nexus 5010 vpc

[jussi 11]

hallo,

 

ich habe grosse fragezeichen beim virtual port channel über zwei  nx 5010 chassis hinweg zu einer core komponente (cisco 6509).

 

 

cisco 6509 ---- NX5010 

|                       |

|                       |

NX5010---------|

 

 

die nexus geräte dienen als access switche für verschiedene server racks. in meiner zielsezung sollten sich die beiden 

chassis durch den vpc in verbindung mit dem crosslink wie ein switch verhalten, machen sie aber nicht, es ist als ob vpc gar nicht wirkt und der core schlicht immer einen der beiden nx peers down hält. wofür habe ich dann vpc, das hätte spaning tree doch auch erledigt, oder?

 

konfig und debug auszüge unten

 

 

c6509,  Version 12.2(17r)SX5

---------------------------------------------------------------------------

---------------------------------------------------------------------------

---------------------------------------------------------------------------

 

[...]

 

 

interface Port-channel1

 description UPLINK to nexus 10G A+B

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 22

 switchport trunk allowed vlan 11,22

 switchport mode trunk

 switchport nonegotiate

 

[...]

 

interface TenGigabitEthernet7/1

 description UPLINK nexus 10G-A

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 22

 switchport trunk allowed vlan 11,22

 switchport mode trunk

 switchport nonegotiate

 channel-group 1 mode active

 

[....]

 

interface TenGigabitEthernet8/1

 description UPLINK nexus 10G-B

 switchport

 switchport trunk encapsulation dot1q

 switchport trunk native vlan 22

 switchport trunk allowed vlan 11,22

 switchport mode trunk

 switchport nonegotiate

 channel-group 1 mode active

 

-----------------------------------------

sieht dann so aus:

 

 

show etherchannel summary :

 

Flags:  D - down        P - bundled in port-channel

        I - stand-alone s - suspended

        H - Hot-standby (LACP only)

        R - Layer3      S - Layer2

        U - in use      N - not in use, no aggregation

        f - failed to allocate aggregator

 

        M - not in use, no aggregation due to minimum links not met

        m - not in use, port not aggregated due to minimum links not met

        u - unsuitable for bundling

        d - default port

 

        w - waiting to be aggregated

Number of channel-groups in use: 4

Number of aggregators:           4

 

Group  Port-channel  Protocol    Ports

------+-------------+-----------+-----------------------------------------------

1      Po1(SU)         LACP      Te7/1(P)       Te8/1(P)       

[...]

 

 

------

show etherchannel port-channel:

 

sh etherchannel port-channel 

Channel-group listing: 

-----------------------

 

Group: 1 

----------

Port-channels in the group: 

----------------------

 

Port-channel: Po1    (Primary Aggregator)

 

------------

 

Age of the Port-channel   = 295d:01h:01m:29s

Logical slot/port   = 14/1          Number of ports = 2

HotStandBy port = null 

Port state          = Port-channel Ag-Inuse 

Protocol            =   LACP

Fast-switchover     = disabled

Load share deferral = disabled   

 

Ports in the Port-channel: 

 

Index   Load      Port          EC state       No of bits

------+------+------------+------------------+-----------

 1      55          Te7/1             Active   4

 0      AA          Te8/1             Active   4

 

 

------------

 

 

 

2x  nexus 5010, Version 4.2(1)N1(1)

---------------------------------------

 

nexus A: 

--------------------------------------------------------------------------

-------------------------------------------------------------------------

-------------------------------------------------------------------------

 

[...]

 

vrf context management

  ip route 0.0.0.0/0 <gw IP>

vlan 1,11

vlan 22

  name server-vlan

vpc domain 1

  peer-keepalive destination <IP Nexus B> source <management ip Nexus A>

 

 

interface port-channel100

  description uplink to core

  switchport mode trunk

  vpc 100

  switchport trunk native vlan 22

  switchport trunk allowed vlan 1,11,22

  spanning-tree port type edge trunk

 

interface port-channel4096

  description port channel crosslink

  switchport mode trunk

  vpc peer-link

  spanning-tree port type network

 

[...]

