| 通过最佳实践了解和配置 Nexus 9000 vPC | 您所在的位置:网站首页 › 思科vss MAC › 通过最佳实践了解和配置 Nexus 9000 vPC |
通过最佳实践了解和配置 Nexus 9000 vPC
|
简介
本文档介绍 Cisco Nexus 9000 (9k) 系列交换机上用于虚拟端口通道 (vPC) 的最佳实践 先决条件 要求 vPC 需要 NX-OS 许可证 基础 NX-OS 软件许可证包括 vPC 功能。此基础许可证还包括热备份路由器协议 (HSRP)、虚拟路由器冗余协议 (VRRP)、链路汇聚控制协议 (LACP)。 开放最短路径优先 (OSPF) 协议或中间系统到中间系统 (ISIS) 协议等第 3 层功能需要 LAN_ENTERPRISE_SERVICES_PKG 许可证。 使用的组件本文档中的信息基于以下软件和硬件版本: 运行版本 10.2(3) 的 Cisco Nexus93180YC-FX 运行版本 10.2(3) 的 Cisco Nexus93180YC-FX本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
vPC 交换矩阵对等连接提供增强型双宿主接入解决方案,无需为 vPC 对等链路浪费物理端口,从而避免产生相应开销。 背景信息本文档适用于: Nexus 9k vPC 使用 Vxlan 的 vPC vPC 交换矩阵对等连接 双侧 vPC 双侧虚拟 vPC本文档还介绍了与 vPC 相关的服务中软件升级 (ISSU) 操作,并提供了有关最新 vPC 增强功能(延迟恢复、网络虚拟接口 [NVE] 接口计时器)的详细信息。 vPC 说明和术语vPC 是一种虚拟化技术,用于使两台 Cisco Nexus 9000 系列配对设备对接入层设备或终端呈现为一个唯一性第 2 层逻辑节点。 vPC 属于多机箱 EtherChannel (MCEC) 技术系列。利用虚拟端口通道 (vPC),可以使以物理方式连接到两台不同 Cisco Nexus 9000 系列设备的链路对第三台设备呈现为单个端口通道。 第三台设备可以是交换机、服务器或支持链路汇聚技术的任何其他网络设备。 vPC 的技术优势vPC 具有以下技术优势: 消除生成树协议 (STP) 阻塞端口. 使用所有可用的上行链路带宽. 允许双宿主服务器在主用/主用模式下运行. 在链路或设备发生故障时提供快速收敛. 为服务器vPC提供双活动/活动默认网关。还利用端口通道技术提供的本地水平分割/环路管理:数据包到达的端口通道不能立即退出同一端口通道。 vPC 的运维和架构优势通过使用 vPC,用户可立即获得以下运维和架构优势: 简化网络设计. 构建恢复能力强且稳健的第 2 层网络. 实现无缝虚拟机移动性和服务器高可用性集群. 扩展可用的第2层带宽,增加对分带宽。 扩大第 2 层网络的规模.
vPC 通过以下方法同时利用硬件和软件冗余特性: vPC 使用所有可用的端口通道成员链路,以便在单个链路发生故障时,散列算法将所有流量重定向到可用链路。 vPC 域由两台对等设备组成。每台对等设备处理一半来自接入层的流量。如果一台对等设备发生故障,另一台对等设备会在最大程度地减少收敛时间影响的情况下吸收所有流量。 vPC 域中的每台对等设备都运行各自的控制平面,并且两台设备均独立工作。任何潜在的控制平面问题都仅限于对等设备本地,而不会传播或影响另一台对等设备。从 STP 的角度来说,vPC 可以消除 STP 阻塞端口并使用所有可用的上行链路带宽。STP 用作故障安全机制,并且不指定用于 vPC 连接设备的第 2 层路径。 在 vPC 域中,用户可以通过多种方式连接接入设备:通过端口通道利用主用/主用行为的 vPC 连接、包括 STP 的主用/备用连接,以及在接入设备上运行的不带 STP 的单个连接。 配置 vPC EVPN VXLAN 网络图
在图中,主机连接到一对具有 vPC 域 ID 的 Nexus 9000 交换机,但主机配置的交换机本身不运行 vPC。接入交换机/主机在不了解 vPC 的情况下将上行链路注册为简单端口通道。 Leaf-1vlan 2vn-segment 10002vlan 10vn-segment 10010route-map PERMIT-ALL permit 10 vrf context testvni 10002rd autoaddress-family ipv4 unicastroute-target both autoroute-target both auto evpninterface nve1 no shutdownhost-reachability protocol bgpsource-interface loopback1member vni 10002 associate-vrfmember vni 10010suppress-arp mcast-group 239.1.1.1 interface loopback0ip address 10.1.1.1/32ip router ospf 100 area 0.0.0.0ip pim sparse-modeno shutdown interface loopback1ip address 10.2.1.1/32ip router ospf 100 area 0.0.0.0ip pim sparse-modeno shutdown Leaf-2vlan 2vn-segment 10002vlan 10vn-segment 10010route-map PERMIT-ALL permit 10 vrf context testvni 10002rd autoaddress-family ipv4 unicastroute-target both autoroute-target both auto evpn interface nve1no shutdown host-reachability protocol bgpadvertise virtual-rmacsource-interface loopback1member vni 10002associate-vrf membervni 10010suppress-arp mcast-group 239.1.1.1 interface loopback1ip address 10.2.1.4/32ip address 10.2.1.10/32 secondaryip router ospf 100 area 0.0.0.0ip pim sparse-modeicam monitor scale interface loopback0ip address 10.1.1.4/32ip router ospf 100 area 0.0.0.0ip pim sparse-modeno shutdown Leaf-2(config-if)# show run vpcfeature vpc vpc domain 1peer-switchpeer-keepalive destination 10.201.182.26 source 10.201.182.25peer-gatewayip arp synchronizeinterface port-channel10vpc peer-link interface port-channel20vpc 20 Leaf-3vlan 2vn-segment 10002vlan 