Supervisor Engine and Line C ards
N7K-SUPI
t ' -< Y ': y . ... j . 11) :;;;r . j ït zkt . I I 1. I .' t8 Irr.j .... .u
A U X U YB POXS C M P E thernetBeacon L ED Comrlalit FlashManageme nt
Console E thernet
@ 2009 Clsco Systems. lnc. Uspng the Cisco Nexus FO0O in Data Center Networks 1- 1 1
M ain Features of the Supervisor M odule
*
1 - 1 2 lmpiementlng Clsco Data Center Networklng Snfrastructure 2 ( DCN 1.2 ) v3 0 (I. 2009 Gssco Systems . I nc
,!1 2009 Clsco Systems . inc UsI ng the Clsco Next. s 'Jlltlo l n Data Center Networks
r X
1 O/1 00/1 000 interface -< w -
Belongs lo dedtcated , ...-'<'< #managem ent VRF --
.,- j' Supports IFFE 802.3ae c - -'''R. . W . . 1... , . >. , !Linksec encryption . c :v , l
q . ... , .
..ajj1 '''' - '4 t . '''
-'
(j ' .. '. <jjt q'b, ..444. .,
1 . 1 4 lmplementkng Clsco Data Center Networklng I nfrastructtare 2 ( DC N I-2 ) v3. 0 '';.' 2009 Crsco Systems. 1nc
- k. r . .'C < 'QC 2 ' # P. j -. . ' ' '*- -< '-yyrjvc . . . .
*$ ' ' <'' .1. 3. ' UJ ' ar '.:;.. . , ...r .. .
. % N
: . .'
N 7K-M 1 32XP- 1 2
S F P- q OG-S R(iV S F P - 1 0 G - L R' y ,.. u.- .. tz.ra/.e
sFp+ <:
S E 1..: - S r T3a I I Fo rrn- Fa ctor Pa c k .Aïlt. S R 300 nl iè) v eg M M i'-.$ Fk = S tl 'a r t R a n g e k. R 1 () k m (; v e r S M FL R = L o r1.C; Ra q g e
*
*
Transcelver
J'pv'' Mhc ' * ' : * * * ': ' * @ '
; xlce MAc :ë#'A. xîrl .- . . . .
! ' ' ' 1 x 1 () 3 ' *' *
'
>
( J SFP. MAG* SG:e*CDR SF! * . ''+ F.DC 1 >: 1 0 3 ' '' @ .
MAC = Metlla Access ControlTOSA = Transmllter Optlcal SubassemblyROSA = Recelver Opttcal SubassemblySerDes = Serrallzer/lzleserpallzerCDR = Clock and Data RecoveryEDC = Error Detectron CodeLD = Laser DlodeTIA = Translmpedance Ampppher
M ode configurable on per-port-group basis:
Port groups conslst of four contiguous odd or even inter-faces (forexample. (1 .3.5.7). (2,4.6.8). (9. 1 1 , 1 3.1 5). and so on)Dedicated m ode disables thfee intedaces in the port group
Dedicated m ode interfaces: 1 , .2, 9, 10, 17, 1 8, 25. 26c- / 'S:
k. .. ./' / - ?'' , '.I) . '' ts. ( x . . % ï . zt t' ; .
v ' . ë '
- A - - - . = - . - - - - - . - - - . - - - - - .- -
.,z.!.=. . ! @ @ * ! 4 . ' @ o og * * I
j:tr . vv ) v v* !* ' i . k'1 .--..i . , . . . . .. àû l --*7
i ( , kt..t ),/) o .t.
1 -1 8 1 mpkementlng Clsco Data Center Networktng lnïrastructure 2 (DCN1-2) v3.D 't-' 27)09 Clsco Systems . 1nc
To F a b rl c
- - - - - - J ' - - - - -l 3 ) )Y 7* @ . . tn Shared mode '
.
9 11 13 15 '*- Four Lnterfaces share 10 Gb bandwldth
: .
@ I @ * @
To F abnc
--- -.j).. a .. - --. -- --. . --..'1. : . '@ . 1 * .yu.,. .. . o..
o tj j js tj m otj (; .Qj CZ''. I I
9 , z,-J',. . ,r.
'u, * - -' One lntef-face gets 1 t7 ob bandwldth:'. 1 Three Interfaces are dhsabled
@ * * *
N7K-M148GT-1 1
.
,-jjjj;;;jjjjII,. .... ., ..,.. ,, , . .--.. t-..!kt- .. .vv -- ...' . . . t
-Y ..-n.. ' v:. ' . .. '. ' ' * . / ,!( 'N . . ......- t'J . . . . 'kN
, = î'k W M. - . . - .- v
****** ' '.. g gg g>h v .
. . *&*** vv@ %**. @. .*. . >..-e* . -** ... f>. -* * . @ ..@@ -y.-
- @ * * *œ -
Port Group 2 ( 1 3-24 ) Poct Grou p 4 4 3 7-48 )
Porl Group 1 ( 1 - 1 2 ) Port Group 3 $ 2 5-36 )
+
1 -20 Implementlng Clsco Data Cenler Networklng lnfrastructure 2 (DCN1-2) v3.0 tL' 2009 Clsco Syslems. lnc
w B tl 11 'el'i 11 g : 7 . 5 6 N1 I $ 1 11 grcss. 6 . l 5 N1 B cglvss .
w Q (1 t2 t) i2 s : 2 q 4 t 1 1 ) g rcs s - l 1'3 3 q 4 t tl g 1.e s s .
Q 2009 Cisco Systems. Inc. Ustng the Clsco Nexus 7000 in Data Center Networks 1-21
) ' M
> u* ueVA ) 4 *'e e- - > -. ...- - < 'P
>v -===
N7%.M148GS-11
f xisrt) Nts: us 7(p$)1) 48-Port Gigabif Ethernct SFP I/O M odulp
. . .. J -. . -t .
. . I I . . !
C 7 0 1 0 - L '=' f? - 1.u- z. .'= r
I . I
7K - 1wQ7 P-! amlhy Serle!a FE Ports speed Optlorls REIVISIODNaI!11: I D Type Gon s roSerles of 6'3
fablrlc Number of fabrlccards for fu I I B W : r)o
redundancy
'lfL, 2009 Clsco Systems. Inc. Using the Glsco Nexus 7000 In Data Center Networks 1 -23
Introduction to the C isco Nexus 7000 SeriesFabric M odules
4s' ./ t-1 6 t t J .,/c. t ..'
. : -.. 7. . .. . , z.,l - - .t,q 2 , . / ,.(.j- / z
w= t .@'h ...'e' < .
u .... <$ -----e
>. ..eg
' * l.1 7 K- C 7 0 1 0 - F A E1 - l
1 -24 irnplernentlng Clsco Data Cenler Networkl ng 1 nf rastructure 2 ( DCN1-2 ) v3.() t: 2009 C1 sco Systems lnc
, . #
,
7-zt(.',, z'', , - t ' -
(t 2009 Clsco Systems. 1nc Uslîlg the Clsco Nexus 7000 ln Data Center Networks 1.25
T11 is Ggtlrc describes the conncctivity' bctwcen tl'lc C'i sco N cxtls 7000 1/t3 and stlperx'isorInodtl les alld tlltt fabric l'nodulcs. Eatlll IF'O modtlle has two 23 Gb/s traces to cach l-abriclnodttlc. Tllcrclbrc. a ftllly loadetl Ncxtls 70 l 0 chassis prov'itlcy -'A30 Gb/b 01- switching capacitypcr 1F (.) slot.
l ,) additioll. cacll supervisor nlodulc has a silpglc 23 Gb/'s tracc to eacl, l'abric Tnodtllc. so tllat aftll Iy loaded Ncxtls 7() l 0 cllassis proNfides l l 5 Gb/'s oI' switching capacity to ttach stlpervi sorslot.
1-26 Implementlng Clsco Data Center Networking lnfrastructure 2 (DCNI-2) v3.0 @ 2009 Clsco Systems. Inc.
Up to Eight l/O Modules x Dual Traces 1 6Dual Supervisor M odules x Single Trace +2
Total Traces per Fabric Module 18Up to Five Fabric Modules x5
Total No. 23 Gb/s Traces (chassis)
Ft;Il Duplex Ooeratloa 2 07 T@)/'s x 2 = 4 1 4 Tb/s
E.. 2009 C ksco Systems . 1nc Uslng the Cksco Nexus 7000 ln Dala Center Networks 1 .2 /
. Z. ( .. .. .., 'c. A .. îv - wx' . pu bî % v. . i q. , a o ' '% ': ..l r 1w1 ;? ... w.
gw . *F a b rl cs ..- .. . -.
46 Gb/s
.- < .* >' ...- . . ,.JIIA . ... . Ak' .;)ï T .. r'> + , .n..J% , v u.. : ..t - .rk... ' . ' . .. . : ..)% - - . .s . t . j . . .!. r.o -...-
Z X''' œ 2'' '* ' X 6 '' ' 'MOdUIO - -* *œ* *, W' - *. -*e** - eF * y. - e - * -Y->** .w* - ' e soeS1 ts ***** P** **'O . ..e
1 G Module 10 G Module
As fabric naodulcs arc addcd to thc systcnn. tllc pcr-slol bandvvidth capaci ty illcrcases. T1l i st'igure show's the capacity avai lablc wi th onc fabric lnodulc installed,
Fabrlcs 0..-.,.,., .- ' '
-w '
92 G b/s
- . e G W R. r . . x. .s. . 1J-. R v 4,1. -. v-v . .. v . ..6 . . .,..w ,''q. '' t rl tt'''f t >'''' 'r '
Module ...... ***-* -'''>' -M
1 G Module 10 G Module
Tllis Ggtlre shows the capacity' availablc uritll tvvo fabric nlodu les instal l cd. Tl'c 1 -Gb I'nodtllcreqtli res tw'o fabric l'ntldulcs instal led for N+ l rcdundancy.
1-28 lmpfementl ng Clsco Data Center Networking I nfrastructure 2 ( DCN l-2 ) v3.0 @ 2009 Clsco Systems. lnc
.- - . . .- > + -
1 38 G b/s
'e . >h* ' -t e e . ' * a.. ; V .' - ..., w. . % .sk . . .. . ..k
'
'. - J w '
Module .. .*.' ?. ' '' ' - * '....x > . - - >.a - l +. . ... 54 .. . * - - * .>' 'Slots N.TN - @- .
1 G Modu ie 1 0 G Mod u Ie
Y X - ' . ' . * *-
1 84 Gb/s
. + % % 8 .v' . .N F .'
.
'
' . ' ' ' ' . r..'z.L- .-M d i - - ''' ' '' -' '=o u e . ... .. .-:Y . ' ' - * - N. . .r e x ;: <. > . w . - - - ... .Slots .-* .; . +- - ...-
1 G Module 1 0 G Module
'ç' I 2009 Clsco Systems . lnc Usrl3g lhe Clsco Nexus 7000 kn Data Center Networks 1 .29
e ... + - + e . t. -.. - . . -...- .rr y ... v. - . . $.....- . - ura FICS - '-* ' <.''* '' *'e<v....- ''' *
23O Gb/s
b
1* x > N* *' vW * *' k y - ' .++?* Q ' : M ''V ' ' î - x
'''r . .J - . 7 ' . . j' ê' '7 . . t .j . - .ë k 'tp ' ' L' '' ' '' 'h! () (1 tllil ----- - .''m .e.. . c' '-... - ' --
.......* s* , . .... -Slots ....*. **e**-ee*******'+ * * ..M -*..--w* ..- .w>-.w.... ,pwwp
1 G Module 10 G Moduie
1 -30 lmplementlng Cisco Data Center Networking I nfrastructure 2 ( DCN 1-2) v3 .0 (() 2009 Cisco Systems, Inc.
.. > .. t . . 1-L .'') Eî ' 2 '
Fabrlcs ' - ' ' e' ' '- ' ' *-. . ;>
184 G b/s
rx.x<- * #$ 'Af'sf-'A ' ' - ' .x QJ $ ' - -.>' .. . . / . ';s ., . ..J..t . . ? p p. . k . . ., . . :t f3x -a' . ' '. ' ' '2VOd tl l () ' ' ' ' ' r M D''Z *- n= . . >'. .. '' -.- x:x..... .- - - .Slots .- etM=N ... -.- .* M - * -+- '
1 G Module ' 10 G Module
Virtual O utput Q ueuing
HO L Blocking
StacflunxProblem Atltos going to Kwlky Mar't areforced to walt for congested stadlum trafflclo clear
f
%
Kwlky Marl
1 -32 I mplerrlelptlng Cisco Data Center Networkpng Infrastructure 2 ( DC N I-2 ) v3 0 (Q 2009 Clsco Systems. !nc
S3 1 t 1..1!111 l lSoiutlon Add another lanededicaled to Kwlky Martcustom ers.
= = = = o a e o = *
%
Fk vplk y Nq;1r1
.. . . . ,. y Nv. tn ... . y .. . ; c - flmay ( j) , $- ,..- r>. . ., )s. . : .z =.. 1 y ( . , .. . . . . j .x .- ) <. .a ) . .. :. .t v' r . . ' k; x -. . ' ' ? .
A three-stage architecture with fabric modules formingthe second stage of the sw itch fabric'.
EatxlcaMolutqsE' jrz-.ss zz' .v k 1 :! glj.,ù y),:y;a;.', '.. I .
Ingcess ' Ellress, . jsu . . k . r) ;I I O M o d u I e . ' ''r'/ 1) z ' * > f t!'l f 1 = 1 / O M o d LJ I ef>' = Léye.:.'.g '' .2r.11% 4 Bt ' 'L: '. f' 'j t'J;1;ôk(j: jj.
. p'..' ,. y. .. 2 . .. .sjll>-.ot.' 4224 pmo :. ,. C .>. .''4 A' '? 9' ' ' : 'J,'( '. ' : '' '' e 1 '. 1' '' .'ë t :! '?':;LA%è2bbî2. . a ;L..'îx'> . ' . ë : : pl ï '.; .. :, ï'Cï''' 2 q t;?0, 1 t1i1l),'' 'h tùss :C''' ' ' '-- '. l%t>. . 'h' ' '' '' ;'' L' ' ' (: ... - ...r s : , s:j.a r . ..... . .. .;... .. . 36% u .....47 ' o ' G ' . , . u :' . 3, ' . . ..:r, . jjjjgjkyym. jjjt' ' gr v': ) b: ) .) J'Z ......., .i ; : : , . .. : ai . y ,..,...k,k...p : . .. . . . hz :.; ( .., ..-..s.. ,./) . . . . j . ; . , . j . a . . j .. ( . y . . k j ) N ) , . . J . j j jr ; j . y.L Say . . .4,.04 yy jy tsjg j t ...,4 y u; , ;,.x j . y ; .. .. ., , i .. ,. . ,. y;. .;k'.1.' 'Lu, o;.n$ ty,; :.t7:o.. ) . z . 9' n q. ., -';, j :. J. . ' .. ,..0 ..' kn.ljh ? k p .. - u.t..),vki
t' . , . . ., 'è , . . .. . . z......=.......u...=...z......c. ! ttjf 4.ly)kj;. , $ti?î;kcf'k:,jjyy j xci : q,jqq.. ,..,. '2.jk,..J,... ,. .,.$ kr iE .. , . , s . a. r# :,z ?7#:.t(jpë. .';=s : . u . J .. ! / - -%r. ' .
i . > . # .L. .. ...... .. ... .
';:t>0).?z)&/.f '.1:/ $z:'t#2f- .5 k. r' .. .52 . . . . ... ..1sI Stage 2qè Slage 3rd slage
Ingress Crossbar Crossbar Crossbar EgressFabnc (lnqress (Fabrlc (Egress FabncInterface I/O Module) Modules) I/O ModuLe) Interface
Voos on thc ingrcss l'nodul kls rcpresent btl l-fbr avai labi l ity on the cgrcss modulcs. Gtlaralptceddcli vcry to lhc cgrcss lnokltlle for arbitraled packcts cntcring tllc fabrlc is dcpcndcnt tlp. onw'hcthcr VOQ is availablc on thc ingress and :1 btlflkr is avai lable on thc cgrcss.
VOQ i $ virtual bccausc it reprcscnts thc cg rcss bu 0L*r but rcsidcs on thc ingrcss lnodule . It isst i l l a phys ica 1 b u ffcr w h cre paek' ct s are stlhlvd .
y ) (zt. - 'x p ' z) z ' z' t. Lv Cz ?z .. o/
1 -34 I mplementlng Crsco Data Center Networking Infrastructure 2 (DCNI-Z ) v3.0 @ 2009 Cisco Systems , Inc.
EE $? I ib s; sp rv1 cp u'l tl 1 Fp I ' .
prrro I ,== ; r m * UUIWJIO 1 MV
m mI v I j I IF vt l , l i (. ' ' ' I ' ' . 'Erllqlkilllfg 1 'n tl n I . . ' .
. . I .ModuleA'W II 3 ? I
** R kI7YI 2 7 . , Iv < I-rl-l-lo 1 2 z ' l I v . . . . . r I r . . . . . I . .UI-IW-IQ 1 :' . 3 f ! . L ro t r a r ; . . ! . .
r ' j raj . ' . . I . , r I r . . I' A ' o ! z . . r I I . ,E (,1 t' s s - ' ''
F a L.1 1 1' K c > aE?. (1 ff t'1 'b Nlij -X '
.% 0 ... .. .UXU VI ' n '
Egress Modules 0 1 2 .N'TTII 2 zg--l--lr-qg--lll 1 :2 :; .
I n g r e s s K 1 od t 1 1 e :mx zzz:zz >= g''j-j-j-)û j 2 z .
I''ql'''l'''uû 1 ;? :$ .ex-v.- F a p)r I c '
.. . . . ' (-17-171 . I ! c : . . . . .. hv1 () c1 tlI tr -'
= = gr . rr'j-j'qa T z a . . .=- ygj-rû 1 a z
' .'. g''jI''(I'''Hu- T j:: :; : . . :. .zkTI77l 2 3 FTIr.l. ' o n H-IT 1. ' , 1 2 3 'I'T'l-'l'la 1 2 z c - ' . . . . H'Tl-lo 1 2 z . .N-17-11 2 z H'Tl-lû 1 2 3 . - . . .EtJl ess FaL
?I IcI-I-I'-I-ItI 1 2 3 -' O Eitltfe, sr.l'.l-rlo 1 2 z Ll'lTlo l 2 z . . . I . . . . . I I . I . . WFU R' ' ' . ' ' ' ' ' '
. ! I ' .;t- '' : o .l 2 3 I-I-I-''FIQ 1 2 :$ Fi'l'i-Ll.ïl'w q . $ ' z e . ' e ' I ' ' ' ' t ' ' ' ' ' '7I-1-1-1: 1 2 z Ll'T-l'lc t 2 z - ' ' O r u ' . ' a . ' ' ' ' I ' ' ' I ' ' '
r 1 . . I I . 1 7111+13 ' ' o 7 I . I I IHv7Rolac N777:123I I I ' r I i I .
,1 I .1 ... .. : I I . t1 . . . ..
' . '
r .. . '. y . . â.''I-) k;' EL tl jf.,l t . c4 r Er s 7 c) 11.:1 r-l-Ih-I:1I-:1n o
to E gl e ss Fa bt I c 8, u ffer c * ' ' ' .'
'
. i t
'
LI ' I ' ' ' '
tC? 2009 C 1 sco Syst erns , I nc U s 1 r)ç) t h e C Isco N exu s 70 00 1 n Data C enter N etwtlrk s 1 - 3 t;
VO Q O peration
. t) i 1 z a () 1 2 w-= 1= . I
I I r
'
r ' 'I E'' I I l 1. ' I
. I I I ' I. . .
+ x. , . . e x p v.C)L '-' f ''
. . .' . .
' If . . '. ,.
0 123 0 123
'' M ocklle n ' p lodul e :.
Egre s s M oj u 1 e s
, , . . . . .. ... -. . - #, .. ,. , . . .q .:..1:.. j s.l ,1:,r g:s I () I :? :$''. .. -.... <. . jwc ' '.-.- t &:17E t, 19 xw . ' ! a '' n- -. '. .'' . .k . .. u ' ''''' ' ' ' b '
Supelvlsol
Fabl Ics -' - -- w '
, .i -. < '. .4
rvl .cqj t1i eh 1 . - ,v1 c? tltll kb &' ?1 $/1 C) cl tJ1 (i x,n
kvfc'os c orresp oncj t oEgress F abrlc Buffers on
In nl e 'J-.s rbqoclul e other rnodules Egr e ss Modules
q -36 I mplementlng Clsco Data Center Networklng lnfrastruclure 2 ( DCN1-2 ) v3 .0 tê.) 2009 Cpsco Systems. 1nc
t . .. - ' ( . . ... . ... .. . . . '' . .. .. .
1 . . . 1 xx. ... '. .. . v. d x C w. . .L
Access to fabric bandwidth is controlled by the centralarbiter on the supervisor:
ln other words. access to the VOQ for the destination across thefabric.
Arbitratlon works on a credit request and grant basis'.Modules com municate egress fabric buffer availability to centralarbiter.
Modules request credits from supewisor to pjace packets in VOQfor transmission to destination over fabric.
Supervisor grants credits based on egress fabric buffer availabidityfor that destination
Arbiter discriminates among four classes of service'.Priority tralfic takes precedence over best-effort traffic acrossfabric.
Introducing Po er upplies and ooling'1 ' l '! i >. l o 1) i t' d t? s t2 1' i b t.' h ( I 1 t.' k k! ). t 'c :1 ( L l l'k.' 'x ( ') t ' l I l c (. ' i sc ( .3 N kl ''s tt > -.7 ( 1 1 t ') p f '$ 'SN c T' h 1. I 1'1 ! 7 I 1 c 'x k l l 1 tl l 't, 11 t.' t ) t , 1 I 1 ) g>, )$ s t t.' l .1 1 .
@@ @**
.:. J. :,,' @@ @ *
* * K ** 5 'œ * * *W' ! K *@
4 ;.. :* * eë P' f' *''w - *M*œ @ * 1 ..œ * W ' ' ' *,. . @@@
* *@ *' ' '. * @ K* **@ *. *
-@ ** * *** P ** * *
N ID Y E A DC povzer s u ; , k,l v I stlelrnfl olanned for juture rinltzase
.. >mx
N7K-AC.6 0 KW
6r') 2009 Clsco Systems. Inc Uslng the Clsco Nexus 7000 In Data Center Networks 1-39
1.40 Implementing Cisco Data Center Networking lnfrastructure 2 (DCNI-2) v3.0 (() 2009 Cisco Systems. Inc.
' * # r * . @. 7 =1.1..% w.
** :*** 1%***** '*%** **F* 1** :*l*Fseer 3W*#*** ' ' 3** Y*** t'î '**B*l*k î ' 1*K#*****' 1*K#*@*** 1*W'-@@W IF- #
* .
F u I I powe r fo r t h e 7 5 KWpowe r s u p ;)1 y I s 2 2 5 K jlil 'for : h e N e x u s 70 1 0 c h a s s I s
N 7 K - /t C - 7 (n K W
Ic' 2009 Cpsco Systems, lnc. Uslng tple Cpsco Nexus 7000 ln Dala Center Networks 1 .4 1
1 -42 Im plementlng Cpsco Data Center Networklng lntrastructure 2 ( DCN 1-2 ) v3.O (7. 2009 Cisco Systems . I nc
IL.R > . : 3 M . .
. ! ' . I l11 Y' 1 Rild U O d 3 rl C9 ' 1 ' ' ' ' .
. . 1îr'<v $.2 I Eab Ie Powe- '' '' '' '
12 kW '
. . . .. I ..
, . j .$. ' .. r
'
I ' T
'
I '' r
'
' :
*
c '
; '. : if rG d Redundancy E ' 1r I tf ' 1 q '
Aval I :3 b I e Power . ' '. z . '
gg9 k i
2 .?1J SJ 2 ? (1 k/
I 1
1 .Ior 1 1 $61.1
U.. .y- . r ,. .. . . . . . ,1 , . âk .)
'
ê P
2 + E'm1 h: j +!' :
Full Redundancy - '' : ' : -
Avallable Power
9 kW '
:.,t)v zcok'T h Is l:- t k)e def au it mode '
':. , r I 1 1 ' l I ' 1
Redundant system fan trays provide t ' ' .'cooling of 1/O modules and $ . ' . ' *-D' 'j.
. .1, :. k .
Sur)OrVISOr engirles. 5 . . ' ' . . .,.1:L.. J.'u'
S
N 7 K- C 7 0 1 0- FAN .S
1 '%êiX' ivVIic 'h e.. ' 'ê rrl ''Ck v é;; .J/!/.;z?y:.JJ:3Q)iX: ? ' ' ; t: .'ls. ' t'p%2iJ., Rfllii's Vp2: ' 'jo1 . j'1.: ' <t. i.u.rklf 4 R d u n d a n t f a b ri c fa n s p rovld e coo I i ng.: 'JO ''>'. ' '''-
to- .; --..i.i'g of crossbar fa bric modules' U ; 1'''Z22 ' 7;: . ' :'â' .'.k1 : .ZJ J: ; r '': ,. NJ j k.. . IS.E i -7 ;e'll -
N ?K-c'j'01 O-FAN-F
Connectivity M anagem ent ProcessorTl1 is ttlpic descri bes tlle CN/1 P,
@ 2009 Clsco Systems. Inc. Using the Clsco Nexus 7000 In Data Center Networks 1-45
1 -46 Implenlenllng Clsco Data Center Networklng 1 ntraslructure 2 (DCNI-Z ) v3 O (() 2009 Crsco Systems. lric
?t- ons czle MGM T 0z 1 . = . . .. !.. . . .,...1., ' o = . -é.a . . . . . . - .r jsuo r.à
. ln.Bancl M anagel n ênt
wp'A' c t.of. Eand Managelnent' u
' r .-.- - .- - = 1. ':5= : . . . e @ . , 1 . . , 1 . . I ta = . ' -
C ont;o je MGM TO C M P
#/? /k
.t (
1 -48 Impliement' ng Clsco Data Center Networklng lnfrastructure 2 ( DCN I-2 ) u.'j 0 @ 2009 Ctsco Systems hnc
N7010 .cljsetup
- - - - System Admln Account Setup --
Eoter the password for ''admin''. NX0s12345
Conft rm rhe password for
Thls setup utilïty wll1 guzde you through the baslc confâguration ofthe system Setup configures only enough connectivlty for ma nagementof tbe system.
Ptease register Czsco Nexus 7000 Famzly devlces promptly wzth yoursupplter Fatlure to reglster may affect response txmes for znztxalservkce calls Nexus Family devxces must be registered to recelve entttledsupport services.
Press Enter aL anytzme to skap a dlolog Use ctrl-c at anytzmeto skkp the remaxning dialogs.
Would you like to enter the basic conflguration dïalog (yes/no) y
s. .;: . . .. - : y t. o, j'@ ky ... w. . . .,,... V ét Q L . . 4 v .. ? b . .'t e..J & . 'k.'
N70l0-Cl# show loggzng
Loggœng console: enabied (Severmty: crttmcal)Loggmng monztor: enabled (Severzty' notmficatœonslLoggzng lznecard: enabled (Severity' notificatmons)Logging tmmestamp ' SecondsLoggang loopback ' dlsabledLoggïng server: dlsabledLoggzng logflash: enabled (Severaty: notxfïcations)Logging logfxle. enabled
Name - messagas'. Severœty - notifmcatlons Size - 10485760
Facllxty Current Sesslon Severïty
auth 0authpriv 3cron 3daemon 3ftB 3kern 6localo 3locall 3local2- -MQre--
Aftcr tllc initial sctup Ilas been pertbrlned, tlle console cable can be detaclled. i t- reqtlired. Thutsystclll is thcn ready for l igllts-otlt nlanagcnlent:
. Llse Telllct (41' Sectlrc S11cll ( SSl'I) to collncct to the acti vc stlpcrvi sor CM P I P addrcss.
K Nlonitoring ot- the stlpcrvisor consolc otltpul is cnabled by dcfatllt.
w Use tllc lnonitor module colzllnand to cnable and disable supervi sor nnollitoring; tl'lcstipcrvistlr consolc (ltltput is stored in an in-lnclnory buffcr.
