+ All Categories
Home > Documents > ccie-dc-full-scale-labs.pdf

ccie-dc-full-scale-labs.pdf

Date post: 08-Nov-2015
Category:
Upload: naveedrana
View: 35 times
Download: 4 times
Share this document with a friend
Popular Tags:
185
CCIE Data Center Full-Scale Labs - Bootcamp Members - CCIE Data Center Full-Scale Lab 1 CCIE DC Full-Scale Lab 1 Tasks This workbook is not yet compatible with current DC racks for self-paced study. Introduction 1. Data Center Infrastructure 2. Data Center Storage Networking 3. Unified Computing 4. Data Center Virtualization Introduction
Transcript
  • CCIE Data Center Full-Scale Labs - Bootcamp Members - CCIE Data Center Full-Scale Lab 1

    CCIE DC Full-Scale Lab 1 TasksThis workbook is not yet compatible with current DC racks for self-paced study.

    Introduction1. Data Center Infrastructure2. Data Center Storage Networking3. Unified Computing4. Data Center Virtualization

    Introduction

  • All devices used in this scenario, with the exception of the UCS and Nexus 7K, will be pre-configured for you with a basic initial configuration before starting. Do not modify or remove this initial configuration, such as pre-configured MGMT0 IP addresses, pre-configured VRFs, pre-configured routing, etc. These initial configs are required to successfully complete this scenario.NX-OS device logins are admin with the password Cciedc01. The UCS Management VM's login is Administrator with the password cisco. Do not modify the admin role on any platform, change the console speed, configure AAA, or make any other configuration changes that would potentially lock you out of the CLI interface. Rack rental tokens will not be refunded in cases where configuration errors on your part cause you or the automation system to be locked out of the devices.Pre-configured MGMT0 addresses for this scenario are as follows:

    N5K1 192.168.101.51/24N5K2 192.168.101.52/24MDS1 192.168.101.61/24MDS2 192.168.101.62/24N7K1 192.168.101.71/24

    Any references to "Y" in this scenario refer to the last octet of the MGMT0 interface.

    1. Data Center Infrastructure1.1 UCS Initialization

    Connect to UCS Fabric Interconnect A's CLI and use the following options for the initial configuration dialog:

    Enforce strong passwords: yesAdmin password: Cciedc01Cluster: yesSwitch fabric: ASystem name: UCS-FIMGMT0 IP address: 192.168.101.201Netmask: 255.255.255.0Default gateway: 192.168.101.1Cluster IP address: 192.168.101.200

    Configure UCS FI B to join the cluster and use the IP address 192.168.101.202/24.Enable both Telnet and SSH access to the Fabric Interconnects.

  • Score: 3 Points

    1.2 Nexus 7K VDC InitializationCreate three VDCs on N7K1 as follows:

    VDC 2 named N7K2VDC 3 named N7K3VDC 4 named N7K4

    Do not inherit the VDC hostname from the default VDC's hostname.Allocate the interfaces to these VDCs according to the diagram. Any unneeded interfaces should be assigned to VDC 0.Connect to these VDCs from the console and configure the admin user with the password Cciedc01.Configure the MGMT0 IP addresses of the VDCs as follows:

    VDC 2: 192.168.101.72/24VDC 3: 192.168.101.73/24VDC 4: 192.168.101.74/24

    Enable both telnet and SSH access to all VDCs.

    Score: 5 Points

    1.3 Initial IP AddressingConfigure the higher-numbered M1 port in the diagram between N7K1 and N7K3 as a native layer 3 routed interface using the addresses 10.71.73.Y/24.Configure the M1 ports between N7K2 and N7K4 as layer 3 Port-Channel10. Use LACP for the Port-Channel, and the addresses 10.72.74.Y/24.Configure N7K3 and N7K4's links to the Data Center Interconnect as layer 2 access edge ports in VLANs 1050 and 1051, respectively. Configure interfaces VLAN 1050 and 1051 on N7K3 and N7K4, respectively, with addresses 10.50.73.0/31 and 10.51.74.0/31.

    Score: 3 Points

    1.4 Layer 3 RoutingConfigure N7K1 and N7K2 to default to N7K3 and N7K4, respectively.

  • Configure N7K3 and N7K4 to peer BGP with the DCI provider. The provider uses BGP AS 100, whereas N7K3 and N7K4 have been allocated BGP ASes 65001 and 65002, respectively. The DCI provider also requires MD5 authentication using the password DCIPROVIDER.Do not modify any DCI-related configuration on N5K1 or 3750G.When complete, N7K1 and N7K2 should have IP reachability to each other over the DCI.

    Score: 5 Points

    1.5 FabricPathN5K1 and N7K4 should form Port-Channel20 using LACP on the links connecting them according to the diagram.Configure FabricPath on the port channel as well as the link connecting N7K4 and N5K2 according to the diagram.Create VLANs 200299 as FabricPath VLANs on these switches.Authenticate all FabricPath IS-IS adjacencies using an MD5 hash of the password FPAUTH.

    Score: 6 Points

    1.6 vPC+Configure UCS-FI-A to form Port-Channel201 up to N5K1 and N5K2 using the links in the diagram.Configure UCS-FI-B to form Port-Channel202 up to N5K1 and N5K2 using the links in the diagram.From N5K1 and N5K2's perspective, these links should be vPC 201 and 202.vPC 201 and 202 should be 802.1Q trunk links, STP edge ports, and only allow VLANs 200299.Use the vPC Domain ID 500 and the FabricPath Switch-ID 501.

    Score: 6 Points

    1.7 FabricPath Traffic EngineeringEnsure that N7K4 can use both N5K1 and N5K2 to reach their southbound Classical

  • Ethernet peers in VLANs 200299.

    Score: 5 Points

    1.8 Spanning-Tree Protocol OptimizationModify N5K1 and N5K2's Classical Ethernet configuration so that they run the minimum number of spanning-tree instances necessary to deliver traffic from the northbound FabricPath domain into the southbound UCS domain.Any new switches that are attached to the Classical Ethernet domain of N5K1 or N5K2 that have a non-zero STP priority should not be able to be elected the STP root bridge.

    Score: 6 Points

    1.9 Fabric ExtendersN7K3 has two links to each N2K1 and N2K2, which are then used to dual-home to the UCS C200 server. Configure N7K3 to pair with N2K1 and N2K2 as FEX 131 and 132, respectively. Use Port-Channel 131 and 132, respectively.

    Score: 5 Points

    1.10 OTVConfigure OTV on N7K1 and N7K2 to bridge VLANs 200299 over the Data Center Interconnect.N7K1 should use the Site VLAN and Identifier 3001, and N7K2 should use the Site VLAN and Identifier 3002.Trunk the minimum number of necessary VLANs between N7K1 and N7K3, and N7K2 and N7K4.N7K3 and N7K4 should use PIM Sparse Mode for multicast routing with the DCI, and use the RP address 10.0.0.51, which is hosted by the provider.Multicast Control Plane traffic for the OTV should be tunneled over the DCI using the group 224.71.72.0.Multicast Data Plane traffic originating from N7K1 should use the group range 232.71.71.0/24.Multicast Data Plane traffic originating from N7K2 should use the group range

  • 232.72.72.0/24.Authenticate the IS-IS adjacency between N7K1 and N7K2 using an MD5 hash of the password OTVAUTH.Create Interface VLAN 200 on N7K3 and N7K4 with the IP addresses 192.168.200.Y/24.When complete, N7K3 and N7K4 should be able to ping each other over the DCI through the OTV tunnel, as well as the VMKernel interfaces of the ESXi instances on UCS Blades 1 and 2, and the C200 server. The ESXi addresses are 192.168.200.101, 192.168.200.102, and 192.168.200.104, respectively.

    Score: 7 Points

    2. Data Center Storage Networking2.1 Fibre Channel Initialization

    Configure N5K1, N5K2, UCS-FI-A, and UCS-FI-B's Unified Ports in Fibre Channel mode as shown in the diagram.N5K1's links to MDS1 and N5K2's links to MDS2 should be configured as Port-Channel101 and 102, respectively. The port channels should use dynamic negotiation and be configured as Trunking Expansion ports.N5K1's links to UCS-FI-A and N5K2's links to UCS-FI-B should be configured as Port-Channel 103 and 104, respectively. The port channels should use dynamic negotiation and be configured as non-trunking Fabric ports on the N5K1 and N5K2 sides.

    Score: 5 Points

    2.2 VSANs and TrunkingThe SAN A side of the UCS blade servers will use VSAN 103, and the SAN B side will use VSAN 104. Internal to UCS, these should map to VLANs 1103 and 1104, respectively.UCS-FI-A's Port-Channel103 to N5K1 and UCS-FI-B's Port-Channe104 to N5K2 should be non-trunking NP ports in VSANs 103 and 104, respectively.N5K1's Port-Channel101 to MDS1 and N5K2's Port-Channel102 to MDS2 should be TE ports that only forward VSANs 103 and 104, respectively.

  • MDS1 and MDS2's link to the SAN should be F ports in VSANs 103 and 104, respectively.

    Score: 6 Points

    2.3 Fibre Channel ZoningConfigure Enhanced Zoning and Enhanced Device Aliases on both the SAN A and SAN B sides of the UCS blade server.Device Aliases in SAN A should be configured as follows:

    Alias "FC-SAN-A" pWWN 21:00:00:1b:32:04:5e:dcAlias "BLADE1-SAN-A" pWWN 20:00:00:cc:1e:dc:01:0aAlias "BLADE2-SAN-A" pWWN 20:00:00:cc:1e:dc:02:0a

    Device Aliases in SAN B should be configured as follows: Alias "FC-SAN-B" pWWN 21:01:00:1b:32:24:5e:dcAlias "BLADE1-SAN-B" pWWN 20:00:00:cc:1e:dc:01:0bAlias "BLADE2-SAN-B" pWWN 20:00:00:cc:1e:dc:02:0b

    Configure Zoning for SAN A so that both blades can reach "FC-SAN-A" on the A side.Configure Zoning for SAN B so that both blades can reach "FC-SAN-B" on the B side.Use the minimum amount of zones necessary to accomplish this.

    Score: 5 Points

    2.4 iSCSI Virtual TargetThe UCS C200 is preconfigured to mount its VMware ESXi Datastores via iSCSI. Configure the network as follows to allow for this.The C200 uses VLAN 202 and the initiator IP address 192.168.202.104/24 for iSCSI, and has the target address configured as 192.168.202.61.The 3750G is preconfigured with VLAN 202 trunking toward N7K3, and an access VLAN 202 assignment toward MDS1.Configure N7K3 so that it trunks only VLAN 202 traffic received from the C200 server toward MDS1.Configure MDS1 so that the C200 server is assigned the pWWN 20:00:00:cc:1e:dc:03:0a.Target LUNs reachable via MDS1's link in VSAN 103 to the FC SAN should be represented with the IQN "iqn.1987-05.com.cisco:05.mds1.01-01.01234567890abcde".

  • Ensure that the C200 is the only initiator that can use this target.Do not add any additional zones to accomplish this.

