Cisco Nexus Double-Sided VPC Konfigürasyonu

Özet

Bu çalışmada, 2 Core Switch, 2 Aggregation Switch ve 1 Access Switch kullanılarak bir ağ topolojisi oluşturuldu. Oluşturulan bu topoloji, Cisco Nexus serisi ağ anahtarlarında bulunan Double-Sided Virtual Port Channel (VPC) teknolojisi kullanılarak yapıldı. Topolojideki bu VPC yapıları, yüksek erişilebilirlik ve yedeklik sağlamak için kullanıldı. Ayrıca, erişim ve yedeklik testleri yapılarak, ağın istikrarlı ve güvenilir bir şekilde çalıştığı doğrulandı.

Double-Sided VPC Nedir?

“Cisco Double-Sided Virtual Port Channel (vPC)” veya kısaca “Cisco Double-Sided vPC”, Cisco Nexus Serisi ağ anahtarlarında kullanılan bir özelliktir. Bu özellik, özellikle veri merkezi ortamlarında kullanılan karmaşık ağ yapılarında yaygın olarak kullanılır. Cisco Double-Sided vPC, yüksek performans, yedeklik ve esneklik sağlayarak, veri merkezi ağlarının güvenilirliğini ve verimliliğini artırır.

Sözlük bilgisinden sonra; Double-Sided VPC Konfigürasyonu; VPC Domain ile yapılandırılmış cihazlarının birbirlerine bağlanmasını ve döngü oluşturmadan çalışmasını sağlamaktadır. back-to-back VPC olarak da isimlendirilmektedir, yani arka arkaya VPC Domainlerin eklenmesi ile oluşmaktadır.

Topolojinin GNS3 üzerinde gösterimi

Aşağıdaki konfigürasyon Cisco tarafından tavsiye edilen şekilde tasarlanmıştır ve Spanning Tree olarak MSTP kullanılmıştır.

Konfigürasyonlar

N9K-Core-01

hostname N9K-CORE-01
feature interface-vlan
feature hsrp
feature lacp
feature vpc
spanning-tree mode mst

vlan 1,11,41
vlan 11
name N9K_Mgmt
vlan 41
name Aggr_Access_Switch_Mgmt

spanning-tree loopguard default
spanning-tree mst 0-2 priority 4096
spanning-tree mst configuration
revision 1
instance 1 vlan 11
instance 2 vlan 41

vpc domain 1
peer-switch
role priority 1
peer-keepalive destination 1.1.1.2 source 1.1.1.1
delay restore 60
peer-gateway
auto-recovery reload-delay 60
ip arp synchronize

interface Vlan11
description N9K_Mgmt
no shutdown
no ip redirects
ip address 172.30.11.11/24
no ipv6 redirects
hsrp version 2
hsrp 11
preempt delay minimum 180
priority 210
ip 172.30.11.10

interface Vlan41
description Aggr_Access_Switch_Mgmt
no shutdown
no ip redirects
ip address 172.30.41.251/24
no ipv6 redirects
hsrp version 2
hsrp 41
preempt delay minimum 180
priority 210
ip 172.30.41.1

interface port-channel10
no shutdown
description <<<PEER-LINK>>>
switchport
switchport mode trunk
switchport trunk allowed vlan all
spanning-tree port type network
vpc peer-link

interface port-channel12
no shutdown
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
spanning-tree port type normal
spanning-tree guard root
vpc 12

interface Ethernet1/1
description <<<PEER-LINK>>>
switchport
switchport mode trunk
channel-group 10 mode active
no shutdown

interface Ethernet1/2
description <<<PEER-LINK>>>
switchport
switchport mode trunk
channel-group 10 mode active
no shutdown

interface Ethernet1/5
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
no shutdown

interface Ethernet1/6
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
no shutdown

interface mgmt0
vrf member management
ip address 1.1.1.1/30

N9K-Core-02

hostname N9K-CORE-02
feature interface-vlan
feature hsrp
feature lacp
feature vpc
spanning-tree mode mst