* Use tlle show logging conilual'ld to see thc consolc outptlt of the supelwisor storcd in tllc i11-lnclntll'y btlffer.
1 -50 lmplementlng Cisco Data Center Networking Infrastructure 2 (DCNI-Z ) v3.0 C) 2009 Cisco Systems, lnc.
e A - - = '- . . . . 114 IIP .'1..tin (a raa . -.n x - w - v . s t o . .. - ... uw .
' Telnet 'ssH 1 f, '% > -'
''v. j
Note The password configured wlth the Cpsco NX-OS Soflware from the supervlsor control planetakes precedence over the password configured uslng the CMP
(Q 2009 Clsco Systems , Inc Us, ng the Clsco Nexus 7000 In Data Center Networks 1 -5 1
Post Cisco NX-OS Software Version 4.1Ability to reload the entire system except CMP
Ability to keep the entire switch in a powered-down state(except for CMP):This is useful if the system has shut down due toover-temperature. lt allows the operator to prevent power-upfor adm inistrative reasons if normal temperature Is restored.
Abllity to review system sensors Independently of control planes
:-52 Implementlng Clsco Data Center Networking Infrastructure 2 ( DCNl-2) v3 0 .2; 2009 Clsco Systems. Inc
C isco Nexus 7018 C hassis
High density: 51 2 1 O-G and 768 r.k zK-c z0 1 81 -G ports
Perfofm ance at release. I?. MX> .
U p to 1 .2 Tb/s syste m ba ndwid th '.% = =' = -= '#: .= = =' #= == ' lU
p to 480 mpps system switching ../ -c- = :jq, a , è = T = e-
LJ p to 80 G b/s a n d 60 m pps per slot rd : - c '= =7= X.7 ' -
F u tu re proof : 71 - ' e - :.= = * l= = =%Up to 7
.8 Tb/s system bandwidth -(230 G per slot) wlth Initial fabric . E-= JZr
. g .= =modules . -r r..s. =
Scalabde to 1 5+ Tb/s system '
Side-to-side airflow
Redundancy for aII com ponents
C'iscl) Nexus 7(41)(p 1 8-SIt,f () fhassis
1 .54 Implementlng Clsco Data Center Networklng Infrastructore 2 ( DCN 1-2 ) v3 0 'LI.L' 2009 Clsco Syslems . Inc
F5 rtl r) t ''! . '- '>'>-. - ,4.1I1.q !=== = N . : 3
=. x = = &= .system status uEos .. .i= = .:pzz.r. -- = m, , .-.w
Two Supewlsor Siots $9-1 0 ) .l ' % .= = >= ''= = Q==G . -
= = = == - = -== -
Slxteer) Payload Slots ( 1 -8. 1 1 - 1 8 ) ' . --> = =. - e-. = =
A1 r 1 nt ake
'L('.' 2009 Clsco Systems, lnc Us1n(J (he Clsco Nexus Ft700 pn Data Center Netwtlrks 1-55
Product Nam e Part Num ber
Common Equipment
Cpsco Nexus 7000 Serles 18 Slot Chassls - Includes cable management arld N'/K-CZOI8fans cloes not Include power supprles
Clsco Nexus 7000 18 Slot Fabrlc Module - 46 Gb/s per slot NZK-C'JOI8-FAB-I
Clsco Nexus 7000 Serles 7 5 KW AC Power Supply Module U S (cable Included) N7K-AC-7 SKW -US
Clsco Nexus 7000 Serles 7.Y KW AC Power Supply h/lodule Inlernatlonal (cable N7K-AC-7 SKW -INTIncluded)
1/O Module
Clsco Nexus 7000 - 48 Port Gigabit Ethernet Module. 40G Fabrlc (req SFP) N7K-M148GS-1 1
Optional Equipment
Crsco Nexus 7018 Front Door Kit N7K-C7018-FD-MB
(Note Cable manapement is included as standard equùpment in the chassls Theoptlonal Front Door Kil suppods dual openlng capabllity for fhexlble operatponcable lnstallation )
Cisco Nexus 7000 Spares
Clsco 18 Slot Chassls no power supply, no fans N7K-C7O18=
Cpsco Nexus Z000 - 18 Slot Chassis - 46 Gb/s per Slot Fabnc Module N7K-C7018-FAB-1 =
Clsco Nexus 7000 Series 7 5 KW AC Power Sapply Module U S (cable included) N-/K-AC-'/ 5KW-US=
Clsco Nexus 7000 Series 7 5 KW AC Power Supply Moduke Internatlonal (cable N7K-AC-7 5KW-included) INT=
Cpsco Nexus 7000 - 48 Port Gigablt Ethernet Module, 40G Fabrfc (req. SFP) N7K-M148GS-1 1 =
*
1-56 lmplementlng Clsco Data Center Networklng Infrastruclure 2 (DCNI.2) v3 0 (C) 2009 Clsco Systems. lnc
Rear.
j -- .- aI I . dSystem Fa r'l Trays (up to 2 )
j œ J g ul v! ':I
' l l ! ! 1 I' j
'
1' kF a k) n (; Mod u Ies ( u p to 5 ) 1
l' j
.i Il I l l l II l
T jI1 '' - '
': vi .! 11
Po wer F eed '-(220 VAC Preferred) $. 7L-7771 r
$) 2009 Clsco Systems . lnc Uslng the Cpsco Nexus /000 pn Data Center Networks 1 -5 7
Product Name Part Number
Cisco Nexus 7000 Spares (cont.)
Cisco Nexus 7000 - 18 Slot Fan N/K-C-/OI8-FAN=
Clsco Nexus 7018 Fabric Module Blank Ni'K-C7018-F-BLAN K=
Clsco Nexus 7018 Chassls Power Supply Blank wlth Handle N7K-PS-BLANK=
Clsco Nexus 701 8 Front Top Sectlon and Cabpe Management KIt N-/K-CZOI8-CAB-TOP
Clsco Nexus 7018 Front Door Kit N'/K-C/OI8-FD-MB
Clsco Nexus 7018 Rack Mount Kit N'/K-C-/OI8-RMK=
Clsco Nexus 7018 Bottom Supporl Kit N7K-C7018-BSK=
Clsco Nexus 7018 Shipping Packaglng N7K-C7'01 88-S H PPKG =
Clsco Nexus 7018 Chass's LEDS K1t N7K-C7018-LEDs=
SFP Optic Module
IOOOBASE-SX SFP SFP-GE-S
IOOOBASE-LX/.LH SFP SFP-GE-L
IOOOBASE-ZX SFP SFP-GE-Z
1 .58 lmplementlng Clsco Data Center Networklng 1 nfrastructure 2 ( DCN 1-2 ) v3 0 'C' 2009 Cdsco Systems In(J
The Crsco Nexus 7300 1 8-S1ot FabricModule wlth 46 Gb/s per slot dellvers the 14fault-tolerant fabrlc that provldes parallelfabrlc channels to each I/O and supervlsormodule slot
Up to five simultaneously actlve fabricmodules can work together. deliverlng 230Gb/s per slot of bandwldth
lklust provlde connectivity and bandwidthto up to 1 6 1/O modules and d ua1supervisors
Has a dlfferent form factor than !he N7K-
C7010-FAB-1 d
N 7 K .C 70 1 8-FAB. 1
Cisco Nexus 7000 18-SIot Fabric M odule
lndependent varlable-speed Systemand fabric fans provlde efficlent
cooilng capaclty to the entlre systen). 'IFan tray redundancy features help 4ensure reiiability of the system andsupport for hot-swapplng of fan trays
+Slde-to-slde atrflow increases thesystem denslty wlthln a 25-rack unjt(RU) footprint, optimlzing the use ofrack space. L'fY
Has a different form factor than elther!he N7K-C701O-FAN-S or N7K-C7010-FAN -F .
N'/K-CTOI 8-M N
1-60 Implenlerntdng Clsco Data Center Networklng Infrastructure 2 (DCN1-2) v3.0 i7) 2009 Clsco Systems, Inc.
C isco Nexus 7000 Series Site Preparation
Alti tud eThe Clsco Nexus 7000 Series Is rated to opcrate at altltudes from500 to 1 3. 123 feet (-1 52 to 4 000 meters) You can store the Jevrceat altltudes of -1 ,000 to 30,060 feet (-305 to 9, 144 meters)
Dust and ParticlesA clean operatlng environment can greatly reduce the negatlveeffects of dust and other particles, whlch act as insulators andInterfere wlth the mechanlcal components In the devlce.
CorrosionTo prevent corroslon avold touchlng contacts on modules andprotect the devlce from extreme temperatures and m01st. saltyenvlronments.
Facility Cooling RequirementsClsco Nexus 701 0 dlsslpates up to 35. 162 Btu/hrClsco Nexus 7018 dlsslpates up to 51 . 1 95 Btu/l-lr
*
1-62 Implementirlg Clsco Data Center Networklng I nf rastructure 2 (DCN 1 .2 ) v3 0 @,' 2009 Clsco Systerns. Inc.
Chassis Airflow - Nexus7010 (front-to-back) .
Airflow for coollng the ' -su pe I'v i s o r a n d 1 / O m o d u l e s s-uu.ox' - . . --11 .1-t. . .,. )1 'QQk S
i flj .$ 4Airflow for cooling the fabric u.$' ! .,:-. r : ' ?modules
- - an- ycjAtrflow for cooling the power -. .s.supplies 'r. .
,LII ' j $I ? >g
I.- ... ,:)
(C / 2009 Cisco Systerns . Inc Uslng the Chsco Nexus F000 In Data Center Nelworks 1 -(ï3
Chassis Airflow - Nexus7018 (side-to-side) . . ?Airflow for cooling the - ' --''-* .; r !! A''1:/1. ; 1J'1:! 'q. r v
. s ; y .su pervisor a nd 1/O m odu 1es , jjj jjy, .ïj' $#.? !, jlj .J . î.s l #j j, A5.q aktw . ,.? ; .j' Airflow for cooling the fabric a $.x. r . xe.&)t't . . . .. ..!1
m od u l e s '! I r.t k .j#) ; ,j4...,jq. kt . . z. oj z!j;,.:7 1 .ea. . .Airflow for cooling the . i . . ,+! ;4t 'ociiog.j.jr y!power su ppI ies ' -. ! .' s ' .23--. .j j)j,.. z.t);rj! .,s .T1. . E '' . lt,.,. ' '. ,,. -
1i l;t!1l').'' hli.rqiE.. C'il .I' .jL:;.1' '' .F 1157u..'15t.j, . i!' ,,.:'b-''.èLb. . 'jkr'.,' '
. lrjjj:. , -- ,11, F!'. ( '' ''(5''rk!Iji. .p?. : . . . .
'
y. ..:.$7 ,- iL:t). . . ' :,'( 1 '!I?;i..1,. ''' l !. '.':'?.,. ïs- . t'F. ....ë1:. . ' . '''''''' 7 )
i' . ' . i
C'i skrtt N tlxtl.', 70 l () di ssi pkllu's tlp to 3 5 . l (à2 1..1'1' Us pcr llotll'
(-'istrt! N u'xus 70 l 8 d issi polt?s up to 5 1 . I 95 I'ITLI:., pcr htltlI'
1 -64 1 mplementlng Clsco Data Center Networklng Inf rastructure 2 (DCNI-Z ) v3 0 'L.? 2009 Clsco Systems , Inc
Electrom agnetic and Radio Frequency Intederence' Cover aII open expanslon slots with a m etal filler.Always use shielded cables with metal connector shells forattachlng perlpherals to the device.
Shock and Vibration. The Cisco Nexus 7000 Series has been shock- and vibratlon-tested for operating ranges. handling. and earthquake standardsto Network Equipment Building Standards (NFBS) Zone 4 perG R-63-Core .
Grou ndinge Ovewoltage. unden/oltage. and transients (or splkes) can erasedata from the m em ory or cause components to fail. To protectagalnst these types of problems, you should always properlyground power cables
Shock and Vibration
Grounding
Power SourceFor 6-kW power supply units. the circuits must be rated for 20 A.1 1 0 VAC or 220 VAC.
For 7.5-kW power supply units. the circuits must be rated for 30 A,220 VAC.
The receptacles for these circuits must be within 1 2 feet (3.6 m ) ofeach power supply unit when it is installed in the device chassis
StructuralThe Cisco Nexus 701 0 chassis weighs 5O0 Ibs fully loaded.
The Cisco Nexus 701 8 chassis weighs 684 Ibs. fully Ioaded
Com bine these figures with the rack weight; special care must begiven to assure proper suppod within the physical facility wherethese units are being housed.
Pow er Source
1 -66 Inlprementl ng Clsco Dala Center Networklng I nfrastructure 2 ( DCN I-2 ) v3 0 .:() 2009 Clsco Systems . I nc
- . - . tL''(
Physical Speclfications
Chassis Wldth Depth Helght
crsct h Nexus 70 IQ 1 7 3 lnchfas (43 9 cr'n J 38 r) lnches (96 5 cm 1 $6 75 Inches fgF.s ! t' I)) I 4 2 1 O RU )
():.s,;f h Nexas 701 t1 1 7 3 Inchtts f 4 S 9 crrl !' 38 O Irlches ( 96 5 c'aa , .1 3 75 lnches I 1 1 1 1 s 1t h . t 25 O RU )
A single Nexus 701 8 m ay be installed in a standard rack withextra space available for cable management or patch paness.W hen placing the Nexus 7000 equipment. consider the orientationto hot and cold aisles for proper exhaust and intake.Also assure that adequate space exists at the front and rear toaccom modate installation and rem oval of modules.Two Nexus 701 0 chassis m ay be mounted in a standard 7-foot-high rack (42 RtJ) with Iittle or no clearance at the top and bottom.
1 -68 lmplementlng Clsco Data Cenler Networklng 1 ntrastructure 2 (DCNl-2) v3.0 ûr).. 2009 Cdsco Systems . 1 nc
Power Requirem ents - Nexus 7010 Chassis
Component Quantlty Maximum Typlcal
St2 pervlsor Module
zltt-rèorl 1 0 '1 00/ 1 000 i/O mod u1e 400 %?
zlii-por! 1 .Gb/s 1/O mod uIe 1 to 8 4 00 W 358 W
32.r)or1 1 0-Gb/s 1JO mocjule /bO W (5 1 1 W
F abnc Mod u;e
/h I I F' an Tra ys ( tota I ) l
Power Requirem ents - Nexus 7018 Chassis
Component Quantity Maximum Typical
Eltzpervdsor Module 2 21 0 W 190 W
48.p0:1 10' 100/1000 1.'0 rnodupe 1 to 16 4O0 W 358 W
48-por1 1 .Gb/s r/O module 1 to 1 6 400 W 358 h.!f
32.port 10.Gb/s 1/O module 1 to 16 750 W 6 1 1 W
Fabrlc Moduie 3 to 5 100 W 90 W
A1I F'an Trays (total ) 1433 W 569 W
Determ ining Bas'Ic iiardWare Inventory
Display Chassis Components
N7010-Cl# show xnventoryNAME' ''Chassxs'' DESCR I ''Nexus7000 CV0l0 (l0 Slot) Chasszs ''PID. N7K-C701û , VfD V0l . SN 78M12234289
NAME ''Slot 1- DESCR: ..10/100/1000 Mbps Etbernet Module''PID' N7K.Ml46GT-ll , VID VOl . SN JABl2240DKC
NAME. ''Slot 2... DZSCR. ''lQ Gbps Ethernet Module''PID' NVK-M132XP-l2 VID V03 . SN: JAFl249AGRC
NAME ''Slot 5'' DZSCR: ''Supervlsor module-lx''P'D N7K-SUPI , VID' V0l , SN. JA812250190
NAME: ''S1ot 6'' DESCR: ''Supervxsor module-lx''PID N7K-SUPI . VID V01 . SN' JA81225019N
1. - ,' q 4. : xD . #' .
Determining Basic Hardware Inventory
Display Ghassis ComponentsSAME ''Slot 11'.. DESCR: ''Fabrlc card module''PfD N7K-C70l0-FAB-: V1D V01 . SN: JABl224O0NQ
NAME' ''Slot 12.' DESCR' ''Fabrlc card module''P1D NVK-C7OIO-FAB-I VID. V01 SN: JAB1224û0PH
NAHE. ''Slot 13.. DESCR: ''F&brIc card module''PID. NVK.CVOIO-FAB-I . VID; V01 , SN: JABl224O0QT
NAME: ''SlotSupply''PID N7K-AC-6.0KW VID. V01 , SN: DTHl220Tll4
NAME ''Slot 34'. DESCR' ''Nexus700O CVDIO (10 Slot) Chassls PowerSupply''PID' &Vh-AC-6.0KW , VID. V0l , SN: DTHl220Tl32
1 .70 lmplementlng Clsco Data Center Networking I nfrastructu re 2 f DC N I-2 ) v3. O ':() 2009 Clsco Systems . I nc
Determ i n ing Basic Hardwa re I nventory
Display Chassis Com ponentsNAME: ''Slot 36'' DESCR' ''Nexus7000 C70l0 (1O Slot) Chassms Fan Module''PID N7K-C72l0-FAN-S . VID V0l , SN FOXl219X95L
NAME ''Slot 37.. DLSCRP2D N7K-C70lO-FAN-S
NAME. ''Slot 38.' DESCR ''Nexus7OQ0 C70lO (l0 Slot) Chassas Fan Hodule''PID NVK-CVOIO-FAN-F VID' V0l SN FOXl2l9X0AA
NAME' ''S1ot 39.' DESCR' ''Nexus7000 C7010 (1O Slot) Chassxs Fan Module''PID . N7K-C70:0-FAN-F , VID' V01 , SN FOX1219X06N
Determ ining Basic Hardware Operation
Determ ine Active Supervisor
N7010-C1j show redundancy statusRedundancy mode
admlnzstratzve' HAoperatlonal HA
Tbls supe rvxsor (sup 5)
Redundancy state. Actlvesupervtsor state' ActlveInternal state' Aetive wïth HA standby
Other supervasor (sup-6)
Redundancy state StandbySupervxsor state HA standby
'tD 2009 Clsco Systems . 1nc UsI ng the Clsco Nexus /000 ll7 Data Center Networks 1 -7 1
Determ ining Basic Hardware O peration
Determine System Start Time
Internal state' RA standby
System start time. Mon Feb 16 03'Q5.27 2009
System uptxme D days. 3 hours 11 minutes 28 secondsKernel uptzme' 0 days 3 hours t3 mœnutes 36 secondsActzve supervxsor uptrme 0 daya, 3 hours, tl mlnutes. 28 seconds
... . . . '' '
. . .. ... . ... ; q Q '' ..:. . ..J . a . . . . ' ' l
Determ ining Basic Hardware Configuration
Display dndividual Modules
N701O-Cl# show moduleMod Ports Module-Type Model Status
l 48 10/102/1000 Mbps Ethernet Module NVK-Ml48GT-11 ok2 32 10 Gbps Ethernet Module NVK-M132XP-12 ok5 0 Supervzsor moduie-lx N7K-SUPI active *6 0 Supe rvisor module-lx N7K-SUPI ha-standby
*
Determ ining BaS'IC Hardware Configuration
Display lndlvidual M odules
Mod S< Hw World-Wxde-Namets) (WWN)
1 4 1 (4) l 0 -2 4 1(4) l 4 .-5 4 1(4) l 06 4 l (4) l 0
Mod MAc-Addresstes) Serial-Num
l 00-22-55-VV-68-20 to 00-22-55-77-68-54 JA81224021C2 00-23-ac-65-55-b4 to 00-23 ac 65-55-d8 JAF1249AGRC5 00-22-55-7V-65.60 to 00-22-55-77-65-68 5A8122501906 00-22-55-7V-64-f0 to 00-22-55.77-64-f8 J*81225019N
* thas te vmanal sesszon
Determlnlng Basic Hardware Performance
Display Environmental Param eters
N70l0-Cl/ show envzzonment
Clock'
Clock Model Hw Status
A Clock Module '- Notsupported/NoneB Clock Module ' Notsupported/None
Determ lning Baslc Hardware Performance
Display Environmental Parameters
Fan.
Fan Model Hw Status
F'an l ( sys f an l ) N7 K-CVO l () - F'AN- S l 1 OkFan2 ( sys- f an2 ) NVK-C; Q 1 0 - FAN- El 1 . l OkFan3 ( f ab-f an 1 ) N7K-C7010 - FAN - F 1 l OkFan4 ( f ab-: an2 ) N7K-C7 0 l 0 - FAN - E' l l OkFan l n Pïl - - - - OkF'an- n-PS2 OkAb'an-in-ps 3 AbsentFan -Aa - Fi l ter Absentr
*
Determlnlng Baslc Hardware Pe/ormance
Display Environmental Parameters
Temperature.
Module Sensor Halor'rhresb MinorThres CurTemp(Celsius) (Celsius) (Celslus)
1 Crossbartss) l05 95 51 Okl CTsdevl (s6) I15 l05 66 Okl CTSdev2 (s7) ll5 l05 65 QkL CTsdev3 (s3) ll5 lO5 67 Okl CTSdev4 (s9) l15 105 61 Okl CTSdev5 (sl0) ll5 l05 60 Ok1 CTSdev6 (sll) ll5 105 63 Okl C1'Sdev7 (sl2) 115 195 58 Okl CTsdev: (sl3) ll5 t05 59 Ok(output skxpped)
*
1 -74 I mplementlng Clsco Dala Center Networklng lnfrastructu re 2 ( DCN I-2 ) $/3 0 'i 2009 Crsco Systems lnc
Determ insng Baslc Hardware Perform ance
Dssplay Module Power Allocation
Mod Model Power Power Pewer Power StatusRequested Requested Allocated Allocated(Watts) (Amp) (Watts) (Amp)
l N7K-Ml4eGT.l1 400 00 B 00 400 00 8 00 Powered -Up2 N7K-Ml32XP-12 750 0D 15 00 750 0û 15 00 Powered -Up5 NVK-SUPI 210 00 4.20 2lO Q0 4 20 Powered -Up6 NPK-SUPI 210.00 4.20 210 Q0 4 20 Po-ered-upXb1 N7K-C7O10-FAB-l 60 00 1 20 60 00 1 20 Powered -UpXb2 N7K-CVOIO-FAB-I 60.00 l 20 60 00 1 20 Powered-upXb3 N7K-C7010-FAB-l 60 00 1 20 60 00 1 20 Powered-up
Sum m ary
The Cisco Nexus 701 0 chassis is the first chassis in the CiscoNexus 7000 family and is optim ized tor data center environm ents.
. The Cisco Nexus 7018 chassis Is the newest product in the CiscoNexus 7000 family and provides backward com patibility withsuperwisor. 1/O module. and power supplies.The superwlsor engine and Iine cards include the CMP for lights-out m anagement and a blue beacon LED for easy identificatlon.
The 6000 and 7500 W AC power supply for the Cisco Nexus 7000series chassis has dual lnputs at 220/240 V or 1 10/120 V', dualinputs al 220/240 V or 1 1 0/1 20 V: and proportional load-sharingamong supplies.The CMP is a standalone always-on m icroprocessor supervisorengine. and also provides Ilghts-out remote management anddisaster recovery vIa the 10/100/1000 interface.
. Site preparation recom mendations are extrem ely im portant tosupport and maintain high-availability pefform ance
1 -76 I mplementlng Clsco Data Center Networklng lnfrastructure 2 ( DCN 1-2 ) v3 .0 (:LL' 2009 Clsco Systems. lnc
Lesson 2
O verview of the C isco N exus
7000
O verview
Objectives
Introducing C isco NX-O S
k'
@ '.%a >
r. ' CII !
ç, .rI.j'ik.,!dklk'. 'l/qwo *'., ;z '' .1.)..--.&.*
. fr .
Clsco NX-OS. . , o
1 .78 I mplenlentlng Cpsco Data Center Networklng I nfrastructure 2 ( DCNl-2 ) v3.0 û ) 2009 Clsco Systems . Inc
(' ' 2009 Clsco Systems. Inc. Uslng lhe Clsco Nexus 7000 ln Data Cenler Networks 1-79
Loû
T i IzAtr-rall!1,c
. -I'f ' 1: speci Iic tlptitlns: tll'g. ;lk.'k. psll . rsl . syllc. lin. u'stabl isllctl.
Note Oniy named ACLS are supported: al1 numbered ACLS are translated and converted tona med ACLS
1 -8O I mplementlng Clsco Data Center Networklng Infrastructure 2 ( DCN I -2 ) v3 .0 @ ' 2009 Clsco Systems. Inc
'1 aarw I. N x 7 ()z. .: : r: I i r r, I
: . .: ,
,wè j ..3 ; .. . ..Data pla ni> s t r()a rrl s .* I . I
. 2009 Clsco Systems . lntz U s1r)(; tlhe Chsco Nextks 7000 ln Dala Center Networks 1 .8 1
z & *
'
. @ : '
* * ''- , -.? 1 ' ' E. ' '* * .,- ia-* * - ; * '* * 4
.+. l-i. ,.'..q'* '
,.p '
. .. . . . 2
1: '' ? 'T$%Cr.TC 'C' 'j ; '' ' ' ''l r .1 ' # ' f
'
'' ' '
Display the system utilization .
N79l0'Clj show system resourcesLoad average: 1 minute' 0 06 5 mlnutes. 0.05 15 mznutes0 01Processes 8Q4 total. l runningCPU states 0.0p user 0.54 kernel 99 5+ tdleMemory usage: 4129600K total 2082824K used 2046776K free
6032K buffers, 933184K cache
Npodular shl/
AII show com mands may be 'Issued from any context.
N7QlO-C1# show moduleMod Ports Module-Type Model Status
1 48 10/10:/1000 Mbps Ethernet Module N7h .Ml48GT-ll ok2 32 10 Gbps Ethernet Module N7K -Ml32XP-12 ok5 0 Supervisor module-lx N7K-SUPI actzve *6 0 Supe rvlsor module-lx N7K-SUPI ha-standby
(remaznlng outpu t omltted)
N70l0-C1# configEnter confzguration commands one per line. End wlth CNTL/ZN7010-C1(confIg)# show moduleMod Ports Module-Type Model Status
1 48 10/100/1000 Mbps Ethernet Module N7K-Ml48GT-ll ok2 32 10 Gbps Etbernet Module N7K-Ml32XP-l2 ok5 0 Supervzsor module-lx N7K. SUPI actzve *6 0 Supervxsor module-lx NRK-SUPI ha-standby
(rematnvng output omltted)
NV0l0-C1(confxg-1f)j Dbandwzdth Set bandwidth Informatlonal parameterbeacon Dtsable/enable the beacon for an znterfacecdp Confzgure CDP knterface parameterschannel-group Confxgure port channel parametersdelay Speclfy Lnterface throughput delaydescriptïon Enter descrïptton of maxlmum 60 charactersduplex Enter the port duplex modeend Go to exec modeerrdls Kble Configure error dïsable parametersextt Exxt from command lnte rpreterflowcontrol Configure interface flowcontrolxp Conflgure IP featuresxpv6 Conflgure IPv6 featureslxnk Confxgure llnkloggtng Conftgure loggxng for xnterfacemac MAC configuratzon commandsmdzx Enable auto mdix modeaedxum Confmgure Interface medlum modemtu Conflgure mtu for the portno Negate a command or set zts defaultspop Pop mode from stack or reatore from namepush Push current mode to stack or save it under namerate-mode Enter the rate mode
- - sore .