    Score: 6 Points

    3. Unified Computing3.1 Address Pools

    Configure default pools in the Root ORG on UCS as follows: UUIDs 0000-000000000001 - 0000-000000000080MAC Addresses 00:CC:1E:DC:00:01 00:CC:1E:DC:00:FFnWWNs 20:01:00:CC:1E:DC:01:01 - 20:01:00:CC:1E:DC:01:FFManagement IPs 192.168.101.210 - 192.168.101.219 (GW 192.168.101.1)

    Score: 5 Points

    3.2 UCS Service Profile TemplatesCreate a Service Profile Initial Template that will be used for Blades 1 and 2 called PROFILE.UUIDs, MAC Addresses, nWWNs, and Management IPs should be pulled from the previously created default pools.For SAN connectivity, there should be two vHBAs, fc0 on SAN A using VSAN 103, and fc1 on SAN B using VSAN 104.For LAN connectivity, create five vNICs as follows:

    vNIC0 named VMKernelA on Fabric A in VLAN 200vNIC1 named VMKernelB on Fabric B in VLAN 200vNIC2 named vMotion on Fabric B in VLAN 201vNIC3 named VMGuestsA on Fabric A with VLANs 202 - 210vNIC4 named VMGuestsB on Fabric B with VLANs 202 - 210

    Ensure that if FI-B loses upstream connectivity that the vMotion NIC does not lose reachability to the rest of the network.If a change in this service profile in the future requires re-association to apply the change, ensure that the administrator is notified before the blade is automatically rebooted.

  • Score: 6 Points

    3.3 Service ProfilesCreate two Service Profiles from the previously created template called PROFILE1 and PROFILE2 for Blade 1 and Blade 2, respectively.PROFILE1 should be customized as follows:

    Assign vHBA FC0 the pWNN 20:00:00:cc:1e:dc:01:0a.Assign vHBA FC1 the pWNN 20:00:00:cc:1e:dc:01:0b.Boot to LUN 0 on the SAN target 21:00:00:1b:32:24:5e:dc via FC0 as the primary, and then to LUN 0 on the SAN target 21:01:00:1b:32:24:5e:dc via FC1 if booting via FC0 fails.

    PROFILE2 should be customized as follows: Assign vHBA FC0 the pWNN 20:00:00:cc:1e:dc:02:0a.Assign vHBA FC1 the pWNN 20:00:00:cc:1e:dc:02:0b.Boot to LUN 0 on the SAN target 21:01:00:1b:32:24:5e:dc via FC1 as the primary, and then to LUN 0 on the SAN target 21:00:00:1b:32:24:5e:dc via FC0 if booting via FC1 fails.

    Associate PROFILE1 to Blade 1 and PROFILE2 to Blade 2. If successful, the blades should boot their ESXi instances from the SAN.

    Score: 6 Points

    4. Data Center Virtualization4.1 Nexus 1000v

    Nexus 1000v VSMs are pre-installed on the ESXi instances for Blade 1 and Blade 2. The VSM's MGMT0 IP address is 192.168.200.200, and it has a login of admin with the password Cciedc01.Modify the existing N1Kv configuration so that the VEM on Blade 1's ESXi host (192.168.200.101) appears as module 10.The VEM on Blade 2's ESXi host (192.168.200.102) should appear as module 20.The C200's ESXi host (192.168.200.104) should dynamically choose any available VEM slot.

  • Score: 5 Points

    4.2 Private VLANsVirtual Machines (VMs) Win2k8-www-1 through 6 are preconfigured with IP addresses 192.168.255.1 through 6, and they have a pre-defined port-group on the Nexus 1000v. These VMs can be reached through the VMware Console of the vSphere Client and have the username/password combination Administrator/Cciedc01.Create Interface VLAN 204 on N7K3 with the IP address 192.168.255.73/24.Configure Private-VLANs in such a way that all VMs can ping N7K3's VLAN 204 interface, but cannot ping each other.Do not make changes to any other devices besides the Nexus 1000v and N7K3 to accomplish this, including the vCenter server.

    Score: 5 Points

  • CCIE Data Center Full-Scale Labs - Bootcamp Members - CCIE Data Center Full-Scale Lab 1

    CCIE DC Full-Scale Lab 1 Solutions1. Data Center Infrastructure2. Data Center Storage Networking3. Unified Computing4. Data Center Virtualization

    1. Data Center Infrastructure1.1 UCS InitializationConfiguration

    UCS-FI-A:

    Enter the configuration method. (console/gui) ?console

    Enter the setup mode; setup newly or restore from backup. (setup/restore) ?setup

    You have chosen to setup a new Fabric interconnect. Continue? (y/n):y

    Enforce strong password? (y/n) [y]:y

    Enter the password for "admin":Cciedc01

    Confirm the password for "admin":Cciedc01

    Is this Fabric interconnect part of a cluster(select 'no' for standalone)? (yes/no) [n]:yes

    Enter the switch fabric (A/B) []:A

    Enter the system name:UCS-FI

    Physical Switch Mgmt0 IPv4 address :192.168.101.201

    Physical Switch Mgmt0 IPv4 netmask :255.255.255.0

    IPv4 address of the default gateway :192.168.101.1

    Cluster IPv4 address :192.168.101.200

    Configure the DNS Server IPv4 address? (yes/no) [n]:

    Configure the default domain name? (yes/no) [n]:

    Following configurations will be applied:

    Switch Fabric=A

  • System Name=UCS-FI

    Enforced Strong Password=yes

    Physical Switch Mgmt0 IP Address=192.168.101.201

    Physical Switch Mgmt0 IP Netmask=255.255.255.0

    Default Gateway=192.168.101.1

    Cluster Enabled=yes

    Cluster IP Address=192.168.101.200

    NOTE: Cluster IP will be configured only after both Fabric Interconnects are initialized

    Apply and save the configuration (select 'no' if you want to re-enter)? (yes/no):yes

    Applying configuration. Please wait.

    Configuration file - Ok

    UCS-FI-B:

    Enter the configuration method. (console/gui) ?console

    Installer has detected the presence of a peer Fabric interconnect. This Fabric interconnect will be added to the cluster. Continue (y/n) ?

    y

    Enter the admin password of the peer Fabric interconnect:Cciedc01

    Connecting to peer Fabric interconnect... done

    Retrieving config from peer Fabric interconnect... done

    Peer Fabric interconnect Mgmt0 IP Address: 192.168.101.201

    Peer Fabric interconnect Mgmt0 IP Netmask: 255.255.255.0

    Cluster IP address : 192.168.101.200

    Physical Switch Mgmt0 IPv4 address :192.168.101.202

    Apply and save the configuration (select 'no' if you want to re-enter)? (yes/no):yes

    Applying configuration. Please wait.

    Configuration file - Ok

    Like Nexus, UCS allows SSH access by default. Telnet can be enabled from the UCSM GUI, or from the CLI as follows.

    UCS-FI-A#scope system

    UCS-FI-A /system #scope services

    UCS-FI-A /system/services #enable telnet-server

    UCS-FI-A /system/services* #commit-buffer

    UCS-FI-A /system/services #end

    UCS-FI-A#exit

  • 1.2 Nexus 7K VDC InitializationConfiguration

    First remove all interfaces from the default VDC by allowing only F2 ports. This will force all M1 and F1 ports to be allocated to VDC 0:

    N7K1#config t

    N7K1(config)#feature telnet

    N7K1(config)#vdc N7K1

    N7K1(config-vdc)#limit-resource module-type f2

    This will cause all ports of unallowed types to be removed from this vdc. Continue (y/n)? [yes]yes

    N7K1(config-vdc)#show vdc membership

    vdc_id: 0 vdc_name: Unallocated interfaces:

    Ethernet1/1 Ethernet1/2 Ethernet1/3

    Ethernet1/4 Ethernet1/5 Ethernet1/6

    Ethernet1/7 Ethernet1/8 Ethernet1/9

    Ethernet1/10 Ethernet1/11 Ethernet1/12

    Ethernet1/13 Ethernet1/14 Ethernet1/15

    Ethernet1/16 Ethernet1/17 Ethernet1/18

    Ethernet1/19 Ethernet1/20 Ethernet1/21

    Ethernet1/22 Ethernet1/23 Ethernet1/24

    Ethernet1/25 Ethernet1/26 Ethernet1/27

    Ethernet1/28 Ethernet1/29 Ethernet1/30

    Ethernet1/31 Ethernet1/32

    Ethernet2/1 Ethernet2/2 Ethernet2/3

    Ethernet2/4 Ethernet2/5 Ethernet2/6

    Ethernet2/7 Ethernet2/8 Ethernet2/9

    Ethernet2/10 Ethernet2/11 Ethernet2/12

    Ethernet2/13 Ethernet2/14 Ethernet2/15

    Ethernet2/16 Ethernet2/17 Ethernet2/18

    Ethernet2/19 Ethernet2/20 Ethernet2/21

    Ethernet2/22 Ethernet2/23 Ethernet2/24

    Ethernet2/25 Ethernet2/26 Ethernet2/27

    Ethernet2/28 Ethernet2/29 Ethernet2/30

    Ethernet2/31 Ethernet2/32

    vdc_id: 1 vdc_name: N7K1 interfaces:

    Now change the default VDC back to allow both M1 and F1 ports, create the other

  • VDCs, and allocate the needed ports.

    N7K1(config)#no vdc combined-hostname

    N7K1(config)#vdc N7K1

    N7K1(config-vdc)#limit-resource module-type m1 f1 m1xl

    This will cause all ports of unallowed types to be removed from this vdc. Continue (y/n)? [yes]yes

    N7K1(config-vdc)#allocate interface Ethernet1/1-8

    Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

    yes

    N7K1(config-vdc)#vdc N7K2 id 2

    Note: Creating VDC, one moment please ...

    N7K1 %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 2 has come online N7K1(config-vdc)#allocate interface Ethernet1/25-32

    Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

    yes

    N7K1(config-vdc)#allocate interface Ethernet2/3-4

    Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

    yes

    N7K1(config-vdc)#vdc N7K3 id 3

    Note: Creating VDC, one moment please ...

    N7K1 %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 3 has come online N7K1(config-vdc)#allocate interface Ethernet1/9-16

    Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

    yes

    N7K1(config-vdc)#allocate interface Ethernet2/21-24

    Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

    yes

    N7K1(config-vdc)#vdc N7K4 id 4

    Note: Creating VDC, one moment please ...

    N7K1 %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 4 has come online N7K1(config-vdc)#allocate interface Ethernet1/17-24

    Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

    yes

    N7K1(config-vdc)#allocate interface Ethernet2/5-8,Ethernet2/13-14,Ethernet2/19-20

    Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

    yes

    N7K1(config-vdc)#end

    Now "switchto" the VDCs to configure the admin password as well as the MGMT0 IP address.

