CCNA®DataCenterIntroducingCiscoDataCenterTechnologies
StudyGuide
ToddLammle
ToddMontgomery
SeniorAcquisitionsEditor:KenyonBrownDevelopmentEditor:GarySchwartzTechnicalEditor:MarkDittmer,CiscoSystemsProfessionalServicesProductionEditor:ChristineO'ConnorCopyEditor:LindaRecktingwaldEditorialManager:MaryBethWakefieldProductionManager:KathleenWisorAssociatePublisher:JimMinatelBookDesigners:JudyFungandBillGibsonProofreader:JenLarsen,WordOneNewYorkIndexer:RobertSwansonProjectCoordinator,Cover:BrentSavageCoverDesigner:Wiley
CoverImage:GettyImagesInc./JeremyWoodhouseCopyright©2016byJohnWiley&Sons,Inc.,Indianapolis,Indiana
PublishedsimultaneouslyinCanada
ISBN:978-1-118-66109-3
ISBN:978-1-118-76320-9(ebk.)
ISBN:978-1-119-00065-5(ebk.)
Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions.
LimitofLiability/DisclaimerofWarranty:Thepublisherandtheauthormakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisworkandspecificallydisclaimallwarranties,includingwithoutlimitationwarrantiesoffitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesorpromotionalmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforeverysituation.Thisworkissoldwiththeunderstandingthatthepublisherisnotengagedinrenderinglegal,accounting,orotherprofessionalservices.Ifprofessionalassistanceisrequired,theservicesofacompetentprofessionalpersonshouldbesought.Neitherthepublishernortheauthorshallbeliablefordamagesarisingherefrom.ThefactthatanorganizationorWebsiteisreferredtointhisworkasacitationand/orapotentialsourceoffurtherinformationdoesnotmeanthattheauthororthepublisherendorsestheinformationtheorganizationorWebsitemayprovideorrecommendationsitmaymake.Further,readersshouldbeawarethatInternetWebsiteslistedinthisworkmayhavechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.
Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.
Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincludedwithstandardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.IfthisbookreferstomediasuchasaCDorDVDthatisnotincludedintheversionyoupurchased,youmaydownloadthismaterialathttp://booksupport.wiley.com.FormoreinformationaboutWileyproducts,visitwww.wiley.com.
LibraryofCongressControlNumber:2016933971
TRADEMARKS:Wiley,theWileylogo,andtheSybexlogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.CCNAisaregisteredtrademarkofCiscoTechnology,Inc.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthisbook.
TomywonderfulsonWilliamandawesomedaughterAllison,whomakemylifesogreat.Thisbookisforbothofyou.
—ToddMontgomery
AcknowledgmentsIttakesmanypeopletoputabooktogether,andalthoughasauthorswededicateanenormousamountoftimetowritethebook,itwouldneverbepublishedwithoutthededicationandhardworkofmanyotherpeople.
First,IwouldliketothankKenyonBrown,myacquisitionseditor,whoconvincedmethatIcoulddothisandstuckwithmethroughouttheprocess.WithoutKenasamentorandguide,Icouldneverhavepulledthisoneoff.IamthankfulthatKenwastheretoleadmethoughthesometimes-confusingworldofpublishingabooklikethis.
IwouldalsoliketothankToddLammleforhishelpintransformingthisnetworkengineerintoaninspiredauthorandforbeinganewfriendinthesmallworldinsidethebigdatacenters.
Icanneverthankmydevelopmenteditor,GarySchwartz,enough.Garystuckwithme,patientlyguidingmethoughtheprocessandprovidingmewiththedirectionIneededwhenIwasoffinaditchagain.WithoutGary'shelp,puttingthisbooktogetherwouldhavebeenmuchmoredifficult.Thanksagain,Gary!
AbigthankyoutoChristineO'Connor,myproductioneditor,forlendingaguidinghandintheprocessofpublishingthisbook.Iamstillamazedathowherteamcouldtakemyworkandtransformitintoapresentablebook.I'msurethatthereisawholeteamatWileylurkinginthebackgroundwhowillneverknowhowmuchtheyreallyhelped,buttothewholeteamatWiley,abigthankyou!Youmadethelatenightsandlongweekendsofwritingallworthwhile.
Ofcourse,MarkDittmeratCiscoSystemsProfessionalServiceswasanexcellenttechnicaleditor,andhewasalwaystheretoclarifyandaddhisdeepinsightintotheCiscodatacenterproductstothiseffort.Mark,Ioweyou!
AbouttheAuthorsToddLammleistheauthorityonCiscocertificationandinternetworking.HeisCiscocertifiedinmostCiscocertificationcategories.Heisaworld-renownedauthor,speaker,trainer,andconsultant.ToddhasthreedecadesofexperienceworkingwithLANs,WANs,andlargeenterpriselicensedandunlicensedwirelessnetworks.Lately,he'sbeenimplementinglargeCiscodatacentersworldwide,aswellasFirePOWERtechnologies.Hisyearsofreal-worldexperienceareevidentinhiswriting;heisnotjustanauthorbutaknowledgeablenetworkingengineerwithverypracticalexperienceworkingonthelargestnetworksintheworldatsuchcompaniesasXerox,HughesAircraft,Texaco,AAA,Cisco,andToshiba,amongothers.Toddhaspublishedmorethan60books,includingtheverypopularCCNA:CiscoCertifiedNetworkAssociateStudyGuide,CCNAWirelessStudyGuide,andCCNADataCenterStudyGuide,aswellashisFirePOWERstudyguide,allfromSybex.ToddrunsaninternationalconsultingandtrainingcompanywithofficesinColorado,Texas,andSanFrancisco.YoucanreachToddthroughhiswebsiteatwww.lammle.com.
ToddMontgomeryhasbeeninthenetworkingindustryformorethan30yearsandholdsmanycertificationsfromCisco,Juniper,VMware,CompTIA,andothercompanies.HeisCCNADataCenter,CCNASecurity,andCCNPRoutingandSwitchingcertified.
ToddhasspentmostofhiscareeroutinthefieldworkingonsiteindatacentersthroughoutNorthAmericaandaroundtheworld.Hehasworkedforequipmentmanufacturers,systemsintegrators,andendusersofdatacenterequipmentinthepublic,serviceprovider,andgovernmentsectors.ToddcurrentlyworksasaseniordatacenternetworkingengineerforaFortune50corporation.Heisinvolvedinnetworkimplementationandsupportofemergingdatacentertechnologies.Healsoworkswithsoftware-definednetworking(SDN)evaluationplans,cloudtechnologies,CiscoNexus9000,7000,5000,and2000switches,Junipercorerouting,andfirewallsecurityproducts.
ToddlivesinAustin,Texas,andinhisfreetimeheenjoysautoracing,generalaviation,andsamplingAustin'[email protected].
ContentsIntroduction
WhyShouldYouBecomeCertifiedinCiscoDataCenterTechnologies?WhatDoesThisBookCover?InteractiveOnlineLearningEnvironmentandTestBankHowtoUseThisBookWhereDoYouTaketheExams?DCICTExamObjectives
AssessmentTestAnswerstoAssessmentTestChapter1DataCenterNetworkingPrinciples
DataCenterNetworkingPrinciplesTheDataCenterLANTheDataCenterSANNetworkDesignUsingaModularApproachTheDataCenterCoreLayerTheDataCenterAggregationLayerTheDataCenterAccessLayerTheCollapsedCoreModelFabricPathHowDoWeInterconnectDataCenters?VirtualPortChannelsUnderstandingPortChannelsGoingVirtualwithVirtualDeviceContextsStorageNetworkingwithNexusConfiguringandVerifyingNetworkConnectivityIdentifyingControlandDataPlaneTrafficPerformingtheInitialSetupSummary
ExamEssentialsWrittenLab1ReviewQuestions
Chapter2NetworkingProductsTheNexusProductFamilyReviewingtheCiscoMDSProductFamilyCiscoApplicationControlEngineSummaryExamEssentialsWrittenLab2ReviewQuestions
Chapter3StorageNetworkingPrinciplesStorageAreaNetworkingStorageCategoriesFibreChannelNetworksDescribetheSANInitiatorandTargetVerifySANSwitchOperationsDescribeBasicSANConnectivityDescribeStorageArrayConnectivityDescribeStorageProtectionDescribeStorageTopologiesFabricPortTypesStorageSystemsWorldWideNamesSANBootVerifyNameServerLoginDescribe,Configure,andVerifyZoningPerformInitialMDSSetupDescribe,Configure,andVerifyVSAN
SummaryExamEssentialsWrittenLab3ReviewQuestions
Chapter4DataCenterNetworkServicesDataCenterNetworkServicesStandardACEFeaturesforLoadBalancingServerLoadBalancingVirtualContextandHAServerLoadBalancingManagementOptionsBenefitsoftheCiscoGlobalLoad-BalancingSolutionCiscoWAASNeedsandAdvantagesintheDataCenterSummaryExamEssentialsWrittenLab4ReviewQuestions
Chapter5Nexus1000VVirtualSwitchesNexus1000VSwitchInstallingNexus1000VSummaryExamEssentialsWrittenLab5ReviewQuestions
Chapter6UnifiedFabricUnifiedFabricConnectivityHardwareSummaryExamEssentialsWrittenLab6ReviewQuestions
Chapter7CiscoUCSPrinciplesDataCenterComputingEvolutionNetwork-CentricComputingUCSServersUCSConnectivitySummaryExamEssentialsWrittenLabs7ReviewQuestions
CHAPTER8CiscoUCSConfigurationUCSClusterSetupUCSManagerServiceProfilesSummaryExamEssentialsWrittenLab8Chapter8:Hands-OnLabsReviewQuestions
AppendixAAnswerstoWrittenLabsChapter1:DataCenterNetworkingPrinciplesChapter2:NetworkingProductsChapter3:StorageNetworkingPrinciplesChapter4:DataCenterNetworkServicesChapter5:Nexus1000VChapter6:UnifiedFabricChapter7:CiscoUCSPrinciplesChapter8:CiscoUCSConfiguration
AppendixBAnswerstoReviewQuestionsChapter1:DataCenterNetworkingPrinciplesChapter2:NetworkingProducts
Chapter3:StorageNetworkingPrinciplesChapter4:DataCenterNetworkServicesChapter5:Nexus1000VChapter6:UnifiedFabricChapter7:CiscoUCSPrinciplesChapter8:CiscoUCSConfiguration
AdvertEULA
ListofTablesChapter6
Table6.1
Table6.2
Table6.3
ListofIllustrationsChapter1
Figure1.1DatacenterLAN
Figure1.2SeparatedatacenterLAN/SANnetworks
Figure1.3Unifieddatacenternetwork
Figure1.4DatacenterCorenetwork
Figure1.5Datacenteraggregatednetwork
Figure1.6DatacenterAccesslayernetwork
Figure1.7Collapsedcoremodel
Figure1.8FabricPath
Figure1.9OverlayTransportVirtualization
Figure1.10VirtualPortChannels
Figure1.11Portchannels
Figure1.12Virtualdevicecontexts
Figure1.13Dataplane
Figure1.14Controlplane
Figure1.15VPCdiagram
Chapter2
Figure2.1Nexusproductfamily
Figure2.2Nexus1010
Figure2.3Nexus2000family
Figure2.4Nexus3000family
Figure2.5Nexus4000seriesbladeswitch
Figure2.6Nexus5000family
Figure2.7Nexus6000family
Figure2.8Nexus7000family
Figure2.9Nexus7700family
Figure2.10Nexus9000family
Figure2.11Nexus7009
Figure2.12Nexus7010
Figure2.13NexusSupervisorOne
Figure2.14Nexus7010fabricmodule
Figure2.15Nexus7000I/Omodules
Figure2.16Nexus7000powersupply
Figure2.17Nexus5500family
Figure2.18Nexus5010
Figure2.19Nexus5020
Figure2.20NexusGEM1cards
Figure2.21Nexus5596rear
Figure2.22Nexus5500UPGEMmodule
Figure2.235548Layer3card
Figure2.245596Layer3card
Figure2.25Nexus2000family
Figure2.26Nexus5000withfourFEXs
Figure2.27FEXMulti-cableattachment
Figure2.28FEXcomparison
Figure2.29MDSproductfamily
Chapter3
Figure3.1SCSIcables
Figure3.2FibreChannelframe
Figure3.3InternetSmallComputerSystemInterface(iSCSI)frame
Figure3.4DAS—computerwithlocalstorage
Figure3.5File-basedstorage
Figure3.6Filetransfer
Figure3.7SANnetwork
Figure3.8Unifiednetwork
Figure3.9SANinitiatorandtarget
Figure3.10LUNs
Figure3.11MDS9148switch
Figure3.12SFPmodule
Figure3.13Multimodefiber-opticcables
Figure3.14Point-to-pointtopology
Figure3.15FibreChannelArbitratedLoop
Figure3.16Simplefabric
Figure3.17Dualfabric
Figure3.18FibreChannelporttypes
Figure3.19FibreChannelSANcomponents
Figure3.20WorldWideNames
Figure3.21WordWidePortNames
Figure3.22SANboot
Figure3.23Fabriclogin
Chapter4
Figure4.1ACEloadbalancer
Figure4.2Round-robinpredictor
Figure4.3Least-loadedpredictor
Figure4.4Hashingpredictor
Figure4.5Leastnumberofconnectionspredictor
Figure4.6Health-checkingprobes
Figure4.7ACEHApair
Figure4.8CiscoACEDeviceManager
Figure4.9CiscoGlobalSiteSelector
Chapter5
Figure5.1Traditionalservers
Figure5.2Traditionalpoliciesandcontrol
Figure5.3Serverandnetworkvirtualization
Figure5.4Networkconnectivity
Figure5.5Policiesinavirtualenvironment
Figure5.6Insidethephysicalserver
Figure5.7Standardswitchconfiguration
Figure5.8FailedvMotion
Figure5.9Distributedvirtualswitch
Figure5.10Networkadministrationinavirtualenvironment
Figure5.11DeployOVFTemplate
Figure5.12Selectthesourcelocation
Figure5.13VerifyOVFtemplatedetails
Figure5.141000Vproperties
Figure5.15vCentercredentialsentryscreen
Figure5.16vCenterNetworkingSummaryscreen
Chapter6
Figure6.1Traditionalseparatenetworks
Figure6.2Unifiednetwork
Figure6.3MultihopFCoEnetwork
Figure6.4Protocolencapsulation
Figure6.5FCoEframe
Figure6.6Ethernetflowcontrol
Figure6.7FibreChannelflowcontrol
Figure6.8Per-priorityflowcontrol
Figure6.9FCoEporttypes
Figure6.10FEXcomparison
Figure6.11VN-Tag
Figure6.12Nexusfabricextension
Chapter7
Figure7.1Agroupoftowerservers
Figure7.2Rackmountserversconnectedtoaswitch
Figure7.3Chassiswith16blades
Figure7.4CiscoUCSfabricinterconnectmodel6248UP
Figure7.5UCSsystemwithtwofabricinterconnectsandfourchassis
Figure7.6UCSsystemwithtwofabricinterconnectsand12chassis
Figure7.76100Seriesfabricinterconnects
Figure7.86100Seriesexpansionmodules
Figure7.96248UPand6296UPfabricinterconnects
Figure7.106200unifiedportexpansionmodule
Figure7.116324fabricinterconnect
Figure7.12UCS5108chassiswithamixtureoffullandhalf-slotblades
Figure7.135108with2104XPI/Omodules(rearview)
Figure7.14B-Seriesservercomparison
Figure7.15C-Seriesservercomparison
Figure7.16Non-virtualizedinterfacecards
Figure7.17Virtualinterfacecards
Figure7.18FabricinterconnectL1/L2ports
Figure7.19FabricinterconnecttoI/Omoduleconnectivity
Figure7.20Configuringportpersonalityonfabricinterconnect
Figure7.21Re-acknowledgingachassis
Chapter8
Figure8.1Fabricinterconnectcabling
Figure8.2UCSinitialwebinterface
Figure8.3Javaapplicationwarning
Figure8.4UCSManagerLogin
Figure8.5UCSManagerlayout
Figure8.6UCSManagertabs
Figure8.7Finitestatemachinediscoveryprocess
Figure8.8CreatingaUUIDpool
Figure8.9CreatingaMACaddresspool
Figure8.10CreatingaWWNNpool
Figure8.11Serviceprofileassociationmethods
Figure8.12Manuallyassigningserverstoaserverpool
Figure8.13Serviceprofilecreationoptions
Figure8.14Simpleprofilecreation
Figure8.15Expertprofilecreation
Figure8.16Creatingaserviceprofiletemplate
Figure8.17Creatingserviceprofilesfromatemplate
Figure8.18Serviceprofilescreatedfromatemplate
IntroductionWelcometotheexcitingworldofCiscocertification!Ifyou’vepickedupthisbookbecauseyouwanttoimproveyourselfandyourlifewithabetter,moresatisfying,andmoresecurejob,you’vedonetherightthing.Whetheryou’restrivingtoenterthethriving,dynamicITsector,oryou’reseekingtoenhanceyourskillsetandadvanceyourpositionwithinyourcompanyorindustry,beingCiscocertifiedcanseriouslystacktheoddsinyourfavorinhelpingyoutoattainyourgoals!
Ciscocertificationsarepowerfulinstrumentsofsuccessthatmarkedlyimproveyourgraspofallthingsinternetworking.Asyouprogressthroughoutthisbook,you’llgainacompleteunderstandingofdatacentertechnologiesthatreachesfarbeyondCiscodevices.Bytheendofthisbook,you’llhavecomprehensiveknowledgeofhowCiscoNexusandUCStechnologiesworktogetherinyourdatacenter,whichisvitalintoday’swayoflifeinthenetworkedworld.Theknowledgeandexpertisethatyou’llgainhereisessentialforandrelevanttoeverynetworkingjob,anditiswhyCiscocertificationsareinsuchhighdemand—evenatcompanieswithfewCiscodevices!
Althoughit’scommonknowledgethatCiscorulestheroutingandswitchingworld,thefactthatitalsorocksthevoice,datacenter,andsecurityworldsisnowwellrecognized.Furthermore,Ciscocertificationsequipyouwithindispensableinsightintotoday’svastlycomplexnetworkingrealm.Essentially,bydecidingtobecomeCiscocertified,you’reproudlyannouncingthatyouwanttobecomeanunrivalednetworkingexpert—agoalthatthisbookwillputyouwellonyourwaytoachieving.Congratulationsinadvanceonthebeginningofyourbrilliantfuture!
TheCCNADataCentercertificationwilltakeyouwaybeyondthetraditionalCiscoworldofswitchingandrouting.Themoderndatacenternetworkincludestechnologiesthatwereoncetheprivatedomainofothergroups.Butwithnetworkconvergenceandvirtualizationtakingthedatacentertonewplaces,youmustnowlearnallaboutstorageandstoragenetworking,networkconvergence,thevirtualizationofservers,andnetworkservices.Moreover,asyouwillseeinthisbook,wewilltakeadeeplookatnewserverdesignsanddeploymentmodels.
WhyShouldYouBecomeCertifiedinCiscoDataCenterTechnologies?Cisco,likeMicrosoftandothervendorswhoprovidecertification,createdthecertificationprocesstogiveadministratorsaspecificsetofskillsandequipprospectiveemployerswithawaytomeasurethoseskillsormatchcertaincriteria.
RestassuredthatifyoumakeitthroughtheCCNADataCenterexamsandarestillinterestedinCiscoanddatacenters,you’reheadeddownapathtocertainsuccess!
WhatDoesThisBookCover?ThisbookcoverseverythingthatyouneedtoknowtopasstheIntroducingCiscoDataCenterTechnologies(640–916)exam.TheIntroducingCiscoDataCenterTechnologiesexamisthesecondoftwoexamsrequiredtobecomeCCNADataCenterCertified.ThefirstCCNADataCenterexamiscalledIntroducingCiscoDataCenterNetworking(DCICN),anditisexamnumber640–911.
AgreatresourceforlearningaboutdatacenternetworkingandexampreparationforthefirstCCNADataCenterexamisCCNADataCenter—IntroducingCiscoDataCenterNetworkingStudyGuide:Exam640–911byToddLammleandJohnSwartz(Sybex,2013).
Allchaptersinthisbookincludereviewquestionsandhands-onlabstohelpyoubuildastrongfoundation.
Youwilllearnthefollowinginformationinthisbook:
Chapter1:DataCenterNetworkingPrinciplesWegetrightdowntobusinessinthefirstchapterbycoveringabroadarrayofdatacenterprinciplesandconcepts,suchasEthernetandstoragenetworks,datacenterdesign,andtechnologiesspecifictodatacenternetworking,suchasdatacenterinterconnects,FabricPath,andvirtualPortChannels.
Chapter2:NetworkingProductsInthischapter,wetakeacloselookattheCisconetworkingproductsfoundinthedatacenter,suchasthecompleteNexusfamilyofswitchproductsandtheMDSstoragenetworkingproductmodels.
Chapter3:StorageNetworkingPrinciplesThischapterprovidesyouwiththebackgroundnecessaryforsuccessontheexamaswellasintherealworldwithathoroughpresentationofstoragetechnologiesandprinciples.Traditionally,storagehasbeenhandledbyspecializedengineersworkingonlywithSANandstoragetechnologies.InthemoderndatacenterwithconvergedLANandSANnetworks,itbecomesnecessarytolearnstoragetechnologies.ThischapterprovidesthebackgroundneededtomasterconvergednetworkscoveredinChapter6.
Chapter4:DataCenterNetworkServicesChapter4coversthetopicofnetworkservices,suchasloadbalancingandwideareanetworkacceleration.Thisisasmallbutimportantpartoftheexam.
Chapter5:Nexus1000VWenowstarttotakeadeeplookatnetworkand
devicevirtualization,whichisacentralpartofmoderndatacenters.WeusethesoftwarevirtualswitchfromCisco,theNexus1000V,todemonstrateboththisimportantproductandtheconceptsofvirtualization.
Chapter6:UnifiedFabricInthischapter,weusetheMDSSANandNexusLANproductlinestoshowhowtoconvergeLANandSANswitchingontoasingleswitchingfabric.Welookatthestandardsdevelopedtoensurelosslessswitchingtoprotectthestoragetrafficandtheconceptsoffabricextensions.
Chapter7:CiscoUCSPrinciplesThischaptertakesusawayfromnetworkingandintotheworldofUnifiedComputing.WelookattheCiscoUCSproductlineanddemonstratehowtosetupaUCScluster.WeintroducetheUCSManagerandlookathowitmanagesthecompleteUCS.
Chapter8:CiscoUCSConfigurationThischaptercovershowtousetheUCSManagertosetupandconfiguretheCiscoUnifiedComputingSystem.WeexploretheconceptsofpolicesandpoolsanddiscusshowtheyinteractwitheachotherinaCisco-basedserversolution.
AppendixA:AnswerstoWrittenLabsThisappendixcontainsalloftheanswerstothewrittenlabsfoundattheendofeachchapter.
AppendixB:AnswerstoReviewQuestionsThisappendixcontainsalloftheanswerstothereviewquestionsfoundattheendofeachchapter.
InteractiveOnlineLearningEnvironmentandTestBankWe’veworkedhardtoprovidesomereallygreattoolstohelpyouwiththecertificationprocess.TheinteractiveonlinelearningenvironmentthataccompaniesCCNADataCenter:IntroducingCiscoDataCenterTechnologiesStudyGuide:Exam640–916providesatestbankwithstudytoolstohelpyouprepareforthecertificationexamandincreaseyourchancesofpassingitthefirsttime!Thetestbankincludesthefollowing:
SampleTestsAllofthequestionsinthisbookareprovided,includingtheassessmenttest,whichyou’llfindattheendofthisintroduction,andthereviewquestionsattheendofeachchapter.Inaddition,thereisanexclusivepracticeexamwith110questions.Usethesequestionstotestyourknowledgeofthestudyguidematerial.Theonlinetestbankrunsonmultipledevices.
FlashcardsTheonlinetestbankincludes100flashcardsspecificallywrittento
hityouhard,sodon’tgetdiscouragedifyoudon’tacethematfirst!Theyaretheretoensurethatyou’rereadyfortheexam.Questionsareprovidedindigitalflashcardformat(aquestionfollowedbyasinglecorrectanswer).Youcanusetheflashcardstoreinforceyourlearningandprovidelast-minutetestprepbeforetheexam.
OtherStudyToolsAglossaryofkeytermsfromthisbookandtheirdefinitionsisalsoavailableasafullysearchablePDF.
Gotohttp://sybextestbanks.wiley.comtoregisterforandgain
accesstothisinteractiveonlinelearningenvironmentandtestbankwithstudytools.
HowtoUseThisBookIfyouwantasolidfoundationforpreparingfortheIntroducingCiscoDataCenterTechnologiesexam,thenlooknofurther.We’vespenthundredsofhoursputtingtogetherthisbookwiththesoleintentionofhelpingyoutopasstheexamaswellasreallylearninghowtoconfigureandmanageCiscodatacenterproductscorrectly!
Thisbookisloadedwithvaluableinformation,andyouwillgetthemostoutofyourstudytimeifyouunderstandwhythebookisorganizedthewayitis.
Thus,tomaximizeyourbenefitfromthisbook,werecommendthefollowingstudymethod:
1. Taketheassessmenttestthat’sprovidedattheendofthisintroduction.(Theanswersareattheendofthetest.)It’sOKifyoudon’tknowanyoftheanswers;that’swhyyouboughtthisbook!Carefullyreadovertheexplanationsforanyquestionyougetwrong,andnotethechaptersinwhichthematerialrelevanttothemiscovered.Thisinformationshouldhelpyouplanyourstudystrategy.
2. Studyeachchaptercarefully,makingsurethatyoufullyunderstandtheinformationandthetestobjectiveslistedatthebeginningofeachone.Payextra-closeattentiontoanychapterthatincludesmaterialcoveredinquestionsthatyoumissed.
3. Completeallhands-onlabsineachchapter,referringtothetextofthechaptersothatyouunderstandthereasonforeachstepyoutake.Trytogetyourhandsonsomerealequipment,ordownloadtheUCSsimulatorfromwww.cisco.com,whichyoucanuseforthehands-onlabsfoundonlyinthisbook.
4. Answerallofthereviewquestionsattheendofeachchapter.(TheanswersappearinAppendixA.)Notedownthequestionsthatconfuseyou,andstudythetopicstheyaddressagainuntiltheconceptsarecrystalclear.Andagain,andagain—donotjustskimthesequestions!Makesurethatyoufullycomprehendthereasonforeachcorrectanswer.Rememberthatthesearenottheexactquestionsthatyouwillfindontheexam,butthey’rewrittentohelpyouunderstandthechaptermaterialandultimatelypasstheexam!
5. Tryyourhandatthepracticeexamquestionsthatareexclusivetothisbook.Thequestionscanbefoundathttp://sybextestbanks/wiley.com.
6. Testyourselfusingalloftheflashcards,whicharealsofoundatthedownloadlink.Theseareawonderfulstudytoolwithbrand-new,updatedquestionstohelpyouprepareforCCNADataCenterexam!
Tolearneverybitofthematerialcoveredinthisbook,you’llhavetoapplyyourselfregularlyandwithdiscipline.Trytosetasidethesametimeperiodeverydaytostudy,andselectacomfortableandquietplacetodoso.We’reconfidentthatifyouworkhard,you’llbesurprisedathowquicklyyoulearnthismaterial!
Ifyoufollowthesestepsandreallystudy—doingHands-OnLabseverysingledayinadditiontousingthereviewquestions,thepracticeexam,andtheelectronicflashcards—itwouldactuallybehardtofailtheCiscoexam.Youshouldunderstand,however,thatstudyingfortheCiscoexamsisalotlikegettinginshape—ifyoudonotgotothegymeveryday,it’snotgoingtohappen!
WhereDoYouTaketheExams?YoumaytaketheIntroducingCiscoDataCenterTechnologies(DCICT)oranyCiscoexamatanyofthePearsonVUEauthorizedtestingcenters.Forinformation,checkoutwww.vue.comorcall877–404-EXAM(3926).
ToregisterforaCiscoexam,followthesesteps:
1. Determinethenumberoftheexamthatyouwanttotake.TheIntroducingCiscoDataCenterTechnologiesexamnumberis640–916.
2. RegisterwiththenearestPearsonVUEtestingcenter.Atthispoint,youwillbeaskedtopayinadvancefortheexam.Atthetimeofthiswriting,theexamcosts$250,anditmustbetakenwithinoneyearofyourpayment.Youcanscheduleexamsuptosixweeksinadvanceoraslateasthedayyouwanttotakeit.However,ifyoufailaCiscoexam,youmustwaitfivedaysbeforeyouareallowedtoretakeit.Ifsomethingcomesupandyouneedtocancelorrescheduleyourexamappointment,contactPearsonVUEatleast24hoursinadvance.
3. Whenyouscheduletheexam,you’llgetinstructionsregardingallappointmentandcancellationprocedures,theIDrequirements,andinformationaboutthetesting-centerlocation.
TipsforTakingYourCiscoExamsTheCiscoexamscontainabout65–75questions,andtheymustbecompletedinabout90minutesorless.Thisinformationcanchangebyexam.Youmustgetascoreofabout80percenttopassthe640–916exam,butagain,eachexammaybedifferent.
Manyquestionsontheexamhaveanswerchoicesthatatfirstglancelookidentical—especiallythesyntaxquestions!Soremembertoreadthroughthechoicescarefullybecauseclosejustdoesn’tcutit.Ifyougetcommandsinthewrongorderorforgetonemeaslycharacter,you’llgetthequestionwrong.So,topractice,dothehands-onexercisesattheendofeachchapteroverandoveragainuntiltheyfeelnaturaltoyou.
Also,neverforgetthattherightansweristheCiscoanswer.Inmanycases,morethanoneappropriateanswerispresented,butthecorrectansweristheonethatCiscorecommends.Ontheexam,youwillalwaysbetoldtopickone,two,orthreeoptions,never“chooseallthatapply.”TheCiscoexammayincludethefollowingtestformats:
Multiple-choicesingleanswer
Multiple-choicemultipleanswer
Drag-and-drop
Routersimulations
Herearesomegeneraltipsforexamsuccess:
Herearesomegeneraltipsforexamsuccess:
1. Arriveearlyattheexamcentersothatyoucanrelaxandreviewyourstudymaterials.
2. Readthequestionscarefully.Don’tjumptoconclusions.Makesurethatyou’reclearaboutexactlywhateachquestionasks.“Readtwice,answeronce”iswhatwealwaystellstudents.
3. Whenansweringmultiple-choicequestionsaboutwhichyou’reunsure,useaprocessofeliminationtogetridoftheobviouslyincorrectanswersfirst.Doingthisgreatlyimprovesyouroddswhenyouneedtomakeaneducatedguess.
4. YoucannolongermoveforwardandbackwardthroughtheCiscoexams,sodouble-checkyouranswerbeforeclickingNext,sinceyoucan’tchangeyourmind.
Afteryoucompleteanexam,you’llgetanimmediate,onlinenotificationonwhetheryoupassedorfailed,aprintedexaminationscorereportthatindicatesyourpassorfailstatus,andyourexamresultsbysection.(Thetestadministratorwillgiveyoutheprintedscorereport.)TestscoresareautomaticallyforwardedtoCiscowithinfiveworkingdaysafteryoutakethetest,soyoudon’tneedtosendyourscoretothem.Ifyoupasstheexam,you’llreceiveconfirmationfromCisco,typicallywithintwotofourweeks,sometimesabitlonger.
DCICTExamObjectivesFollowingarethemajorobjectivesoftheDCICTexam:
CandidateswilldemonstrateknowledgeofCiscodatacenterproductsandtechnologiesincludingtheUCS,MDS,andNexusseriesofproducts.
Theexamrequiresin-depthknowledgeofnetworkservices,storageconcepts,networking,devicevirtualization,andUCSservermanagementandconfiguration.
ExamtakerswillshowtheirskillsinusingandconfiguringCiscodatacentertechnology,includingNexusfeatures,MDSSANoperations,theUCSserversystem,convergednetworking,andnetworkservicessuchasloadbalancing.
ThisstudyguidehasbeenwrittentocovertheCCNADataCenter640–916examobjectivesatalevelappropriatetotheirexamweightings.Thefollowingtableprovidesabreakdownofthisbook’sexamcoverage,showingyoutheweightofeachsectionandthechapterwhereeachobjectiveorsubobjectiveis
weightofeachsectionandthechapterwhereeachobjectiveorsubobjectiveiscovered:
Objective/Subobjective PercentageofExam
Chapters
1.0CiscoDataCenterFundamentalsConcepts 30% 11.1aLAN 11.1.bSAN 11.2DescribetheModularApproachinNetworkDesign 11.3Describethedatacentercorelayer 11.4Describethedatacenteraggregationlayer 11.5Describethedatacenteraccesslayer 11.6Describethecollapsecoremodel 11.7DescribeFabricPath 11.8IdentifykeydifferentiatorbetweenDCIandnetworkinterconnectivity
1
1.9Describe,configure,andverifyvPC 11.10Describethefunctionalityofandconfigurationofportchannels
1
1.11Describeandconfigurevirtualdevicecontext(VDC)
1
1.12Describetheedge/corelayersoftheSAN 11.13DescribetheCiscoNexusproductfamily 21.14Configureandverifynetworkconnectivity 11.15Identifycontrolanddataplanetraffic 11.16Performinitialsetup 12.0DataCenterUnifiedFabric 20% 62.1DescribeFCoE 62.2DescribeFCoEmultihop 62.3DescribeVIFs 62.4DescribeFEXproducts 62.5Performinitialsetup 63.0StorageNetworking 18% 3
3.0StorageNetworking 18% 33.1DescribetheSANinitiatorandtarget 33.2VerifySANswitchoperations 33.3DescribebasicSANconnectivity 33.4Describethestoragearrayconnectivity 33.5Verifynameserverlogin 33.6Describe,configure,andverifyzoning 33.7Performinitialsetup 33.8Describe,configure,andverifyVSAN 34.0DCVirtualization 14% 54.1DescribedeviceVirtualization 54.2DescribeServerVirtualization 54.3DescribeNexus1000v 54.4VerifyinitialsetupandoperationforNexus1000 55.0UnifiedComputing 17% 7,85.1Describeandverifydiscoveryoperation 7,85.2Describe,configure,andverifyconnectivity 7,85.3Performinitialsetup 6,7,85.4DescribethekeyfeaturesofUCSM 7,86.0DataCenterNetworkServices 1% 46.1DescribestandardACEfeaturesforloadbalancing 46.2DescribeserverloadbalancingvirtualcontextandHA
4
6.3Describeserverloadbalancingmanagementoptions 46.4DescribethebenefitsofCiscoGlobalLoadBalancingSolution
4
6.5DescribehowtheCiscogloballoadbalancingsolutionintegrateswithlocalCiscoloadbalancers
4
6.6DescribeCiscoWAASneedsandadvantagesinthedatacenter
4
Examobjectivesaresubjecttochangeatanytimewithoutprior
noticeandatCisco’ssolediscretion.PleasevisitCisco’scertificationwebsite(http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/dcict.html)forthelatestinformationontheDCICTexam.
AssessmentTest1. Whichofthefollowingischaracteristicofavirtualdevicecontext(VDC)?
A. AllowsLayer2accessacrossaLayer3network
B. Allowsmultipleloadbalancersononevirtualappliance
C. AllowsoneNexustoappearasmultiplevirtualswitches
D. SeparatesthecontrolandforwardingplanesonaNexus5500
2. FabricPathnetworkingissupportedonwhatCiscoswitchingplatforms?(Choosetwo.)
A. Nexus2000
B. 1000V
C. Nexus7000series
D. MDS9000series
E. Catalyst6513
F. Nexus5500
3. WhatpartofaNexus7000switchcontrolsthedataplane?
A. CMP
B. UCSM
C. Crossbarfabric
D. Supervisormodule
4. WhichNexusproductssupportLayer3switching?(Choosetwo.)
A. 2248PP
B. 5548
C. 5010
D. 7008
E. 2148T
5. FabricPathrequireswhatSpanningTreeoptionstobeset?
A. STPisrequiredontheedgeoftheFabricPathdomain.
B. MSTisthesuggestedconfigurationforSTPoverFabricPath.
C. STPisnotrequiredwhenFabricPathisused.
6. FibreChanneluseswhattoidentifyspecificports?
A. UUID
B. MAC
C. WWPN
D. FN_AL
7. TheCiscoACEloadbalanceruseswhatasitsdefaultpredictor?
A. Leastloaded
B. Responsetime
C. RoundR-robin
D. Leastconnections
8. WhatcommandisusedtodisplayallconnectedVEMsona1000VVSM?
A. showvembrief
B. show1000vmodules
C. showinventory
D. showmodule
E. showchassis
9. TheNexus1000VvirtualEthernetswitchcontainswhichofthefollowingfeatures?(Choosethree.)
A. Routing
B. CiscoDiscoveryProtocol
C. NX-OScommandline
D. Loadbalancing
E. Distributedlinecards
10. Whenconnectingaservertoastoragedevice,whatprotocolscanbeused?(Choosethree.)
A. FTP
B. NFS
C. iSCSI
D. FibreChannel
E. SecureCopy
11. ToenablelosslesstrafficinFCoE,IEEE802.1pisused.HowmanyCoSbitsareused?
A. 2
B. 3
C. 4
D. 8
E. 16
12. Thevirtualizationsoftwarethatrunsonaserverthatallowsguestoperatingsystemstorunonitiscalledwhat?
A. KVM
B. Hypervisor
C. VMware
D. UCS
E. Virtualization
13. TheCiscoUCSsystemwasdesignedtoaddresswhatissues?(Choosethree.)
A. SeparateEthernetandFibreChannelnetworking
B. Difficultymanagingalargenumberofservers
C. Lackofmanagementsystemintegration
D. Issuesencounteredwhenreplacingorupgradingaserver
E. Cloudhostingformfactors
14. TheUCSfabricinterconnectredundantconfigurationrequireshowmany
interconnects?
A. Two
B. Three
C. Four
D. Six
15. WhatprocessmonitorstheadditionandremovalofcomponentsinaUCSsystem?
A. Discoverydaemon
B. Scavengerprocess
C. Finitestatemachine
D. Hardwarearbitration
E. SNMPagent
16. UCSManagerSstoragepoolscontainwhichofthefollowing?(Choosetwo.)
A. WWPN
B. UUID
C. LUN
D. WWNN
17. Whenperformingtheinitialsetuponfabricinterconnects,whatarethetwoinstallationmodesavailable?
A. SNMP
B. GUI
C. SMTP
D. Console
E. CLI
18. WhichFEXproductsupportsonly1Gonallports?
A. 2148T
B. 2148E
C. 2232TM
D. 2248TP
E. 2232PP
19. WhatNexusproductlinesupportshigh-density40Ginterfacesandsoftwaredefinednetworking?
A. 7018
B. 7700
C. 5596
D. 9000
20. OntheMDS9000seriesSANswitches,whatprovidesfortheequivalentofphysicalseparationoftheswitchingfabric?
A. VLAN
B. LUN
C. Zone
D. FLOGI
E. VSAN
AnswerstoAssessmentTest1. C.AvirtualdevicecontextallowsaphysicalNexusswitchtobepartitioned
intoseverallogicalorvirtualswitches.AnswerAdescribesOTV,answerBisnotanaccuratetopology,andanswerDisnotrelatedtoVDC.WeintroduceVDCsinChapter1,“DataCenterNetworkingPrinciples”1ofthisStudyGuide.
2. C,F.Ofthechoicesgiven,onlytheNexus5500and7000offerFabricPathsupport,asdescribedinChapter1.
3. C.TheunifiedcrossbarfabricintheNexus7000interconnectsthelinecardsdataplane,anditisinsertedinthebackplane.CMPandUCSMareUCSproducts,andthesupervisormodulemanagesthecontrolplaneandnotthedataplane.WewilltakeadeepdiveintotheNexusproductlineinChapter2,“NetworkingProducts.”
4. BandD.OnlytheNexus5500seriesandtheNexus7000serieshaveLayer3support,asdescribedinChapter2.
5. C.FabricPathisaSpanningTreereplacement,anditdoesnotrequirethatSTPbeactive,ascoveredinChapter1.
6. C.TheWorldWidePortNameisusedinFibreChanneltoidentifyuniqueportnamessuchasahostbusadapterwithasingleport.Theotheranswersofferedarenotrelevant.StoragenetworkingandunifiedfabricsarecoveredinChapter3,“DataCenterNetworkingTechnologies”andChapter6,“UnifiedFabric.”
7. C.RoundrobinisthedefaultpredictorontheACEloadbalancer,anditcanbechangedtotheotheroptionslisted.WewilldiscussnetworkingservicesinChapter4,“DataCenterNetworkServices.”
8. D.showmoduleistheonlyvalid1000Vcommand,anditdisplaysinformationonconnectedvirtualEthernetmodules.SeeChapter5,“Nexus1000V”5foradditionalinformation.
