Cisco networkers 2009 session BRKDCT 2951 deploying nexus 7000 in data center networks DDU

agg1b agg1a agg1b agg1a VTP L3 link L2 trunk L3 Channel L2 Channel L3 link L2 trunk L3 Channel VLAN Trunking Protocol VTP ƒ Implement VTP off mode if all other switches are already in

Deploying Nexus 7000 in

Data Center Networks

BRKDCT-2951

Prerequisites : Session Abstract

ƒ This session is targeted to network administrators and operators

who have deployed or are considering the deployment of the

Nexus 7000 The session starts with a brief introduction to the

Nexus 7000 hardware components and NX-OS software followed

by a brief design discussion how the Nexus 7000 can be inserted

into existing as well as green field data centers environments The focus of the presentation is moving to best practices of areas like

environmental, Layer 2 & 3 protocols, high availability and system management aspects Lastly the session will step through a

migration example that will outline a step by step how-to While CLI differences between IOS switching platforms and NX-OS on the

Nexus 7000 are covered, troubleshooting is not part of this

presentation’s scope.

ƒ Attendee should have a basic knowledge of the Nexus 7K

hardware and software platform as well as solid knowledge of L2

and L3 protocols.

Associated Sessions/Labs

Center - BRKDCT-2961

Agenda

ƒ Hardware and Software Overview

Hardware Overview

7010 Chassis

slots

utilizing 2 system fan trays

and 2 fabric fan trays

insert vertically

Front view Rear view

Hardware Overview

7018 Chassis

Front view Rear view

slots

utilizing 2 system fan trays

insert horizontally

Hardware Overview

Supervisor Module

processor with 4GB DRAM

lights-out management via dedicated 10/100/1000 Ethernet

compact flash slots

Hardware Overview

Fabric Modules

ƒ Fabric module is unique to chassis type, 10-slot and 18-slot fabric are not interchangeable 10-slot fabric insert horizontally, 18-slot

fabric insert vertically.

ƒ Provide 46Gbps per I/O module slot

Two 23G channels per I/O slot One 23G channel per supervisor slot

ƒ Up to 230Gbps per slot with 5 fabric modules

ƒ 3 fabric modules provides N+1 redundancy with current I/O

modules

N7K-C7018-FAB-1=

ƒ Common power supplies for both 7010 and the 7018

ƒ Dual Inputs per power supply (220v and 110v)

ƒ 20A circuit for 6000W PS and 30A circuit for 7500W PS

ƒ Hot swappable for availability and migration

ƒ Use power calculator in planning power requirement

Nexus 7010 System Fan Tray Nexus 7010

Nexus 7018 System Fan Tray

Hardware Overview

Fan Trays

fabric fans (fully redundant)

plus the 5 fabric modules The bottom fan tray cools

slots 10-18.

NX-OS Overview

Comprehensive L2 and L3 Feature Set SAN switching (Storage protocols)

(Possible Future) Layer-3 Protocols

Interface Management Chassis Management

OSPF BGP EIGRP

GLBP HSRP VRRP

VSANs Zoning FCIP FSPF IVR

UDLD CDP 802.1X

IGMP snp

LACP CTS PIM SNMP

Other Services

Future Services Possibilities

…

…

Protocol Stack (IPv4 / IPv6 / L2)

NX-OS Overview (Cont.)

Highly Scalable Unprecedented Uptime

Perform Maintenance Anytime (In-Service Software Upgrade)

Industry First Virtualized Network OS

No interaction with the neighbor to recover the state

Agenda

ƒ Common Data Center Designs

Data Center Common Topology 1

Core2 Core1

L2 Channel L3 link L2 link

Access Layer

Core Layer

Edge Layer

L2 L3

L2

Data Center Common Topology 2

L2 L3

L3

agg1b agg1a

L2

aggNb aggNa

L2 Channel L3 link L2 link L3 Channel

Full featured 10G density for aggregating 10G top of rack and 10G blade servers

10G Aggregation

Density

Agg Layer Nexus

7000

Top of Rack

Blade Servers

7000

As virtualization drives host I/O utilization, 10G to

the host requirements are becoming reality

Access 1G/10G

to the Host

Access Layer Nexus

7000

Agg Layer Nexus

7000

Enables new Ethernet capabilities such

as lossless Ethernet, L2 multipathing, and

FCoE

Data Center Ethernet (DCE) (future)