1 -84 Implementpng Cjsco Data Center Networklng I nfrastructure 2 ( DCN 1 -2 ) v3 0 !. 2009 Clsco Systems 1nc
K
:1 lltl-lllk3l'c
fl.l 2009 Clsco Systenls. Inc Uslng lhe Clsco Nexus 7000 In Data Cenler Networks 1-85
N70l0-C1/ show runnang-confxg 9<CR>> Redirect at to a fxle>> Redxrect zt to a fïle In append modeaaa Dksplay aaa confzguratlonacllog Show runnlng conflg for acllogaclmgr Show runnlng config for aclmgrall Current operatxng conflguration wzth defaultsam D:splay am znforma tmonarp Dlsplay arp znformattoncallhome Dksplay callhome confzgurationcdp Dxsplay cdp crnfœgurationcert-enroll Display certyfycates confzgurationcfs Display cfs confzguratxonscmp Dzsplay CMP znformatxoncopp Shou runnzng confxg for coppdzagnostlc Dlsplay dzagnostxc Informationdiff Show the dxfference between runnxng and startup confzguratzoneem Show the event manager runnzng confxguratxonicmpv6 Dmsplay acmpv6 lnformatlonxgmp Dksplay igmp xnformationmnterface Interface conftgurataon
-More-
NV0lO-Cl# show running-conftg cdpversxon 4 1(3)
NV0l0-C1# show runnlng-confxq cdp al1verston 4 1(3)cdp advertxse v2cdp enablecdp holdtime l80cdp tïmer 60cdp fo rmat devmce-ld system-name
znterface Ethernetl/3;cdp enable
znterface Ethernetl/38cdp enable
Lnterface Ethernetl/3gcdp enable
-More-
+
1-86 Impiementlng Clsco Data Center Networklng Intraslructure 2 (DCNI-2) v3.0 (Ct' 2009 Clsco Syslems, Inc.
N7Ql0-Cl-C1-Pod1-Red# show tnterface ethernet 2l'xEthernetz/l Is upHardware 10000 Ethernet addressInternet Address zs 10 11 l 1/24MTU 1500 bytes, BW 10000O0Q Kbzt DLï 10 usec.
relzabilzty 255/255. txload 1/255 rxload :/255Fncapsulatzon ARPAfull-duplex 1Q Gb/s, medta type zs l0gBeacon is turned offAu bo-Negottatzon zs turned offInput flou.control ls off output flow'control as offRate mode zs sharedSwztahport monitor ss offLast lznk flapped 1d09hLast clearzng of 'show Interface'' counters neverl manute xnput rate 112 bzts/sec 0 packets/secl mznute uutput rate 32 bzts/sec O packets/secL3 in Swztched:ucast O pkts 0 bytes - mcast 13556 pkts. 1111592 bytes
L3 out Swltched:ucast 0 pkts 3 bytes - mcast û pkts. D bytes
15997 knput packets 0 unxcast packets 15993 multzcast packets- -MOre--
%' ' 2009 Clsco Systems , Inc Uslng tht) Clsco Nexus /000 hn Data Center Netwchrks 1 . 87
AIl Clsco Nexus 7000 lnterfaces are designatedintedace ethernet slot/port.
N7010.C1(confIg-if)# Anterface ethernet 2/l-aNvolo-cllconfœg-if-rangel/ no shut
N701O-C1 (confxg-if-rangeàj xnterface ethernet 2/5ND0lû.Cl(confIg-1f)j no swltchportNV0l0-Cl (confzg-œflj znterface ethernet 2/4 ethernet 2/7 -8N7olo-cllconflg-xf-rangelj mtu 9216
1 -88 lmplementsng Clsco Data Center Networklng I nfrastruclure 2 ( DC N I -2 ) v3 .0 1. ' 2009 Clsco Systems, Inc
Cisco Nexus 7000 10 Glgablt Ethernet Interfaces m ayoperate in either shared or dedicated mode.Specifying a range of Interfaces for dedicated m ode operation.
N701Q-Clj configN70lD-Cl(conf:g)# lnterface ethernet 2/l ethernet 2/3 ethernet 2/5ethernet 2/7Nvolo-cllconflg-lf-rangel# shutN7olo-cltconfig-tf-rangel# rate-mode Ddedtcated rate mode Is dedzcatedshared rate mode Is shared
N7olo-cltconflg-af-rangel# rate-mode dedacatedERROR' Conflg not applled on all ports.
Conftg allowed only on the fzrst port xn each port group
N7olo-cltcunftg-tf-rangel# no shutKRROR Ethernetz/3 Ethernetz/s. Kthernetz/7 Config not allowed as fxrstport kn the port-grp as dedicated
Port Group lntedaces
Port Group 1 Interfaces 1 , 3. 5 and 7
Port Group 2 Interfaces 2, 4. 6 and 8
Port Group 3 Interïaces 9, 1 1 . 13 and 1 5
Port Group 4 lnterfaces 10. 12. 14 and 1 6
Port Group 5 Interfaces 1 7. 1 9 . 2 1 and 23
Port Group 6 Interfaces 18, 20. 22 and 24
Por't Group 7 interfaces 25. 27. 29 and 31
Port Grotlp 8 Intedaces 26, 28, 30 and 32
7- 11 e pklrt grol.l 1.') .A .Th'; l (. ' pro h. i tltzs l ( ) ( i b b o 1' l 1) 1.4.4 tlg 11 ptlt l
'
o u'ltc 11 pl 41'1 gro Llp . '1 ' llc 1 k'itcl'lktt' $.vs 1 r'l l 11 u' seport grt 'tl 13 b I'nktj t'klncl'clte i 11 c i t 11 cr a :,1 1 :.1 red or tlcd icat ctl ll'ltltit.l .
Specifying a range of interfaces for shared m ode operation.. . confag
znterface e thernet 2/1.32. , . shut
Vlew the interface transceiver typea show interface etnernet 2/: tracsceaver
-r'11 e -i : -I) t) rt. 1 ( i i gtltl? il iï tl1 cl'11 c l 1..'.( ) I11 t'tl t11 e illt c1'I-l1 c k) s :1re lll'rêll1 t; c Cl ll1 tt) ft) tlr IAt'I'l Llrt' tl)7 s :1 st't'lltdyy s'.
Port Group Interfaces
Port Group 1 Interfaces 1-12
Port Group 2 1 Interfaces 13-24Port Group 3 lnterfaces 25-36
Pod Group 4 Interfaces 37..48
1 -92 1 mpkementpng Clsco Dala Center Networklng I nfrastructure 2 ( DC N 1 -2 ) v3 0 tll' 2009 Cdsco Systems . I nc
Operation M anagem ent Toolkit
l - -. xl#V 1 . -q, ..-
jj X =- jk E T-:
'
' ( -1 ..' l IL (i t?L ' ' -. . . . . ' rhp ' '' Lï -';yj ê... .. ..t:::::)... ., '' u ' y tj (. j ; y k . . . yy)j j ( r 'g . j .''- . ..;. ; '$1 ''--..-- -.w * *- -.-
Ie lKjIIIIIIIIqjt't.: .: . - (tk. .. Ljt.j. .. ,
1 -94 lrnplementkng Clsco Data Center Networklng lnfrastructu re 2 ( DCNl-2 ) v3.O tiJ 2009 Clsco Systems. Inc
Introducing C isco NX -O S Process Recovery( t '1 ,3 I t.' 17 1'O C C > % 1'k.* C t ) N C l') .
Cisco NX-O S services checkpoint their runtime state tothe PSS for recovery in the event of a failure.
k .:, ' . k
'
. . ï
'
' E . ' l.
uer
y ' ) 2
I l-. > 1- %?*k
'
@ 1 ! ' !) I I '.
'
ti. ,.
PS S = Pers I s tenl Storlitje Servlce
- 1, 1, 11, 4 ., ,ë ,I.
yjjt ygza ())j
R eota rt p r 'n.uessl
y,,,#.,, z. j. j. z . . j. !, ! ru j, . . .a. : jj .N' X
i s .; .
! ! ! ) ' :u j u ë .LI
i ti .- - )--
1 -96 I mplementlng C Isco Data Center Nelworklng Infrastructure 2 ( DC N I -2 ) v3.O 'ï(s. 2009 Clsco Systems. lnc.
,.. ..--...:1
%1k:12': : ë . -.,,..a ,;k. 'r. i. t- 3?1:12/'. ..K-'*u '-r t.
:ai a k= 1I !!
.I r.ul.5 t e I. I . )
'
IData yane stlealns Ie > j!- - ..+ .. . . . t f , ., - t .... 'j (t 1
. . - a. ' =
Cfi; 2009 Cksco Systems . (nc . Uslng tI3(! Clsco Nextls 3'()C)0 In Data Center Networks 1 -9 T
Introducing C iscoRedundancy
NX -O S Supervisor
Reqtle,.;;t lknarishc't
Prta'. 4 qle f;n apsllot State :jn c1)I oalzed'Stalt se1 $.'1f'eS 1l1 Standby anûl ncit, fy
PI Czzlde E. v ent-dl 1 'zen Gync IneGsageG
Aotiv' e Sta n d b'?
1.... z - ' . =,..' 'z. . .. .>' . .' .i: , .
: I Ip I t . j . I 1, .I :' 1 . E
Data plane streams .*..e - 1 I - ' - *, i ' . I: .2i . I I
.7; F ?t'AOtIVQ. Standby
. . ' . .'.
y>)' . 6tb t .
.
'
. -.-. :j
'
,
d
: '-,
'
1. IE' jData pian e stl ealll s * - - 0 (- 1e *
. ' 1 j z .$- xL =. u .
<'.:,. lt cI) (h'a :# i f'a'l; ;k c tl % 65
R eIo ac;
Actke
. . kr '' ... )
/ z< W . c. . . o u u . S,e. x *- q, j f' ; m.. s %
, .2.
; , .1 I I 'l I .' .
.
p I '. .j2. 11! 1 l ! , ! . .1 ' i '! '' lDalo pjane strearlls * G - 1 - - '- *I ' .
I I
After the manual switchover is complete, you must reconnectto the new active supervisor module to continue configuration.
N7010 Cl: system s-ltchoverN%010 C:j Raw trme read from Hardware Ctoek Y=20Q% M=J D=iV 23 48 02writxng reset reasan 7
MxJ suF ve r 3 l $ 0se rzlz! Pn rt Par ame te: s fz oa cMospMc oN T ûx2oOE'MCON -2 Ox OPyC 1N-'3 Ox 3a1:2 s YS Oxl'lpertovcaoq Memory Detectzan and TestangTesttng 2 DRkM PatternsTotal mem found 4096 MB
Memory test rompleLeNumcpus = 2Gtaous 6l: PCI DEVICES Rrnmeratzon StartedSrarul. 62 PCI DEVICES Enumeration LodedStatus 9F Dtspatchtng DrzversStatus HL IQFFGA FoundStatus 9A Bootkng From Prxnary RoMStatus 98 Found Clsco :DLStatus 98 Found Clsco 1DEStatun 90 Loadœng Boot Loader.More
1 - 1 00 lmplementlng Clsco Data Center Networklng I nfrastructu re 2 ( DCN I .2 ) v3 0 ? , 2009 Clsco Systems . I nc
O n a Cisco Nexus 7000 series with two supervisors, theISSU process follows these steps:
Begins when the adm lnistrator issues the install aII com mand
Verifles the Iocation and inlegrity of the new soflware imagef i Ies
Verifies the operational stalus and the current soflware versionsof both supervlsors and aI1 switching modules to ensure that thesystem is capable of an ISSU
Loads the new software image to the standby supervisor andbrings it up to the high-availability-ready state
O n a Cisco Nexus 7000 series with two supew lsors, theISSU process follows these steps:
Forces a supervisor switchover
Loads the new software image to the (formerly active) standbysupervisor and brings it up to the high-avaiiability-ready state
Perform s a nondisruptive upgrade of each switching module.one at a tim e
Upgrades the CMP
During the upgrade process, the system presentsdetailed status inform ation on the console, requestingadm inistrator confirm ation at key steps.
)' s- ! '
1-1 02 Implementlng Clsco Dala Center Netwurklng Infrastructure 2 ( DCN 1-2) v3 0 @ 2009 Clsco Systems . Inc
J2. 2009 Crsco Systems . $nc U slng the Clsco Nexus /*000 In Data Center Networks 1 - 1 03
1 -1 04 I mplementpng Clsco Data Center Networklng lnfrastructure 2 ( DC N t-2) v3.0 (tp 2009 Clsco Systems, I nc
The Cisco Nexus 7000 Series switches contain several EPLDSthat provide hardware functionalities in aII m odules.
EPLDS enable module functions to be upgraded when needed.using software images instead of hardware replacement.
#Vt EPLD images and upgrades are independent of the ISSU.. EPLD upgrades are disruptive, so they must be completed duringa m aintenance window.
1 .1 06 I mplementlng Clsco Data Center Networklng lnfrastruclure 2 (DCN I .2 ) v3. 0 (tp 2009 Clsco Systems. I nc
32-poq 1 O-Gb/s Ethernel 170 moduhesUpllradlng the Clsccl NX.OS Sotvare (N 7K.M 1 32X1:7.12 )frorn Release 4 ! $2 8 to Release 4 1(3) on a Fabrlc modules for Clsco Nexus 70 1 8swhtch Lhat shlpped wllh Release 4 1 t2)
IN7K-CZOI 8-F/œ 1 )Upslradlng the C'sco NX-OS Software
Supervlsor (N7K.SUPI è clodulesfronn Reiease 4 1(2) lo Reluase 4 1 (3 ) on aswLtctl rhal d;d not shlp wlth Release 4 1 ( 2 ) and 48-port 1 0ï 1 O0J1OOO Ethernet 1/ O modulesa full EPLD upgrade lo Release 4 1 (2 ) was no: (N 7K-h'1 148G'f-1 1 )
32-port 1 O-C9brs Ethernet 1éO modules( N 7 K.M 1 32XP- 1 2 )32.port 1 O.Gb's Ethernet IJO rnodtlles
Uslng Clbco 'Trusted Securpty( N 7 K-M 1 32 XP- 1 2 )
/c. . s''' (.'L r .
Installlng the EPLDS on an active supervisor module
N70l0.Cl# znstall module 5 epld bootflash n7uoo-sl-epld 4 0 2 wmgEPLD ïmage file buzlt on Frï May 16 20 36 39 2008EPLD Curr Ver Ne< Ver
Power Manager 3.4 3 610 3 23 3 23Inband l 7 l.7Local Bus CPLD 2.1 2.1CMP CPLD 6.O 6.OWARNING. Upgrade process could take upto 30 mxnutes.Active Supervxsor xs beïng upgraded. =-Data traffic on the swltuh wxlL be affectedllThe swttch wyll reload after the upgrade process.Do you want to ccntinue (y/n) 9
' . - x. . ... .-. ... - .. . . p . . . w
' . '
Installing the EPLDS on I/O or a standby supervlsorm odule
N7Ql0-C1# install module 6 epld bootflash n7009-sl-epld 4 0.2 tmgEPLD Amage fale buzlt on Frz May 16 20:36:39 2038EPLD Curr Ver New Ver
Power Hanager 3.4 3 610 3 23 3 23Inband 1 7 1 7Local Bus CPLD 2 1CMP CPLD 6.0 6.0WARNING' Upgrade process could take upto 30 minutes.Standby supervksor zs bexng upgraded.Do you want to contxnue (y/o) >%'
7 - 1 08 lm plementîng Clsco Data Center Netwllrklng 1 nfrastructure 2 ( DCN I -2 ) v3 0 ' J 2009 Clsco Systems. knc
I nstaliing the E PLD im ages for a fabric module
NW0l0-C1# tnstall xbar-module l epld bootflash.nvooo-sl-epld 4 Q 2 xmgEPLD zmage fale . built on Ycx May 16 20.36.39 2008EPLD Curr Ver New Ver
Power Manager 2 7 2 8WARNING Upgrade process could upto 30 mlnutesModule could be powered down and upMaar Module 1 wzll be powered down nowl'Dta you want to contznue (y/n) 1 En1
Installlng the EPLD lm ages for a fan m odule
R70l0-Cl# tnstall fan-module l epld bootflash n700O-sl-epld 4 O 2 tmgEPLD tmage fzle buzlt on FrI May 16 20 36.39 2008EPLD Curr Ver New Ver
Fan Controller O.5 0.7Fan Controller 0 5 0.7WARNING: Upgrade process could upto 30 manutesModule could be powered down and up.Frogrammlng Fan Module l 11Do you want to contLnue (y/n) (n'
N7010-C1# reload T
KCR>
cmp Conneatlvlty Management Processor
module reboot a specaflc module
soft do not touch CMP on active during reload
N70l0-C1j reload module n
<1-10> Please enter the module number
N7010-C1# reload module 1
reloadzng module l
2 O 09 Feb l 6 07 ' 03 : 2 8 NVO 1 0 -C1 i. ;; VDC - 1 @. $ 't PLATF'ORM - 2 -PFM MODULE RESET : Manual res tar t o f Module l f rom CommandL a. n - 1 n t e r '-f a c: ee
N7 0 l 0 - Cl j 2 ()0 9 Fe.b l 6 0 7 ' 0 3 30 N7 0 l 0 - C l 4. S VDC- l : $ 5 PLATFORM -2 -MOD PWRUP . Module 1 Fsowered up ( Se r l.a l number .3AB12 2 4 0 0KC )
1 - 1 1 0 Implementlng C ksco Data Center Networklng 1 nfrastructure 2 ( DCN1-2 ) v3 0 ':bp 2009 Clsco Systems . I nc
. . '
.. .. ,
'
j(,,
'
' ' .
'
.
'
PE .
'
.
'
. , r ) ' .ïx . q ) !
N70l0-Cl# attach Q
cmp Connectzvlty Management Processor
console Connect to the console
module Module number of the lznecard
N7010-C1# attach module 1
Attachzng to module l . .
To exxt type 'exit', to abort type '$.'
Lmnux lc1 2.6.10 mvL4ol-pc target #1 Tue Jun 10 14133:07 PDT 2008ppcGNu/Lznux
module-l# show system resources
Load average. l mtnute: 5 mlnutes: 0.03 15 manutes. 0.07
Processes 66 total l runnyng
CPU states 0.0% user, 9.0+ kernel 100.0% zdle
Memory usage: 1036932K total, 256236K used, 7*0696K free
98304K buffers, 47348K cache
tT' 2009 Clsco Systems, Inc. Uslng tfne Gtsco Nexus T000 ln Data Center Networks 1-1 11
Sum m ary
Cisco NX-OS Software is a rlext-generation operating system thatbrings three fundafnental technologles into a single platform .
Clsco NX-OS Software services checkpoint their runtime state tothe PSS for recovery in the event of a failure.
Clsco NX-OS Software has reliable process com munication andhas isolated and memory-protected processes that reducesupervlsor redundancy.
1 .1 1 2 lmplemenltng Clsco Dala Cenler Networklng 1 nlrastructore 2 t DCNI -2 ) v3 0 l 20219 Cisco Systems 1nc
Lesson 31
Introducing the V idual
C ontexts in the C isco N exus
D evice
7000
O verview
Objectives
Introducing Virtualization
I II II Layer 3 Services I1 I
I *
'
* @
'
*
'
1* . 4
. .. .. .. ' ,
i èi jà : ' ' ' , . 17 t; : '' ' : k l 1: . . j ;: ! . . t' . r t . . . .
u a y e r 2 s e w i c e s = . = . . . . = . 'E U Z E ED ! j E&
..4jlT ? (')('jj,l *61T. ''.J J.gt ''. ! jl' . . làs : . 1è' ''
Physical Switch
1 - 1 1 4 1 mplemenllng Crsco Data Center Nelworklng Infrastructure 2 ( DCN I .2 ) v3.0 Q 2009 Clfsco Systems . I nc.
' , = . . . . . . - . . . = ' . . . 0 ' . . . . . L' I = = . . = . D z . = 0 . . =. . = . . ' I' , = . 0 . . m. , = . . = 0 . . mz . = ' ' ': 0 . o = . . =. . 0. . a = . . =. . . ,
= m: , n = = =: , >. =' . = . . . . > . z = . . , . = . t ' .
.. . j'' VDCI VDCn I
; r lt l.t .q ) .1 t'. .: . . .. j 7..$2.1,j 7.7 .j ' '? s ,v. ,:r :: Y ' ' I
I II Physlcal Switch I
1 - 1 1 6 Imppementlng Clsco Data Center Networklng infrastructure 2 ( DC N 1 -2 ) v3.0 1( 2009 Clsco Systems I nc
Scalability at FCS: NM
4 K v L A N s fv D c c . c . c . V. c. V.2 5 6 v R F s iv o c ' c . c . = . c. c. c.), .rou r vocs j t/ljtc, =. =, .;t:=- =- =-:
. ),..,) .. .. .yl . .Default VDC
T h r e e a d d i t i o n a I 1 7 = , = , = . =. =. =.V D C s c c c c. c. c.
).i.=.. , ' = ' =,. ,
.
. . =' =' =': L..L..- -... ,.r ,: :
( ( l # lr '' ' 'i ' ''i') 'cy c c =. c. c.'.. r t ! );fc c c V. V. V.m m m m. m. c.
SL 2009 CLsco Systems. irlc Uslng t#3e Clsco Nexus 7000 In Data Center Network s 1 - 1 1 7
Physical network islands are virtualized onto com mon data centernetworking infrastructure.
y . k . .
. . . ... .c . . ' ' .. . . . , '
-
. . (. *' - J e . '. - L. ' ' ' ... -. t ls . x p,. . '.
t .. r .
.#?i'j . . .:-: ; '. .7t Jt.Eu.' .
. ..
k. . i.T .
' '
L' .' '
1 . 1 1 E$ 1 mplementlng Clsco Data Center Networklng Infrastructure 2 ( DCN I .2 ) v3 O '.1) 2009 Clsco Systems . ln(.
' Default VDC 'I *
'
*
'
4. . ' * *
'
@
'
*. 1
I - 0 . * M. . M t . I' X 0 * : 0: ' O ' ' '
O O O O= .'
. . . . - z 1 voc 1 Is the default vDc AII portsI , In the physical chassps are assigned: ' ', to the defa u lt VDC u n iess they areI voc 1 I asslçlned to another VDC
I . VDC 1 cannot be created norI ' : d eleted 1 t ! s the d efa u 11 VD G
Physlcal Swltch
Each VDC is a separate fault domain
A process crashes in any VDC
Processes in the other VDCS are not affected and continue to rununim peded
kILPB
1 . 1 2 0 I m pl enh e nt I ng C 1 sco D ata Ce n ter N etworkl n g 1 nf ra st ru ct u re 2 ( D C N I - 2 ) v 3 0 t)J 2 009 C lsco S ystern s . I nc
1 Global Resourcesg.
# 1I I .
' '
Dedicated ResourcesI ') ! I '. .
.1 i
'
i j ' ('
Shared Resources
f . . .' . , N!t ; . - . . , = ; . .'ex' : . . . 'u@. e. I .. 1 # .rdtls.) Io' . 1 . > = ..v. o= < ' = ' > '
ManagernenlEthernel
32-por1 1 0G. 1/O module Interfaces must be asslgned to VDCS ona per-poct group basis
r' il VDC.A i 't --. . ... ... - - .-. . .-. . --..
X X W X X c c c œ œ @ œ U & O r
t' rI vpc-B ! l ! f:t I L ! ..
. ;k . ;y;. , .. . . . . t')l , . . . . . .
VDC :A
Poll GI oop 2
Port Group 41 t
'
i 'rP o rt (-% I o u ;'.' 1Port Glotlp 3
j ':; VDC : y' E) :r
'
:: :k I
1 . 1 22 I rnplementpng Cpsco Data Cenler Networkrng I ntrastructure 2 ( DC N 1 -2 ) v3 0 '(.. 2009 Crsco Systems . 1 nc.
Note Fof the 32-por1 10 Gb $/0 nloduhe. the ports lllust be ailocated to a VDC in ilort grouplngs offour ports
Note For the 48-por1 10/1 00/1 O00 I/O modure the ports can be allocated to a VDC on a per-portba s Is
ft'o 2009 Crsco Systerns . lt3t. Uspng the Clsco Nexus 7000 ln Data Cenler Networks 1 - 1 23
Resource template Iimlts may not be changed within the defaultVD C .
Defa u lt VDC. i è
'
.)j x ,.
IPv4 route-map memory 80 MB
IPv6 route-map memory 48 MB
Porl channels 256
SPAN sesssons 0 2
4094
1 - 1 24 Impiementlng Clsco Data Cenler Networklng infrastructure 2 (DC N I -2 ) v3.O C .. 2009 Clsco Systems. lnc.
G 4
X
Line Card 1 Llne Card 2 1 Lpne Card 3MAC Table MAC Table MAC TableMAC eA'' MAC ''AR
hî e j a : s 8 F? hl z j a hl g;> > > > >' ' MAC Address A
1 - 1 26 Implementlng Clsco Data Center Networklng I nf rastructure 2 ( DCN I-2 ) v3 .0 fff ' 2009 Cfsco Systems . Inc.
Exa m ;'Ie
VDC Number Number of Routes Number of ACES Allocated Llne Cards
10 100K 50K Llne card 1 and 2
20 ( 10K 10K Llne card 1 , 2. 3. 730 90K 40K Line card 3 and 7
ACE = Access Control Entry
(ç) 2009 Clsco Systems. Inc Uslng the Clsco Nexus 7000 In Data Center Networks 1-127
1- 1 28 lmplementlng Clsco Dala Center Networklng Illfrastructure 2 (DCN I -2 ) v3 0 ba) 2009 Clsco Systems , 1 nc
'-' Network - Admln I ''
N twork .. Operator I - ij q e . I. I - j. .. 2 j. I ''?'6 I 'j 1i: 1 * '
I , I . j j ,, . j : ,. I Jj ,I i l t
'.
' I . !. . oxx ,. : 1
.1 ..: 1 ; sua j ,VDC - Adm in ..
.. 1 ' - .- 11 ; ,.ç t' j c 11 . . . .
. ç jj. k % . $
, . k. 'i i . , .
' , . j ..?' 11 tl 1
. '- x
1'' ett:.' 1. I.. f I' J.. . 1
VDG - Operator ', K; 1 '
PR jkl c :.!1 j j) u k(...? p:
xav ax ',' . :'.' 1 x z 'zpc ,':'Ic 6 ': z z . .
' / 1'?'u. 1' '.' k Y / X '', . N h$ .z s$ ? ,, / Il . . , h 'I ' j
'
. '
'
' 11 I..y k : / :/ $ .' I
/ 'k xtskocq '' N Nersv... :. xelstack: . . zz x - .
- Nxx xA '
' q r; 1 1 1 I . 1 17 I 1 )>'J 10 1 1 :K) I: '
SJ( )1 ' ' ' ;1 I h! ' t :'l.v. ,#t . .1 sv
'v D' 1 s . s 'c.;.
' p ' . ! ! 1 f . ' t ' - .r.:)u c .? F v ' -' 1 : î 1 .7''/', - 1 $ ' t 1 1 . k'''''lll;!. !!!hj1
*
,
*
::>$.6 r.zl :L.'. . :1
$J 7.:* 1 .1 b :)17 1' C F> '. $
SSHD = Secure Shell DaenlonSysl-og = System LogglngAAA = Admlnlstratlon. Authorlzallon Authentpcatlon
1 - 1 30 lmplementpng Clsco Data Center Networklng l nfrastructure 2 (DCNI-Z ) v3 O Q 2009 Cisco Systecls. l r1c
VDC Configuration
The Cisco NX-OS Advanced Services License is required tocreate, delete, or m odify VDCS. A grace period does exlst. butwhen it expires. any VDC configuratlon will be deleted .
The network adm inistrator role is required to create delete ormodify VDCS.
VDCS are created from within the default VDC globalconfiguration context.
Physical and Iogical resources are assigned to VDCS from withinthe default VDC global configuration context
j ,.. . f q'''m . . . , .. . . . !. . .. . ,, . ....7 ,.. . I ' ' ' ' ' ''. - ..) t.) . ..,.%.. . . ..:. . ... .. ..: .. s .. . iu. t... ) . . ,
' lnitially, aII chassis physical resources are part of the default VDC.. AII configuration for the interface is lost when you allocate them toanother VDC.
W hen a VDC is deleted. the operatlon of the VDC is disruptedand aII resources are returned to the default VDC.
To rem ove the interface from the VDC and return them to thedefault VDC, you must enter VDC configuration mode for thedefault VDC and allocate the interface to the default VDC.
. W hen perform ing VDC configuration and m odification. it is veryimportant to be in the proper configuration context.
1 - 1 32 I m p1e m e nt1 ng C 1 sc o Da ta Ce n te r Network k n g l nf rast ru ct u re 2 ( D C N I -2 ) v3 . O :-s 2OO 9 C 1 sco S ystem s . l nc .