9. B,C,andE.The1000VisavirtualizedNexusrunningthesameNX-OSoperatingsystemasthehardwareNexusversions.Thefeaturesetisfoundinthestand-aloneNexusswitches,anditisincludedinthevirtualswitchaswell.SeeChapter5foradditionalinformation.
10. B,C,andD.WhenconnectingtoaremotestorageNetworkFileSystem,iSCSIandFibreChannelareused.SecurecopyandFTParefiletransferandnotstorageprotocols.SeeChapter6,“UnifiedFabric”6formoreinformation.
11. B.ThreebitsareavailableforCoSmarkinginthe802.1pheadertomaptrafficclasses,whichiscoveredinChapter6.
12. B.Ahypervisorrunsonbaremetalservers,anditallowsvirtualmachines,sometimescalledguestoperatingsystems,torunontopofit.ThisisinvestigatedinChapter7,“CiscoUCSPrinciples.”
13. A,B,andD.TheUCSwasspecificallydesignedtoovercomethechallengesofintegratingLANandSANintoacommonfabric,howtomanagealargenumberofserverinstanceswithasingleapplications,andeaseofmigrationsandupgradeissuesseenoncommonserverhardwarearchitecture.ThesearecoveredinChapter7.
14. A.AUCSfabricinterconnectisformedwhenAandBswitchesarerunningtheUCSMcodeforredundancy.Thereisnoallowancefortwofabricinterconnectsinacluster,asdescribedinChapter8,“CiscoUCSConfiguration.”
15. A.ThefinitestatemachineintheUCSmonitorsallhardwareadditionsandremovals.AllotherselectionsarenotvalidfortheUCS.UCSdetailsarecoveredinChapter8.
16. AandD.TheUCSManagerusesstoragepoolsdynamicallytoassignWorldWideNodeNamesandWorldWidePortNamestotheserverhardware.UCSManagerdetailsarecoveredinChapter8.
17. BandD.TheconsoleandgraphicaluserinterfacearethetwooptionspresentedwheninitiallyconfiguringafabricinterconnectmoduleandarediscussedinChapter8.
18. A.The2148TisanolderNexus2000productthatdidnotsupport10Ginterfaces.TheNexus2000productlineiscoveredinChapter2.
19. D.TheNexus9000seriesisdesignedtosupportSDNandhashigh-density40GEthernetlinecards,asdescribedinChapter2.
20. E.Avirtualstorageareanetwork(VSAN)providesfortheseparationofstoragetrafficinaSANswitchingfabric.ThisiscoveredindetailinChapter6.
Chapter1DataCenterNetworkingPrinciples
THEFOLLOWINGCCNADCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:
1.0CiscoDataCenterFundamentalsConcepts
1.1Describenetworkarchitecturesforthedatacenteranddescribethepurposeandfunctionsofvariousnetworkdevices
1.1.aLANw
1.1.bSAN
1.2Describethemodularapproachinnetworkdesign
1.3Describethedatacentercorelayer
1.4Describethedatacenteraggregationlayer
1.5Describethedatacenteraccesslayer
1.6Describethecollapsecoremodel
1.7DescribeFabricPath
1.8IdentifykeydifferentiatorsbetweenDCIandnetworkinterconnectivity
1.9Describe,configure,andverifyvPC
1.10Describethefunctionalityofandconfigurationofportchannels
1.11Describeandconfigurevirtualdevicecontext(VDC)
1.12Describetheedge/corelayersoftheSAN
1.13DescribetheCiscoNexusproductfamily
1.14Configureandverifynetworkconnectivity
1.15Identifycontrolanddataplanetraffic
1.16Performinitialsetup
DataCenterNetworkingPrinciplesWiththeriseofcloudcomputingandadvancesinmoderndatacentertechnologies,Ciscohasreleasedahostofnewproductsandtechnologiesdesignedspecificallytomeetandaddresstheuniqueneedsofdatacenternetworking,includingLAN,SAN,andcomputingplatformsofascalableandresilientdatacenter.Theexplosivegrowthinthisareahasalsocreatedaneedforknowledgeableandcertifiedtechnicalstafftomakesenseofitallandtoimplementandsupportdatacenteroperations.
Wewillcoverthetechnologies,products,andprotocolsfortheIntroducingCiscoDataCenterTechnologies640–916CCNADataCenterexaminthisbook.Wewillbeginwithanoverviewandthenadetailedlookatthenetworkingarchitectureofthedatacenter.
TheDataCenterLANThereareuniqueLANrequirementsforthedatacenter,whichCiscohasaddressedwiththeNexusfamilyofdatacenterswitchingproducts.TheNexusproductlineisdesignedfornext-generationdatacenterswitchingand,asyouwillsee,ithasmanyfeaturesthatarespecifictothenetworkingchallengesfoundinlargedatacenters.Manyservicesandtechnologiesareusedprimarilyindatacenters,suchastheconvergenceofLANdataandSANstoragetrafficintooneunifiedswitchingfabric,asshowninFigure1.1.With10GigabitEthernet,themostcommonLANtransport,manynewtechnologieshavebeenimplementedtomakeuseofallofthebandwidthavailableandnotletanyredundantchannelssitidleasabackup.ThesenewtechnologiesincludeFabricPath,virtualPortChannels,TRILL,andothersthatwewillinvestigateasweprogressthroughthischapter.
FIGURE1.1DatacenterLAN
ThedatacenterLANisengineeredformaximumthroughputandextremelyhighredundancy,scalability,andreliability.Withtheintroductionof10,40,and100GigabitEthernet,thespeedoftheswitchingfabricandinterconnectionsisconstantlyincreasingasthebandwidthrequirementsoftheapplicationsgrowexponentially.
Toreducecablingandhardwarerequirementsinsidethedatacenter,theCiscoNexusproductlinehasfeaturessuchasdevicevirtualization,whereonephysicalswitchcanbedividedintoseverallogicalswitchesusingonechassis.
Traditionally,thestorageareanetworkandthelocalareanetworkwereseparateentitieswiththeirownhardwareandcabling,asshowninFigure1.2.Toreducethehardwareandcablingintheracks,technologieswithintheNexusswitchesallowtheLANandSANtosharethesameunifiedswitchingfabric.Figure1.3showsthehardwarereductionwhendataandstoragesharethesamefabric.Thisalsoreducesthecost,power,andcoolingrequirementsinthedatacenter.
FIGURE1.2SeparatedatacenterLAN/SANnetworks
FIGURE1.3Unifieddatacenternetwork
TheDataCenterSANStorageareanetworkinghastraditionallybeenseparatefromtheLANandmanagedbyaspecializedgroupofstorageengineers.WiththeNexus,MDS,andUnifiedComputingSystemsfromCisco,storageareanetworkingcanbeconvergedwithdatatraffictoreduceequipmentcostandpowerandheatingrequirements,consolidatecabling,andimprovemanageability.
StoragenetworksuseadifferentsetofprotocolsthantheEthernetusedinLANs.CommonstorageprotocolsincludeSCSIandFibreChannel.WiththeconvergenceoftheSANandLANnetworks,newprotocolssuchasiSCSIandFCoEhavearrived.
TheInternetSmallComputerSystemInterface(iSCSI)protocolallowsSCSIstoragetraffictotraverseatraditionallocalareaEthernetnetworkusingIPasitstransportprotocol.
FibreChanneloverEthernet(FCoE)wasdevelopedtoencapsulatetheFibreChannelprotocolinsideanEthernetframe.Specializedcardsinsidetheserverscalledconvergednetworkadapters(CNAs)combineFCoEandtraditionalEthernetintooneconnectiontotheNexusswitchingfabric.Theserverseesthenetworkandstorageconnectionsasseparateentities,asifastoragehostbusadapterandanEthernetLANcardwereinstalled.Storageareanetworkingwillbediscussedinalaterchapter.
NetworkDesignUsingaModularApproachThemodularapproachtonetworkingcreatesastructuredenvironmentthateasestroubleshooting,fosterspredictability,andincreasesperformance.Thecommonarchitectureallowsforastandarddesignapproachthatcanbereplicatedasthedatacenternetworkexpands.Severaldifferentdesignscanbeusedbasedonuniqueneeds.
TheDataCenterCoreLayerAttheheartofthedatacenternetworkistheaptlynameCore,asshowninFigure1.4.DataflowsfromtheedgeofthenetworkattheAccesslayertoaconsolidationpointknownastheDistributionlayer.ThevariousDistributionlayerswitchesallconnecttotheCoretoexchangeframeswithotherendpointsinthedatacenterandtocommunicatewiththeoutsideworld.TheCoreistheheartofthenetwork,anditisdesignedtobeveryhighspeedwithlowlatencyandhighredundancy.
FIGURE1.4DatacenterCorenetwork
TheCoreisjustasitsounds—thecenterofthedatacenternetworkwherealloftheserverfarmsandcommunicationracksmeetandinterconnect.TheCoreisgenerallyaLayer3routedconfigurationconsistingofvery-high-speedredundantroutersthataredesignedtoroutetrafficandnotaddmanyservices,whichslowforwardingdown,sincetheyareintendedtobehighperformanceandhighlyreliable.TheCoreinterconnectsthevariousAggregationlayerswitchesandperformshigh-speedpacketswitching.
Thehigh-densityandhighlyredundantNexus7000seriesswitchesaregenerallyusedforcoreswitchingandrouting.
TheDataCenterAggregationLayerThepurposeoftheAggregationlayeristoconsolidatetheAccesslayerswitcheswheretheserverfarmsconnectandprovidetheLayer2switchingtotheLayer3routingboundary.Manyservicesarefoundhere,suchasaccesscontrollists,monitoringandsecuritydevices,aswellastroubleshootingtools,networkacceleration,andload-balancingservicemodules.TheAggregationlayerissometimesreferredtoastheserviceslayer.TheAggregationlayerconsolidatestheAccesslayerandconnectstotheCore.Figure1.5illustratesanaggregateddatacenternetwork.
FIGURE1.5Datacenteraggregatednetwork
TheAggregationlayerisahighlyredundantpairofswitches,suchastheNexus5000orNexus7000series.
TheDataCenterAccessLayer
TheAccesslayeristheedgeofthedatacenternetworkwhereNexusswitchesconnectserversandstoragesystemstothenetwork,asshowninFigure1.6.TheNexus2000andNexus5000seriesswitchesarecommonAccesslayerswitches.
FIGURE1.6DatacenterAccesslayernetwork
Accessswitches,sometimesreferredtoastop-of-the-rackswitches,generallyareineachrack,neartheservers,andhavedense1Gigabitor10GigabitEthernetportsconnectingthehoststothenetwork.Thistop-of-rackdesignkeepscablingshortandconsolidated.Thehigh-density48-or96-portswitchesandFEXlinecardsareplacedasneartotheserversaspossibleinordertokeepthecablingrunsshortandallowformorecost-effectivecablingoptions.
TheAccesslayerswitchesarefoundingreaternumbersthantheAggregationlayerandCorelayerswitches.TheAccesslayerconnectstotheAggregationlayerusingmultipleredundanthigh-speedconnectionsthataregenerallymultiple10GEthernetinterfacesbundledtogetherinaportchannel.
QualityofService(QoS)markingisprovidedattheAccesslayertoidentifythe
QualityofService(QoS)markingisprovidedattheAccesslayertoidentifythetrafficprioritiesproperlyastheyenterthenetwork.
TheCollapsedCoreModelInmanydatacenterdesigns,theAggregationlayerandCorelayercanbecombinedintoacollapsedcoredesign.Figure1.7showsabasiccollapsedcoredesign.AsyouwillseelaterinthischapterwhenemployingafeatureintheNX-OSoperatingsystem,aNexus7000switchcanbevirtualizedandactastwoormorephysicalswitchesinthesamechassis.Thisallowsforaconsolidationofpower,cooling,andrackspacebyfullyutilizingtheNexuschassistoprovidetheservicesofboththeAggregationandCorelayersonthedatacenterdesignmodel.
FIGURE1.7Collapsedcoremodel
FabricPathModerndatacentershavemanybandwidth-intensiveapplicationsthatputademandontheAccess,Aggregation,andCorelayerNexusplatforms.Thecommontransportis10GigabitEthernet,whichhasanexpenseassociatedwith
it.Thetraditionalwayofpreventingswitchingloopsandbroadcaststormswastousethe802.1dSpanningTreeProtocoloroneofitsvariants.Thedownsidetodoingthisisthatmanyofthelinkswereblockedandunuseduntiltherewasafailureofoneoftheprimaryforwardinglinks.Thisisaveryinefficientuseofresources,whichledtothedevelopmentofmultipathload-sharingtechnologiessuchasFabricPathandTRILL.WithFabricPath,theNexusswitchesusecustomsiliconlinecardsandNX-OSfeaturestobuildatopologymapofthenetworkandcomputeashortest-path-firstalgorithm,whichallowsalllinkstobeactiveandforwarding.Ifthereshouldbealinkfailure,theconvergencetimeisextremelyfast.FabricPathisamodernreplacementfortheSpanningTreeProtocol,anditisshowninFigure1.8.
FIGURE1.8FabricPath
IfthissoundslikeroutingLayer2MACaddressframes,itis!Whatistheworldcomingto,anyway?TheroutingprotocolusedisIntermediateSystemtoIntermediateSystem(IS-IS),whichisindependentfromTCP/IPandhasdefinablefieldsthatfitwellwithFabricPath.IS-ISisalink-stateprotocolverysimilartoOSPF,whichcalculatestheshortestpathtothedestination.IS-ISalsoallowsmultiplepathstothedestination,whichovercomesaweaknessin
SpanningTreethatwouldblockalllinksotherthantheonetotherootswitch.Infact,SpanningTreeisdisabledandreplacedbyFabricPath.
ThereisanewerSpanningTreereplacementstandardcalledTransparentInterconnectionofLotsofLinks(TRILL).TRILLisanIEEEstandard,anditwaswrittenbytheoriginaldesignerofSpanningTree.FabricPathisaCiscoproprietaryimplementation.BothFabricPathandTRILLaccomplishthesamegoals.Theyareuniquetechnologiesthataregenerallyfoundonlyindatacenterenvironments.
Tousethesetechnologies,customsiliconchipshadtobedevelopedtoencapsulatetheLayer2frames.TherearealsolicenserequirementstoenabletheFabricPathfeature.CiscoNX-OSrequirestheEnhancedLayer2licensetobeinstalledbeforeenablingFabricPath.
Exercise1.1providesanexampleofenablingthefabricpathfeatureinNX-OSandenteringabasicconfiguration.TheCCNADataCentercertificationdoesnotrequireanin-depthknowledgeofFabricPath,butitishelpfultoknowwhenworkinginamodernNexus-baseddatacenter.
EXERCISE1.1
ConfiguringFabricPathonaNexusSwitch
1. Installthefeature:
N7K-1(config)#installfeature-setfabricpath
2. Enablethefeature:
N7K-1(config)#feature-setfabricpath
3. Verifythatfabricpathisenabled:
N7K-1#showfeature-set
FeatureSetNameIDState
——————————————————
fabricpath2enabled
4. Assignthefabricpath(IS-IS)switchIDs:
Spine1(config)#fabricpathswitch-id1
Spine2(config)#fabricpathswitch-id2
Spine3(config)#fabricpathswitch-id3
Spine4(config)#fabricpathswitch-id4
5. DefinetheVLANsthatwillbetransportedwithfabricpath:
Spine1(config)#vlan100–200
Spine1(config-vlan)#modefabricpath
Spine2(config)#vlan100–200
Spine2(config-vlan)#modefabricpath
Spine3(config)#vlan100–200
Spine3(config-vlan)#modefabricpath
Spine4(config)#vlan100–200
Spine4(config-vlan)#modefabricpath
6. Enablefabricpathontheinterface:
N7K-1(config-if)#switchportmodefabricpath
N7K-1#Showfabricpathisisadjacency
FabricpathIS-ISdomain:defaultFabricpathIS-ISadjacency
database:
SystemIDSNPALevelStateHoldTime
Interface
002a.fa75.c812N/A1UP00:00:23port-
channel1
N7K-1#showfabricpathswitch-id
FABRICPATHSWITCH-IDTABLE
Legend:''—thissystem
=========================================================================
SWITCH-IDSYSTEM-IDFLAGSSTATESTATIC
EMULATED
—————+————————+——————+—————-+——————————
100002a.53be.866PrimaryConfirmedYes
No
101002a.23e4.c663PrimaryConfirmedYes
No
1102002a.23e4.c663PrimaryConfirmedNo
Yes
1103002a.23e4.c663PrimaryConfirmedNo
Yes
TotalSwitch-ids:4
N7K-1#showfabricpathroute
FabricPathUnicastRouteTable
'a/b/c'denotesftag/switch-id/subswitch-id
'[x/y]'denotes[admindistance/metric]
ftag0islocalftag
subswitch-id0isdefaultsubswitch-id
FabricPathUnicastRouteTableforTopology-Default
0/100/0,numberofnext-hops:0
via——,[60/0],80day/s00:51:18,local
HowDoWeInterconnectDataCenters?Thereareuniquerequirementsforinterconnectingdatacentersaswellasmanyoptionsfordoingso.CiscohasdevelopedOverlayTransportVirtualization(OTV),asshowninFigure1.9,toencapsulateLayer2framesinsideaLayer3packetandsenditoveraroutednetworktoaremotedatacenter.ThisMAC-inside-IPapproachallowsVLANstobeextendedbetweendatacenters.SomeoftheapplicationsforVLANextensionarefordisasterrecovery,active-activedatacenters,andtherequirementsofmanyservervirtualizationproductstobeonthesameVLANforthedynamicmovementofvirtualmachinesandvirtualstorage.
FIGURE1.9OverlayTransportVirtualization
ManytypesoftunnelingprotocolshavebeendevelopedovertheyearsincludingLayer2Forwarding,Point-to-PointTunnelingProtocol,genericrouting
encapsulation,andcertaintypesofMultiprotocolLabelSwitching(MPLS),whichisprovidedbythepubliccarriers.
OTVstandsoutasaprotocolspecificallydesignedforinterconnectingdatacenters,becauseithasmanyfeaturesdesignedtopreventnetworkissuesfrompropagatingacrossthenetworktotheremotedatacenter.OTVhashighavailability,SpanningTreesuppression,failureisolation,built-inloopprevention,dynamicencapsulation,multipointdatacentersupport,redundancy,andscalability.Whileitisaverycomplexprotocol,itisrelativelyeasytosetupandoperate,withthecomplexitylargelyhiddenbehindthescenes.OTVissupportedonlyonNexus7000seriesandASR1000routerswithspecificsoftwarelicensesandlinecards.
VirtualPortChannelsInthemoderndatacenter,muchofthearchitectureisdesignedtoensuremaximumuptime,fastfailover,andfullutilizationofalloftheavailablebandwidthinordertomaximizethroughput.WithstandardSpanningTreeconfigurations,onlyoneEthernetinterfacecanbeactivetopreventloopsfromforminginthenetwork.TheconceptofcombiningmultipleEthernetinterfacesintoonelogicalinterfaceeventuallycamealongandallowedforadditionalbandwidthandactiveports.Thoughthisdesignworkswell,ultimatelytheconceptofvirtualPortChannels(vPCs)wasdevelopedbyCiscoandisnowcommoninthedatacenter.
Withstandardportchannels,allinterfacesaregroupedinabundleoriginatinginoneswitchandterminatinginanother.Thisisduetotherequirementofeachswitch’scontrolplanetorecombinethetrafficateachend.
vPC’sareillustratedinFigure1.10.
FIGURE1.10VirtualPortChannels
AvirtualPortChannelbasicallyliestotheconnectedswitchandfoolsitintobelievingthatitisconnectedtooneswitchwheninrealityitisconnectedtotwoupstreamswitches.TheadvantageofvPCsisthatallofthelinkscanbeusedandnotputintoblockingmodeaswouldbethecasewiththeSpanningTreeProtocol.Thisprovidesforadditionalthroughput,betterutilizationofexpensive10Gconnections,veryfastfailover,andactive-activeconnectionsfromthedownstreamportchannelswitchtotheupstreamvPCswitch.Anotheradvantageisthatdual-homedserverscanformaportchannelandruninactive-activemode,therebyincreasingserverbandwidthfromthenetwork.Toprovideforstability,eachofthetwovPCswitchesmaintainsacompletelyindependentcontrolplanesothatbothdevicescanworkindependentlyofeachother.
Thefunctionusedtocombineportchannelsacrossmultiplechassishasneverbeenstandardized,soeachvendorhasitsownimplementation.Thus,mixingandmatchingoccurswhensettingthisup.ANexusswitchrunningvPCwilltalkonlytootherCiscodevicesthatsupportvPCs,whichincluderoutersandfirewallsaswellastheNexusswitchingfamilyofproducts.
AnydevicethatsupportseitherstaticordynamicLACPportchannelscanconnecttoavPC-enabledpairofswitches,becauseitiscompletelyunawarethatitistalkingtotwoswitchesandisstillconvincedthatthereisonlyoneswitch.
itistalkingtotwoswitchesandisstillconvincedthatthereisonlyoneswitch.
Listing1.1showsthebasicvPCconfigurationandcommandsthatareusedinconfiguringvirtualPortChannelsinNX-OS.
Listing1.1:VirtualPortChannelconfiguration
N7K-1#showrunvpc
!Command:showrunning-configvpc
!Time:SatSep2010:33:392014
featurevpc
vpcdomain201
peer-switch
peer-keepalivedestination172.16.1.2source10.255.255.1vrf
vpc-keepalive
peer-gateway
interfaceport-channel1
vpcpeer-link
interfaceport-channel21
vpc21
interfaceport-channel22
vpc22
interfaceport-channel100
vpc100
interfaceport-channel101
vpc101
interfaceport-channel102
vpc102
interfaceport-channel103
vpc103
interfaceport-channel104
vpc104
interfaceport-channel200
vpc200
interfaceport-channel201
vpc501
ThevPCroledefinesthemasterandbackupswitchesandtheswitchthattakesmanagementcontrolduringafailover.
Listing1.2isanexampleshowingtheroleofthevirtualPortChannelsperswitch.
Listing1.2:RoleofvPCperswitch
N7K-1#showvpcrole
vPCRolestatus
——————————————————————————
vPCrole:primary
DualActiveDetectionStatus:0
vPCsystem-mac:00:23:04:ce:43:d9
vPCsystem-priority:32667
vPClocalsystem-mac:b3:87:23:ec:3a:38
vPClocalrole-priority:32667
ThevPCpeerkeepaliveisacommunicationchannelbetweenthetwovPC-speakingswitches,anditprovidesforhealthchecksandgracefulfailoverduringanetworkinterruption:
N7K-1#showvpcpeer-keepalive
vPCkeepalivestatus:peerisalive
—Peerisalivefor:(11010015)seconds,(443)msec
—Sendstatus:Success
—Lastsendat:2014.09.2014:44:29203ms
—Sentoninterface:Po10
—Receivestatus:Success
—Lastreceiveat:2014.09.2014:44:29707ms
—Receivedoninterface:Po10
—Lastupdatefrompeer:(0)seconds,(412)msec
vPCKeepaliveparameters
—Destination:172.16.1.2
—Keepaliveinterval:1000msec
—Keepalivetimeout:5seconds
—Keepaliveholdtimeout:3seconds
—Keepalivevrf:vpc-keepalive
—Keepaliveudpport:3200
—Keepalivetos:192
ThevPCpeerlinkinterconnectsthetwovPCswitches,anditisrecommendedtouseaportchannelofatleasttwo10Gigabitinterfacestocross-connecttheswitches.Thepeerlinkisfordatatrafficthatneedstocrossfromoneswitchtoanotherincaseofafailureofbroadcastormulticasttraffic:
N7K-1#showvpcstatisticspeer-link
port-channel1isup
adminstateisup,
Hardware:PortChannel,address:3200.b38723.ec3a(bia
3200.b38723.ec3a)
Description:INTERCONNECTTON7K-2
MTU9216bytes,BW50000000Kbit,DLY10usec
reliability255/255,txload1/255,rxload11/255
EncapsulationARPA,mediumisbroadcast
Portmodeistrunk
full-duplex,10Gb/s
Inputflow-controlisoff,outputflow-controlisoff
Auto-mdixisturnedoff
Switchportmonitorisoff
EtherTypeis0x8100
Membersinthischannel:Eth1/10,Eth1/11,Eth1/12,Eth1/13,
Eth1/14
Lastclearingof"showinterface"counters1w2d
0interfaceresets
30secondsinputrate2312842168bits/sec,326853packets/sec
30secondsoutputrate54908224bits/sec,18376packets/sec
Load-Interval#2:5minute(300seconds)
inputrate1.57Gbps,254.97Kpps;outputrate65.88Mbps,
17.80Kpps
RX
2656098890478unicastpackets3488139973multicastpackets
1065572884broadcastpackets
2660652603335inputpackets2510549942324604bytes
597047427jumbopackets0stormsuppressionpackets
0runts0giants0CRC0nobuffer
0inputerror0shortframe0overrun0underrun0ignored
0watchdog0badetypedrop0badprotodrop0ifdowndrop
0inputwithdribble1622248inputdiscard
0Rxpause
TX
176774626032unicastpackets3605583220multicastpackets
1197006145broadcastpackets
181577215397outputpackets97473344394685bytes
23357961jumbopackets
0outputerror0collision0deferred0latecollision
0lostcarrier0nocarrier0babble31541967outputdiscard
0Txpause
Listing1.3isanexampleofavPCtrunkconnectingtoadownstreamswitch,suchasaNexus5000,whichisconfiguredasaregularportchannel:
Listing1.3:ShowVPCstatisticsVPC100
N7K-1#showvpcstatisticsvpc100
port-channel100isup
adminstateisup,
vPCStatus:Up,vPCnumber:100
Hardware:PortChannel,address:3200.b38723.ec3a(bia
3200.b38723.ec3a)
Description:vPCTODOWNSTREAM5K-1and2
MTU9216bytes,BW20000000Kbit,DLY10usec
reliability255/255,txload2/255,rxload4/255
EncapsulationARPA,mediumisbroadcast
Portmodeistrunk
full-duplex,10Gb/s
Inputflow-controlisoff,outputflow-controlisoff
Auto-mdixisturnedoff
Switchportmonitorisoff
EtherTypeis0x8100
Membersinthischannel:Eth6/18,Eth6/19
Lastclearingof"showinterface"counters6w5d
0interfaceresets
30secondsinputrate317316592bits/sec,58271packets/sec
30secondsoutputrate214314544bits/sec,51157packets/sec
Load-Interval#2:5minute(300seconds)
inputrate283.62Mbps,51.76Kpps;outputrate212.04Mbps,
46.53Kpps
RX
265673077175unicastpackets587638532multicastpackets
77788213broadcastpackets
266338503920inputpackets233085090809109bytes
578180403jumbopackets0stormsuppressionpackets
0runts0giants0CRC0nobuffer
0inputerror0shortframe0overrun0underrun0ignored
0watchdog0badetypedrop0badprotodrop0ifdowndrop
0inputwithdribble10inputdiscard
0Rxpause
TX
217921592575unicastpackets433277238multicastpackets
375222491broadcastpackets
218730092304outputpackets118403825418933bytes
11548617jumbopackets
0outputerror0collision0deferred0latecollision
0lostcarrier0nocarrier0babble6278758outputdiscard
0Txpause
UnderstandingPortChannelsPortchannelingistheprocessoflogicallyconnectingmultiplephysicalinterfacesintoonelargerandhigher-bandwidthlogicalinterfaceforadditionalspeedandredundancy(seeFigure1.11).Thebenefitsofcreatingportchannelsareincreasedbandwidthandlinkredundancy.TherecanbetwotoeightlinksaggregatedintoasingleEtherChannel,andhundredsofEtherChannelscanbeconfiguredonaNexusswitch.
FIGURE1.11Portchannels
Trafficisdistributeddownanassignedlinkbasedonahashoftheconfiguredload-balancealgorithm.MethodsusedtodistributetrafficareaMACaddress,IPaddress,orLayer4port.Theydonotneedtomatchoneachendofthelink,buttrafficdistributionwillbeunevenifnot.Bestpracticeistohavetheload-balancealgorithmmatchoneachendofthelink,butitisnotrequired.
N5K-1#showEtherchannelload-balance
N5K-1#port-channelload-balance<dest-ip|dst-mac|src-dst-ip|
src-dst-mac|src-ip|srv-mac>
Broadcastandmulticasttrafficisallsentdownonlyoneassignedlink.Ifalinkgoesdown,trafficisdynamicallymovedovertoanotherlink,butitdoesnotmovebackifthelinkcomesbackup.
Therearetwosupportedlinkaggregationprotocols.Thefirstisastatictypeofconfigurationwhereitisenabledandalwayson.ThesecondmethodisadynamicnegotiationbasedontheLinkAggregationControlProtocol(LACP).AnolderCiscoproprietarylinkaggregationapproachcalledPortAggregationProtocol(PaGP)isnotsupportedinNX-OS,soallconnecteddevicesmust
supporteitherLACPorstaticportchannels.
ToformanEtherChannelbetweentwoswitches,somebaseconditionsmustbemet.Allportsmustbethesameduplexandspeed,andinterfacesgroupedinabundleareredundant(thetrafficflowsfailover).NointerfacesinabundlecanbeSPANports(nosniffing),andinterfacesgroupedinabundlemustbeinthesameVLAN/trunk(configuredonrealinterfacesusingtherangecommand).Also,anychangestoaportchannelinterfaceaffectallbundleportswithwhichitisassociated.Anychangestoindividualportsaffectonlythatportandnoneoftheothersinthebundle.
LACPisbasedontheindustrystandardprotocol802.3ad,andithasthreemodesofoperation:
Passive:ThisLACPmodeplacesaportinapassivenegotiationstate.Inthisstate,theportrespondstotheLACPpacketsthatitreceivesbutdoesnotinitiateLACPpacketnegotiation(default).
Active:ThisLACPmodeplacesaportinanactivenegotiatingstate.Inthisstate,theportinitiatesnegotiationswithotherportsbysendingLACPpackets.
On:ThisLACPmodeforcestheinterfacetochannelwithoutLACPnegotiations.
PortchannelscanbeeitherLayer2bridgedwithVLANsoraLayer3IPportchannelinterfaceroutedportusingthenoswitchportcommand.
LACPusesapriorityvalueofsystempriorityplusMACaddress.ThelowestvalueisallowedtomakedecisionsaboutwhichportswillactivelyparticipateinanEtherChannelandwhichportswillbeheldinastandbysite:
N5K-1(config-if)#channel-group<1-x>mode<active|on|etc.>
N5K-1(config)#interfacerangefastethernet0/1—2
N5K-1(config-if)#channel-group5modepassive|active
Ifoneendoftheportchannelisconfiguredaspassive,theotherendmustbeactiveinordertonegotiatetheportchannelsuccessfully.Thedefaultispassive,soyoumustpayattentiontotheconfigurationsonbothends.
Onemodecreatesagroup,whichisnotamodebutaforcedstaticconfiguration.Itisneitheractivenorpassiveanddoesnotsendoutnegotiationpackets.Theportchannelishard-configuredwithoutusingLACPwhenOnisused.
ConfiguringthechannelgroupasOncreatesanewinterface,port-channel1,andstaticallyconfiguresanEtherChannelwithnoLACPnegotiations:
N5K-1(config-if)#channel-group1on
Toconfigureaportchannel,usetheinterfaceconfigurationcommandchannel-group,andaddittothegroupthatsharesthesameportchannelnumberthatyouassign.Thisalsocreatesaportchannelinterface,suchasInterfacePo1.TheconfigurationisshowninListing1.4.
Listing1.4:Usingtheinterfaceconfigurationcommand
N5K-1(config-if)#interfaceFastEthernet0/1
N5K-1(config-if)#switchporttrunkencapsulationdot1q
N5K-1(config-if)#channel-group1modeactive
N5K-1(config-if)#interfaceFastEthernet0/2
N5K-1(config-if)#switchporttrunkencapsulationdot1q
N5K-1(config-if)#channel-group1modeactive
Toviewportchannelconfigurationsandstatistics,usethefollowingcommands:
N5K-1#showlacpcounters
N5K-1#showlacpinternal
N5K-1#showlacpneighbor
N5K-1#showlacpsys-id
N5K-1#showlacpport-channel
Thefollowingisaportchannelload-balancingconfiguration:
N5K-1#showport-channelload-balance
System:source-dest-ip
PortChannelLoad-BalancingAddressesUsedPer-Protocol:
Non-IP:source-dest-mac
IP:source-dest-ipsource-dest-mac
Youmayneedtomodifytheload-balancemetricinsituationswherethetrafficloadoverindividuallinksisnotoptimal.ThiscouldbecausedbyasingleMACaddressthatmatchesaconfiguration,whichdirectsalltrafficdownthesameEthernetlink.Bymodifyingtheload-balancemetricforyourenvironment,youcanbalancetrafficoptimallyoverallEthernetlinksintheportchannel.
Thefollowingoptionsallowyoutoadjusttheload-balancemetricssystem-wide:
destination-ipDestinationIPaddress
destination-macDestinationMACaddress
destination-portDestinationTCP/UDPport
source-dest-ipSource&DestinationIPaddress
source-dest-macSource&DestinationMACaddress
source-dest-portSource&DestinationTCP/UDPport
source-ipSourceIPaddress
source-macSourceMACaddress
source-portSourceTCP/UDPport
N7K-1#showport-channelcapacity
Port-channelresources
1600total10used1590free0%used
N7K-1#showport-channelcompatibility-parameters
portmode
Membersmusthavethesameportmodeconfigured.
portmode
Membersmusthavethesameportmodeconfigured,eitherE,For
AUTO.If
theyareconfiguredinAUTOportmode,theyhavetonegotiateEor
Fmode
whentheycomeup.Ifamembernegotiatesadifferentmode,itwill
be
suspended.
speed
Membersmusthavethesamespeedconfigured.Iftheyareconfigured
inAUTO
speed,theyhavetonegotiatethesamespeedwhentheycomeup.If
amember
negotiatesadifferentspeed,itwillbesuspended.
MTU
MembershavetohavethesameMTUconfigured.Thisonlyappliesto
ethernet
port-channel.
shutlan
Membershavetohavethesameshutlanconfigured.Thisonly
appliesto
ethernetport-channel.
MEDIUM
Membershavetohavethesamemediumtypeconfigured.Thisonly
appliesto
ethernetport-channel.
Spanmode
Membersmusthavethesamespanmode.
loadinterval
Membermusthavesameloadintervalconfigured.
negotiate
Membermusthavesamenegotiationconfigured.
subinterfaces
Membersmustnothavesub-interfaces.
DuplexMode
MembersmusthavesameDuplexModeconfigured.
EthernetLayer
MembersmusthavesameEthernetLayer(switchport/no-switchport)
configured.
*SpanPort
MemberscannotbeSPANports.
*StormControl
Membersmusthavesamestorm-controlconfigured.
FlowControl
Membersmusthavesameflowctrlconfigured.
Capabilities
Membersmusthavecommoncapabilities.
Capabilitiesspeed
Membersmusthavecommonspeedcapabilities.
Capabilitiesduplex
Membersmusthavecommonspeedduplexcapabilities.
ratemode
Membersmusthavethesameratemodeconfigured.
CapabilitiesFabricPath
Membersmusthavecommonfabricpathcapability.
PortisPVLANhost
PortChannelcannotbecreatedforPVLANhost
1Gportisnotcapableofactingaspeer-link
Membersmustbe10GtobecomepartofavPCpeer-link.
EthType
MembersmusthavesameEthTypeconfigured.
port
MembersportVLANinfo.
port
Membersportdoesnotexist.
switchingport
Membersmustbeswitchingport,Layer2.
portaccessVLAN
MembersmusthavethesameportaccessVLAN.
portnativeVLAN
MembersmusthavethesameportnativeVLAN.
portallowedVLANlist
MembersmusthavethesameportallowedVLANlist.
portVoiceVLAN
Membersmustnothavevoicevlanconfigured.
FEXpinningmax-linksnotone
FEXpinningmax-linksconfigisnotone.
Multipleport-channelswithsameFex-id
Multipleport-channelstosameFEXnotallowed.
*PortboundtoVIF
MemberscannotbeSIFports.
*Membersshouldhavesamefexconfig
MembersmusthavesameFEXconfiguration.
AllHIFmemberportsnotinsamepinninggroup
AllHIFmemberportsnotinsamepinninggroup
vPCcannotbedefinedacrossmorethan2FEXes
vPCcannotbedefinedacrossmorethan2FEXes
MaxmembersonFEXexceeded
MaxmembersonFEXexceeded
vPCcannotbedefinedacrossSTandAAFEX
vPCcannotbedefinedacrossSTandAAFEX
Slotinhostvpcmode
Cannotaddcfgedslotmembertofabricpovpc.
UntaggedCosParams
Membersmusthavethesameuntaggedcos.
PriorityFlowControlParams
Membersmusthavethesamepriorityflowcontrolparameters.
UntaggedCosParams
Membersmusthavethesameuntaggedcos.
PriorityFlowControlParams
Membersmusthavethesamepriorityflowcontrolparameters.
queuingpolicyconfiguredonport-channel
queuingservice-policynotallowedonRWHIF-portsandRWHIF-Po.
Portpriority-flow-control
PFCconfigshouldbethesameforallthemembers
Port-channelwithSTPconfiguration,notcompatiblewithHIF
HIFportscannotbeboundtoport-channelwithSTPconfiguration
PortSecuritypolicy
Membersmusthavethesameport-securityenablestatusasport-
channel
Dot1xpolicy
Membersmusthavehostmodeasmulti-hostwithnomab
configuration.Dot1X
cannotbeenabledonmemberswhenPortSecurityisconfiguredon
port
channel
PCQueuingpolicy
QueuingpolicyforthePCshouldbesameassystemqueuingpolicy
SlotinvpcA-Amode
CannotaddActive-Activehifporttovpcpo.
*PVLANportconfig
MembersmusthavesamePVLANportconfiguration.
*Emulatedswitchporttypepolicy
vPCportsinemulatedswitchcomplexshouldbeL2MPcapable.
VFCboundtointerface.Cannotadd
thisinterfacetotheportchannel.
VFCboundtoportchannel
PortChannelsthathaveVFCsboundtothemcannothavemorethan
onemember
VFCboundtoFCoEcapableportchannel
PortChannelsthathaveVFCsboundtothemcannothavenonfcoe
capablemember
VFCboundtomemberportofportchannel.
Failtoaddadditionalinterfacetoportchannel
vfcboundtomemberportofhifpo,Twomemberscannotbeonthe
samefex
Failtoaddadditionalinterfacetoportchannel
Flexlinkconfig
Featuresconfiguredonmemberinterfacemustbesupportableby
Flexlink.