10vn-segment 10010route-map PERMIT-ALL permit 10 vrf context testvni 10002rd autoaddress-family ipv4 unicastroute-target both autoroute-target both auto evpn interface nve1no shutdown host-reachability protocol bgpadvertise virtual-rmacsource-interface loopback1member vni 10002associate-vrf membervni 10010suppress-arp mcast-group 239.1.1.1 interface loopback1ip address 10.2.1.3/32ip address 10.2.1.10/32 secondaryip router ospf 100 area 0.0.0.0ip pim sparse-modeicam monitor scale interface loopback0ip address 10.1.1.3/32ip router ospf 100 area 0.0.0.0ip pim sparse-mode Leaf-3(config-if)# show run vpcfeature vpc vpc domain 1peer-switchpeer-keepalive destination 10.201.182.25 source 10.201.182.26peer-gatewayip arp synchronize interface port-channel10vpc peer-linkinterface port-channel20vpc 20 Spine-1interface loopback0ip address 10.3.1.1/32ip router ospf 100 area 0.0.0.0ip pim sparse-mode Host-1interface Vlan10no shutdownvrf member test ip address 172.16.1.101/25 Host-2interface Vlan10no shutdownvrf member test ip address 172.16.1.102/25 验证使用本部分可确认配置能否正常运行。 ip interface Status for VRF "test"(3) Interface ip Address Interface StatusVlan10 172.16.1.102 protocol-up/link-up/admin-up HOST-B(config)# ping 172.16.1.101 vrf testPING 172.16.1.101 (172.16.1.101): 56 data bytes64 bytes from 172.16.1.101: icmp_seq=0 ttl=254 time=1.326 ms 64 bytes from 172.16.1.101: icmp_seq=1 ttl=254 time=0.54 ms 64 bytes from 172.16.1.101: icmp_seq=2 ttl=254 time=0.502 ms 64 bytes from 172.16.1.101: icmp_seq=3 ttl=254 time=0.533 ms 64 bytes from 172.16.1.101: icmp_seq=4 ttl=254 time=0.47 ms --- 172.16.1.101 ping statistics ---5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 0.47/0.674/1.326 ms HOST-B(config)# IP Interface Status for VRF "test"(3) interface IP Address Interface StatusVlan10 172.16.1.101 protocol-up/link-up/admin-up Host-A(config-if)#Host-A(config-if)# ping 172.16.1.102 vrf testPING 172.16.1.102 (172.16.1.102): 56 data bytes 64 bytes from 172.16.1.102: icmp_seq=0 ttl=254 time=1.069 ms 64 bytes from 172.16.1.102: icmp_seq=1 ttl=254 time=0.648 ms64 bytes from 172.16.1.102: icmp_seq=2 ttl=254 time=0.588 ms 64 bytes from 172.16.1.102: icmp_seq=3 ttl=254 time=0.521 ms 64 bytes from 172.16.1.102: icmp_seq=4 ttl=254 time=0.495 ms --- 172.16.1.102 ping statistics ---5 packets transmitted, 5 packets received, 0.00% packet loss round-trip min/avg/max = 0.495/0.664/1.069 ms Host-A(config-if)# 故障排除本部分提供的信息可用于对配置进行故障排除。 Leaf-2(config-if)# show vpc bri 说明: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 1Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status : success Per-vlan consistency status : success Type-2 consistency status : success vPC role : primary Number of vPCs configured : 1 Peer Gateway : Enabled Dual-active excluded VLANs : -Graceful Consistency Check : Enabled Auto-recovery status : DisabledDelay-restore status : Timer is off.(timeout = 30s) Delay-restore SVI status : Timer is off.(timeout = 10s) Delay-restore Orphan-port status : Timer is off.