Common Deployment ScenariosVDCS for service insedion and firewalled security environm ents
VDCS for horizonlal device consolidation
VDCS for vertical device consolidation
VDCS for combined horizontal and vertlcal consolidation
1 .1 34 Impiernenllng Clsco Data Center Network rng infrastçucture 2 ( DC N I-2 1 v3 O (tz-. 2009 Clsco Systems . I nc
.. - . ... . .. . s -. . .: . .. .( ( . .. . l,. , .''j . ; k' '.- . k..' )1',
Use the default VDC as a ''m aster VDC'' reserved foradm inistration of the other VDCS.
Restrict access to the default VDC using accounts with the Ieastprivileges necessal-y to accom plish operational tasks.
lf the default VDC m ust be used for traffic, allocate the highestpriority traffic or availability traffic to the default VDC.
Use AAA for VDCS with different administrative domains.
Configure the high-availability policy to ''restart'' or ''bring down'' tom inim ize the im pact of a failure within a single VDC.
Ensure that the configured control plane policy Iimits satisfy therequirements for aII active VDCS.
Usc a di l'lèrent AAA sfzrsrer lbr cacll 'SJDC Y'DCS alloNv tllc di.z l'ini t itlll t)I- di screttl A AA scr! crspcr V DC . Tllc adlni ni strative accotlnts sllotlld be colltigtlred stlci: tlpat tlpc adlni 11 accotltyt lbrally givell V DC docs not cx i st iI1 tlle user database of tl'c otllcr AA A scrvcrs.
(I) 2009 Clsco Systems, Inc. Using the Clsco Nexus 7000 in Data Center Networks 1-135
a l.. f t.. yg2; f!. #: ..: j: -â .- :? :- f -. . j.7 . . g. .. ) r.. .-- yj t) jy )-- ) (r cy.w . . , k .. . . ..g..J 7 r K
Nondefault VDCS are created from w ithin the defaultVDC global configuration context
I 1$..! r&p 2 vdc Red' 1 ' 1 ( ' r r I I ' ' : ''
:'' show vdc
vdc ad vdc name state mac- - -U-- ---U---- ----- ----------l N7010-Cl actxve 00:lb:2l;09:3f:lB2 Red actxve 00:lb:2l:09:3f:19
Nondefault VDCS are removed from within the defaultVDC global configuration context
-. 1. - IF confzg t
'1 . i - jI. urq IId no vdc Red1 . '.' l ' . '4 '' 1. r ' ' ' :. ' l I ' rr ' ' ' i - ' . - l 7. . I 5 2 . I ' . . I E 'E . 1 1 'J
'. l I I I . yes' 1 . n t.' : : ' j .T I '' :.' 7 ' :' 5 1 - ' n'! 4 ' ' L r .ct ( I ' 'L I rl 1 '' '
1-136 lmplementkng Clsco Data Center Networklng Infrastructure 2 (DCNI-2) v3.0 @ 2009 Cisco Systems, lnc
Dispiay VDC resource assignm ent for aII VDCS' 11 n? i hIr show run I begln vdc
Allocating a single Ethernet interface to a VDCI If config tI I 1..1 .... vdc RedI I ..'1 ' .E allocate Interface ethernet 2/1
Allocatlng a range of Ethernet interfaces to a VDC. config t
. vdc Red
'< allocate inLerface ethernet 2/l - 4. I l I I I l . I
l ' I I I ' 1 ' '1 1 I I I I ' ' ' ' I ' r I
Allocating a Iist of Ethernet interfaces on the same m odule to a VDC.. j 1. aonrzg t
I I ol . vdc Red: I u! . b allocate Interface ethernet 2/1 ethernet 2/3
ethernet 2/5
Display VDC interface inform ation from within the defaultVDC
I i show vdc membershzp
1 - 1 38 1 m pl em e n tl n g C 1 sco Da t a C e n ter N elwork I n g I n fra st r u ctu rqt 2 ( DC N l - 2 ) v3. 0 .i2 2 009 C1 scc S ystem s . 1 f lc
D isplay VD C su m m a ry $nf orm a tlonshow vdc
Display summaw VDC information from wlthin a nondefault VDC. show vda
Dlsplay detailed VDC information from within a nondefault VDC' . show vdc detaxl
Display VDC interface information from within a nondefault VDC. show vdc pembershxp
Dlsplay VDC interface status from within the default VDCshow vdc membershzp status
1- 1 40 I mplementlng Clsco Dala Center Networklng lnfraslrocture 2 ( DCN I -2 ) v3 0 êd 2009 Clsco Systems. 1 nc
Navigating between the default and nondefault VDCS' .' switchto vdc Cl Podl Red
. I I h ' ' . I '
Sw itch from a nondefault VDC back to default VDC' I . . eswœtehback
. . t.. .. - ... . ..
Display detailed VDC information within the default VDC' r show vdc detail
' I I I . . I : II I I I . . I 1 . ' ' : . ;
'
I ' I I. I . . I I !
Copy the running configuration for a1I VDCS on the physical device tothe startup configuration
I ' copy running-conflg startup-config vda-all
Display the running configurations for alI VDCS
. show runnlng-confzg vdc-all
1 . 1 42 Im plemerltlng Clsco Data Center Networklng 1 nfraslructure 2 ( DCNI .2 ) v3.0 t't,' 2009 Clsco Systems . I nc
H igh Availability
T11 e 11 i gh -:I'$'cti lab i l i ty po l i c i u.s lbr a V DC d tl l5nc t 11c acl 1 on tl1 c C isco N X -(3 S So ft vs arc ta lvcsw'llen an unrecovcrablc '$,' DC fatllt occurs.
(ù) 2009 Cisco Systems, Inc Uslng the Clsco Nexus 7000 In Data Center Networks 1-143
VDC 1 VDC 2 . . . VDC n
' Nvolo-clj conflgureN70l0-Cl(confzg)1 vdc Red$
kj ' xj; - N7 0 1 0 -Cl ( conf â.g- vdc ) 4 ha -po 11 cy ( dual - sup ( br x ngdown I res tart I(' '' swà. tchover ) I s Ingle - sup ( brangdown I rel oad I res tart ) )>
&70l0-Cl(confIg-vde)# exxt
N70l0-Cl4 show vdc detail
1 . 1 44 1 mplementlng Clsco Data Center Networklng pnfrastruclure 2 ( DCN I .2 ) ï/3 0 '1L' 2009 Cpsco Systems. 1nc
Sum m ary
. Existing switches provide Ievels of vidualization such as VRF andVLAN. but this level of vidualization exists within the conflnes of asingle device context.
W hen the VDC ls created. a default resource allocation is madefor this VDC. Resource allocation focuses on VLAN. SPAN . VRF.GLBP group, and Portchannels.
Each VDC is assigned a default high-availability pollcy thatdefines what the swltch should do in the event of a VDC failure.
1 - 1 46 1 mplementdng Clsco Data Center Networklng lnfrastruclure 2 (DCNI .2) v3. () @ 2D09 Clsco Systems . 1 nc.
Lesson 41
M anaging the C isco N exus
7000
O verview
Objectives
m Dcst'ribe (. 'i sct) (..i enttl'i t. ( )1) 1 i lpt? l'liêtgl'ltdst ics
K Dcsc 1' 1 btJ t l'kkr C' 1 sct) E E N1 t'tll'll ptlnu'n t s
K
m Dcseri bk.. systktl'll lutzssagtl lklggi I1g
. Dcstl 1'1 bc t l Ik! tlp,tt o 1- A A A
S NM P and X M L
SNM P Capabilities
èi l l;' - - '..x j , j. j jy Ij ;;k lk i jI jl 1
.:.
Traps
. bL(
NETCO NF Layers
Transport protocol SSH version 2
RPC <rpc>, Krpc-reply>
Operations Kget-config>, <edit-config>
Content show or configuratlon comm and
1 .1 50 I mpiementlng Clscch Data Center Networklng lnfraslruclure 2 ( DC N 1-2 ) $/3 0 '% 2009 Clsco Systems . Inc
I ., u:t y çc - .'-' pol..J jj ('-h 1, - ' r- g s k r a. n f o r R -. .4 ? m s e c ! 1 'q 'R '' '% / 1 D. c.- w- J.- w - ...7 u . . -. - - -.u - Ilr'ocess = IP i,r 1 r.2 Fzt Fh' - = .'3.71 L71 '*'%C; v - w'z --. T I a c e ba c. k = ?. O 1 D 1 ' - L 4 :h 00 7 'RA 1 z7
k'3 o ogle c ptlho /J1 t?n rh l)) I.'h r et tlI r1S 1 0K tl 1tS
:
'<. I l-# ';I
r'1 r' . 1 '.2
t' (ISN h1P-3-CPt.El-I( )(.i: Plxltltlssillg Gtztlkch.t k'l'tlltt 1 f.11' InF'db E 11 t ry . 1 . 8 . () . 3 2 . l 7 8 . 2 24 . 223
-$- 2 ' k (x ,y. (' x t /. ui '.. . - ,/ ,
N7Ol0-C1# xm1 server validate 9<0-2147483647> sesslon numberal1 all sessxons
N7OlO-C1 # xm1 server te rmxnate D
N7010-C1 # confN701Q-CL(confxg)# ssh server enableN701Q-C1(config)# show ssh serverssh zs enabledversion 2 enabledN7010-C:(confzg)# xm1 server max-sessxon 6N7010-C1(confyg)# xm1 server ttmeout Q<0-1200> txaeout zn seconds
N70l0-C1(eonfIg)# show xm1 server statusoperatlonal status ls enabied
v
<
1 - 1 52 lmplemenllng Clsco Data Center Networkpng Infraslructure 2 (DCNl.2 ) v3. :) ê(J. 2009 C, sco Systenls. Inc
-1' l1i > 15 gtll k) tiescl'i bcs Ci sco N X -( lS 4 .( ) N F:VC'(3N F al:tl X N 1 l c:LI?tll7 i l lt lct,.
Note To exlt the debug c1i force xm l-output comm and. lssLle the no debug cli force xmloutput command
' >. 2 00 9 C I sco S yst ems 1! lc U s ; n g t h e C i s co N exu s /0 00 I 13 Dat a Center Netwl) rk s 1 - 1 53
1- 1 54 lmplementlng CISCO Data Center Networklng Infrastructure 2 (DCNI-Z ) 13 0 'o 2009 Cisco Systems. Inc
C isco G eneric O nline D iagnosis
Fault-detection framework for high availability'.
9 9 9 99 O/o - '' '. . . -Qul.EiF. go arcj I7o (!o 1es(%: o . . i . $ . 4J I m '.. 1 euProactlve dlagnostlcs ' Dlscuptlve anc noncllsft,ptlve ti.stu
serve as hlgh- . . . .-availability tnggers.a nd take f a u 1ty 'hardware out ot Perlodlt baukulsxlntl Lt'srs0. z . # * t * . ! lk J @ * c i *=u hl cgl cI1 sf tJ;)h v i. Ld1';! hservice.
r .. h.? ' l ' I L
Troubleshooting tools:
* Ii , ; . . z .. . .: 6 ..c cart ros. -.11 ','f. ttss.sI n Dlk; 3 :> dk s f t. iikp'd (' ! J''a t % t; %f'f5
Reactpve dlagnostlcs Z . 4 1 ' 2.: c . ê 3 ! . < 1 *'.c' martifclç lurTngfor troubleshootlng . . . . : d . e R.- I
Suppoded : Not Suppoded :Cisco GOLD integration with clsco GOLD com mands inCisco EEM the nondefault VDCDefault policies shipped with Disruptive and offlinethe system di
agnostic testsuser-configured policies can
ide or augment default Layer 2 and Layer 3 EARLoverrolicies functional tests as present in
Cisco Catalyst 6500Cisco GOLD integration with
Smart Call Home generates Bootup tests for fabric cardsdiagnostic alerts (for example. through CiscoOBFL and Syslog GOLD)Basic fault isolation suppod Cisco GOLD on CMPfor port-loopback tests . Fabric connectivity test fromNarrows it down to a m odule standby Supin m ost cases
1 . 1 56 Inlplementlng Clsco Data Cenler Networklng Inf rastructure 2 ( DCN1.2 ) v3.0 @ 2009 Clsco Systems . Inc
Cisco G OLD and EEM Default Pollcy and Actions
Diagnostic ResultsBootu ;) D I algno st rcsChtlck Operatlonal status SY SLOG rnessageo f c o nl p (3 n e n t s n I . D 1 A (3 . S P . % . h. 1 A J O Rv ' '
! Mod u I e 2 tDn I 1 ne'
dlaqnostrcs detected ak
'
Rtjnllme DIaCJNCIStICS , ma or error Please* Ii tlse dlagnostlc moduieOn-tjerrland
dlagnosttcs statlcally ' ' I 1 2' lo See les;t restllts1.1 Ipt r $ g e r e d b 9 a n -
Umlnlstratora' S t; h 1 e d tl I f) ddlagnllstics to run at . . . * .1 S ;)e CI fl C t 1 m e *
kî1 ké q' k t ' th )( t ctt,th L)I 1 t q,Nondlsruptlve heaith
d 1 :.1 n o s t i c s r u n n 1 n g 'l e b ac kg ro u n d '''x ' l rnt ) It ' ! l t f ' reb e tI n t(J rz.' 41 ;J 6) rR qE'rl t I q v c) k 69 S t N iè11 It1h'' ' t3 Y c3 11 é1 p?III1 j il (2 tl C) Of 1I; h.1 ' irA x4 . , ''l 1 : '. $3 In
t 2009 Clsco Systems. Inc Uslng the Clsco Nexus 7000 ln Data Center Networks 1.1 57
Cisco GOLD and Smart Call Home lntegration
1l, , Trlgger:4
l y?J jj consecutlve-fall-thresholdl . .' ! j! Iljt Snpart cad, Homet.. 'i ) ,! j !
, f:r lj l p .j
'
) y.
1 - 1 58 lrnplemenllng Clsco Data Center Networkpng lnfrastructure 2 ( DCN I-2 ) v3 () C) 2009 Clsco Systems. I nc
tt'..' 2 0f)9 C ùsco S yst ems . I n c U s I ng t h e C 1 sco N exus 7000 k n Dala Ce nler N etworks 1 - 1 6)9
1 - 1 6() I rnplementlng Clsco Data Center Networklng I nfrastructure 2 (DCN I-2 ) 1/3 0 @ 2009 Cisco Systems. Inc
C isco Em bedded Event M anager
tt' ' 2009 Clsco Syslems . Inc Uslng the Clsco Nexus 7000 In Data Center Networks 1 . 1 6 1
- . & . v. 2 w- . gx. k.Z - . ' liY 'e : . j Ct . r . .. .t î . ' x (? r ' ' ..' '' : u1 .'7( R &'.: fe' t*'.-n 'Wh . = .. fv,. L w.1 .h.z. .-. . u -.. v-- w.. . t t v I e t;) . . .
EEM Architecture on Cisco NX-OS Softwarei r
'
I Event Publishers II . . ) l k j 4 : ? . ;) J. ; IE g t 5 . L . ' t . '! ' >9 ' 'e hà . ' I);J 'jj. , ...yjj ' j jj j Ik. . . . . c.x . . . . - .' . k t , ' . ' . .q) , . . t . . . .. . .. .' . ' . ) . ., . .' .. pv : r. .. L # ' . ' 1) 47 47
% V V 7J
'
*
'
. ' . .
l L l% % V
I I- . . .- . - . ' EEu applets :
' Installed v1a the 'I I
7 V Y ' CLI '- - - - - - - - - - - - - - - - - - - - - n I l1 I 1 I
- . . 1 VSH -- TCLS H (TCL Shell ) I I Ioollcles I
# iI .. . .,. r . 1 i 'I . ? ; ? @. .. l ï). ; p.:. . . 1r n r1 1 - - . . . . . !j .. . j
' Sen/ices t 1 CL4 'L .. . L
K C1-,1 : Colllllland-l i 1:c intel'facc.
. System Log (SYSLOG): s'lanagcs thc otllptlt of SYSLOG mcssages.
K I ntcrfacc Nlanagcr'. M anages and track's thc state oI' interfaces.
K Cisco GOIuD: Cisco (-icncric (lnlinc Diaglposl ics.
K Virtual Switch Hcadcr (VSH ): The system componellt respollsi bl c tbr cxcctlting al l tlscrcom Inallds: equivalent to the ext!c command in Cisco IOS Sol'twarc.
* System NIanager: Hand les proccss-l'clated activitics such as btartings stopping, andrestarting proccsscs i 11 thkl systen'l. :111f.1 cal'l decidc lllat proccbs crash is a11 cvcnt lype', thtt s.any proccss crasll is an c'srcnt tllat is ptlbl ished by the systcln Inanagtlr.
Events are classified as an occun'ence o1- .:1 condition iI) tlle systclu. Associated 'svitll cvcry' cvcntis :1 set of evenl paraluctcrs thal dct-.infa thc conditions of tlle event.
1 -1 62 lmplementlng Clsco Data Center Networklng Infrastructure 2 ( DCNI-2) 73.0 (Q 2009 Clsco Systems, Inc
*
Basic EEM Architecture on Clsco NX-OS Software
v-%=*. .
'.' - e ' ...
..'
, . - & ' y r. .-- = . j j .y.,@ p ,. , .j , y .j j .:! )! 11-;.. . - I t1 i
! 4 ! jj #1. r: ,. i! 1! :1 I 1t. 1 ! 1 : -1! Ij 11 (1 11 11 11
. ....- . rr rj jjr jjjj j jjj ,z,- . ; . ,jy Ij . ., .
o ::ratxw-x..e.-' . jj jx j ,==III 1111
1 . 1 64 lmplementrng Cisco Data Center Networklng 1 nî'rast6ucture 2 (DCN1-2) v3 .0 & 2009 Clsco Systems, lnc.
Sm art Call Hom e
Feature Overview'. BenefitsHigher Network lmRroved NetworkAvailability Pefformance
'' Reports on networkDevices are continuallyinventory andmonitored with Smart configuratlon
connected selwice call, .t, call Home deviceReal-time alerts ' Home information fof fieldAutomated SR creatlon notices. PSIRTS, and
-. . end of IifeDetailed diagnostic '' Reports on call homeattached to SR messages and analyslsRouted to correct performed by ClscoReduced Network TCOTAC team
Early detectlon ofnetwork problems
. oulck and accuratedlagnosts throughfault IsolationFaster MTTR
1- 1 66 lmplenlenllng Clsco Data Center Networklng lnfrastructure 2 (DCN1-2) v3.O ((.'' 2009 Clsco Systems. lnc.
K License
t(). 2 0 0 9 C I s c o S y s t e m s . 1 n c U s 1 n g t h e C 1 s r; o N e x u s 7 0 0 0 I n D a t a C e r 1 t e r N e t wo r k s 1 . 1 6 7
1 - 1 68 Implementlng Clsco Data Center Networklng Infrastructure 2 ( DC N 1 .2 ) v3 () L(Y 2009 Clsco Systems . Inc
tt l 2009 Clsco Systems . Inc . Usjng the Clsco Nexus 7000 In Data Center Networks 1 .1 69
1 -1 70 Im plementlng Clsco Data Center Networklng Infrastructure 2 ( DC N1-2 ) v3. 0 (() 2009 Cpsco Systems . Inc.
'LL 2009 Clsco Syslems . 1nq UsEr7g the Cpsc;o Nexus 7000 ln Data Center Networks 1 .1 7 1
C isco Data C enter Netw ork M anager
/ ''
- ' - z: ?#? tt ?(' /'g sz qL) t?y-yz,f) z'r,;.,.-? -'k -,t t
..t .yz /,. . 7 j,,a yj . y yj sj. y gy. yg./ tt /' (? j'
. ;t /a' ', ;-. yf-z/zt- i ï- ,
V lddloware With a netWorkm odel' ' - ' '
Device mediation and network Eabstractlon - . - .
SOAP extensible framework'.I
Reuse of software components , ' ' p, 'for rapid support of fodhcomlng '. v aCisco NX-OS platforms ...-.-
IIndustry-standard ISOAP/XM L API: pr.w=.- !
Stateful network informationenabling network-aware
Lapplications
(tp 2009 Clsco Systems , Iric . Usl! lfJ the Clsco Nexus Z000 In Data Center Networks 1 - 1 73
e *4Networ k , I 1 l . 1 l l .r
' User Conflg c ysco ..w.. .. - -. , vodel - '. -'.'- .'' I' Requests changes I''N /
., . - 1. pnve rlto r y) !(2à k.'' r 1 l .1 (:. k r dh rt t I
1 I
. -.. . I c fi -On g . c Is< o I
' jchanges; J 'I II 1
IIDpscovel y I
1% rletnvvc'l khsfl :) r) 1 t :) I'l 1).-)
DC ( 1 1:1 Serv e g
1-1 74 lmplemenllng Clsco Data Center Networklng Infrastructure 2 (DCN1-2) v3.0 (ia 2009 Clsco Systems. Inc.
''. ' 2009 Clsco Systems Inc Uslng the ClscrJ Nexus 7000 In Data Cenler Networks 1.175
1-1 76 lmplementlng Clsco Data Center Networklng Infrastruclure 2 (DCN1-2) v3 0 Q.' 2009 Crsco Syslems. lnc.
l11'tII1êk Lr CIIA C11 t.
' D ' t '. . '. . w . .. .. . .> . . . v . % . ' .
Software Architecture and Components
ï/''.' f, '') 65 Ca r' J ' c tf 5; /hk pz' 1 .J Fi '.z. i ô'% -'7 .1
= F''' I1. ' 1 . 1 ''$ ' t' t .' S '-' ' ' ' ' '.. . zn c a - . a =- d. r. (hr.Q -.(. Prl.mI 1'17,:) W eb Srlrvtar.l.(/
.= r 14 s. .l 1 ;
jL' .. .. . j
.f.
'T ' r '? ). . ; rl L b k e '' 'l( X ' L t ' l ' ' ;J ' Q h .b 9 ' 1 ' ' ' ' S N ' ' P ' '' ' ' U' Pc: I z . . , - ; . .- . . . v ' , . e r t.
1-1 78 lmplementlng Crsco Data Center Networking Infrastructure 2 (DCNI-2) v3.0 @ 2009 Clsco Systems. Inc.
((;' 206)9 Clsco Systernta . 1l)c. Uslllg the Clscu Nexus i'00U ln Data Ceylter Networks 1 - 1 79
System M essage Logging
Directed Mesu ge Logglng = Qulcker Problem Resolution
; .e L
% l Lot) Inftx kpatlon forInonltorlng and
..... tl oubleslAootln gI .-F '. we*
(. j., a pttll e a cc oktn 1 ngl .,. I ecol
k Iew a c (:in pl e( eprctu I e o f ê: 6! nt s
1-180 Implementlng Cpsco Data Center Networklng Infrastructure 2 (DCNI-2) v3.0 C1 2009 Clsco Systems. lnc
A uthentication,A uthorization,and A ccounting
G') , .
6 X1 i ' j '. . .
j , I ; * t j' p . ' .j. - 't y y , 7. 9. , .
' 2 ! 1 ..!? .11 ! . ! yi; . h-.y
z . e <. N1
' . z L c tka r , qs(1 ,3 O Q q q 'à
@ 2009 Cisco Syslems, Inc. Usfng the Clsco Nexus 7000 In Data Center Networks 1-181
For VDCS that have different adm inistrative dom ains, theuse of AAA should be carefully applied.
Authenticating to the sam e AAA server across aII VDCSm akes it appear that aII VDCS are m anaged by the sam eadm inistrative domain.
To correctly segregate administrative dom ains betweenVDCS:
Create different adm in user groups on the pkAA sefver and Iim itthe access of those user groups.
Use a different AAA server for each VDC.
1 . 1 82 Impiernentlng Cpsco Oata Center Networklng lnfrastructure 2 ( DCNI-Z ) v3.0 CGJ 2009 Clsco Systems . In(J
Role-Based A ccess C ontrol'1- 11 i s l k'l'! 1 k' d izbht; 1'1 bcs 1'i ' l e - baskttl ïlct't.' >> :201 1 t l k) l ( ItB.A (- ' ) .
'-' Network - Admln I '
Network - Operator ' - '1.: . 1 I k '' '
. ; ;
'
f ; 1 'j r ,
I ! 7r j . . k, I' 1
I . ' , :, I I. ; :, . r t . , . .è k. : l I
. .' z7I '- . . j-J v; ' C't''*: '!VDC - Admin . F R'tz'a 1. 1 r -- .. ... JL
:
'
II
' l 1. .. . .. j
r.,
- ...ï v. . . ,, j 1I
. jg E f
'
1
*
1
*
..v- .x. I '.- 'w ) !z à I
. M .. I Ip # I -
VDC - Operator . -' I '
'z.; 2009 Cpsco Systems. pnc Uslng the Crsco Nexus 7000 pn Data Center Networks 1 . 1 83
RBAC'. How it works
: 1 TL . L ï ' '( . . ' . s y
. xr.
. t ;; '. . ' ..k 1?5'1
1-1 84 Implementlng Clsco Data Center Networklng I nfrastructure 2 (DC N 1-2 ) $/3 0 tt ) 2009 Cpsco Systems , Inc
C onfiguration Rollback
N701Q-Cl# checkpoint charlieN70l0-Cl# show checkpoxnt sumnaryCheckpoxnt Summary
1) charlœe.Created by admvnCreated at Wed, 01:29:51 18 Feb 2009Size ts 19 l78 bytes
N7Ol0-C1# rollback running-conflg checkpolnt charlœeProcesstng the Request- . Please WaxtGeneratxng the Rollbackpatch... Please WaltExecuting the patch.- Please Waxtconf tInterface Ethernetz/lno medzum p2pznterface Ethernetz/lIp address 10 11.1 1/24Done Rpplyzng PatchSuccessfully executed patch
N70lD-Cl# checkpoïnt fœle bootflash charlle
%'. 200 9 C rsco S ystem s . 1 nc . U s k ng t he C ! sco N e xtl s 7 0 00 I n Data Center N etworks 1 - 1 85
Sum m ary
SNMP implemented within a VDC context is VRF-aware andIpv4/lpv6-capable.
' Cisco GOLD default EEM policles are shipped as system defaultpo1 icies .
The diagnostlc framework detects hardware failures while thesystem is online and operational. Corrective actions are takenthrough EFM policies.
' Sm arl Call I-lom e device inform ation for field notices im provessystem per-formance, with PSIRTS and end-of-life reports on CallHom e m essages, and analysis perform ed by Cisco.
Centralized management throughout the data center networkoffers Fibre Channel, Ethernet, IP routing, and network securitydomain awareness
' The system message Iogging software saves messages in a Iogfile or directs the messages to other devices.
. AAA provides support for simultaneous RADIUS accountingservers, This feature provides the ability to send START/STO Paccounting records to m ultiple RADIUS sel-vers sim ultaneously.providing higher scalability for RADIUS accountlng.
' Roles are created by assigning rules that perm it or denyoperations (read, read/write) on Cisco NX-OS components.
. Configuration rollback provides a checkpoint and a rollback facilityto return configuration to any previous state.
1 . 1 86 I mplementpng Clsco Data Center Networklng Infrastructure 2 (DC NI-2) 13 0 ((T. 2009 Clsco Systems. fnc
uesson sl
C isco N exus 7000 and C isco
NX -O S Layer 2
Features
P rotocols and
O verview
Objectives
C isco Nexus 7000 and C isco NX -O S Layer 2O verview
Fully distributed Layer 2 hardware switching
Hardware MAC Iearning with software synchronizatlon and aging. 1 28K MAC table entries per forwarding engine
16K VLANS: Llp to 4% VLANS per VDC
12K unique IGMP Snooping entries - (* G) or (S. G)802. 1 Q: VLANS and TrunkingPortchannel: Llp to eight porls per Portchannel
Private VLANS: Prom iscuous/lsolated/comm unity PVLANS
1 - 1 88 1 mplementlng Cisco Data Cenler Networklng lnfraslructure 2 ( DCN I .2 ) v3.O rt J 2009 Clsco Systems. lnc
Per-VLAN rapld spanning tree. m ultsple spanning trees
Stateful STP process restart, super-visor switchover. and ISSI.J
Backward compalibility with 802 1 D STP uslng fallback mode
STP guards: BPDU guard. root guard, Ioop guard. BPDU filter
True Ip-based IGMP snooping (up to 1 5K groups)LACP: Dynam lc Eltherchannel negotiatlon protocol
LJDLD' Standard and aggressive mode
Bridge assurance
Every module has its own Layer 2 forwarding table.
lngress module perform s lngress Layer 2 Iookup and initial egressLayer 2 lookup if necessary:
For example, bridged packet or packet routed between SVlsEgress m odule performs second egress Layer 2 Iookup ifnecessary:
Ensures foM arding based on the latest MAC information
Layer 2 engine on the forwarding engine has bandwidth toaccom modate for addltlonal egress Iookups.