Tolookattheportchannelstatistics,usethecommandsshowninListing1.5:
Listing1.5:Viewingportchannelstatistics
N7K-1#showport-channeldatabase
port-channel1
Lastmembershipupdateissuccessful
1portsintotal,1portsup
FirstoperationalportisEthernet1/40
Ageoftheport-channelis11d:00h:06m:26s
Timesincelastbundleis11d:00h:07m:20s
LastbundledmemberisEthernet6/36
Ports:Ethernet6/36[active][up]*
port-channel2
Lastmembershipupdateissuccessful
2portsintotal,0portsup
Ageoftheport-channelis11d:00h:06m:26s
Timesincelastbundleis11d:00h:07m:20s
LastbundledmemberisEthernet6/38
Ports:Ethernet6/37[active][individual]
Ethernet6/38[active][individual]
N7K-1#showport-channelinternalmax-channels
Maxportchannels=4096
N7K-1#showport-channelsummary
Flags:D—DownP—Upinport-channel(members)
I—IndividualH—Hot-standby(LACPonly)
s—Suspendedr—Module-removed
S—SwitchedR—Routed
U—Up(port-channel)
M—Notinuse.Min-linksnotmet
————————————————————————————————————————
GroupPort-TypeProtocolMemberPorts
Channel
————————————————————————————————————————
1Po1(SU)EthLACPEth3/18(P)
2Po2(SD)EthLACPEth3/20(I)Eth1/45(I)
N7K-1#showport-channeltraffic
ChanIdPortRx-UcstTx-UcstRx-McstTx-McstRx-BcstTx-Bcst
———————-———-———-———-———-———-———-
1Eth3/18100.00%100.00%100.00%100.00%100.00%100.00%
———————-———-———-———-———-———-———-
2Eth3/200.0%0.0%0.0%0.0%0.0%0.0%
2Eth1/50.0%0.0%0.0%0.0%0.0%0.0%
———————-———-———-———-———-———-———-
N7K-1#showport-channelusage
Total2port-channelnumbersused
============================================
Used:1—2
Unused:3—4096
(somenumbersmaybeinusebySANportchannels)
interfaceport-channel1
descriptionDOWNLINKTON5K-1
switchportmodetrunk
spanning-treeporttypenetwork
speed10000
vpcpeer-link
interfaceport-channel2
descriptionDOWNLINKTON5K-2
switchportmodetrunk
speed1000
N7K-1#showinterfaceport-channel1
port-channel1isup
Hardware:PortChannel,address:000c.ae56.ac59(bia
000c.ae56.bd82)
MTU1500bytes,BW10000000Kbit,DLY10usec
reliability255/255,txload1/255,rxload1/255
EncapsulationARPA
Portmodeistrunk
full-duplex,10Gb/s
Inputflow-controlisoff,outputflow-controlisoff
Switchportmonitorisoff
EtherTypeis0x8100
Membersinthischannel:Eth2/44,Eth2/45
Lastclearingof"showinterface"countersnever
30secondsinputrate264560bits/sec,290packets/sec
30secondsoutputrate253320bits/sec,284packets/sec
Load-Interval#2:5minute(300seconds)
inputrate199.38Kbps,152pps;outputrate267.90Kbps,140
pps
RX
13285983170unicastpackets95062519784multicastpackets
15003626146broadcastpackets
123352129100inputpackets30102124993337bytes
3012858323jumbopackets0stormsuppressionpackets
0runts0giants0CRC0nobuffer
0inputerror0shortframe0overrun0underrun0ignored
0watchdog0badetypedrop0badprotodrop0ifdowndrop
0inputwithdribble0inputdiscard
0Rxpause
TX
17914869680unicastpackets1548068310multicastpackets
231568384broadcastpackets
19694506383outputpackets17726936415623bytes
8484408762jumbopackets
9outputerrors0collision0deferred0latecollision
0lostcarrier0nocarrier0babble0outputdiscard
0Txpause
2interfaceresets
interfaceEthernet1/39
descriptionPORT-CHANNEL-1
switchportmodetrunk
channel-group1modeactive
interfaceEthernet1/40
descriptionPORT-CHANNLE-1
switchportmodetrunk
channel-group1modeactive
GoingVirtualwithVirtualDeviceContextsCanyoutakeachainsawandcutthatniceandexpensiveNexusswitchintomanyindividualplatforms?Iwouldnotrecommendit,butthewonderfulworldofvirtualizationallowsonebigphysicalNexusswitchtobeportionedandactas
ofvirtualizationallowsonebigphysicalNexusswitchtobeportionedandactasifitweremanyswitches!
Withvirtualdevicecontexts(VDCs),youcanassignasectionofthelinecardportsandmanagementprocessorcontroltovariousdevices,anditactsasifitwereitsownstandaloneNexusswitch,asshowninFigure1.12.TocommunicatebetweenVDCs,youneedtocableoutofonelinecardportinoneVDCandintotheotherVDCportonthesameswitch.
FIGURE1.12Virtualdevicecontexts
VDCscanbeusedtocreateacollapsedbackbonedesignorinmultitenantdatacenters.Eachcustomercanhavecontrolovertheirownvirtualdevicecontext,totallyindependentofothercustomersconnectedtothesameNexusswitch.
ThefollowingarestepstocreatenewVDCsandassignportstothem:
1. CreateavirtualdevicecontextcalledVDC-2:
N7K-1(config)#vdcVDC-2
Note:CreatingVDC,onemomentplease...
N7K-1(config-vdc)#2014SEP3000:43:18N7K-1%$VDC-1%$
%VDC_MGR-2-VDC_ONLINE:
vdc2hascomeonline
2. CreateanothervirtualdevicecontextcalledVDC-3:
N7K-1(config)#vdcVDC-3
Note:CreatingVDC,onemomentplease...
N7K-1(config-vdc)#2014SEP3000:47:08N7K-1%$VDC-1%$
%VDC_MGR-2-VDC_ONLINE:
vdc3hascomeonline
3. ShowthedefaultandtwonewVDCsconfigured:
N7K-1(config-vdc)#showvdc
vdc_idvdc_namestatemac
—————————-—————
1N7K-1active00:65:30:c8:c4:0a
2VDC-2active00:65:30:c8:fb:61
3VDC-3active00:65:30:c8:21:b6
4. AssignlinecardEthernetinterfacestobeusedbyVDC-2inthechassis:
N7K-1(config-vdc)#vdcvdc-2
N7K-1(config-vdc)#allocateinterfaceethernet1/10,e1/11,
e1/12,e1/13
Movingportswillcauseallconfigassociatedtotheminsource
vdctoberemoved.Areyousureyouwanttomovetheports
(y/n)?[yes]y
N7K-1(config-vdc)#allocateinterfaceethernet2/10,e2/11,
e2/12,e2/13
Movingportswillcauseallconfigassociatedtotheminsource
vdctoberemoved.Areyousureyouwanttomovetheports
(y/n)?[yes]y
N7K-1(config-vdc)#allocateinterfaceether3/1–10
Movingportswillcauseallconfigassociatedtotheminsource
vdctoberemoved.Areyousureyouwanttomovetheports
(y/n)?[yes]y
5. DisplaytheEthernetinterfacesassignedtoVDC-1:
N7K-1(config-vdc)#shvdcvdc-2membership
vdc_id:2vdc_name:VDC-2interfaces:
Ethernet1/10Ethernet1/11Ethernet1/12
Ethernet1/13Ethernet2/10Ethernet2/11
Ethernet2/12Ethernet2/13Ethernet3/1
Ethernet3/2Ethernet3/3Ethernet3/4
Ethernet3/5Ethernet3/6Ethernet3/7
Ethernet3/8Ethernet3/9Ethernet3/10
6. AssignlinecardEthernetinterfacestobeusedbyVDC-3inthechassis:
N7K-1(config-vdc)#vdcvdc-3
N7K1(config-vdc)#allocateinterfaceethernet7/10,e7/11,
e7/12,e7/13
Movingportswillcauseallconfigassociatedtotheminsource
vdctoberemoved.Areyousureyouwanttomovetheports
(y/n)?[yes]y
N7K-1(config-vdc)#allocateinterfaceethernet8/10,e8/11,
e8/12,e8/13
Movingportswillcauseallconfigassociatedtotheminsource
vdctobe
removed.Areyousureyouwanttomovetheports(y/n)?[yes]y
N7K-1(config-vdc)#allocateinterfaceether8/20—24
Movingportswillcauseallconfigassociatedtotheminsource
vdctobe
removed.Areyousureyouwanttomovetheports(y/n)?[yes]y
7. DisplaytheEthernetinterfacesassignedtoVDC-2:
N7K-1(config-vdc)#shvdcvdc-3membership
vdc_id:3vdc_name:VDC-3interfaces:
Ethernet7/10Ethernet7/11Ethernet7/12
Ethernet7/13Ethernet8/10Ethernet8/11
Ethernet8/12Ethernet8/13Ethernet8/20
Ethernet8/21Ethernet8/22Ethernet8/23
Ethernet8/24
8. PerformthefollowingtologintoaVDC:
Usethe"switchtovdc<vdcname>"commandtologintoanew
context:
N7K-1#switchtovdcvdc-2
N7K-1-vdc-2#
N7K-1-vdc-2#exit
N7K-1#
StorageNetworkingwithNexusTheNX-OSoperatingsystemintheNexuslinehasitsrootsinstoragenetworkingandtheCiscoMDSlineofstorageareanetworkswitchingproducts.Toreducecosts,complexity,cabling,power,andcoolinginthedatacenter,thestoragenetworkscansharethesameswitchingfabricasusedintheNexusproducts.
Withconvergednetworkadaptersintheserversystems,thecablingcanbe
Withconvergednetworkadaptersintheserversystems,thecablingcanbegreatlyreducedintheequipmentracksattheaccesstothenetwork.SANandLANtrafficcanconnectoverthesame10GigabitEthernetcablingandcanbeconsolidatedintheswitches.Thestoragetrafficcanbeconsolidatedinthiswayandtheninterconnectedtothestoragenetworktoaccessthestoragecontrollersandsystems.DevelopmentsinsharedfabrictechnologiesallowFibreChanneltobeencapsulatedintoEthernetframesandtosharetheLANswitchingfabric.Withenhancementstoqualityofserviceandflowcontrolmechanisms,theSANtrafficcanbesafeguardedagainstpacketlosstowhichitisinsensitive.
Laterinthebook,wewilltakeadeeperlookintotheconsolidationofLANandSANtrafficintoasharedswitchingfabric.
ConfiguringandVerifyingNetworkConnectivityToconfigurebasicnetworkconnectivityontheNexus7000andNexus5000series,anIPaddressandsubnetmaskmustbeconfiguredonthededicatedEthernetmanagementinterfacecalledmgmt0.Thisiscanbedonethroughtheserialportor,asyouwillseelater,throughaspecializedseriesofconfigurationquestionswheninsetupmode.
N5K-1#configt
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
N5K-1(config)#interfacemgmt0
N5K-1(config-if)#ipaddress192.168.1.5/24
N5K-1(config-if)#exit
N5K-1(config-if)#iproute0.0.0.0/0192.168.1.1
ThemanagementinterfacesofthenetworkingequipmentinthedatacenterdonotgenerallyusethesameEthernetinterfacesthatcarryusertraffic.Thisisdoneforsecuritypurposes,becausewecanplacethemanagementnetworksbehindafirewalltoprotectaccess.SeparatingthemanagementnetworkalsoprovidesanotherconnectionpathintotheNexusswitchesifthereisaproblemwiththeuserdataVLANs.Themanagementnetworkissometimescalledtheout-of-bandnetwork(OOB),anditusesaseparateexternalswitchtointerconnectallofthemanagementports.
IdentifyingControlandDataPlaneTrafficWewillnowdigalittledeeperintothearchitectureofbothswitchesandroutersinordertobecomefamiliarwiththeconceptsofhowmanagementandregular
inordertobecomefamiliarwiththeconceptsofhowmanagementandregulardatatrafficareseparatedinsidetheNexusswitches.DatatakesoneforwardingpaththroughaNexusswitch,andmanagementtrafficisseparateandusesitsowncontrolplane,aswewilldetailbelow.
DataPlaneThedataplane,showninFigure1.13(sometimesknownastheuserplane,forwardingplane,carrierplane,orbearerplane),isthepartofanetworkthatcarriesusertraffic.
FIGURE1.13Dataplane
Thedataplaneisforpacketstransitingthroughtheswitchandisthedatatraffictoandfromserversandotherdevicesinthedatacenter.Thedataplaneiswhatthenetworkreallyexistsfor,andthecontrolandmanagementplanesallowthesetupandmanagementinordertoprovidecorrectforwardinginthedataplane.
Itisimportanttorememberthatthedataplanecarriestrafficthattransitsthroughtheswitchesandroutersandnottothem.
ThedataplaneonaNexus7000usesaunifiedcrossbarfabric.Thefabriccardsarecircuitcardsthatinsertintothe7000chassisandsupplybandwidthtoeach
arecircuitcardsthatinsertintothe7000chassisandsupplybandwidthtoeachcardinthechassis.Thebandwidthisscalablebyaddingadditionalfabricmodules.
ControlPlaneThecontrolplane,illustratedinFigure1.14,consistsofalltrafficthatisdestinedtotheNexusswitchitself.Thiscanbenetworkmanagementtraffic,SSH,Telnet,routingprotocols,SpanningTreesignalingaprotocolanalyzer,ARP,VRRP,andanyothertrafficthattheNexususestocommunicatewithotherdevices.
FIGURE1.14Controlplane
Closelyrelatedtothecontrolplane,andsometimesusedinterchangeably,istheNexusmanagementplane.ThemanagementplaneisusedtomanagetheNexusswitchwithterminalemulationprotocols,suchasSSHandTelnet,andisundercontrolofnetworkmanagementsystemsusingtheSimpleNetworkManagementProtocol(SNMP).ThecontrolandmanagementplanesaremanagedbytheNexussupervisorCPU.
Abuilt-inprotectionmechanisminNX-OSthat’susedtoprotectthecontrolplanefromsecuritydenial-of-service(DoS)attacksiscalledControlPlanePolicing(CoPP).CoPPprovidessecuritybyrate-limitingtrafficfromthe
outsideasitentersthecontrolplane.Ifthereisafloodoftrafficfromlegitimateprotocols,suchasBGP,OSP,orSpanningTree,it’spossiblethattheCPUcanpegat100percentanddenySSH,Telnet,andSNMPconnectionsformanagingtheswitch.Allroutingandswitchingcouldalsobeaffected.CoPPisonbydefault,andwhileitcanbemodified,changingtheparametersisnotrecommendedunlessthereisaverygoodreasonfordoingso.
PerformingtheInitialSetupWhenpoweringupaNexusswitchthathasnoconfigurationsetup,youcanperformaprocesstosetthebaseconfiguration.Youcanrunthisatanytime,butitisusuallyperformedonlyatinitialsetup.WhenanewVDCiscreated,asetupscriptisrunforthatVDCsinceitcomesupinitiallywithablankconfiguration.
Connectaserialcableintotheconsoleportoftheswitch,andpowertheswitchuptoaccessthesetuputility.WhentheNexuscannotfindaconfiguration,itwillpromptyoutoseeifyouwanttorunthesetup.
Youwillneedtoknowseveralitems.ItisalwaysagoodideatousestrongpasswordstoaccesstheNexus.Astrongpasswordmustconsistofeightcharactersthatarenotconsecutivesuchas“abc”orthatdonotrepeatsuchas“ddee.”Alsoavoidusingdictionarywords,andusebothuppercaseandlowercasecharacters.Youmustuseatleastonenumberinastrongpassword.Ifthepassworddoesnotmeettheserequirements,itwillnotbeaccepted.Also,rememberthatthepasswordsarecasesensitive.Forsecurityreasons,allconsoletrafficshouldbeencryptedbyenablingtheSSHprotocolanddisablingTelnet.
ThereisanoptiontomakealloftheEthernetportseitherroutedLayer3orswitchedLayer2andtohavethemenabledordisabledbydefault.Inmostenvironments,theNexuswillmainlyhaveLayer2ports.Youcanchangethisonaper-portbasislaterasneeded.MostoftheCiscoswitchingproductlineleavestheLayer2portsenabledbydefaultandtheLayer3portsdisabled.
Listing1.6providesthesetupdialogsessiononaNexus7000seriesswitch.
Listing1.6:SetupdialogsessiononaNexus7000seriesswitch
——SystemAdminAccountSetup——
Doyouwanttoenforcesecurepasswordstandard(yes/no)[y]:y
Enterthepasswordfor"admin":<password>
Confirmthepasswordfor"admin":<password>
——BasicSystemConfigurationDialogVDC:1——
Thissetuputilitywillguideyouthroughthebasicconfiguration
ofthesystem.Setupconfiguresonlyenoughconnectivityfor
managementofthesystem.
PleaseregisterCiscoNexus7000Familydevicespromptlywithyour
supplier.Failuretoregistermayaffectresponsetimesforinitial
servicecalls.Nexus7000devicesmustberegisteredtoreceive
entitledsupportservices.
PressEnteratanytimetoskipadialog.Usectrl-catanytimeto
skiptheremainingdialogs.
Wouldyouliketoenterthebasicconfigurationdialog(yes/no):
yes
Createanotherloginaccount(yes/no)[n]:yes
EntertheUserloginId:<username>
Enterthepasswordfor"user1":<user_password>
Confirmthepasswordfor"user1":<user_password>
Entertheuserrole(network-operator|network-admin|vdc-
operator|vdc-admin)[network-operator]:<default_role>
Configureread-onlySNMPcommunitystring(yes/no)[n]:yes
SNMPcommunitystring:<snmp_community_string>
Entertheswitchname:<name>
Enablelicensegraceperiod?(yes/no)[n]:yes
ContinuewithOut-of-band(mgmt0)managementconfiguration?
[yes/no]:yes
Mgmt0IPv4address:<mgmt0_ip_address>
Mgmt0IPv4netmask:<mgmt0_subnet_mask>
Configurethedefault-gateway:(yes/no)[y]:yes
IPv4addressofthedefault-gateway:<default_gateway_IP>
ConfigureAdvancedIPoptions(yes/no)?[n]:yes
Configurestaticroute:(yes/no)[y]:yes
Destinationprefix:<destination_ip_prefix>
Destinationprefixmask:<dest_subnet_mask>
Nexthopipaddress:<next_hop_ip_address>
Configurethedefaultnetwork:(yes/no)[y]:yes
DefaultnetworkIPaddress[dest_prefix]:<dest_prefix>
ConfiguretheDNSIPaddress?(yes/no)[y]:yes
DNSIPaddress:ipv4_address
ConfigurethedefaultDNSdomain?(yes/no)[y]:yes
DNSdomainname:<domainname.com>
Enablethetelnetservice?(yes/no)[y]:yes
Enablethesshservice?(yes/no)[y]:yes
Typeofsshkeyyouwouldliketogenerate(dsa/rsa):<key_type>
Numberofkeybits<768–2048>:<number_of_bits>
ConfigureNTPserver?(yes/no)[n]:yes
NTPserverIPaddress:<ntp_server_IP_address>
Configuredefaultinterfacelayer(L3/L2)[L3]:
<default_interface_layer>
Configuredefaultswitchportinterfacestate(shut/noshut)[shut]:
<defaultisshutdown>
ConfigurebestpracticesCoPPprofile
(strict/moderate/lenient/none)[strict]:<profile_policy>
ConfigureCMPprocessoroncurrentsup(slot5)?(yes/no)[y]:yes
cmp-mgmtIPv4address:<IP_address>
cmp-mgmtIPv4netmask:<subnet_mask>
IPv4addressofthedefaultgateway:<default_gateway>
ConfigureCMPprocessoronstandbysup(slot5)?(yes/no)[y]:yes
cmp-mgmtIPv4address:<IP_address>
cmp-mgmtIPv4netmask:<subnet_mask>
IPv4addressofthedefaultgateway:<default_gateway>
Wouldyouliketoedittheconfiguration?(yes/no)[y]:yes
Usethisconfigurationandsaveit?(yes/no)[y]:yes
Whenyousavetheconfiguration,itwillbestoredinNVRAMtosurviveareboot.Severalotherparametersareautomaticallyadded,suchasthebootandNX-OSimagelocations.
SummaryInthisintroductorychaptercoveringtheCiscodatacenterproducts,wediscussedthedifferentdesignmethods,protocols,andtechnologiesthatmakeup
discussedthedifferentdesignmethods,protocols,andtechnologiesthatmakeupthemoderndatacenter.YoulearnedthatLANandSANdatacannowbesentsimultaneouslyacrossaunifiedswitchingfabricthatprovidesmanyadvantagesoverusingseparatenetworks.
WelookedindepthattheNexusfeaturesthatareusedinthedatacenter,suchasvirtualization,whichallowsasingleNexusswitchtobedividedintoseparatelogicalswitches.Weintroducedoverlaytransportandshowedhowitcanbeusedtointerconnectdatacenterstomakethemappearasiftheywerelocallyconnected.
With10GigabitEthernetinterfacesnowbeingusedinthedatacenter,weexamineddifferentmethodsforusingallofthelinksinaparallelandredundantfashioninordertoincreasespeedandefficiency.WeintroducedtechnologiessuchasFabricPathandvirtualPortChannelsthatcanbeusedtoaccomplishthis.
WealsocoveredthebasicsetupandconfigurationofNexusswitchesandthefunctionsoftheinternaldataandcontrolplanes.
Allofthiswillbeexpandedandexploredingreaterdetailasweprogressthroughoutthebook.
ExamEssentialsUnderstandandbeabletoidentifythemodulardatacenterdesign.Itisimportanttoknowthearchitectureofthemoderndatacenter.KnowthattheAccesslayerconnectstheserversandendpointsandthatitiswhereQoSmarkingtakesplace.
TheDistributionlayerinterconnectstheAccesslayerswitchestotheCore,anditprovidesnetworkservicessuchasfirewalls,monitoring,loadbalancing,androuting.
TheCoreiswherethehigh-speedswitchingtakesplace,anditistheheartofthedatacenternetwork.AcollapsedcoredesignisachievedbyusingvirtualdevicecontextsandperformingtheaggregationandcorefunctionsinthesamephysicalNexusswitch.
KnowtheNexusfeaturesthatareusedinthedatacenternetworkenvironment.UnderstandallpartsofvirtualPortChannels,andrecognizetheVPCpeerlinkandpeerkeepalivelinkfunctions.KnowthatavirtualPortChannelallowsforredundancy,fastfailover,andbetterlinkutilizationinthedatacenter.
OverlayTransportVirtualizationisusedtointerconnectdatacentersattheVLANlevelacrossaLayer3routednetwork.OTVencapsulatesVLANsinsideaLayer3IPpacketandroutesittotheremotesitewhereitisde-encapsulated,andbothendsofthenetworkappeartobelocallyconnected.
KnowwhatFabricPathisandwhatitdoes.FabricPathisareplacementfortheSpanningTreeProtocol,anditallowsallnetworklinksinterconnectingtheAccess,Aggregation,andCorelayerstobeactiveatthesametime.FabricPathusesamultipathroutingapproachtoallowmanypathsfromthesendertothereceiverandenableveryfastreroutesshouldalinkfail.
UnderstandtheproductsthatmakeuptheCiscoNexusfamily.TheNexus7000seriesisthechassis-basedplatformthatislocatedattheAggregationandCorelayersofthedatacenternetwork.Ithasredundantsupervisormodulesandpeersupplies.AdditionalslotsareavailableforlinecardstoprovideI/OEthernetconnectionstoupstreamanddownstreamswitchesandconnecteddevices.TheNexus7000hasslotsforfabricmodulesthatinterconnectthelinecardsandprovidetheswitchingbandwidthfordataplanetraffic.
TheNexus5000seriesprovidesconnectivityattheAccesslayer,Aggregationlayer,andinsmallnetworksattheCorelayer.ItisafixedI/Ounitthatcomesin48-and96-portmodels.TheNexus5000seriesdoesnothaveredundantsupervisors,andNexus5000switchesaretypicallydeployedinpairs.
The2000FEXseriesconsistsofremotelinecardsthatcontainnocontrolplaneandconnecttoupstreamNexus5000orNexus7000switches.Knowthatthe2000FEXseriesisalogicalextensionofI/O,muchlikealinecardinachassis-basedswitch.
TheNexus1000isasoftware-onlyswitchthatresidesinvirtualsystemssuchasVMwareinordertoprovideswitchingforthehypervisorandvirtualmachines.
Knowthedifferencebetweencontrolplaneanddataplanetraffic.ControlplanetrafficconsistsoftrafficgoingintoandcomingoutoftheNexusswitch.Thecontrolplanehandlesallroutingprotocoltraffic,SpanningTree,andOTVandsendscontrolinformationbetweenswitches.
DataplanetrafficisusertrafficthatpassesthroughtheNexusswitches.
KnowthatportchannelsareindividualEthernetinterfacesbundledintoonehigh-speedlogicalinterface.Portchannelsarefoundinalldatacenterdesigns.TheyprovideaddedbandwidthforinterconnectingswitchesandconnectingserverfarmstotheAccesslayerofthenetwork.Bycombining
multiplelinks,theyalsoprovideextremelyfastfailoverifalinkgoesdown.Thisfailoverismuchfasterthanmostotherredundancyoptions.Whenconfiguringportchannels,youcansetthemupeitherstaticallyordynamicallybyusingtheLinkAggregationControlProtocol(LACP).Trafficflowsareassignedtoaparticularportchannelusingaload-balancingorhashingapproachtoevenouttheflows.
WhileitmaynotbenecessarytogotoodeepintovirtualizationontheNexus7000series,knowthatitcanbelogicallydividedintomultipleseparateswitchesallresidinginthesamechassisbyusingvirtualdevicecontexts.
WrittenLab1YoucanfindtheanswersinAppendixA.
1. ExaminethediagraminFigure1.15.IdentifythevPCporttypesintheblanksprovided.
A. _______________________________
B. _______________________________
C. _______________________________
FIGURE1.15VPCdiagram
ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter'smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseetheIntroduction.YoucanfindtheanswersinAppendixB.
1. WhichofthefollowingisonefunctionofthedatacenterAggregationlayer?
A. QoSmarking
B. Networkservices
C. Serverfarmconnections
D. High-speedpacketswitching
2. Whichdatacenterdevicessupportvirtualportchannels?(Choosetwo.)
A. MDSseriesswitches
B. Nexus2000seriesswitches
C. Nexus5000seriesswitches
D. Nexus7000seriesswitches
3. WhichofthefollowinglinksinterconnecttwoNexusswitchesconfiguredforvPCandpassservertrafficbetweendataplanes?
A. vPCinterconnectlink
B. vPCpeerlink
C. vPCkeepalivelink
D. vPCportchannellink
4. WhatisneededtoscalethedataplanebandwidthonaNexus7000?
A. Fabricmodules
B. Additionalinterfacemodules
C. Redundantsupervisormodules
D. Systeminterconnectmodule
5. WhereareservicemodulessuchastheASA,WAAS,ACE,andFWSMconnected?
A. Corelayer
B. Networklayer
C. Accesslayer
D. Servicelayer
E. Aggregationlayer
6. TheAccesslayerprovideswhichofthefollowingfunctions?
A. High-speedpacketswitching
B. Routing
C. QoSmarking
D. Intrusiondetection
7. DuringtheinitialsetupofaNexus7000switch,whichofthefollowingareconfigured?
A. VirtualPortChannels
B. SpanningTreemode
C. Routingprotocol
D. Defaultinterfacestate
8. WhatfeatureofNexusswitchesisusedtocreatevirtualswitchesfromonephysicalswitch?
A. vPC
B. OTV
C. COPP
D. VDC
9. TheAggregationlayerprovideswhichtwooperations?
A. Qualityofservicemarking
B. High-speedswitching
C. Servicesconnections
D. Accesscontrollists
10. Whatarethetwolayersofacollapsedbackbonedesign?
A. Accesslayer
B. Overlaylayer
C. Corelayer
D. Aggregationlayer
11. TheCorelayerprovideswhichofthefollowingfunctions?
A. High-speedpacketswitching
B. Routing
C. QoSmarking
D. Intrusiondetection
12. WhattypesofportchannelsaresupportedontheNexusseriesofswitches?(Choosethree.)
A. PaGP
B. LACP
C. vDC
D. Static
13. Virtualdevicecontextsareusedinwhichofthefollowing?(Choosetwo.)
A. Nexussegmentation
B. Collapsedcore
C. VDCsupport
D. Storageareanetworking
14. OTVisusedforwhichofthefollowing?(Choosetwo.)
A. Creatingvirtualswitches
B. ExtendingVLANsacrossaroutednetwork
C. ProtectingthecontrolplanefromDoSattacks
D. Interconnectingdatacenters
15. Whichofthefollowingisusedtoprotectthecontrolplanefromdenial-of-serviceattacks?
A. SNMP
B. OSPF
C. CoPP
D. STP
16. FabricPathprovideswhatfunctionsinthedatacenter?(Choosetwo.)
A. Interconnectingdatacenters
B. ReplacingSpanningTree
C. Connectingstoragetothefabric
D. Allowingalllinkstobeused
17. ANexusswitchcansupporttheSCSIprotocolencapsulatedinwhichofthefollowing?(Choosethree.)
A. iSCSI
B. SNMP
C. FC
D. FCoE
18. WhatprotocolfoolstheconnectedswitchorserverintothinkingthatitisconnectedtoasingleNexusswitchwithmultipleEthernetconnections?
A. LACP
B. PaGP
C. OTV
D. vPC
19. Themodulardesignapproachprovideswhichofthefollowing?(Choosetwo.)
A. Interconnectingdatacenters
B. Easeoftroubleshooting
C. Increasedperformance
D. Controlplaneprotection
20. Whichofthefollowingreducesthecost,power,andcoolingrequirementsinthedatacenter?
A. OTV
B. FabricPath
C. Convergedfabrics
D. VDC
Chapter2NetworkingProducts
THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:
1.0CiscoDataCenterFundamentalsConcepts
1.13DescribetheCiscoNexusproductfamily
THEFOLLOWINGTOPICSARECOVEREDINTHISCHAPTER:
CiscoNexusDataCenterproductportfolio
CiscoNexus7000serieschassisoptions
CiscoNexus7000seriessupervisormodule
CiscoNexus7000serieslicensingoptions
CiscoNexus7000seriesfabricmodules
CiscoNexus7000seriesI/Omodules
CiscoNexus7000seriespowersupplyoptions
CiscoNexus5000serieschassisoptions
CiscoNexus5010and5020switchesfeatures
CiscoNexus5010and5020expansionmodules
CiscoNexus5500platformswitchesfeatures
CiscoNexus5500platformswitchesexpansionmodules
CiscoNexus5000switchseriessoftwarelicensing
CiscoNexus2000seriesFabricExtendersfunctionintheCiscodatacenter
CiscoNexus2000seriesFabricExtendersfeatures
THEFOLLOWINGCISCOMDSPRODUCTFAMILIESARE
REVIEWED:CiscoMDS9000seriesproductsuite
CiscoMDS9500serieschassisoptions
CiscoMDS9500seriessupervisormodules
CiscoMDS9500serieslicensingoptions
CiscoMDS9000seriesswitchingmodules
CiscoMDS9500seriespowersupplyoptions
CiscoMDS9100seriesswitches
CiscoMDS9222iswitch
CiscoApplicationControlEngine
Ciscoisahugecompanywithahordeofgoodstomatch.We’renowgoingtonarrowourfocustotheNexusandMDSproductlines.
Facedwithchoosingtherightdevicetofitperfectlyintoyourdatacenterimplementationiscertainlyachallengingtask,butit’salsocriticaltosuccess.Tosetyouupproperlytosucceed,firstwe’regoingtotakeyouonatourthroughCisco’sentireNexusportfolio.Wewillthenzoominonindividualmodelslikethe7000,5000,and2000series.Youmustbefamiliarwiththeselinesinordertomeetyourexamobjectives.Afterthat,we’llintroduceyoutotheMDSlineandfillyouinonexactlyhowthe9000and9500seriesfitintoasoliddatacentersolution.
Trynottogetoverwhelmedbythesheervolumeofproductscoveredinthischapter,becausemostmachineswithinagivenlineworksimilarly.Manyareevenconfiguredinthesameway.Keepthesefactorsinmindaswegetunderway,andthischapterwillbeabreezeforyou!
TheNexusProductFamily
NexuswasconceivedataCisco-sponsoredstartupcalledNuova,whichCiscopurchasedforahefty$678millioninApril2008.ItturnedouttobeagreatinvestmentbecauseCiscogottwoamazingproductlinesoutofthedeal:NexusandtheUnifiedComputingSystem(UCS).
ThefirstproductslaunchedweretheNexus5000andNexus2000series,withtheNexus7000beingdevelopedlaterwithinCisco.ShortlythereaftercamethepuresoftwareNexus1000V,adevicedesignedspecificallyfortheVMwarevirtualenvironment.ThesefourproductsconstitutethefocusoftheCCNAdatacenterobjective,butwewillstilltakeaquicklookattheentireproductline,asshowninFigure2.1.
FIGURE2.1Nexusproductfamily
NexusProductFamilyOverviewInsteadoforganizingthischapterbypowerorpopularity,weoptedtopresenttheNexuslinetoyounumerically,startingwiththe1000Vandendingwiththe
theNexuslinetoyounumerically,startingwiththe1000Vandendingwiththe9000series.
Nexus1000VAsyou’veprobablyguessed,theNexus1000Vwasdevelopedtodealwiththeexplosivegrowthofvirtualnetworking.Virtualmachineshavetocommunicateonthenetworktoo,andthisneedusedtobemetviaVMwarevirtualswitches.Problematically,thissolutionlefttheCisconetworkingprofessionalsoutoftheloop,leavingnetworkmanagementtoVMwareadministrators.The1000VjumpsthishurdlebyprovidingatrueCiscosolutiontoallofyourvirtualnetworkingneeds.YoucangetitassoftwareoryoucanbuyadedicateddeviceliketheNexus1010,whichisshowninFigure2.2.
FIGURE2.2Nexus1010
KeepinmindthattheNexus1000Visgenerallyimplementedasavirtualappliance—it’snotaphysicaldevice.TheNexus1010simplyhoststhe1000V,whichcanoperateondifferentplatforms.The1000Vispreinstalledonaserver,anditisreallygreatbecauseitrunstheNexusoperatingsystem(NX-OS).It’salsooneofthe“BigFour”deviceswithrespecttotheexamobjectives,soyougetanentirechapterdevotedtoitinthisbook!
Nexus2000TheNexus2000fabricextendersolvesanastydatacenterproblemthatweusedtotackleinoneoftwoless-than-idealways:Eitherweputahugeswitchattheendoftherow,towhichallofourserverswouldconnectforasinglepointofmanagement,orwehadabunchoflittleswitcheslocatedclosetoallofour
servers,typicallyatthetopofeachrack,creatingmanypointsofmanagement(seeFigure2.3).
FIGURE2.3Nexus2000family
TheNexus2000fabricextenderisreallyjustadumbbox,whichsuppliesportsthatcanbeplacedclosetoservers.Youmustunderstandthatfabricextendersaren’tautonomous,becausetheyrequireaparenttowork.Thecombinationofswitchandfabricextenderdeliversaneffectivewaytogetportsclosetotheserversplusprovidesasinglepointofmanagement.You’llfindoutalotmoreaboutthissolutionabitlater.
Nexus3000TheNexus3000series,showninFigure2.4,isanultra-low-latencyswitchthatisidealforenvironmentslikehigh-frequencystocktrading.ThisproductisnotontheCCNAobjectives,butithasbecomeprettypopular.TheNexus3500seriescanprovidealatencyoflessthan250nanoseconds,whichisfreakingamazing!
FIGURE2.4Nexus3000family
The3000isoftenusedasatop-of-rack(ToR)switchindatacenterstoreducecablingrunsfromtheservers.InaToRdesign,theswitchisboltedintothesameequipmentrackastheserverstoreducecabling.
Clearly,the3000productlineisidealforenvironmentsthatarefocusedonreducedlatency.The3200seriesalsosupports10,25,40,50,and100GigabitEthernetinterfaces.Theproductfamilyisbasedonindustry-standardsilicon,anditisverycosteffective.The3000seriescomesinmanymodels,whichsupportdifferentspeedsandportdensitiesandcanbeLayer2onlyorLayer3,anditrunsNX-OSandhasswitchingcapacitiesupto5.1terabits.
Nexus4000TheNexus4000,showninFigure2.5,isanothernon-objectiveswitchthatwasdevelopedtoprovideaparticularsolution.The4000seriesbladeswitchisinstalledinanIBMBladeCenterHorHTchassistoprovideserveraccessforphysicalandvirtualizedservices.
FIGURE2.5Nexus4000seriesbladeswitch
The4000hasfourteen1Gigabitor10GigabitEthernetdownlinkportstothebladeserversinthechassisandsix1GBor10GBportsheadinguptotheexternalNexusswitch.ItisafullNX-OS–basedNexusswitchthatsupportsdatacenterbridgingandFibreChanneloverEthernet.
Nexus5000TheNexus5000,showninFigure2.6,isoneofthekey“BigFour”devicesthatyoumustnaildownfortheCCNADataCenterexam.ThisawesomeswitchwasoneofthefirsttocombineEthernetandFibreChannelconnectivityinasingledevice,anditisoftenoneofthefirst10gigabitportsacquired.We’llcoverthe5000and5500generationsofthisfamilyindepthshortly.
FIGURE2.6Nexus5000family
The5010and5020productsarenowatendoflife,andtheyarenolongershipping.Thecurrentproductsintheseriesarethe5548/5596products.
Nexus6000Fittingneatlybetweenthe5000and7000,theNexus6000,showninFigure2.7,isagreatwaytodeployalargenumberof10gigabitportsinadatacenterenvironment.
FIGURE2.7Nexus6000family
Nexus7000ThesearethebiggunsoftheNexusproductline—ifyouhavethemoneyandneedthepower,thisiswheretospendthatcashandgetit!TheNexus7000isadatacenter–classswitchthatcaneasilymanagetrafficloadsofterabitspersecond.ThemodularswitchesshowninFigure2.8areavailablewithadifferentnumberofslots.
FIGURE2.8Nexus7000family
TheNexus7700isthesecond-generationmodel.Itisanon-objectivegroupthatyoucanthinkofasaNexus7000onsteroids(seeFigure2.9).
Nexus9000
WhiletheNexus9000lineisnotcoveredintheCCNADataCenterexam,itisimportanttobefamiliarwithitbecauseitisdesignedspecificallyfordatacenterapplications.The9000linerunsboththeNX-OSoperatingsystemandthenewApplicationCentricInfrastructure(ACI)code.ACIisanumbrellatermforCisco’ssoftware-definednetworking(SDN)technologyfeaturingtheApplicationPolicyInfrastructureController(APIC)SDNcontrollers.
SDNwillbeabigtopicoverthenextdecade,astheprocessofconfiguringindividualdevicestoautomaticcentralizedconfigurationevolves!ThemodularswitchesshowninFigure2.10areavailableinbothfixedconfigurationsandchassis-basedformfactors.
FIGURE2.9Nexus7700family
FIGURE2.10Nexus9000family
Nexus7000ProductFamilyTheNexus7000isthetrueworkhorseofthedatacenter,becausethesehighlyscalableswitchesofferhigh-performancearchitectureforeventhemostrobustenvironments.Asanaddedadvantage,the7000serieswasbuiltasahighlyfault-tolerantplatform,anditdeliversexceptionalreliabilityandavailability.
The7000seriesprovidesLayer2andLayer3supportforeachinterface.Acoolmemorytoolisthatthemodelnumberjusthappenstocorrespondtotheavailableslotsinthechassis,butkeepinmindthattwooftheseslotsarededicatedforusebythesupervisormodules.Youconfigurethedefaultinterfacelayerandstateduringsetupmode.
Thisseriescurrentlyincludesfourmodelsofswitches:the7004,7009,the7010,andthe7018.The7004istheonlyonethatisn’tanexamobjective,sowe’llfocusontheothermodels.CounttheavailableslotsintheNexus7009showninFigure2.11.
FIGURE2.11Nexus7009
TheNexus7010picturedinFigure2.12illustratesthattheinterfacesandsupervisormodulesarefoundonthefrontofthedevice,whilethefantrays,powersupplies,andfabricmodulesarelocatedontheback.Allofthesemodulesarehotpluggable,andtheycanbereplacedwithoutdisruptingoperation.
FIGURE2.12Nexus7010
Nexus7000SupervisorsThesupervisormodulesoperateinanactive/standbymode.Theconfigurationbetweenthetwosupervisorsisalwayssynchronized,anditprovidesstatefulswitchover(SSO)intheeventofafailure.TheSupervisorOneengine,showninFigure2.13,suppliestheswitch’scontrolplaneandmanagementinterface.
FIGURE2.13NexusSupervisorOne
Tobetrulyredundant,youmusthavetwosupervisorsinoperation.TheSupervisorOneenginegivesyouaconnectivitymanagementprocessor(CMP),aconsoleserialport,andanauxiliaryserialport.TheCMPprovidesremotetroubleshootingforthedeviceviaanEthernetport,butthisfeaturewasdiscontinuedinthesecond-generationsupervisormodules.
ThemanagementEthernetporthasitsownvirtualroutingandforwarding
(VRF),whichbasicallymeansthatithasaseparateroutingtablefromthemaindataports.Asanexample,topingfromthisinterfaceyouwouldusethecommandPing5.5.5.5vrfmanagement.
Thefirst-generationsupervisorscouldsupportfourVDCsessions,whilethesecondgenerationcansupportsixormoresessions.KeepinmindthatsupervisormodulesarethecentralprocessingandcontrolcenterwheretheNexusoperatingsystemactuallyrunsandwhereallconfigurationoccurs.
Nexus7000LicensingThereareawholebunchoflicensingoptionsforthe7000,includingBase,EnterpriseLAN,AdvancedLANEnterprise,MPLS,TransportServices,andmanymore.Basically,youchooseyourlicensesbasedonthefeaturesthatyourequire.Forexample,ifyouwantFabricPath,youneedanEnhancedLayer2license.FabricPathisanadvancedLayer2solutionforthedatacenterthat’ssupportedbyNexusswitches.
Installingalicenseinvolvesafewseparatesteps,buttheprocessisthesameformanyCiscodatacenterdevices.WhenyoupurchasealicensefromCisco,you’llreceiveaproductactivationkey(PAK),whichyou’lluseduringthelicensingprocess,butfirstyouhavetofindyourindividualswitch’schassisserialnumberusingtheshowlicensehost-idcommand.
Onceyou’veobtainedtheserialnumberorhostID,yougotoCisco’swebsite,www.cisco.com/go/license,whichrequiresaCCOaccounttoactivatealicense.ThewebsitewillaskforthechassisserialnumberandthePAKbecauseitwillusethesetwovaluestogeneratealicensefileforyourNexusdevice.You’llthendownloadthisfileanduploadittoyourNexusswitch,usuallyviaFTPorTFTP,whichwillbepermanentlystoredinbootflashnon-volatilememoryonthesupervisormodules.
