Özet
Bu çalışmada, 2 Core Switch, 2 Aggregation Switch ve 1 Access Switch kullanılarak bir ağ topolojisi oluşturuldu. Oluşturulan bu topoloji, Cisco Nexus serisi ağ anahtarlarında bulunan Double-Sided Virtual Port Channel (VPC) teknolojisi kullanılarak yapıldı. Topolojideki bu VPC yapıları, yüksek erişilebilirlik ve yedeklik sağlamak için kullanıldı. Ayrıca, erişim ve yedeklik testleri yapılarak, ağın istikrarlı ve güvenilir bir şekilde çalıştığı doğrulandı.
Double-Sided VPC Nedir?
“Cisco Double-Sided Virtual Port Channel (vPC)” veya kısaca “Cisco Double-Sided vPC”, Cisco Nexus Serisi ağ anahtarlarında kullanılan bir özelliktir. Bu özellik, özellikle veri merkezi ortamlarında kullanılan karmaşık ağ yapılarında yaygın olarak kullanılır. Cisco Double-Sided vPC, yüksek performans, yedeklik ve esneklik sağlayarak, veri merkezi ağlarının güvenilirliğini ve verimliliğini artırır.
Sözlük bilgisinden sonra; Double-Sided VPC Konfigürasyonu; VPC Domain ile yapılandırılmış cihazlarının birbirlerine bağlanmasını ve döngü oluşturmadan çalışmasını sağlamaktadır. back-to-back VPC olarak da isimlendirilmektedir, yani arka arkaya VPC Domainlerin eklenmesi ile oluşmaktadır.
Aşağıdaki konfigürasyon Cisco tarafından tavsiye edilen şekilde tasarlanmıştır ve Spanning Tree olarak MSTP kullanılmıştır.
Konfigürasyonlar
N9K-Core-01
hostname N9K-CORE-01
feature interface-vlan
feature hsrp
feature lacp
feature vpc
spanning-tree mode mst
vlan 1,11,41
vlan 11
name N9K_Mgmt
vlan 41
name Aggr_Access_Switch_Mgmt
spanning-tree loopguard default
spanning-tree mst 0-2 priority 4096
spanning-tree mst configuration
revision 1
instance 1 vlan 11
instance 2 vlan 41
vpc domain 1
peer-switch
role priority 1
peer-keepalive destination 1.1.1.2 source 1.1.1.1
delay restore 60
peer-gateway
auto-recovery reload-delay 60
ip arp synchronize
interface Vlan11
description N9K_Mgmt
no shutdown
no ip redirects
ip address 172.30.11.11/24
no ipv6 redirects
hsrp version 2
hsrp 11
preempt delay minimum 180
priority 210
ip 172.30.11.10
interface Vlan41
description Aggr_Access_Switch_Mgmt
no shutdown
no ip redirects
ip address 172.30.41.251/24
no ipv6 redirects
hsrp version 2
hsrp 41
preempt delay minimum 180
priority 210
ip 172.30.41.1
interface port-channel10
no shutdown
description <<<PEER-LINK>>>
switchport
switchport mode trunk
switchport trunk allowed vlan all
spanning-tree port type network
vpc peer-link
interface port-channel12
no shutdown
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
spanning-tree port type normal
spanning-tree guard root
vpc 12
interface Ethernet1/1
description <<<PEER-LINK>>>
switchport
switchport mode trunk
channel-group 10 mode active
no shutdown
interface Ethernet1/2
description <<<PEER-LINK>>>
switchport
switchport mode trunk
channel-group 10 mode active
no shutdown
interface Ethernet1/5
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
no shutdown
interface Ethernet1/6
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
no shutdown
interface mgmt0
vrf member management
ip address 1.1.1.1/30
N9K-Core-02
hostname N9K-CORE-02
feature interface-vlan
feature hsrp
feature lacp
feature vpc
spanning-tree mode mst
vlan 1,11,41
vlan 11
name N9K_Mgmt
vlan 41
name Aggr_Access_Switch_Mgmt
spanning-tree loopguard default
spanning-tree mst 0-2 priority 4096
spanning-tree mst configuration
revision 1
instance 1 vlan 11
instance 2 vlan 41
vpc domain 1
peer-switch
role priority 65535
peer-keepalive destination 1.1.1.1 source 1.1.1.2
delay restore 60
peer-gateway
auto-recovery reload-delay 60
ip arp synchronize
interface Vlan11
description N9K_Mgmt
no shutdown
no ip redirects
ip address 172.30.11.12/24
no ipv6 redirects
hsrp version 2
hsrp 11
preempt delay minimum 180
priority 110
ip 172.30.11.10
interface Vlan41
description Aggr_Access_Switch_Mgmt
no shutdown
no ip redirects
ip address 172.30.41.252/24
no ipv6 redirects
hsrp version 2
hsrp 41
preempt delay minimum 180
priority 110
ip 172.30.41.1
interface port-channel10
no shutdown
description <<<PEER-LINK>>>
switchport
switchport mode trunk
switchport trunk allowed vlan all
spanning-tree port type network
vpc peer-link
interface port-channel12
no shutdown
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
spanning-tree port type normal
spanning-tree guard root
vpc 12
interface Ethernet1/1
description <<<PEER-LINK>>>
switchport
switchport mode trunk
channel-group 10 mode active
no shutdown
interface Ethernet1/2
description <<<PEER-LINK>>>
switchport
switchport mode trunk
channel-group 10 mode active
no shutdown
interface Ethernet1/5
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
no shutdown
interface Ethernet1/6
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
no shutdown
interface mgmt0
vrf member management
ip address 1.1.1.2/30
N9K-Aggr-01
hostname N9K_AGGR_01
feature interface-vlan
feature hsrp
feature lacp
feature vpc
spanning-tree mode mst
ip route 0.0.0.0/0 172.30.11.10
vlan 1,11,41
vlan 11
name N9K_Mgmt
vlan 41
name Aggr_Access_Switch_Mgmt
spanning-tree loopguard default
