Within the datacenter environment, there is a useful technology concerning device uplinks. The goal is around redundancy. Normally, with a port-channel connection, you would be protected if a single cable or interface would stop working. When you configure vPC connections, you are protected if the uplinking switch stops functioning. The way this works is pretty simple to understand. The port-channel is standard on the host device, nothing special. The difference is that instead of the links being bundled to a single remote device, they are split between two devices without the host knowing the difference:
The advantage here is that you can span the remote end of a port-channel connection across multiple Cisco Nexus switches. Therefore, if one of these switches went offline, the host device would continue to function as expected with little to no impact, minus the lost bandwidth simply due to cabling. With this configuration, the Nexus platform creates a single logical switch for the host device to connect to as seen in the diagram above.
So how do we configure this? There are a few steps before actually creating the port-channels. We need to configure both switches to begin talking as peer switches. This includes configuring the following:
- Configure vPC Domain
- Configure keepalive and associated VRF
- Configure vPC Peer-link
First we need to configure the vPC domain. In this case, you specify the domain number and the keepalive configuration.
ip vrf VPC_KEEPALIVE ! vpc domain 1 peer-keepalive destination 220.127.116.11 source 18.104.22.168 vrf VPC_KEEPALIVE
You can see that I specified the IP addresses 22.214.171.124 and 126.96.36.199 here for the vPC keepalive. You need to create an interface on each switch and connected them together. This will simply be used for the heartbeat for each peer to detect each other.
interface Ethernet2/1 description cPC Keepalive vrf member VPC_KEEPALIVE ip address 188.8.131.52/30 no shutdown
So now we need to create our vPC peer-link. This will be used to pass traffic between peer switches in the event one of the port-channel links goes down. This is usually a simple trunk link with an additional command. Cisco’s recommended best practice is to use multiple links of at least 10Gb. Configuration would look like this:
interface port-channel1 description Peer-Link switchport switchport mode trunk spanning-tree port type network vpc peer-link ! interface Ethernet1/1 description Peer-Link switchport switchport mode trunk channel-group 1 mode active no shutdown ! interface Ethernet3/1 description Peer-Link switchport switchport mode trunk channel-group 1 mode active no shutdown
So now our peer-link is configured as well, using multiple 10Gb interfaces on my Nexus devices. The only thing we would need to do now is configure the actual vPC connection. First you need to determine if you are using LACP, PAGP, etc. On the main, host device, create the port-channel as you normally would. Then you split the connections between the Nexus devices. You need to create the port-channel on each Nexus devices and add the vpc command to configure:
interface port-channel 2 switchport switchport mode trunk vpc 2 ! interface ethernet2/48 switchport switchport mode trunk channel-group 2 mode active
You want to create the same interface and port-channel configuration on both Nexus devices. The port-channel can change numbers, but the thing that needs to match is the vpc number. As long as that is the same, you are alright.
To make sure everything is functioning correctly, I can do a “show vpc” command to see the current status. It should look mostly like this, showing the peer connection is established:
Nexus-Lab# show vpc Legend: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 1 Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status : success Per-vlan consistency status : success Type-2 consistency status : success vPC role : primary Number of vPCs configured : 2 Peer Gateway : Enabled Peer gateway excluded VLANs : - Dual-active excluded VLANs : - Graceful Consistency Check : Enabled Auto-recovery status : Enabled (timeout = 240 seconds) vPC Peer-link status --------------------------------------------------------------------- id Port Status Active vlans -- ---- ------ -------------------------------------------------- 1 Po1 up 1-5 ...
This is the absolute basic way to configure vPC connections. There are definitely things you can configure to optimize and customize your vPC environment, but that will be discussed in another post.
As always, post any questions below!