    N7K1#switchto vdc N7K2

  • ---- System Admin Account Setup ----

    Do you want to enforce secure password standard (yes/no) [y]:y

    Enter the password for "admin":Cciedc01

    Confirm the password for "admin":Cciedc01

    ---- Basic System Configuration Dialog VDC: 2 ----

    This setup utility will guide you through the basic configuration of

    the system. Setup configures only enough connectivity for management

    of the system.

    Please register Cisco Nexus7000 Family devices promptly with your

    supplier. Failure to register may affect response times for initial

    service calls. Nexus7000 devices must be registered to receive

    entitled support services.

    Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

    to skip the remaining dialogs.

    Would you like to enter the basic configuration dialog (yes/no): n

    Cisco Nexus Operating System (NX-OS) Software

    TAC support: http://www.cisco.com/tac

    Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.

    The copyrights to certain works contained in this software are

    owned by other third parties and used and distributed under

    license. Certain components of this software are licensed under

    the GNU General Public License (GPL) version 2.0 or the GNU

    Lesser General Public License (LGPL) Version 2.1. A copy of each

    such license is available at

    http://www.opensource.org/licenses/gpl-2.0.php and

    http://www.opensource.org/licenses/lgpl-2.1.php N7K2#config t

    Enter configuration commands, one per line. End with CNTL/Z. N7K2(config)#feature telnet

    N7K2(config)#interface mgmt0

    N7K2(config-if)#ip address 192.168.101.72/24

    N7K2(config-if)#end

    N7K2#switchback

    N7K1#switchto vdc N7K3

    ---- System Admin Account Setup ----

    Do you want to enforce secure password standard (yes/no) [y]:y

    Enter the password for "admin":Cciedc01

    Confirm the password for "admin":Cciedc01

  • ---- Basic System Configuration Dialog VDC: 3 ----

    This setup utility will guide you through the basic configuration of

    the system. Setup configures only enough connectivity for management

    of the system.

    Please register Cisco Nexus7000 Family devices promptly with your

    supplier. Failure to register may affect response times for initial

    service calls. Nexus7000 devices must be registered to receive

    entitled support services.

    Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

    to skip the remaining dialogs.

    Would you like to enter the basic configuration dialog (yes/no): n

    Cisco Nexus Operating System (NX-OS) Software

    TAC support: http://www.cisco.com/tac

    Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.

    The copyrights to certain works contained in this software are

    owned by other third parties and used and distributed under

    license. Certain components of this software are licensed under

    the GNU General Public License (GPL) version 2.0 or the GNU

    Lesser General Public License (LGPL) Version 2.1. A copy of each

    such license is available at

    http://www.opensource.org/licenses/gpl-2.0.php and

    http://www.opensource.org/licenses/lgpl-2.1.php N7K3#conf t

    Enter configuration commands, one per line. End with CNTL/Z. N7K3(config)#feature telnet

    N7K3(config)#int mgmt0

    N7K3(config-if)#ip address 192.168.101.73/24

    N7K3(config-if)#end

    N7K3#switchback

    N7K1#switchto vdc N7K4

    ---- System Admin Account Setup ----

    Do you want to enforce secure password standard (yes/no) [y]:y

    Enter the password for "admin":Cciedc01

    Confirm the password for "admin":Cciedc01

    ---- Basic System Configuration Dialog VDC: 4 ----

    This setup utility will guide you through the basic configuration of

    the system. Setup configures only enough connectivity for management

  • of the system.

    Please register Cisco Nexus7000 Family devices promptly with your

    supplier. Failure to register may affect response times for initial

    service calls. Nexus7000 devices must be registered to receive

    entitled support services.

    Press Enter at anytime to skip a dialog. Use ctrl-c at anytime

    to skip the remaining dialogs.

    Would you like to enter the basic configuration dialog (yes/no): n

    Cisco Nexus Operating System (NX-OS) Software

    TAC support: http://www.cisco.com/tac

    Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.

    The copyrights to certain works contained in this software are

    owned by other third parties and used and distributed under

    license. Certain components of this software are licensed under

    the GNU General Public License (GPL) version 2.0 or the GNU

    Lesser General Public License (LGPL) Version 2.1. A copy of each

    such license is available at

    http://www.opensource.org/licenses/gpl-2.0.php and

    http://www.opensource.org/licenses/lgpl-2.1.php N7K4#config t

    Enter configuration commands, one per line. End with CNTL/Z. N7K4(config)#feature telnet

    N7K4(config)#interface mgmt 0

    N7K4(config-if)#ip address 192.168.101.74/24

    N7K4(config-if)#end

    N7K4#switchback

    N7K1#copy running-config startup-config vdc-all

    [####### ] 17%

    [############ ] 29%

    [###################### ] 53%

    [############################ ] 69%

    [##################################### ] 90%

    [########################################] 100%

    Verification

    N7K1#show vdc membership

    vdc_id: 0 vdc_name: Unallocated interfaces:

    Ethernet2/1 Ethernet2/2 Ethernet2/9

    Ethernet2/10 Ethernet2/11 Ethernet2/12

    Ethernet2/15 Ethernet2/16 Ethernet2/17

    Ethernet2/18 Ethernet2/25 Ethernet2/26

  • Ethernet2/27 Ethernet2/28 Ethernet2/29

    Ethernet2/30 Ethernet2/31 Ethernet2/32

    vdc_id: 1 vdc_name: N7K1 interfaces:

    Ethernet1/1 Ethernet1/2 Ethernet1/3

    Ethernet1/4 Ethernet1/5 Ethernet1/6

    Ethernet1/7 Ethernet1/8

    vdc_id: 2 vdc_name: N7K2 interfaces:

    Ethernet1/25 Ethernet1/26 Ethernet1/27

    Ethernet1/28 Ethernet1/29 Ethernet1/30

    Ethernet1/31 Ethernet1/32

    Ethernet2/3 Ethernet2/4

    vdc_id: 3 vdc_name: N7K3 interfaces:

    Ethernet1/9 Ethernet1/10 Ethernet1/11

    Ethernet1/12 Ethernet1/13 Ethernet1/14

    Ethernet1/15 Ethernet1/16

    Ethernet2/21 Ethernet2/22 Ethernet2/23

    Ethernet2/24

    vdc_id: 4 vdc_name: N7K4 interfaces:

    Ethernet1/17 Ethernet1/18 Ethernet1/19

    Ethernet1/20 Ethernet1/21 Ethernet1/22

    Ethernet1/23 Ethernet1/24

    Ethernet2/5 Ethernet2/6 Ethernet2/7

    Ethernet2/8 Ethernet2/13 Ethernet2/14

    Ethernet2/19 Ethernet2/20

    Some interfaces not listed on the diagram must still be allocated to VDCs 1 - 4 due to the port-group boundaries. Port-groupings can be verified as shown below.

    N7K1#show interface capabilities | include "Ethernet|Group"Ethernet1/1 Port Group Members: 1,3,5,7

    Ethernet1/2 Port Group Members: 2,4,6,8

    Ethernet1/3

    Port Group Members: 1,3,5,7

    Ethernet1/4

    Port Group Members: 2,4,6,8

  • Ethernet1/5

    Port Group Members: 1,3,5,7

    Ethernet1/6

    Port Group Members: 2,4,6,8

    Ethernet1/7

    Port Group Members: 1,3,5,7

    Ethernet1/8

    Port Group Members: 2,4,6,8

    1.3 Initial IP AddressingConfiguration

    N7K1:

    interface Ethernet1/2

    ip address 10.71.73.71/24

    no shutdown

    N7K2:

    feature lacp

    !

    interface Ethernet1/25

    channel-group 10 mode active

    no shutdown

    !

    interface Ethernet1/26

    channel-group 10 mode active

    no shutdown

    !

    interface port-channel10

    ip address 10.72.74.72/24

    N7K3:

    feature interface-vlan

    !

    vlan 1050

    !

    interface Ethernet1/10

    ip address 10.71.73.73/24

    no shutdown

    !

    interface Ethernet2/21

    switchport access vlan 1050

    spanning-tree port type edge

    no shutdown

    !

  • interface Vlan1050

    no shutdown

    ip address 10.50.73.0/31

    N7K4:

    feature interface-vlan

    !

    feature lacp

    !

    vlan 1051

    !

    interface Ethernet1/17

    channel-group 10 mode active

    no shutdown

    !

    interface Ethernet1/18

    channel-group 10 mode active

    no shutdown

    !

    interface port-channel10

    ip address 10.72.74.74/24

    !

    interface Ethernet2/5

    switchport access vlan 1051

    spanning-tree port type edge

    no shutdown

    !

    interface Vlan1051

    no shutdown

    ip address 10.51.74.0/31

    Verification

    N7K2#show port-channel summary

    Flags: D - Down P - Up in port-channel (members)

    I - Individual H - Hot-standby (LACP only)

    s - Suspended r - Module-removed

    S - Switched R - Routed

    U - Up (port-channel)

    M - Not in use. Min-links not met

    --------------------------------------------------------------------------------

    Group Port- Type Protocol Member Ports

    Channel

    --------------------------------------------------------------------------------

    10 Po10(RU) Eth LACP Eth1/25(P) Eth1/26(P)

  • N7K2#show ip route direct

    IP Route Table for VRF "default"

    '*' denotes best ucast next-hop

    '**' denotes best mcast next-hop

    '[x/y]' denotes [preference/metric]

    '%' in via output denotes VRF

    10.72.74.0/24

    , ubest/mbest: 1/0, attached *via 10.72.74.72, Po10

    , [0/0], 21:47:09, direct

    N7K2#ping 10.72.74.72

    PING 10.72.74.72 (10.72.74.72): 56 data bytes

    64 bytes from 10.72.74.72: icmp_seq=0 ttl=255 time=0.597 ms

    64 bytes from 10.72.74.72: icmp_seq=1 ttl=255 time=0.295 ms

    64 bytes from 10.72.74.72: icmp_seq=2 ttl=255 time=0.539 ms

    64 bytes from 10.72.74.72: icmp_seq=3 ttl=255 time=0.345 ms

    64 bytes from 10.72.74.72: icmp_seq=4 ttl=255 time=0.336 ms

    --- 10.72.74.72 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss

    round-trip min/avg/max = 0.295/0.422/0.597 ms

    1.4 Layer 3 RoutingConfiguration

    N7K1:

    ip route 0.0.0.0/0 10.71.73.73

    N7K2:

    ip route 0.0.0.0/0 10.72.74.74

    N7K3:

    feature bgp

    !

    router bgp 65001

    address-family ipv4 unicast

    network 10.71.73.0/24

    neighbor 10.50.73.1

    remote-as 100

    password 0 DCIPROVIDER

    address-family ipv4 unicast

    N7K4:

    feature bgp

    !