You’llneedtoruntheinstalllicensecommandtoreadthelicensefileandinstalltheprivilegesthatitcontains.You’llthenusetheshowlicenseusagecommandtoverifythelicensesthathavebeeninstalledonyourswitch.Here’sanexampleoftheentiresequenceofcommandsusedforinstallingalicense:
switch#showlicensehost-id
Licensehostid:VDH=ABC123456789
switch#installlicensebootflash:license_file.lic
Installinglicense..done
switch#showlicenseusage
FeatureInsLicStatusExpiryDateComments
Count
-------------------------------------------------------------------
--
LAN_ENTERPRISE_SERVICES_PKGYes-InuseNever-
OneofthenicefeaturesabouttheNexusoperatingsystemisthatitgivesyouagraceperiod,whichallowsyoutotryanyfeatureyou’reevenmildlycuriousaboutfor120dayswithoutitbeinglicensed!
FabricModulesThefabricmodulessupplythebandwidthandconnectivitybetweenthevariousslotsonthechassisandarealsowherethedataplaneoperates.Fivefabricmodulesprovideupto550Gb/sperslotinasinglechassis!So,dependingonyourbandwidthneeds,youcanopttohaveanywherefromonetofivefabricmodulesinstalled.
Inadditiontoprovidingswitchingforthechassis,thefabricmodulesprovidevirtualoutputqueuing(VOQ)andcredit-basedarbitrationtomakeitpossiblefordifferingspeedinterfacestocommunicatewitheachother.Asnewgenerationsoffabricmodulesarereleased,they’llincreasetheswitch’sperformance.ApictureofaNexus7010fabricmoduleisshowninFigure2.14.
FIGURE2.14Nexus7010fabricmodule
Nexus7000LineCardsTheNexus7000supportsawidevarietyofI/Omodulesorlinecardswithspeedsfrom1G,10G,40G—upto100GigabitEthernet.ThesearegroupedintotwofamiliescalledtheMseries,whichwasreleasedfirstwithLayer3support,andtheFseries,whichisalower-costLayer2card.TheMseriesisusuallyaimedatcoreswitcheswhiletheFseriesisalotmorefabricfocused,supportingfeatureslikeFCoEandFabricPath,anditisoftentargetedattheAccessandAggregationlayers.Thelinecardscanbeinsertedinanycombinationandmodel.Figure2.15showsafewoftheNexus7000serieslinecards.
FIGURE2.15Nexus7000I/Omodules
Nexus7000PowerSuppliesPowersuppliesmaynotbethemostrivetingtopic,butthingsdefinitelygetexcitingwhenpowersuppliesfail.ThreedifferentpowersuppliesareavailablefortheNexus7000:Ata6kWrating,there’soneACandoneDCpowersupply,butatthe7.5kWrating,there’sAConly.ANexus7010cansupportthreepowersuppliesinfourdifferentmodeswithvaryingdegreesofredundancy:
Combined:Noredundancyorbackuppowersupply
Inputsource:Redundancygridwithmultipledatacenterpowerfeedsintothe7000chassis
Powersupplyredundancy(N+1):Oneonlinebackuppowersupply
Completeredundancy:Acombinationofpowersupplyandinputsourceredundancy
AtypicalpowersupplyisshowninFigure2.16.
FIGURE2.16Nexus7000powersupply
TheNexus7000seriespowersuppliessupportdualACfeedsthatalloweachpowersupplytoconnecttotwopowergridsinthedatacenter.ThisallowsonepowergridtobeofflinewhiletheNexusstilloperatesofftheremainingpowergrid.
Nexus5000ProductFamilyTheNexus5000(N5K)hasalsobecomeaworkhorseformanydatacenters,withthefirstgenerationincludingtheNexus5010andNexus5020andthesecondgenerationincludingtheNexus5548andNexus5596.Checkouttheentire5500family,whichisshowninFigure2.17.
FIGURE2.17Nexus5500family
Thefirst-generationswitchesprovidedacost-effective,line-ratesolutionwith10GbEthernetportsthatcouldbeconfiguredtosupportFibreChannel.TheNexus5000wasoneofthefirstswitchestocombineEthernetandFibreChannelsupportinasinglebox—prettyoutstandingatthattime!TheNexus5010,showninFigure2.18,isaone-rackunitdevicethatprovidestwenty10Gbportsandagenericexpansionmodule(GEM)slot,whichgivesyouadditionalports.
FIGURE2.18Nexus5010
TheNexus5010andNexus5020productsarenowatendoflifeandarenolongershipping.ThecurrentproductsintheseriesaretheNexus5548andNexus5596.
TheNexus5020,showninFigure2.19,isessentiallyadouble-wide5010.Itis
tworackunitstall,hasforty10Gbports,andofferstwoexpansionslots.Bothoftheseswitchessupplyfront-to-backairflowandN+1powerredundancy.
FIGURE2.19Nexus5020
ThegenericexpansionmoduleshowninFigure2.20isusedtoaddmoreEthernetports;itallowsyoutoaddmoreFibreChannelportsaswell.ThismakesitpossiblefortheNexus5000tomanageyourstorageandnetworktraffictoo,acapabilitythatwasalsoaddedlatertothe7000seriesforcertainlinecards.
FIGURE2.20NexusGEM1cards
YoucanchoosefromexpansionmodulesthatareEthernetonly,FibreChannelonly,oramixtureofboth.Keepinmind,however,thattheNexus5010andNexus5020arestrictlyLayer2devicesthatcan’tperformLayer3forwarding.Theexpansioncardsareinsertedintothebackofthechassis,asshowninFigure2.21.
FIGURE2.21Nexus5596rear
TheNexus5000gaveusagreatwaytomigrateto10GigabitEthernet,unifyingourstorageanddatanetworking.WhatcouldbebetterthanhavingFibreChannelandEthernetinthesamebox?
Enterthesecond-generation5500switch,that’swhat!Itactuallyintroducedanewtypeofport.Traditionally,agivenportwaseitherEthernetorFibreChannelbutneverboth.TheUniversalPort(UP)introducedontheNexus5500allowsasingleporttobeconfiguredtoreceiveanEthernetorFibreChannelSFPinterfaceadapters.ThemanagementportsfortheNexus5500arelocatedontherear,asshowninFigure2.22.
FIGURE2.22Nexus5500UPGEMmodule
Sobyjustchangingtheconfiguration,wecouldopttouseagivenportforeitherstorageordata—amazing!AndtheGEMcardfortheNexus5500sgivesus16
UPportstoconfigureaseitherEthernetorFibreChannel.OneofthebestthingsabouttheNexus5000andNexus5500isthattheyintegratewiththeNexus2000fabricextenders,whichwe’regoingtotalkaboutinthenextsection.
AllofthishelpstoexplainwhytheNexus5500hasbecomethego-toswitchformanydatacenters.Moreover,itcanhandleLayer2andLayer3trafficifyouaddtheLayer3cardtoit.TheLayer3cardforthe5548isadaughterboard,showninFigure2.23,andthe5596’sversionisaGEMthat’sshowninFigure2.24.Bytheway,it’sverycommontoorderNexus5500seriesLayer3–enabledswitchesstraightfromCisco!
FIGURE2.235548Layer3card
FIGURE2.245596Layer3card
Nexus2000ProductFamilyDatacenterscommonlyhavemanyrackscontaininglotsofservers,andcablingthemhastraditionallybeenimplementedviaatop-of-rack(ToR)orend-of-row(EoR)solution.WithaToRsolution,youplaceasmallswitchatthetopofeachrack,whichpermitsonlyreallyshortcablerunstotheserversandmakeseachswitchgiverisetoanothermanagementpoint.TheEoRmethodemploysalargerswitchplacedattheendoftherowwithlongcablerunstoeachserverandonlyonemanagementpoint.Neithersolutionwasideal,becausewhatwereallywantedwasasolutionwithshortcablerunsbutonlyasinglemanagementpoint.
Asmentionedearlier,theNexus2000seriesoffabricextenders(FEXs)cametotherescue!TheideabehindtheircreationwastoallowtheplacementofaswitchattheendoftherowtoperformallmanagementwhilealsoprovidingadditionaldevicestoinstalltopofrackthatwouldactaspartoftheEoRswitch.Basically,theToRdevicesextendtheEoRswitch’sfabric,hencethenamefabricextenders.CheckthemoutinFigure2.25.
FIGURE2.25Nexus2000family
Remember,fabricextendersaredumbdevicesthatmustconnecttoaparentswitchtowork.Oncethey’reconnectedtotheparentswitch,anyandallconfigurationisdonefromthatswitch,nottheFEX.Also,eveniftrafficismovingbetweentwoportsinthesameNexus2000,thetrafficwillneedtouplinktotheNexus5000tobeswitchedandreturnedtotheNexus2000tobeforwarded.
FEXsalsocostconsiderablylessthanswitches,whilestillgivingyoucapacityforToRcablingplusasinglepointofmanagement.Inshort,FEXsaretotallyawesome,afactthatsalestodatehavedemonstratedverywell!
Evenbetter,asingleparentswitchcansupportmultipleFEXs,asshowninFigure2.26.ThereyoucanseethatthefourFEXswillbemanagedfromtheCLIoftheNexus5000.FEXshavenoconsoleport,sotheycan’tbedirectlymanaged.
FIGURE2.26Nexus5000withfourFEXs
SohowdoyouconfiguretheNexus5000toaddtheoh-so-popularFEXstoit?Let’sassumethattheN2K-2connectstoport1/10ofN5K.Asdemonstratedinthefollowingconfiguration,youmustconfiguretheportintoFEXmodefirstviatheswitchportmodefex-fabriccommandandthenassignamodulenumberwiththefexassociate100command:
N5K#configureterminal
N5K(config)#interfaceethernet1/10
N5K(config-if)#switchportmodefex-fabric
N5K(config-if)#fexassociate100
AlloftheportsontheFEXwillappeartobepartoftheN5Kconfiguration.Theshowinterfaceethernet1/10fex-intfcommanddisplaysall48portsasbeingattachedtomodule100:
N5K#showinterfaceethernet1/10fex-intf
FabricFEX
InterfaceInterfaces
---------------------------------------------------
Eth1/40Eth100/1/48Eth100/1/47Eth100/1/46Eth100/1/45
Eth100/1/44Eth100/1/43Eth100/1/42Eth100/1/41
Eth100/1/40Eth100/1/39Eth100/1/38Eth100/1/37
Eth100/1/36Eth100/1/35Eth100/1/34Eth100/1/33
Eth100/1/32Eth100/1/31Eth100/1/30Eth100/1/29
Eth100/1/28Eth100/1/27Eth100/1/26Eth100/1/25
Eth100/1/24Eth100/1/23Eth100/1/22Eth100/1/21
Eth100/1/20Eth100/1/19Eth100/1/18Eth100/1/17
Eth100/1/16Eth100/1/15Eth100/1/14Eth100/1/13
Eth100/1/12Eth100/1/11Eth100/1/10Eth100/1/9
Eth100/1/8Eth100/1/7Eth100/1/6Eth100/1/5
Eth100/1/4Eth100/1/3Eth100/1/2Eth100/1/1
Inthisscenario,we’rekeepingthingssimplebyhavingonlyasinglewirebetweentheN2KandN5K.Cisco’srecommendationistohavemultiplecablesbetweentheFEXandparentswitch,asshowninFigure2.27.
FIGURE2.27FEXMulti-cableattachment
TheportchannelmethoddepictedinthefigureispreferredbecausealloftheportsontheFEXsharetheportchannel.Thismeansthatifonelinkgoesdown,alloftheportscanstillcommunicate.ThestaticpinningsolutionlinkscertainportsontheFEXtospecificuplinkports,soitmakessensethatifagivenuplinkportfails,thecorrespondingFEXportswillfailtoo.
TheNexus5000andNexus5500supportallmodelsofFEXs,whereastheNexus7000seriessupportsonlyasubsetofFEXs,whichincludethe2224TP,2248TP-E,and2232PP.Figure2.28givesyouacomparisonofsomeofthemorecommonFEXsavailablefromCisco.Thisisaveryimportantchartthatyoushoulddefinitelymemorize!Ofthese,the2232PPisuniquebecauseitprovides10GbpsportsandFCoEcapability.
FIGURE2.28FEXcomparison
Fabricextendersaren’tcreatedequally,andnotallarestand-aloneboxes.TheNexusB22HPisspeciallydesignedtoinstallintoanHPBladeSystemenclosure.Laterinthisbook,we’llintroduceyoutotheCiscoUCS,whichusesadifferentkindofFEX.
ReviewingtheCiscoMDSProductFamilyIn2003,Ciscoenteredtheworldofstorageareanetworks(SAN)withtheMultilayerDirectorSwitch(MDS).TheMDSproductfamilyisshowninFigure2.29.TheMDS9000familyprovidesawiderangeofsolutionsfromthesmall9124uptothemassive9513;however,alloftheseswitcheshavemanyfeaturesincommonandvarymainlyinportdensityandformfactor.
FIGURE2.29MDSproductfamily
SANisoneofthemostcriticalcomponentsofthedatacenter,andCiscohasactedaccordinglybybuildinginmanykeyfeatureslikehighavailability,multiprotocolsupport,security,andscalability,combinedwitheaseofmanagement.YoushouldunderstandthattheMDSisfocusedmainlyonFibreChannelandFCoEtrafficmanagement.TheMDSlineusesanoperatingsystemcalledSAN-OS,whichwasthebasecodeusedtobuildtheNX-OSfortheNexusproductline.
MDS9500TheMDS9506,9509,and9513switchestargetlargedatainstallationsandprovideanextraordinarylevelofperformanceandscalability.Again,thenamesofthemodelsindicatehowmanyslotsareavailableonaparticulardevice,sothe9506wouldoffersixslots.TheMDS9500series1,2,4,8,and10GbpsFibreChannelswitchesofferconnectivityalongwithnumerousnetworkservices.
Thedual-redundantcrossbarfabricandvirtualoutputqueues(VOQs)createahigh-performancenon-blockingarchitecture.Dualpowersupplies,supervisors,andfabriccrossbarsgiveusahardwareplatformthatoffersveryhighavailability.
RememberthatthesupervisormodulesarethebrainsbehindanyofCisco’smodularswitches,includingtheMDSline.TheSupervisor-2moduleallowsforIn-ServiceSoftwareUpgrade(ISSU),anditprovidesfaulttolerance.TheSupervisor-2AwasthefirstMDSsupervisortosupportFCoE,anditprovidesthenecessarybandwidthtodeliverfullperformancetoalloftheports.The9513
chassisrequiresaSupervisor-2A.
The9513usesfabricmodulestoprovidethecrossbarswitchingfabric.Thisredundantfabricloadbalancestrafficacrossbothfabricsandprovidesrapidfailover.Andthat’snotall—there’salegionofdifferentmodulesthatyoucanaddintothe9500serieschassisthatdeliverhigh-speedFibreChannel,FCIP,FCoE,andmore!
MDS9100/9200The9100seriesistypicallyusedinsmall-andmedium-sizedSANs.The9124supports24line-rateFibreChannelportsrunningat4Gb/s,whilethe9148provides48portsrunningat8Gb/s.The9148,showninFigure2.29,hasbecomearemarkablypopularswitchbecauseofitshighperformanceandlowoperatingcosts.Plusit’sabreezetoconfigurewithazero-touchconfigurationoptionandtaskwizards!
The9222iisasemi-modularswitchwithonefixedslotandoneopenslot.Thisswitchcansupportupto66FibreChannelports,anditprovidesFCIP,iSCSI,andFICON.TheMDSswitchescoverawiderangeofformfactorsandfeaturesthataresuretomeetalmostanySANnetworkingneed.
CiscoApplicationControlEngineTheCiscoACEfamilyofproductsoffersfeatureslikeloadbalancing,applicationoptimization,serveroffload,andsiteselect.ThesemodulescanbeinstalledintocertainCatalystswitchesorevendeliverasastand-aloneappliance.AlthoughtheACEisattheendoflife,itisstillcoveredontheexamandwillbeaddressedhere.
TheACEplatformhelpsbyreducingthetimeittakesforanapplicationtobedeployed,improvestheresponsetimeoftheapplication,andgenerallyprovidesimproveduptimefeatures.
ApplicationavailabilityisincreasedviaacombinationofLayer4loadbalancingandLayer7contentswitching,whichhelpsensurethattrafficissenttotheservermostavailabletoprocesstherequest.Applicationperformanceisimprovedusinghardware-basedcompression.
TheCiscoACEactsasthefinallineofsecurityforaserverbyprovidingprotectionagainstdenial-of-serviceandotherattacksviadeeppacketinspectionandprotocolsecurity.
TheACEcanbedeployedinahigh-availabilitymeshwithuptoeightappliancesusingthe4400series.Therearedifferentmechanismstoconfigurethepredictoronthesedevices,butthemostcommonareleastconnectionsandthedefaultpredictor,round-robin.
SummaryThischapterisfullofproducts,partnumbers,gizmos,andgadgets.MostotherCiscocertificationsfocusontechnology,liketheCiscoIOS,andnotsomuchonspecificproducts.Thisexamistheexceptionand,makenomistake,theobjectivesforthisexamincludeproductsandpartnumbers,andyouhavetoknowthemtopass!
Foreverythingcoveredinthischapter,focusmainlyonthe“BigFour”productlinesthattheobjectivesrequireyoutonail:
Nexus1000V
Nexus2000fabricextenders
Nexus5000/5500switches
Nexus7000switches
TheMDSproductlineislessimportantandsharesmanycharacteristicswiththeNexusproductline,butyoustillneedtobefamiliarwithit.CiscoACEisaweirdadditiontotheobjectives,butit’sverycool.Still,youdon’tneedtoknowallthatmuchaboutitfortheexam.Happystudies!
ExamEssentialsKnowthemodelsoffabricextenders.TheNexus2000fabricextendershaveverydifferentabilities.The2148wasthefirst,andithasthemostlimitedfunctionality.The2232PPishighperformanceandsupports10Gbpsconnectivity.TheFEXssupportdifferentnumbersofuplinkandhostports.TheNexus7000canconnecttoonlyasubsetoftheavailableFEXs.
DescribebasicACEfeatures.TheCiscoApplicationControlEnginecanoperateindependentlyorasamesh.Thedefaultmodeofloadbalancingisround-robin.
UnderstandNexus7000planesandports.TheportsonaNexus7000canoperateinLayer2orLayer3mode,andthisisconfigurableduringtheinitial
setup.Thecontrolplaneoperatesprimarilyonthesupervisor.Thedataplanefunctionsontheunifiedcrossbarfabric.
Knowthe5000and5500.The5000isastrictlyLayer2switch.The5500seriescanoperateatLayer2bydefault,andwiththeadditionofaLayer3card,itcanalsooperateatLayer3.The5500alsointroducedtheuniversalports,whichcanbeconfiguredforFibreChannelorEthernet.
WrittenLab2YoucanfindtheanswersinAppendixA.
Foreachfabricextender,selecttheoptionsthataretrue:
1. 2148T
2. 2224TP
3. 2248T
4. 2232PP
Options:
A. 4fabricports
B. FCoEsupport
C. Only1Gbpsports
D. 2fabricports
E. Has10Gbpsports
F. Supports24hostportchannels
ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter'smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook'sIntroduction.YoucanfindtheanswersinAppendixB.
1. TheNexus5000andNexus7000canconnecttowhichNexus2000seriesfabricextenders?
A. 2148T
B. 2248TP
C. 2232PP
D. 2148E
E. 2232TM
2. FCoEissupportedbywhichCiscoNexus2000seriesfabricextender?
A. 2232TP
B. 2232PP
C. 2248PP
D. 2248TP
3. Layer3switchingispossibleonwhichofthefollowingNexusswitches?(Choosetwo.)
A. Nexus5010
B. Nexus5548
C. Nexus2232PP
D. Nexus7010
E. Nexus2148T
4. WheredoesthedataplaneoperateontheNexus7000seriesswitch?
A. Supervisormodule
B. Virtualsupervisormodule
C. Featurecard
D. Unifiedcrossbarfabric
5. Whichofthefollowingsupportsonly1Gbaccessspeedonall48hostports?
A. 2148T
B. 2248TP
C. 2232PP
D. 2148E
E. 2232TM
6. Whichofthefollowingsupports100Mband1Gbaccessspeedsonall48hostports?
A. 2148T
B. 2248T
C. 2232PP
D. 2148E
E. 2232TM
7. Whichofthefollowingsupporthostportchannels?
A. 2148T
B. 2248T
C. 2232PP
D. 2248E
E. 2232TM
F. 2248TP
8. Whichfabricextendershavefour10GEfabricconnectionstotheparentswitch?(Choosethree.)
A. 2148T
B. 2248T
C. 2232PP
D. 2248E
E. 2232TM
F. 2248TP
9. DuringtheinitialsetupofaNexus7000switch,whichtwoconfigurationelementsarespecified?
A. Defaultinterfacelayer
B. VDCadminmode
C. VDCdefaultmode
D. CoPPinterfaceplacement
E. BitsusedforTelnet
F. Defaultinterfacestate
10. WhatisthedefaultlengthofthegraceperiodonaNexus7000switch?
A. 90minutes
B. 90days
C. 90months
D. 120days
11. WhatcommandpingsfromthemanagementinterfaceofaNexusswitchto5.5.5.5?
A. Ping5.5.5.5
B. Ping-m5.5.5.5
C. Ping5.5.5.5vrfmanagement
D. Ping5.5.5.5vdcmanagement
12. WhatisthemaximumnumberofACE4400seriesappliancesthatcanbepartofanHAmesh?
A. 4
B. 8
C. 16
D. 32
E. 64
13. WhatisthedefaultpredictoronanACE4710?
A. Round-robin
B. FIFO
C. Lowestbandwidth
D. Highestbandwidth
14. WhatisrequiredforaNexus5010torouteLayer3packets?
A. Justconfiguration
B. Layer3card
C. Supervisor-2A
D. Notpossible
15. WhichcommandwouldshowtheserialnumberofaNexusorMDSdevice?
A. showlicenseserial
B. showserial
C. showlicensehost-id
D. showhost-id
16. AuniversalportonaNexusswitchsupportswhichofthefollowing?(Choosetwo.)
A. OTV
B. FibreChannel
C. DCB
D. Ethernet
17. End-of-rowswitchesdowhichofthefollowing?(Choosetwo.)
A. Shortencablerunsinsideeachcabinet
B. Provideasinglemanagementpoint
C. Havehigh-densityinterfaceconfigurations
D. ArebasedonFEXtechnology
18. Whichofthefollowingisasemi-modularSANswitchthatsupportsFCIP,iSCSI,andFICON?
A. 9124
B. 9506
C. 9124
D. 9222i
19. WhatNexusproductisdesignedforoperationwithvirtualservers?
A. 2248T
B. 5596
C. 1000V
D. 7010
20. WhatNexusproductlinesupportssoftware-definednetworkingand40Ginterfaces?
A. 7018
B. 7700
C. 5596
D. 9000
Chapter3StorageNetworkingPrinciples
THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:
StorageAreaNetworking
StorageCategories
FibreChannelNetworks
DescribetheSANInitiatorandTarget
VerifySANSwitchoperations
DescribeBasicSANConnectivity
DescribeStorageArrayConnectivity
DescribeStorageProtection
DescribeStorageTopologies
SANFabrics
SANPortTypes
SANSystems
SANNamingTypes
VerifyNameServerLogin
Describe,Configure,andVerifyZoning
PerformInitialMDSSetup
Describe,Configure,andVerifyVSAN
StorageAreaNetworkingNetworking,computing,virtualization,andstoragemakeupthefourmainpartsoftheCCNADataCenterexam.Outofthisgroup,thestoragefactorisoftenthemostdifficulttomaster.It’sdefinitelylesschallenging,however,ifyou’realreadysavvywithdatanetworking,becausemanyofthestoragenetworkingconceptsarebasicallythesameideastaggedwithnewnames.
Toensurethatyou’venaileddownthischallengingsubject,we’llopenthechapterwithalookintothehistoryofstoragenetworking.Afterthat,we’llanalyzethedifferenttypesofstorageandtheirrespectivecategories.Thenwe’llshiftourfocustoFibreChannelconceptsandconfiguration.AllthingsFibreChannelareespeciallyvitalforpassingtheexam,aswellasbeingkeyskillsthatyou’llneedintherealworld.We’llclosethechapterbycoveringwaystoverifyFibreChannelconfigurationsonCiscoMDSswitches.
ThebeginningofmodernstorageareanetworksstartedwithaprotocolcalledSmallComputerSystemInterface(SCSI),anditistotallyacceptabletocallitScuzzy.SCSIwasdevelopedin1978,anditallowedacomputertocommunicatewithalocalharddriveoverashortcable,asdepictedinFigure3.1.
FIGURE3.1SCSIcables
TwokeyaspectsofSCSIareasfollows:
It’salosslessprotocol,designedtorunoverashort,directlyconnectedcablethatpermitsnoerrorsorerrorcorrection.
It’sablock-basedprotocol,meaningthatdataisrequestedinsmallunitscalledblocks.
SCSIisthebasisformostSANstoragetoday.Theprotocolcontactsaspecificdevice—theinitiator,whichiscommonlytheserverwishingtoaccessthestorage—tostarttheconversationwithanotherdeviceknownasthetarget,whichistheremotestorage.SCSIisacommand-setprotocolthatallowstheinitiatorandthetargettoreadandwritetostoragebasedonasetofstandards.TheoriginalSCSIribboncabledistancewasupto25meters,andthefirstversionallowedeightdevicesonthebus.Whenversion2camealong,thenumberofdeviceswasincreasedtoamaximumof16drivesperSCSIattachment.Thespeedremainedat640Mbpsandwashalf-duplex.Whileharddrivesarethemostcommonattachments,manyothertypesofdevicescanconnecttoSCSI,suchastapesandDVDdrives.Theinitiatorisgenerallythehostcomputerorserver,andthetargetsarethedrivesonthecable.
Around1988,whenfiber-opticspeedswerereachinggigabitlevels,someonehadthegreatideatosendSCSIrequestsoverfibermediaandFibreChannelwasborn.TheideawastousetheSCSIcommandstoreadandwritefromtheremotestoragebuttothrowawaytheoriginalphysicallayerandreplaceitwiththe
newerandfastertechnologies,suchasfiberopticsandEthernet.LikeSCSI,FibreChannelisalosslessandblock-basedprotocol,whichhaseffectivelyencapsulatedSCSIcommands,asshowninFigure3.2.
FIGURE3.2FibreChannelframe
Towardtheendofthe1990s,mostoftheworldhadstandardizedonTCP/IP.In1999,theSCSIprotocolwasencapsulatedinTCP/IPusingTCPport3260toallowforareliableconnection,andtheInternetSmallComputerSystemInterface(iSCSI)framewascreated.iSCSIallowsforthedatacentertoreducecablingandtocollapsethestoragenetworkintothedatanetworkbycombiningLANandSANintothesameswitchingfabric.iSCSIisstillpopulartoday,anditworksbyencapsulatingSCSIcommandsintoanIPpacket,asdemonstratedinFigure3.3.
FIGURE3.3InternetSmallComputerSystemInterface(iSCSI)frame
StorageCategoriesBeforewetakealookatstoragenetworking,let’sfirststepbackandreviewthedifferenttypesorcategoriesofstoragethatwewillbeworkingwith.Wewillreviewwhatblockstorageisandwhereitismostcommonlyusedandthenmoveontotakealookatfilesbasedstorage.
Block-BasedStorageThetwomajorcategoriesofprotocolsthatwe’regoingtocoverareblock-basedandfileprotocols.Theoddsareverygoodthatyouusedblock-basedstoragetoday,withthemostcommontypesbeingSATA(SerialAdvancedTechnologyAttachment)andSCSI.Bothworkviaashortcablethatconnectstotheharddriveinsidethecomputer,asshowninFigure3.4,amodelknownasdirectlyattachedstorage(DAS).
FIGURE3.4DAS—computerwithlocalstorage
That’sright.Yourlaptopusesblock-basedstoragetotalktothelocalharddrive.Buthowdoesitdothis?Dataisrequestedfromthestorageinsmallchunkscalledblocks.Let’ssaythatyouwanttoopenafilecalledREADME.TXT.Yourcomputerrespondstothisrequestbycheckingthefileallocationtable,whichcontainsalistofalltheblocksthatmakeupthefiletodetermineitslocation.Yourcomputerthenrequeststheappropriateblockstoopenthefile.
SANsextendthisconceptoverthenetwork.FibreChannel,iSCSI,andFCoE
SANsextendthisconceptoverthenetwork.FibreChannel,iSCSI,andFCoE(FibreChanneloverEthernet)areallblock-basedprotocols.Desiredblocksarerequestedoverthenetworkinthesamewaythatyourcomputerrequestsblockslocally.
File-BasedStorageFile-basedstorageisnetworkbased,anditsimplyinvolvesrequestingafilebynametogetthefilesentwithouttherequestingcomputerhavinganyknowledgeofhowthatfileisstored.File-basedstoragetypicallyemploysanEthernetnetworkforcommunicationbetweentheendhostandthestoragearray.
Acoupleofgoodexamplesoffile-basedstorageareCIFS(CommonInternetFileSystem)usedbyWindowscomputers,HFS+onMacOS,andNFS(NetworkFileSystem)usedbyUNIX.NFShasbecomethemorepopularchoiceoverthepastfewyears.
Bytheway,blockandfilestoragearen’tmutuallyexclusive.You’lloftenfindnetworksusingacombinationofNFS,CIFS,FibreChannel,andiSCSI.Figure3.5picturesadatacenterwithfilestorageimplementedonanEthernetnetworkandblockstorageontheFibreChannelnetwork.
FIGURE3.5File-basedstorage
BlockandFileStorage
Thesetwostoragetechnologiescanalsoworktogether.Saythatwehavetwocomputers:PCAandPCB.PCAhasaSATAharddiskand,usingblock-basedstorage,itcreates—andcanlateraccess—afilecalledTODD.TXT.Nowlet’ssaythatPCAsharesthefolderwherethisfileresidesinWindowsusingCIFSsothatotherscanaccessitonthenetwork.WhenPCBaccessesthisfile,itmustusefile-basedstoragebecauseithasnowayofknowinghowthefileisstoredonthedisk(seeFigure3.6).
FIGURE3.6Filetransfer
TheflowofthefiletransferconversationbetweenPCBandPCAwouldfollowthesesteps:
1. PCBusesfile-basedstoragetorequestTODD.TXToverthenetwork.
2. PCAgetsthefile-basedrequest.
3. PCAlooksupthefileinthefileallocationtable.
4. PCArequeststhefilefromtheSATAdriveusingblock-basedstorage.
5. PCAreturnsthefileoverthenetworktoPCBusingfile-basedstorage.
Nice!Justrememberthatblock-basedstoragemeansknowledgeofthespecificblocksofwhichthefilesarecomposed,whilefile-basedstoragemeansthatonlythefilenameisknown.
FibreChannelNetworks
FiberChannelisthelower-levelprotocolthatbuildsthepathsthroughaswitchedSANnetworkthatallowsSCSIcommandstopassfromtheserver’soperatingsystemtoremotestoragedevices.Theserver,whichiscommonlycalledtheinitiator,contactstheswitch,andtheyhaveadiscussionaboutobtainingremotestorage.ThepaththengetssetupthatallowstheinitiatortotalktothetargetacrosstheFibreChannelnetwork.AftertheFibreChannelconnectionismade,itactsasatunnelthroughtheswitchingfabricthattheSCSIprotocolusesbetweentheinitiatorandthetargettostoreandretrieveinformationofftheharddrives.
Astorageareanetwork(SAN)isahigh-speednetworkcomposedofcomputersandstoragedevices.Insteadofservershavinglocallyattachedstoragewithharddrivesinstalled,thestoragearraysareremoteandaccessedoveraSAN.Inmoderndatacenters,thisallowsfordedicatedstoragearraysthatcanholdmassiveamountsofdataandthatarehighlyredundant.Theserversandtheirhostoperatingsystemscaneasilybereplacedorrelocatedviahostvirtualizationtechniquessincetheharddrivesremainstationaryanddonotneedtobemovedwiththeservers.
Theserverscanrunmultiplestorageprotocols,suchasFibreChannel,iSCSI,FCOE,orstandardEthernetorFibreChannelswitchingfabricstoaccessstorageshares.
TheservercommunicateswiththeFibreChannelnetworkviahostbusadapters(HBA)installedintheservers,muchlikeNICcardsareinstalledtoaccesstheLAN.Totheserver’soperatingsystem,thestorageappearstobeattachedlocallyasittalkstotheHBA.ThemagicgoesonbehindthesceneswheretheHBAtakestheSCSIstoragecommandsandencapsulatesthemintotheFibreChannelnetworkingprotocol.FibreChannelisahigh-speed,opticalSAN,withspeedsrangingfrom2gigabitspersecondto16gigabitsandhigher.ThereareusuallytwoSANnetworks—SANAandSANB—forredundancy,andtheyhavetraditionallybeenseparatefromtheLAN;seeFigure3.7.
FIGURE3.7SANnetwork
Withtheintroductionoftheconvergedfabricinthedatacenter,anewspinontheFibreChannelprotocoliscalledFibreChanneloverEthernet(FCoE).TheFibreChannelframesareencapsulatedintoanEthernetframe,andtheswitchinghardwareissharedwiththeLAN.Thisapproachsavesonswitchinghardware,cabling,power,andrackspacebycollapsingtheLANandSANintooneconverged—alsocalledunified—switchingfabric(seeFigure3.8).
FIGURE3.8Unifiednetwork
Storagerequiresalosslessconnectionbetweentheserverandthestoragearray.Bydesign,EthernetisnotlosslessandwilldropEthernetframesifthereiscongestion.Thiscouldcauseanoperatingsystemtofail.Inordertomakethestoragetrafficlossless,thereareseveralmechanismsthatusequalityofservice
(QoS)andthevariousnetworkinglayerstoidentifywhichtrafficisstorageandtomakeitahigherprioritythanthenormalLANdataonthesamelink.Thesemethodsandstandardswillbecoveredinlatersections.
DescribetheSANInitiatorandTargetWhentheserverwantstoeitherreadorwritetothestoragedevice,itwillusetheSCSIprotocol,whichisthestandardthatdefinesthestepsneededtoaccomplishblock-levelstoragereadandwriteoperations.TheserverrequestsablockofstoragedatatowhatitthinksisalocallyattachedSCSIdrive.TheHBAoriSCSIsoftwareinstalledontheserverreceivestherequestsandtalkstothenetworkeitherviaiSCSIoverEthernetorbyusingtheFibreChannelprotocoloveraSAN.Theserverisknownastheinitiatorandthestoragearrayisthetarget(seeFigure3.9).
FIGURE3.9SANinitiatorandtarget
ThetargetdoesnotrequestaSCSIconnectionbutreceivestherequestfromtheinitiatorandperformstheoperationrequested.Theinitiatorusuallyrequestsareadorwriteoperationforablockofdata,anditisuptothestoragecontrolleronthetargettocarryouttherequest.
Thestoragearraycontainsblocksofstoragespacecalledlogicalunitnumbers(LUNs),whichareshowninFigure3.10.ALUNcanbethoughtofasaremoteharddrive.TheLUNismadevisibletothenetworkandtheinitiatorsthatrequestthedatastoredontheLUNasifitwasastoragedevicedirectlyattachedtotheoperatingsystem.
FIGURE3.10LUNs
VerifySANSwitchOperationsSANswitchingisabitofadifferentworldfromtraditionalLANs.SANsruntheFibreChannelprotocol,andforredundancyitiscommontodeploytwocompletelyseparatenetworksinparallel.TraditionalSANswitchessupportonlytheFibreChannelprotocolanddonottransmitanyEthernet-basedLANtraffic.ASANisacompletelyseparatenetworkfromtheLAN.
LikeEthernetswitches,FibreChannelswitchescarryouttheirforwardingdutiesbasedonLayer2information.Theyalsoutilizestartopologyandoftencontroltraffic.ButunlikeEthernet,FibreChannelswitchesrequireenddevicestologinandidentifythemselves.Plustheytakecontroltoanewlevelbyregulatingwhichenddevicescancommunicatewitheachotherthroughzoning,whichwe’llcoversoon.Figure3.11depictstheMDS9148,acommonFibreChannelswitch.
FIGURE3.11MDS9148switch
Withever-increasingserverpowerandtheabilitytorunmanyvirtualmachinesononehostcomputer,thedemandontheSANisgrowing.Onstoragearrays,newtechnologiessuchassolid-statedrives(SSDs)havemuchfasterreadandwriteperformancethantraditionalmechanicaldrives,whichaddsextraSANtrafficloadsontheswitchfabric.FibreChannelinterfaceshavekeptpacebyincreasingtheirspeed,andtheycomeinavarietyofspeedsstartingat1gigabitandprogressingthrough2,4,8,and16gigabitspeeds,with32gigabitand128gigabitproductsbeingintroducedtothemarket.TheSFPspeedsmustmatchbetweentheHBAandtheFportontheswitchornothingwillwork.
Withmoderndatacentersconsolidatingmanyhostsintoasingle-serverplatform,thenumberofcablesgoingintoeachserverhasexplodedattheaccesspointofthedatacenternetwork.Andwiththedeploymentof10GEthernettotheserversandconsolidationofLANandSANtrafficonconvergednetworkadapters,theamountofcablingintotheservershasbeengreatlyreduced.TherearemanyoptionsonMDSswitches,includingtheabilitytointerconnectdissimilarstorageprotocolssuchasFibreChannel,FCoE,andiSCSI.
TheMultilayerDirectorSwitch(MDS)istheCiscoproductfamilyforSANnetworking.TheMDSproductfamilyconsistsofsmallstand-aloneswitchesuptolargechassis-basedsystemsofvariousportdensities,redundancy,andfeaturesthatfittherequirementsofanySANenvironment.ItisinterestingtonotethattheNX-OSoperatingsystemdevelopedfortheMDSproductfamilywasmodifiedandusedastheoperatingsystemfortheNexusproductfamilyofdatacenterswitches,andNexusstoragesupportisasubsetofMDScapabilities.
TheMDSswitchesconnecttheinitiatorstothetargetsusingtheSCSIprotocolencapsulatedinsideFibreChannel,orinsomecasesFCOEandiSCSI.MultipleMDSswitchescanbeconnectedtogetherinanetworkandtheirdatabasesofconnecteddevicessharedamongthem.
Sincestorageissocriticaltotheoperationofaserver,twohostbusadaptersareusuallyinstalledinaserver,andoneHBAportisconnectedtoSANAandthesecondporttoSANB.Thesetwonetworksarephysicallyseparatefromoneanotherandhavetheirowncontrolanddataplaneforredundancy.BothSANAandSANBconnecttothestoragearraystoallowfortwocompletelyseparatepathsfromtheinitiatortothetarget.
DescribeBasicSANConnectivity
FibreChannelcansupportavarietyofportspeeds,andthefiberadaptersmustmatchupwiththedeviceconnectedateachend.Forexample,ifyouareconnectingaserver’sHBAtotheMDSswitchandtheHBAhasmultimodefiberand8Gbpsoptics,thenyoumusthavethesamefibertypeandspeedateachend.FiberopticsdonotnegotiatespeedasdomostLANconnections.ItisalsoimportantthattheMDSswitchsupportthespeedoftheinsertedsmallform-factorpluggable(SFP)modules.Figure3.12showsacommonSFPwithafiber-opticconnection,andFigure3.13showsastandardmultimodefiber-opticcablecommonlyusedinSANnetworking.
FIGURE3.12SFPmodule
FIGURE3.13Multimodefiber-opticcables
TherearemanyporttypesdefinedintheFibreChannelspecifications,suchasanodeporttodefineaconnectedhostorstoragearray.TheporttypesmustbeconfiguredintheMDStomatchtheconnecteddevice.IfyouareconnectingMDSswitchestogether,theninter-switchlinks(ISLs)mustalsobeconfiguredusingthecommandline.Wewillgointodetailontheseissueslaterinthechapter.
SANswitchesuseIPaddressesformanagementconnectivityusingTelnet,SSH,SNMP,orHTTP.CiscoalsohasafamilyofmanagementapplicationsthatprovidegraphicalconfigurationandmanagementoftheSANsaswell.EachMDSswitchisgivenaname,asaLANswitchwouldhave.Next,eachswitchmusthaveitsownuniquedomainID,whichisusuallyanumberbetween1and255.ThedomainIDmustnotbeduplicatedintheSANfabric,anditisusedtoidentifythatparticularMDSswitchinthenetwork.
DescribeStorageArrayConnectivityStoragearrayswithFibreChannelconnectivityareadominantfocusinthischapter.Keepinmindthatthestoragearrayisreallyacollectionofharddiskswithanetworkinterfaceatitscore.FibreChannelswitchesallowforblockaccesstostorageacrosstheFibreChannelnetwork.