 

interface Ethernet1/19

  description crosslink to nexus 10G-B

  switchport mode trunk

  spanning-tree port type network

  channel-group 4096 mode active

 

interface Ethernet1/20

  description uplink core

  switchport mode trunk

  switchport trunk native vlan 22

  switchport trunk allowed vlan 1,11,22

  channel-group 100 mode active

 

[...]

 

interface mgmt0

  ip address <ip nx A>

 

 

--------

show port-channel summary:

 

 

Flags:  D - Down        P - Up in port-channel (members)

        I - Individual  H - Hot-standby (LACP only)

        s - Suspended   r - Module-removed

        S - Switched    R - Routed

        U - Up (port-channel)

--------------------------------------------------------------------------------

Group Port-       Type     Protocol  Member Ports

      Channel

--------------------------------------------------------------------------------

 

 100   Po100(SU)   Eth      LACP      Eth1/20(P)   

4096  Po4096(SU)  Eth     LACP      Eth1/19(P)   

 

---

show vpc brief:

 

[...]

 

vPC domain id                   : 1   

Peer status                     : peer adjacency formed ok      

vPC keep-alive status           : peer is alive                 

Configuration consistency status: success 

vPC role                        : secondary                     

Number of vPCs configured       : 2   

Peer Gateway                    : Disabled

Dual-active excluded VLANs      : -

 

 

vPC Peer-link status

---------------------------------------------------------------------

id   Port   Status Active vlans    

--   ----   ------ --------------------------------------------------

1    Po4096 up     1,22                                                     

 

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------      

100    Po100       up     success     success                    1,22      

 

 

nexus B:

-------------------------------------------------

-------------------------------------------------

-------------------------------------------------

 

config genau wie A ausser natürlich umgekehrte ips

 

[...]

vpc domain 1

  peer-keepalive destination <IP Nexus A> source <management ip Nexus B>

 

[...]

 

interface mgmt0

  ip address <ip nx A>

 

[...]

 

 

ergibt dann:

 

show port-channel summary

 

Flags:  D - Down        P - Up in port-channel (members)

        I - Individual  H - Hot-standby (LACP only)

        s - Suspended   r - Module-removed

        S - Switched    R - Routed

        U - Up (port-channel)

--------------------------------------------------------------------------------

Group Port-       Type     Protocol  Member Ports

      Channel

--------------------------------------------------------------------------------

100   Po100(SU)   Eth      LACP      Eth1/20(P)   

4096  Po4096(SU)  Eth      LACP      Eth1/19(P)   

 

 

--------

show vpc brief:

 

vPC domain id                   : 1   

Peer status                     : peer adjacency formed ok      

vPC keep-alive status           : peer is alive                 

Configuration consistency status: success 

vPC role                        : primary                       

Number of vPCs configured       : 2   

Peer Gateway                    : Disabled

Dual-active excluded VLANs      : -

 

vPC Peer-link status

---------------------------------------------------------------------

id   Port   Status Active vlans    

--   ----   ------ --------------------------------------------------

1    Po4096 up     1,22                                                     

 

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

100    Po100       up     success     success                    1,22   

 

[Otaku19 33]

passt doch eh,sehe keinen Fehler

[jussi 11]

Hallo Otaku,

 

danke für deine enschätzung. ich sehe auch keinen fehler, aber die beiden nexus switche verhalten sich imho jetzt wie zwei einzelne switche, von denen jeweils einer nicht zum core verbunden ist. ist das der "best practise" zustand?

 

aufgefallen ist es weil in den angeschlossenen esxen die eths fälschlicherweise auf "status prüfung" standen. dann können dort hin migrierte gäste nur zufällig mit dem netz kommunizieren oder eben nicht kommunizieren. je nachdem über welche eth die pakete rausgeschickt werden, da der esx beide karten benutzt. erst wenn auf "signalprüfung" umgestellt wird und der esx auf layer 3 am gw testet, verhalten sich alle gäste konsistent, da dann sämtliche pakete über den jeweils aktiven weg zum core fließen.

[blackbox 10]

Hi,

 

wie hast du die Wege vom ESX zum Nexus konfiguriert?