Unified Fabric

LAN SAN

IPC Nexus 7000 Series

Insertion Points/Needs

DC Topology 1

Inserting Nexus 7K in the core

Core2 Core1

L2 Channel L3 link L2 link L3 Channel

L2 L3

L2

DC Topology 1

Inserting Nexus 7K in the Core With VPC

Core2 Core1

L2 Channel L3 link L2 link L3 Channel

VPC

L2 L3

L2

DC Topology 2

Insert Nexus 7K in the Aggregation With VPC

L2 L3 L3

L2

aggNb aggNa

L2 Channel L3 link L2 link L3 Channel

…

DC Topology 2

Insert Nexus 7K in the Aggregation With VDC

devices by utilizing VDC

security zones.

L2 L3 L3

L2

L2 Channel L3 link L2 link L3 Channel

VDC 2b

VDC 2a

VDC 1b

VDC 1a

VDC 2b

VDC 2a

Core2

VDC 1b

VDC 1a

Core1

…

Agenda

ƒ Implementation Best Practices

Implementation Best Practices

Environmental Considerations

Power Redundancy Mode

Static: 2000 lbs Dynamic: 1500 lbs

for NEBS)

Airflow and Cable Management

ƒ For hot-aisle cold-aisle design,

cabinets can be used to converts

7018 to front to back air cooling

ƒ 7018 requires 11” space on both

sides

ƒ Route cables on the left front or

right front side of the 7018 to

leave the right and left rear side

unobstructed

ƒ Optionally, install fiber I/O

modules on the outside slots and

copper I/O modules on the inside

slot on 7010

7010 chassis

7018 chassis

Implementation Best Practices

Layer2 and Layer3 Features

agg1b agg1a

agg1b agg1a

VTP

L3 link L2 trunk L3 Channel

L2 Channel L3 link L2 trunk L3 Channel

VLAN Trunking Protocol (VTP)

ƒ Implement VTP off mode if all

other switches are already in

transparent mode

ƒ Configure VTP transparent

mode if VTP domain needs to

extend across Nexus 7K

switches

ƒ Implement consistent STP mode

for all switches in the L2 domain

ƒ Dispute Mechanism is enabled

by default to detect

unidirectional link failure

agg1b agg1a

Si

Access1

Primary Secondary root

Dispute Mechanism

Dispute Mechanism

Primary Secondary root

Access2

L2 Channel L3 link L2 trunk L3 Channel

agg1b agg1a

Si

Access1

Bridge Assurance Loopguard

Bridge

Assurance

Network Port Type

Network Port Type

Network Port Type

BPDU-guard

Access2

Edge Port Type

Edge Port Type

Normal Port Type

L2 Channel L3 link L2 trunk L3 Channel

L2 access

Cat6500 supports BA from 12.2(33)SXI onwards

Spanning-tree (Cont.)

ƒ Configure port type “network”

or Bridge Assurance (BA) on

the interfaces only if feature

is supported on both side of

switches,

ƒ Enable loopguard globally on

access switch if BA is not

supported

ƒ Configure port type “edge” or

STP portfast on host ports

globally

N7010-2 %ARP-2-DUP_SRC_IP: arp [25537] Source address of packet received from

001b.54c2.aec4 on Vlan2(port-channel1) is duplicate of local, 10.4.2.2

N7010-2 %STP-2-DISPUTE_DETECTED: Dispute detected on port port-channel1 on VLAN0002.

N7010-2 %STP-2-DISPUTE_CLEARED: Dispute resolved for port port-channel1 on VLAN0002.

N7010-2 %ARP-2-DUP_SRC_IP: arp [25537] Source address of packet received from

001b.54c2.aec4 on Vlan2(port-channel1) is duplicate of local, 10.4.2.2

EtherChannel

ƒ Configure Link Aggregation Control

Protocol (LACP) for L2 and L3

port-channel to detect mis-configuration

ƒ On/On for L3 port-channel (tradeoff

between HA and performance)

ƒ Mis-matching (L2 port-channel) will

be detected by the dispute

mechanism

agg1b agg1a

Si

Access1

UDLD normal mode

UDLD Aggressive mode

UDLD Aggressive mode

UDLD normal mode

UDLD normal mode

UDLD normal mode

L2 Channel L3 link L2 trunk L3 Channel

UniDirectional Link Detection (UDLD)

on L2 switch-to-switch

interfaces

L2 and L3 port channel

member ports to avoid traffic

black-hole

Virtual Port-Channel (VPC)

port channel across two upstream

switches

VPC (Cont.)