    router bgp 65002

  • log-neighbor-changes

    address-family ipv4 unicast

    network 10.72.74.0/24

    neighbor 10.51.74.1

    remote-as 100

    password 0 DCIPROVIDER

    address-family ipv4 unicast

    Verification

    N7K3#show ip bgp neighbors

    BGP neighbor is 10.50.73.1, remote AS 100, ebgp link, Peer index 1

    BGP version 4, remote router ID 10.0.0.50

    BGP state = Established, up for 21:47:57

    Peer is directly attached, interface Vlan1050 TCP MD5 authentication is enabled

    N7K3#show bgp ipv4 unicast summary

    BGP summary information for VRF default, address family IPv4 Unicast

    BGP router identifier 10.71.73.73, local AS number 65001

    BGP table version is 8, IPv4 Unicast config peers 1, capable peers 1

    4 network entries and 4 paths using 496 bytes of memory

    BGP attribute entries [4/512], BGP AS path entries [2/16]

    BGP community entries [0/0], BGP clusterlist entries [0/0]

    Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

    10.50.73.1 4 100 1301 1310 8 0 0 21:45:52 3

    N7K3#show bgp ipv4 unicast

    BGP routing table information for VRF default, address family IPv4 Unicast

    BGP table version is 8, local router ID is 10.71.73.73

    Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

    Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist

    Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath

    Network Next Hop Metric LocPrf Weight Path

    *>e10.0.0.50/32 10.50.73.1 0 0 100 i

    *>e10.0.0.51/32 10.50.73.1 0 100 i

    *>l10.71.73.0/24 0.0.0.0 100 32768 i *>e10.72.74.0/24

    10.50.73.1 0 100 65002 i

    N7K3#show ip route bgp

    IP Route Table for VRF "default"

    '*' denotes best ucast next-hop

    '**' denotes best mcast next-hop

  • '[x/y]' denotes [preference/metric]

    '%' in via output denotes VRF

    10.0.0.50/32, ubest/mbest: 1/0

    *via 10.50.73.1, [20/0], 21:46:03, bgp-65001, external, tag 100

    10.0.0.51/32, ubest/mbest: 1/0

    *via 10.50.73.1, [20/0], 21:46:03, bgp-65001, external, tag 100 10.72.74.0/24

    , ubest/mbest: 1/0 *via 10.50.73.1, [20/0], 21:45:14, bgp-65001

    , external, tag 100

    N7K2#ping 10.71.73.71

    PING 10.71.73.71 (10.71.73.71): 56 data bytes

    64 bytes from 10.71.73.71: icmp_seq=0 ttl=250 time=1.343 ms

    64 bytes from 10.71.73.71: icmp_seq=1 ttl=250 time=0.741 ms

    64 bytes from 10.71.73.71: icmp_seq=2 ttl=250 time=0.822 ms

    64 bytes from 10.71.73.71: icmp_seq=3 ttl=250 time=0.85 ms

    64 bytes from 10.71.73.71: icmp_seq=4 ttl=250 time=0.844 ms

    --- 10.71.73.71 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss

    round-trip min/avg/max = 0.741/0.92/1.343 ms

    1.5 FabricPathConfiguration

    N5K1:

    install feature-set fabricpath

    feature-set fabricpath

    feature lacp

    !

    vlan 200-299

    mode fabricpath

    !

    key chain FABRICPATH

    key 1

    key-string 0 FPAUTH

    !

    interface port-channel20

    switchport

    switchport mode fabricpath

    fabricpath isis authentication-type md5

    fabricpath isis authentication key-chain FABRICPATH

    !

    interface Ethernet1/4

  • switchport mode fabricpath

    channel-group 20 mode active

    no shutdown

    !

    interface Ethernet1/5

    switchport mode fabricpath

    channel-group 20 mode active

    no shutdown

    N5K2:

    install feature-set fabricpath

    feature-set fabricpath

    !

    vlan 200-299

    mode fabricpath

    !

    key chain FABRICPATH

    key 1

    key-string 0 FPAUTH

    !

    interface Ethernet1/3

    switchport mode fabricpath

    fabricpath isis authentication-type md5

    fabricpath isis authentication key-chain FABRICPATH

    no shutdown

    N7K1:

    install feature-set fabricpath

    N7K4:

    feature-set fabricpath

    !

    vlan 200-299

    mode fabricpath

    !

    key chain FABRICPATH

    key 1

    key-string 0 FPAUTH

    !

    interface port-channel20

    switchport

    switchport mode fabricpath

    fabricpath isis authentication-type md5

    fabricpath isis authentication key-chain FABRICPATH

    !

    interface Ethernet2/6

    switchport mode fabricpath

    fabricpath isis authentication-type md5

  • fabricpath isis authentication key-chain FABRICPATH

    no shutdown

    !

    interface Ethernet2/7

    switchport mode fabricpath

    channel-group 20 mode active

    no shutdown

    !

    interface Ethernet2/13

    switchport mode fabricpath

    channel-group 20 mode active

    no shutdown

    Verification

    N7K4#show port-channel summary

    Flags: D - Down P - Up in port-channel (members)

    I - Individual H - Hot-standby (LACP only)

    s - Suspended r - Module-removed

    S - Switched R - Routed

    U - Up (port-channel)

    M - Not in use. Min-links not met

    --------------------------------------------------------------------------------

    Group Port- Type Protocol Member Ports

    Channel

    --------------------------------------------------------------------------------

    10 Po10(RU) Eth LACP Eth1/17(P) Eth1/18(P)

    20 Po20(SU) Eth LACP Eth2/7(P) Eth2/13(P)

    N7K4#show fabricpath isis adjacency Fabricpath IS-IS domain: default Fabricpath IS-IS adjacency database:System ID SNPA Level State Hold Time Interface

    N5K1 N/A 1 UP 00:00:24 port-channel20

    N5K2 N/A 1 UP 00:00:29 Ethernet2/6

    N7K4#show fabricpath isis interface port-channel 20

    Fabricpath IS-IS domain: default

    Interface: port-channel20

    Status: protocol-up/link-up/admin-up

    Index: 0x0002, Local Circuit ID: 0x01, Circuit Type: L1 Authentication type MD5

    Authentication keychain is FABRICPATH

    Authentication check specified

    Extended Local Circuit ID: 0x16000013, P2P Circuit ID: 0000.0000.0000.00

    Retx interval: 5, Retx throttle interval: 66 ms

    LSP interval: 33 ms, MTU: 1500

  • P2P Adjs: 1, AdjsUp: 1, Priority 64 Hello Interval: 10, Multi: 3, Next IIH: 00:00:04

    Level Adjs AdjsUp Metric CSNP Next CSNP Last LSP ID 1 1 1 20 60 00:00:55 ffff.ffff.ffff.ff-ff

    Topologies enabled:

    Topology Metric MetricConfig Forwarding

    0 20 no UP

    1.6 vPC+Configuration

    N5K1:

    feature vpc

    !

    vpc domain 500

    peer-keepalive destination 192.168.101.52

    fabricpath switch-id 501

    !

    interface Ethernet1/1

    switchport mode fabricpath

    channel-group 500 mode active

    no shutdown

    !

    interface Ethernet1/2

    switchport mode fabricpath

    channel-group 500 mode active

    no shutdown

    !

    interface Ethernet1/8

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    channel-group 201 mode active

    no shutdown

    !

    interface Ethernet1/9

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    channel-group 202 mode active

    no shutdown

    !

    interface port-channel500

    switchport mode fabricpath

    vpc peer-link

  • fabricpath isis authentication-type md5

    fabricpath isis authentication key-chain FABRICPATH

    !

    interface port-channel201

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    spanning-tree port type edge trunk

    vpc 201

    !

    interface port-channel202

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    spanning-tree port type edge trunk

    vpc 202

    N5K2:

    feature vpc

    feature lacp

    !

    vpc domain 500

    peer-keepalive destination 192.168.101.51

    fabricpath switch-id 501

    !

    interface Ethernet1/1

    switchport mode fabricpath

    channel-group 500 mode active

    no shutdown

    !

    interface Ethernet1/2

    switchport mode fabricpath

    channel-group 500 mode active

    no shutdown

    !

    interface Ethernet1/7

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    channel-group 201 mode active

    no shutdown

    !

    interface Ethernet1/10

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    channel-group 202 mode active

    no shutdown

    !

    interface port-channel500

  • switchport mode fabricpath

    vpc peer-link

    fabricpath isis authentication-type md5

    fabricpath isis authentication key-chain FABRICPATH

    !

    interface port-channel201

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    spanning-tree port type edge trunk

    vpc 201

    !

    interface port-channel202

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    spanning-tree port type edge trunk

    vpc 202

    Connect to the UCSM using the credentials that you previously configured. Next, under the Fabric Interconnects on the Equipment tab, configure the Ethernet links connecting northbound to the N5Ks in the diagram as Uplink Ports.

  • Now under the LAN tab, create and enable Port-Channels 201 and 202 on FI-A and FI-B respectively.

  • Verification

    N5K1# show vpc

    Legend:

    (*) - local vPC is down, forwarding via vPC peer-link

    vPC domain id : 500

    vPC+ switch id : 501

    Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive

    vPC fabricpath status : peer is reachable through fabricpath

    Configuration consistency status: success

    Per-vlan consistency status : success

    Type-2 consistency status : success

  • vPC role : secondary

    Number of vPCs configured : 2

    Peer Gateway : Disabled

    Dual-active excluded VLANs : -

    Graceful Consistency Check : Enabled

    vPC Peer-link status

    ---------------------------------------------------------------------

    id Port Status Active vlans

    -- ---- ------ -------------------------------------------------- 1 Po500 up 200-299

    vPC status

    ---------------------------------------------------------------------------

    id Port Status Consistency Reason Active vlans vPC+ Attrib

    -- ---------- ------ ----------- ------ ------------ -----------

    201 Po201 up success success 200-299 DF: Partial

    202 Po202 up success success 200-299 DF: Partial

    UCS-FI-A:

    UCS-FI-A#connect nxos

    UCS-FI-A(nxos)#show run interface ethernet 1/4 - 5

    interface Ethernet1/4

    description U: Uplink

    pinning border

    switchport mode trunk

    switchport trunk allowed vlan 1,200-299

    channel-group 201 mode active

    no shutdown

    interface Ethernet1/5

    description U: Uplink

    pinning border

    switchport mode trunk

    switchport trunk allowed vlan 1,200-299

    channel-group 201 mode active

    no shutdown

    UCS-FI-A(nxos)#show port-channel summary

    Flags: D - Down P - Up in port-channel (members)

    I - Individual H - Hot-standby (LACP only)

    s - Suspended r - Module-removed

    S - Switched R - Routed

    U - Up (port-channel)

    --------------------------------------------------------------------------------

  • Group Port- Type Protocol Member Ports

    Channel

    --------------------------------------------------------------------------------

    201 Po201(SU) Eth LACP Eth1/4(P) Eth1/5(P)

    1.7 FabricPath Traffic EngineeringConfiguration

    N7K4:

    interface port-channel20

    fabricpath isis metric 40

    Verification

    N5K1 and N5K2 share the emulated FabricPath Switch-ID 501 for the vPC+, as shown below:

    N7K4#show fabricpath switch-id

    FABRICPATH SWITCH-ID TABLE

    Legend: '*' - this system

    =========================================================================

    SWITCH-ID SYSTEM-ID FLAGS STATE STATIC EMULATED

    ----------+----------------+------------+-----------+--------------------

    501 547f.ee79.137c Primary Confirmed No Yes

    501 547f.ee7a.4d7c Primary Confirmed No Yes

    *645 64a0.e742.8dc4 Primary Confirmed No No

    1207 547f.ee79.137c Primary Confirmed No No

    3550 547f.ee7a.4d7c Primary Confirmed No No

    Total Switch-ids: 5

    The port channel between N7K4 and N5K1 has an IS-IS metric of 20, whereas the single 10GigE link from N7K4 to N5K2 has an IS-IS metric of 40. This means that the shortest path from N7K4 to Switch-ID 501 (the vPC+ pair) is only via N5K1.