(timeout = 0s) Operational Layer3 Peer-router : Disabled Virtual-peerlink mode : Disabled vPC Peer-link status — id Port Status Active vlans-- ---- ------ ------------------------------------------------- 1 Po10 up 1-2,10 vPC status ---------------------------------------------------------------------------- Id Port Status Consistency Reason Active vlans --------------- 20 Po20 up success success 1-2,10 Please check "show vpc consistency-parameters vpc " for the consistency reason of down vpc and for type-2 consistency reasons for any vpc. Leaf-3(config-if)# show vpc bri 说明: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 1Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status : success Per-vlan consistency status : success Type-2 consistency status : success vPC role : secondary Number of vPCs configured : 1 Peer Gateway : Enabled Dual-active excluded VLANs : -Graceful Consistency Check : Enabled Auto-recovery status : DisabledDelay-restore status : Timer is off.(timeout = 30s) Delay-restore SVI status : Timer is off.(timeout = 10s) Delay-restore Orphan-port status : Timer is off.(timeout = 0s) Operational Layer3 Peer-router : Disabled Virtual-peerlink mode : Disabled vPC Peer-link status —id Port Status Active vlans-- ---- ------ ------------------------------------------------- 1 Po10 up 1-2,10 vPC status ---------------------------------------------------------------------------- Id Port Status Consistency Reason Active vlans --------------- 20 Po20 up success success 1-2,10 Please check "show vpc consistency-parameters vpc " for the consistency reason of down vpc and for type-2 consistency reasons for any vpc. 配置 vPC 交换矩阵对等连接 网络图
vpc domain 1peer-switchpeer-keepalive destination 10.201.182.26virtual peer-link destination 10.1.1.3 source 10.1.1.4 dscp 56peer-gatewayip arp synchronize interface port-channel10vpc peer-link interface Ethernet1/46mtu 9216port-type fabricip address 192.168.2.1/24ip ospf network point-to-pointip router ospf 100 area 0.0.0.0ip pim sparse-modeno shutdown Leaf-3Leaf-3(config-vpc-domain)# show run vpcfeature vpc vpc domain 1peer-switchpeer-keepalive destination 10.201.182.25virtual peer-link destination 10.1.1.4 source 10.1.1.3 dscp 56 peer-gatewayip arp synchronize interface port-channel10vpc peer-link interface Ethernet1/47mtu 9216port-type fabricip address 192.168.1.1/24ip ospf network point-to-pointip router ospf 100 area 0.0.0.0ip pim sparse-modeno shutdown 验证使用本部分可确认配置能否正常运行。 show vpc briefshow vpc roleshow vpc virtual-peerlink vlan consistencyshow vpc fabric-ports show vpc consistency-para globalshow nve interface nve 1 detail 配置双侧 vPC 网络图
vpc domain 1peer-switchpeer-keepalive destination 10.201.182.26 source 10.201.182.25peer-gatewayip arp synchronize interface port-channel10 vpc peer-link interface port-channel20 vpc 20 interface port-channel40 vpc 40 Leaf-3Leaf-3(config-if-range)# show run vpcfeature vpc vpc domain 1peer-switchpeer-keepalive destination 10.201.182.25 source 10.201.182.26peer-gatewayip arp synchronize interface port-channel10 vpc peer-link interface port-channel20 vpc 20 interface port-channel40 vpc 40 Leaf-4Leaf-4(config-if)# show run vpcfeature vpc vpc domain 2 peer-switch peer-keepalive destination 10.201.182.29 source 10.201.182.28 peer-gatewayinterface port-channel10 vpc peer-link interface port-channel20 vpc 20 interface port-channel40 vpc 40 Leaf-5Leaf-5(config-if)# show running-config vpcfeature vpcvpc domain 2 peer-switch peer-keepalive destination 10.201.182.28 source 10.201.182.29 peer-gateway interface port-channel10 vpc peer-link interface port-channel20 vpc 20 interface port-channel40 vpc 40 配置具有 vPC 交换矩阵对等连接的双侧 vPC 网络图