1-190 lmpiementlng Clsco Data Center Networklng Infrastructure 2 (DCN$-2) v3 () @ 2009 Clsco Systems, lnc
V LA NS and PV LA NS' I'l 1 1 'x t op 1 c kl cst' 1'1 bu's f'u'ud t tl !'k.'% t ' 1' '$' ' L .X N Lx k t I 1tl P '$' ' l A N' hh .
N7O1O-Cl# show vlan xnternal usage
VLAN DESCRIPTION
3968-4031 Multicast4032 Onlxne diagnostics vlanl4033 Onlzne diagnostics vlan24334 Onlxne dxagnostics vlan34035 Online dmagnostics vlan44036-4047 Reserved4094 Reserved
ft. 2009 Cdsco Systems , lnc . Uslng the Clsco Nexus i'000 In Data Center Networks 1 . 1 9 1
N70l0-Cl (confagl# vlan 20N7Ol0-Cl (confag-vlanl# exat
N70l0-Cl(config)# switchto vdc Cl-podl-Red
N7O10-C1-C1-Pod1-Red# configN7010-C1-C1-Pod1-Red(confxg)# vlan 20N7olo-cl-cl-podl-Redtconfig-vlanl#
1 -1 92 Implementlng Crsco Data Center Networklng I nfrastructu re 2 ( DCN I-2 ) $/3 0 v , 2009 Clsco Systems. Inc
(:7 2009 Clsco Systems. Inq Us1 ng the Cjsco Nexus 7000 ln Data Cenler N etworks 1 - 1 93
1 - 1 94 lmpiementpog Clsco Data Center Networklng Infrastructure 2 ( DCN 1-2 ) v3 0 % 2009 Clsco Systems Inc
(..7 I 2009 Clsc;o Systems . Inc. Uslrig !he Clbco Nexus 7000 In Data Center Networks 1 . 1 95
1-1 96 1 mpiemenllng Clsco Data Center Networklng 1 nfrastructure 2 ( DCN I-2 ) v3 0 ''.L ' 2009 Clsco Systems. Inc.
N70l0-C1(config)# feature private-vlanN70l0-C1(confxg)# vlan 142N7olo-cltconfïg-vlan) # prwvate-vlao przmary
N7olo-cltconfxg-vlanl# show vlan przvate-vlanPrtmary Secondary Type Ports
l42 prtmaryNvolo-cltconfxg-vlanlj
N?ol3-cllaonftg-vlanlj vlan 100-102N7olo-cltconfzg-vlanlj prlvate-vlan communlty
N7olo-cllconflg-vlanlj vlan l03N7olo-cllconfzg-vlanl/ pzzvate.vlan xsolated
N701O-C1(conf1g)j vlan 142N7olo-cllconftg''vlanl# przvate-vlan assocaatlon D<1-40941 VLAN IDs of the privaLe VLANs to be confzguredadd Add a VXAN to prtvate YLAN 11stremove Remove @ VLAN from prlvate VLAN
N7010'C1(conf:g-vlan)# przvate-vlan associatton 100-103N7010.C1(confxg-vlan)#
1 .1 98 Implementlng Clsco Dala Center Networklng f nfrastructure 2 (DCNf.2 ) v3 0 (:'7 2009 Clsco Systems. fnc
t ' sc l I'lt.. s 11 4,* '$.: i n te rfaces co 11) ! ) 1kl 11 tl t o ï' cri 1 ')' l l'!u' 17 !'i $k a l t' ..N l ttn l'nttpp I l ) g c k-'l) ti g tt 1't$ t 1 i.)ll .
N 70 l ()-.( ' 1 ,..b' s h t)&b' i n tc r face 1) rivat i?-: Ia n In a 1) 1) i 11 g
Intedace Secondary VLAN Type
VLAN 142 100 communlty
VLAN 142 101 com munity
VLAN 142 102 communlty
VLAN 142 103 Ssolated
N70l0-C1 (confxglj show vlan prlvate-vlanerxmary Secondary Type Ports
l42 l0O communttyl42 101 communltyl42 l02 community142 103 isolated
N7010-C1(confxg1# feature znterfaee-vlanN7olo-cltconftglj znterface vlan 142N7010-C1(config-xf)# private-vlan mappzng T*1-4094> Secondary VLAN IDs of the prlvate VLAN znterface mappzngadd Add a VLAN to Prmvate VLAN ltstremove Remove a VLXN from private VLAN list
N70l0-Cl(confa:-If1# private-vlan mapplag 100-102
*
1-200 Implementlog Clsco Data Center Networklng Infrastructure 2 ( DCN1-2 ) :/3 0 @ 2009 Cisco Systems. 1nc
N7Ol0-Cl(confIg)# ïnterface ethernet 273N70l0-C1(confIg-If)// swxtchportNvûlo-cllconfwg-mfl# swztchport mode prmvate.vlan hostN70l0-C1(confxg-if)# swltchport przvate-vlarl host-associatlon l42 101N70k0-C14confzg-zf)# show ïnterface ethernet 2/3 swxtchpurt
Name Ethernet 2/3Swztchport Enabled
Operatzonal Mode: upAdmxnistratxve Trunklng Encapsulatlon:NegoLtation of Trunklng OffAccess Mode VLAN' l (default)Trunkxng Natlve Mode VLAN: 1 (default)Voœce VLAN: none
Administratzve private.vlan mappxng noneOperatzonal przvate-vlan noneTrunkzng VLANs Enabled ALLPrunmng VLkNs Enabled: 2-1001Capture Mode DlsabledCapture VkkNs Allowed ALL
N70l0-C1(confzg)# znterface ethernet 2/4N7olo-cllconfzg-xfà# switchportN7Dl0-Cl(confxg-Ifà# swztchport mode przvate-vlan promxscuousN70l0-C1(confIg-if)# swltchport prAvate-vlan mappxng 142 100-103N7010-Cl(conf1g-tf)# show znterface ethernet 2/4 swztchport
Name: Ethernet 2/4Swltchport Enabled
Operatzonal Mode: upAdmznlstrative Trunking Encapsulatmon' negotlateNegotxatzon of Trunklng OffAccess Mode VLAN l (default)Trunkxng Native Mode V1AN: l ldefault)Voxce VLAN noneAdmanlstrative przvate-vlan host-aasoczation: none
Qperatzonal prmvate-vlan'. noneTrunkxng VLANs Enabled ALL
Spanning Tree Protocol
Understanding RSTP
F
Switch Switch Switch SwltchF F
F F F
F B F
Switch Swltch
Primary Ilnk fails RSTP fallover occurs
Note W lthln a VDC you can run elther PVRST+ or MST both STP modes cannot be runsimultaneously within a VDC
1 -202 1 mplementlng Clsco Data Center Networkpng 1 nfrastructure 2 ( DCN I-2 ) v3 0 (''> 2009 Clsco Systems . lnc
Port Roles
(7 Deslgnated port An actlve forwardlng porlthal polnts away frorn !he STP root to (he
.. edge of the network
C) Root port An actlve forwarddnfl port thalpolnts back toward ltle STP rool
C) Backtl p port' A nonforwardl ng p(7r1 t hat backsS w itch S w 11 chu p a d e s Ig nated po rt
@ A I te rn a t e po rt ' A nonf o rwarci ; n g po rl t h atbacks up a root port
Swi tc h S wi t c h
@ Dpsabied port An Inacllve por!
The R oot Port Role
The Designated Port Role
Alternate and Backup Pod Roles
1 -204 lmplemenllng Clsco Data Center Nelworklng I nfrastructure 2 ( DCN I-2 ) v3.0 C(3 2009 Clsco Systems, Inc
11 Swltch A sencls RSTP BPDUS
Swltch A Swktch B ttlal Swltch B dropsRSTP Enabled 1 8:2 ID Enabled
2 Swktlrh B does not çiel anyvaLrll BPDUS so lt sends otzt1ts own 8O2 1 D BPDUS
33 Swrtch A sees an 802 1 D
Swrtch A Switch B swrtch on tlne network and2RSTP Enabled 3 8O2 ID Enabled reveds lo 8O2 ID mode
2
() RSTP BPDU
() 802 1 D BPDU
Note lf the Iegacy STP brtdge ls removed from the segment the RSTP brldge contlnues to runkegacy STP oo that pod This occurs because the RSTP brpdge has no way of knowlng thatthe legacy bridge has been removed frorn the segment. Manual Interventlon ls required lorestore the ability of a port to detect the current protocol.
Using Fast Convergence
1 .208 lmplementlng Clsco Data Center Networkpng I nfrastructure 2 ( DC N I-2 ) v3 .0 (t? 2009 Cisco Systems, 1nc
Understanding M ST
Swltctl SwrtchO VLAN A fore/ardlrlg pathO VLAN B forwardlng pathO VLAN A backup path@ VLAN E5 backup path
Switch
ALL PAT'HS FORWARDING
VLAN A VLAN B
1 -2 1 () l mplementlng Clsco Data Center Nfltworklng 1 ntrastructure 2 (DCN1-2) v3.D t(/ 2009 Clsco Systems. 1nc
IE; lr
CIST and CST
*Spanning-Tree O peration W ithin an M ST Region
Spanning-Tree O perations Betw een M ST Regions
*
*
Note in order to actkvate spannlng tree MST. the spanning-tree mst conflguration commandmust be issued folkowed immedlately by the exit command. The exit command trlggersCisco NX-OS Soflware to complle lhe activation and configuratlon commands
1 -2 1 4 Im plementing Clsco Data Center Networklng lnfrastructure 2 ( DCN I-2 ) v3 0 & 2009 Clsco Systems. I nc.
To im prove perform ance of the baslc I EEE 802. 1 D STP algorlthm ,Clsco introduced an extension named STP PortFast to bypass theSTP llstening and learnlng states for an attached host, and movedirectly to a forwardtng state.
B efore P o q F a s! Gf:er P()r!F a st
FDLJq Inltiallz e s P o c Lnltrakv-e b
S vvltch S vzltc hBltlc k1n : State * * -' @ - *= -
l . . . zP o : F a slLlste nIn g State
Learrn I n (; Stateh 1 c,s ( Host1 9 sec tlrtkls
Wherl a tlost coflnects lhe swltch) port moves %' Ith PortFast thcr klort rnoves stfalghl lo 1 hethrt 1L1(Itl (311 STP states tlefort. forwardgng ftlrkvardlng state ellnhlnallng a 3o-secontj tjtdhay
Note PortFast is used to mlnlmlze the tlme that access ports must wall for STP convergence tooccur. and shouid therefore only be used on access ports lf you enable PortFast on a portconnected to a switch you can Inadvertently creatc a lemporary bridging Ioop.
+
1 -2 1 6 1 mplementlng Cssco Data Center Networklng l nfrastructure 2 (DCNI-Z ) v3.0 Q h 2009 Clsco Systems, Inc
A PortFast port can receive and forward BPDUS, even if it isaccldentally connected to another switch. This accident cancom prom ise the loop-free topology of STP. The solution Is to useBPDU guard to shut down a PortFast port wheo a BPDU is received.
' /1k :3 $A'' i 1 L ' 1 ''îSwl! c b A to & I lcln
;, . . . . .. F7 o r't F a s twlth
BPDU guard (jjpg;uj
Host Swllch B t5wIt(.h B
Swll t t'I A I s, U p(>f1 rt)ts u' I v I rtt; t , le f I rsI B P D UIrladverlen! Iv moved Soptr h1 fb <.h1k2t% dok: n the port
pt / ; 'r'ç l!t u 2 th1i.' Irl( i' ) rlt' C1 f 1 h' 6)'-w I :7 (1'.). ;1 a .rl
BPDLJ filtering stops a PortFast pod from sending or receivingBPDUS. Received BPDUS are sim ply dropped.
BPDU PorlFasl
fswllcla E5 swltch A I i
j '.... ..J
2 '!@. ... ....i F7 clrt F7i) st
BPDU droppedBPDU not sent
BPDU filterrng can be applhed globally or on a per-porl basls
Note Conflgurlng BPDU filterlng on a port that Is not connected to a host can result in brddglngloops cant The unconnected port Ignores any BDPUS that are recelved and automatlcallygoes Into the forwardlng state
1 -2 1 8 1 mplementlng Cpsco Data Center Networklng lnfrastructu re 2 (DCN 1-2 à v3 0 bï: 2009 Crsco Systems. knc
N70l()-C1# aonfigure terminalN7010-Cl(conf1g)j spanning- tree Port type network defaultN70l0-C1 (conflgl# spannang-tree port type edge bpduguard defaultN7010-Cl(aonfzg)# spannzng-tree port type edge bpdufilter defaultN70I0-Cl(confzg)# anterface ethernetl/lN7olo-cllconflg 'zf)# spannzng- tree port type edgeNvolo-cllconfig-aflj exitNvolo-cifconfzgl/ xnterface Etheznetl/zN7O10-Cl(confiq-at)# spannang-tree port type edgeNvolo-cltconfag-zflj exit
Root guard is configured on the STP root switch. It prevents adesignated port from becom ing a root port or a blocked port. lf a porton a root switch receives a superior BPDU, it moves the port into aroot inconsistent state. thus m aintaining the Iocal switch as the rootswitch.
Skvst c h Sw1 t c ln S w6 k u h
Swltch Swltt.bl Por! psacedSTP root :5 1 P rt3f31 .120 tbe CoC)I
I f3 con S1 Stern t1 want to .. .. . .i staleStzperlclr becorrle tkleBPDU s-rF7 root
t) Mv1 t (;17 Sq vvil (: h1 E; vvltt. tl tq vvlt r lh
(t 2009 Cssco Systems . Inc Uslng the Clsco Nexus 7000 In Data Center Networks 1 .2 1 9
lf a unidirectional Iink failure occurs on a point-to-point Iink. loopguard prevents a Ioop from occurring. Loop guard detects root andnondesignated (blocked) ports. and makes sure they keep recelvingB PD U s .
LG
. Swltch
F7 t-ool) tauard ps aprllled onF' F ilolnl.lovptlln! Ilnks nrily
a n d Is k yppca h1 bl 6'r ia L I Ie(1on aI! iaorts of Illènroot
F B :>WlrcthttbLG
Swrtchl
O Deslgrlated podC) Root port@ Noodeslgnated ( blocked ) port
1 -220 Imppementlng Clsco Data Center Networklng I nfrastructure 2 ( DCN 1-2 ) v3 0 C(. 2009 Cksco Systems Inc
Ensures spanning tree fails as closed rather than open
Conditional service. enabled globally wlth spannlng-tree BridgeAssurance
AI1 ports with a network port type send BPDUS regardless of state(for example, root and alternate ports send BPDUS as well)
.. If network pod stops receiving BPDUS. por-t is placed in BridgeAssurance inconsistent state (blocked)
'#STP-Z.BRIDGE ASSUR/NCE BLOCK Brxdge Assurance blocklng port Ethernet2/46 V1M73790N'!91O-C1j sb -spannxng vi 7û0 i tn z bkn6:52/48 Desg BKN*4 228 304 Net-ork P7P *BA lncN7070-C1#
Note Bridge Assurance 's supported oniy by Rapld PVST+ and MST.
''Q 2009 Clsco Systems lnc Uspng the Crsco Nexus 7000 In Data Center Networks 1 -22 1
RootBPDUS
.. > '
Ev:.. :r 'BP D Us
BP D UsBlocked
= Nu N .. N % '
This t'igtlrc sllow's a Ilol'll'lal STP topol ogy and nornlal STP behavior wllcre thc root bridgc isidcntified. along witll w llcre potential Ioops Inight occur and which porls shotlld go into tilcb l o c k i 1'1 g s t a t c .
.1 />' % x.. ,c. zg ;kns 'ku, . c k ?. .. I
MalfunctloningswitchRoot
Mx '..w x' <
. . '
.. ..
Gt
Blocked
1-222 lmplementing Cisco Data Center Networklng lntrastructure 2 (DCN1-2) v3.O @ 2009 Cpsco Systems . lnc.
MalfunctlonlngRoot SW1tCh
I
Root Berlt;s
S
BP DUsBlockecl
(t. 2009 Clsco Systems. Inc. Uslng the Clsco Nexus 7000 ln Data Cenler Networks 1-223
st(.;h;'.>(1 fecelvlrlf.l jE% P D tl S ' v -U--'- a MalfunctlonlngswltchRoot BPDUS
Ne''' ''
BPDUS '''v.BPDU sNqlocked
B P Dt JS I
Eciqe Edflc'
N7010-C1-C-.-Podl-Red(confxg)# spannang-tree bridge assuranceN7010-C1-C1-Pod1-Red(confIg)# s'now spannzn: tree summarySww tch ys tn mst mode (IELE Standard)Root brxdge for: MST900lPort Type Default is dzsableEdge Port EportFast) BPDU Guard Default ks dxsabledEdge Port (PortFast) BPDU Fzlter Default ls dzsabledBrxdge Assurance zs enabledboopguard Default zs dzsabledPathcost method used Is longPVST Szmulatlon œs enabled
Name Blocklng Llstenlng Learnzng Forwardïng STP Actzve
MST0009 1 0 0 i 2MST000l 1 O 0 1 2
7 msts 2 0 2 4
Spanning-tree process supports stateful process restart andsupel-visor engine switchover
Porl state and per-port BPDU Inform atlon is m aintained acrossrestarts/switchovers
No spanning-tree reconvergence
Counters. statistics and so on. not synchronized across restarts
.i*' :r': -7 ...
. Sophisticated ISSU code m anages topology changes duringI SS U .
I/O module data plane continues forwarding.
Spanning-tree control software continues running:
BPOUS can be received and processed
BPDLJS can be transm itted
Spanning-tree control software is offline with regard to:
lnterface port state cannot be changed
MAC table cannot be flushed. synched. and so on
1 -226 Irn piementrng Clsco Data Center Networklng lnfrastructure 2 ( DCN I .2 ) v3 0 '.() 2009 Clsco Systems . 1 oc
Portc hannels
=.' 7 k ,, .r û r p ( > ! .7@ 6 -hl '. # a .-- . -'''
Physlcal VlewMultlple ports aredefined as bepng
f Cisco Nexus 7000 Cisco Nexus 7000part o anEtherchannel
group.
Loglcal VlewSubsystems .runnlng on the Clsco Nexus 7000 Clsco Nexus 7000swltch see only oneIogpcal lhnk '
. Dcsti na titln M AC address
* Stltlrce M AC addlvss
w Shltltlrce and destination M AC address
K Dcstination IP address
m Sottrcc IP addrcss
w Sotlrcu. and destinatiol'l l Ia address
(iD 2009 Clsco Systems. Inc Uslng the Cisco Nexus 'r000 In Data Center Networks 1-227
' k +
Configuring a Layer 2 PodchannelN70l0-Cl-Cl-Pod1.Red(confLg)# feature lacpN701O-C1-Cl-Pod1-Red(conflg) 4 Interface port-channel lN70l0-C1-Cl-Pod1-Red(confxg)j swltchportN7010-Cl-C1-Podl-Red(confzg)# swxtchport mode trunkN7010-C1-C1-Podl-Red(confIg)# Interface ethernet 2/1 ethernet 2l3NXolo-cl-cl-podl-Redtconfig-lf-rangel/ s-ltchportN7ol3-cl-cl-podl-Redlconfzg-if-rangel# swxtchport mode trunkN7olo-cl-cl-podl-Redtconflg-tf-rangelj channel-group l mode actmve
N7olo-cl-cl-podl-Redtconfzg-mr-rangel# show port-channel summaryFlags D - Down P - Up an port-channel (members)
î - Indivldual H - Hot-standby (LACP only)s - Suspended r - Module-removedS - Switched R - RoutedU - Up (port-channel)
Group Port- Type Protocol Momher PortsChannel
l Pol(RU) Eth NONE Eth2/1(P) Eth2/3(P)
1 .221$ Implementing Clsco Data Center Networklng Infrastructure 2 ( DCN I.2 ) v3 0 CI) 2009 Clsco Systems . Inc
IG M P S nooping
t'.) 2009 Clsco Systems, Inc. Uslng the Cisco Nexus 7000 ln Dala Center Networkb 1 -229
.. .' . .. . - .. .., t .
In VLANS with m ulticast sources but no receivers systemconstrains the source-only traffic to just the mrouter portsAchieved through a catchall entry installed in Layer 2 forwardlngtable:
If (*,G) or (S.G) jookup does not match more specific entry,packet fo> arded using catchall entry
1 -230 I mplemenllng Clsccl Data Center Networklng lnfrastruclure 2 ( DCN l.2 ) v3.0 @ 2009 Cisco Systems. 1nc
N7olo-clpconfxg tN7O10 Cltconfzgljlp igmp snoopingN7O10-C1 (confwgljtcterface vlan 2N7olo-cltconfig'vlanl# tp Lgmp snooeingN7olo-cltconfig-vtanlj xp zgmp sooopœng expliczt-trackingN7()à0-C1(coofAg-v1an)# xp zgmp snooplng fast-leaveN7olo-cllconflg-vlanl# IP xgmp snooplng last-member-query-anterval 3N7olo.cltconflg-vlanl# tp zgmp snoopzng querzer 172 20 52 1O6N7olo-cllconfTg-vlaro# lp lgmp snooping report-suppresszonN7010-C* (confxg-vlanl# ap agmp snooping mrouter ioterface ethernet 2/:N70l0. Cllconftg-vlanl# zp zgmp snooplng statlc-qroup 230 O 0 1znterface ethernet 2/l
'' 2009 Clsco Systems. lnc Uslng $he Clsco Nextls 7000 pn Data Center Nelworks 1 .231
UniD irectional Link DetectionTl) i s ttJ 1, 1 k.' klcst' ri bkzs L; DL D .
Switch Swltch Swltch
UDLD UDLD : :
TX RX TX RX TX RXPortDownEX TX RX RX TX
UDLD UDLD . .
Swltch Swilch Swltch
1 .232 1 mplementrng Cksco Data Cerlter Networkpng lnfrastruclure 2 ( DCN1-2 ) v3 () f.(.' 2009 Clsco Systems . lnc.
tJDt.EtU UD D itchSwitch SwL
LD D
N7Q10-C1-C1-Podl-Red(confxg)# feature udldNV010-C1-C1-Pod1-Red(confzg)j udld aggressive
N70l0-C1-Cl-Podl-Red# show udld neighborsPort Deviae Name Devzce ID Port ID Neœghbor State
Kthernetz/l T8M12234230 l Ethernetz/l bzdirectlonalEthernetz/3 T8M12234230 1 Ethernetz/3 bxdxrectaonal
1 -234 lmplementlng Clsco Data Center Networklng lnlrastructu re 2 (DCN1-2 ) v3 O ((.) 2099 C ksco Syslems . lnc.
Sum m ary
Cisco Nexus 7000 and Cisco NX-OS Layer 2 hardware arecapable of MAC learning with software synchronization and aging.
VLANS and PVLANS are fully distributed Layer 2 hardwareswitching.
STP is based on updated IEEE 802. 1 D (formerly known as802. 1w), enhanced with Cisco's PVSTA for increased flexibility.Etherchannel can be access or trunk port, routed interface or withrouted subinterfaces.
IGM P snooping provides m ulticast constraint in Layer 2 switchedVLAN environment.
UDLD is a lightweight Layer 2 protocol that detects and disablesone-way connections.
(c) 2009 Clsco Systems, lnc. Uslng the Clsco Nexus 7000 In Data Center Networks 1-235
1 -236 Implementing Clsco Data Center Networklng I nfrastructure 2 (DCN 1-2) v3.0 @ 2009 Clsco Systems , Inc.
Lesson 6
C isco N exus 7000 and C isco
NX -O S Layer 3 Protocols and
Features
O verview
Objectives
Layer 3 U nicast Routing O verview
Adjacency M anager
1 S - 1 S B G P O S P F /h I.I F '
L .; h't I (èk /A5 ( 1 J. 3 r' () 1 i k ',. h. l . , 1 l 1: ft e? r
Unlcasl FIB Dlslnbulltlf 1 Moduhe ( UFDM i
ta r3 I c :7 6;: F; Cè r vv:? r (j Irlt 1 Irl tt ) rr ?) ct tlkun i3 éi s E, I t; F7 ! E5 ) ''p '' '' ' : > '' d r Jr .1 ' I ' '' T
'
h ' ' '
Unlcast Forwarding Dlstrlbution Module
rS-#S EGP OSP F AR P
U R1B Afljrlf C'n' 'y Markagt'r
Llnpcasl FIB Dpstnbutlon Module ( UFDM )
unlcast F orwardln l lrlformatlofl Base ( tl FIB ) :'SuRerv,buf 'à.'dî AzT'a d ul E, .-.- $) rn j,: .1' tuq..
1 -240 1 mplemenllng Clsco Dala Center Networking l nfrastructure 2 (DCN1-2) v3 () i=/ 2009 Cisco Systems . lnc
Hardw are Forw arding
*
Softw are Forw arding
1 -242 Implemenll ng C jsco Data Center Networkpng I nfrastructure 2 # DCN I -2 ) v3 .0 ti' 2009 Cpsco Systems. inc
First-Hop outing Protocols ? .,k
' 1' 1 1 1 '.x l k ) I 7 i k' tl t.! s t' !' i b kl t, t l ') c l't? a ( tl !'k.) > o 1 ' I i 1 ''.s l .. l ) t J I '! I'(
'
) t 1 l 1 I ) g 1 'h l't 3 1 t J t2 ( 1 l h.
1 9 2 1 6 E5 1 2 . . #' j ' ' f 1 9 2 1 6 8 1 3s)$ :jh :)2ï
1 6) ;? 1 (5 15. 1 *------. klrtvkip jqa fhtjfjre s s
I l< 'j . ') . ï '. 'x <.
wj xj wj w,
:..' 2009 Clsco Systems . 1 nc. UsI ng t#le C I sco Nexus 7000 ln Data Center Networks 1 .243
1-244 Implementlng Clsco Data Center Networklng Infrastructure 2 (DC N 1-2 ) v3 0 t.?l 2009 Clsco Systems . Inc
1 î ? i h 1 (:.7 Jt$ 1 1 1 9 2 1 6 8 1 2
. : Q.. t-. '-% . < . '
U ' 'k. 4 t.' ' .
'# d f
I1 jN> Nxj wjfz wj; xj
R 1 is the AVG: R 1 , R2. R3 aII forward traffic.G L ESP AVG or AVF SVF G L B 43 GV 8. S VF GLB P AV F SV rI F> 1 0 0 . O 254 IP 1 O (.1 U 2 53 IP 1 0 0 . O . 2 52MAC 0000 Oc 1 2 34 56 MAC 0000 0C713 gabc MAC 0000 Ocde f 1 23VIP 1 0 0 i) 10 VIP 1() 0 (J 1 () VIP 1 O 0 0 19V MAC 0007 th4 00 0 1 0 1 V MAC 0007 :7400 0 1 0 2 V MAC 000 7 b4()0 (1 1 Ux'l
- ':- . U . 'f-
AVG # .' % # Gateway RoutersARp -ARp
Anp
Tî F? Fà ' cllerl: 7i Fk FD cIIt.nt /i F' F7 tLiuuc..ply 1 Fy(,;$ky m..lll p F4 e pIy no.I!l .!8l(x j; - f ..ji
1 .246 lmplemenllng Clsco Data Center Networklng I nfraslructu re 2 ( DC N 1-2 ) v3.O f ' 2009 Clsco Systems. 1nc
Note GLBP does not affect the return path for any traffic destined for LAN clients. Thls path iscontrolled by the routing protocols runnlng on the network.
t) 2009 Clsco Systems. jnc. Using the Clsco Nexus 7000 in Data Center Networks 1 -247
N70l0-Cl-Cl-Podl-Red(confzg)# feature glbpN70l0-Cl-Cl-Pod1-Red(confIg)# Interface ethernet 2/lNV0l0-Cl-C1-Pod1-Red(confxg-xf)# glbp 1N7010-C1-C1-Pod1-Red(confIg-If-glbp)# preemptNV010-C1-C1-Podl-Red(confIg-If-glbp)# prxorlty llONV0l0-Cl-C1-Podl-Red(confIg-if-g1bp)# œp 10.11.1.3N70l0-C1-Cl-Podl. Redtconftglj Interface ethernet 2/3N7010-Cl-Cl-Podl-Red(confIg-If)# glbp 2N70l0-Cl-C1-Pod1-Red(confzg-af-glbp)# preemptNJ0l0-C1-Cl-Pod1' Redlconfzg.œf-glbpl/ zp 10.11.2.3
1 -248 lmplementing Clsco Data Center Networklng lnlrastructure 2 (DCN1-2) v3 () (() 2009 Clsco Systems . lnc.