    N7K4#show fabricpath route

    FabricPath Unicast Route Table

  • 'a/b/c' denotes ftag/switch-id/subswitch-id

    '[x/y]' denotes [admin distance/metric]

    ftag 0 is local ftag

    subswitch-id 0 is default subswitch-id

    FabricPath Unicast Route Table for Topology-Default

    0/645/0, number of next-hops: 0

    via ---- , [60/0], 0 day/s 22:19:30, local 1/501/0, number of next-hops: 1

    via Po20, [115/20]

    , 0 day/s 20:30:58, isis_fabricpath-default

    1/1207/0, number of next-hops: 2

    via Po20, [115/40], 0 day/s 20:30:58, isis_fabricpath-default

    via Eth2/6, [115/40], 0 day/s 22:19:16, isis_fabricpath-default

    1/3550/0, number of next-hops: 1

    via Po20, [115/20], 0 day/s 22:16:06, isis_fabricpath-default

    To allow for Equal Cost Multipath (ECMP), the port channel to N5K1 and the single link to N5K2 must have equal costs. This can be configured either by raising the cost of the port channel or by lowering the cost of the link to N5K2.

    N7K4#config t

    Enter configuration commands, one per line. End with CNTL/Z. N7K4(config)#interface port-channel20

    N7K4(config-if)#fabricpath isis metric 40

    N7K4(config-if)# end

    Now Switch-ID 501 is reachable via both N5K1 and N5K2 with a metric of 40.

    N7K4#show fabricpath route

    FabricPath Unicast Route Table

    'a/b/c' denotes ftag/switch-id/subswitch-id

    '[x/y]' denotes [admin distance/metric]

    ftag 0 is local ftag

    subswitch-id 0 is default subswitch-id

    FabricPath Unicast Route Table for Topology-Default

    0/645/0, number of next-hops: 0

    via ---- , [60/0], 0 day/s 22:19:58, local 1/501/0, number of next-hops: 2

  • via Po20, [115/40]

    , 0 day/s 20:31:26, isis_fabricpath-default via Eth2/6, [115/40]

    , 0 day/s 00:00:06, isis_fabricpath-default

    1/1207/0, number of next-hops: 1

    via Eth2/6, [115/40], 0 day/s 22:19:44, isis_fabricpath-default

    1/3550/0, number of next-hops: 1

    via Po20, [115/40], 0 day/s 22:16:34, isis_fabricpath-default

    1.8 Spanning-Tree Protocol OptimizationConfiguration

    N5K1:

    spanning-tree mode mst

    spanning-tree mst 0 priority 0

    spanning-tree mst configuration

    name MST0

    revision 1

    N5K2:

    spanning-tree mode mst

    spanning-tree mst 0 priority 0

    spanning-tree mst configuration

    name MST0

    revision 1

    Verification

    In the below output, we can see that both N5K1 and N5K2 have collapsed all of their STP instances into the single default MST0 instance. Additionally, both switches in the vPC+ pair should always appear as the root of the Spanning-Tree, and share the Bridge-ID c84c.75fa.6000. Note that Spanning-Tree only forwards southbound toward the Classical Ethernet domain, and not northbound toward the FabricPath domain.

    N5K1#show spanning-tree mst 0

    ##### MST0 vlans mapped: 1-4094

    Bridge address c84c.75fa.6000 priority 0 (0 sysid 0)

    Root this switch for the CIST

    Regional Root this switch

    Operational hello time 2 , forward delay 15, max age 20, txholdcount 6

    Configured hello time 2 , forward delay 15, max age 20, max hops 20

  • Interface Role Sts Cost Prio.Nbr Type

    ---------------- ---- --- --------- -------- --------------------------------

    Po201 Desg FWD 200 128.4296 (vPC) Edge P2p

    Po202 Desg FWD 200 128.4297 (vPC) Edge P2p

    N5K2#show spanning-tree mst 0

    ##### MST0 vlans mapped: 1-4094

    Bridge address c84c.75fa.6000 priority 0 (0 sysid 0)

    Root this switch for the CIST

    Regional Root this switch

    Operational hello time 2 , forward delay 15, max age 20, txholdcount 6

    Configured hello time 2 , forward delay 15, max age 20, max hops 20

    Interface Role Sts Cost Prio.Nbr Type

    ---------------- ---- --- --------- -------- --------------------------------

    Po201 Desg FWD 200 128.4296 (vPC) Edge P2p

    Po202 Desg FWD 200 128.4297 (vPC) Edge P2p

    Eth1/11 Desg FWD 20000 128.139 P2p Bound(PVST)

    1.9 Fabric Extenders

    N7K1:

    install feature-set fex

    N7K3:

    feature-set fex

    !

    interface port-channel131

    switchport

    switchport mode fex-fabric

    fex associate 131

    !

    interface port-channel132

    switchport

    switchport mode fex-fabric

    fex associate 132

    !

    interface Ethernet1/13

    switchport

    switchport mode fex-fabric

    fex associate 131

    channel-group 131

    no shutdown

  • !interface Ethernet1/14

    switchport

    switchport mode fex-fabric

    fex associate 131

    channel-group 131

    no shutdown

    !

    interface Ethernet1/15

    switchport

    switchport mode fex-fabric

    fex associate 132

    channel-group 132

    no shutdown

    !

    interface Ethernet1/16

    switchport

    switchport mode fex-fabric

    fex associate 132

    channel-group 132

    no shutdown

    !

    interface Ethernet131/1/1

    switchport

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    no shutdown

    !

    interface Ethernet132/1/1

    switchport

    switchport mode trunk

    switchport trunk allowed vlan 200-299

    no shutdown

    Verification

    N7K3#show fex

    FEX FEX FEX FEX

    Number Description State Model Serial

    ------------------------------------------------------------------------

    131 FEX0131 Online

    N2K-C2232PP-10GE FOC17100NHX 132 FEX0132 Online

    N2K-C2232PP-10GE FOC17100NHU

  • N7K3#show fex detail

    FEX: 131 Description: FEX0131 state: Online

    FEX version: 6.0(2) [Switch version: 6.0(2)]

    FEX Interim version: 6.0(2.9)

    Switch Interim version: 6.0(2)

    Extender Model: N2K-C2232PP-10GE, Extender Serial: FOC17100NHX

    Part No: 73-12533-05

    Card Id: 82, Mac Addr: f0:29:29:ff:00:42, Num Macs: 64

    Module Sw Gen: 12594 [Switch Sw Gen: 21]

    pinning-mode: static Max-links: 1

    Fabric port for control traffic: Eth1/14

    Fabric interface state: Po131 - Interface Up. State: Active

    Eth1/13 - Interface Up. State: Active

    Eth1/14 - Interface Up. State: Active

    Fex Port State Fabric Port Eth131/1/1 Up Po131

    FEX: 132 Description: FEX0132 state: Online

    FEX version: 6.0(2) [Switch version: 6.0(2)]

    FEX Interim version: 6.0(2.9)

    Switch Interim version: 6.0(2)

    Extender Model: N2K-C2232PP-10GE, Extender Serial: FOC17100NHU

    Part No: 73-12533-05

    Card Id: 82, Mac Addr: f0:29:29:ff:02:02, Num Macs: 64

    Module Sw Gen: 12594 [Switch Sw Gen: 21]

    pinning-mode: static Max-links: 1

    Fabric port for control traffic: Eth1/15

    Fabric interface state: Po132 - Interface Up. State: Active

    Eth1/15 - Interface Up. State: Active

    Eth1/16 - Interface Up. State: Active

    Fex Port State Fabric Port Eth132/1/1 Up Po132

    1.10 OTVConfiguration

    The OTV Site VLAN is in decimal, but the OTV Site Identifier is in hex, which means that a decimal to hex conversion is required.

    N7K1:

    feature otv

    !

  • vlan 200-299,3001

    !

    otv site-vlan 3001

    otv site-identifier 0xbb9

    !

    spanning-tree vlan 3001 priority 0

    !

    key chain OTV

    key 1

    key-string 0 OTVAUTH

    !

    interface Overlay1

    otv isis authentication-type md5

    otv isis authentication key-chain OTV

    otv join-interface Ethernet1/2 otv control-group 224.71.72.0

    otv data-group 232.71.71.0/24

    otv extend-vlan 200-299

    no shutdown

    !

    interface Ethernet1/1

    switchport

    switchport mode trunk

    switchport trunk allowed vlan 200-299,3001

    no shutdown

    !

    interface Ethernet1/2

    ip igmp version 3

    N7K2:

    feature otv

    !

    vlan 200-299,3002

    !

    otv site-vlan 3002

    otv site-identifier 0xbba

    !

    key chain OTV

    key 1

    key-string 0 OTVAUTH

    !

    interface port-channel10

    ip igmp version 3

    !

    interface Overlay1

    otv isis authentication-type md5

    otv isis authentication key-chain OTV

  • otv join-interface port-channel10 otv control-group 224.71.72.0

    otv data-group 232.72.72.0/24

    otv extend-vlan 200-299

    no shutdown

    !

    interface Ethernet2/3

    switchport mode trunk

    switchport trunk allowed vlan 200-299,3002

    no shutdown

    N7K3:

    feature pim

    !

    vlan 200-299,3001

    !

    interface Vlan200

    no shutdown

    ip address 192.168.200.73/24

    !

    interface Vlan1050

    ip pim sparse-mode

    !

    interface Ethernet1/9

    switchport

    switchport mode trunk

    switchport trunk allowed vlan 200-299,3001

    no shutdown

    !

    interface Ethernet1/10

    ip pim sparse-mode

    ip igmp version 3

    !

    ip pim rp-address 10.0.0.51 group-list 224.0.0.0/4

    ip pim ssm range 232.0.0.0/8

    N7K4:

    feature pim

    !

    vlan 3002

    !

    spanning-tree vlan 200-299 priority 0

    !

    interface Vlan200

    no shutdown

    ip address 192.168.200.74/24

    !

  • interface Vlan1051

    ip pim sparse-mode

    !

    interface port-channel10

    ip pim sparse-mode

    ip igmp version 3

    !

    interface Ethernet2/19

    switchport mode trunk

    switchport trunk allowed vlan 200-299,3002

    no shutdown

    !

    ip pim rp-address 10.0.0.51 group-list 224.0.0.0/4

    ip pim ssm range 232.0.0.0/8

    Verification

    To establish the OTV tunnel, the AEDs must have multicast reachability to each other with the control group. The first step in verification, then, is to ensure that the tree for the control multicast group is built in the DCI core. Both N7K3 and N7K4 should see the (S,G) entries for the control group 224.71.72.0.