在双面vPC中,两台Nexus 9000交换机都运行vPC。Nexus 9000 交换机的每个 vPC 对都连接到具有唯一 vPC 的汇聚 vPC 对。 Leaf-2Leaf-2(config-if-range)# show run vpcfeature vpcvpc domain 1 peer-switch peer-keepalive destination 10.201.182.26 virtual peer-link destination 10.1.1.3 source 10.1.1.4 dscp 56 peer-gateway ip arp synchronize interface port-channel10 vpc peer-link interface port-channel20 vpc 20 interface port-channel40 vpc 40 Leaf-3Leaf-3(config-if-range)# show run vpcfeature vpc vpc domain 1 peer-switch peer-keepalive destination 10.201.182.25 virtual peer-link destination 10.1.1.4 source 10.1.1.3 dscp 56 peer-gateway ip arp synchronize interface port-channel10 vpc peer-link interface port-channel20 vpc 20 interface port-channel40 vpc 40 Leaf-4 and Leaf-5 configuration is similar as double-sided vPC. 故障排除本部分提供了可用于对配置进行故障排除的信息。 Leaf-4(config-if)# show spanning-tree VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 32778 Address 0023.04ee.be01 Cost 5 Port 4105 (port-channel10) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0023.04ee.be02 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po10 Root FWD 4 128.4105 (vPC peer-link) Network P2p Po20 Desg FWD 1 128.4115 (vPC) P2p Po40 Root FWD 1 128.4135 (vPC) P2p VLAN0020 Spanning tree enabled protocol rstp Root ID Priority 32788 Address 0023.04ee.be02 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0023.04ee.be02 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po10 Root FWD 4 128.4105 (vPC peer-link) Network P2p Po20 Desg FWD 1 128.4115 (vPC) P2p Po40 Desg FWD 1 128.4135 (vPC) P2p Leaf-5(config-if)# show spanning-tree VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 32778 Address 0023.04ee.be01 Cost 1 Port 4135 (port-channel40) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0023.04ee.be02 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po10 Desg FWD 4 128.4105 (vPC peer-link) Network P2p Po20 Desg FWD 1 128.4115 (vPC) P2p Po40 Root FWD 1 128.4135 (vPC) P2p VLAN0020 Spanning tree enabled protocol rstp Root ID Priority 32788 Address 0023.04ee.be02 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32788 (priority 32768 sys-id-ext 20) Address 0023.04ee.be02 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po10 Desg FWD 4 128.4105 (vPC peer-link) Network P2p Po20 Desg FWD 1 128.4115 (vPC) P2p Po40 Desg FWD 1 128.4135 (vPC) P2p Leaf-5(config-if)# Leaf-2(config-if-range)# show spanning-tree VLAN0001 Spanning tree enabled protocol rstp Root ID Priority 32769 Address 0023.04ee.be01 Cost 0 Port 0 () Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 003a.9c28.2cc7 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Eth1/47 Desg FWD 4 128.185 P2p VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 32778 Address 0023.04ee.be01 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0023.04ee.be01 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po10 Desg FWD 4 128.4105 (vPC peer-link) Network P2p Po40 Desg FWD 1 128.4135 (vPC) P2p