N70lO-Cl-C1-Podl-Red(confAg-zf-g1bp)# show glbp briefInterface Grp Fwd Pry State Address Actzve rtr Standby rtrEth2/1 1 - llO Actxve 10.11.1.3 local 10 11.1.2Eth2/1 l l 7 Actave 0007.8400.0101 localEth2/1 1 2 7 Listen 0007 B400 0102 10 11 l.2Eth2/3 2 - 100 Standby 10 11 2 3 10 11 2 2Eth2/3 2 l 7 Actzve 0007.8400 U201 localEth2/3 2 2 7 Listen 0007 B4OD 0202 10 11 2 2
N7O10.C2-C2.Podl-Red(confkg-If glbpl# show glbp brxeflnterface Grp Fwd PrI State Address Acttve rtr Standby rtrEth2/l 1 - l00 Standby 10 11 l 3 10 11 1 l localEth2/1 1 1 T Lzsten 00D7.8400 0101 10 11.1 lEth2/1 1 2 V Actlve 0307 B400 0102 localEth2/3 2 - l10 Active 10 11.2.3 localEth2/3 2 l 7 Lasten 00:7.8400 020: 10.11.2 l -Eth2/3 2 2 7 Actzve 0007 8400 0202 Local -
N70l0-C1-Cl-Podl-Red(confzgjj feature hsrpNV010-C1-C1-Pod1-Red(confxg1# Interface ethernet 2/lN70l0-C1-Cl-Podl-Red(confxg-tf)# hsrp lN70l0-C1-Cl-Pod1-Red(confxg-if-hs& )# ip 10.11N7010-C1-Cl-Podl-Red(confIg-If-hsU )# exitN7010-Cl-Cl-Pcd1-Red(confzg-zf)# exzt
NC010-Cl-Cl-Podl-Red(config)# znterface ethernet 2/3N7Q$0-C1-C:-Podl-Red(conftg-xf)# hsrp 2N7olo-cl-cl-podl-Redlconftg-if-hs rplj lp 10 11 2 3
1 -2 50 1 m p Ie men t i ng C I sco Da ta C ent e r N elwo rk 1 ng l n f ra stru ct u re 2 ( D C N l - 2 ) $/3 () .-J . 20O 9 C 1 sco S ys t e rn s . I n c
N7olo-cl-cz-podl-Redlconfzg-tf-hsu lj show hsrp LrtefP Indmcates eonfigured te preempt1
lnterface Grp Przo P State Active addz Standby addr Group addrEth2/l l l00 Standby 10 11 l 2 local :0 11 L 3
Eth2/3 Standby
N70lO.C2.C2 Podl.Redtconfkg-wf-hsrplj show hsrp brxefP zndmcates confxgured to preempt1
Interfatle Grp Prlo P State Active addr Standby addr Group addrEth2/l l 100 Actlve local 10 11.1.1 10.11 l 3
Etb2/3 2 110 Actïve local 10 11 2 l 10 11 2 3
Routing Protocols
OSPFVZ Overview
ABRI
- . .<. '.'- ..y 'z7 4- 'zi h -Lk- * / k 4 I k 4 K.
'
, I # ki 4L ;. . t '... .- I j yrea g%ïe 1 I ) 2 W -'' =- --' - ' ' -$ - . . 4 .g. - y .c'. l .c.k). 2 # . 4 = ' ' ' G '. , jt4 k., y k, 4
Q
jJSB R2
- -àï- ::$;.. --c:- -.:-.
/. ,-- .a s) 11k: ;11f- ' 111k jlllQ 'CI - > ' ,L--' .
% .$1 J k,', #
M
OSPFVZ Advanced Feature Support
- A .:-
k: # #. #Q- 'LJ I 2 ' 2-
Backborle -': ' ' '* / % $. / A'ea' 'fl
I4, KI tI1 : . /q r c) ri
A 5 B R
Vidualization Support
1 .254 lmplementlng Clsco Data Cenler Nelworklng 1 nf rastructure 2 (DCNI -2 ) v3 :) Q 2009 Glsco Systems . lnc
O SPFVZ Configuratlon Global
N7O1O-Cl-Cl-Pod1-Red(config)4 feature ospfN70l0-C1-C1-Pod1-Red(conf1g) # router ospf 1N70l0 Cl-C1. Podl-Redlconfig'rauterlj router-zd 10 10 10 10 (optlonal)&7Q1O.C1 Cl-podl-Redtconfig-reutezlj log-adiacency-changes (optional)N7olo-cl-ck-podl-Redtconfzg-routerlj auto-cost referenee .bandwxdth 40 (optzonaljN7olo-cl-cl-podl-Redlconfzg-routerlj gracefui-restart (default)N7olo-cl'cl-podl-Redtconfig-routerlj area 0 authenticataon message-dzgest(optional)
O SPFVZ Configuration Interface
N7010-C1-C1-Pod1-Red(confzg)# tnterface port-channel lN70l0-Cl-Cl-Fod1-Red(confxg-if)# ap ospf message-dagest-key 1 mdb nxosN70l0-Cl-Cl-Pod1-Red(confIg-If)# zp ospf dead-znterval 20N70l0-C'--Cl-Pod1-Red(confIg-If)# zp ospf helko-lnte rval 5N70l0 CI. C1' Podl-Redtconflg-xfl# zp router ospf l area D
N7olo-cl-cl-eodl-Redlconflg-iflj interface ethernet 1/1-2N7olo-cl-cl-podl-Redtconfig-vf-rangelj ip ospf message-dlgest-key 1 md5 nxosN7olo-cl-cl''podl-Redrconfig-ïf-rangel# Ip ospf dead-tnterval 20N73lo-cl-cl-podl-Redlconflg-œf-rangel# Ip ospf helio-tnterval 5N7olo-cl-cl-podl-Redtconfig-œf-rangelj Ip router ospf l area 0
N
! .251$ lmplemenllng Clsco Data Center Networkkng l nf raslructurg 2 ( DChJl-2 ) v3.0 tlp 2099 Clsco Systems . 1nc
OSPFVZ Conflguration Virtuallzatlon
NVQl0-C1-C1-Podl-Red(config)# vrf context znterswitchN7O10-C1-C1-Podl-Red(confIg-vrf)# router ospf l&7010 Cl Cl-podl-Redtconfzg'routerl# exztN70l0-C1-C1-Podl-Red(config)# vrf context intervdcN7Q10-C:-C1-Pod1-Red(conflg-vrf)/ router espf L
O SPFVZ Configuratlon Valldatlon
N7010-C1-C1-Pod1.Red# show tp ospf nuzghbors vrf allOSPF Process ID l VRF ïnterswïtchTotal nunber of neighbors 1Netghbor ID Pri State Up Time Address Interface10.11.3 2 1 FULL/HDR 0Q'22 32 10 11.3 Z P=1OSPF Process TD 1 WRF intervdcTotal number of neighbors: 2Neighbor ID Prz State UP Tame Address Interface10.12 l 2 1 FULL/BDR 00'45.06 10.12.1 2 Lthl/l10.23.1.2 1 FULL/BDR 00:37'43 IQ 13 1 2 Ethl/2
Lkb 2009 Ctsco Systelns. lnc. Uslng the Clsco Nexus T000 In Data Center Networks 1 -257
OSPFVZ vs. O SPFO Com parison
Support for IPv6 routing prefixes and the Iarger size oflPv6 addresses
LSAS are expressed as prefix and prefix length instead of addressand m ask
Router ID and area ID are 32-bIt num bers with no relationshlp toIPv6 addresses
OSPFV3 uses Iink-local lPv6 addresses for neighbor discover-yand other features
OSPFV3 uses IPv6 for authentication
OSPFV:S redefines LSA types
< .
1 -258 lmplementlng Clsco Data Cenler Network! ng lnfrastruct ure 2 (DCNI-Z ) v3.O .u 2009 Clsco Systems lnc
OSPFV3 Conflguratlon Global
N7010-C1-C1-Pod1-Redj confzgN70l0-Cl-C1-Podl-Red (confzgl/ feature ospfv3NV0I0-C1-Cl-Podl-Red(conftg)j router ospfv3 201N7olo-cl-cl-podl-Redtconftg.routerl# router-ad l.1 l l (aptzonall
N7Ol0-C1-C'.-Podl-Red4conf1g routerl# show ipv6 ospfv3 2OlRoutzng Process 201 wzth ID l l l.1 VRF defaultGraceful-restart zs conftguredgrace perlod: 60 state (nu1l)Last graceful restart exzt status' None
Supports only szngle TOSITOSO) routefSupports opaque LSAAdminystratlve distance 1iOReference Bandwzdth ts 40000 MB/s(output omltted)
OSPFV3 Configuratlon Inteuace
Ncolo-cl-cl-podl-Redtconfœg-routerlj mnterface ethernetz/lNVOL0-Cl-C1-Podl-Red(config-if)# ipv6 address 20Ql.0DB0 .1/48N70l0 Cl.cl-podl-Redlconfag-ifl# ipv6 router ospfu3 201 area 3
N70l0-C1-C1-Podl-Red(confIg-if)# show zpv6 ospfv3 2Ol xnterface e2/$Lthernetz/l is up. lzne protocol zs up
1Pv6 address 2001:0db8:.0001/48Process ID 2Ol VRF develoement, Instance ID O area 3Enabled by Interface confïguratxonState DOWN? Network type BROADCAST. cost 40Index 1 Transmwt delay l sec Router Prxorzty 1No designated router on thzs networkNo backup deslgnated router on thzs network0 Nelghbors flooding to 0 adyacent wl uh 0Ttmer Intervals' Hello 10 Dead 40 Wazt 40 Retransmœt 5Number of lïnk LSAS 0 checksum sum 0
1-260 lmplementlrg Clsco Dala Center Networkpng lnlraslructure 2 (DCN!-2) v3 () t;) 20D9 Clsco Systems. 1rc
EIG RP O vew iew
Ad va n c ed d I st an ce vec t or F' I e x I b I e n e twork d es r g oR a p I d con ve rg e n ce M u ht , ca sl a rl d u n I ca s t p n s ( ea d of1 0 O f '' I oo p-f ree cl a s b 1 es s ro ut, ng b5OaUC; ast acl d res sEasy conflguration Stdflpofl fOC VLSM and dlsconttguotls
subnetsIrltiremental updatesManuai summarlzatlon at any polnt 1l)k
oad Llalanclng across ttle Inlernetworkequal.cost pathways
EIGRP Conflguratlon
N7010-C1-Cl-Podl-Red(confQg)# feature emgrpN7010-C1-Cl-Pod1-Red(config)# router eïgrp 30lN7010-C1-Cl-Pod1-Red (confzg-routerl# eïgrp router-id 1.1 l 1 (optxonal)N7010-Cl-Cl-Podl-Red (config-routerl# etgrp log-netghbor-changes (optzonal)N72l0-C1-Cl-Pod1-Red (confxg-routerl# elgrp log-nezghbor-warnxngs 20 (optzonal)N7olo-cl-cl-podl-Redtconfrg-routerl# interface ethernet 2/lNT0l0-C1-Cl-Podl-Red(eonfzg-if)# ip router eigrp 30l
1 -262 lmplementing Ci sco Data Center Networklng Infrastructure 2 $ DCN I-2 ) v3 .0 i; 2009 Clsco Syslems. lnc,
' ) . o .,
EIGRP VRF Configuration
N70l0-Cl-Cl-Podl-Red(confxg-zf)# vrf context enganeerlnqN70lO-C1-C1-Podl-Red(confIg-vrf)# Interface ethernet 2/1N70l0-Cl-C1-Podl-Red(conf1g-if)# vrf member enganeerlngN70l0-C1-Cl-Podl-Red(conf1g-œf)# show ip elgrp 39l traffmc vrf engmneerlng
-1'11 i > Ii gu rc s Ilow s 11 ow' to coll l'i gtlre l-ï 1(.5 RP lbr 11 N'r RF .
K show ip eigrp as metric stlpport ( 11 iddell collllnalld )
K Sllou s colnptltcd colnpositc nlctric for a given vector Inctric
& 2009 Clsco Systems, Inc. Using tl4e Cisco Nexus 7000 in Data Center Networks 1 -263
IS-IS Overview
x..r - t ë - ''m. j y'J v: ... w-.. ..
.= '. u. .. , s, jjy',. ..:1 . IL E! 1 E; ..: . ... g.,,..yjjjj' j j j y;L 1 IS !J )
$ ! .) E ' 'b D . -
E .G. E ' . .'' ' ; t.1.2 ISL1 IS L1 IS ' ' L' ' T'.... .-. .. - . . e F .....c . -.:- - z . . . . .f?. -w. ..r: , ngj, .,- s .,. --.. .v.C , ,. -'# ?) , ,. --.. . -z. c;k'., t . ' -'.j r ëkvu...-ze ..'x.- '-w. L 1 Is
. ts . .. ' ' b a.r .p t g ,. < & ' 'YL 1-.2 IS
L 1 IIs kL 2 IIn k
.................. L 1 2 Ipn k
Y
1 -264 Implementlng Clsco Data Center Networking Infrastructure 2 ( DCN 1-2) :/3 0 @ 2009 Cisco Systems, Inc.
'zb 2009 Clsco Systems, Inc. Uslng the Cksco Nextls Z000 In Data Center Networks 1-265
IS-IS Configuration
N7010-Cl-Cl-Podl-Red# confzgN7010-Cl-C1-Pod1-Red(cunf1g)# feature isisN7olo-cl-cl-podl-Redtconfzg-vrfl/ router iszs DevelopmentN7olo-cl-cl-podl-Redtconflg-routerlp net 47 D004 004d 0001.0001 0c'.l 1:11 00N7olo-cl-cl-podl-Redtconfig-routerl# is-type (level-l 1 1eve1-2 1 level-l-2)(optlonal)Nvolo-cl-cl-podl-Redtconfxg'routerl/ show isls process
IS-IS Optional Configuratlon Parameters
N7olo-cl.cl-podl-Redlconflg-routerlj dxstance 30N7010-C1 Cl-podl Redtconfzg-routerl# log.adlacency-changesN7olo-cl-cl-podl-Redlconfïg-routerl# lsp-mtu 609N7olo.cl-cl-podl-Redtconfzg-routerl# maxzmum-paths 6N7olo.cl.cl-podl-Redlconfzg-routerj# reference-bandwtdth lO0 Gb/s
(D 2009 Clsco Systems. 1nc Uslng the Clsco Nexus 7000 In Data Center Networks 1-267
1 .268 Implementhng Clsco Data Center Networkhng I nfrastructure 2 ( DCN I-2 ) v3 0 (t) 2909 C1s(;o Systems. 1nc
IS-IS Virluallzatlon Conflguration
N7010-Cl-C1-Podl-Red# confzgN7010-Cl-C1-Podl-Red(conf1g)j vrf context DevelopmentN70l0-C1 Cl-podl-Redlconfïg-vrflj router tsis DevelopmentN7olo-cl-cl-podl-Redtconfig-routerl# vrf DevelopmentN7olo-cl-cl-podz-Redlconfzg-router-vrfl# net47.0004 004d 0001 0001 0cll.1l11 00N7010-Cl Cl-podl-Redlconfig-router-vrfl# Interface ethernet 2/3N7O1O-C1.Cl-Pod1-Red(config-if)j vrf member DevelopmenLNV0l0-C1-C1-Pod1-Red(confIg-If)/ IP address 10 1 1 1/24NV9l0-C1-Cl-Podl-Red4config-àf)# ip router ksls Development
CC ' 2009 Clsco Systems 1 nc. Uslng the Clsco Nexus 7000 in Data Center Networks 1 -269
BG P Overview
(gtlslo rn efAS 64520
1 72 1 6 () 0/1 6
SSP.AAS 650001 7 2 1 E$ () . 0/ 1 6
1 -270 lm plement, ng Cisco Data Center Networklng 1 nfrastruct ure 2 lDCNl-2 ) *3.9 fC. 2909 Clsco Syslems . lr7c
BGP Basic Conhgu ration
N7Ol0-Cî-Cl-Podl-Red# confzgN701O-C1.C1-Pod1-Red (conflgl/ feaLure bgpNV0lO-C1-C1-Podl-Red (confzgl# router bgp 40000N7Ol0-Cl-Cl-Pod1-Red(conf1q routerl# router-zd 10 1.1.1 (optlonal)N7olo-cl-cl-podl''Redlconfig'routerl# address-famzly ipv4 unlcast (optional)N7olo-cl-cl-podl-Redsconfzg-router-afl# network 10 l l D (optzonal)
Address Fam ily Configuration M ode
BG P Peer Configuratlon
N20l0-Cl-Cl-Podl-Red(confxg)# router bgp 40200N7olo-cl-cl-podl-Redtconfœg-routerlj nelghbor 10 l l 2 remote-as 45000N7olo-cl-cl-podl-Redtconflg-router-neighborl# descrxptxon Peer Router B(optzonallN7olo-cl-cl-podl-Redlconfœg-rout.er-neigu orl# timers 30 9: (optaonal)N7olo-cl-cl-podl-Redlconftg-router-neigM orl# shutdown (opttonalhN7olo-cl-cl-podl-Redlconfzg-router-neïghborl# address-famzly xpv4 unacastN7olo-cl-cl-podl-Redlconfig-router-nemghbor-aflj show bgp zpv4 unicast neighbors
1 .2-,2 Implementpng Ctsco Data Cernter Networking I nfrastructure 2 ( DCNl-2 ) v3. () f ' 2009 Crsco Systems . I nc
Clsco NX-OS BGP Main FeaturesIntegrated implementation for l Pv4 and I Pv6Attrlbute based preflx packlng In update messagesNeighbor policy evaluatiot) optlmlzationsDebug filters to constraln debug output:Nelghbor. preflx. address-famlly. VRF. policyNetFlow support (BGP next-hop. peer-As. orlgpn-As )MD5 authenticationRecurslve next-hop notificatlon handllng (similar to Cisco IOS NHT)Su p port for mu lti pIe VRFSPrefix based peerlng (passlve-mode)Controlled restartAttribute based pollcy matches In BGP redistrlbutlon into IGPSSupport for IGP overload settlngSuppod route/AsN Iookups for MSDP RPF. traceroute
RlP Ovewiew
Maximum is 16 equal-cost paths (default = 4)Hop-count metric selects the path
'' Routes update every 30 seconds
;r j.; y ' 'IpNf >
- .1 9 2 k b q:l s j; 4, q.
T1 T 1
- - T 1 ..c .J- . .r- -c::
1 .274 Implementlng Clsco Data Center Networklng In frastructure 2 (DCN I .2 ) v3 .0 C. 2009 Cpsco Systems . Inc
RIPv1 and RIPv2 Com parison
.. g . , ,k . j,;
Routlnç; protocol Classfur Classless
S u p porl s varl at) he .1 e l7g th s u bn et m a sk '7 No Yes
Sends the subnet mask alllng with lhe roullng updateo No Yes
Addresslng tvpe Broadcas! Multrcast
R FC s 1 72 1 , 1 7 2 2 ,Def I net ï , n R F C 1 058 and 2453
S uppoqs manuai route summarlzatlons' No
Authentlcatlon stlpportT No
tT? 2009 Clsco Systems , Irlf: Uslng the C isco Nexus 7000 pn Data Center Networks 1 -27 5
RIP Conflguratlon
N70lO Cl-cl-podl-Redtconfzglj feature rzpN7010-Cl-Cl-Podl-Red(confIg)# router rip DevelopmentN7olo-cl-cl-podl-Redtconfag-routerl# address-famxly ïPv4 unacastN7olo-cl-cl-podl-Redlconfig-router-aflj interfaee ethernet 2/3N70l0-Cl-C1-Pod1-Red(config-If)# Ip router rip DevelopmentNV0lO-CI-Cl-Pod1-Red(confkg-if)# show zp rzp Development ethernet 2/3
1 -276 lrnplemenlhng Cisco Data Center Networklng lnfrastruclure 2 (DC N I-2 ) 73.0 tth 2009 Clsco Syslems . lnc
RI P Viduallzation Configuration
N7OlO-Cl-C1-Pod1-Red(confzg)# vrf context RemoteoffzceN'Colo-ch-cl-podl-Redfconflg-vrrl# router rtp DevelopmentN701O-Cl-C1-Pod1-Red lconfxg-routerh# vrf RemoteoffxceN7olo-cl-cl-podl-Redtconfzg-router-vrfl/ addreas-famxly ïpv4 unzcastN7010-C1-Cl-Pod1-Red (conflg-router-vrf-afl/ znterface ethernet 2/3N7Ol0-C1-C1-Podl-Red (config-xflj vrf member RemoteofflceN7olo-cl-cl-podl-Redlconfmg-zflj xp address 10.1 l *-/24N70lQ-C1-Ct.Pod1-Red(confzg-tf)# Ip router r1p Development
R l P M a i n Featu res
Single instance supports m ultiple VRFS
Multiple instances
RIPv2 and R1P next generation integrated in same process
Controlled restart
Extensive statistics and debug support
Debug filters to constrain debug output per VRF. interface. andaddress fam ily
Cryptographic (MD5) authentication. simple text authentlcationAuthentlcation support using keychain
Redistribution support. and filtering through policies
Cisco NX-OS RIP Support
Suppoded: Not Supported:
RIP version 2 (RFC 2453) RIP version 1 (RFC 1058)RIP for IPv6 (RFC 2080) Unicast periodic updatesRIPv2 MD5 authentication Broadcast packet flooding( R FC 2 082 )RIP version 2 M lB extension( R F C 1 724 )
1-278 lmplemenllng Ctsco Dala Cenler Netwocklng Infrastructure 2 (DCN1-2) v3.0 tt. 2009 Clsco Systems. Inc
V irtual Routing and Forw arding
Fl outer E?.
Etll elnet 2/ 1 -- '' ..--..c- -
''/R F Red 7 , /
R o EIt el Z R o u tel 4-- --'- EtI el net 1 / 1 '- '' '----. -- - a 1 ..-. .-x.
v' '''
/ s;v F, Red . ,.3
EE tll 6, r rl 6!t :! 1 ..&: . --' ---- n' R F B p ' i. tl 9
Fk () tl t eFi k-'
1 -280 lmplementlng Cpsco Data Center Networklng In frastructure 2 ( DCN 1 -2 ) 13 .0 (t)' 2009 Clsco Systems . Inc
N70l0-C1-Cl-Podl-Red#conf1gNVOl0-C1-Cl-Pod1-Red(cenfzgJ4 vrf context interswltch&WO10-C1-C1-Pod1-Red lconflg-vrfl# xnterface port-channel '-N7010-C1-Cl-Podl-Red lconfxg-iflj vrf member xnterswitch
NV0l0-C1-Cl-Podl-Red(confzg-if)j sho- vrf ioterswltch Interfsce
Interrace VRF-Name VRF IDport-channell xnterswltc'n 4
:? .
z'z , - ù j) j// y. /- . f.,f( z l- ., v., f'? &f ' 'e / éf .4. -.$ . ,
. < g ,;,# t't /g' . z ' 1...1 ,z /' () 'p/./ /' // p . . 1,11.1fzzz,8' . , . / . ( 44 / t.i ' yr- ) v.ltzl;
t r' .< 1
Asslgnlng VRF M em bership to an lnterface
N70l0-Cl-Cl-Pod1-Red(conf&g)# vrf context antervdcN7olo-cl-cl-podl-Redtconfxg-vrfld znterface ethernet :/1-2N7olo-cl-cl-podl-Redlconfzg-zf-rangelj vrf member intervdcN7olo-cl-cl-podl-Redtconftg'tf-rangelj exltN70l0-Cl-Cl-Podl-Red (confyglj anterface ethernet 1/lNV010-C1-C1-Pod1-Red(conftg-if)# ip address 1Q.12.1 1/24N70l0-Cl-C1.Pod1-Red(confzg-If)# no shutNV0l0-Cl-C1''Podl.Red(conftg Lf)# Interface ethernet l/2N7010-Cl-C1-Pod1-Red (config-tfl# yp address 10 13 l 2/24NVOl0-Cl-C1. Podl-Redtconfag-zfàj no shut
Conflgurlng VRF Param eters for a Routlng Protocol
N70l0-C1-C1-Podl-Red(confag)# vrf context znterswitchN7010-C1-C1-Podl-Red(qonf1g-vrf)# router ospf lNvolo-cl-cl-podl-Redtconflg-routerl# exktN70l0-Cl-Cl-Podl-Red(confkg)# vrf context IntervdcN70l0-Cl-C1-Podl-Red(conftg vrflj router ospf 1
1 -282 lmplernentlng Clsco Dala Center Networkdng lntrastructure 2 (DCN1-2) v3 0 .@15 2009 Cisce Systems , lnc
Policy-B ased Routing
# A
* . '.t x i '
N 'N* x''- ; ex.c- - e. .-
j.j.g s '..f . 4 ' ' . :. x '. .. r2 .r2 w f j tj'; ( '..' . t. j h ' .
t ta- P EJm ..A -
- . 1
ltluslonler E. û tp st orner /?& t J se I SP L
t- tp st om er Ej I I s e I G P E;
1 .284 Implementlng Clsco Data Center Networklng I nfraslructure 2 ( DCNI-Z ) v3 () q.h 2009 Clsco Systems . Inc
Conf iguration Commandsm atc h com m an d s :m atch ip address acl)
m atch ipv6 address ac/2m atch Iength min m ax
set com mands:
set ip next-hop addrl addrz (load-sharelset ip default next-hop addrl <addrz gload-sharelset ipv6 next-hop addrl addrz (Ioad-share)set vrf foo
PBR activation:
iplv6l policy route-map fooipgv61 Iocal policy route-map foo
'fz 2009 Clsco Systems. irlc. UsI ng the Clsco Nexus 7000 Irl Data Cerlter Networks 1 -285
Layer 3 Port C hannel
Confi uratlon Layer 3 Port ChannelNVOl0-C1-C1-Pod1-Red(confzg)# feature lacpNV9l0-Cl-C1-Podl-Red(confIg)# znterface port.channel TN70l0-Cl-C1-Podl-Red(confxg-zf)# Interface ethernet 2/l ethernet 2/3N7olo-cl-cl-podl-Radtconfxg-lf-rangel# switchportN7olo-cl-cl-podl-Redtcenfzg-zf-rangel# no swztchportN7olo-cl-cl-podl-Redtconfig-af-rangel# channel-group 1 mode actxveN7olo-cl-cl-podl-Redlconfkg-lfl#exttN7olo-cl-cl''podl-Redtconfagl#exat
N7010-C1-C1-Pod1-Red(confag)# rnterface port-channel lN70l0-C1-CI-Podl-Red(coofïg-xf)# lp address 19 11.3 1/24&70l0-C$-C1-PodI-Red(config-af)) no shut
N7olo-cl-cl-pods-Redtconfxg-af-rangel# show port.channel smmmaryFlags. D - Down P - Up zn port-channel (members)
1 - Indkvidual H . Hot-standby (LACP only)s - Suspended r . Module-removedS - Swxtched R - RoutedU - Up (port-channel)
Group Port- Type Protocol Member PortsChannel
1 Pol(RD) Eth LACP Eth2/l(I) Hth2/3(I)
ECM P Load-Ba lancing Ha sh
Y -.-. -=
L.o veI -à and 4 harsh * ': b: rDesl-addr 11 aSh(.-.- ... (yp est- a dd I - p ol4 lh as 171 .-..- 'Q .
i *
= .- -..- -
( $. j
.. '2=
ip load-sharing
To '$. 1 eys' 1 l)e d at kt 17:1 t 1) . tlstt ( 1) 1 > coln :n an d :
show f orwarding data-path ( .'' 2 '- C : - . . k ' )1 - '' - 1 (module '. )
ECMP Load-Balancing ConflguratlonN70lO-C1# confzg t
Load Bazancœng OptlonsN7olo-cllconflgj#port-channel load-balance etbernet (destlnatxon-lp 1destlnation-mac 1 destxnatïon-port I source-destznation-xp 1 source-destznation-mac I source-destinatlon-port 1 source-ip 1 source-mac 1source-port) Imodule-n umber)
Load Dalancong ExampleN7Ol0-C1(aonfig)# port-channel load-balance ethernet source-desttnatzon-mac
Uaiadate boad lazancingN7olo-cltconfxgl#show port-channel load-balance
To Remove Load Sa; anclngN701D-Cl (confzgh# no port-channel load-balance ethernet
NOTE : Load balancing may be configured for an entlre devlce or on a per.VDC basts.