    N7K3#show ip mroute

    IP Multicast Routing Table for VRF "default"

    (*, 224.71.72.0/32), uptime: 00:11:06, igmp ip pim

    Incoming interface: Vlan1050, RPF nbr: 10.50.73.1

    Outgoing interface list: (count: 1)

    Ethernet1/10, uptime: 00:11:06, igmp

    (10.71.73.71/32, 224.71.72.0/32)

    , uptime: 00:12:45, ip pim mrib Incoming interface: Ethernet1/10

    , RPF nbr: 10.71.73.71 Outgoing interface list

    : (count: 2)

    Ethernet1/10, uptime: 00:11:06, mrib, (RPF) Vlan1050

    , uptime: 00:12:34, pim

    (10.72.74.72/32, 224.71.72.0/32)

    , uptime: 00:11:03, ip mrib pim Incoming interface: Vlan1050

    , RPF nbr: 10.50.73.1 Outgoing interface list

    : (count: 1) Ethernet1/10

    , uptime: 00:11:03, mrib

    (*, 232.0.0.0/8), uptime: 00:12:54, pim ip

    Incoming interface: Null, RPF nbr: 0.0.0.0

    Outgoing interface list: (count: 0)

  • N7K4#show ip mroute

    IP Multicast Routing Table for VRF "default"

    (*, 224.71.72.0/32), uptime: 00:13:47, igmp ip pim

    Incoming interface: Vlan1051, RPF nbr: 10.51.74.1

    Outgoing interface list: (count: 1)

    port-channel10, uptime: 00:13:47, igmp

    (10.71.73.71/32, 224.71.72.0/32)

    , uptime: 00:13:39, ip mrib pim Incoming interface: Vlan1051

    , RPF nbr: 10.51.74.1 Outgoing interface list

    : (count: 1) port-channel10

    , uptime: 00:13:39, mrib

    (10.72.74.72/32, 224.71.72.0/32)

    , uptime: 00:13:44, ip mrib pim Incoming interface: port-channel10

    , RPF nbr: 10.72.74.72 Outgoing interface list

    : (count: 2) Vlan1051

    , uptime: 00:12:18, pim

    port-channel10, uptime: 00:13:44, mrib, (RPF)

    (*, 232.0.0.0/8), uptime: 00:13:53, pim ip

    Incoming interface: Null, RPF nbr: 0.0.0.0

    Outgoing interface list: (count: 0)

    Ensure that the Site VLAN is up on both AEDs.

    N7K1#show otv

    OTV Overlay Information

    Site Identifier 0000.0000.0bb9

    Overlay interface Overlay1

    VPN name : Overlay1

    VPN state : UP

    Extended vlans : 200-299 (Total:100)

    Control group : 224.71.72.0

    Data group range(s) : 232.71.71.0/24

    Join interface(s) : Eth1/2 (10.71.73.71) Site vlan : 3001 (up)

    AED-Capable : Yes

    Capability : Multicast-Reachable

    N7K2#show otv

    OTV Overlay Information

    Site Identifier 0000.0000.0bba

  • Overlay interface Overlay1

    VPN name : Overlay1

    VPN state : UP

    Extended vlans : 200-299 (Total:100)

    Control group : 224.71.72.0

    Data group range(s) : 232.72.72.0/24

    Join interface(s) : Po10 (10.72.74.72) Site vlan : 3002 (up)

    AED-Capable : Yes

    Capability : Multicast-Reachable

    Now the AEDs should be able to form an IS-IS adjacency over the OTV tunnel.

    N7K1#show otv isis adjacency OTV-IS-IS process: default VPN: Overlay1

    OTV-IS-IS adjacency database:System ID SNPA Level State Hold Time Interface Site-ID

    N7K2 64a0.e742.8dc2 1 UP 00:00:08 Overlay1 0000.0000.0bba

    Verify that MD5 authentication for IS-IS is enabled on the Overlay1 interface.

  • N7K1#show otv isis interface overlay 1

    OTV-IS-IS process: default VPN: Overlay1

    Overlay1, Interface status: protocol-up/link-up/admin-up

    IP address: none

    IPv6 address: none

    IPv6 link-local address: none

    Index: 0x0001, Local Circuit ID: 0x01, Circuit Type: L1

    Level1

    Adjacency server (local/remote) : disabled / none Adjacency server capability : multicast Authentication type is MD5Authentication keychain is OTV

    Authentication check specified

    LSP interval: 33 ms, MTU: 1400

    Level Metric CSNP Next CSNP Hello Multi Next IIH

    1 40 10 Inactive 10 3 00:00:03

    Level Adjs AdjsUp Pri Circuit ID Since 1 1 1 64 N7K2.01 00:15:55

    N7K3 and N7K4 should now be able to reach each other's VLAN 200 interfaces, and the OTV AEDs should learn the routes to these MAC addresses.

    N7K4#show interface vlan 200 | include ddress Hardware is EtherSVI, address is 64a0.e742.8dc4

    Internet Address is 192.168.200.74/24

    N7K3#ping 192.168.200.74

    PING 192.168.200.74 (192.168.200.74): 56 data bytes

    64 bytes from 192.168.200.74: icmp_seq=0 ttl=254 time=1.256 ms

    64 bytes from 192.168.200.74: icmp_seq=1 ttl=254 time=0.938 ms

    64 bytes from 192.168.200.74: icmp_seq=2 ttl=254 time=0.859 ms

    64 bytes from 192.168.200.74: icmp_seq=3 ttl=254 time=0.924 ms

    64 bytes from 192.168.200.74: icmp_seq=4 ttl=254 time=0.852 ms

    --- 192.168.200.74 ping statistics --- 5 packets transmitted, 5 packets received, 0.00% packet loss

    round-trip min/avg/max = 0.852/0.965/1.256 ms

    N7K1#show otv route

    OTV Unicast MAC Routing Table For Overlay1

    VLAN MAC-Address Metric Uptime Owner Next-hop(s)

    ---- -------------- ------ -------- --------- -----------

    200 000c.29bb.9b82 42 00:18:25 overlay N7K2

  • 200 64a0.e742.8dc3 1 00:18:15 site Ethernet1/1

    200 64a0.e742.8dc4 42 00:18:14 overlay N7K2

    200 d48c.b5bd.460c 1 00:18:23 site Ethernet1/1

    N7K2#show otv route

    OTV Unicast MAC Routing Table For Overlay1

    VLAN MAC-Address Metric Uptime Owner Next-hop(s)

    ---- -------------- ------ -------- --------- -----------

    200 000c.29bb.9b82 1 00:19:03 site Ethernet2/3

    200 64a0.e742.8dc3 42 00:18:24 overlay N7K1

    200 64a0.e742.8dc4 1 00:18:24 site Ethernet2/3

    200 d48c.b5bd.460c 42 00:18:32 overlay N7K1

    Multicast tunneling can be verified by joining a multicast group on one of the switches and then sending ICMP pings from the remote OTV site. If successful, a new OTV multicast tunnel should form using the OTV multicast data groups.

    N7K3#config t

    Enter configuration commands, one per line. End with CNTL/Z. N7K3(config)#interface vlan 200

    N7K3(config-if)#ip pim sparse-mode

    N7K3(config-if)#ip igmp join-group 224.1.1.1N7K4#ping multicast 224.1.1.1 interface vlan 200

    PING 224.1.1.1 (224.1.1.1): 56 data bytes

    64 bytes from 192.168.200.73: icmp_seq=0 ttl=254 time=1.566 ms

    64 bytes from 192.168.200.73: icmp_seq=1 ttl=254 time=1.02 ms

    64 bytes from 192.168.200.73: icmp_seq=2 ttl=254 time=1.318 ms

    64 bytes from 192.168.200.73: icmp_seq=3 ttl=254 time=1.042 ms

    64 bytes from 192.168.200.73: icmp_seq=4 ttl=254 time=1.139 ms

    --- 224.1.1.1 ping multicast statistics ---

    5 packets transmitted, From member 192.168.200.73: 5 packets received, 0.00% packet loss

    --- in total, 1 group member responded ---

    N7K3#show ip mroute 232.72.72.0

    IP Multicast Routing Table for VRF "default"

    (10.72.74.72/32, 232.72.72.0/32)

    , uptime: 00:02:44, igmp ip pim Incoming interface: Vlan1050

    , RPF nbr: 10.50.73.1 Outgoing interface list

    : (count: 1) Ethernet1/10

    , uptime: 00:02:44, igmp

  • 2. Data Center Storage Networking2.1 Fibre Channel InitializationConfiguration

    N5K1:

    feature fcoe

    feature npiv

    feature fport-channel-trunk

    !

    slot 1

    port 28-32 type fc

    !

    interface fc1/28

    channel-group 101

    no shutdown

    !

    interface fc1/29

    channel-group 101

    no shutdown

    !

    interface fc1/30

    switchport mode F

    switchport trunk mode off

    channel-group 103

    no shutdown

    !

    interface fc1/31

    switchport mode F

    switchport trunk mode off

    channel-group 103

    no shutdown

    !

    interface san-port-channel 101

    channel mode active

    !

    interface san-port-channel 103

    channel mode active

    switchport mode F

    switchport trunk mode off

    N5K2:

  • feature fcoe

    feature npiv

    feature fport-channel-trunk

    !

    slot 1

    port 28-32 type fc

    !

    interface fc1/28

    channel-group 102

    no shutdown

    !

    interface fc1/29

    channel-group 102

    no shutdown

    !

    interface fc1/30

    switchport mode F

    switchport trunk mode off

    channel-group 104

    no shutdown

    !

    interface fc1/31

    switchport mode F

    switchport trunk mode off

    channel-group 104

    no shutdown

    !

    interface san-port-channel 102

    channel mode active

    !

    interface san-port-channel 104

    channel mode active

    switchport mode F

    switchport trunk mode off

    MDS1:

    interface fc1/3

    channel-group 101

    no shutdown

    !

    interface fc1/4

    channel-group 101

    no shutdown

    !

    interface port-channel 101

    channel mode active

    MDS2:

  • interface fc1/3

    channel-group 102

    no shutdown

    !

    interface fc1/4

    channel-group 102

    no shutdown

    !

    interface port-channel 102

    channel mode active

    In UCSM, go to the Equipment tab, and then, under the Fabric Interconnects, go to Configure Unified Ports. Just like on the 5Ks, changing the port type from Ethernet to Fibre Channel requires a reboot, so to save time, start with FI-B first, and then configure FI-A.

  • When the FIs have rebooted, go to the SAN tab and configure FC uplinks on FI-A and FI-B as SAN-Port-Channels 103 and 104, respectively. Remember to enable the port channels when created, because like on the 5Ks, they are in the shutdown state when created.