Eth1/47 Desg FWD 4 128.185 P2p Leaf-2(config-if-range)# Leaf-3(config-if-range)# show spanning-tree VLAN0010 Spanning tree enabled protocol rstp Root ID Priority 32778 Address 0023.04ee.be01 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32778 (priority 32768 sys-id-ext 10) Address 0023.04ee.be01 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Po10 Root FWD 4 128.4105 (vPC peer-link) Network P2p Po40 Desg FWD 1 128.4135 (vPC) P2p Leaf-3(config-if-range)# 采用 vPC 的 ISSU 最佳实践本节介绍无中断软件升级的最佳实践,在配置vPC域时使用Cisco ISSU。vPC系统NX-OS升级(或降级)vPC功能与Cisco ISSU完全兼容。 在 vPC 环境中,建议使用 ISSU 对系统进行升级。vPC 系统可以在不中断流量的情况下独立升级。升级为序列化操作,一次只能运行一个升级操作。ISSU 期间的配置锁定可防止两台 vPC 对等设备同步升级(启动 ISSU 时,在另一台 vPC 对等设备上会自动锁定配置)。要执行 ISSU 操作,只需 1 个旋钮。 
注意:采用 FEX 的 vPC(主机 vPC)也完全支持 ISSU。当升级的vPC域具有FEX时,零数据包丢失。服务器通过标准端口通道双连接到两个不同的FEX,并不知道升级操作发生在网络中。 switch#install all nxos bootflash: 强烈建议vPC 对等设备 1 (9K1)(首先在主 vPC 对等设备还是辅助 vPC 对等设备上加载代码无关紧要)使用 ISSU。请注意,另一台 vPC 对等设备 (9K2) 已锁定其配置,以防止对交换机进行任何操作。 使用服务中软件升级 (ISSU) 为 vPC 域更改 NX-OS 代码版本。按顺序执行操作,一次一台 vPC 对等设备。 请参阅 NX-OS 版本说明,根据设备代码(ISSU 兼容性表)正确选择目标 NX-OS 代码版本。
注:从7.x升级到9.3.8/9.3.9使vPC上的40g端口关闭。如果对等链路使用40 G连接,建议将两台交换机升级到9.3.8/9.3.9,以便启用40G或需要遵循以下路径:I7(7) - 9.3(1) - 9.3(9)。 更换 vPC 交换机的最佳实践 预检查 show versionshow moduleshow spanning-tree summaryshow vlan summaryshow ip interface briefshow port-channel summaryshow vpcshow vpc briefshow vpc roleshow vpc peer-keepalivesshow vpc statistics peer-keepaliveshow vpc consistency-parameters globalshow vpc consistency-parameters interface port-channelshow vpc consistency-parameters vlansshow run vpc allshow hsrp briefshow hsrpshow run hsrpshow hsrp interface vlan Show vrrpShow vrrp briefShow vrrp interface vlan Show run vrrp 步骤 逐一关闭所有 vPC 成员端口。 关闭所有孤立端口。 逐一关闭所有第 3 层物理链路。 关闭 vPC 对等保持连接 (PKA) 链路。 关闭 vPC 对等链路。 确保故障交换机上的所有端口均已关闭。确保通过冗余交换机上的共享命令将流量转移到冗余交换机。 show vpc show vpc statistics show ip route vrf all summary show ip mroute vrf all summary show ip interface brief show interface status show port-channel summary show hsrp brief Show vrrp brief确保替换设备已设置正确的映像和许可证。 show version show module show diagnostic results module all detail show license show license usage show system internal mts buffer summary|detail show logging logfile show logging nvram 使用备份配置正确配置交换机。如果启用了自动恢复,请在更换期间将其禁用。 Leaf-2(config)# vpc domain 1Leaf-2(config-vpc-domain)# no auto-recoveryLeaf-2(config-if)# show vpc bri Legend: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 1 Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status : success Per-vlan consistency status : success Type-2 consistency status : success vPC role : primary Number of vPCs configured : 1 Peer Gateway : Enabled Dual-active excluded VLANs : - Graceful Consistency Check : Enabled Auto-recovery status : Disabled Delay-restore status : Timer is off. (timeout = 30s) Delay-restore SVI status : Timer is off (timeout = 10s) Delay-restore Orphan-port status : Timer is off.(timeout = 0s) Operational Layer3 Peer-router : Disabled Virtual-peerlink mode : Disabled确保粘滞位设置为 False。 Leaf-5(config-vpc-domain)# show sys internal vpcm info all | i i stickOOB Peer Version: 2 OOB peer was alive: TRUE Sticky Master: FALSE 如果粘滞位设置为 True,请重新配置 vPC 角色优先级。这意味着重新应用角色优先级的原始配置。 vPC 域 1 |
【本文地址】