ports (port channels) that form a VPC

between the VPC peers and the

downstream device

between VPC peer devices, must be

10GbE

the status of VPC peer devices,

i.e., backup to the VPC peer-link

protocol, used for state

synchronization and configuration

validation between VPC peer devices

VPC Peer-link

Keepalive link

agg1b agg1a

Access2 Access1

VPC

CFS Protocol vPC

member port

VPC member

L3 link L2 trunk L3 Channel

Core1 Core2

VPC Peer-link

Keepalive link

agg1b agg1a

Access2 Access1

Network Type

UDLD Aggressive

UDLD Aggressive

Bridge Assurance

VPC Secondary VPC Primary

L2 Channel L3 link L2 trunk L3 Channel

VPC Best Practices

ƒ Manually define VPC primary

and VPC secondary switch

ƒ Form L2 channel with diverse

10GE modules for VPC

peer-link w/ ports in dedicated mode

ƒ Form L3 channel with diverse

GE modules for VPC peer

keepalive link (non-default VRF)

ƒ Enable BA on VPC peerlink

interface (default)

ƒ Enable UDLD aggressive on

VPC peerlink interface

VPC Best Practices (Cont.)

ƒ Align STP root, HSRP active

router and PIM DR with VPC

primary switch

ƒ Align STP secondary root,

HSRP standby router with VPC

secondary switch

ƒ By eliminating L2 loops with

VPC, BA and Loopguard are

not needed on access switches

ƒ Enable spanning-tree port type

edge on host ports

ƒ Enable spanning-tree

Access2 Access1

STP primary root HSRP Active PIM DR

STP secondary root HSRP Standby

Edge Port Type

Edge Port Type

BPDU-guard

L2 Channel L3 link L2 trunk L3 Channel

L2 access

Core1 Core2

VPC PL

VPC PKAL

Secondary primary

Access2 Access1

Shut down VPC ports

Detects VPC peer-link failure

10GE

10GE

L2 Channel L3 link L2 trunk L3 Channel

VPC With Single 10GE I/O Module

Common Layer-3 Features

avoid unnecessary network convergence during

supervisor failover

improve IGP convergence over L2 cloud

IOS default is 100M and NX-OS default is10G

plane load and FHRP timers should not be tuned to

less than 1 sec hello and hold 3 sec hold timer

routing authentication, route summarization and

preemption delay

Implementation Best Practices

System Management

Nexu7K# checkpoint checkpt1

Processing the Request Please Wait

Done

Nexus7K# show diff rollback-patch running-config checkpoint checkpt1

Processing the Request Please Wait

Nexus7K# config t

Enter configuration commands, one per line End with CNTL/Z.

………

Nexus7K# rollback running-config checkpoint checkpt1

Processing the Request Please Wait

Generating the Rollbackpatch Please Wait

Executing the patch Please Wait

<Snip>

Successfully executed patch

Configuration Rollback

Notifying services about system upgrade.

[# ] 0% FAIL Return code 0x412A0007 ((null)).

Cannot proceed with ISSU, BGP ISSU config check failed

In-Service Software Update (ISSU)

ƒ Non-Stop forwarding during system upgrade

ƒ ISSU needs to be performed between ISSU compatible

releases Refer to release notes for more information

ƒ Active supervisor can not switchover to the standby

supervisor with active config sessions Save, commit or

abort all configuration sessions before ISSU

ƒ Active supervisor can not switchover to standby supervisor if BGP graceful restart is disabled or BGP hold timer tuned to

less than switchover time

NX-OS 4.1 release notes:

EPLD Upgrade

provide hardware functionalities on the I/O modules

from ISSU.

be power down during upgrade)

release notes page for more information

EPLD release notes:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/epld/epld_rn.html

Virtual Device Context (VDC)

as the administrative VDC for other non-default VDCs

accomplish operational tasks on default VDC (example: VDC-admin instead of Network-admin)

system can be modified to “restart” or “bringdown”

