Pages

7.24.2013

Cisco Nexus - Part 4.2 - Virtual Port-Channel (vPC) Configuration

Now lets get to the fun part, configuration of vPC!

There are several steps needed to setup a vPC domain and add devices to a vPC.
1) configure vPC domain
2) configure peer-link
3) configure peer-keepalive link
4) add ports to the vPC

Lets break these steps down and go over some of the details in each.


Here is the setup I will be using for this example. All configuration and port assignments are mirrored between the N5ks. I highly recommend your setup is mirrored between switches as any change will need to be configured on both switches of the vPC domain. Mirroring your setup will greatly simplify configuration and any future changes.

Yes I know about config-sync but I have heard too many horror stories with bugs and engineers battling config-sync. I prefer the simple approach, copy/paste from notepad.
Since the configuration is identical for both N5ks I will only show config samples from one N5k. Keep in mind though, that all configuration must be completed on both switches in the vPC domain.


Enable vPC service

First things first, just like many other features in NX-OS we must enable the vPC feature before we can configure vPC.



Configure vPC domain

Now we can configure the vPC domain with the vpc domain [domain-id] command. The domain-id must match on both peers.


Priority is used to elect the vPC domain primary. Keep in mind this election is not preemptive. Lowest priority value wins. Also you should always try and keep your STP root bridge and vPC primary on the same peer.

Under the vpc domain there are multiple options you can add. Here are several that are highly recommended.


System-priority: Used by the vPC domain to establish a priority for LACP primary election. It is recommended to have the switch handle the primary role. Nexus defaults to 32667 and the highest priority value takes on the primary role.

peer-switch: Both peers will represent the STP root bridge for the vPC domain. This allows smoother convergence during a peer failure.

peer-gateway: When providing L3 features (such as HSRP gateways) both peers are able to forward traffic and respond based on both peers physical mac address instead of just their own. Without this feature some devices such as load-balancers and storage devices do not pass traffic properly through the vPC.

reload restore or peer-config-check-bypass (some N5k): This feature allows you to make modifications to vPC ports while the peer-link is down. Without this activated new vPC ports will not go up/up until the peer-link is restored.

Configure vPC Peer Link

This step is pretty straight forward. Use the vpc peer-link command to active the link (preferably a redundant port-channel) as the peer-link. Also note, for a VLAN to be active on the vPC it must be allowed across the peer-link.


Configure vPC Peer-keepalive Link

For this setup I'm using the management VRF and the mgmt0 interface for the peer-keepalive link. For N7ks you can not use a direct point-to-point link between mgmt0 interfaces. N5ks are fine to use a point-to-point link.

First make sure we can ping the other end of the peer-keepalive to make sure communications are up. Dont forget to source it from the proper VRF.


Good, now we can setup the peer-keepalive link.


Check to make sure the peer-keepalive is up.


Now we should be able to check the vPC domain status to make sure everyone is happy. You will notice at the bottom, the peer-link is up and the VLANs allowed on the peer-links (above) show up as active VLANs. But we still do not see any vPCs configured.


If you are getting errors then you can check for consistency errors with show vpc consistency-parameters. Everything should match on both peers or a consistency error will show up in the peer status above.


vPC Ports

Assigning a vPC is  simple. Below I will assign FEX 101 (Po101) to vPC 101 and FEX 102 (Po101) to vPC 102.


For host vPC you would just configure the Ethernet host ports for the vPC instead of the FEX uplink ports.

It will take a couple minutes for the vPC to sync and then you will see your vPCs online.


And that is it! Your FEX ports will now show up as interfaces on both N5ks. Dont forget any configuration you make to a vPC interface needs to be mirrored on both N5ks.

Here are some useful show commands for troubleshooting a vPC setup.
show fex
show vpc brief
show vpc consistency-parameters global
show vpc consistency-parameters int port-channel 1

Next up I will breakdown the common failure scenarios in a Nexus vPC environment.