  • Verification

    Changing Unified Port types between Ethernet and Fibre Channel requires a reload of the Nexus 5000 or the UCS Fabric Interconnect on which the change was made.

    N5K2#config t

    Enter configuration commands, one per line. End with CNTL/Z. N5K2(config)#feature fcoe

    FC license checked out successfully

    fc_plugin extracted successfully

    FC plugin loaded successfully

    FCoE manager enabled successfully

    FC enabled on all modules successfully

    Enabled FCoE QoS policies successfully N5K2(config)#feature npiv

    N5K2(config)# ! N5K2(config)#slot 1

    N5K2(config-slot)# port 28-32 type fc

    N5K2(config-slot)#end

    N5K2#copy running-config startup-config

    [########################################] 100%

    Copy complete, now saving to disk (please wait)...

    N5K2# reload

    WARNING: This command will reboot the system Do you want to continue? (y/n) [n]y

    Shutdown Ports..

    writing reset reason 9,

    When the SAN port channels are configured, you may need to flap the links for the port channels to come up, as shown below.

    N5K2#show san-port-channel database

    san-port-channel 102

    Last membership update is successful

    2 ports in total, 2 ports up

  • First operational port is fc1/28

    Age of the port-channel is 0d:00h:10m:14s Ports: fc1/28 [up] *

    fc1/29 [up]

    san-port-channel 104

    Last membership update is successful

    2 ports in total, 0 ports up

    Age of the port-channel is 0d:00h:10m:14s Ports: fc1/30 [down]

    fc1/31 [down]

    N5K2#conf t

    Enter configuration commands, one per line. End with CNTL/Z. N5K2(config)#int san-port-channel 104

    N5K2(config-if)#shut

    N5K2 %$ VDC-1 %$ %PORT-5-IF_DOWN_ADMIN_DOWN: %$VSAN 1%$ Interface san-port-channel 104 is down (Administratively down) N5K2(config-if)#no shut

    N5K2(config-if)#end

    N5K2 %$ VDC-1 %$ %PORT-5-IF_DOWN_PORT_CHANNEL_MEMBERS_DOWN: %$VSAN 1%$ Interface san-port-channel 104 is down (No operational members) N5K2 %$ VDC-1 %$ Apr 6 20:48:00 %KERN-3-SYSTEM_MSG: fc2_nsh_tx_frame: FC2 s_id/d_id/vsan error: sid=0xfffffe,did=0x0,vsan=1,rctl:0x23,type:0x1,oxid 0x6,rxid:0x1f7 - kernelN5K2 %$ VDC-1 %$ Apr 6 20:48:00 %KERN-3-SYSTEM_MSG: fc2_nsh_tx_frame: FC2 s_id/d_id/vsan error: sid=0xfffffe,did=0x0,vsan=1,rctl:0x23,type:0x1,oxid 0x7,rxid:0x1f8 - kernelN5K2 %$ VDC-1 %$ %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by admin on console0N5K2 %$ VDC-1 %$ Apr 6 20:48:10 %KERN-3-SYSTEM_MSG: fc2_nsh_tx_frame: FC2 s_id/d_id/vsan error: sid=0xfffffe,did=0x0,vsan=1,rctl:0x23,type:0x1,oxid 0xe,rxid:0x204 - kernelN5K2 %$ VDC-1 %$ Apr 6 20:48:20 %KERN-3-SYSTEM_MSG: fc2_nsh_tx_frame: FC2 s_id/d_id/vsan error: sid=0xfffffe,did=0x0,vsan=1,rctl:0x84,type:0x0,oxid 0xd,rxid:0x1fe - kernelN5K2 %$ VDC-1 %$ %PORT-5-IF_UP: %$VSAN 1%$ Interface san-port-channel 104 is up in mode F

    N5K2 %$ VDC-1 %$ Apr 6 20:48:30 %KERN-3-SYSTEM_MSG: fc2_nsh_tx_frame: FC2 s_id/d_id/vsan error: sid=0xfffffe,did=0x0,vsan=1,rctl:0x23,type:0x1,oxid 0x23,rxid:0x225 - kernelN5K2#show san-port-channel database

    san-port-channel 102

    Last membership update is successful

    2 ports in total, 2 ports up

    First operational port is fc1/28

    Age of the port-channel is 0d:00h:11m:15s Ports: fc1/28 [up] *

    fc1/29 [up]

    san-port-channel 104

    Last membership update is successful

    2 ports in total, 2 ports up

    First operational port is fc1/31

    Age of the port-channel is 0d:00h:11m:15s Ports: fc1/30 [up]

    fc1/31 [up] *

    On the UCS side, the SAN port channels are configured in Proxy Node Port (NP) mode, for Node Port Virtualizer (NPV), or in other words, Fibre Channel End Host Mode.

  • UCS-FI-A#connect nxos

    UCS-FI-A(nxos)#show run interface fc1/31 - 32

    interface fc1/31 switchport mode NP

    channel-group 103 force

    no shutdown

    interface fc1/32 switchport mode NP

    channel-group 103 force

    no shutdown

    UCS-FI-A(nxos)#show run interface san-port-channel 103

    interface san-port-channel 103

    channel mode active switchport mode NP

    UCS-FI-A(nxos)#show san-port-channel database

    san-port-channel 103

    Last membership update is successful

    2 ports in total, 2 ports up

    First operational port is fc1/31

    Age of the port-channel is 0d:00h:11m:44s Ports: fc1/31 [up] *

    fc1/32 [up]

    2.2 VSANs & TrunkingConfiguration

    N5K1:

    vsan database

    vsan 103

    vsan 103 interface san-port-channel 103

    !

    interface san-port-channel 101

    switchport trunk allowed vsan 103

    N5K2:

    vsan database

    vsan 104

    vsan 104 interface san-port-channel 104

    !

    interface san-port-channel 102

    switchport trunk allowed vsan 104

    MDS1:

    vsan database

    vsan 103

  • vsan 103 interface fc1/7

    !

    interface fc1/7

    no shutdown

    !

    interface port-channel 101

    switchport trunk allowed vsan 103

    MDS2:

    vsan database

    vsan 104

    vsan 104 interface fc1/7

    !

    interface fc1/7

    no shutdown

    !

    interface port-channel 102

    switchport trunk allowed vsan 104

    UCS-FI-A:

    UCS-FI-A#connect nxos

    UCS-FI-A(nxos)#show run | section "vsan database"vsan database

    vsan 103

    UCS-FI-A(nxos)#show run | section "vlan 1104"vlan 1103

    fcoe vsan 103

    name fcoe-vsan-1103

    UCS-FI-B:

    UCS-FI-B#connect nxos

    UCS-FI-B(nxos)#show run | section "vsan database"vsan database

    vsan 104

    UCS-FI-B(nxos)#show run | section "vlan 1104"

    vlan 1104

    fcoe vsan 104

    name fcoe-vsan-1104

  • In UCSM, browse to the SAN tab, and then, under SAN Cloud, right-click VSANs to create new VSANs. Ensure that VSAN 103 is on the Fabric A side and VSAN 104 is on the Fabric B side.

  • To assign the VSANs to the SAN-Port-Channels, go back to the SAN tab, and under SAN Cloud, right-click the appropriate FC interface and click Show Navigator. SAN-Port-Channel 103 should be in VSAN 103, and Port-Channel 104 should be in VSAN 104.

  • Verification

    When all the VSANs are created and assigned, check N5K1 and N5K2 to ensure

  • that the UCS FIs have performed a Fabric Login (FLOGI) on the SAN port channel interfaces.

    N5K1#show flogi database vsan 103

    --------------------------------------------------------------------------------

    INTERFACE VSAN FCID PORT NAME NODE NAME

    --------------------------------------------------------------------------------

    San-po103 103 0xbc0000 24:67:00:2a:6a:15:66:80 20:67:00:2a:6a:15:66:81

    Total number of flogi = 1.

    N5K2#show flogi database vsan 104

    --------------------------------------------------------------------------------

    INTERFACE VSAN FCID PORT NAME NODE NAME

    --------------------------------------------------------------------------------

    San-po104 104 0x6e0000 24:68:00:2a:6a:15:05:00 20:68:00:2a:6a:15:05:01

    Total number of flogi = 1.

    On MDS1 and MDS2, ensure that the Fibre Channel SAN has performed FLOGI.

    MDS1#show flogi database vsan 103

    --------------------------------------------------------------------------------

    INTERFACE VSAN FCID PORT NAME NODE NAME

    --------------------------------------------------------------------------------

    fc1/7 103 0x0d0000 21:00:00:1b:32:04:5e:dc 20:00:00:1b:32:04:5e:dc

    Total number of flogi = 1.

    MDS2#show flogi database vsan 104

    --------------------------------------------------------------------------------

    INTERFACE VSAN FCID PORT NAME NODE NAME

    --------------------------------------------------------------------------------

    fc1/7 104 0xaa0000 21:01:00:1b:32:24:5e:dc 20:01:00:1b:32:24:5e:dc

    Total number of flogi = 1.

    Both N5K1 and MDS1 on the SAN A side and N5K2 and MDS2 on the SAN B side should agree on the Fibre Channel Name Service (FCNS) database. This verifies that both the initiators and targets are logged in and have been assigned Fibre Channel Identifiers (FCIDs) and that VSAN trunking in the fabric is end to end.

  • N5K1#show fcns database vsan 103

    VSAN 103:

    --------------------------------------------------------------------------

    FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE

    --------------------------------------------------------------------------

    0x0d0000 N 21:00:00:1b:32:04:5e:dc (Qlogic)

    0xbc0000 N 24:67:00:2a:6a:15:66:80 (Cisco) npv

    Total number of entries = 2

    N5K2#show fcns database vsan 104

    VSAN 104:

    --------------------------------------------------------------------------

    FCID TYPE PWWN (VENDOR) FC4-TYPE:FEATURE

    --------------------------------------------------------------------------

    0x6e0000 N 24:68:00:2a:6a:15:05:00 (Cisco) npv

    0xaa0000 N 21:01:00:1b:32:24:5e:dc (Qlogic)

    Total number of entries = 2

    2.3 Fibre Channel ZoningConfiguration

    N5K1:

    device-alias mode enhanced

    device-alias database

    device-alias name FC-SAN-A pwwn 21:00:00:1b:32:04:5e:dc

    device-alias name BLADE1-SAN-A pwwn 20:00:00:cc:1e:dc:01:0a

    device-alias name BLADE2-SAN-A pwwn 20:00:00:cc:1e:dc:02:0a

    !

    device-alias commit

    !

    zone mode enhanced vsan 103

    !

    zone name VSAN_103_ZONE vsan 103

    member device-alias FC-SAN-A

    member device-alias BLADE1-SAN-A

    member device-alias BLADE2-SAN-A

    !