vlan 1,11,41
vlan 11
name N9K_Mgmt
vlan 41
name Aggr_Access_Switch_Mgmt

spanning-tree loopguard default
spanning-tree mst 0-2 priority 4096
spanning-tree mst configuration
revision 1
instance 1 vlan 11
instance 2 vlan 41

vpc domain 1
peer-switch
role priority 65535
peer-keepalive destination 1.1.1.1 source 1.1.1.2
delay restore 60
peer-gateway
auto-recovery reload-delay 60
ip arp synchronize

interface Vlan11
description N9K_Mgmt
no shutdown
no ip redirects
ip address 172.30.11.12/24
no ipv6 redirects
hsrp version 2
hsrp 11
preempt delay minimum 180
priority 110
ip 172.30.11.10

interface Vlan41
description Aggr_Access_Switch_Mgmt
no shutdown
no ip redirects
ip address 172.30.41.252/24
no ipv6 redirects
hsrp version 2
hsrp 41
preempt delay minimum 180
priority 110
ip 172.30.41.1

interface port-channel10
no shutdown
description <<<PEER-LINK>>>
switchport
switchport mode trunk
switchport trunk allowed vlan all
spanning-tree port type network
vpc peer-link

interface port-channel12
no shutdown
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
spanning-tree port type normal
spanning-tree guard root
vpc 12

interface Ethernet1/1
description <<<PEER-LINK>>>
switchport
switchport mode trunk
channel-group 10 mode active
no shutdown

interface Ethernet1/2
description <<<PEER-LINK>>>
switchport
switchport mode trunk
channel-group 10 mode active
no shutdown

interface Ethernet1/5
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
no shutdown

interface Ethernet1/6
description <<<Aggr_Member_Ports>>>
switchport
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active
no shutdown

interface mgmt0
vrf member management
ip address 1.1.1.2/30

N9K-Aggr-01

hostname N9K_AGGR_01

feature interface-vlan
feature hsrp
feature lacp
feature vpc

spanning-tree mode mst

ip route 0.0.0.0/0 172.30.11.10

vlan 1,11,41
vlan 11
name N9K_Mgmt
vlan 41
name Aggr_Access_Switch_Mgmt

spanning-tree loopguard default
spanning-tree mst 0-2 priority 4096
spanning-tree mst configuration
revision 1
instance 1 vlan 11
instance 2 vlan 41

vpc domain 3
peer-switch
role priority 1
peer-keepalive destination 1.1.3.2 source 1.1.3.1
delay restore 60
peer-gateway
auto-recovery reload-delay 60
ip arp synchronize

interface Vlan11
description N9K_Mgmt
no shutdown
no ip redirects
ip address 172.30.11.21/24
no ipv6 redirects

interface port-channel10
description <<<PEER-LINK>>>
switchport mode trunk
spanning-tree port type network
vpc peer-link

interface port-channel12
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
spanning-tree port type normal
vpc 12

interface port-channel31
description <<<Acces_Switch>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
spanning-tree port type normal
spanning-tree guard root
vpc 31

interface Ethernet1/1
description <<<PEER-LINK>>>
switchport mode trunk
channel-group 10 mode active

interface Ethernet1/2
description <<<PEER-LINK>>>
switchport mode trunk
channel-group 10 mode active

interface Ethernet1/3
description <<<Acces_Switch>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
channel-group 31 mode active

interface Ethernet1/5
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active

interface Ethernet1/6
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active

interface mgmt0
vrf member management
ip address 1.1.3.1/30

N9K-Aggr-02

hostname N9K_AGGR_02

feature interface-vlan
feature hsrp
feature lacp
feature vpc

spanning-tree mode mst

ip route 0.0.0.0/0 172.30.11.10

vlan 1,11,41
vlan 11
name N9K_Mgmt
vlan 41
name Aggr_Access_Switch_Mgmt

spanning-tree loopguard default
spanning-tree mst 0-2 priority 4096
spanning-tree mst configuration
revision 1
instance 1 vlan 11
instance 2 vlan 41