1 .288 Irnplementlng Clsco Dala Cenler Network Ing I nfraslructure 2 ( DCN I-2 ) v3.O kit' 2009 Clsco Systenls. Inc
Tunnels
Tunnels and Vlrtualization
Orlglnal IP . PassengerOnglnal Packet ' Origrrlal Payload protocolHeader
i !i i
added Headers ii: E
Dellvery GRE GRE Payloadi'teader Header
Transport CarrlerProtocol Prolocol
C) 2009 Clsco Systems. lnc. Uslng the Cisco Nexus F000 pn Data Center Networks 1-289
1-290 lmplementlng Clsco Data Center Networklng lnfraslructure 2 (DCNI-2) $/3 0 ti)l 2009 Cksco Syslems, Inc
J ' . 1 (. !. ' '
Configuration Bidirectlonal TunnelROUTER A
NRolo-cltconflgl#feature tunnelN70lO-Cl(config)# Interface tunnel 0&7010-C1 (confzg-zf) # ip address 209.165 20 2/8N70l0-Cl (confzg-lflj tunnel source ethernet l/2NV9l0-C1 (confzg-ïfl# tunnel destination 192.0.2.2N79l0-Cl (eonfïg-ifl# Eunnel mode gre ïpN7Ql0-Cl (confïg-afl# tunnel patb-mtu-dœscovery 25 1590N7olo-cllconfig-if) # interface ethernetl/zN7Ol0-Cl(config-yf)# zp address 192.0.2.55/8
ROUTER BN7olo-czlconfïgl#feature tunnelN7O10-C2(confIg) # Interface tunnel 0N70lO-C2(config->f)/ zp address 209.165.20.1/8NV0l0-C2(confzg-ïf)# tunnel source ethernetz/lNV0l0-C2(confzg-1f)# tunnel destinatlon 192.0.2.55N7O10-C2(config-if)# tunnel mode gre IpN70l0-C2 (confzg-if) # interface ethernet 2/lN70l0-C2 (config-ifl# ip address 192.0.2.2/8
NOTE Layer 3 tunnels must be configured from wllhln lhe defaul V D C conlext
Defau It sctti Ilgs t'br I P ttllllltz l paranàctcrs are:
K Path NITU disco: erl' age timer: l 0 sccolltls
. Path M TtJ discoverl' minim u m 51 TIJ : (74
K T u n n e I f e a t u re : D 1 s ab 1 c d
. 2.'h t ( ); r '.: x,î. .0 s -., a.' .'p -- t .t' j. $ t ) .c :;:; p '. t. 'p ..' . k * (: 7 I -? J ! 1 # ! . ( lT,.g ; w - .w .. & t u 4 .J v..? .i t y t
VRF Mem bership
N70l0-Cl (conflgl# lnterrace tunnel 0N70l0-C1 (config-ifl# vrf member RemoteoffzcevRFN70l0-Cl(confIg-If)# Ip address 10.3 3.1N7olo-cltconfig-xf) # copy runnang-confag startup-config
@ 2009 Cisco Systems , I nc. Uslng the Clsco Nexus 7000 In Data Cerlter Networks 1 -29 1
Layer 3 M ulticast
Overview(1 ou I c e
I(t,x .#.Mulb cast Data
l
r .--- = . j k.- <f< x -'z+A h k '. .. . , j.%.-t. , ,'t . ,'..#'..
1 tI
I ! ' 1
xTe w# w#..- -
.x . z
Recelvel RecepzeF
M ulticast inN'olvcs a ll'lctllod of del ivel'y alld di scovcry of scnders and rcceivcrs ot' lnu lticastdata. u 11 ich is translnittcd ol) l P l'nu lticast addrcsscs callcd vy'()lq).v.
1 -292 Implementlng Clsco Data Center Networking Infrastructure 2 ( DCN I-2 ) v3 0 (tt 2009 Cisco Systems . Inc.
M ulticast Distribution Trees'. Source Tree
3ou r c t: ..jH ost u ../ ..,
..g.j j ) j y r .j ffir1 1 9'' 0 n 1 -
.,z FS - Ir. u u,,. , p . c-
: ' jk k y - '(
(' f
q jt l
I 9 'J I Z I 1 9 2 2 2 1
R ecelv el $ R ec el . er jHoh:t E; *'- e Host (J ''-.- j: .- y
.:t9 2009 Cisco Systems. Inc. Uslng the Clsco Nexus 8r()()0 In Oala Center Networks 1 -293
M ulticast Distribution Trees.' Shared Tree
2 2 4 2 2 :2 T l a f6 c3 o t I I c
we
..j ..........p,H ost /4 .,:y
...j)
'
1 9 2 O 2 1 r; , , F; ' p , .- j. , rj a ..; ) !
:b F. F. .= n i * '- 2 =. . j. .k # # - * #
C E
y . . y1
1 9 L' 2 M 11 Cj 2 1 2 1 -
R ec t'lv' ef # jHoGt FJ ''-* -x.w y ... j
M ulticast Distribution Trees'. Bidirectlonal Shared Tree
. 2 .24 2 L :. 'F1 a tfi u5vf
j 1 9 2 i:. :y l g , , Ft g, ,A s; E
. =' u ..z . - .JI.<. y j. k jjk-, .y '
c
Q. JQ
j. y!! 9 Z 2 2 I1 92 I 2 1
P e t' e>1 . e rR e c e I . . e l
. ( s , n s ! , g . j.Host E$ ''-- .wtv -f
M ulticast Folw a rding
tl n pcast Pack ets fromt'i o u t c e 2 O 9 . I 6 5 . 2 O 0 . n...:t 5
R PF Clleck Falls
Unlcast Route Table E :;
. - tb... .r. rIr 6. rr.n. - c::-.<':'- x-
, j)E l
Unica st Packets from6) o u r c e 2 0 9 1 6 5 . 2 0 0 2 2 5
R PF Check Su cceeds
The router pertbrms an RPF clleck for cach illconling l'nult icast packet. If tlle packet arrives oI,thtr intcrface leading to the sourcc. thc pack ct is t'orwartlcd out of eatrh k' ntcrfacc in thc outgoingilltcl'tilcc list for tllc grotlp: otllcrwise. thc packct is droppcd.
1-296 lmpïemenbng Clsco Data Center Networkfng lnfrastruclure 2 (DCN1-2) v3.() (C) 2309 Clsco Systems. lnc.
Clsco NX-OS PIM and PIM 6E)3 c; r1 1 c3 r 17 .-n
<j.;
# fMj
... 1.ji ' ' '. ..
.. . - ... J. J 'c--' . . .
'L ' ' '1;-. .
'
' -
'
t
'
. 1?1111!
*
'. 1111I1(k-
'
-
'
.
'
.
'
.
*
.--12111.;?
*
.
'
jê. pt
d
,
*
...
*
13633663
*
, #
- . . ,.... . . --I
.f= . oj
'('. . 2009 Clsco Systems Inc Uslrlg tkle Clsco Nexus 7000 ln Data Center Networks 1-297
L' qtlatics (k) 8 K phystcat 17 I 11 T(.' AS,,'I tzlltrikzs
. 64 K N1 I ('F elltrics per rcpl ictltjtlll tzllgi llt!
Sum m ary
Networks and interfaces are included on an interface basls frominterface conflguratlon mode.
HSRP uses a group oî routers to provide redundancy.
Routing protocols use multi-instance support on the same ordlfferent Interfaces wlthln a VRF.
Policy-based routing fo> ards packets to a next-hop device basedon adm inistrative poiicy rather than best routlng metric.
Fqual-cost m ultipathlng has four hashing optlons for loadbalancing across equal-cost paths
lm plicit tunnels are created and configured by applications usingtun n e I AP I s .
Layer 3 m ulticast is fully distributed to Layer 3 IPv4 and IPv6multicast hardware switchdng.
1 -300 lrnppemenllng Clsco Data Center Nelworklng Infrastruclure 2 ( DCN 1-2) v3.0 i.,' 2009 Clsce Systenls . Inc.
Lesson 7
C isco N exus 7000 and C isco
NX-O S Q uality of Service
O verview
Objectives
Cisco Nexus 7000 Series Q oS O verview
T
The Cisco Nexus 7000 Serles oflers arich, data-center-focused QoS feature
set IImplements key queuing, marking. andpollclng functionality with no impact tofonvarding performance. : l
!! 15 i i' 1 ! 11Adheres to the Clsco MQC configuration : 1@ !! j pj jj Ij
. : i! . j ;i srnodel . 1 jj j j jj jk.1 .class maps Il. 'lI 1 j il Ii. ,
, :. .j
Policy maps
Service pollcies
N7K-C7010
Using Q oS
Classification
M arking
1-302 lmglementlng Clsco Data Center Networklng I nfrastructure 2 ( DCN 1-2 ) v3.0 (iJ 2009 Clsco Systems . lnc.
M utation
Policing
Q ueuing and Scheduling
High Availability
Port Q oS
1 0 G a nd 1 G pol-t Q oS featu res i ncI ude :Cos-to-queue mapping:
lngress and egress queue assignment based on CoS
Buffer and bandwidth allocation:
Size queues and assign DW RR welghts
Congestion avoidance via W RED
Priority queuing on egress
Shaped round robln (SRR) egress queulng:SRR and priority queulng m utually excluslve on a single port
1 -304 Implementing Clsco Data Center Networklng I nfrastructure 2 ( DCN 1-2) v3.0 %-v. 2009 Chsco Systems . I nc
Q u e u e S p e r p o rt '.Ingress: 8 qtleues and 2 thrclshopds(RX: 8q2t)Egress : 1 strlct prporlty queue. 7deflcit DW RR queues. and 4 .e'7- r 'thresholds (TX ' 1 p7q4t) 'fi-i''l's -
' . ' .. z
. -..m . v - - -'z.k, - .
.X v.-.. -- e--' .-Po/ Buffers > = .v .>= -
1 M B + 65 MB ingress per port fordedicated mode of operation
80 MB egress per port fordedlcated mode of operatlon
1 MB per port + 65 MB shared perLngress port groop in shared mode
80 MB egress per four-port group inshared mode
B uffe rs '.7.56 MB ingress per port
6 15 MB egress per port
Queue Structu re :2q4t lngress < . -.
A ' '1 p 3q 4 t eg re s s .: - .7 %* . - v . . ' -Ny : . - '
. e. -- o a..* **** '' .**-* *** @ @'F**.>*.* * .@ *q***%u .Y ' .-Y** ppwq .'T*M ù..C .0,-
1 -306 I mplementlng Clsco Data Cenler Networklng Infrastruclure 2 ( DCN !-2 ) v3 0 ((' 2009 Ctsco Systems . 1 nc
Forw arding Engine Q oS
' # 1Ingress and egress traffpc classlhcatlon. IE IE 1 !! lj 1 l11 11 ! 11 Ii i
l@4 !.i ! i 5l 1: l 1: ! il: 1 .; Ik !.Iragress and egress poklclng 11 k t. Ii 11 il11 1 I z.
The lngress forwardlng englne makes a1I Ingress and egress QoS declslons
M odular Q oS CLI O verviewTh i > t t'p i c tlcst' l'i bt. %i t Ilk2 i Il'lp l k? i11 c 1'1 t ;.tt i t dll t' t' (xlo j''; tl s l l'kg N'1 (..b(. ' .
, .y/ :t. j . . ..@. t.t )...:
Policy-Maps:Represent set of policiesapplied to class-maps
Service-policy:Interface to which thepolicy is applied
1 - 308 I m pl ement , ng C I s co Dat a Ce n te r N etwork r ng I nf rastru ctu re 2 ( D C N I -2 J v3 . O C$'x 2 009 C $ sco S ystem s . I n c
Ingress QoS policies Egress QoS policies perper I nterïace: interïace :
DevlceOne type qos - One type qos
One type queuing t One type queulng'
) sk kl.u , ,
Ethernel 2/2
C 2 009 Cpsco Systems . f nc Uslng ttle Crsco Nexus 7000 fn Data Center Networks 1 .309
C lass M ap
11V) ) l*
1 -31 0 implementrng Clsco Data Center Networking lnfraslruct ure 2 (DCN 1.2 ) v3 0 qç, 2009 Clsco Syslems . I nc.
/-. t. >zu $p wz .j ,dit. l ((. z'z /,' f'(
,' ).) ,
/ 7 .-? 7o Zz (-
z'
AK/'.,..S WY# t ? t.7 t-q
1 .3 1 2 lmplementing Clsco Dala Center Networkl ng pnfrastructure 2 (DCN I-2 ) v3 0 (P 2009 Ctsco Syslerns. Inc.
Queuing class m ap names predefined.
' I . class eype queuing 9
Note Type queuing class maps may only have COS assigned to the policy maps
Table M ap
A table m ap represents a mapping from one set of packet heldvalues to another set of packet fields.
Table maps are used to perform the mutation process by beingattached to pollcy maps.Tabde maps are referenced in pollcy maps.
You can configure up to 14 table m aps for use In Ingresstnterfaces and up to 1 5 table m aps for use in egress lnterfaces.
Before you delete a referenced pollcy map. you m ust fifst removeaIl references to that policy map.
You can use only Iike parameters (for example, cos-cos) whenyou create a mutation map. Table maps with dissimilar types (forexample, cos-dscp) are not supported.
()t lt! u i 11 g and sc llcd tl l i 11 g
1 -3 1 4 Implemenlhng Ctsco Data Center Networklng Infraslructure 2 ( DCN I .2 ) v3. O tï p 2009 Clsco Systems . lnc.
! , . .2 -. k. . ... . : . 7 .. . .' . . .:. , , ., c 'à,. r is. .,â ,.. . -... - :; . -. ,;. -:$ . - .J; . c; . . ; k, t .. . - -'.-) .
Creating a Marking Table Map
1. I 11 11 table-map DSCP-SET
I I
C) 2009 Cisco Systems. Inc. Ustng the Clsco Nexus 7000 ln Data Center Networks 1-315
Policy M ap
' . )). y ..) p . ..
Policy Maps:Represent set of policiesapplied lo class maps
1 .31 fh lmphementlng Cdsco Data Center Netwprkpng 1 nf rastructure 2 t DCNl-2 ) v3 0 6. 2909 Cjsco Systems. 1 nc
Creating a Policy M ap for M arking
N7olo-cl.cl-podl-Redtconflg-pmap'-qosl# pollcy-map type qos DSCP-MUTATENvolo-cl-cl-podl-Redlconflg-pmap-qosl# class class-defaultN7olo.cl.cl-podl-Redlconflg-pmap-c-qosl# set dscp dscp table DSCP-SET
N7olo-cl-cl-podl-Redtconflg-pmap-c-qosl/ show polzcy-map DSCP-MUTATE
Type qos polzcy-maps
polxcy-map type qos DSCP-MUTATEclass class-default
set dscp dscp table DSCP-SET
. R ; .. '? ''.1 .. en . . p'$ . mo a ). l x , . k ) .
Creatlng a Policy M ap for Policing
N7010-Cl-C1-Bod1-Red(eonfi9-pmap-qos)# policy-map type qos COS-LIMITNvolo-cl-cl-podl-Redtconflg-p= p-qosl# class type qos COS-CODESN7olo-cl-cl-podl-Redlconfig-px p-c'qoslj polzce Percent 40
N7olo-cl-cl-podl-Redtconfmg-pmap-c-qoslj show polxey-map COS.LLMIT
Type qos policy-maps
polacy-map type qos COS-LIMITclass cos-codespolice cIr percent 49 bc 200 ms conform transmxt vzolate drop
1.318 lmplementkng Cisco Dala Center Networkpng Infraslruclure 2 (DCNI-2) v3.0 f.i 2009 Cpsco Systems Inc
Note MQC tabfe-map oblects cannot be used in poûicles of type qtleuing
Creating a Pollcy Map for Shaping
N7010-Cl-Cl-Fodl-Red(confkg)j pollcy-map type queuang LIMIT MY QUEUEN7olo-cl-cl-podl-Redtconflg-pmap-a el# class type queuang l-p3qk t-out-pql
N7olo-cl-cl-podl-Redlconfkg-pmap-c-o elj queue-lxmit 9<1.83886080> Queue slze In packets/bytes/oytes/e ytes/ms/uscoa IEEE 802.1Q class of servzcepercent SRecify queue sxze In PercentageN7olo-cl-cl-podl-Redtconfig-pmap-c-o el# queue-lxmzt cos 4 9<1-83886080> Queue size xn packets/bytes/kbytes/e ytes/= /usBercent Speclfy queue sxze In PereentageN7olo-cl-cl-podl-Redlconfig-pmap-c-o e)! queue-lxmat cos 4 1 mbyte
N7olo-cl-cl-podl-Redlconfkg-pmap-c-o elp show polley-map type queulngLIMIT MY QUEUE
Type queulng pollcy-maps
policy-map type queuing LIMIT MY QUEUEclass type queuznq lp3q4t-o-ut-- lPqqueue-irma t cos 4 l mbyte
1 -320 Impiementlng Cpsco Data Center Networking Infrastructure 2 (DC N 1-2) v3.0 Q 2009 Clsco Systems . 1nc
tq) 2009 Clsco Systems . 1 nc Usgng the Clsco Nexus 7000 II1 Data Center Networks 1 -32 1
1 .322 I m p 1em e nt r ng C ls co Da ta Cen te r N etworkl ng I nf ras tructu re 2 ( D C N I - 2 ) :/3 . 0 .''L . 2009 C I sco Systems . 1 n c
Service Policy
Policy-Maps:Represent set of policiesapplied to class-maps
Sereice-policy:Interface to which thepolicy is applied
N7O10-Cl.Cl'Podl Redtconfiglj interface port channel lN70l0-C1-Cl-Pod1-Red(config-zf)# servtce-pollcy output DSCP-MUTATE
N70l0-Cl-C1-Pod1-Red(config-1f)# show pollcy-map xnterface port-channel 1output
Global stattstlcs status enabled
port-channell
Servtce-policy (qos) output. DSCP-HUTATEpolzcy statzstkcs status. enabled
Class-map (qos) DSCP-CLUB (match-any)0 packetsMatch dscp 10.12 38
0 packets
Class-map (qos): class-default (match-anyl0 packetsset dscp dscp table DSCP-SET
(output omltted)
N70l0-C1-Cl-Pod1-Redfconf1g)# tnterface ethernet 1/'-N7O10-C1-C1-Podl-Red(conf:g-tf)# servzce-polzcy xnput COS-LIMIT
N701O-Cl-Cl-Pod1-Red(cDnfIg-If)# show polzcy Rtap tnterface ethernet 1/Linput
Global statmstzca status .
Ethernetl/l
Servtce-polzcy (qos) lnput COS-LIMITpolzcy statistlcs status enabled
Class-map (qos). COS-CODES (match-any)0 packetsMatch. cos 3,5-70 packets
polxce cïr percent 40 bc 209 msconformed O bytes, 0 bps actton transmztvzolat/d 0 bytes. 0 bps action. drop
(output omatted)
NV010-Cl-C1-Podl-Red(config)# Interface port.channel 1N701Q-Cl-Cl-Podl-Red(confIg-If)# servzce-polzcy tnput L2-COSERROR' Polzcy-map Lz-cos (type qos) xs confzgured wzth seL cos acttonor mutatzon map whœch set cos value or mutatlon map with from fxeld asdxscard-class.These actzons are prohïbïted zn zngress poktczes Cannot apply the polley
N7010-Cl-Cl-Podl-Red(confxg-If)/ servace-polzcy output L2-COS
N7010-Cl-Cl-Podl-Red(config-ïf)# show polzey map Interfaee port-chanuel loutput
Global stattstœcs
port-channell
Servxue-policy (qosl output: L2-COSpoltcy statïsttcs status: enabled
Class-map (qos) ' LZPROTOCOL (match-all)0 packetsMatch' protocol arpMatch' protocol cdpset cos 4
foutput omttted)
1 .326 Implementlng Clsco Data Center Nelworktng I nfrastructure 2 (OCNI .2 ) v'xg 0 (('.' 2009 Clsco Systems. knc
N7010-C1-C1-Pod:-Red(config)# xnterface ethernet 1/LNVO10 CL C1 Podl-Redlconflg-zfld servtce-polmcy nYpe queulng outpuLLIMIT MY QUEUE
N7O10.Cl Cl.podl-Redtconftg-tfl# show polacy-map type queuing LIMIT MY QUEUU
Type queuwng polzcy-maps
polxcy-map type queuzng LIMIT MY QUEUEclass Lype queuxng lp3q4t-o-ut-- 1Pqqueue-lrmkt cos 4 l mbytes
N7OlO-Cl-Cl-Pod1-Red(confIg)# xnterface port-cbannel iNW010-C1-Cl-Podl-Red(confIg-rf)j servzce-poLlcy type gueulng ynput WRED-SKT
NV0l0-Cl-Cl-Podl-Red(confIg-If)# show polkcy-map Lype queuwng WRED-SET
Type queuzng polxcy-maps
policy-map type queuïng WRED-SKTclass type queuxng Bqzt-xn-q-defaultrandom-detect cos-based aggregate mznïmum-threshold percent 10
maxzmum-threshold Percent 20
*
1 .328 Implernentlng Clsco Data Center Networkpng 1nf rastructure 2 ( DC N 1-2 ) v3 0 (L 2009 Cisco Systerlls. lnc
N7O10-Cl-C1-Podl-Red(conf%g-If)# tnterface etbernet )/2N70l0.Cl-C1-Pod1-Red(conftg-zf)# servzce-polkcy type queuang output MY-RATEERROR Module 1 returned status ''Al1 queues configured but percentage isless than 1O0 lf a11 queues are used percentage should be 1O0 percent ''
NVOIO-CI Cl.Podl Red (confzg-afl# show polzcy-map type queutng MY-RATE
Type queuwng polacy-maps
pollcy-map type queuzng MY-RATEalass type queuzng lp3q4t-out-pqlprkorzty level l
class type queuzn: lp3q4t 'out'qzbandwidth remaxnxng percent 25
class type queuyng lp3q4t-out-q3bandwtdth remainxng percent 40
class Lype queuxng 'p3q4t-out-q-defaultbandwxdth remaznzng percent 35
Sum m ary
The Ctsco Nexus 7000 Series offers a rich. data-center-focusedQoS feature set
1 0 G and 1 G port QoS features tnclude Cos-to-queue mappingsuch as Ingress and egress queue asslgnment based on CoS.
Forwardlng engine QoS features lnclude ingress and egresstraffic classification such as MAC addresses. IP addresses.protocol. and Layer 4 ports
Two types of class maps. pollcy maps. and service polices aretype queulng and type qos
Queuing service pollcies apply queulng policles to interfaces andQoS sefvlce policles apply QoS pollcies to interfaces or VLANS.
uesson 8 I
C isco N exus 7000 and C isco
NX -O S S ecurity
O verview
Objectives
Introduction to C isco Nexus 7000 and C iscoNX-O S Security
Traffic Integrity: Cisco Trustsec' LIRF'F Access Control :F'ac ket San Ity En lqa llced XC LsC I ) e c k s
. G Secu I'lty GrotlpDHC
.P FJrltloplllg qcl.s
rlvnamlc ARPi llsr?et-tlor) . . > - T. 'r Admission Control:- source suard :-ji/hrj,jl'I :'. I''f'r'fk''l 11! IEprxks.z ! F . .
, i . j y
'
: :j; g; -., y yu po rt secu rlty IE B 15 l : l j ! j 1 jlr !! !2 I : l . : !!Contro I Pla ne 4 :! 1: y jt r'letvvork De Nzlctaprotection : '.: !:! :!) I i ' ' !- I i I i, , 11 Adl.apssps,n .--'e'n,,trol- trol pial..e jsjlljij !1 ! p' 11 Ir .!!1 Eindporrlt Adnlrsslol,.... o n T ! ! jP o I 1 c I 11 g :
., I ! i ' . * : . ' 1! (), o n t r o I..z: I fa v p t :.....
t- o ntrol and Data '. I .separatlon .
Data confidentiality.p Lc, neJï klthentlcated K 802 1 AE L-11) k-sec'-'
rltrol protocols ' . Cr'yptoglaphy'. o 4' ---- . . ,- w -... .
,
*
'. 2009 Cisco Systems . 1nc (Jsl ng ttle Crsco Nexus 7000 pn Data Center Networks 1 .333
Traffic Integrity
1)1 '''-:tp.. ,w. ...-%u . .. .5':t 'oa.z...'.os) ..s..?/;.. .:. . 1 , . : jj , ! .r
$ I ... 1 1 I I I i1 O 1 5 1 ti 0/24 ' -- -; .k . , :.
- . :.j : j .#
'
jj1*-1 j ' I $ j# 11 1! I . . ; ! I ' l 11
1 P P a c k e t .u It h S;' oof e d -' *,.'.,c?1 11 c.u I p Aadress = 1 1 ! 1 l 6 :: ::::
f lta- 1 r-lto a bout tlnls pref I>: 1 Dr op ttpf.ib packet
*
1 .334 i mplementrng Crsco Data Center Networklng Infrastructure 2 ( DCN 1-2 ) $/3.0 V 2009 Clsco Systems. lnc
1 .336 1 mplemenll ng Clsco Data Centef Networklng 1 nf rastructure 2 ( DCN 1.2 à v3 .0 C? 2009 Clsco Syslems . 1 nc
1 -338 Implemenllng Cisco Data Center Networklng I nfrastructure 2 (DCN 1-2) 73 0 @ 2009 Clsco Systems . I nc
1 -340 lmplementlng C'sco Dala Center Networklng lnfrastructure 2 ( DCN I-2 ) v3.0 @ 2009 Clsco Systems. Inc
LJ 2009 Cisco Systems . 1nc Uslng the Cksc;o Nexus J000 1l) Data Center Networks 1 .34 1
1 -342 lmplementlng Clscca Data Center Networkrng 1 nfrastructure 2 (DCN I-2 ) v3 0 .t7p 2009 Clsco Systems In(;
*
1 -344 1 mplementlrlg Clsco Data Center Networking l ntrastruclure 2 (DCNI-Z ) v3 0 LCJ 2009 Clsco Systems. lnc
Control Plane Protection
1 ..34(6 1 m ple m entl ng C1 sc o Dat a Cent e r N etwork In g I n f ra stru ct u re 2 ( D C N I -2 ) v 3 0 'tc'.'' 20 09 C I sco System s I nc
Enhancem ents to COPP:Multicast traffic
ARP packets
Layer 2 broadcast packets
IP unicast with DMAC
Certain packets redirected to the CPU
Matching of packets generating exceptions and redirections
Configurable policy map for packets per second
1 . 348 Implementlng Clsco Data Center Networklng Intrastru cture 2 ( DCN I-2 ) v3.O 't' 2009 Cksco Systems 1 nc
4-t ( Q - '- ,z ' (
N7010-C1(confïg)# platfo vm rate-limit Qacl-logm rutt2Layerz
N70lQ-C1(conftg)# platfovm rate-limlt layerz 9bpducdFdorâxlgmp-snoopxng
NV9l0-Cl(confIg)# platform rate-lxmit layerz bpdu Q Kpps> Iburstl
1 -350 Im piennentlng Clsco Data Center Networklng I nfrastructure 2 ( DCN I .2 ) v3. 0 ('7,7 2009 Clsco Systems . 1 nc
A ccess Control
TCAM E ntrles 64 K ( 1 6 Krbank )
TCAM Masks 64 K ( 1 6 K/bank )
LOUS 1 04 (208 Reglsters)
Labels 1 6 K
TCAM = Ternary Contenl Addressable MernoryLOU = Loglcal Operator Unlt
1 -352 Implementlng Cgsco Data Center Networklng Infrastructure 2 (DCNI .2 ) v3 (1 tC; 2009 Cisco Systems . I nc
1 -36)4 i mplementlng Clsco Data Center Networklng Infrastructure 2 ( DC N I-2 ) v3 .0 ttv'' 2009 Clsco Systems . I nc
Atom ic programm lng is on by default
tlpdate of policies without Im pact
Three-step process
1 - 356 I m pl em ent r ng C Esco D at a C e n ter Network I ng I n fra stru ct u re 2 ( D C N I - 2 ) 1/3 . 0 '&' 2009 CI suo S ystems I f hc
L. 2009 Clsco Systems. lnr- Uslng the Chsco Nexus 7000 pn Data Center Networks 1-357
Atomlc programming requlres avallable hardware resources to succeed.M free entries. where M is the number of entries of the new ACL to beprogrammed
Atomlc propramming is enabled by default
If there is an insufficlent amount of free resources, an error is returnedand no modlficatlons are done to the hardware tables
In case of lnsuffpcient resources the user can disable the atomicprogrammlng and just perform the update nonalomlcally.