  • zoneset name VSAN_103_ZONESET vsan 103

    member VSAN_103_ZONE

    !

    zoneset activate name VSAN_103_ZONESET vsan 103

    zone commit vsan 103

    N5K2:

    device-alias mode enhanced

    device-alias database

    device-alias name FC-SAN-B pwwn 21:01:00:1b:32:24:5e:dc

    device-alias name BLADE1-SAN-B pwwn 20:00:00:cc:1e:dc:01:0b

    device-alias name BLADE2-SAN-B pwwn 20:00:00:cc:1e:dc:02:0b

    !

    device-alias commit

    !

    zone mode enhanced vsan 104

    !

    zone name VSAN_104_ZONE vsan 104

    member device-alias FC-SAN-B

    member device-alias BLADE1-SAN-B

    member device-alias BLADE2-SAN-B

    !

    zoneset name VSAN_104_ZONESET vsan 104

    member VSAN_104_ZONE

    !

    zoneset activate name VSAN_104_ZONESET vsan 104

    zone commit vsan 104

    Verification

    Devices on the SAN A side should agree on the Device Alias database and zoneset for VSAN 103.

    MDS1#show device-alias status

    Fabric Distribution: Enabled

    Database:- Device Aliases 3 Mode: Enhanced

    Checksum: 0x252e3d5059933b2826cabfe0ee148

    MDS1#show device-alias database

    device-alias name FC-SAN-A pwwn 21:00:00:1b:32:04:5e:dc

    device-alias name BLADE1-SAN-A pwwn 20:00:00:cc:1e:dc:01:0a

    device-alias name BLADE2-SAN-A pwwn 20:00:00:cc:1e:dc:02:0a

    Total number of entries = 3

    MDS1#show zone status vsan 103

  • VSAN: 103 default-zone: deny distribute: active only Interop: default mode: enhanced

    merge-control: allow

    session: none

    hard-zoning: enabled broadcast: enabled

    Default zone:

    qos: none broadcast: disabled ronly: disabled

    Full Zoning Database :

    DB size: 224 bytes

    Zonesets:1 Zones:1 Aliases: 0 Attribute-groups: 1 Active Zoning Database

    :

    DB size: 148 bytes Name: VSAN_103_ZONESET Zonesets:1 Zones:1

    Status: Activation completed at 20:55:21 UTC May 26 2013

    MDS1 learned the zoning configuration applied on N5K1, but it does not yet see an FCID for the UCS blades. This is because we haven't configured the service profiles for the blades, which means they're not yet logged in to the fabric. When the SP association is complete, we should see the FCIDs of the blades get dynamically assigned, as well as the pWWNs we manually configure on them logged in to the fabric.

    MDS1#show zoneset active vsan 103

    zoneset name VSAN_103_ZONESET vsan 103

    zone name VSAN_103_ZONE vsan 103

    * fcid 0x0d0000 [device-alias FC-SAN-A]

    device-alias BLADE1-SAN-A

    device-alias BLADE2-SAN-A

    2.4 iSCSI Virtual TargetConfiguration

    N7K3:

    interface Ethernet2/23

    switchport mode trunk

    switchport trunk allowed vlan 202

    no shutdown

    MDS1:

    device-alias database

    device-alias name UCS-C200-SAN-A pwwn 20:00:00:cc:1e:dc:03:0a

    !

  • device-alias commit

    !

    feature iscsi

    iscsi enable module 1

    !

    vsan database

    vsan 103 interface iscsi1/1

    !

    iscsi virtual-target name iqn.1987-05.com.cisco:05.mds1.01-01.01234567890abcde

    pWWN 21:00:00:1b:32:04:5e:dc

    initiator ip address 192.168.202.104 permit

    !

    iscsi initiator ip-address 192.168.202.104

    static pWWN 20:00:00:cc:1e:dc:03:0a

    !

    zone name VSAN_103_ZONE vsan 103

    member device-alias UCS-C200-SAN-A

    !

    zoneset activate name VSAN_103_ZONESET vsan 103

    zone commit vsan 103

    !

    interface GigabitEthernet1/1

    ip address 192.168.202.61 255.255.255.0

    no shutdown

    !

    interface iscsi1/1

    no shutdown

    Verification

    When the iSCSI configuration is complete, MDS1 should see the UCS C200 server log in as an iSCSI Initiator. The nWWN can be dynamic, but because zoning and LUN Masking on the SAN is done based on the pWWN, this needs to be manually assigned to the iSCSI Initiator.

    MDS1#show iscsi initiator

    iSCSI Node name is 192.168.202.104

    iSCSI Initiator name: iqn.1998-01.com.vmware:localhost-7463f71b

    iSCSI alias name:

    Configured node (iSCSI)

    Node WWN is 21:01:00:0d:ec:4a:21:02 (dynamic)

    Member of vsans: 103

    Number of Virtual n_ports: 1 Virtual Port WWN is 20:00:00:cc:1e:dc:03:0a (configured)

    Interface iSCSI 1/1, Portal group tag: 0x3000

  • VSAN ID 103, FCID 0x0d0100

    From the iSCSI Initiator's point of view, the MDS is an iSCSI Target. Note that only the C200's IP address is allowed to use this target.

    MDS1#show iscsi virtual-target

    target: iqn.1987-05.com.cisco:05.mds1.01-01.01234567890abcde

    * Port WWN 21:00:00:1b:32:04:5e:dc

    Configured node (iSCSI)

    No. of initiators permitted: 1 initiator 192.168.202.104/32 is permitted

    All initiator permit is disabled

    Trespass support is disabled

    Revert to primary support is disabled

    MDS1 should see the C200 server registered to the fabric in the FLOGI database.

    MDS1#show flogi database

    --------------------------------------------------------------------------------

    INTERFACE VSAN FCID PORT NAME NODE NAME

    --------------------------------------------------------------------------------

    fc1/7 103 0x0d0000 21:00:00:1b:32:04:5e:dc 20:00:00:1b:32:04:5e:dc

    [FC-SAN-A] iscsi1/1 103 0x0d0100 20:00:00:cc:1e:dc:03:0a

    21:01:00:0d:ec:4a:21:02 [UCS-C200-SAN-A]

    Total number of flogi = 2.

    Adding the C200's pWWN to the already defined zone for VSAN 103 will allow it access to the LUNs that the SAN is presenting for this initiator.

    MDS1#show zoneset active

    zoneset name VSAN_103_ZONESET vsan 103

    zone name VSAN_103_ZONE vsan 103

    * fcid 0x0d0000 [device-alias FC-SAN-A]

    device-alias BLADE1-SAN-A

    device-alias BLADE2-SAN-A * fcid 0x0d0100 [device-alias UCS-C200-SAN-A]

    The final verification for this task is to ensure that the ESXi instance has actually

  • mounted the iSCSI LUNs. To check this, go to the vSphere client, select the C200 host on the left, click the Configuration tab, and then click Storage Adapters. Under the iSCSI Software Adapter, you should see the LUNs appear as shown below.

    3. Unified Computing3.1 Address PoolsUUID Pools in UCSM are configured under the Servers tab, Pools, then UUID Suffix Pools, as shown below.

  • MAC Address Pools are under the LAN tab, Pools, then MAC Pools.

    Node World Wide Name Pools are under the SAN tab, Pools, then WWNN Pools.

  • Management IP Address Pools are under the Admin tab, Communication Management, then Management IP Pool. Note that the default gateway here is arbitrary, because the task did not ask for a specific value, but it is still a required field.

    3.2 UCS Service Profile Templates

  • Create a new Service Profile Template under the Servers tab, then Service Profile Templates. The task requires that this be an Initial Template and get its addresses from the default pools that were created in the previous task.

    Under Storage, ensure that the vHBAs are assigned to VSANs 103 and 104 on Fabric A and Fabric B, respectively.

  • For vNICs, use the Expert option, and add the five new vNICs according to the task requirements. The VLANs needed are created in this step to save time, but could also be configured as a separate step under the LAN Cloud.

  • Ensure that the vMotion vNIC has Fabric Failover enabled according to the task requirements.

  • The vNICs for the VMGuests are trunks that carry the rest of the VLANs.

  • The Maintenance Policy is where we define that the administrator must acknowledge a change that would cause the blade to reboot.

  • The Operational Policies define where the Management IP addresses of the Service Profiles come from.

    3.3 Service ProfilesTo assign the service profiles, we must first enable the southbound links from the

  • FIs to the Blade Chassis. To do so, configure them as Server ports under the Fabric Interconnects on the Equipment tab.

    Create two copies of the Service Profile Template previously created.

  • Before we customize the boot options for the individual service profiles, a QoS policy is created that will apply to the vHBAs. Note that this is just for clarity of the configuration, so that we know for certain that the vHBAs are being assigned to a no-drop QoS policy.

  • Modify the vHBAs to have the appropriate pWWNs according to the task. Note that if these values are incorrect, the blades will fail to boot from the SAN, because the LUN masking on the SAN only allows specific initiating pWWNs to access their LUNs.

  • We need to create a Boot Policy that tells the blade which SAN target it needs to boot to.

  • Again, ensure 100% accuracy, because an incorrect pWWN value will cause the blade to be unable to boot.

    Repeat the above steps, but now for the backup boot target.

  • Don't forget to actually assign the Boot Policy to the service profile after it is successfully created.

  • Repeat the above steps for the second service profile that will be assigned to blade 2.

  • Finally, associate the service profiles to the blades.

  • When the blades begin to boot, you can track their progress by connecting to their KVMs. When the blades are fully booted, you should see the console screen for the ESXi instances, as shown below.

  • 4. Data Center Virtualization4.1 Nexus 1000v

  • Configuration

    First we need to determine which UUIDs were dynamically assigned to the blades, and which VEMs they are currently inserted as. The below output shows us the module number (VEM number), the UUID, and the IP address.

    N1Kv#show module

    Mod Ports Module-Type Model Status

    --- ----- -------------------------------- ------------------ ------------

    1 0 Virtual Supervisor Module Nexus1000V active *

    2 0 Virtual Supervisor Module Nexus1000V ha-standby

    4 248 Virtual Ethernet Module NA ok

    5 248 Virtual Ethernet Module NA ok

    6 248 Virtual Ethernet Module NA ok

    Mod Sw Hw

    --- ------------------ ------------------------------------------------

    1 4.2(1)SV2(1.1) 0.0

    2 4.2(1)SV2(1.1) 0.0

    4 4.2(1)SV2(1.1) VMware ESXi 5.1.0 Releasebuild-799733 (3.1)

    5 4.2(1)SV2(1.1) VMware ESXi 5.1.0 Releasebuild-799733 (3.1)

    6 4.2(1)SV2(1.1) VMware ESXi 5.1.0 Releasebuild-799733 (3.1)

    Mod MAC-Address(es) Serial-Num

    --- -------------------------------------- ----------

    1 00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA

    2 00-19-07-6c-5a-a8 to 00-19-07-6c-62-a8 NA

    4 02-00-0c-00-04-00 to 02-00-0c-00-04-80 NA

    5 02-00-0c-00-05-00 to 02-00-0c-00-05-80 NA

    6 02-00-0c-00-06-00 to 02-00-0c-00-06-80 NA

    Mod Server-IP Server-UUID Server-Name

    --- --------------- ------------------------------------ --------------------


Recommended