vpc domain 3
peer-switch
role priority 65535
peer-keepalive destination 1.1.3.1 source 1.1.3.2
delay restore 60
peer-gateway
auto-recovery reload-delay 60
ip arp synchronize

interface Vlan11
description N9K_Mgmt
no shutdown
no ip redirects
ip address 172.30.11.22/24
no ipv6 redirects

interface port-channel10
description <<<PEER-LINK>>>
switchport mode trunk
spanning-tree port type network
vpc peer-link

interface port-channel12
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
spanning-tree port type normal
vpc 12

interface port-channel31
description <<<Acces_Switch>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
spanning-tree port type normal
spanning-tree guard root
vpc 31

interface Ethernet1/1
description <<<PEER-LINK>>>
switchport mode trunk
channel-group 10 mode active

interface Ethernet1/2
description <<<PEER-LINK>>>
switchport mode trunk
channel-group 10 mode active

interface Ethernet1/3
description <<<Acces_Switch>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
channel-group 31 mode active

interface Ethernet1/5
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active

interface Ethernet1/6
description <<<Core-Member_Port>>>
switchport mode trunk
switchport trunk allowed vlan 11,41
channel-group 12 mode active

interface mgmt0
vrf member management
ip address 1.1.3.2/30

Access-Switch

hostname Access_Switch

feature interface-vlan
feature lacp

ip route 0.0.0.0/0 172.30.41.1

vlan 1,41
vlan 41
name Access_Switch_Mgmt

spanning-tree loopguard default

interface Vlan41
description <<<Access_Switch_Mgmt>>>
no shutdown
no autostate
ip address 172.30.41.11/24

interface port-channel1
description <<<Aggr_Member_Port>>>
switchport mode trunk
switchport trunk native vlan 41
switchport trunk allowed vlan 41
spanning-tree port type normal

interface Ethernet1/3
description <<<N9K_AGGR_01>>>
switchport mode trunk
switchport trunk allowed vlan 41
channel-group 1 mode active

interface Ethernet1/4
description <<<N9K_AGGR_02>>>
switchport mode trunk
switchport trunk allowed vlan 41
channel-group 1 mode active

Testler

Core VPC Durumu
Aggr VPC Durumu
Access Switch PO Durumu
172.30.41.11 IPv4 adresli Access-Switch’ten Core-01 ce Core-02’ye erişim testi

Cisco Tavsiyeleri

Best Practices Link

● Keep Spanning Tree Protocol root function on the aggregation layer of the network (aggregation vPC domain)
● For each vPC peer device, configure root guard on ports connected to access devices
● Bridge Assurance is enabled by default when configuring vPC peer-link. Do not disable it on vPC peer-link
● Bridge Assurance is not supported on vPC member ports. Always configure vPC member port as
spanning-tree port type normal (so not using Bridge Assurance on the link).
● Configure port fast (edge port type) on the host-facing interfaces to avoid slow Spanning Tree Protocol
convergence (30 seconds or more) when port transitions to up state.
● Configure BPDU guard on host-facing interfaces to block any BPDU sent from the host (access switch port receiving the BPDU will be put in errdisable mode).
● STP mode (RPVST or MST)
● STP region configuration for MST
● Enable/disable state per VLAN
● Bridge Assurance setting
● STP Port type setting (Enable or Disable edge port type by default on all access ports)
● Loop Guard settings (Enable or Disable loop guard by default on all ports)
● BPDU Guard settings (Enable or Disable BPDU guard by default on all edge ports)
● BPDU filter settings((Enable or Disable BPDU filter by default on all edge ports) Interface settings:
● STP Port type setting (edge, network or normal)
● Loop Guard (enabled or disabled)
● Root Guard (enabled or disabled)

Exit mobile version