WithSANscomemanyaddedadvantagesovertraditionalSCSIcabling:thedistancehasincreasedwithFibreChannel,performanceismuchfaster,anddiskutilizationisimprovedsincestoragelocaltoaservermayneverbefullyutilized.Withmultiplepaths,thereisgreaterreliability.Absenttheneedtoinstalllocalharddrivesintoeachserver,thedatacenterfootprintcanbereduced.Also,storagespaceonthediskarrayscanbeprovisioneddynamicallywithoutdowntime.Thecentralizedstoragesystemsallowforeaseofbackupandcontrolofthedata.
Storagearraysrangefromthebasictotheamazinglycomplex.AtthebottomofthestoragefoodchainistheJBOD,or“justabunchofdrives.”AJBODisanexternalrackofharddrivesthatactasremotedrivestoaserver,anditdoesnothaveanyadvancedfeaturesetsofferedbythehigher-endstoragecontrollersfoundinthemoderndatacenter.
Thestoragearrayapproachismorecommon,anditoffersmanyadvancedfeaturesbyusingaspecialsystemcalledastoragecontrollertomanagetheracksofdisksattachedtoit.ThestoragecontrollerthenattachesandmanagestheinteractionamongtheSAN,initiators,andthestorageresources.ThecontrollersaregenerallyredundantandcontainsystemsthatcontainflashstorageforcachingandI/Ooptimization.TheyalsohouseracksofharddrivesorSSDsandmanagetheRAIDlevels,LUNs,andothervendorfeatures.MoststoragearrayconnectionsareFibreChannel,andwith10GEthernetFCoEwithiSCSIconnections,theyarebecomingpopularinterfaces.
EMCandNetApparetwooftheleadingstoragearrayvendors.Havenofear;we’llshowyouhowtoconnectallthesecomponentstogetherverysoon!
DescribeStorageProtectionStoragearraysprotecttheirdataviathreetypesofRedundantArrayofIndependentDisks(RAID)technology.Raid0isnotredundantatall,becauseitcombinestwodrivesintoonebutdoesnotputbackupcopiesontheotherdisk.Instead,itwritesacrossthedrives,leavingmanytowonderhowitbecamea
memberofthefamily.Raid1isdeployedusingtwodrivestomirrordatafromonedrivetotheother.Thisprovidesredundancybutuses50percentofeachdisk’scapacitytobackuptheotherdrive.
TouseRaid5,youneedaminimumofthreedisks.Alldataiswrittentoeachdiskinstripes.Amathematicalcalculationcalledparityiswrittentooneofthedisks,which,incombinationwiththeotherdisks,worksasabackupincaseoneofthenon-paritydisksfailstorebuildmissingdata.
Raid6usestwoparitydrives,whichmeanstwodrivescanbelostwithoutlosinganydata.
ThestrangelynamedRAID1+0usestwoRAID0arraysandthenwritesanexactcopybetweenthem,asdoesRAID1.ThisincreasestheperformanceofRAID0+1,andithasredundancywithouttheneedtosetasidediskspaceforparity.
DescribeStorageTopologiesReady?It’stimetotakethattourofkeytopologiesthatwepromisedearlier.KeepinmindaswemovethroughthissectionthatacombinationofHBA,FibreChannelswitches,andstoragearrayscanbeconfiguredinavarietyofthesetopologies.
Point-to-PointInapoint-to-pointtopology,theworkstationorserverisdirectlyattachedtothestoragearray,asshowninFigure3.14.Makeamentalnotethatonlyasingledevicecanaccessthestoragearraywhenusingapoint-to-pointtopology.
FIGURE3.14Point-to-pointtopology
ThistopologywassopopularforvideoeditingthatMacworkstationsactuallyshippedwithabuilt-inFibreChannelHBAjusttosupportthetaskforaseriousstretch!
ArbitratedLoopFibreChannelArbitratedLoop(FC-AL)connectseverythinginvolvedinaunidirectionalloop.Theserialarchitecturesupports127devices,suchasSCSIs,andbandwidthissharedamongallofthem,aspicturedinFigure3.15.
FIGURE3.15FibreChannelArbitratedLoop
Westillemployarbitratedloopswithstoragesystemsforconnectingtraysofdiskstothestoragecontroller.Fabricconnectivityismorecommonlyusedforserverconnections.
FabricFabric,orswitchedfabrictopology,usesSANswitchestoconnectthenodesofanetworktogether.Figure3.16providesasimpleexamplewhereindevicesconnectonlytoasinglenetworkorfabric.Thisimplementationworksgreat,butsinceitdoesn’tprovideanyfaulttolerance,it’susedonlyinanon-production
environment.
FIGURE3.16Simplefabric
Themostcommonimplementationthatyou’llfindisthatofutilizingtwoseparatefabrics,asshowninFigure3.17.NotethatunlikewithEthernetswitches,thereisnointerconnectionbetweenthetwofabrics.Keepthatinmind!Theendnodeshavetwoseparateports,andeachofthemconnectstoonefabric,addingvitallyimportantfaulttolerance.Ifonefabricfails,theendnodecanusetheotherfabrictocommunicate.
FIGURE3.17Dualfabric
PortTypesFibreChanneloffersanumberofdifferentporttypesdependingonthepurposethey’reneededtoserve.Anodeport(Nport)ispredictablyfoundonthenodeitself,anditoperatesjustlikeaportinastoragearrayoronaserver.Nportsconnectpoint-to-pointeithertoastorageenclosureortoaSANswitch.Afabricport(Fport)islocatedontheFibreChannelswitchandconnectstoanNport.AnEport,orexpansionport,connectsoneswitchtoanotherswitchforinter-switchlink(ISL)communications.Inaloop,whetherarbitratedorviaahub,thenodeloopports(NLports)aretheportsonthehostsorstoragenodes.Justso
youknow,thereareseveralotherporttypes,butthey’reoutsidetheexamobjectives,sowe’renotgoingtocoverthem.Figure3.18showsanexampleofthevariousporttypesthatwejustdiscussed.
FIGURE3.18FibreChannelporttypes
StorageSystemsIt’snotjustarumor—storagesystemscanbestunninglycomplex!Fortunately,youneedonlyabasicunderstandingofthemajorcomponentstomeettheobjectives.Asmentionedearlier,thestoragearrayisessentiallyacollectionofharddisks,aspicturedinFigure3.19.
FIGURE3.19FibreChannelSANcomponents
Storageisallocatedtohostsbasedonlogicalunitnumbers(LUNs),notonphysicaldisks.Whenaserveradministratorrequests10GBofdiskspaceonthestoragearray,a10GBLUNportionisallotted,whichcancomprisequiteafewkindsofphysicalstorageunderneath.ThestorageadministratorcanincreaseordecreasetheLUNsize,withsomeLUNsbeingusedbyasinglehostforthingslikebootingup.SharedLUNsareaccessiblebymultiplehosts,andtheyareoftenfoundwherevirtualmachineimagesareshared.
TheentirestoragearrayconnectstotheFibreChannelviathestorageprocessors(SPs).Therearetypicallytwoofthemsothatoneisavailableforconnectingtoeachfabric.IndividualSPshavetheirownuniqueaddresses,whichhostdevicesusetoconnecttothestoragesystem.
WorldWideNamesJustasMACaddressesareusedinEthernetnetworkstoidentifyaninterfaceuniquely,FibreChannelemploysWorldWideNames(WWNs)toidentifyspecificportsknownasWorldWidePortNames(WWPNs).AnHBAwithone
interfacewouldhaveoneWWPN;anHBAwithtwointerfaceswouldhavetwo,andsoon,withoneWWPNusedforeachSANfabric,asshowninFigure3.20.
FIGURE3.20WorldWideNames
WorldWideNodeNames(WWNNs)representspecificdeviceslikethecarditself,andtheyareunique8-bytevendor-assignednumbers.AnHBAwithtwointerfaceswouldhaveoneWWNNandtwoWWPNs.
Tovisualizethis,lookatFigure3.21,whichshowsasinglefabricnetworkmadeupofaserver,aswitch,andastoragearray.Asyoucansee,aWWPNisbeingusedtoidentifyeachofthesedevicesonthenetwork.Tocommunicatewiththestoragearray,theserverisusingWWPN50:00:00:11:22:33:44:55andthestoragearrayisusingWWPN20:01:00:11:11:11:11:11toidentifythehost.
FIGURE3.21WordWidePortNames
We’lldiscussthisprocessingreaterdetailabitlaterwhenweexplorewhat’s
We’lldiscussthisprocessingreaterdetailabitlaterwhenweexplorewhat’sdonewiththisinformationandmore.
Don’tgettooconfused—knowthatevenwhenconsultingCiscoliteratureexclusively,you’lllikelycomeacrosspWWNandnWWNasalternativesforWWPNandWWNN!
SANBootServersinmoderndatacentersrarelyhavealocaldiskdrive,sotheyhavetobootthroughastorageareanetworkusingSANboot.UnderstandinghowSANbootworksisimportantbecauseitreallyputsallofthepiecestogether.Let’sstartwiththetopologyshowninFigure3.22.
FIGURE3.22SANboot
Yes,we’vemadetheWWPNssupershortsothatthey’reeasytodiscuss,buttheconceptisstillhereinfull.Let’ssaythatyou’retheserveradministratorandyouwantyournewservertobootofftheSAN.Thefirstthingthatyouwoulddoiscallthestorageadministratorandrequesta50GBLUN.IftheSANadministratoragrees,heorshewillaskyouabouttheserver’sWWPNbeforecreatingyour50GBLUN,whichwe’regoingtocallXYZ.TheSANadminwillthenconfigureLUNmaskingonthestoragearraysothatonlytheserver’sWWPN(444)canaccessLUNXYZ.
Astheserveradmin,yournextstepistoconfiguretheHBAtoconnecttothestoragearraywhenthecomputerboots—aprocessachievedbyrebootingtheserverandpressingakeycombinationtoaccesstheHBABIOS.NeverforgetthattheboottargetmustbesettotheWWPNofthestoragecontroller(888).
thattheboottargetmustbesettotheWWPNofthestoragecontroller(888).
Asyouknow,theFibreChannelswitchdoesn’tallowcommunicationbydefault.Thus,tomakecommunicationhappen,youhavetocreateanewzonethatwillallowserverWWPNtotalktostoragearrayWWPN(444to888)andaddittotheactivezoneset.
SANbootingisnowconfigured.Whentheserverpowerson,theHBAwilllogintotheSANfabricandattempttoconnectto888,andtherequestwillbeallowedbecauseofthezoningontheMDS.What’sactuallygoingonhereisthatthestoragearrayreceivestherequestfrom444,checkstheLUNmaskingtodetermineifLUNXYZisaccessible,andrespondsaccordinglytotheserverHBA.Ifallgoeswell,theHBAwillprovidea50GBLUNtotheserverasifitwerealocaldisk.However,sometimesyou’llseean“Operatingsystemnotfound”messageinstead.Ifyougetthismessage,it’sactuallybecauseanOShasn’tbeeninstalledyet!YoucaninstallanoperatingsystemfromaDVD,andassoonasyouhavedonethat,theservercanbootfromtheSAN.
VerifyNameServerLoginInorderfortheretobeend-to-endcommunicationsfromtheSANinitiatortotheSANtarget,thedevicesmustlogintotheSANfabric.OntheMDSswitches,eachvirtualstorageareanetwork(VSAN)runsitsowninstanceofadatabasethatkeepstrackoflogged-indevices.TheVSANdatabaseincludesthenameoftheVSAN,whetheritisinanactiveorsuspendedstate,andiftheVSANhasactiveinterfacesandisup.
SAN_A#showvsan20
vsan020information
name:VSAN0020state:active
in-orderguarantee:nointeroperabilitymode:no
loadbalancing:src-id/dst-id/oxid
Thefabriclogin(FLOGI)showswhichinterfacesareloggedintothefabric,theirVSANID,FibreChannelID,WorldWidePortName,andtheWorldWideNodeName,asshowninFigure3.23.
FIGURE3.23Fabriclogin
OntheCiscoMDSSANswitchcommandline,youcanmonitorSANoperationsasshownhere:
SAN_A#showflogidatabase
—————————————————————————————————————-
INTERFACEVSANFCIDPORTNAMENODE
NAME
—————————————————————————————————————-
sup-fc020xb3010010:00:00:05:50:00:fc:23
20:00:00:05:50:00:fc:89
fc1/1210xb200e121:00:00:04:de:27:18:8a
20:00:00:04:de:27:18:8a
fc1/1210xb200e221:00:00:04:de:4c:5c:88
20:00:00:04:de:4c:5c:88
fc1/1210xb200de21:00:00:04:de:4c:5c:29
20:00:00:04:de:4c:5c:29
fc1/1210xb200b421:00:00:04:de:4c:3f:8c
20:00:00:04:de:4c:3f:8c
fc1/1210xb200b421:00:00:04:de:4c:86:cf
20:00:00:04:de:4c:86:cf
Totalnumberofflogi=6.
TheFibreChannelNameServer(FCNS)isthedatabasethatkeepstrackofconnectedhosts,theirIDs,whethertheyarenodesoranothertypeofconnection,themanufacturer,andwhatfeaturestheysupport:
SAN_A#showfcnsdatabase
—————————————————————————————————————
FCIDTYPEPWWN(VENDOR)FC4-
TYPE:FEATURE
—————————————————————————————————————
0x010000N50:06:0b:00:00:10:b9:7fscsi-
fcpfc-gs
0x010001N10:00:00:05:30:00:8a:21(Cisco)ipfc
0x010002N50:06:04:82:c3:a0:ac:b5(Company1)scsi-
fcp250
Totalnumberofentries=3
Describe,Configure,andVerifyZoningItisveryimportthattherebesomeformofsecuritybetweentheinitiatorandthetargetinaSANnetwork.Forexample,ifaLinuxhostwereabletoattachtoastoragedevicethatisformattedtosupportaMicrosoftoperatingsystem,thereisaverygoodpossibilitythatitwouldbecorrupted.Zoningisafabric-wideservicethatallowsdefinedhoststoseeandconnectonlytotheLUNstowhichtheyareintendedtoconnect.ZoningsecuritymapshoststoLUNs.Membersthatbelongtoazonecanaccesseachotherbutnotportsonanotherzone.Nevertheless,itispossibletoassignadevicetomorethanonezone.
Itiscommontoconfigureazoneforeachinitiatorportandthetargettowhichitisallowedtocommunicate.Zonescanbecreatedtoseparateoperatingsystemsfromeachother,tolocalizetrafficbydepartment,ortosegmentsensitivedata.
Multiplezonescanbegroupedtogetherintoazoneset.Thiszonesetisthenmadeactiveonthefabric.Whilewecanconfiguremultiplezonesets,onlyonecanbeactiveatatimeonthefabric.Azonecanbelongtomultiplezonesetsbecauseonlyonezonesetatatimeisallowedtobeactiveonthefabric.
CreatingaZoneonanMDSSwitchandAddingMembers
SAN_A(config)#zonename<nameofzone>vsan<VSANnumber>
SAN_A(config-zone)#memberpwwn<portworldwidename1>
SAN_A(config-zone)#memberpwwn<portworldwidename2>
SAN_A(config-zone)#exit
Alternatively,youcandothefollowing:
UsingAliasesInsteadoftheirPortWorldWideNames
SAN_A(config)#zonename<nameofzone>vsan<VSANnumber>
SAN_A(config-zone)#memberfcalias<aliasname1>
SAN_A(config-zone)#memberfcalias<aliasname2>
SAN_A(config-zone)#exit
CreatingaZoneSetonanMDSSwitchandAddingtheZonestothe
ZoneSet
SAN_A(config)#zonesetname<nameofzoneset>vsan<VSANnumber>
SAN_A(config-zoneset)#member<zone1>
SAN_A(config-zoneset)#member<zone2>
SAN_A(config-zoneset)#member<zone3>
SAN_A(config-zoneset)#exit
MakingtheZoneSetActiveontheFabric
SAN_A(config)#zonesetactivatename<zonesetname>vsan<VSAN
number>
Afterthezoneconfigurationiscompletedandthezonesethasbeenappliedtothefabric,thefollowingshowcommandsarehelpful:
ShowtheStatusoftheActiveZone
SAN_A#showzonestatusvsan111
ShowtheZoneSetsonaFabric
SAN_A#showzoneset|inczoneset
ShowtheActiveZoneSetsonaFabric
SAN_A#showzonesetactive|inczoneset
ShowtheZoneSet/ZonesinVSAN20
SAN_A#showzonesetactivevsan20
PerformInitialMDSSetupAttheNX-OSprompt,youcantypesetup,orifyoubootaMDSswitchwithnoconfiguration,itwillentersetupmodebydefault.SetupmodeletsyouenterabasicconfigurationintoanMDSswitch,butitdoesnotconfiguretheindividualports.
Exercise3.1
PerformingtheInitialMDSSetup
YouarenowintheinitialsetupdialogoftheMDSswitch,andyouwillgothroughaquestionandanswerprocesstoenterthedata.
1. Answeryesattheprompttoenterthebasicconfigurationdialog.
Thissetuputilitywillguideyouthroughthebasic
configurationofthesystem.Setupconfiguresonlyenough
connectivityformanagementofthesystem.
PleaseregisterCiscoMDS9000Familydevicespromptlywith
yoursupplier.Failuretoregistermayaffectresponsetimes
forinitialservicecalls.MDSdevicesmustberegisteredto
receiveentitledsupportservices.
PressEnterincaseyouwanttoskipanydialog.Usectrl-c
atanytimetoskipawayremainingdialogs.
Wouldyouliketoenterthebasicconfigurationdialog
(yes/no):yes
2. administhedefaultMDSmanagementaccount.Addthepasswordhere:
Enterthepasswordforadmin:admin
3. Youcancreateanewaccountinadditiontothedefaultadminaccount:
Createanotherloginaccount(yes/no)[n]:yes
4. Addtheuser_nameforthenewaccount:
EntertheuserloginID:user_name
5. Addyourpasswordfortheuser_name:
Enterthepasswordforuser_name:user-password
6. Ifyouchoosetouseversion3ofSNMP,enteryes:
ConfigureSNMPv3Managementparameters(yes/no)[y]:yes
7. AddtheSNMPversion3user_name(thedefaultisadmin):
SNMPv3username[admin]:admin
8. EntertheSNMPversion3passwordtomatchwhatisonthemanagementstation.Thepassworddefaultstoadmin123,anditneedstobeatleasteightcharacters:
SNMPv3userauthenticationpassword:admin_pass
9. Enteryestosettheread-onlycommunitystringforSNMP:
Configureread-onlySNMPcommunitystring(yes/no)[n]:yes
SNMPcommunitystring:snmp_community
10. AddthenameoftheMDSswitch:
Entertheswitchname:switch_name
11. Enteryes(thedefault)toconfigurethemgmt0portthatisusedforout-of-bandmanagement:
ContinuewithOut-of-band(mgmt0)managementconfiguration?
[yes/no]:yes
Mgmt0IPv4address:ip_address
Mgmt0IPv4netmask:subnet_mask
Configurethedefault-gateway:(yes/no)[y]:yes
IPv4addressofthedefault-gateway:default_gateway
12. ConfigurewhatCiscoreferstoastheadvancedIPoptions,suchasthein-bandmanagement,staticroutes,thedefaultnetwork,DNSserveraddresses,andthedomainname:
ConfigureAdvancedIPoptions(yes/no)?[n]:yes
Continuewithin-band(VSAN1)managementconfiguration?
(yes/no)[no]:no
Enabletheiprouting?(yes/no)[y]:yes
13. Ciscosuggeststhatastaticroutebeusedtoreachthegateway:
Configurestaticroute:(yes/no)[y]:yes
Destinationprefix:dest_prefix
Destinationprefixmask:dest_mask
Nexthopipaddress:next_hop_address
Configurethedefaultnetwork:(yes/no)[y]:yes
DefaultnetworkIPaddress[dest_prefix]:dest_prefix
14. AddtheIPaddressoftheDNSserverandthedomainname:
ConfiguretheDNSIPaddress?(yes/no)[y]:yes
DNSIPaddress:name_server
Configurethedefaultdomainname?(yes/no)[n]:yes
Defaultdomainname:domain_name
15. TelnetandSSHaccesscanbeenabledordisabled.SSHisdisabledbydefault,anditisagoodsecuritypracticetoenablethesecureSSHprotocolanddisabletheunencryptedTelnetprotocol:
Enablethetelnetservice?(yes/no)[y]:no
EnabledSSHservice?(yes/no)[n]:yes
TypetheSSHkeyyouwouldliketogenerate(dsa/rsa/rsa1)?
dsa
Enterthenumberofkeybits?(768to2048):1028
16. NTPistheNetworkTimeProtocolserverthattheMDSaccessestosyncitsclocktofortime-stampingloggingevents.Configureithere:
ConfigureNTPserver?(yes/no)[n]:yes
NTPserverIPaddress:ntp_server_IP_address
17. Decidewhethertheportsareenabledordisabledbydefault.Thisdoesnotaffectthemanagement0interface.Shutisthedefaultsetting,anditcanbechangedifdesired:
Configuredefaultswitchportinterfacestate(shut/noshut)
[shut]:shut
18. Thedefaultswitchporttrunkmodeison,anditcanbeleftinthatstate:
Configuredefaultswitchporttrunkmode(on/off/auto)[on]:
on
19. ItisagoodideatoleavethedefaultmodeasF:
ConfiguredefaultswitchportmodeF(yes/no)[n]:y
20. Thismaybeasecurityissueinsomedatacenters,anditwouldthusneedtobechangedfromthedefaultofhavingportchannelsautocreate.Thedefaultisenabled:
Configuredefaultport-channelautocreatestate(on/off)
[off]:on
21. Byenteringpermit,youallowalltrafficbetweendevicesinthedefaultzone:
Configuredefaultzonepolicy(permit/deny)[deny]:permit
22. Enteryestoenableafullzonesetdistribution:
Enablefullzonesetdistribution(yes/no)[n]:yes
23. Nowthatyouhavecompletedtheinitialsetup,youcanreviewtheconfigurationandmakeanychangesthatyouwantbeforeapplyingit.
24. Enterno(noisthedefault)ifyouaresatisfiedwiththeconfiguration.Thefollowingconfigurationwillbeapplied:
usernameadminpasswordadmin_passrolenetwork-admin
usernameuser_namepassworduser_passrolenetwork-admin
snmp-servercommunitysnmp_communityro
switchnameswitch
interfacemgmt0
ipaddressip_addresssubnet_mask
noshutdown
iprouting
iproutedest_prefixdest_maskdest_address
ipdefault-networkdest_prefix
ipdefault-gatewaydefault_gateway
ipname-servername_server
ipdomain-namedomain_name
telnetserverenable
sshkeydsa768force
sshserverenable
ntpserveripaddrntp_server
systemdefaultswitchportshutdown
systemdefaultswitchporttrunkmodeon
systemdefaultswitchportmodeF
systemdefaultport-channelautocreate
zonedefault-zonepermitvsan1–4093
zonesetdistributefullvsan1–4093
Wouldyouliketoedittheconfiguration?(yes/no)[n]:no
25. SavetheconfigurationinNX-OS:
Usethisconfigurationandsaveit?(yes/no)[y]:yes
Aftertheconfigurationissaved,ittakeseffectintherunningoroperatingconfigurationoftheMDSanditisalsostoredinnon-volatilememoryasthestartupconfigurationandcansurviveareboot.
Describe,Configure,andVerifyVSANAvirtualstorageareanetwork(VSAN)operatesinthesamemannerasaVLANintheEthernetworld.ItcanonlycommunicatewithitselfonthesamefabricorwithotherfabricsusingVSANtrunking,butoneVSANcannotcommunicatewithanother.IfaportisamemberofadifferentVSAN,itwillnotbeabletocommunicatewithportsassignedtoadifferentVSAN.AVSANisalogicalSANcreatedonaphysicalSANnetwork.
EachVSANisseparatedfromtheotherVSANsonthesamefabricsothatthesameFibreChannelIDscanbeusedineachVSAN.
ThestepsrequiredforconfiguringaVSANandaddinginterfacesincludefirstcreatingtheVSANandthenaddingthedesiredinterfacesintotheVSAN.Youthenconfiguretheinterfaces,enablethem,andthencablethefiberconnectionstotheservers,storagearrays,orotherconnectedFibreChannelswitches.
VSAN1isthedefaultVSAN,sinceitisusedformanagementandotherfunctions.ItisnotrecommendedtousethisasaproductionVSAN.Bydefault,allinterfacesareinVSAN1.WhenadditionalVSANsarecreated,theinterfacescanbemovedintothedesiredVSAN.
Exercise3.2
CreatingaNewVSAN
TocreateanewVSANfollowtheseconfigurationsteps:
MDS_1#configt
MDS_1(config)#vsandatabase
MDS_1(config-vsan-db)#
1. TheVSANdatabaseallowsfortheconfigurationandadditionofVSANs:
MDS_1(config-vsan-db)#vsan2
MDS_1(config-vsan-db)#
2. vsan2isnowcreatedandaddedtothedatabaseifitdidnotexistpreviously:
MDS_1(config-vsan-db)#vsan2nameCCNA-DC
updatedvsan2
MDS_1(config-vsan-db)#
3. Updatevsan2withthenameCCNA-DCbysuspendingvsan2andthenreenablingit,asshowninstep4.
MDS_1(config-vsan-db)#vsan2suspend
MDS_1(config-vsan-db)#
4. Enablevsan2withthenovsan2suspendcommand:
MDS_1(config-vsan-db)#novsan2suspend
MDS_1(config-vsan-db)#end
MDS_1#
5. AssigninterfacestotheVSANthatyoucreatedpreviously:
MDS_1#configt
MDS_1(config)#vsandatabase
MDS_1(config-vsan-db)#
MDS_1(config-vsan-db)#vsan2
MDS_1(config-vsan-db)#
6. Assigntheinterfacefc1/2tovsan2:
MDS_1(config-vsan-db)#vsan2interfacefc1/2
MDS_1h(config-vsan-db)#
7. YoucannowusetheCLIshowcommandstoreviewtheconfigurations:
showvsanDisplaysallVSANinformation.
showvsan2ShowsinformationonaspecificVSAN.
showvsanusageShowsstatisticsonVSANusage.
showvsan2membershipwillshowtheVSANmembershipinformation
onforVSAN2
showvsanmembershipshowsthemembershipinformationforallVSANs.showvsanmembershipinterfacefc1/2showsthemembershipinformationfortheinterfacethatyouareinvestigating.fcindicatesthatitisaFibreChannelinterfaceonslot1andport2ofaCiscoMDSseriesswitch,whichdisplaysVSANmembershipinformationforaspecifiedinterface.
SummaryStoragenetworkingcanbethemostchallengingpartofaCCNAdatacenterformanypeople.Whattripsupmostpeople,however,isn’tthatit’sextremelycomplicatedanddifficult;it’sjustthatit’sforeigntomanywithaCiscobackground.Onceyougettheconceptsdownandbecomefluentwiththenewterminology,you’llfeelalotmoreconfident!Youwillfindthatthestorageworldusesslightlydifferentterminologythanthatusedinthenetworkingworldtodescribeverysimilarprotocols.
Mostdatacenterswilluseacombinationofblockandfilestorage,soyoureallydoneedaworkingknowledgeofboth.Asyoustudythischapter,takehowevermuchtimeyouneedtoensurethatyouhaveaseriouslysolidgraspofSANboot,becauseonceyou’resavvywiththat,you’llhavethischapter’sconceptsnaileddown.
ExamEssentialsUnderstandblockandfilestorage.BlockstorageisusedwithSCSI,iSCSI,andFibreChannelprotocols.Blockstorage,whetherlocaloracrossthenetwork,requestsindividualsectionsofstoreddataresidingonastoragedevice.Filestoragecommunicatesacrossthenetworkbyrequestingfiles,anditisusedbyCIFSandNFS.
KnowFibreChanneltopologies.Point-to-pointtopologiesdirectlyconnectastoragearraytoaworkstation.FibreChannelArbitratedLoopisusedwithinstoragearrays.FabricswitchednetworksallowforcomplexnetworkstobecreatedusingFibreChannelswitchesthataresimilartoEthernetswitchesbutaredesignedspecificallyforstorageapplications.
RecognizethedifferentFibreChannelporttypes.PortsonendnodesareN_Ports.PortsonswitchesareFPortstoconnecttoendnodesandE_Portstoconnecttootherswitches.NLPortsconnecttoaFibreChannelhuborinanarbitratedloop.
RememberWorldWideNames.WWPNsrepresentaportonanHBAorstoragearray.WWNNsrepresentadevice.IfanHBAhasmultipleportsassignedtoit,thenitwillhavebothaWWNNandmultipleWWPNsassignedtoit.
Identifydifferencesbetweenzoningandmasking.Zoningisimplementedontheswitch,anditcontrolswhichendnodecancommunicatewithotherendnodes.Maskingisdoneonthestoragecontroller,anditcontrolswhichLUNsareaccessiblebywhichendnodes.
WrittenLab3YoucanfindtheanswersinAppendixA.
1. Examinethediagram,andidentifytheFibreChannelporttypesintheblanksprovided.
A. _______________
B. _______________
C. _______________
D. _______________
2. Examinethediagram,andidentifytheSANinitiatorandtheSANtargetintheblanksprovided.
A. _______________
B. _______________
3. Examinethediagram,andidentifythetechnologiesusedinaunifiednetworkintheblanksprovided.
A. _______________
B. _______________
C. _______________
ReviewQuestionsYoucanfindtheanswersinAppendixB.
1. WhatdeviceisusedtoconnectaservertoaFibreChannelSAN?
A. SCSI
B. NIC
C. HBA
D. JBOD
2. Aconvergedfabricconsistsofwhattwoprotocols?
A. ISL
B. Ethernet
C. FibreChannel
D. FLOGI
3. WhatuniqueaddressmusteachMDSswitchhaveassigned?
A. FLOGI
B. FCNS
C. ISL
D. DomainID
4. WhichprotocolencapsulatesstoragerequestsintoaprotocolthatcanberoutedoveraLAN?
A. FibreChannel
B. Ethernet
C. iSCSI
D. FCOE
5. WhenperforminganinitialsetuponaMDS9000seriesFibreswitch,whichtwoitemsarerequired?
A. Defaultzoneset
B. Date
C. Hostname
D. Defaultswitchportmode
6. Whichofthefollowingarefile-basedstorageprotocols?
A. CIFS
B. NFS
C. FibreChannel
D. iSCSI
E. FCoE
7. WhatistheporttypeforaFibreChannelHBAconnectedtoaFibreChannelhub?
A. N_Port
B. E_Port
C. NL_Port
D. F_Port
8. WhataretheporttypesbetweenaFibreChannelHBAconnectedtoanMDSswitch?
A. N_PorttoF_Port
B. E_PorttoN_Port
C. N_PorttoE_Port
D. F_PorttoE_Port
9. ThestorageinitiatorandtargetperformwhichfunctionwhenfirstconnectingtoaSAN?
A. VSAN
B. FLOGI
C. FCNS
D. Userauthentication
10. ASANfabricservicethatrestrictsinitiators’connectivitytotargetsisknownaswhichofthefollowing?
A. LUNmasking
B. VSAN
C. Zoning
D. Accesscontrollists
11. Multiplezonesbegroupedtogetherintowhichofthefollowing?
A. VSAN
B. LUN
C. Zoneset
D. SAN
12. WhatsegmentsaSANswitchingfabricwhereportsareassignedintoseparategroupingsontheMDS,runaseparateprocess,andcanonlycommunicatewiththemselves?
A. Zoning
B. VSAN
C. LUNmasking
D. ACL
13. WhatdevicesconnecttoaSANswitch?
A. JBOD
B. ACE
C. HBA
D. LAN
14. Whichofthefollowingareblock-basedstorageprotocols?
A. CIFS
B. NFS
C. FibreChannel
D. iSCSI
E. FCoE
15. WhatisthedefaultVSANID?
A. 4096
B. 10
C. 1
D. 32768
16. OntheMDS9000serviceFibreChannelswitches,whichfeatureistheequivalentofphysicalfabricseparation?
A. LUN
B. VLAN
C. Zoning
D. VSAN
17. HowwouldyoudeterminewhichportsareassignedtoaVSAN?
A. MDS#showvsan<VSANid>
B. MDS#showfcnsdatabase
C. MDS#showvsan<VSANid>ports
D. MDS#showvsan<VSANid>membership
18. WhichcommanddisplayswhetheranHBAisloggingintotheMDSfabric?
A. MDS#showHBAhost
B. MDS#showhostlogin
C. MDS#showfcns
D. MDS#showflogidatabase
19. ASCSItargetiscontactedbywhichofthefollowing?
A. Initiator
B. Originator
C. Source
D. Successor
20. WhatisthemaximumnumberofactivezonesetsonaMDS9500SANswitch?
A. 3
B. 256
C. 1
D. 1024
Chapter4DataCenterNetworkServices
THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:
6.0DataCenterNetworkServices
6.1DescribestandardACEfeaturesforloadbalancing
6.2DescribeserverloadbalancingvirtualcontextandHA
6.3Describeserverloadbalancingmanagementoptions
6.4DescribethebenefitsofCiscoglobalload-balancingsolution
6.5DescribehowtheCiscoglobalload-balancingsolutionintegrateswithlocalCiscoloadbalancers
6.6DescribeCiscoWAASneedsandadvantagesinthedatacenter
DataCenterNetworkServicesInthedatacenter,manyapplicationsarebestsuitedtorunonthenetworkitself,ratherthanonclientsorservers.Sincealltrafficflowsthroughthenetwork,specialdevicesandsoftwareapplicationscanbeinstalledatthisfocalpointtoprovideacentrallocationforvarioustypesofnetworkservices.
Manytypesoftechnologiesareincludedinthetermservice,suchasserverloadbalancing,networkingmonitoringandmanagementsystems,firewalls,intrusiondetectionsystems(IDS),intrusionpreventionsystems(IPS),networkanalyzers,andSSLoffloaddevices,aswellasotherservices.Bycentralizingtheseservices,
theburdenofinstallingandmaintainingsoftwareacrossmanyserverswithvaryingoperatingsystemsandclientscanbeeliminatedandconsolidatedintoacentralizednetworklocationforeaseofmaintenanceandmanagement.
TheservicedevicesresideattheAggregationlayerofthedatacenternetwork,andtheyareusuallygroupedtogetherinablockwithhighavailabilityandredundancy.Withthegrowthinvirtualization,itispossibletohaveonepieceofhardwareseparatedintomultiplevirtualserviceappliances.
StandardACEFeaturesforLoadBalancingTheApplicationControlEngine,orACE,isaCiscoproductlinethatisnearingtheendoflifebutistouchedonintheCCNADataCenterexambecausetheservicesitprovidesarerelevantregardlessofthehardwareproductsused.Wewillnotgointoallofthevarioustypesofserviceapplications,insteadwewillfocusonaverycommonapplicationserviceknownasloadbalancing.
Asworkloadsandconnectionsincrease,atsomepointasingleserverwillnolongerbeabletohandletheworkloadandscaletheperformanceofwebsitesandotherapplications,suchasDNSorFTPserverfirewallsandintrusiondetection/preventiondevices.Otherload-balancingfunctionsmayincludeoffloadingapplicationsandtasksfromtheapplicationserver,suchastheprocessingforSSL,compression,andTCPhandshakes.Also,byhavingmanyserversworkingtogetherandsharingtheload,redundancyandscalabilitycanbeachieved.
Serverloadbalancingiscommonlyfoundinfrontofwebservers.AsingleIPaddressisadvertisedtothewebserverviadomainnamesystem(DNS).ThisIPaddressisnotthatoftherealwebserver;ratheritisaninterfaceontheACEloadbalancer(seeFigure4.1).Astrafficforthewebsitearrivesatthisinterface,theACEbalancesthetrafficbydistributingtheconnectionstooneofmanyrealserversconnectedtoit.ThisIPaddressisknownasthevirtualIP,orVIP,anditabstractsthepoolofrealserversitrepresents.
FIGURE4.1ACEloadbalancer
TherealserverssitbehindtheACE,andtheyreceiveconnectionrequestsusingapredictor.Apredictoristhemethodtheloadbalancerusestodeterminewhichrealserverwillreceivethenextincomingconnectionrequest.Themostcommonpredictorsarelistedhere:
Round-robinThisisthedefaultmodeontheACEifnothingelseisconfigured.Thenextrequestsarehandedtowebserversonalistfromfirsttolast,andthentheprocessisrepeated(seeFigure4.2).
FIGURE4.2Round-robinpredictor
Least-loadedTheloadbalancercanlookwithinitsconnectiontablesandseewhichserverhastheleastnumberofconnections,orload,asapredictor,asshowninFigure4.3.AllowancescanbemadefortheserverforCPUsizeandutilization,memory,andothermetrics.
FIGURE4.3Least-loadedpredictor
HashingHashingoccurswhenahashiscreatedusingametricsuchasthesourceIPaddress,anHTTPcookie,ortheURLofthewebsite.Thishashisthenusedtomakesurethatanotherconnectionrequestfromthesamesourcewillreachthesamewebserver(seeFigure4.4).
FIGURE4.4Hashingpredictor
Serverresponsetimesandleastnumberofconnectionsareexamplesofotherpredictorsthatcanbeconfiguredonaloadbalancer.AnexampleofleastnumberofconnectionsisshowninFigure4.5.Withtheresponsetimemetric,theACEwillprobetherealserverstoseewhichonehasthefastestreply,anditwillassignanewconnectionrequesttothatserver.Thistakesintoaccountsuchmetricsasprocessorspeedandcurrentprocessing,anditisamoreaccuratemetricthanround-robin.
FIGURE4.5Leastnumberofconnectionspredictor
AnothercomponentoftheACEishealthchecks,whicharealsosometimescalledprobes,asshowninFigure4.6.Probestestthehealthoftherealservers.Theloadbalancerisconstantlycheckingthehealthoftheservers,andiftheyfallbelowaspecifiedthresholdorfailcompletely,theyaretakenoutofrotation.HealthcheckscanbeasbasicasapingoraselaborateasperforminganHTTPGEToperationforapieceofdataonabackendstoragearray.
FIGURE4.6Health-checkingprobes
ThestepstoconfigurealoadbalancerincludedefiningtherealserversbyIPaddressand,usually,theTCPportandthenassigningthemintoapoolorfarmofotherserversthatwillbeusedinloadbalancing.ThevirtualIPisassociatedwiththepool.Otherconfigurationitemsincludethedesiredpredictoralgorithmandthehealthchecks.
ServerLoadBalancingVirtualContextandHATheACEproductfamilysupportsvirtualdevicecontextsonasinglehardwareplatform.Thevirtualdevicearchitectureallowsupto250virtualdevicecontextstobeconfiguredonasinglepieceofhardware.Eachcontextiscompletelyseparateandisolatedfromtheother.Itisalmostasifthereare250separateloadbalancersinasingleACE!ThissavesonpowerandcoolingcostsandthenumberofACEdevicestomanage.
Sincealoadbalancerisacriticalpieceofdatacenterequipment,anditsitsbetweentheInternetandthewebservers,itisimportanttodeploytheminpairsinahighavailability(HA)arrangement.TheACEserversareconnectedwithanHAEthernetlinkthatsynchronizesconfigurationandconnectiontableinformation.TheACEappliancemonitorsthehealthofitspairedACE,andit
willtakeovertheloadbalancingshouldtherebeafailureofoneoftheACEloadbalancersinthepair(seeFigure4.7).
FIGURE4.7ACEHApair
Highavailabilitycanbeeitheractive-active,wherebothACEserversareoperationalandreadytotakethefullworkloadiftheotherfails,oractive-standby,whichisthemostcommonstatewhereoneACEisthemasterandastandbyiswaitingtotakeovershouldthemasterfail.
ServerLoadBalancingManagementOptionsInadditiontothecommand-lineinterface(CLI)fortheACEappliance,thereisalsoCiscoACEDeviceManagersupport,whichprovidesaGUIinterfaceaswellasSNMPsupport(seeFigure4.8).
FIGURE4.8CiscoACEDeviceManager
Multiplerole-basedoptionsareavailable.Youcanconfigurevirtualcontexts,loadbalancing,highavailability,andmanyotheroptionsfortheACEDeviceManager.Thegraphicalinterfaceallowsfordetailedviewingofload-balancingstatisticsformonitoringandmanagingtheACEappliances.
BenefitsoftheCiscoGlobalLoad-BalancingSolutionTheCiscoGlobalSiteSelectorusestheDNSfunctiontooptimizeconnectionrequestsbasedonvariousmetrics(seeFigure4.9).ItintegrateswiththeDNSserverinfrastructureanddirectsincomingconnectionrequeststoremoteorlocalsites.Forexample,allconnectionrequestsinEuropecanbedirectedtoacompany’sEuropeandatacenterinsteadofcrossingtheoceantoanAmericansite.Wecanextendthisfordisasterrecovery;thatis,shouldtherebeafailure,allrequestscanberedirectedtoanotherlocation.