spanning-tree mst 0-2 priority 4096
spanning-tree mst configuration
revision 1
instance 1 vlan 11
instance 2 vlan 41
vpc domain 3
peer-switch
role priority 1
peer-keepalive destination 1.1.3.2 source 1.1.3.1
delay restore 60
peer-gateway
auto-recovery reload-delay 60
ip arp synchronize
interface Vlan11
description N9K_Mgmt
no shutdown
no ip redirects
ip address 172.30.11.21/24
no ipv6 redirects
interface port-channel10
description <<<PEER-LINK>>>
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel12
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
spanning-tree port type normal
vpc 12
interface port-channel31
description <<<Acces_Switch>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
spanning-tree port type normal
spanning-tree guard root
vpc 31
interface Ethernet1/1
description <<<PEER-LINK>>>
switchport mode trunk
channel-group 10 mode active
interface Ethernet1/2
description <<<PEER-LINK>>>
switchport mode trunk
channel-group 10 mode active
interface Ethernet1/3
description <<<Acces_Switch>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
channel-group 31 mode active
interface Ethernet1/5
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
interface Ethernet1/6
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
interface mgmt0
vrf member management
ip address 1.1.3.1/30N9K-Aggr-02
hostname N9K_AGGR_02
feature interface-vlan
feature hsrp
feature lacp
feature vpc
spanning-tree mode mst
ip route 0.0.0.0/0 172.30.11.10
vlan 1,11,41
vlan 11
name N9K_Mgmt
vlan 41
name Aggr_Access_Switch_Mgmt
spanning-tree loopguard default
spanning-tree mst 0-2 priority 4096
spanning-tree mst configuration
revision 1
instance 1 vlan 11
instance 2 vlan 41
vpc domain 3
peer-switch
role priority 65535
peer-keepalive destination 1.1.3.1 source 1.1.3.2
delay restore 60
peer-gateway
auto-recovery reload-delay 60
ip arp synchronize
interface Vlan11
description N9K_Mgmt
no shutdown
no ip redirects
ip address 172.30.11.22/24
no ipv6 redirects
interface port-channel10
description <<<PEER-LINK>>>
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel12
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
spanning-tree port type normal
vpc 12
interface port-channel31
description <<<Acces_Switch>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
spanning-tree port type normal
spanning-tree guard root
vpc 31
interface Ethernet1/1
description <<<PEER-LINK>>>
switchport mode trunk
channel-group 10 mode active
interface Ethernet1/2
description <<<PEER-LINK>>>
switchport mode trunk
channel-group 10 mode active
interface Ethernet1/3
description <<<Acces_Switch>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
channel-group 31 mode active
interface Ethernet1/5
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
interface Ethernet1/6
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
interface mgmt0
vrf member management
ip address 1.1.3.2/30Access-Switch
hostname Access_Switch
feature interface-vlan
feature lacp
ip route 0.0.0.0/0 172.30.41.1
vlan 1,41
vlan 41
name Access_Switch_Mgmt
spanning-tree loopguard default
interface Vlan41
description <<<Access_Switch_Mgmt>>>
no shutdown
no autostate
ip address 172.30.41.11/24
interface port-channel1
description <<<Aggr_Member_Port>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
spanning-tree port type normal
interface Ethernet1/3
description <<<N9K_AGGR_01>>>
switchport mode trunk
switchport trunk allowed vlan 41
channel-group 1 mode active
interface Ethernet1/4
description <<<N9K_AGGR_02>>>
switchport mode trunk
switchport trunk allowed vlan 41
channel-group 1 mode active
Testler
Cisco Tavsiyeleri
● Keep Spanning Tree Protocol root function on the aggregation layer of the network (aggregation vPC domain)
● For each vPC peer device, configure root guard on ports connected to access devices
● Bridge Assurance is enabled by default when configuring vPC peer-link. Do not disable it on vPC peer-link
● Bridge Assurance is not supported on vPC member ports. Always configure vPC member port as
spanning-tree port type normal (so not using Bridge Assurance on the link).
● Configure port fast (edge port type) on the host-facing interfaces to avoid slow Spanning Tree Protocol
convergence (30 seconds or more) when port transitions to up state.
● Configure BPDU guard on host-facing interfaces to block any BPDU sent from the host (access switch port receiving the BPDU will be put in errdisable mode).
● STP mode (RPVST or MST)
● STP region configuration for MST
● Enable/disable state per VLAN
● Bridge Assurance setting
● STP Port type setting (Enable or Disable edge port type by default on all access ports)
● Loop Guard settings (Enable or Disable loop guard by default on all ports)
● BPDU Guard settings (Enable or Disable BPDU guard by default on all edge ports)
● BPDU filter settings((Enable or Disable BPDU filter by default on all edge ports) Interface settings:
● STP Port type setting (edge, network or normal)
● Loop Guard (enabled or disabled)
● Root Guard (enabled or disabled)
Eline sağlık.