Configuring Nexus VPC - Part 1: Configure Vlans

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 2

CONFIGURING NEXUS VPC – PART 1

My favorite command in all of NX-OS – no feature vpc

Kidding! It’s actually not that bad once you’re aware of how it works, what are the caveats, and how to
troubleshoot if you run into an issue. There are an incredible amount of excellent vPC guides out there
that I highly recommend you read, such as the vPC Best Practices Design Guide on Cisco.com. Below are
some of my notes on setting vPC up in preparation for my next lab study – OTV (hint hint). I’m assuming
you have already read the configuration guides and have a general understanding of vPC.

The topology for this lab is detailed here.

I’ll be following these steps to configure vPC:


1. Configure VLANs
2. Configure Spanning-tree
3. Enable LACP feature
4. Enable vPC feature
5. Configure vPC Peer-keepalive
6. Configure the Port-channel for vPC Peer-link
7. Configure vPC domain
8. Enable vPC peer-link
9. Configure a vPC member

Let’s begin!

1. Configure VLANs
In this lab, I’m configuring a couple of VLANs that I plan to ultimately OTV in the future.

vlan 10
name VLAN10-SERVERS
vlan 11
name VLAN11-SERVERS

2. Configure Spanning-tree
# Good to know - this is the default STP configuration:
spanning-tree mode rapid-pvst
spanning-tree pathcost method short
no spanning-tree port type edge default
no spanning-tree port type network default
spanning-tree bridge assurance
no spanning-tree loopguard default
spanning-tree fcoe

# Recommended best practices is to configure bpdu protection defaults for edge ports.
# Configure a port type as "edge" and bpdu protections will be enabled!
spanning-tree port type edge bpduguard default
spanning-tree port type edge bpdufilter default

# Spanning-tree priority must match exactly for vPC peer-switch to function, which
we'll be enabling later.
spanning-tree vlan 10,11 priority 0

MST can be configured to add flexibility, or, for hybrid environments with STP-attached devices (non-
vPC), you can configure spanning-tree pseduo-information for load-balancing. I won’t be doing this in
the lab yet, but still good to know (especially for an exam). Here is an example from the vPC Best
Practice Guide:

3. Enable LACP and vPC features (required


for vPC)
feature lacp
feature vpc

4. Configure vPC Peer-keepalive


The vPC peer-keepalive is just that – a keepalive. It’s used to guarantee both peer devices are up and
available before forming the vPC domain. It’s also used to detect split-brain scenarios when a peer-link
fails. The last thing you want is both peers active with no real-time synchronization between them.
When a vPC peer-link fails, the vPC peer-keepalive is leveraged to tell the secondary peer device to shut
down it’s vPC member ports.

In a perfect production environment, it’s best to use a Layer-3 port-channel across two line cards. Not
everyone has a perfect environment, maybe you don’t have any M1 ports left, maybe you have routing
limitations (F1-F2), use your imagination – so I’m going to show a couple of other methods that you can
use to get the vPC peer-keepalive functioning.

On Mars, I’m going to use the management interface for the vPC peer-keepalive. Do not directly connect
this to the other Nexus 7K if you want Supervisor failover to function without destroying vPC. You can
route across your L3 infrastructure as a last resort, but I strongly recommend you always connect this
via a separate L2 switch.

MARS-CORE-7K-1:

interface mgmt0
vrf member management
ip address 10.20.0.14/24

You might also like