FIGURE4.9CiscoGlobalSiteSelector
Thedatacenterloadmaybeconsideredwhendeterminingwheretosendconnectionrequests,aswellascapacityorcompanypolicies.Also,denial-of-service(DoS)attackscanbeaddressedwithoptionalDDoSprotectionfeatures,suchasblockingDNSrequestsifaDDoSattackisdetected.
ByintelligentlydistributingconnectionswiththeACEglobalload-balancingsolution,userswillexperiencefasterresponsetimes,lessWANbandwidthutilizationonlong-distanceconnections,andbetterdatacenterutilizationandredundancy.
CiscoWAASNeedsandAdvantagesintheDataCenterAsremoteserversandapplicationsarebeingconsolidatedfrombranchlocationstothedatacenter,thereisnowthenewchallengeofdeliveringthesamelevelofserviceremotelyfromthedatacenterthatwasexperiencedwhentheserversresidedlocally.
residedlocally.
TheCiscoWideAreaApplicationServices(WAAS)productlineprovidesWANaccelerationthatgivesremotelocationsLAN-likeresponsetocentrallylocatedstorage,applications,andserversinthedatacenter.WAASservicesacceleratetheperformanceofTCP-basedapplicationsacrossawideareanetwork.WAASreduceslatencyandtrafficacrossawideareanetwork.
WAASservicesallowconsolidationofstorage,applications,printservices,andasinglemanagementlocationbyusingcompression,TCPoptimization,andcachingoffilesbetweenthedatacenterandtheremotebranches.
WAASservicesusemanydifferenttechnologiestoaccomplishWANacceleration.Differentcompressiontechniquesareused,suchasLZandDRE,whichcompressthedatabeforesendingitacrosstheWANlinkandthenperformadecompressionoperationattheremotesitetoincreasethroughputacrossWANlinksthataremuchslowerthanLANspeeds.AttheTransportlayer,WAASemploysTCPmodificationofthewindowsizeandspecializedcongestionmanagementprocesses.AdditionalfeaturesincludefileandprintserverdrivecacheandDHCPservicesattheremotelocations.
TheWAASserviceisdesignedtointegratewithotherservicesonthenetwork,suchasfirewallsandtheACEproducts.TheWAASservicesresidebetweentheclientsattheremotesitesandtheserversinthedatacenter.TheclientandtheserveraretotallyunawarethattrafficisbeingoptimizedacrosstheWAN.Thisisatransparentfunction,becausetheWAASservicesaredeployedinthemiddleanddependonadeviceatboththedatacenterandremotesite.Thesedevicescanbeadedicatedappliance,softwareinahigh-endrouter,oranetworkmoduleinstalledinarouter.
InadditiontotheCLI,aCentralManagerapplicationforWAASprovidesagraphicaluserinterface,managesalloftheWAASservices,andallowscentralcollectionofstatisticsanderrormessages.
SummaryWhilenetworkservicesarenotabigpartoftheCCNADataCenterExam,theyplayacriticalroleinoperations,monitoring,andtroubleshootinginamoderndatacenter.
Sincethenetworkisthecoreofthedatacenter’sconnectivity,andalldatacrossesthenetwork,itisusefultoplaceservicemoduleshereinsteadofattheendpoints,servers,orotheredgedevices.
Manydifferentservicescanbeplacedonthenetworksuchasloadbalancers,intrusion-detectionandpreventionmodules,firewalls,packetcapturedevices,andSSLoffload.
ExamEssentialsUnderstandbasicACEload-balancingfunctions.Itisimportanttounderstandexactlywhatloadbalancingis,thattheVIPistheincomingIPaddressoftheloadbalancer,andthatrealserversareconnectedtosharetheloadoftheservice.TheserviceisgenerallyHTTP/webaccess,butotherprotocolscanbeloadbalanced,suchasDNSandFTP.HealthchecksthatrunfromtheACEtotherealserversmakesuretheapplicationisoperationalsothattheservercanremaininservice.Thereareseveraltypesofload-balancingmetrics,withround-robinbeingthedefaultandmostcommonapproach.
Understandglobalserverloadbalancing(GSLB).Knowthatglobalserverloadbalancinglocalizestraffictothenearestdatacenter,andthatitcanmodifyDNSrepliestotheclienttodirecttraffic.Itisalsousedfordisasterrecoveryandloadsharingbetweenlocations.
WrittenLab41. Explainwhatloadbalancingisandwhyitisusedinmoderndatacenters.
2. Nameandexplainfourload-balancingpredictortypes.
3. Whatishighavailabilityinloadbalancing?
4. WhatisthefunctionofCiscoDeviceManager?
5. Globalserverloadbalancingsolveswhatdatacenterneeds?
6. BrieflydescribeWideAreaApplicationServices(WAAS).
ReviewQuestionsYoucanfindtheanswersinAppendixB.
1. Whatisthedefaultload-balancingpredictorontheACE4710appliance?
A. Hashing
B. Round-robin
C. Responsetime
D. Leastnumberofconnections
2. Whichofthefollowingallowsgeographicalconcentrationofdatacenteraccess?
A. DNS
B. ACE-GLB
C. Hashing
D. VDC
3. Theadvantagesofgloballoadbalancingincludewhichofthefollowingoptions?(Choosethree.)
A. Fasterresponsetimes
B. LessWANutilization
C. Datacenterredundancy
D. Predictorutilization
4. WhichapplicationprovidesGUIsupportforconfiguringaCiscoACEloadbalancer?
A. ASDM
B. UCSM
C. CDM
D. ACEDM
5. Whichofthefollowingarenetworkservicesforsecurity?(Choosethree.)
A. IDS
B. IPS
C. Firewalls
D. SSLoffload
6. Whatload-balancingtechnologyusesametrictoensuresessionpersistence?
A. Predictor
B. Hashing
C. Persistence
D. Probes
7. Inthetieredmodelofdatacenterdesign,wheredotheservicesmodulesattach?
A. Accesslayer
B. Corelayer
C. Aggregationlayer
D. Networklayer
8. Whatarethreeadvantagesofusingvirtualdevicecontextsonservicemodules?
A. Reducedrackspace
B. Reducedpowerrequirements
C. Reducedneedforcooling
D. Physicalseparationofservers
9. Whatarethreeadvantagesofcentralizingnetworkservices?
A. Youdonothavetoinstallsoftwareonmanyservers.
B. Easeofmaintenance.
C. Distributedcontrol.
D. Easeofmanagement.
10. Whatnetworkserviceallowstheconsolidationofstorage,applications,printservices,andasinglemanagementlocationbyusingcompression,TCPoptimization,andcachingoffilesbetweenthedatacenterandtheremotebranches?
A. ACE
B. Predictor
C. WAAS
D. NAM
11. DNSandFTPserverscanscaletohandlelargeworkloadsbyusingwhat
networkservice?
A. WAAS
B. Firewalls
C. ACE
D. VDC
12. Onserverloadbalancers,theIPaddressoftheloadbalancerthatisadvertisedtotheworldonDNSiscalledwhat?
A. VRF
B. STP
C. VIP
D. OTV
13. ACEloadbalancersareconstantlycheckingthehealthoftherealserversconnectedtothemusingwhat?(Chooseone.)
A. Hashing
B. Probes
C. VIPs
D. Round-robin
14. Datacenterservicemodulesconnectatwhichlayerofthedatacentermodel?
A. Access
B. Core
C. LAN
D. Aggregation
15. WAASservicesallowtheconsolidationofwhichservices?(Choosetwo.)
A. Storage
B. Printservices
C. Intrusiondetection
D. Loadbalancing
16. Denial-of-service(DoS)attackscanbeaddressedwithoptionalDDoS
protectionfeaturesusingwhichofthefollowing?
A. WAAS
B. GlobalSiteSelector
C. CiscoDeviceManager
D. Intrusionprevention
17. Whichofthefollowingisanetworkingsecuritydeviceorsoftwareprogramthatallowsforfilteringandsecuritybetweentwointerconnectednetworks?
A. Loadbalancer
B. Siteselector
C. Firewall
D. Intrusiondetection
18. ToconfigurerealserversonACE,whatisneededtodefinetheserver?(Choosethree.)
A. IPaddress
B. VirtualIPaddress
C. Pooling
D. TCPport
19. WAASservicesusewhichofthefollowingtechnologiestoaccomplishWANacceleration?(Choosethree.)
A. Windowsizemodification
B. Firewalls
C. Cache
D. LZcompression
20. Highavailabilityallowsbackupofloadbalancers.WhataretwotypesofACEhighavailabilityconfigurations?
A. Peering
B. Active-active
C. Active-standby
D. Master-slave
Chapter5Nexus1000V
THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:
4.0.DCVirtualization
4.1.Describedevicevirtualization
4.2.Describeservervirtualization
4.3.DescribeNexus1000v
4.4.VerifyinitialsetupandoperationforNexus1k
Untilthesoftware-onlyNexus1000Vswitchesarrivedonthescene,CiscoswitcheswerecomposedofhardwareandtheCiscosoftwarerunningonit.Thisverycoolswitchisvirtual,softwareonly,anditworksonx86serversrunningspecialHypervisorsoftware.
Ifyoudidn’talreadyknowthatvirtualizationisthebiggestleapindatacentertechnologyinadecade,youshouldrecognizethatit’saparadigmshift;thatis,millionsofvirtualmachineshavebeendeployed,andallofthemmustconnecttothephysicalnetworkandtoeachother.Predictably,virtualswitchesarewhatwerelyontomakethiskindofcommunicationhappen,sowe’regoingtocheckoutacoupleofdifferenttypesbeforewefocusontheCiscoNexus1000V.Youshouldgetveryusedtovirtualization,becauseCiscoisvirtualizingevenmorenetworkgoods,suchasfirewallsandgateways.
VirtualSwitches
Okay,Irealizethatnetworkingwasagreatdealeasierbeforevirtualizationwasintroducedtothedatacenter.ServersranasingleOSandwereusuallydedicatedtoaparticulartask—wehadmailservers,webservers,adatabaseserver,andsoforth,andeachoneofthesewasconnectedtoaportonaswitch,asshowninFigure5.1.
FIGURE5.1Traditionalservers
Sometimesserverswereconnectedtomultipleportsforredundancy,addingfaulttoleranceandmakingnetworkadministrativedutiesmorestraightforward.Serveradminswouldmakeanannouncementaboutanewwebservercomingonline,andaportwasassignedtoconnectitrightup.Ofcourse,wehadtoconfigurethatportforthecorrectVLANandpolicieslikeport-specificsecuritysettings,butthatwasn’ttoohard.Forthesakeofexample,let’sputthewebserverportonVLAN20andallowTCPtrafficdestinedtothecommonwebports,80and443.Thewebserverwouldthenconnecttotheappropriateport,asyoucanseeinFigure5.2.
FIGURE5.2Traditionalpoliciesandcontrol
Thistraditionalwayofdoingthingsgaveusindividualcontrolofeachserverandthelinesofresponsibilitywereclearlydrawn:Serveradministratorstookcareofservers,networkadministratorstookcareofnetworking,andthestorageadministrationteamhandledstorageduties.Storageisthethirdsilo.IfaserverbecamecompromisedwithsomethinginvasivelikeaTrojan,avirus,oraworm,intelligentintrusion-preventionsoftwareorantivirussoftwarewouldpolicetheattack.Itmonitoredthenetwork,trackeddowntheroguetraffic’sorigin,andthendecisivelyshutdownthecorrespondingport.So,iftheemailserverwascompromised,wewouldhavejustshutdownthatspecificportuntiltheserverwaspatchedandrepaired.Thisone-to-onerelationshipbetweenserversandinterfacesonaswitchwasoneofthethingsthatmadenetworkmanagementsuchabreeze!
ServerVirtualizationThewindsofchangeblewinwiththevirtualizationofservers,whichrevolutionizedthedatacenterbyallowingmultiple,logicalserverstorunonasinglephysicalbox.IntelhasdevelopedastoundinglypowerfulCPUsthatcan
pullthisoffwithoutahitch.Thenewmemoryarchitectureallowsforatremendousamountofmemoryperphysicalserver,andwiththesemassiveresourcesatourdisposal,wecanrunalegionofvirtualmachinesonasinglehost!
Figure5.3displaysasimpleexampleofserverandnetworkvirtualization,wherethephysicalhostonthelefthastwovirtualmachines,onerunninganemailserver.Theoneontherighthasasinglevirtualmachinethat’srunningSharePointServer.Thesedevicesaren’tawarethatthey’revirtualizedorthatthey’resharinghardwarewithothervirtualmachines,becausefromtheirperspectiveitappearsthattheyhavededicated,physicalsystems.Boththeemailserverandthewebservermustaccessnetworkresourcesviathephysicalnetworkinterfaceonthehost.Thisfactprettymuchscreamsthatwereallyneedawaytomanagetheiraccesstothephysicalnetwork.Anditdoesn’tendthere—communicationsbetweentheseserversmustalsobecontrolledatthevirtuallevel!
FIGURE5.3Serverandnetworkvirtualization
Thekeytomakingthisfeatofvirtualizationpossibleisacomponentcalledahypervisor.Thisimportantpieceofsoftware,suchasVMwarevSphereorMicrosoftHyper-V,allowsustocreatemultiple,logicallydefinedmachinesfromasinglephysicaldevice.
NetworkConnectivity
Networkconnectivityinsidethephysicalhostisvitaltounderstand.Figure5.4illustratesthebasiccomponentsthatpermitcommunicationtoandfromvirtualmachines.Eachofthesedeviceshasoneormorevirtualnetworkinterfacecards,orvnics,whichconnecttoavirtualportonavirtualswitchthatbehavesjustlikeaphysicalswitchdoes—only,wecan’ttouchit!WetakethephysicalNICandchopitupintoabunchofvirtualNICsthatwecanthenattachtothevirtualmachinesrunningonthehypervisor.TrafficfromthevirtualmachineisreceivedbythevirtualswitchandfloodedorforwardedbasedonitsMACaddresstables.Furthermore,trafficfromallvirtualmachinesonagivenphysicalhostthat’sdestinedforlocationsoutsideofitmustexitthroughphysicalinterfaces.Allofthisbegsthequestions:Where,exactly,doweimplementpoliciesonthephysicalswitch,andwheredowedothatonthevirtualswitchaswell?
FIGURE5.4Networkconnectivity
Figure5.5describespoliciesinavirtualenvironment,anditshowsthattheycanbeimplementedinmultiplelocations.Let’stakealookatthevirtualswitchfirstandtalkabouttheconnectivityaspectsofthevirtualmachine,includingVLANspecificsandsecuritypolicies.
FIGURE5.5Policiesinavirtualenvironment
VirtualmachinesareoftenlocatedindifferentVLANs,sotheinterfacecomingoutofthephysicalhostmustbeintrunkmodewhenitconnectstothephysicalnetworkswitchesinordertocarrytrafficfrommultipleVLANs.WecanalsoimplementpoliciesonthephysicalswitchtocontroltrafficbasedontheMACaddressorIPaddress.
EventhoughtheNexus1000VsupportsboththeMicrosoftHyper-VandVMwarevSpheresolutions,we’regoingtofocusonaVMwaresysteminordertocorrelatewiththeexamobjectives.
Figure5.6providesasnapshotofwhat’sgoingoninsidethephysicalVMwareserver.Seethatportgroup?Portgroupsareusedtodefinevariouscharacteristicsofoneormoreportsonavirtualswitch,butusuallyweusethemtodefineVLANs.
FIGURE5.6Insidethephysicalserver
Sofar,we’vebeentalkingaboutvirtualmachineportgroupsbecausethey’rethemostcommon.Normalday-to-daymanagementofavirtualnetworkusuallyrevolvesaroundvirtualmachineportgroups.Butthere’saspecialtypecalledaVMkernelportgroupthat’susedforaccessingIP-basedstorage,hypervisormanagementtraffic,andvirtualmachinemigration.ServiceconsoleportsareusedonolderESXserverstoprovideacommand-lineinterface(CLI).
StandardVirtualSwitchVMwarevirtualswitchesareprettyeasytoconfigure.JustlogintothemanagementinterfaceviathevSphereGUI,webclient,orCLI,createtheportgroup,andthendefinetowhichVLANitbelongs.ThestandardvirtualswitchisincludedinVMwareEssentials,EssentialsPlus,Standard,andEnterpriseversions.
Whenyoucreateavirtualmachine,thevirtualnetworkinterfaceisassignedtoaportgroup.Usingtemplatesmakesthingseveneasierbecausetheyletyoucreateawholebunchofsimilarvirtualmachines.WhenusingVMware’sstandardvSwitches,keepinmindthattheymustbeconfiguredindividuallyoneachhost.Anotherimportantfactoristhattheydon’treplicate,soanychangesmadetoone
host’sstandardvSwitchmustbemanuallymodifiedonalloftheotherstandardvSwitchesifyouwantconsistency.Thisincreasesthemanagementeffort,thatis,havingtoconnectandmakechangestoeachindividualstandardvirtualswitch.UnderstandthatcoolfeatureslikevMotionwillfailifthestandardvSwitchconfigurationsaren’tconsistentamongallhosts!
AVMwareserverhasthecapacityformorethanonestandardvirtualswitch(vSwitch)tobeactiveatthesametime.RemembertheseareLayer2switches,sotheyprovidebasicfunctionalityforportchannels,CDP,andtrunking.
Clearly,standardswitchconfiguration,asshowninFigure5.7,cangetalittlecomplicatedifyouhavemanyservers,becauseyoumustconfigureeveryhostseparately.ThismeansthatifyouwanttocreateVLAN20onallsixofthesehosts,youwouldhavetoconnecttoeachoneandcreateVLAN20oneverystandardswitch.Thistypeofconfigurationcancreatenumerousproblems.Besidesthetediumandoverheadissues,there’stheveryrealthreatofamisconfigurationbetweenstandardswitches.
FIGURE5.7Standardswitchconfiguration
CheckouttheexampleinFigure5.8,wherewewanttovMotionavirtualmachinethat’scurrentlyassociatedwithaportgroupassignedtoVLAN20.vMotionpermitsalivemigrationofourvirtualmachinefromonephysicalhost
toanotherwhilethevirtualmachineisrunning.Ofcourse,thevirtualmachinethat’sbeingvMotionedexpectstofindthesameenvironmentonthedestinationhostthatexistsonthesourcehost.Ifthatdoesn’thappen,themachinewon’thavethenecessaryresourcestocompletetheprocessandvMotionwillfail.
FIGURE5.8FailedvMotion
Thisiswhystandardvirtualswitchesaregreatforsmallenvironmentsbutnotforlargedatacenterenvironments—theyjustdon’tscaleupwellenough.Forthatreason,we’regoingtomoveontoexplorethewondersofthedistributedvirtualswitch.
VMwareDistributedVirtualSwitchSohowdoyougoaboutsecuringaconsistentconfigurationforeveryoneofyourvirtualswitches?Youhavetocentralizetheconfigurationintoasinglepoint,that’show!TotherescuecomessomeverysweettechnologycalledVMwaredistributedvirtualswitch(DVS).DVScomesonlyintheEnterprisePluseditionofVSphere,anditisrequiredifyouplantoinstalltheCisco1000Vswitches,becauseitincludesalloftheapplicationprograminterfaces(APIs)requiredforthirdpartiestoinstalltheirvirtualswitchesintoVMWare.ItworksviaacentralizedmanagementserverwithinVMwarecalledvCenter,whichprovidesawaytomanageadistributedvirtualswitch.TheideaisforasinglelogicalswitchtoservetheentireVMwareenvironment,asshowninFigure5.9.
FIGURE5.9Distributedvirtualswitch
Tomakethishappen,youhavetologintovCenter,gotoDVS,andcreateanewportgroupforVLAN20.Itworkslikethis:OncetheportgrouphasbeencreatedinDVS,vCenterwillthenreachouttoeachphysicalserverassociatedwiththatspecificDVStocreateorreplicatetheportgrouponeveryoneofthosemachines.ThisishowDVSsecuresconsistentconfigurationthroughoutyourenvironment.
Asifthatwasn’tcoolenough,DVScanimpressivelytrackavirtualmachine’sportgroup,itspolicy,andstatistics,evenifthatvirtualmachinevMotionsfromonehosttoanotherhost—sweet!
EventhoughVMware’sDVSprovidesasuper-sleeksolutionformanagingawholebunchofvirtualswitchesatonce,youstillhavetwochallengingissuestotacklewiththistypeofimplementation.Thefirstoneisthatjustbecauseyouhaveacompletelyfunctionalswitch,itdoesn’tmeanthatyoualsohavealloftheadvancedcapabilitiesthatamodern,physicalswitchfromCiscoorothermajorvendorhas.YoursecondchallengepresentsitselfinFigure5.10.Inthefigure,youcaneasilyseethatactuallyyounowhaveaCiscoswitchplusaVMwareswitchtomanage—twodistinctlydifferenttypes!
FIGURE5.10Networkadministrationinavirtualenvironment
Thisisaproblem—andabigoneatthat.Ciscoadministrators,whoareusedtohavingsupremecontrolovertheirnetworks,arenowfacedwithmanaginginaVMwareenvironmentinadditiontotheirnativeCiscoenvironment.Andthey’renotalone—VMwareadminsmustnowdealwithanunfamiliarCisconetworkand,predictably,thiskindofsplitadministrationcancausealotofgrief!Becausethenetworkingteamcanonlybeinchargeoftheconnectiontothephysicalswitch,theyalsolosesomevisibilityintothevirtualnetworkandtheaccessportsthatconnecttothevirtualservers.Thiscomplicatestroubleshooting,anditdoesnotallowforsecurityfeaturestobeimplementedinsidethevirtualswitch.Withthelossofmanagementandmonitoringtoolsinthestandardswitchconfigurations,amoreefficientapproachwasneeded.RollingoutasimpleVLANnowrequirestwototallydifferentgroupsofadministrators.Theproblemisn’tsimplythatyounowhaveadistributedvirtualswitch.Atitscore,theproblemisthatthenewswitchisn’taCiscodistributedvirtualswitch,whichleadsstraighttotheNexus1000Vforthesolutiontothisdilemma!
Nexus1000VSwitchThereasonthattheNexus1000Vswitchissuchatightsolutionisthatthisdeviceis,infact,adistributedvirtualswitchthatalsohappenstoberunninga
CiscoNexusNX-OSoperatingsystemwithanextensivelistofvaluablefeatures.The1000VactuallyreplacestheVMwaredistributedvirtualswitchinaVMwareenvironment,whileitfullyappearstotheVMwareadministratorasjustanothertypeofdistributedvirtualswitch.CiscoadministratorsaregivenabonafideCiscoNexusswitchdevicerunninginthevirtualenvironment,andtheycanuseallofthetoolsandcommandswhilegettingeverybitofthefunctionalitytowhichthey’vegrownaccustomed.Thisisarareandvaluablewin-winsolutionforall!
Ofcourse,allofthismeansthatthewholeadministrationmodelforthenetworkmustchange.VMwareadministratorsarenolongerresponsibleformanagingthevirtualnetwork,andrelievedofthatburdentheycannowfocusallresourcesonadministeringvirtualmachines.Wheneverachangeneedstobemadeonthenetwork,eitherphysicallyorvirtually,theCiscoadministratorwillbeabletohandleitwithoutpause.Thisalsonowgivesthenetworkteamtheabilitytomanagethenetworkallthewaytothevirtualmachine’sNICcard,anditgivescompletevisibilitytothenetworkmanagementtools.
Asofthiswriting,therearethreedistinctswitchtypesavailableinavirtualenvironment:
Standardvirtualswitchesconfiguredonaper-hostbasis.
VMwareDVSformanagingasinglelogicalswitchthatspansmultipleserversusingVMwaretools.Theaddedfeaturesofthestandardswitchincludeportmirroring,QoS,inboundtrafficshaping,NICteamingbasedonthetrafficload,netflowtrafficmonitoring,LACP,andLLDP.
TheNexus1000VDVSthatpermitsuseofCiscotoolsandaddedfunctionalityovertheVMwareDVSincludingaccesscontrollists,portsecurity,SPAN,ERSPAN,privatevLANs,andQoSmarking.Therearealwaysnewfeaturesbeingaddedwitheveryreleaseofallthreetypesofswitches,soitisbesttocheckonlinetoseeifthefeaturesthatyouneedhavebeenaddedtothevirtualswitches.
WhenVMwaredesignedthenetworkingarchitecturefortheirservers,theywiselycreatedapluggablesystemwherethird-partyvendorscouldcreatemodules.ThesewereaddedtotheEnterprisePluseditionofVSphere,andtheyarepartofthedistributedswitch.Ciscowasthefirstcompanytobite,creatingadistributedvirtualswitchforVMware.IBMwasthenextcompanyupwiththeintroductionofthe5000Vdistributedvirtualswitch.
Nexus1000VComponentsTheNexus1000VwasdesignedtoemulateotherCiscolargeswitches.Atypicaldatacenterchassis-basedswitchhastwosupervisormodulesformanagingtheswitch,plusanumberoflinecardsthatprovidenetworkconnectivityandforwardtraffic.
VirtualSupervisorModuleDiggingalittledeeper,theVirtualSupervisorModule(VSM)isthebrainoftheNexus1000V.Itiswhereallconfigurationandmanagementoccurs.TheVSMisinchargeofallmanagementandcontrolfunctionsofthevirtualNexusLayer2switch.However,itisnotinchargeofactuallypassingdataframestoandfromthehostinterfaces.
TheVSMissimilartoafullyfunctioningNexus7000seriessupervisormodule.TheVSMalsocommunicateswiththevCentermanagersothatthemanagementdomainsfromtheCiscoNX-OSoperatingsystemandthevCentercanshareadministrationandconfigurationinformation.ItisrecommendedthatyouinstalltwoVSMs,justastherearetwosupervisormodulesonaphysicalswitch,whichprovideredundancyandaddedstabilitytothenetwork.TheVSM’svirtualappliancecanalsobeinstalledonstand-alonehardwaremadebyCiscocalledthe1010.
TheVSMisinstalledasavirtualapplianceontwoseparateESXihosts.Technically,youcouldinstallthembothonthesamephysicalserver,butifyoudidandtheserverwentdown,youwouldeffectivelyloseallabilitytomakeanychangestotheswitchingenvironmentandtheveryfaulttolerancethatyou’reattemptingtobuild.Foradditionalfaulttolerance,youcanevenruntheVSMsintwocompletelydifferentdatacenterstoallowforresiliencyandhotstandbyshouldyoueverloseconnectionsbetweenlocations.
EachVSMrunsacopyoftheNexusOperatingSystem(NX-OS)that’sverysimilartotheonethat’srunningonthephysicalNexusswitches.Forthoseofyouwhojusthavetohavesomehardwareintherack,CiscoalsomakesapplianceversionsoftheVSMcalledthe1010andthe1100Vvirtualserverappliances.YoucanconnecttotheVSMcommand-lineinterfaceandexecutecommandswithwhichyouarealreadyfamiliarlikethis:
n1000v#configt
n1000v(config)#
n1000v(config)#vlan5
n1000v(config-vlan)#
n1000v(config)#showvlanid5
n1000v(config)#copyrunning-configstartup-config
n1000v#ping172.28.15.1
PING172.28.15.1(172.28.15.1):56databytes
Request0timedout
64bytesfrom172.28.15.1:icmp_seq=1ttl=63time=0.799ms
64bytesfrom172.28.15.1:icmp_seq=2ttl=63time=0.597ms
64bytesfrom172.28.15.1:icmp_seq=3ttl=63time=0.711ms
64bytesfrom172.28.15.1:icmp_seq=4ttl=63time=0.67ms
---172.28.15.1pingstatistics---
5packetstransmitted,4packetsreceived,20.00%packetloss
round-tripmin/avg/max=0.597/0.694/0.799ms
YoucanseeifthereareanyotherVSMsbesidestheonetowhichyouareconnectedbyexecutingtheshowmodulecommand:
n1000v#showmodule
ModPortsModule-TypeModel
Status
-------------------------------------------------------------
---------
10VirtualSupervisorModuleNexus1000V
ha-standby
20VirtualSupervisorModuleNexus1000V
active*
3248VirtualEthernetModuleNAok
ModSwHw
------------------------
14.2(1)SV1(4)0.0
24.2(1)SV1(4)0.0
34.2(1)SV1(4)VMwareESXi4.1.0Releasebuild-208167(2.0)
ModMAC-Address(es)Serial-Num
---------------------------------------------------
100-19-07-6c-5a-a8to00-19-07-77-62-a8NA
200-19-07-6c-5a-a8to00-19-07-79-62-a8NA
302-00-0c-00-03-00to02-00-0c-00-03-80NA
Youshouldfindthreemodulesintheoutputofthiscommand.TwoofthemareVSMs,butonerepresentsamodulethatwehaven’tdiscussedyet—theVirtualEthernetModule(VEM),whichwe’llgettoinaminute.Fornow,focusonthefirstsupervisormoduleintheright-handcolumninthepreviouscodesnippetthatsaysha-standby.Thisindicatesthatthatmoduleisn’tcurrentlyinchargeofoperations.Thesecondone,whichispresentlyincharge,isindicatedbythe
active*notation.DidyounoticethatthesecommandsarethesameastheyareonotherphysicalNexusswitches?Goodjob!
VirtualEthernetModuleRememberthis—theVirtualEthernetModuleisinstalledoneachVMwareESXiserver’shypervisorkernel,andonlyoneinstanceissupportedperhostthat’sgoingtobemanagedbytheNexus1000Vswitchsupervisormodules.Itworksasaremotelinecard,anditisresponsibleforforwardingframes.NoconfigurationisapplieddirectlyontheVEM;it’sperformedontheVSMinstead.TheVEMisinchargeofpassingserverdatatoandfromtheexternalphysicalnetworkandthevirtualinterfacecards.Itdoesnotpassthedatathroughthesupervisormoduleatall.AsingleNexus1000VswitchcanaccommodateuptotwoVSMsand64VEMs,butbeinglimitedto64VEMsrarelyfactorsintoimplementationbecausemostVMwareclusterstypicallycontainonly8–16servers.
CommunicationbetweentheVEMandVSMTheremustbeapathtosendtheinformationtotheVEMofeveryhostforaconfigurationcommandtobeenteredontheVSM.Therealsomustbeapathforthetrafficcreatedwhenamessagethat’sdestinedfortheVSMisreceivedbytheVEMfromthenetwork.VLANsarethetoolsthatwetypicallyusetocreatethesethree,separatenetworks,allofwhichareusedtocommunicatewiththeVSM:
ThecontrolVLANthatcarriesconfigurationinformationbetweentheVSMandtheVEMs,anditalsoprovidescommunicationamongVSMsandkeepaliveheartbeats
ThepacketVLANthatcarriesnetworkinformationlikeLACP,NetFlow,SNMP,andCDP
ThemanagementVLAN,whichisusedbyanadministratortoconnecttoandmanagetheVSM
CommunicationbetweentheVSMandvCenterIt’sreallyimportanttonotethattheconfigurationthat’simplementedontheVSMmustnotonlybesenttotheVEMbutalsobereflectedintheVMwarevCentertobeusedbytheVMwareadministrator.Tofacilitatethis,VMwarehascreatedanapplicationprograminterfacecalledVirtualInfrastructure
Methodology(VIM),whichisusedbyaNexus1000Vtosendnetworkconfigurationinformation.
ButwhatgivestheNexus1000VpermissiontomakechangestothevCenternetworkconfiguration?Aspecialsecuritycertificatefromthe1000VcalledaServerVirtualizationSwitch(SVS)connectionisinstalledintovCenter,givingitthisauthority.Youcanverifyitfromthecommandlinelikethis:
n1000v(config-svs-conn#)showsvsconnectionsvc
connectionVC:
hostname:12.8.1.1
protocol:vmware-vimhttps
certificate:default
datacentername:MyDC
DVSuuid:6dfd375037450564-b9a4904e66
configstatus:Enabled
operationalstatus:Connected
n1000v(config-svs-conn#)
Okay—there’sabitofinformationhere,buttherealkeyisfoundtowardthebottomofthecodesnippetwhereitindicatesthattheoperationalstatusis“connected.”ThisisimportantbecauseittellsyouthattheSVSconnectionisworkingandthatthe1000VswitchcanpassconfigurationandoperationalinformationtovCenteroverthemanagementnetwork.
PortProfilesYoualreadyknowthatVMwareusestheconceptofportgroupsfordefiningasetofnetworkcharacteristicsandpolicies,butyouprobablydidn’trealizethatthe1000Vusesasimilarconstructcalledaportprofile.Portprofilesareusedtocreateagroupofsettingsthatcanbeappliedtooneormoreinterfaces.Thissavesyoualotofconfigurationeffortandreducesthechanceforerrors.Allyouneedtodoismaketheportprofileandthenassignittotheportswhereit’sneeded,andalloftheportswillinherittheconfiguration.Shouldyouneedtochangeaspecificportconfiguration,youcanaddthechangeattheportlevelanditwilloverridetheprofileassignedtothatport,becausethemorespecificconfigurationshaveprecedenceoverthemoregeneralprofiles.Portprofilescanbeassignedtobothphysicalports(vmnics)andthevirtualinterfaceports(vnics)forvirtualmachines.Moreover,eventhoughit’stechnicallypossibletoconfigureindividualinterfacesmanually,Ciscostronglyrecommendsusingportprofilesinstead.They’recreatedfromtheNX-OScommandline:
n1000v#configt
n1000v(config)#port-profilewebservers
n1000v(config-port-prof)#switchportmodeaccess
n1000v(config-port-prof)#switchportaccessvlan300
n1000v(config-port-prof)#noshutdown
n1000v(config-port-prof)#VMwareport-groupWWWservers
n1000v(config-port-prof)#stateenabled
Thisoutputrevealsthatwe’vejustcreatedaNexus1000Vportprofilecalledwebservers.Let’sreviewsomeofitscharacteristics.webserversisconfiguredasanaccessportprofileassignedtoVLAN300.Alternatively,itcould’vebeenconfiguredfortrunkingmultipleVLANs.Thenoshutdowncommandselectsthedefaultsettingofaninterfacewhenavirtualmachineconnects.ThenexttwostatementsrelatetotheconnectionbetweentheNexus1000VandthevCenterserver.ThefirstonedefinesthenameoftheportgroupthatwillbecreatedinvCenter,andthesecondonedirectsthatthisportprofileshouldbesentthere.
InstallingNexus1000VWhenCiscofirstreleasedtheNexus1000V,installationwasanepicnightmaredreadedbymany.Thegoodnewsisthatithasbecomesomucheasiertodosincethen!Nowwehavesimplewizardsthatmaketheinstallationrelativelypainless.Still,thereareacoupleofdifferentwaystogoabouttheinstallationbasedonyourexperiencelevel.Forthisexample,we’regoingtousetheGUIbecauseit’sreallythefastestwaytogetaNexus1000Vupandrunning.
Alittledisclaimerhere—thisbookisn’tareplacementfortheCiscoNexus1000Vinstallationmanual,butitshouldclearthewaytogetyoustarted.InstallingtheNexus1000Vcanalsobeviewedasdoingamigration,anditshouldbeplannedaccordingly.
InstallationPreparationThoughnoonewouldrecommendsayingthismorethanonce,it’strue:priorproperplanningpreventspoorperformance!Clearly,youstillneedsoftwareandaVMwareserveronwhichtoinstallit,butthereareafewthingstosortoutfirst.First,thebasicsneededfordeployingaNexus1000VareaVSM,aVEM,andalicensekey.
Next,it’sgoodtoselectanamingconventionforyourswitches.Remember,you’llhavetwoVSMs,socomingupwithanamingstandardthatreflectsthisisagoodidea.AndchooseamanagementIPaddressandsubnetmaskthat’saccessiblefromtheadministrator’ssubnetwhileyou’reatit.
accessiblefromtheadministrator’ssubnetwhileyou’reatit.
Oncethat’sdone,createaseparateVLANformanagement,packet,andcontroltraffic.Don’tforgetthatyoualsoneedalloftheconnectioninformationforlinkingthe1000VtothevCenterserverincludingcredentials,IPaddress,andlocationtoinstallthe1000V.Also,ifyou’regoingtohavemorethanone1000V,youshouldselectaDomain-ID,whichhastobeuniqueifthereareotherNexus1000Vinstancesinstalledintheenvironment.
Nexus1000VSoftwareYougetthissoftwarefromCisco’swebsite,andyoumusthaveavalidCCOID.Thesoftwareusedtobeofferedfora60-dayfreetrial,butnowCiscohasalightversionthat’sfreeforever.Ifyoudon’talreadyhaveoneofthese,it’ssimpletocreateone.JustnavigatetotheNexus1000VsoftwareontheCiscowebsite,downloadit,gotothefolderwhereit’sbeensaved,andunzipthefile.
We’llbeusingatypeoffilecalledOVF,whichstandsforOpenVirtualizationFormat.TheOVFtemplatedefinesthebasiccharacteristicsofthevirtualmachine,anditscontentsandOVFfilesarecompatiblewithVMware,ESXihosts,andVMwaredesktopproducts.Othervendorsalsosupportthisformat,butthe1000VisreallydesignedforinstallationonanESXiserver.
DeployingtheOVFTemplateAnOVFtemplatecandeployedfromwithinvCenter.UndertheFilemenu,selectDeployOVFTemplate,asshowninFigure5.11.
FIGURE5.11DeployOVFTemplate
Next,selectthesourcelocationfortheOVFfile,whichshouldbeplacedwhereveryouunzipthearchive,asshowninFigure5.12.Onceyoulocatethefile,clickNexttocontinue.
FIGURE5.12Selectthesourcelocation
Figure5.13containsdetailsaboutthetemplate,andit’sreallyjustthereforinformationalpurposes.ClickNexttocontinuetheinstallationprocess,whichwillcausetheEULAscreentoappear.AccepttheagreementandclickNext.
FIGURE5.13VerifyOVFtemplatedetails
Inthenextthreesteps,NameandLocation,DeploymentConfiguration,andDatastore,maketheappropriateselectionsforyourenvironment.ChooseanamefortheVSMthatindicatesthatit’sthefirstoftwoVSMs.
ThePropertieswindowiswhereyouenterthemostcriticalsettings:thepassword,managementIPaddress,andotherimportantsettings,asshowninFigure5.14.Aftercompletingthisform,clickNextandthenFinishinordertobegintheinstallation.
Oncetheinstallationiscomplete,yourNexus1000Visaccessible.Whileit’struethatyoucan’tdoawholelotwithityet,itisrunning!
FIGURE5.141000Vproperties
InitialConfigurationTobeginconfiguration,openawebbrowser,pointtotheIPaddressoftheVSMthatyou’vejustcreated,andclicktheLaunchInstallerApplicationlink.Thisinstallerwilltakeyouthroughthefollowingsteps:
1. EnterVSMcredentials
2. EntervCentercredentials
3. SelecttheVSM’shost
4. SelecttheVSMVMandportgroups
5. ProvideVSMconfigoptions
6. Summaryreview
7. DVSmigrationoptions
8. Summary:migrateDVS
We’renotgoingtocovereachstepcomprehensively,becauseit’sbeyondthescopeofthisbookandyoucanrefertoCisco’sinstallationguideforthatinformation.However,wedoneedtocoverstep2,whichisshowninFigure5.15.ThevCentercredentialsstepiswherethelinkbetweentheNexus1000VandvCenterisestablished,andit’sherethatwe’llcreatetheSVSconnectionthatwetalkedaboutearlierinthischapter.
FIGURE5.15vCentercredentialsentryscreen
It’simportantnottotrytocontinueiftheprocessfailshere,becausedoingsocouldresultinhavingtoreinstalltheNexus1000V!Butifthingsproceedwithoutaglitch,onceyou’vecompletedalleightwizardsteps,youshouldhaveafunctioningVSM.TheinstallationoftheVEMscanbeautomatedusingtheVMwareupdatemanagerorbymanuallyinstallingthem.