N7QlD-C1j conflzureN7O1O-C1(confIg)# no platform access'làst update atomzc
' Nonatomlc programmlng affects the traffic briefly,. By default the affected trafhc is dropped.
Thls behavlor can be changed by uslng the following command.
N70lO'Cl# tonflgureN70lQ-C1(zorifzg)# platform access-lkst update default-result Bermxt
1 -358 Implementlng Clsco Data Center Networkpng lnfrastruct u re 2 ( DCN I-2 ) v3.0 ) 2009 Cksco Systems . Inc
œ v x 1 i 1 I mc = EZ !' . ' . x x
12* 1> 1> 1% l 12% 1+ 12M
c r> c :> MtmG G FMM Mto G rœ AXT- Mtr-
1 -360 Implementlng Clsco Data Center Networklng lnf rastructure 2 (DCN I-2 ) v3.0 'Q 2009 Clsco Systems . lnc
Clsco NX-O S Support and Configuration
range 83 90 syn
0 (? () O () 0 () O 2 (1 qt O a ny4 () pe = .k !' a ny a rlh' *
E(.' 2009 Clsco Systems. Inc Uslng trpe Clsco Nexus 7000 ln Data Cenler Networks 1 .361
Cisco NX-OS Suppod and ConfigurationTime ranges determine when individual rules within an ACL takeeffect Time ranges are specified like any other m atching criterion:
A tim e range can be specified by using the absolute or theperiodic keyword.
Only one absolute entw is allowed per time-range com mand
The periodic item s are evaluated only after the absolute starttime Is reached and are not further evaluated after the absoluteend time is reached.
A1I tim e specifications are interpreted as Iocal tim e.
1 -362 1 mplenlentl ng Clgco Data Center Networklng lnfraslruclure 2 (DCN (-2 ) v3 0 1è 2009 C1 sco Systems . I nc
Clsco NX-OS Support and Configuration
Object Groups W ithin an ACL: PBACLS
N7O10-C1-C1-Podl-Red(confIg-s) # Ip access-lxst BIG-ACLN7010 Cl. Cl-podl-Redtconftg-s-acll# permat xp addrgroup ALLOWNETS anyN70l0-C1-C1-Podl-Red(conftq-s-acl)# deny tcp any any obnect-group BADPORTSN7010-C1-C1-Podl-Red(conf1g-s-acl)# deny tcp 10.200.1G 0/24 anyN7010-Cl-Cl-Podl-Red(config-s-ael)# deny tcp 10.200.11.0/24 anyN7010-Cl-Cl-POdl-Red(confxg-s-acl)# deny tcp 10.200 12.0/24 anyN7Ol0-C1.Cl-Podl-Red(confxg-s-acl)# deny tcp 10.200.:3.0/24 anyN7O1O-C1-Cl-Podl-Red(conf1g-s-ac1)# exit
NV0lQ-C1-Cl-Podl-Red(conftg-s)# znterface port-ehannel 1NV0I0-Cl-Cl-Pod1-Red(config-s-xf) # xp access-group BIG-ACL xnNVQ10-C1-C1-Podl-Red(conrzg-s-if)# exlt
1-364 Inlplementlng Clsco Data Center Netwtlrklng Infrastructure 2 ( DCNI-Z ) v3 O Bz' 2009 Clsco Systems. 1nc
A dm ission C ontrol
Mutual devlce authentlcatlon
Leverage 802. 1 X / EAP-FAST su;);)I,(;arltand Secure RADIUSInfrastructure . .
Automatlc suppllcant and :'' -k #authentlcator role ''7 '-'- h
j) d ,determination. . ?. K, ,4
Policy acquisition by both ).?. q s .(t ' .1 '.!Zs!t
. . . . 4 ;yauthentlcator and supplpcant. .. . ). '
Securlty association protocol 4. ,))rlogotlatos SOSSION MOYS arld C'rs
Clpher Suite. Authentlcator C koud
NDAC Devlce ExamplesIP Telephony ,RA.VPNS. IPSEC SSL 'Swllches 'RouterstNLAN APs and Controllers
1 -366 Implementlng Clsco Data Cenfer Networkfng Jnfrastructure 2 ( DC NI-2 ) v3.0 Lf ' 2009 Clsco Systems , fnc.
'x.k xNN- G n =
k ; ' , 4,07 rc)! (.? t.tt) tl
... ... ... ... .
U n (Arotknsil e'.1 1 I n k '''v '' m. S tch 1Y W1.- ...- )S ?vilch 2<c* - k, ï$
?4 .-.; ''.-jfe- /'
.-.:.- --. c Isco Trustsec! #
1-368 Irnplementpng Clsco Data Center Networklng infrastructure 2 (DCNI-Z ) v3.0 i: 2009 Cssco Syslems. Inc.
':u' 2009 Ctsco Systems. Inc Uslng the Clsco Nexus 7000 In Data Center Nelworks 1 -369
C Isco Trtlstsec provides kcp la bl6, access vIa topology-lnde pen delltgl ou r.'. tags referred tt:l as t'lt-s'l-sTh1-2' S(3TS rei.re'sia plt lc,g Ica 1 grou ps .'7f tss.e rs a n d.'c.1 servet s based onhak 1 rlg s I r'nlla I sets ':)f prrvllegesThe SGTS a I'e 1 6 blts (2 bktitzs,) suppcpdlng u p tc) 64 K (65. 536) Ioglca Ig l ou psP e I'-u se r SG Ts a f .z. n c.t rer- 43 n) rn ea d ed L'e c a use th 1 s .'k'c' u Id def ea t ttler? tI I'po- se of I oglc a 1 gro tl ps
2.r t)I .1 441; 1; Jt: r' . . . I . .
k '4k1) ) .'. 'Source Entltles Redtlced .l) ëàxï Ri 7 ânrl-ri
' , ; , ' : #ë, )(@ rf roI3q 46 to 4 ,'* . ' . . ' 1t.$ ..'. ; ',V $j
$ , M!:. ..,
'
.
'
.. .
'
.,,
'
i' ..,
'
''
jryy
'
.ll,,. , ..- 46 dll' -- 'C:? lj
1-370 Implementlng Clsco Data Center Networkrng Infrastruclure 2 (DCNI.2) v3.0 @ 2009 Clsco Systems. $nc
Endpoint Admission Control (EAC)Dynamic Security Group Tag (SGT) Assignment &SGACL Dow nload
r:- ' 7. ' J
1 :; t, .r .. . . r v , . r 1i or o '
; . . : 'I. .
:o7 7' -Q-.-.p '
. u
F ,t.13t L'. At ''l F$4 1:) 1 '.f Qpn ; klr.qt '
k? I k < lf hs I Ek lk /k () /h tttkt (./ /h tIt tl vkil L lr t k 'x CJ ;)
'L ; t)09 Clsco Syshems, lnc Uslng lbe Clsco Nexus 7000 ln Data Center Networks 1 .37 1
Endpoint Admission Control (EAC)Dynamic Security Group Tag (SGT) Assignment &SGACL Download
zl 1 ' ' Esf'r vt'l 1- .(;j ,)
. J . q . . s r vt.r pQa 7 L u ' 2 (s t.. k. .>.9 ..
?./
. Eï , ror: .. ,1!- E)1r f) c t c, r y F;t r..u 'r
1 8t)2 1 X Reques! OI'&ê rt z'ht S2 Fkadllls & AD Authc/ALltllz tlnaulhenllcated)! L I n k s LJ p Au ttlvf ) 1 rcated.1 S G T A
'
s:> I n ed s k! u rtlowrl
Endpoint Admission Control (EAC)Dynamic Security Group Tag (SGT) Assignment &SGACL Download
ç h (j L
T : l '..Q ..' 2 L :b( ïu, 'r 2
, . .s
p Ext, rrq. iI1 iJ0 2 1 14 Fîeq ues.l clsao ps( ' 7.1 risrectory Lae r vq .12 El atlktkl; ék /h C) /ktIll1('//ïk101/3 LIn ks tJp tirltaulylt.llllcaI1ed4 :5 (; 1' Jy s s1g n e d /y utjlofltlq ëate,db SGAC L Applled shlultjl.lwTl
*
1 -372 Implementlng C rsco Data Center Networking Infrastructure 2 ( DCN 1-2 l 73 O ç, 2009 Clsco Systems !nc
Data C onfidentiality
Hop-by-hlop Packet Confidentiality and lntegrity via IEEE802. 1AE
In tbe Clear In the Clear Clpher Data
8 ' ) x' 1 A E .F n 1. r k rIr(' ' ; 8th ;' 1 J$ E F: r)f r . '1I.f2 j
- r g re crypr E n ( G'ixt 'yg rypOn q ress On Eqf t) .Intt' :d) lnlt'l t t'
P t kerb fT' :1,( 802 1 A6L f: !t' r'yI''t' ' 1
*
1 -374 lmplementlng Clsco Data Center Networking lnfrastructure 2 (DCN I-2 ) v3.0 :') 2009 Clsco Systems, 1 nc
Conflgurlng Clsco Trustsec
Enabllng C Isco T rust-sec of1 an I nterfacetnEertace erhernet 271
cLs dotlx.' ohutdown
. I .' flïy silu Edown
Enabllng Ctsco Trust Sec for a VLANvlan 1t'
. v-ts role-based endorcement
E n a b I I ng C i sc o T ru st - S t? ('. f or a rlon -d ef a u I t V R F' vrf context TEJT
. ' . ats rcle-based enforcement
't ' 2009 Cisco Systenls , lnc. Uslng thta CI sco Nexus 7000 lo Data Center Networks 1 3 75
Role-Based A ccess Control
1-376 Im plementlng Cisco Data Center Networklng Infraslructure 2 (DCNI-Z J 73.0 %) 2009 Clsco Systems. Inc.
Sum m ary
Clsco Nexus 7000 and Clsco NX-OS Software 4.0 securityprovldes traffic integrlty. control plane protection access controladm ission control, and data confidentiality,
. DoS attacks present rapidly changing source IP addresses to thenetwork.
.' COPP is a distributed hardware-based feature that controls therate at which packets are allowed to reach the CPU.
ACL syntax improvements for better usability and manageabilityThe security association protocol negotiates session keys andcipher suites regularly.
Data confidentiality allows the network to contlnue to perform alIthe packet inspection features currently used.
1 -378 lmplementing Cisco Data Center Networklng lntrastructure 2 (DCN1-2) v3.O ,'& ' 2039 Clsco Systerns. lnc
Lesson 9
Troubleshooting
O verview
Objectives
K Dtzsk.' ri be t llc l'.t11 a 11:1 l 5. zt*r
. Dtascri bt. S P AN antl R h; P A N
Ethanalyzer: W ireshark in C isco NX -O S Soow are
The Ethanalyzer is a Cisco NX-OS protocol analyzer tool bastld on thc Wiresllark (fbrmcrlyknown as Ethereal) open source codc. Thc Ethanalyzer is a command-line version ol- Wiresharkthat captures alld dccodes packets, and can be used to troubleshoot the network and analyzccontrol-plane traffic.
Relationship to W ireshark . .Cisco NX-OS Soflware runs on top ofa L in ux ke rn el .
The Linux kernel supports packet 11capturing using the Iibpcap library. a l-C 5 2 2 : i --' i j i i i jW i
reshark decodes packets captured !i !! j :2 jë :E g Iithrough the Iibpcap Iibrary. 51 '! i ! :I . . gy j
; jj1.i ii : . .Ethanalyzer is a wrapper over Tshark. . i: !î t 16 j !11 i!ë t : (@ éi r!the terminal-based version of ,t u . . :: a $4
W ireshark '
*
C- 2009 Chsco Systems . 1 nc Uslng the CEsco Nexus 7000 In Dala Cerller Networks 1 -3135
SPA N and RSPA NT11ih topic describes Sïtitchttd Port Allal yzer ( SPAN à and Rcluotc SPAN ( RSPAN ) .
? ' -. . (. ... - . j . q r j . . o 1) .1 ' j . ... y.. j. i î ; . '2 -. ;;' ë S f ' j ( C7 ' L . . '! '&<.j j u . v . r v .,. w t z.s. . .. t b . 'k. ' ' @ .q 3..-* . t ' ' .
a . î k î . 7 k ': .. v .. . c . . t ,.7
SPAN Sum m ary
Switch
SPAN Source Port - â True Destination Port
SPAN Destination Pod
Copies Are Received Here
Yotl ca n create up lo 1 8 SPAN sesslfln b deslqflallncj sources anc dtnsrlrlatlonsio monltor buL orlly 1wo SPAN sesslorls lllaly be ruonlnq slfnkkltaneclusly
Yotl can usc the SPAN tltility to perfon'.n dctai lcd trotlbleshooting or to tak c a salnplc of tra fticfrol'n an ilpplication host for proacti vtl Inonitoring and analysis. l 1- yol.l cannot lix a problen'ltllrotlgh thc device cont-igtllztion. it can bc very usefttl to invcstigatc ftll-tlper tlsing a protocolallall'zcr to capttlrc protocol traces.
Lrsing tlle SPAN tlti l ity. you can inscn a protocol analyzer into thc network wi tllotlt disrtlpting1/O to and o'l'klnl tlle clld dcvictl. Thc SPAN tlti l ity is nondisrtlptis'c to ctlnncctu'd dcv iccs and i sfaci l itatcd in hardsvarc. prcvcnti ng tlnneccssary C'PIJ load,
SPAN al ltlw s yotl to creatc up to l (7 indcpendcnt SPAN scssions within tllc switcl). w ith eacl)session has'i ng up lo lbtlr tlniquc sourccs and ('nfc dcstination port. Fi lters also can bc applicd totlle capttlrc.
Tlle Cisco Ncxus 7()0() stlppol-ts thc fol low'i Ilg:
w Two bi d 1 rcc t 1 ol,al S PA N sessi ons per systeln '.
SPA N sourcc alld destination ex ist ()1) tllc sallle svvitcll
Twro scssions globa l 1y. not pcl'-vDC
* Scssion conliguration through submode
K V LA N s a nd Layer 2 and 3 i ntcrfac cs
K M ix of source types p. crlnitted in a si Ilglc session
w Virtual SPAN usi ng lrtlnk i nterlbccs as 111011 itor ports witl, al lowed V LAN 1 i sts
1-386 Implementing Cisco Data Center Networking Infrastructure 2 (DCNI-2) v3.O Q 2009 Cisco Systems, lnc.
. s . ..
o . .. . . ,j yj , ' j , g ,, 7 k k, L? t l . ?
. . . ) . ,s .); yj , ; q y yy). k 7 ' ; ' 1' ''
SPAN Sourcesv fthernet pods.w VLANS.
W hen a VLAN is specified as a SPAN source. aIl supportedLAN are SPAN sources.interfaces in the V
RSPAN VLANS.The in-bpnd interface to the control plane CPU. You can çnonitor thein-band Interfpce only from the defaust VDC. In-band trafflc from aIIVDCS is monltored.A pqrt cpnfigured as a source port cannot also be conflgured as adestlnabon port.An RSPAN VLAN can only be used as a SPAN source.
- lf you use the supervisor iq-band interface as a SPAN source, theIlowing packets are monltored:fo. All packets that arrive on the supewisor hardware (ingress).AIl packets generated by the supervisor hardware (egress).
Tllc illtcrfaces frollp w,h icll traft'ic call be I'non itored are called SPAN sotlrccb. Sotlrccs dcsignatctllc trallic to Inoni tor alld B lletllcl' to copy 1 llglvss. cgrcssn or bolll d il'ections of traftsc . SPANsoLll'ct?s illcludc thc fol low'i Ilg'.
K E thcrnklt pol'ts .
. N/' L A N s . BJ l'len :1 V LA N i s spt?c i fied as :1 S PAN sotlrckl- a l l s upportetl i 11 tcrfactls i 1) ( 11 tlN'LAN Cll'c SPAN sotlrces.
K R S P A N V L A N s .
. Tilk'? in-band iilterfactl to the ctllltrol planc C'PLI . s'ou can nAoni tor tllc in-band i nterfacc only1-1.(.3!11 tlltl dcfatllt V DC . l n-band traflic f'l4ll'n 81 11 VDCS 1 s l'nonitorcd.
S 13 A.N sotlrcc ports havc tlle folloïvi ng clparactcl'istics :
. aA port contigured as 81 sotlrctl porl cannol also bkl contigured as a tlestinatitln pol't .
. An RSPAN VLAN can on ly be tlsed as a SPA N sotlrce .
K l 1- yotl usc thc supcrvrisor in-band intcrfbce as a S PAN sottrce. tllc fol lovvillg packcts artll'non 1 tored '
@ 2009 Cisco Systems, Inc Uspng the Clsco Nexus 7000 In Data Center Netwocks 1-387
) ' . u ' j . . r t- .,' : ' . J . i . j R. IL ( .:; : : . s.s ? ' .
. ' ï ) . , z $ '' '' z .- .' .
. k :. : : î,. 1:r. é (.(). . x ,.. r'.. c . . () . l
SPAN DestinationsDestinations for a SPAN session include Ethernet ports or port-channel interfaces in either access or trunk m ode.
A port configured as a destination port cannot also be configuredas a source port.
' A destination port can be configured in only one SPAN session ata time .
' Destination ports do not participate in any spanning-tree instance.SPAN output includes BPDU Spanning-Tree Protocol hellopackets.
' An RSPAN VLAN can not be used as a SPAN destination.' You can configure SPAN destinations to inject packets to disrupta certain TCP packet stream in support of the intrusion detectionsystem (lDS).
SPAN dcstillations refcr to llle illtcrfaccs that Iuonitor sotlrcc ports. Deslination ports rcccivcthc copicd traftic 11.01'1'1 S PAN sources.
SPAN dcstination ports havc lhc fol lowing characleristics:
K Destinatiolls tbr a S PAN session include Iïthernct ports or port-cllannel intertb ccs in citllerJ.l CC CS !'i () 1' t 1'tl 11 k 131()t1 tl .
w A ptàrt con ligtlred as :1 dcslillat ion poll cannot also bc collfgtlred as a sotLrcc pol't.
* A destination pol4 can be colltigurcd in only one SPAN scss ion at a ti mc.
. Dcstination pol'ts do not partitlipatc in any spanning-trcc instance. SPAN output illcltldesBPDU Spanning-l-rce Protocol hcllo packcts.
* ,Al: RS PAN V LAN cannot be uscd as a S PAN tlcstination .
K Yotl can con figtlre SPAN desti Ilations to inj cct pack cts to disrtlpt a certain TCP packetstlvaln in stlpport oI- thc intrtlsion dctcction syslcm ( IDS).
*
h -383 lmplementlng Ctsco Data Center Networking lnfrastructure 2 (DCNl-2) v3.9 Q 2009 Cisco Systems, lnc.
.. . . . , :... f (( , , !) è r
SPAN Sources
(()r Both Directions)
Receive Traffic Transmit Traffic
Switch Switch.. . srmx
SourcePort
Tllc i'tli lovvillg S PA N soul'ccs arc supportcd:
* Sw' itch ports:
Access ports
Tl'tlnk ptlrts
Private VLAN ports
Pol-tcllannel s
K Rou ted 1 Iltcrl-aces:
K '$'' LA N s alld PVL A N s
w Stlpel'visor ill-balld illtcrface'
. N1 1 x o 1' i 11 tklrib ce types al lovved i n single sessi on '.
For cxal'nple. SPAN sotlrcc ot' V LAN 1 0 and i ntcrtbcc c l ,' l in Lxalllt? sklssitln
* R S P A N V L AN a s a S PAN sutss 1 on sou rce
@ 2009 Clsco Systems, lnc Using the Cfsco Nexus /000 In Data Center Networks 1-389
SPAN Destinations
(Or Both Drrectlons)
Recelve Traff'c Transmlt Trafflc
Switch Switch
S PANSourcePort
SPAN Destlnation SPAN DestinatlonPort Porl
1 -393 lrnplemenllng Clsco Data Center Networking lnfrastructure 2 (DCN1.2 ) v3 t) (l) 2009 Cisco Systems . Inc
SPAN Configuration ModeView and validate the SPAN session parameters.
sessxon 4
localup
E th 1#1 Eth 1/2E th )/1 E th1 /2E th1/1 E th 1/2
Legend t = totwar dw ng en abled 1 = 1ea rnznq e n able d
. . . r;g ....... ..... . ''. .. (. .. ..g < ..... '.. x;i ..= ...wv * .w.' ' Z
Virtual SPAN. Allows Per-VLAN hltering to a group ofSPAN destinations
' Single SPAN session with:
List of VLANS as source
Multiple destination ports. Each destination configured as trunk with different allowedVLAN Iist
Subset of SPAN VLANS sent to each destination
1 -392 Impiementrng Clsco Data Center Networkrng lnfrastruclure 2 ( DCN$.2 ) v3. :) Y. 2009 Clsco Systems. I nc
kqp 2009 Crsco Systems, Inc Ussnt) the Clsco Nexus T000 lrl Data Center Networks 1 -393
C isco NX-O S Softw are Troubleshooting Process
1-394 lmplementlng Clsco Data Center Networklng Infrastructure 2 (DCN1-2) v3.0 (()'.. 2009 Cisco Systems. 1nc
Maintain a conslstent Clsco NX-OS Software release across aIIyour devlces.
See the release notes for your Clsco NX-OS Software release forthe latest features, Iimltatlons, and caveats. See the C'sco NX-OSSoftware release notes at the following URL:
Enable system m essage Iogging.
Troubleshoot any new configuration changes after implementingthe change.
Gather inform atlon that defines the specific sym ptom s
Verify physical connectivity between your device and end devices.
Verify the Layer 2 connectlvity
Verify end-to-end connectivily and routing configuration .
After you have deternlined that your tfoubleshooting attem ptshave not resolved the problem contact Cisco TAC or yourtechnical support representative.
= 2009 Chsco Systems. fnc Uslng (he Clsco Nexus /000 fn Data Cenrer Netwsrks 1..395
1 .396 pmplementrng Clsco Data Center Networklng Infrastructurc 2 ( DC N I-2 ) v3 .0 tu ' 2009 Clsco Systems 1 nc.
Begin troubleshooting VDC issues by checking thefollowi ng issues f irst:
Vo cl %' t ha t y'ou a re logqt'?cl l!3 to the de vltle'? a E. rtetwf.l rk adnh 1 o I f vo u a rtlfirflalir'iin or rnodrfvlnq VDCS
Veno that yotp are In !h(' corret'k VDC You nlus! be Ir! lhe Uefault VDC toctlnfly u re $/ :) (; s'hze'rlfy lllatl yotz h a 9 / In stkhllerj th e /1(#k'k'9r)t'.e(J 1;e'h,l$ït7 o 11f'erl st) !kr cllrllrg ure'bl 3 C sVerlfy thal yot; aft'a r3ut alttE'rflial IrRlj tu f-ripctte Onore lllan t?l ree rnondefaulrVD C y
1 -393 lmplemenllng Clsco Data Center Networklng lnfrastructure 2 (DCN1-2) v3 () ti 2D99 Clsco Systems. ln(;
Begin troubleshooting port channel and trunklng issuesby checklng the following issues first:
Use the show port-channel compatibility-parameters command l() E1'ltatfsfrnpné' I'lorl-charlrlel reqtllrenAerlts
61 r 1 Su rti thlil ! /111 I n teff a C/S rn t h() ; )Of1 Cl1 a rlrle I ha vf' 1 he $a 1'r76. destl rlat I O!ldevlt;e Port chalhrlcls requlct? rlolrlt-to.ylolnl conl3ectlons lletween îtie same Zset of devdces
ktqrlfy tha! tzpther sldtl of a port cllanne''' ls conrlef.rf?rl to !he same rlurplrper ofIlnlerfaces
Verl % th a t each 1 pRte rl ace ks ctlrl neclelj !t7 t he s;i r4l t: t ype? or I rl le rface on t heo l1l e r sld e
Vttrlfy tbal ::111 requlred VLANS on a trutllk port are IIl tkle allowed VLAN Ils! IZI
1 -4 00 1 n) plem e ntl ng C Isl;o Da t a Center N e twork I rl g l nf ra stru ct u re 2 ( D C N I -2 ) v 3 . 0 fu-, 2 009 C I sco Sys! em s 1 nc
Begin troubleshooting VLAN Issues by checking thefollow ing issues first:
' ')*')ï. 'j.' j j.. y(j). - j.'lly : . , rl:Et . ' ') .. . . c'.. ù L .2 ( TL . 7
Vf:. r?f '/ the ;7'1 vslkral cchn rl kt''.ï !!k kt y ft'l r a r) '1 p ror)l f? rrl ports t'.lf V L A N s r7Vtar Ify lhak plt 1 ktave tlotLl erld devlqles rn 1he st3me VLAN F''lk/tf ' r l %' t h1 a ' a 1 ) 'f' J 7 r , va 1 e %.'' L. A N C; :) rl f I (; k I f ( 1 ( l C) T1 f1 fl I 1 a S S 'D C I a ! 1 ..3 r3 % LR C e C ID r T'O C ! U''''I
Begin troubleshooting STP issues by checking thefollowi ng issues f 1 rst'.
Verlfy lht! type of spannlng tretl configured on aII pods In your LAN U1'v'rtlrl % the r Jelwor i lfa poiog y rncl ud I ng a I I In terconnec ! cd porl S; a nd swltches r*1Veafy thi! pnmary afld seconflafy root nrlklqe aqd cir Iy conflf/ured Clsco STP C1eytiltlslorllu
1 -402 I mplementlnq Clsco Dala Center Networklrlg I nfraslructure 2 ( DCN I-2 ) v3 0 (C.' 2009 Clsco Syslems . Inc
Begin troubleshooting routing issues by checking thefoliowing issues first:
' tt % 71 ' J # . . .2 ' '. z . . . . ) . . ; .) . q .
Vtarlfy that Ihe roullnl; prolocol Is enabiod (ZVerlfy that 'fle addqasg famlly Is cornfigured If neq ussary F'lVerify that you tlave conflgured the cofrec! VR F (or your çoutlflf.i prolocol Z
1 -404 Implementlng Clsco Data Center Networkrng lnfrastructure 2 ( DCNl-2 ) v3 0 'u 2009 Clsco Systems. pnc
Sum m ary
Fthanalyzer is a wrapper over 'Fshark. the terrninal-based versionof W ireshark.
SPAN can be used to perform detailed troubleshooting or to takea sam ple of traffic from an applicatlon host for proactivem onitorlng and analysis
A detailed troubleshooting process has been described that wlllidentify many comm on configuratlon and performance problernsrelated to the Cisco Nexus 7000 and Cisco NX-OS Software.
'v 2009 Clsco Systems . tnc. Us1 n: the C Isco Nexus rO0O ln Dala Centef Networks 1 -405
1 -406 Implementlng Cpsco Data Center Networkpng lnfrastructure 2 ( DCN 1-2) v3 0 Cç) 2009 Cpsco Systems. I nc