Agenda

ƒ Case Study – Data Center Migration

Core2 Core1

L2 L3 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

Data Center Migration Tasks

ƒ Replace core switches with Nexus 7K

ƒ Replace aggregation switches with Nexus 7K

ƒ Implement VPC in aggregation layer

ƒ Convert port-channel in access layer to Multi-Chassis

EtherChannel (MCEC)

ƒ Deploy service switches

Access> (enable) set spantree mode rapid-pvst+

Access> (enable) set channelprotocol lacp <module>

Access> (enable) set port lacp-channel <port range>

Access> (enable) set port lacp-channel <port range> mode active

Access> (enable) set spantree mode rapid-pvst+

Access> (enable) set channelprotocol lacp <module>

Access> (enable) set port lacp-channel <port range>

Access> (enable) set port lacp-channel <port range> mode active

Configuration for access layer switches (CatOS)

Single-Phase Migration

ƒ Migration performed in a single maintenance window

ƒ Build-out new network (core, aggregation and service

switches) with interim access switches using same IP

address’

ƒ Perform network acceptance testing with test servers

ƒ Move devices from existing core to new core switches

ƒ Convert STP mode on access switches to RSTP

ƒ Configure 4 port MCEC on access switch to new

aggregation switches using LACP

Core2 Core1

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

Multiphase Migration

ƒ Migration performed over multiple maintenance windows

ƒ Build-out new network (core, aggregation and service

switches) with interim access switches using

non-overlapping IP address’

ƒ Perform network acceptance testing with test servers

ƒ Interconnect existing core to new core using L3 links

ƒ Migrate edge connection to new core

ƒ Interconnect existing aggregation switches to one of the new aggregation switches using L2 links with MCEC

ƒ Migrate access switches to new aggregation switches (STP

mode, MCEC)

Core2 Core1

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

Core1

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

Multiphase Migration

Move Edge Devices to New Core Switches

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

Edge1

Core2 Core1

Edge2

Multiphase Migration

Connect Existing Aggregation to New Core

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

L2 access

L3

L2 L3

Edge1

agg1b

Core2 Core1

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

L2 access

L3

L2 L3

Edge1

agg1b

Core2 Core1

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

agg2b agg2a

L2 access

L3

L2 L3

Edge1

agg1b

Core2 Core1

L2 L3

L2

L2 Channel L3 link L2 trunk L3 Channel

Agg1a

Edge2

Agg2b Agg2a

Multiphase Migration

Complete Migration

Hardware and Software

Core

Aggregation

1 2 3 4 5 6 7 8 9 10

N 7 K - M 1 3 2 X P - 1 2

N 7 K - S U P 1

N 7 K - S U P 1

1 2 3 4 5 6 7 8 9 10

N 7 K - M 1 3 2 X P - 1

N 7 K - S U P 1

N 7 K - S U P 1

N 7 K - M 1 3 2 X P - 1

N 7 K - M 1 4 8 G T - 1 1

N 7 K - M 1 4 8 G T - 1

N 7 K - M 1 4 8 G S - 1

N 7 K - M 1 4 8 G S - 1 1

Inter-Switch Links (Core)

ƒ Current

4 port L3 GEC

ƒ New

2 port L3 10GEC

Inter-Switch links (Aggregation)

agg1b agg1a

agg1b

Access2 Access1

Access2 Access1

Uplink (Access to Aggregation)

ƒ Current

Two 2-port L2 GEC uplinks One port forwarding and one blocking

ƒ New

One logical L2 MCEC Traffic hashed over MCEC

HSRP Pri OSPF100

HSRP Sec OSPF110 HSRP Pri OSPF100 HSRP Pri OSPF100 HSRP Sec OSPF100 HSRP Sec OSPF100

agg1b agg1a

L2 Channel L3 link L2 trunk L3 Channel

Uplink (Aggregation to Core)

ƒ Current (Catalyst 6K)

Transparent mode Define VLAN locally

Off (default) Define VLAN locally

switchport channel-group 1 mode active

Nexus7K(config-if-range)#

no switchport channel-group 4

switchport switchport access vlan <vlan>

switchport mode access

6500(config-if)#

switchport switchport access vlan <vlan>

switchport mode access

Nexus7K(config-if)#

switchport switchport access vlan <vlan>

switchport mode access

Nexus7K(config-if)#

switchport switchport access vlan <vlan>

switchport mode access

Switchport Access

ƒ Current (Catalyst 6K)

Switchport Mode access Access VLAN

Switchport Mode access Access VLAN