VerifyInstallationYoumustexecuteseveralcommandsintheproperordertoverifythattheNexus
1000Visupandrunning.Thefirstoftheseistheshowmodulescommand.ThistoolwillrevealallofthemodulesthatareinstalledonyourNexus1000VineachVMwareserver.ThereshouldbeoneVirtualEthernetModule(VEM)foreachVMwareserver,andthefollowingoutputprovidesagreatexampleofthis:
n1000v#showmodules
ModPortsModule-TypeModel
Status
-------------------------------------------------------------
----1
0VirtualSupervisorModuleNexus1000Vha-
standby
20VirtualSupervisorModuleNexus1000V
active*
3248VirtualEthernetModuleNAok
Onceyou’veverifiedthatallofyourcomponentsareinstalled,youneedtoverifythecommunicationbetweenNexus1000VandtheVMwarevCenterserver.Todothat,justexecutethecommandshowsvsconnections,andchecktoseeiftheoperationalstatusdisplaysConnected.
n1000v(config)#showsvsconnections
connectionVC:
hostname:12.8.1.1
protocol:vmware-vimhttps
certificate:default
datacentername:MyDC
DVSuuid:6dfd375037450564-b9a4904e66
eb8cf5
configstatus:Enabled
operationalstatus:Connected
n1000v(config-svs-conn#)
TheshowsvsdomaincommandletsyouverifythatchangesmadetotheVSMarebeingpusheduptotheVMwarevCenterserver,andthefollowingoutputrevealsthatthepushtovCenterwassuccessful:
n1000v(config)#showsvsdomain
SVSdomainconfig:
Domainid:100
Controlvlan:190
Packetvlan:191
L2/L3Aipcmode:L2
L2/L3Aipcinterface:mgmt0
Status:ConfigpushtoVCsuccessful.
Okay.Sofarwe’veverifiedourcomponents,aswellasthefactthattheVSMissuccessfullycommunicatingwithvCenter.ThefinalstepistoverifytheVEMstatus.EachVMwareserverisidentifiedbyaUniversallyUniqueIdentifier(UUID)andthecommandshowmodulevemmappingwillrevealthespecificmodulenumbersthatcorrespondtoeachUUID.Inthefollowingoutputyoucanseethatmodule4ismissing,soeitherthemachineisn’tpoweredonortheVEMisn’tcommunicatingwiththeVSM:
n1000v(config)#showmodulevemmapping
ModStatusUUIDLicenseStatus
-----------------------------------------------------------
3powered-up93312881-11db-afa1-0015170f51a8licensed
4absent33393935-5553-4538-35314e355400unlicensed
n1000v(config)#
InadditiontothecommandsavailableontheNexus1000V,therearealsothreecommandsforverifyingtheVEMstatusundertheVMwareEXSservercommandline:vemstatus,vemcmdshowport,andmodulevemXvemcmdshowcardinfo.Thesetoolsprovidesomegreatinformation,asyoucanseeinthefollowingoutput.
ThevemstatuscommandverifiesthattheVEMmoduleisloadingandrunning:
~#vemstatus
VEMmodulesareloaded
SwitchNameNumPortsUsedPortsConfiguredPortsMTU
Uplinks
vSwitch0643641500
vmnic0
DVSNameNumPortsUsedPortsConfiguredPortsUplinks
n1000v2569256vmnic1
VEMAgentisrunning
ThevemcmdshowportcommanddisplaystheVEMportonthehostandonthe1000V,includinginformationregardingtheport’sstatus:
~#vemcmdshowport
LTLVSMPortAdminLinkStatePC-LTLSGIDVemPort
18Eth3/2UPUPF/B*0vmnic1
Thecommandmodulevem3vemcmdshowcardinfodisplaysthecardname,carddomainID,cardslot,VLANinformation,andMACaddresses:
~#modulevem3vemcmdshowcardinfo
CardUUIDtype0:4908a717-7d86-d28b-7d69-001a64635d18
Cardname:sfish-srvr-7
Switchname:N1000v
Switchuuid:5084065081364c22-9b4ec53e1f67e5ff
Carddomain:11
Cardslot:12
ControlVLANMAC:00:02:3d:10:0b:0c
InbandMAC:00:02:3d:20:0b:0c
SPANMAC:00:02:3d:30:0b:0c
USERDPAMAC:00:02:3d:40:0b:0c
ManagementIPaddress:172.28.30.56
Maxphysicalports:16
Maxvirtualports:32
CardcontrolVLAN:3002
CardpacketVLAN:3003
There’sonelastplacetoverifytheinstallation,thatis,viatheGUIofvCenter.TheNexus1000VshouldshowupundertheHome➢Inventory➢Networkingsection.Thesummaryinformationwilldisplaythenumberofhostsandvirtualmachinesassociatedwiththe1000V,asshowninFigure5.16.
FIGURE5.16vCenterNetworkingSummaryscreen
OurNexus1000Visnowoperational,andtheinstallationhasbeencompletedsuccessfully.It’sfullyfunctionalandreadytogo!
SummaryIfyou’refindingthe1000VtobethemostchallengingthingtolearnforyourCCNADataCentercertification,noworries—itisthiswayforalotofpeople.Themerefactthatyou’reconnectingaswitchthatdoesn’tphysicallyexisttovirtualmachinesthatdon’treallyexist,viavirtualnetworkcardsthatdon’texisteithercertainlydoesmakethisaconceptualreach!Somecheerynewsisthatthistopicdoesn’tencompassabigportionoftheCCNAobjectives,soyoucanrelax—atleastalittle.
JustmakesurethatyouunderstandtheadvantagesoftheNexus1000Vversusthealternative:standardanddistributedswitches.Alsobecomefluentintheterminologywithagoodgraspofportgroupsandportprofiles.
ExamEssentialsDescribethenetworksusedforcommunicatingwiththeVSM.Thethreenetworksarepacket,control,andmanagement.Thecontrolnetworkcarriesconfigurationinformationandheartbeatkeepalives.ThepacketnetworkcarriesnetworktrafficlikeCDP,netflow,SNMP,multicastsnooping,andotherpacketsthattheVEMsendstotheVSMtobeanalyzed.ThecontrolnetworkisusedasaconnectiontoaredundantVSMandtheVEMsonthehostservers.ThemanagementnetworkisusedforloggingintotheVSMforadministrationandforcommunicationtotheVCenterserver.TheVEMmodulescanbedisplayedwiththeshowmodulescommand.
KnowtheconfigurationfortheVSMtoconnecttoVMwarevCenter.TheSVSconnectiondefinesthelinktovCenter,andthestateenabledcommandontheportprofilepushesittotheserver.Theconnectioncanbeverifiedwiththeshowsvsconnectionscommand.ThemanagementinterfaceoftheVSMisusedtocommunicatewiththevCenterserver.
UnderstandtherequirementstodeployaNexus1000V.ThefundamentalitemsneededtodeployaNexus1000VareaVSM,aVEM,andalicensekey.TheNexus1000VrequirestheEnterprisePluseditionofvSphere4.0orhigher.
DescribetheadvantagesoftheNexus1000V.TheadvantagesovertheVMwareDVSareaccesscontrollists,portsecurity,SPAN,ERSPAN,andsupportforadvanceddatacenterfeaturesincludingnetworkvisibilitytothevirtualmachineNIC,networkmonitoringandmanagementinsidethecomputerhostingthevirtualmachines,andQoSmarking.Italsoprovidesafamiliarcommand-lineinterfaceandfeaturesetthatexternallyconnectedNexusLayer2switchesofferintheNX-OSoperatingsystem.
WrittenLab51. virtualswitchesneedtobeconfiguredseparatelyoneachVMwareserver.
2. WhatcommandcanbeusedtoverifytheconnectivitybetweentheVMwareserverandtheNexus1000V?
3. OntheNexus1000,whichcommandwillshowtheconnectedVEMs?
4. TheactsasthebrainofaNexus1000Vswitch.
5. Whencreatingaportprofile,whichcommandensuresthattheportprofileinformationwillbesenttothevCenterserver?
6. OntheNexus1000V,keepalivemessagesaresentoverwhichnetwork?
7. True/False:The1000VcansupportERSPAN.
8. Whatmodulefunctionsasaremotelinecard?
9. WhathappensifavirtualmachineisvMotionedtoaserverthatdoesnothavetheneededVLAN?
10. Howdoesavirtualmachineconnecttoavirtualswitch?
ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter'smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook'sIntroduction.YoucanfindtheanswersinAppendixB.
1. WhichcommandonaNexus1000VVSMpushesaportprofilecalledFunDatatotheVMwarevCenterserver?
A. N1K(config)#port-profileFunData
N1K(config-port-prof)#pushenabled
B. N1K(config)#port-profileFunDataN1K(config-port-prof)#pushupdate
C. N1K(config)#port-profileFunDataN1K(config-port-prof)#updateenabled
D. N1K(config)#port-profileFunDataN1K(config-port-prof)#stateenabled
2. KeepalivemessagesbetweentheVSMandVEMareprovidedbywhichinterface?
A. Packet
B. Control
C. Management
D. Heartbeat
3. WhatcommandontheNexus1000VVirtualSupervisorModuledisplaystheconnectedVEMs?
A. N1K#showstatus
B. N1K#showvem
C. N1K#showmodules
D. N1K#showinterface
4. WhatcommandvalidatestheconnectionbetweentheNexus1000VVSMandVMwarevCenter?
A. N1K#showsvsstatus
B. N1K#showsvsconnections
C. N1K#showvcenterstatus
D. N1K#showvcenterconnections
5. WhatisrequiredtodeployaNexus1000V?(Choosethree.)
A. VSM
B. VEM
C. VRF
D. VDC
E. Licensekey
6. WhatdoesthecontrolinterfaceprovideontheNexus1000V?
A. ACLI
B. High-speedthroughput
C. SVIcommunication
D. Heartbeatmessages
7. WhatdoesthestateenabledcommanddoontheVirtualSupervisorModulesonaNexus1000V?
A. Enablesaninterface
B. EnablesVRF
C. PushestheportprofiletovCenter
D. EnablesVLAN
8. WhatdoestheshowmodulescommanddoontheVirtualSupervisorModulesonaNexus1000V?
A. ShowstheconnectedVEMs
B. Showsloadedprocesses
C. Showsloadedservices
D. Showsenabledfeatures
9. WhatdoesthecommandshowsvsconnectionsaccomplishonaNexus1000VVSM?
A. Verifiestheswitchedvirtualservice’sIPaddress
B. EstablishesaconnectiontovCenter
C. EstablishesaconnectiontotheVSM
D. VerifiestheconnectionbetweentheVSMandvCenter
10. WhichfeaturesdoestheNexus1000VhavethattheVMwareDVSdoesnot?(Choosethree.)
A. Portsecurityandaccesscontrollists
B. PrivateVLANs
C. Statisticsmigration
D. SPANandERSPAN
E. QoSmarking
11. Whatisanexampleofavirtualswitch?
A. Hyper-V
B. Catalyst
C. VMware
D. Nexus1000V
E. Alloftheabove
12. Choosetwoexamplesofswitcheswithacentralizedcontrolplane.
A. Standardvirtualswitch
B. VCenter
C. Distributedvirtualswitch
D. VMware
E. Nexus1000V
13. Thestandardvirtualswitchhaswhichofthefollowingfeatures?(Choosethree.)
A. VSpheremanagementinterface
B. Portgroups
C. Portsecurity
D. Distributedarchitecture
E. Portchannels
14. TheVMWaredistributedvirtualswitchincludeswhichofthefollowing?(Choosethree.)
A. Hyper-Vintegration
B. Applicationprograminterfaces
C. Centralizedmanagementserver
D. ERSPAN
E. SinglelogicalswitchfortheentireVMWareenvironment
15. TheNexus1000Vcontainswhichofthefollowingfeatures?(Choosethree.)
A. Routing
B. CiscoDiscoveryProtocol
C. NX-OScommandline
D. Loadbalancing
E. Distributedlinecards
16. TheVirtualEthernetModuleperformswhichfunctions?(Choosethree.)
A. Distributedcontrol
B. Interfacestovirtualservers
C. ForwardingserversEthernetframes
D. ForwardingserverframestotheVSM
E. ConnectingtothephysicalEthernetports
17. AnOVFtemplateforthe1000Viswhichofthefollowing?(Choosethree.)
A. ApreconfiguredversionoftheNexus1000V
B. Standardinstallationimage
C. OpenVirtualizationFormat
D. Optimizedvirtualforwarding
E. Partofthe1000Vinstallationpackage
18. VirtualEthernetmodulescanbeaddedbywhichprocess?(Choosetwo.)
A. Manualinstallation
B. ReinstallingVSM
C. VMwareupdatemanager
D. InstallingESXi
E. InitiatingtheHyper-Vprocess
19. Howdoesthe1000VdistributedvirtualswitchallowmigrationfromVMware’ssoftwareswitch?
A. Duringtheinitialinstallationofthe1000V
B. AwizardinVCenter
C. ByNX-OSscripting
D. VMwaredistributedswitchcommand-lineconfigurations
E. Alloftheabove
20. Whenrunningredundant1000VVirtualSupervisorModules,inwhattwostatescantheyexist?
A. Active
B. Forwarding
C. ha-standby
D. Passive
E. Alloftheabove
Chapter6UnifiedFabric
THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:
2.0DataCenterUnifiedFabric
2.1DescribeFCoE
2.2DescribeFCoEmultihop
2.5Performinitialsetup
THEFOLLOWINGTOPICSARECOVEREDINTHISCHAPTER:
DescribingDCB
UnifiedFabricbenefits
IEEEstandardsthatenableFCoE
Priorityflowcontrol
Enhancedtransmissionselection
DCBexchange
IdentifyingconnectivityoptionsforFCoEontheCiscoNexus5000seriesswitch
SFPmodules
CablingrequirementsanddistancelimitationsforcommonSFPandSFP+transceivers
ConnectingtheCiscoUCSP81EvirtualinterfacecardtoCiscoNexus5500UPUnifiedFabricswitches
ConnectingtheCiscoNexus5500UPUnifiedFabricswitchtonorthboundLANandSANfabrics
DescribingenhancedFCoEscalabilitywithCiscoNexus223210GEfabric
extenders
ScalingthedatacentervirtualizedAccesslayerwiththeCiscoNexus223210GEfabricextenders
CiscoNexus223210GEfabricextender-to-CiscoNexus5500switchconnectivity
AdapterFEXontheCiscoNexus223210GEfabricextender
VerifyingadapterFEXontheCiscoNexus223210GEfabricextender
ThisnextsectionisaboutUnifiedFabric.FibreChannelandEthernettechnologieshavebeenseparatedsincetheirinvention.Maintainingtwonetworks,andtypicallytwodifferentsetsofadministrators,hasnotbeenveryefficient.Toachievethiscombinednetwork,anewareaofnetworkingisemergingcalledDataCenterEthernet,whichaddressestheuniquerequirementsofnetworkinginsideamoderndatacenter.ToaccommodateFibreChannelontheEthernetbackbone,astorageprotocolcalledFibreChanneloverEthernetwasdeveloped,andtheswitchingplatformsweredevelopedspecificallyforthenewcombinednetwork.Wewillexaminetheideaofcombiningthesetwoverydifferenttypesofnetworkingintooneinthischapter.
MostnetworkengineersareintimatelyfamiliarwithEthernet.Weareusedtocollisions,packetdrops,andretransmissions.Ethernetnetworkinghasalwaysbeenabest-effortscenario.ThefundamentalnatureofEthernetisthatitislossy.
FibreChannelhasaverydifferentlineage.SCSIwasoriginallyusedtotalktoaharddriveoverashortcable.Thatmeantthattherewasnolostdataandnoretransmission.FibreChannelwasbuiltonthesameprinciple,whichmeansthatFibreChannelislossless.
FibreChannelandEthernetnetworkshavebeenimplementedastwoseparatenetworks,asshowninFigure6.1.Theswitches,cabling,andadministrationwereisolated.
FIGURE6.1Traditionalseparatenetworks
Builttoleveragefiber-optictechnology,FibreChannelwasfasterthanEthernetuntilrecently.Therefore,theideaofrunningthetwonetworksasasinglecombinedsystemwasnotpractical.EthernetwasnotfastenoughandcouldnotmeetFibreChannel’slosslessrequirements.Thecreationof10GigabitEthernetprovidedenoughbandwidthforFibreChannel’sstoragetrafficrequirements,buttherewerestillmoreproblemstosolve.
UnifiedFabricTheideaofUnifiedFabriciscrazysimple:Taketwoseparatenetworkingtechnologiesandturnthemintoone.TheconceptistoallowEthernettrafficandFibreChanneltraffictoflowoverasinglenetworkconnection,asshowninFigure6.2.ThesystemusedtodothisisknownasFibreChanneloverEthernet(FCoE).
FIGURE6.2Unifiednetwork
Thissystembringsustwobigbenefits:lesscablingandSANandLANonasingletransport.Anotheradvantageisthereductionofthenumberofserveradaptersinstalledforconnectivity.Hostbusadapters(HBAs)andnetworkinterfacecards(NICs)canbeconsolidatedintoasingleadapterknownasaconvergednetworkadapter(CNA).TheserverdriversorsoftwareontheCNAtakethestoragerequestattheinitiatorforbothreadandwriterequestsandstuffitinsideanEthernetpacket.WhatwewindupwithisSCSIinsideFibreChannelinsideEthernet.ConvergednetworkadaptersaremadebycompaniessuchasEmulex,QLogic,Brocade,andCisco.Onthestoragecontroller,targetendmanufacturerssuchasEMCandNetworkApplianceoffernativeFCoEadapterstoconnecttotheconvergednetwork.
FCoEcanalsotakeadvantageofsomeEthernetmultipathprotocolslikeVPC,TRILL,DataCenterBridging,andFabricPath.Thisconsolidatednetworkreducesthecapitalandoperatingcoststoprovideasubstantiallylowertotalcostofownership.Thisculminatesinacentralizedarchitecturethatiseasiertomanage.
InFigure6.2,youseeasinglecablerunningbetweentheserverandtheswitch.ThiscableiscarryingbothregularEthernettrafficandFibreChanneltraffic.Afterithitstheswitch,thetrafficcanbebrokenoutintonativeFibreChannelandEthernet.Thisisknownassingle-hopFCoE,sincethetrafficisunifiedforonlyasinglesegment.Single-hopFCoEiseasytoconfigure,anditmeetstheimportantobjectiveofreducingrackcablingtotheservers.
MultihopFCoEcarriestheunifiedtrafficovermorethanonesegment,asshowninFigure6.3.NewerstorageareanetworkscansupportFCoEonthestoragearraysthemselves.ThismeansthatitispossibletohavetheFibreChanneltrafficgoovertheentirenetworkusingjustEthernetasthephysicalmedium.
FIGURE6.3MultihopFCoEnetwork
Ethernetspeedscontinuetoincreasefrom10to40to100Gb/sandbeyond.SomepeoplebelievethatphysicalFibreChannelmayfadeawayandeverything
willbecome100percentFCoE.
Thereisamorerecentpushfor25GbpsEthernetsupportedby
companiessuchasMicrosoft,Google,Arista,andBroadcom.Ciscohasfocusedon40Gbpsasthenextstepafter10Gbps,butyoumightwanttokeepaneyeonthistopic.
FCoESowhatisFibreChanneloverEthernet?Well,uh...itissendingFibreChanneltrafficoveranEthernetnetwork.Seriously,therealquestioniswhyisthisabigdeal?Wehavebeensendingtrafficofonetypeoveranetworkofanothertypeforyears.Themostcommonprocessfordoingsoisencapsulation.ApacketofprotocolXisencapsulatedinsideapacketofprotocolY,transportedacrossY’snetwork,and,atthedestination,itisdecapsulatedandtheprotocolXpacketisreleased,asshowninFigure6.4.
FIGURE6.4Protocolencapsulation
Fundamentally,thisseemssimple,butthechallengeliesinthedissimilaritiesbetweenEthernetandFibreChannel.Figure6.5showsaFCoEframewiththeFCframeencapsulatedinsideanEthernetnameframeasexpected.
FIGURE6.5FCoEframe
TheproblemliesinthefactthatthenatureofEthernetislossy(framescanbedropped)andFibreChannelislossless(framescannotbedropped).EthernetflowcontroltraditionallyusesCSMA/CD(carriersensemultipleaccesswithcollisiondetection),inwhichdatacanbetransmittedanytimethesegmentisavailable,asshowninFigure6.6.Intheeventthatapacketislost,anupperlayercanretransmitit.
FIGURE6.6Ethernetflowcontrol
SCSIwasdesignedtorunoveran18-inchcabledirectlytotheharddisks,sotherewasnoallowancemadeforpacketsbeinglostortheabilitytoretransmitthelostinformation.FibreChannelwasdevelopedtosupportthistypeoflosslesstransport.FibreChannelcannottransmituntilthedestinationindicatesthatithasbufferspaceavailableandthatitisreadytoreceiveaframe,asshowninFigure6.7.
FIGURE6.7FibreChannelflowcontrol
InordertoachieveFibreChannel’slosslessrequirementsandreliablytransmitFCframesoverEthernet,newprotocolsneededtobedeveloped.Ethernet’straditionalmethodofmanagingcongestionbyallowingpacketsdropscannotworkoverFibreChannel.AnotherissueisthatFibreChannelframesareupto2112bytes,whichislargerthanthe1500-bytemaximumimposedbyEthernet.Ethernetmustbeconfiguredforjumboframesthatallowaframesizeofupto9000bytesofpayload.FibreChannelrequiresarapidrateoftransmission;thereforethespeedoftheEthernetsegmentmustbeatleast10Gbps.Tobeabletocreatealosslessfabric,moderndatacenterswitchesareneededendtoend.ProductssuchastheNexus2000,5000,and7000,whichhavelargeper-portbufferingcapability,advanceddatacenterfeaturesets,andsupportforjumboframes,meetthisrequirement.
ToconfigureFCoEonaNexusswitch,thefeaturemustbeenabledandthentheFCoEprotocolassignedattheinterface:
N5k-1(config)featurefcoe
FClicensecheckedoutsuccessfully
2014Sep1514:56:40N5k-1%LICMGR-2-LOG_LIC_NO_LIC:Nolicense(s)
presentforfeatureFC_FEATURES_PKG.Application(s)shutdownin
119days.
fc_pluginextractedsuccessfully
FCpluginloadedsuccessfully
FCoEmanagerenabledsuccessfully
N5k-1#configureterminal
N5k-1(config)#interfaceethernet101124
N5k-1(config-if)#fcoemodeon
DataCenterBridgingAnumberofIEEEprotocolsenableFCoEbyprovidingenhancementstoclassicalEthernetsupportofalosslessQoSforFibreChanneltraffic.SomeoftheprotocolsarelistedinTable6.1.
TABLE6.1IEEEprotocolsthatenableFCoE
Abbreviation Name IDPFC Priority-basedFlowControl 802.1QbbETS EnhancedTransmissionSelection 802.1QazQCN QuantizedCongestionNotification 802.1QauDCBX DataCenterBridgingExchange 802.1Qab
AlloftheseprotocolsareamendmentstoIEEE802.1Q.
DatacenterbridgingaddsextensionstoEthernettoallowittotransmitpriorityandlosslessframesreliably.
Priority-BasedFlowControlCreatedin2011,Priority-basedFlowControl,orIEEE802.1Qbb,enablesflowcontrolforeachtrafficclassonfull-duplexEthernetlinks,withaVLANtagidentifyingeachclassandpriorityvalue.
InaPFC-enabledinterface,aframeofalossless(orno-drop)priorityisnotavailablefortransmissionifthatpriorityispausedonthatport.Similartothebuffer-to-buffercreditsmechanismofFibreChannel,PFCisdefinedonapairoffull-duplexinterfacesconnectedbyonepoint-to-pointlink.
Priority-basedFlowControlisanenhancementtothecurrentpausemechanismusedbytraditionalEthernet.Traditionalpausemeanstotransmitallornothing;thatis,youcanstopalltrafficorallowitalltoflow.Priority-basedFlowControlmakeseightseparatequeuesfortraffic,andindividualqueuescanbepaused.Allthreebitsofthe802.1pClassofService(CoS)fieldareusedtomaptrafficintoPFC.EightvirtuallanesassignedbythethreebitsintheCoSfieldsarefoundinthe802.1Qheader.Thesenderusestransmitqueuestobufferoutgoingtrafficin
eachoftheeightqueuesandthereceiverhaseightmatchingreceivebuffers.
Theprocessofdefiningtrafficandassigningitintoindividualclassesofservicevalues,andthendefininghowitwillactduringcongestion,canbequitecomplexandisbeyondthescopeoftheCCNADataCenterexam.Whenthelinkiscongested,CoSisassignedto“nodrop,”whichinadatacenterwillusuallybeFCoE,video,orvoice,andthesewillbepaused.AdditionaltrafficassignedtotheotherCoSvalueswillcontinuetotransmitandrelyonupper-layerprotocolsforretransmissionshouldtheirframesbedroppedonthefloor.
Howdoesthiswork?Whenthereceivingswitchstartstorunoutofbuffer,itsendsoutapausemessagefortraffictaggedwiththeFCoEpriority.ThisensuresthatnoFCoEtrafficwillbelost,asshowninFigure6.8.Whenbufferspaceisavailable,theswitchwillindicatethatitcanreceivetrafficagain.
FIGURE6.8Per-priorityflowcontrol
PFCdoesvarysomewhatfromthetraditionalFibreChannelflowcontrol,becausetheremaybepacketsonthewirewhenPAUSEissent.Toavoidissues,PFCwillsendapausejustbeforeallofthebuffersarefull.
ToenablePFConaninterface,usethefollowingcommands:
N5k-1#configureterminal
N5k-1(config)#interfaceethernet1/2
N5k-1(config-if)#priority-flow-controlmodeon
EnhancedTransmissionSelection(ETS),alsocreatedin2011,orIEEE802.1Qaz,controlshowbandwidthisallocatedtothedifferentclassesofserviceinordertopreventasingleclassoftrafficfrommonopolizingallofthebandwidthonthislinkandstarvingothertrafficflows.Whenaclassoftrafficisnotutilizingallofthebandwidthassignedtoit,thebandwidthisavailabletoothertrafficflows.EnhancedTransmissionSelectionaddsincreasedabilityforbandwidthmanagementandpriorityselection.ETSallowsforprioritizationbasedonbesteffort,lowlatency,andbandwidthallocation.ThisallowsETStomanagetrafficassignedtothesamePFCqueuedifferently,anditissometimes
calledprioritygrouping.
InanETS-enabledconnection,whenatrafficclassisnotusingitsallocatedbandwidth,ETSwillallowothertrafficclassestousetheavailablebandwidth.ETSswitchesmustallowatleastthreetrafficclasses:onewithPFC,onewithoutPFC,andonewithstrictpriority.
ETSandPFCaretwoofthemajorprotocolsthatenableFCoE,butotherthingsneedtobeconfiguredfortwoswitchestocommunicate,includingcongestionnotification,logicallink-down,networkinterfacevirtualization,andmore.CiscodoesnotimplementQCN.
TheconfigurationofETSisbeyondthescopeoftheCCNADataCenterexam.Pleaserefertowww.cisco.comforQoSconfigurationguidesontheNexusproductline.
PFCandETSbothusetheClassofService(CoS)bitsinordertoclassifyamongtraffictypes.ThereareeightCoSvaluesintheIEEE802.1QstandardtrunkingheaderforEthernetframes.TheNexus5000seriesswitchesallowyoutoconfiguresixclassesmanually.Uptofourofthesixareuser-configurableclasses,whichcanbedesignatedasno-dropclassesofservice,sowhenportcongestionoccurs,trafficbelongingtoeachofthefourno-dropclasseswillpausetoprohibitanypacketdropping.
TheNexusseriesfollowstheconventionthattheCoSvalue3isusedforFCoEtraffic.WhenFCoEisenabledonNexus5000switches,CoS3isautomaticallyconfiguredforno-dropservice(PFCsetting)and50percentofthebandwidthavailableonthelinkisguaranteedforFCoEtrafficincaseofcongestion(ETSsetting).ItisbestpracticetoleavethedefaultCoSvalueof3forFCoEtrafficduetotheagreementbetweenvendorstosupportthisasano-dropclass.
DataCenterBridgingExchangeTheDataCenterBridgingExchange(DCBX)protocolallowsswitchestodiscovereachotherandthenexchangecapabilityinformation.Thisallowsautomaticnegotiationofparametersandconfigurationoftheswitchports.AlthoughitisimportanttoknowthatPFCensureslosslesscommunicationandETSallowsbandwidthmanagement,theconfigurationinformationexchangebetweenswitchesfortheseadministrativelyconfiguredparametersandoperationalstateinformationishandledbyDCBX.
DCBXusesLLDP802.1AB-2005anddefinesnewtype-length-values(TLVs)forcapabilityexchangesettings.Fundamentally,DCBXisresponsibleforthree
things.Thefirstisthediscoveryofthecapabilitiesofthepeerswitchthatisdirectlyconnectedoverapoint-to-pointlink.Secondistheabilitytodetectifthepeerismisconfigured.Andfinally,itisresponsibleforpeer-to-peerconfirmationbasedonnegotiatedparameterstodetermineiftheconfigurationisthesame(symmetric)ordifferent(asymmetric).
NexusswitchesareabletousetwodifferentversionsofDCBX.ConvergedEnhancedEthernetDCBX(CEE-DCBX)issupportedonallsecond-generationandlaterCNAs.Cisco,Intel,NuovaDCBX(CIN-DCBX)issupportedonthefirstgenerationofconvergednetworkadapters.
FCoEisanewertechnology,andithasnotbeenembracedbyeveryone.However,itisbelievedthatas40Gbpsand100GbpsEthernetbecomemorepopular,FCoEwillgrowinpopularityaswell.
FCoETopologyInthepreviouschapter,youlearnedaboutFibreChanneltopologyandporttypes.FCoEisFibreChannel,soalmostalloftheterminologythatyoulearnedaboutforFibreChannelappliestoFCoE.TheentireFibreChannelframeiscarried,includingalloftheWWPNandWWNNinformation.TheFCoELogicalEndpoint,orFCoE_LEP,isresponsiblefortheencapsulationanddecapsulationoftheFibreChannelframe.
RegularFibreChannelwillhaveanENodeonahostthathasaphysicalEthernetport.TheENodewillcreateatleastonevirtualNport(VNport).TheMACaddressoftheENodemapstotheVNport,whichallowsFCoE_LEPtoencapsulateanddecapsulateproperly.
Figure6.9showsthenewtypeofportsintroducedbyFCoE.TheVEportisusedtoconnectoneFCoEswitchtoanotherFCoEswitch.AswitchthathasbothFCoEandnativeFibreChannelinterfacesinknownasaFibreChannelForwarder.
FIGURE6.9FCoEporttypes
Normally,weuseE-portsbetweentwoFibreChannelswitchesinordertoconnectthem.SinceweareencapsulatingthetrafficintoEthernet,wecreateavirtualinterface,oravirtualE-port,tosendthetraffic.Otherthanthat,FCoEbehavesjustlikenativeFibreChannel.
FCoEInitializationProtocol(FIP)isusedtocreatethevirtuallinksbetweenthedevices.Oncecreated,FIPrunsinthebackgroundandmaintainsthevirtuallink.
FCoEiscurrentlysupportedontheNexus2232PP,Nexus5000,Nexus7000,andMDS9500seriesofdatacenterswitches.
ConnectivityHardwareInthissection,wewilllookatsomeofthedifferentmechanismsavailableforconnectingaconvergednetworkadapter(CNA)toaNexus5000orNexus5500switch.
Thesmallform-factorpluggable(SFP)interfaceconverterisanindustry-standarddevicethatplugsintoaslotorport,linkingtheportwiththenetwork.DifferentSFPscanbeselectedtoprovideamyriadofconnectivityoptions.Numerousoptionsareavailabledependingonthetypeofmediatowhichyou’regoingtoconnectandthedistancethatneedstobetraveled.Table6.2listssomeofthecommonGigabitEthernetSFPchoices.
TABLE6.2GigabitSFPinterfaces
Type Medium Called Distance1000BASE-T Cat5copper Twistedpair 100m1000BASE-SX Multimodefibre Shorthaul 550m/220m1000BASE-LX/LH Single-&multi-modefibre Longhaul 10km/550m1000BASE-EX Single-modefibre Longreach 40km1000BASE-ZX Single-modefibre Longreach 70km
The1000BASE-BX10-Dand1000BASE-BX10-USFPscanoperateoverasinglestrandofsingle-modefiber.OneendoftheconnectiongetsaUSFPandtheotherendgetsaDSFP.Wavedivisionmultiplexingisusedtoallowthisbidirectionalcommunication.Simplyput,thisusestwodifferentcolorsoflight,onecolorgoinginonedirectionandtheothergoingintheoppositedirection.Table6.3listssomeofthe10GbpsEthernetcablingoptions.
TABLE6.3Some10GbpsEthernetcablingoptions
Type Cable DistanceSFP+CCopper Twinax 5mpassive10mactiveSFP+SRShortreach MMOM1MMOM3 30m300m10GBASE-T Cat6Cat6a/7 55m100m
Twinaxhasbecomedominantinsidethedatacenterforshortrunsbecauseitiseasytouseandconsiderablylessexpensivethanfiber-opticcables.TwinaxinterfacesoftenshipwithNexusbundlespurchasedfromCisco.
40Gigabitand100GigabitEthernetareoutsidethescopeoftheCCNA/DCobjectives,butyoushouldbeawarethatCiscoisstartingtopush40Gbpsprettyhard.The40GbpsBiDi(Bidirectional)allowsyoutouseregularOM3fiber,whichisoftenusedwith10Gbps.BiDiusestwocolorsoflighttotransmitandreceiveoverthesamefiber.
ConnectingtheVirtualInterfaceCardtoNexus5500UPTheCiscofabricextendertechnologyprovidesmanyadvantagesbyallowingyoutoplaceportsclosertoserverswithoutaddingextrapointsofmanagement.TheFEXarchitecturesupportsthe802.1Qbhstandard.Wehavetalkedabout2000seriesoffabricextenders,whicharestand-alonelinecardsthataremanagedbyaparentNexus5500orNexus7000switchtocreateavirtualizedmodularchassisswitch.TheCiscoVirtualInterfaceCard(VIC)allowsyoutouseAdapterFEXandVirtualMachineFEX,whichletyouextendthatfabricintotheserveritself(seeFigure6.10).
FIGURE6.10FEXcomparison
TheVICadapterprovideshostinterfacesthatappearaslogicalinterfacesontheparentswitch.Thehostinterfacecanbecreatedaheadoftimeordynamicallybasedondemand.
AsinglephysicaladaptercanpresentmultiplelogicaladaptersasvNICsandvHBAstothehostoperatingsystem.EachofthesecorrespondstoavirtualEthernetinterfaceorvirtualFibreChannelinterfaceontheparentswitch.
AdapterFEXcancreateaninterfaceforeachvirtualmachine,andtheparentswitchcanmanagetheseinterfaces.Thisallowsper-VMcontrolofpolicies,QoS,andsecurity.
VN-TagAsingleconnectionfromtheparentswitchtotheFEXmaycarrytrafficforalargenumberofports.ThisissimilartoVLANtrunkingwhenwecarryanumberofVLANsoverasinglelink.Withtrunking,weaddaVLANtagtotheframeinordertoindicatewhichVLANthetrafficisdestinedfor.VN-TagdoesthesamethingforFEXinterfaces(seeFigure6.11).
FIGURE6.11VN-Tag
WhenaframeleavestheparentswitchandisheadedforaparticularportontheFEX,aVN-Tagisaddedtoindicatetowhichportitisheadedandfromwhichportitiscoming.WhenareplycomesbackfromtheFEX,aVN-Tagisaddedinthatdirection.TheVN-Tagprocessrunsinthebackground,anditisnotconfiguredintheNX-OScommand-lineinterface.
VN-TagsareasimplebutimportantconceptofFEX.Ontheparentswitch,eachphysicalinterfaceontheFEXrepresentsalogicalinterfacecalledVIF,orvirtualinterface.
FEXConfigurationSettingupanFEXiseasy.ConsidertheFEXconnectedtoaNexus5000inFigure6.12.
FIGURE6.12Nexusfabricextension
First,youshouldverifythatNexus5500isrunningNX-OSversion5.1(1)orlater.(AddinganFEXwasnotpossibleinpriorversions.)
N5K-1#showversion
CiscoNexusOperatingSystem(NX-OS)Software
Copyright(c)2002–2012,CiscoSystems,Inc.Allrightsreserved.
Thecopyrightstocertainworkscontainedhereinareownedby
otherthirdpartiesandareusedanddistributedunderlicense.
SomepartsofthissoftwarearecoveredundertheGNUPublic
License.Acopyofthelicenseisavailableat
Software
BIOS:version3.6.0
loader:versionN/A
kickstart:version5.2(1)N1(1b)
system:version5.2(1)N1(1b)
power-seq:Module1:versionv5.0
uC:versionv1.0.0.2
SFPuC:Module1:v1.0.0.0
BIOScompiletime:05/09/2012
kickstartimagefileis:bootflash:///n5000-uk9-
kickstart.5.2.1.N1.1b.bin
kickstartcompiletime:9/17/201211:00:00[09/17/201218:38:53]
systemimagefileis:bootflash:///n5000-uk9.5.2.1.N1.1b.bin
systemcompiletime:9/17/201211:00:00[09/17/201220:38:22]
Hardware
ciscoNexus5596Chassis("O248X10GE/ModularSupervisor")
Intel(R)Xeon(R)CPUwith8263848kBofmemory.
ProcessorBoardIDFOC1652XXXX
Devicename:N5K-1bootflash:2007040kB
Kerneluptimeis2day(s),8hour(s),48minute(s),45second(s)
LastresetReason:UnknownSystemversion:5.2(1)N1(1b)Service:
pluginCorePlugin,EthernetPlugin
Thenfollowthesesteps:
1. EnabletheFEXfeature.
N5K-1(config)#featurefex
N5K-1#showfeature|includefex
N5K-1#fex1enabled
2. CreateanFEXinstance.
ItisuptoyoutochoosetheFEXnumber;100isusedinthe
example.FEXnumberscanrangefrom100to199.
N5k-1(config)#fex100
3. Configuretheinterface(s)ontheNexus5500thatwillbeusedforconnectingtheFEX:
N5K-1(config)#intethernet1/1,ethernet1/21N5k-1(config-
if)#switchportN5k-1(config-if)#switchportmodefex-fabricN5k-
1(config-if)#channel-group100
4. Createtheport-channel,andassociatetheFEXwithit.(It’salwaysnicetokeeptheport-channelandtheFEXnumberthesameifpossible.ItjustmakesiteasiertoknowthatFEX100isonport-channel100,FEX101isonport-channel101,andsoon.Obviously,ifthoseport-channelsarealreadyinuseyouwon’tbeabletodothis.)
N5k-1(config)#interfaceport-channel100N5k-1(config-if)#fex
associate100
N5k-1#showruninterfaceport-channel100
interfaceport-channel100
switchportmodefex-fabric
fexassociate100
N5k-1#showruninterfaceeth1/1
interfaceEthernet1/1
switchportmodefex-fabric
fexassociate100
channel-group100
N5k-1#showruninterfaceeth1/21
interfaceEthernet1/21
switchportmodefex-fabric
fexassociate100
channel-group100
5. ChecktoseeifyourFEXisonline.Itmaytakeaminuteforittoshowup.
N5K-1#showfex
FEXFEXFEXFEX
NumberDescriptionStateModelSerial
————————————————————————————————————
100FEX0100OnlineN2K-C2232PP-10GESSIXXXXXXXX
IftheFEXisrunningadifferentversionofNX-OSthantheNexus5505,itwilldownloadthematchingimagefromtheNexus5505.Thisprocesscantakeafewminutes.Whenyoudoashowfex,itwillshow“ImageDownload”underFEXState.
6. Youcanalsochecktoseeifthesoftwareimagesmatchbydoingashowfexdetail:
YoucancheckthehardwarestatusoftheFEXadapterbydoingashowinventoryfexcommand:
N5k-1#showinventoryfex100
NAME:"FEX100CHASSIS",DESCR:"N2K-C2232PP-10GECHASSIS"
PID:N2K-C2232PP-10GE,VID:V01,SN:SSxxxxxxxxx
NAME:"FEX100Module1",DESCR:"FabricExtenderModule:
32x10GE,8x10GESupervisor"
PID:N2K-C2232PP-10GE,VID:V01,SN:JAxxxxxxxxx
NAME:"FEX100Fan1",DESCR:"FabricExtenderFanmodule"
PID:N2K-C2232-FAN,VID:N/A,SN:N/A
NAME:"FEX100PowerSupply1",DESCR:"FabricExtenderACpower
supply"
PID:N2200-PAC-400W,VID:V02,SN:LITxxxxxxxx
NAME:"FEX100PowerSupply2",DESCR:"FabricExtenderACpower
supply"
PID:N2200-PAC-400W,VID:V02,SN:LITxxxxxxxxj
7. Verifythefex-fabricinterfaces:
N5K-1#showinterfacefex-fabric
FabricFabricFexFEX
FexPortPortStateUplinkModelSerial
————————————————————————————————————
100Eth1/1,1/21Active1N2K-C2232PP-10GESSIXXXXXXXX
8. VerifythediagnosticsoftheFEXadapterbydoingashowdiagnosticresultfex100command:
N5k-1#showdiagnosticresultfex100
FEX-100:FabricExtender32x10GE+8x10GModuleSerialNo:
SSxxxxxxxxx
OverallDiagnosticResultforFEX-100:OK
Testresults:(.=Pass,F=Fail,U=Untested)
TestPlatform:
0)SPROM:———————->.
1)Inbandinterface:———————->.
2)Fan:———————->.
3)PowerSupply:———————->.
4)TemperatureSensor:———————->.
Eth12345678910111213141516
Port————————————————————————-
................
Eth17181920212223242526272829303132
Port————————————————————————-
................
TestFabricPorts:
Fabric12345678
Port————————————-
........
TheFEXshouldnowbeattachedtothe5500andreadytobeconfigured.
Theremotefabricextenderactsasifitwerealocallyattachedlinecardinachassisswitch.Nexus5000,Nexus7000,andNexus9000switchesactasthemothershipandthemanagementprocessorstotheremoteNexus2000serieslinecards.
TheaddressingusedtoconfigureaportisEthernet<FEXID/slot/portindex.Forexample,toconfigureport8onFEX100,allconfigurationswouldusetheEthernet100118formatandbeconfiguredasalocallyattachedinterfaceasifitwereachassis-basedEthernetswitch:
N5K-1#showruninterfaceeth100118
!Command:showrunning-configinterfaceEthernet100118
interfaceEthernet100118
descriptionVMHost_48
switchportmodeaccess
switchportaccessvlan121
spanning-treeporttypeedge
Allshowcommandsworkasiftheyportswerelocallyconnectedto
theNexus5konourexample:N5k-1#showinterfaceeth100113
Ethernet100113isup
Hardware:1000/10000Ethernet,address:d0d0.fdaa.1e0e(bia
d0d0.fdaa.1e0e)
MTU1500bytes,BW1000000Kbit,DLY10usec
reliability255/255,txload1/255,rxload1/255
EncapsulationARPA
Portmodeisaccess
full-duplex,1000Mb/s,mediatypeis1G
Beaconisturnedoff
Inputflow-controlisoff,outputflow-controlison
Ratemodeisdedicated
Switchportmonitorisoff
EtherTypeis0x8100
Lastlinkflapped2week(s)3day(s)
Lastclearingof"showinterface"countersnever
30secondsinputrate0bits/sec,0packets/sec
30secondsoutputrate3400bits/sec,5packets/sec
Load-Interval#2:5minute(300seconds)
inputrate8bps,0pps;outputrate3.24Kbps,5pps
RX
82352unicastpackets20579multicastpackets4395broadcast
packets
107326inputpackets15902148bytes
0jumbopackets0stormsuppressionpackets
0runts0giants0CRC0nobuffer
0inputerror0shortframe0overrun0underrun0ignored
0watchdog0badetypedrop0badprotodrop0ifdowndrop
0inputwithdribble0inputdiscard
0Rxpause
TX
123314unicastpackets6063150multicastpackets2120168
broadcastpackets
8306632outputpackets679515799bytes
0jumbopackets
0outputerrors0collision0deferred0latecollision
0lostcarrier0nocarrier0babble0outputdiscard
0Txpause
2interfaceresets
WhenconnectingaNexus2000fabricextendertoanupstreamswitch,suchasaNexus5500,severalredundancyissuesneedtobeconsidered.Whentheupstreamlinksarenotbundledintoaportchannelforbackup,theFEXinterfacesuseaprocesscalledpinningtoassignNexus2000portsstaticallytotheupstreamlinks.Thisisimplementedautomatically.Thepurposeofpinningisthatincaseofanuplinkfailure,theremaininglinkswillnotbecomeoversubscribedandsaturate.Thelinksthatarepinnedtothefailedinterfacearedownbydefault.Usingthepinningmax-linksconfigurationcommandwilldividetheuplinkinterfacesbetweentheportinterfaces.Forexample,ona32-port2232switchifthecommandpinningmax-links4wasused,theneightportswouldgoovereachofthefouruplinksandthesephysicalportswouldgodownforeachuplinkportfailure.
ThecommandfexpinningredistributeallowsfortheredistributionoftheFEXportsovertheremainingactiveuplinksshouldtherebeanuplinkfailure.Thepinningisassignedinthenumericalorderofthehostports.Theadvantageofusingaportchannel,asshownintheexamples,isthattheportchannelappearsasoneconnectiontotheFEXtotheupstreamNexus5000.Ifoneoftheindividualinterfacesintheportchannelfails,theportchannelwillrebalance,andtotheFEXthereisnoneedtoaffectthepinningassignmentsbecauseitstillseesoneconnection.
SincetheNexus5500serieshasonlyonesupervisormodule,thereisasinglepointoffailureshouldtheNexus5500fail.ItispossibletoconnecttheNexus2000totwoupstreamNexus5500switchestopreventthistypeofsinglepointoffailure.
ThefirstapproachistoconfiguretheNexus2000FEXtouseaportchannelandthencreateavirtualportchannelbetweenthetwoupstreamNexusswitches.ThisfoolstheNexus2000intothinkingitistalkingtoasingleswitchwhenitisactuallytalkingtotwoswitches.VPCconfigurationisbeyondthescopeoftheCCNADataCenterexamandwillnotbecoveredfurtherinthisbook.
Thesecondoptionistocreateanactivestandbyconfigurationbetweenthetwoupstreamswitches.Shouldtheactiveonefail,thestandbyconfigurationtakesover.ThestandbyNexus5500willshowupas“Online”fortheFEXmodulebutdoesnotprogressto“Connected”statusbecauseitisalreadyregisteredwiththeprimaryswitch.Whenthefailureoccurs,thestandbyswitchregisterstheFEXandtakescontrol.Itremainsincontroleveniftheoriginalmastercomesbackonline.
Thisbringsupaninterestingquestion.Howcanthestandbyswitchhaveany
Thisbringsupaninterestingquestion.HowcanthestandbyswitchhaveanyconfigurationforportsontheFEXthatdonotexistsinceitisnotregistered?
N5k-02#(config)interfaceEthernet10011
^
Invalidrangeat'^'marker
Thesolutionistouseaprocesscalledpre-provisioning,whichallowstheconfigurationofportsthatarecurrentlynotpresentinaNexusswitch.Thisprocessmustbeconsistent,andtheremustbeamatchbetweenthetwoparentswitches.
N5K-02#(config)slot100
N5K-02#(config-slot)provisionmodelN2K-C2232P
Nowyoucanconfiguretheportparametersasiftheswitchwas
connected:
N5K-02#(config)interfaceEthernet10011
N5K-02#(config-if)<addportconfigurationsasneeded>
Thereareseveraldrawbackstousingthepre-provisioningapproachofincludingportsonthestandbyswitchthatwillnotbeusedmostofthetime.Also,thefailovertimeisaround45secondsorhigher,whichisatleastthreeeternitiesindatacentertime.ThevirtualPortChannel,orvPC,approachispreferred,becauseitovercomesbothoftheseissues.
SummaryUnifiedFabricisthewaveofthefuturefordatacenternetworking.ThebenefitsofUnifiedFabricarenumerous,includingreducedcabling,reducednumberofrequiredports,andreducedpowerconsumption.
TheonlyreasontorunadditionalcablesinaUnifiedFabricenvironmentistoincreasebandwidth.Maintainingmultiplecableinfrastructuresinvolvestoomuchadditionaladministrationandmaintenance.
SeveralIEEEstandardsareusedtoimplementFCoE.PriorityFlowControlallowsmultipleclassesofservicesonasinglewiretoensurealosslessconnection.EnhancedTransmissionSelectionprovidesamechanismtomanagebandwidth.DataCenterBridgeExchangeallowsautomaticdiscoveryandnegotiationoffeaturesinaUnifiedFabric.
ExamEssentials
DescribeFCoE.
ToaccommodateFibreChannelovertheEthernetbackbone,thestorageprotocolFibreChanneloverEthernet,orFCoE,wasdevelopedalongwiththeswitchingplatformsdesignedspecificallyforthenewcombineddataandstoragenetworking.
FCoEtakestheFibreChannelframethatalreadyencapsulatestheSCSIprotocolandwrapsitinanEthernetheadertoconnectintothestandarddatacenterEthernetnetwork.FCoEconnectstheserverstorageadaptertothetargetstoragearrayoftheEthernetnetwork.
Ethernetnetworkinghasalwaysbeenabest-effortscenario.ThefundamentalnatureofEthernetisthatitislossyandcontainscollisions,packetdrops,andretransmissions.SCSIwasoriginallyusedtotalktoaharddriveoverashortcable.Thatmeantnolostdataandnoretransmission.FibreChannelwasbuiltonthesameprinciple,whichmeansthatFibreChannelislossless.
Thecreationof10GigabitEthernetprovidedenoughbandwidthforFibreChannel’sstoragetrafficrequirementstorunovertraditionalEthernetnetworkswithnewenhancementsfortheguaranteeofbandwidthcalledEnhancedTransmissionSelectionandtheabilitytostopflowsifpacketlossisimminentcalledPriorityFlowControl.
DescribeFCoEmultihop.
MultihopFCoEcarriestheunifiedtrafficovermorethanonesegment.NewerstorageareanetworkscansupportFCoEonthestoragearraysthemselves.ThismeansthatitispossibletohavetheFibreChanneltrafficovertheentirenetworkusingjustEthernetasthephysicalmedium.TheprocessofcrossingmultipleEthernetswitchesfromthestorageinitiatortothetargetisreferredtoasFCoEmultihop.TheNexus5000,Nexus7000,andMDS9500allsupportmultihopFCoE.
DescribeVIFs.
Asinglephysicaladaptercanpresentmultiplelogicaladapters,knownasvNICsandvHBAs,tothehostoperatingsystem.EachofthesecorrespondstoavirtualEthernetinterfaceorvirtualFibreChannelinterfaceontheparentswitch.
AdapterFEXcancreateaninterfaceforeachvirtualmachine,andtheparentswitchcanmanagetheseinterfaces.Thisallowsper-VMcontrolofpolicies,QoS,andsecurity.
DescribeFEXproducts.
FabricextenderproductsareremotelinecardsintheNexus2000familyofproducts.TheFEXmodulesconnecttoeitheraNexus7000orNexus5000seriesswitchthatcontainsthemanagementprocessor.Thecombinationactsasadistributedvirtualchassisswitch,whichplacestheFEXmodulesinsidetheserverracksinadatacenterand,atthesametime,hasasinglepointofmanagementandconfiguration.CiscoVICcardsextendadapterFEXtechnologyintotheserveritself.
Performinitialsetup.
EnsurethattheNexusNX-OSoperatingsystemhastheFEXfeaturesetloadedbyusingthefeaturefexcommand.DefinetheremoteFEXadapterinthe100to199range,thenconfiguretheuplinkportsbetweentheNexus2000andtheNexus5000toswitchportmodefex-fabric,andaddaportchannelforredundancyandadditionalbandwidth.
WrittenLab6:ConfiguringaFabricExtensiononaNexus5000SwitchYoucanfindtheanswersinAppendixA.
WithanFEXconnectedtoaNexus5000,configuretheportsEthernet1/1andEthernet1/2forFEX100,andputtheminportchannel100.UseSHOWcommandstoverifythatyouhavedoneaproperconfiguration.Performthefollowingsteps:
1. EnabletheFEXfeature.
2. VerifythattheFEXfeatureisenabled.
3. CreateanFEXinstance.
4. Configuretheinterface(s)ontheNexus5500thatwillbeusedforconnectingtheFEX.
5. Createtheportchannel,andassociateitwiththeFEX.
6. Showinterfaceconfigurationstoverifythechangesthatweremade.
ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter’s
Thefollowingquestionsaredesignedtotestyourunderstandingofthischapter’smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook’sintroduction.YoucanfindtheanswersinAppendixB.
1. WhichIEEEprotocolenablesEthernettooperateasalosslessfabric?
A. 802.1Qaz—ETS
B. 802.1Qbb—PFC
C. 802.1Qab—DCBX
D. 802.1Qos—DQoS
2. WhichIEEEprotocolenablesbandwidthmanagementandpriorityselection?
A. 802.1Qaz—ETS
B. 802.1Qbb—PFC
C. 802.1Qab—DCBX
D. 802.1Qos—DQoS
3. WhenconnectingtwoFCoEswitchestogetherinmultihopFCoE,whatbestdescribestheporttypepair?
A. NtoF
B. EtoE
C. NtoE
D. VEtoVE
4. WhichprotocolsareencapsulatedinFCoE?(Choosetwo.)
A. iSCSI
B. FibreChannel
C. SCSI
D. ISIS
5. WhichdevicecannotparticipateinmultihopFCoE?
A. Nexus5000
B. MDS9500
C. Nexus1000
D. Nexus7000
6. InFCoE,howmanybitsoftheIEEE802.1pCoSfieldareusedtomaptrafficclasses?
A. Two
B. Three
C. Four
D. Eight
7. WhichofthefollowingarebenefitsofUnifiedFabric?(Choosetwo.)
A. Lesscabling
B. FewerIPaddresses
C. SANandLANonasingletransport
D. Automaticencryption
8. WhatdoesPriority-basedFlowControlenable?
A. NativeFibreChannel
B. NativeEthernet
C. Bandwidthmanagementandpriorityselection
D. LosslessEthernet
9. WhatdoesEnhancedTransmissionSelectionenable?
A. NativeFibreChannel
B. NativeEthernet
C. Bandwidthmanagementandpriorityselection
D. LosslessEthernet
10. WhereisaVEportused?
A. FCoEswitchtoFCoEswitch
B. 1000VtoHBA
C. Portedgetovirtualportedge
D. Virtualenterpriseconnections
11. WhichofthefollowingarerequiredtotransportFibreChanneloveradatafabric?(Choosetwo.)
A. Ethernetheaders
B. Enhancedtransmissionselection
C. ALayer3routingprotocol
D. 10gigabitinterfaces
12. Aunifiedfabricconsolidateswhichofthefollowing?(Choosetwo.)
A. Controlplane
B. LANtraffic
C. Dataplane
D. Storagetraffic
13. AremoteFEXportisidentifiedbytheparentswitchusingwhichofthefollowing?
A. VLANS
B. SourceMACaddresses
C. VN-Tag
D. Trunking
14. Afabricextenderisusedforwhichofthefollowing?(Choosetwo.)
A. InterconnectingvirtualmachineNICstotheNexusswitchingfabric
B. Extendingthedistanceofaconvergedfabric
C. AllowingtheremoteNexus2000toconnecttotheparentswitch
D. InterconnectingSANcontrollerstohostbusadapters
15. ToconfigurearemoteNexus2000onaNexus5000,whichcommandsenabletheportstocommunicate?(Choosethree.)
A. FeatureFEX
B. channel-group100
C. fexassociate
D. Switchportmodefex-fabric
16. DataCenterBridgingExchange(DCBX)doeswhichofthefollowing?(Choosetwo.)
A. AllowsLayer2connectionsbetweendatacentersoveraroutednetwork
B. Automatesthenegotiationofparametersandconfigurationofinterconnectedswitchports
C. AllowsFCoEontotheconvergedfabric
D. Determinesiftheconnectedportisconfiguredcorrectly
17. SFP10GigabitsupportswhichPhysicallayermediatypes?(Choosetwo.)
A. Twinax
B. Coax
C. Multimodefiber
D. Cat3Ethernetcabling
18. Server-to-servertrafficonthesameNexus2248useswhichofthefollowing?
A. LocalswitchingintheNexus2000
B. SwitchesontheupstreamNexusswitch
C. Switchesacrosstheconvergedcontrolplane
D. FEXlocalswitching
19. FCoEmultihopallowswhichofthefollowing?(Choosetwo.)
A. DirectSCSIinterconnectiontotheconvergedfabric
B. StoragecontrollerstousenativeFibreChannelfabricconnections
C. FibreChanneltrafficovertheentirenetworkusingEthernet
D. Morethanoneswitchbetweenthestorageinitiatorandthestoragetarget
20. Avirtualinterfaceallowswhichofthefollowing?(Choosethree.)
A. Aconvergednetworkadaptertopresentmultiplelogicaladapterstoaserveroperatingsystem
B. FEXaddressingtoattachtoremoteports
C. ThevirtualizationofaNICcard
D. PervirtualmachinecontrolofQOS,policies,andsecurity
Chapter7CiscoUCSPrinciples
THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:
5.0UnifiedComputing
5.2Describe,configure,andverifyconnectivity
5.4DescribethekeyfeaturesofUCSM
THEFOLLOWINGTOPICSARECOVEREDINTHISCHAPTER:
DescribingtheCiscoUCSB-Seriesproductfamily
CiscoUCS6100and6200SeriesFabricInterconnects
CiscoUCS5108BladeServerChassis
CiscoUCSB200M3BladeServer
CiscoUCSB230M2BladeServer
CiscoUCSB250M2ExtendedMemoryBladeServer
CiscoUCSB440M2High-PerformanceBladeServer
MezzanineCardOptionsforCiscoUCSB-SeriesBladeServers
DescribingtheCiscoUCSC-Seriesproductfamily
CiscoUCSC-Seriesproductfamily
CiscoUCSC22M3High-DensityRackServer
CiscoUCSC24M3General-PurposeRackServer
CiscoUCSC220M3RackServer
CiscoUCSC240M3RackServer
CiscoUCSC260M2RackServer
CiscoUCSC460M2High-PerformanceRackServer
ConnectingCiscoUCSB-SeriesBladeServers
Chassis-to-fabricinterconnectphysicalconnectivity
I/Omodulearchitectures
CiscoIntegratedManagementControllerchiponCiscoUCSB-Seriesbladeservers
Threebasicportpersonalitiesinthefabricinterconnect
Discoveryprocess
TheCiscoUnifiedComputingSystem(UCS)isoneofthemostcomprehensiveandexcitingprojectslaunchedinCisco’shistory.Duringitsdevelopment,UCSwasgiventhecodename“theCaliforniaProject,”andmanyofitscomponentswerenamedafterareasinthatstate.Thismassiveventurewassoarcanethatitwascompletelymisunderstoodbymanybothfromwithinandoutsidetheindustry!
NewsaboutUCSwasoftenburiedsomewheredeepinsidetechmagazineswithheaderslike“CiscoEnteringBladeServerMarket.”Whilethiswastechnicallytrue,thosepronouncementsdidn’taccuratelyconveytheessenceofCiscoUCS.BythetimeCiscoUCSwasactuallyindevelopment,itbecameclearthatthefutureofthedatacenterwasvirtualization.VMwareandothershadsuccessfullydemonstratedwhattheycoulddorunningonstandardhardware.
Datacentershaveundergonetremendouschangesinordertooptimizethemselvesspecificallyforrunninginacutting-edge,virtualizedenvironment.Theamazing,newvirtualmachinescouldrunontopofanyhardwarethathadESXinstalled!
YouprobablyrememberthatthevirtualmachineoperatingsystemisreferredtoastheguestOS,andtheunderlyinghypervisoroperatingsystemiscalledthehostOS.BecausethehardwareattributesofthephysicalserverareirrelevanttotheVMs,wecanmoveavirtualmachinefromanHPserverrunningESXtoanIBMserverrunningESXwithoutneedingtomakeanychangestotheguestOS
atall.
VMwareESXandotherhypervisorsprovedtobetheidealenvironmentinwhichvirtualmachinescouldthriveand,evenbetter,theycouldallbecentrallymanagedusingVMware’svCenterorsimilartool.VirtualmachinesbecamemagicalthingsthatmadeanITpro’slifeadayatthebeach!
OK,maybeitwasarockybeachstrewnwithseaweedandbitingflies!Afterall,theunderlyinghostoperatingsystem,suchasESX,stillhadtobeinstalledonthephysicalserver.Furthermore,eachphysicalserverhaditsownuniquesettings,includingitsMACaddress,WorldWideNames,BIOSsettings,andmore.Thismeantthatyoucouldn’tsimplytakeaharddrivewithESXinstalledoutofanIBMserver,putitintoanHPserver,andexpectittobeanexactreplacement.Ifyoutriedthat,you’dendupwithdriverissuesandhardwaresettingsliketheMACaddressandsuchthatwouldchange.Soyes,youcouldmakeitwork,butgettingthattohappenwouldrequiresomeseriouseffort!
Ontopofallofthat,thejobofmanagingavastnumberofphysicalhostsisachallengeinitself.Saythatyouhaveahundredservers.Doeshavingtologintoeachoneseparatelyformanagementsoundlikeadayatthebeachtoyou?Makingachangecouldtakehours,orevendays,toimplementproperlyacrossyourlegionofservers!Nottomentionbeingfacedwiththetaskofcablingyourgangof100servers.Thinkaboutit.Ifeachdevicerequires3Ethernetcablesand2FibreChannelcables,youwouldneed500cablestomakethingswork.Moreover,becauseeachcablehastwoends,youwouldneedtouseawhopping1000ports—thatisthestuffofnightmares!
Fearnot.CiscoUCSwascreatedtoaddresstheseterrorsandmore.AsweexplorethedesignofUCSandtheassociatedhardware,you’llgaininsightintoanundeniablyelegantsolutionthatwillsimultaneouslyamazeyouandtakeyourITskillsettoanew,loftylevel.
DataCenterComputingEvolutionX86servershavegonethrougharemarkableevolutionaryprocess.Atfirst,theyweresimplyindividualtowermachinesthatweputonshelves.Wecouldconnectandmanagethemindividually,buttheytookupalotofroom,asshowninFigure7.1.
FIGURE7.1Agroupoftowerservers
Thingsgotmoreefficientwiththegenesisofrackmountservers.Thisinnovationnowallowedustopurchaseserversthatlookedlikepizzaboxesandmounttheminthesamerack.Figure7.2illustrateshowmuchthisreducedtheamountofspacethatweneeded!
FIGURE7.2Rackmountserversconnectedtoaswitch
OK,sorackmountserversdefinitelysimplifiedthings,buteachserverstillrequireditsownpowersupplyandnetworkconnections,anditstilltookupatleastoneunitofrackspace.Thenextiterationwastotaketheindividualserversandputthemintoasingleboxcalledachassis,whereinserverscouldsharesomeresourcessuchaspowersupply.Thisisknownasbladecomputing,anditisdepictedinFigure7.3.
FIGURE7.3Chassiswith16blades
Still,bladeserverswentthroughtheirownevolutionbecausetheearliestversionssharedfewresources,andeachbladehadtobemanagedseparately.Thissystemhasnowdevelopedsothat,atleastformostvendors,wecansomewhatmanageallofthebladesinasinglechassisfromasingleinterface.Asofthiswriting,mostvendorsarestillatthislevelandevolving.Thefocusofthemajorityofthemissimplyonmakingthecurrentsolutionevermoreefficient.
Network-CentricComputingTheexception,ofcourse,isCisco,whichintroducedtheUnifiedComputingSystem(UCS)in2009,about45yearsafterIBMfirstintroducedtheIBMSystem/360.Thereisasayingthat“hindsightis20/20.”Inthiscase,Icouldn’tagreemorebecauseCiscowasintheenviableanduniquepositiontobeabletocreateacompletelynewsystemfromscratchbylearningfromthemistakesofothers!
Ciscoscrutinizedanumberofissuesconfrontingthedatacenter,includingthesethreeveryimportantones:
threeveryimportantones:
SeparateEthernetandFibreChannelnetworking
Difficultymanagingavastnumberofservers
Issuesencounteredwhenreplacingorupgradingaserver
InthechapteronUnifiedFabric,wetalkedaboutthebenefitsofmergingEthernetandFibreChannelnetworks.CiscomadeUnifiedFabricanintegralpartoftheUCSsysteminordertoreducecablingandtakeadvantageoftheotherbenefitsgainedviaUnifiedFabric.Wewillcovertheissuesandintricaciessurroundingreplacingorupgradingaserverabitlaterinthebook.
Managingalargenumberofservershasalwaysbeenachallenge,rangingfromthetedioustothedownrightpainful.Having,say,64servers,whichcouldbeequalto64separatepointsofmanagement,requiredloggingintoeachpointtomakechanges.AsIsaid,somebladeserversallowedustomanageallofthebladeswithinasinglechassis,whichhelpedbyreducingthenumberofmanagementpoints,butthatdidn’treallysolvetheproblem.
Thinkingbig,Ciscowantedtheretobeonlyasinglepointofmanagementforanentirehordeofserversandchassis.Toaccomplishtheirgoal,theymovedthemanagementawayfromtheserverandchassistointelligentnetworkdevicesinstead,creatingsomethingcalledfabricinterconnects(FI),asillustratedinFigure7.4.
FIGURE7.4CiscoUCSfabricinterconnectmodel6248UP
True,fabricinterconnectslookalotlikeaNexus5000switchinadifferentcolor,butthisdevice’sbeautyisn’tjustskindeep.ThisdeviceoffersfarmoreintelligencethanaregularNexusswitch!ThefabricinterconnectsaretheheartandsouloftheUCSsystem.Allmanagementisdoneviathesesavvyfabricinterconnects.Althoughthesebeautiesworkinpairsforhighavailability,fromamanagementperspectivetheyoperateasasingleunit.
managementperspectivetheyoperateasasingleunit.
InFigure7.5,youcanseethatfourchassisareconnectedtotwofabricinterconnects.Eachchassiscancontainupto8separatebladeserversyieldingamaximumof32serversintheconfiguration.Thismaynotlookallthatspecial,buttheawesomethingaboutthissolutionisthatthere’sonlyonemanagementpoint!
FIGURE7.5UCSsystemwithtwofabricinterconnectsandfourchassis
Imaginebeingabletomakechangesthataffectall32serversfromasingleinterface.Notonlyisthisefficient,butit’salsoscalable,whichmeansthatifyouwanttogrowyoursystemfrom32serversto96servers,youdon’thavetoaddmorefabricinterconnects!Figure7.6showsapairoffabricinterconnectswith
12chassisthatcouldholdupto96servers.Keepinmindthatthisscenariostillsrepresentsasinglepointofmanagementforallofthechassisandservers.Infact,youcouldscaleupto40chassiswith320bladesandstillwindupwithjusttwofabricinterconnectsandonemanagementpoint!
FIGURE7.6UCSsystemwithtwofabricinterconnectsand12chassis
Sowiththat,let’szoominandthoroughlyinvestigatethehardwaresideofthesolution.
FabricInterconnectsAsofthiswriting,Ciscohashadthreegenerationsoffabricinterconnectdevices:the6100Series,6200Series,and6300Series.Here’saquick
devices:the6100Series,6200Series,and6300Series.Here’saquickbreakdownofthefeaturesandsomekeydifferencesbetweenthedevicesofferedinthisproductline:
TheCisco6120XPhastwenty10GigabitEthernetinterfacesandasingleexpansionslot.
The6140XPiskindoflikehavingtwo6120XPsmashedtogether.The6140XPhasforty10GigabitEthernetinterfacesandtwoexpansionslots.
Thetwofirst-generationfabricinterconnectsarepicturedinFigure7.7.
FIGURE7.76100Seriesfabricinterconnects
The6120XPhasathroughputof520Gb/s,anditcansupportup20chassis,or160servers.
The6140Xhasathroughputof1.04Tb/s,anditcansupportupto40chassis,or320servers—that’ssomeseriouscapacity!
What’smoresignificant,the6100SeriesexpansionmodulescanbeusedtoaddFibreChannelconnectivityoradditionalEthernetportstothesystem.ThefourtypesofexpansionmodulesaredisplayedinFigure7.8.ExpansionmoduleswithsixFibreChannelportscansupportspeedsupto8Gb/scomparedtootherFibreChannelcardsthatsupportonlyupto4Gb/s.
FIGURE7.86100Seriesexpansionmodules
Ineedtopointoutsomethingveryimportanthere—althoughtheexpansionmodulesthemselvesarefullylicensed,notallportsarelicensedbydefault.Thosethatarelicensedincludethefirst8portsonthe6120XPandthefirst16onthe6140XP.Thismeansthatifyouwanttousetheadditionalports,youhavetobuyalicensefirst.Thefirst8portsonthe6120XPandthefirst16portsonthe6140XPgiveyoutheoptionofgoingwith10Gb/sor1Gb/s,whichcomesinreallyhandywhenyou’redealingwithanetworkinfrastructurethatdoesn’tyetsupport10Gb/s.
Thesecondgenerationoffabricinterconnectsfeaturedhigherportdensityaswellasunifiedports(UP).Basically,wherethefirstgenerationmergedFibreChannelandEthernetintoasingledevice,thesecondgenerationallowedFibreChannelorEthernettorunonasingleport.Yes!SoitwasverycooltohavetheoptionofconfiguringasingleporttosupporteitherFibreChannelorEthernet.Nowthatthe6200Seriesoffabricinterconnectsisonthemarket,the6100hasbeendiscontinuedandisnolongeravailableforpurchase.
TheCiscoUCS6248UPhas32fixedportsandanexpansionmoduleslotoffering960Gb/sthroughput.The6296UPhas48fixedportsandthreeexpansionmoduleslots,anditservesupathroughputof1920Gb/s.BothofthesedevicesareshowninFigure7.9.
FIGURE7.96248UPand6296UPfabricinterconnects
The6200Seriesexpansionmodulehas16unifiedportsthatallowforEthernetorFibreChannelconnectivity,asshowninFigure7.10.MakeamentalnotethatthefabricinterconnectsandtheexpansionmodulescombinetoforgethebackboneofaUCScluster.
FIGURE7.106200unifiedportexpansionmodule
Thenewestmemberofthefabricinterconnectfamilyisthe6324,alsocalledtheUCSMini.Designedforsmallerdeployments,Minisarecardsthatinsertintothe
5108bladechassisinsteadofexternaldeviceslikethe6100andthe6200fabricinterconnects.TheL1andL2interconnectsgoacrossthebackplanesonoexternalcablingisrequired.TheycontaintheUCSmanager,andtheysupportVM-FEXcards,FibreChannel,andboth1Gand10GEthernetinterfaces.Figure7.11illustratesthe6300formfactor.
FIGURE7.116324fabricinterconnect
Next,let’scheckoutthechassisthatholdstheactualserverblades.
ServerChassisTheCiscoUCS5108bladeserverchassislookslikeatypicalchassis.Physically,it’ssixrackunits(RUs)high,anditmountsintoastandard19″rack.AsshowninFigure7.12,thechassiscanhandleuptoeighthalf-widthbladesorfourfull-widthblades,oranycombinationthatyoucanmanagetocramcreativelyintherewithoutresortingtoextrememeasures.Eighthot-swappablebladesin6RUisaprettyefficientuseofspace!
FIGURE7.12UCS5108chassiswithamixtureoffullandhalf-slotblades
Seethoseslotsacrossthebottom?Theycanhouseuptofour2,500-wattpowersuppliesthatrequire220VAC,somakesureyouusetherightoutlets,unlessyouwanttoendupwithscrapmetal!It’sgoodtoknowthatthesehot-pluggablepowersupplies’ACconnectionsareisolatedfromeachother—soifonefails,itwon’taffecttheothers.Internally,thepowerismatrixedandaccessibletoanyserverblade.It’sagoodideatohaveatleastthreepowersupplies,whichisknownasN+1,andbasicallythismeansthatifonefails,yougettokeepthingsrunning.Theidealsolutioniscalledgridconfigurationandusesallfourpowersupplies,withtwoconnectedtoonepowersourceandtwoconnectedtoanothersource.
I/OModulesClearly,theCiscochassiscontainingthebladeserversmustbeconnectedtothefabricinterconnects.OnthebackofthechassisaretwoslotswheretheI/Omodulesareinstalled,asshowninFigure7.13.Availabletypesincludethe2104XP,2204XP,and2208XP.Theseconddigitindicatesthegeneration,andthefourthdigitindicatesthenumberofports.Remember,thekeypurposeofCiscoUCSI/Omodulesistoactasfabricextenders(FEXs).
FIGURE7.135108with2104XPI/Omodules(rearview)
Essentially,fabricextendersexisttogetportsclosetotheservers,andyoucan’tgetthemanyclosertogetherthanstickingtheminsidethesamechassis!TheI/Omodules(IOMs)connecttothefabricinterconnectandprovideconnectivityinsidethechassisfortheserverblades,aspicturedinthefigure.
UCSServersThismightsurpriseyou,butUCSserversactuallyhavealotincommonwithmostmodern-dayservers.They’rebasedonIntelchips,haveRAM,andprovideLANandSANconnectivity.Predictably,however,therearesomekeydifferencestoo.We’llnowturnourfocustothose,aswellasthevariousmodelsofUCSbladeserversoutthererightnow.
ExtendedMemoryThevirtualizationofthedatacenterhasincreasedtheneedformemorytremendously.AlthoughCPUpowercontinuestoimprovebyleapsandbounds,theamountofmemoryaservercansupportjustisn’tkeepingupwiththedemandsresultingfromthisexponentialincrease.
Thisisclearlyaproblem,soCiscoworkedwithInteltocomeupwithasolution.BecausetheIntelarchitecturelimitedthemaximumnumberofDIMMchipsthateachCPUcouldsupport,Ciscocreatedaspecialchipthatgrantsmorethandoubletheamountofmemory.ThenewerCPUscanhandlemorememorydirectly.Moreover,yougetoveraterabyteofRAMonasingleserverliketheUCSB420!Anotherbenefitthatextendedmemoryprovidesisthatit’spossibletousesmallerandless-expensivememorychipswhenconfiguringyourserver.
B-SeriesBladeServerModelsSinceCiscoofferssuchawidevarietyofUCSservers,it’sreallyhelpfultobeabletobreakdownthenameofparticularserverandinterpretwhatitactuallymeans.I’mgoingtousetheB200-M3andC420-M3asexamples.IfthefirstletterisaB,thisindicatesthatit’sabladeserver.ACstandsforchassis,whichtellsusthatit’sarackmountserver.ThefirstnumberaftertheletterspecifiesthenumberofCPUsocketsintheserver,sotheB200hastwosocketsandtheC420hasfour.Finally,theM3attheendtagstheseasthird-generationUCSservers.
Itisalsoimportanttorememberthatbladeserverscomeinfull-andhalf-widthsizes.Thefull-widthversionnotonlyallowsmorespaceforCPUsandmemory,butitalsocontainsasecondmezzaninecard.I’lldescribethesecardsmoreinaminute,butfornowlookasFigure7.14toseethedifferentbladesavailableandwhatsomeofthefeaturesareoneachofthem.
FIGURE7.14B-Seriesservercomparison
It’salwaysgreattohaveanicearrayofoptionsfromwhichyoucanchoose,andthewidevarietyofserverbladesavailablegivesyouthepowertohaveyour
thewidevarietyofserverbladesavailablegivesyouthepowertohaveyourspecificneedsmetbychoosingthetypeofbladethatwillservethembest.ThemostpopularbladesaretheB200andB22,whichalsohappentobetheleastexpensive.Ifyouhaveahigh-performanceOracleserver,however,itwouldbewisetooptforaB420orB440.
C-SeriesRackServersTheC-Seriesrackmountserversarereallypopularfortheirrobustcapabilitiesandalsobecausethey’recompetitivelypriced.TheC-seriescansupporttonsofmemoryandcanalsobeconnectedtothefabricinterconnect,somethingwe’llcoverthoroughlyinthenextchapter.TheC22istheentry-levelserver,anditgivesyoutwoXeonCPUs,uptoeightdrives,andupto192GBofRAM.Theserversscaleupinpowerandcapacity,asshowninFigure7.15.
FIGURE7.15C-Seriesservercomparison
AlthoughtheC460isabeastofamachine,whentheseserversarecombinedwithotherCiscotechnology,it’sonemonstersolutionthat’shardtobeat!
InterfaceCardsBothserverbladesandrackmountserversrequireconnectivitytoEthernetandFibreChannel.Tomakethishappenforbladeservers,youinstallamezzaninecardontotheserverbladetoachieveeitherEthernetonlyorEthernetandFibreChannelcommunication.Forrackmountservers,youcanchoosetousethebuilt-
Channelcommunication.Forrackmountservers,youcanchoosetousethebuilt-ininterfacesorinstallinterfacecardsinstead.Let’scheckoutsomeofthedifferentmediaavailabletohookthesedevicesup.
Non-virtualizedAdaptersNon-virtualizedadaptershaveafixedconfigurationofEthernetandFibreChannelports,andsomeofthespecificationsareshowninFigure7.16.TheEthernet-onlyadaptersfromIntel,Broadcom,andCiscoprovidetwointerfaces,andtheyworkreallywellinenvironmentswithoutFibreChannel.Theconvergednetworkadapters(CNAs)fromEmulexandQLogicoffertwoEthernetandtwoFibreChannels.TheyaregreatforSANenvironments.TheC-SeriessupportsavarietyofPCIeadapters,andithasbuilt-inEthernetaswell.Keepinmindthatintherealworld,mostcompaniesnolongerusenon-virtualizedadaptersonB-Seriesservers.
FIGURE7.16Non-virtualizedinterfacecards
VirtualizedAdaptersVirtualizedinterfacecards(VICs)allowustodefinethenumberofEthernetandFibreChannelinterfacesonthecard—really!IfyouconfigurethecardwithsixEthernetinterfacesandfourFibreChannelinterfaces,that’sexactlywhatwillbe
presentedtotheoperatingsystem.Alsointerestingisthatthenumberofinterfacesdoesn’tchangethespeedofthecard,whichwillremain20,40,or80Gb/s,asshowninFigure7.17.Thus,theVICclearlyservesupsomeseriousflexibilitywhenconfiguringaUCSbladeserver,whichisabigreasonwhyit’sthemostcommontypeofinterfacecardusedtodayonB-Seriesservers.
FIGURE7.17Virtualinterfacecards
Rememberwhenwetoldyouthatduringitsdevelopment,the
UCSsystemwascalled“theCaliforniaProject?”Becauseofthat,theinterfacecardswerecode-namedaftercitiesinthatstate:TheVICcardwasdubbed“Palo,”theCNAwasknownas“Menlo,”andtheEthernet-onlyadapterwascalled“Oplin.”ThisisgoodtoknowincaseyouencountersomeUCSgurutossingthesetermsaroundtosoundsmart.Nowyoucansoundjustassmart.
Predictably,thevirtualinterfacecardsfortheC-Serieshavebeenadoptedataslowerpaceduetocost,butOplinsfortheB-serieswillsetyoubackaboutthesameamountastheothercards.Thus,ifyouhavetheoption,choosingVICcardsforyourserverisn’tjustsmartsounding;it’sthesmartthingtodo!
UCSConnectivityDon’tforgetthis—understandinghowtocableaUCScluster,aswellashowthecommunicationsactuallyhappeninthecluster,iscriticaltomasteringUCS!Solet’sexplorethesevitalsubjectsindepthnowbysurveyingthevariouscomponentsinvolvedandhowtheyallworktogether.
FabricInterconnectConnectivityThefabricinterconnectsarethemostimportantcomponentsintheUCScluster,andtheymustbeabletocommunicatewitheachother.TheL1andL2portsarededicatedtocarryingmanagementtrafficandheartbeatinformationbetweenthefabricinterconnects.ThefabricinterconnectL1andL2portsaredisplayedinFigure7.18.TheL1fromthefirstfabricinterconnectconnectstotheL1ofthesecondfabricinterconnect,andtheL2fromthefirstfabricinterconnectconnectstotheL2ofthesecondfabricinterconnect,anddatatrafficfromserversnevercrossestheselinks.Thefirst-generationfabricinterconnectshavetheL1andL2portslocatedonthefront,andthesecondgenerationhastheL1andL2portslocatedontherear.
FIGURE7.18FabricinterconnectL1/L2ports
JustasitisonIOSdevices,theconsoleportisusedforout-of-bandmanagement.TheMgmt0portisanout-of-bandEthernetmanagementportandtheMgmt1interfaceisn’tusedatall.Duringinitialsetup,youwouldconnectto
theMgmt1interfaceisn’tusedatall.Duringinitialsetup,youwouldconnecttotheconsoleportfirst,createtheinitialconfiguration,andthenmanagetheclusterthroughtheMgmt0interface.Buthowwouldyouconnectthechassistothefabricinterconnects?
Whenyouinitiallyconfigurethefabricinterconnects,onewillbedesignatedfabricAandtheotherlabeledfabricB.OnthebackofeachchassiswillbetwoIOMswitheitherfouroreightavailableports.Youcanuseone,two,four,oreightlinksfromtheIOMtoafabricinterconnect,butnotethatallthelinksfromIOMsmustgotoonefabricinterconnect,andallofthelinksfromthesecondIOMmustgototheotherfabricinterconnect,asdemonstratedinFigure7.19.
FIGURE7.19FabricinterconnecttoI/Omoduleconnectivity
Let’szoominonthe2104XP,thefirst-generationIOM.Eachofthelinksisrunningat10Gb/sandprovidingbandwidthforuptoeightservers.Aservercangenerate10Gb/strafficonafabricwithatypicalmezzaninecard,andafullyloadedchassiscouldgenerate80Gb/s.Thatsoundsimpressive,right?Nevertheless,whenit’spossibletohavemorebandwidththanyoucansupport,yourunintoasnagknownasoversubscription.Withasinglelink,theoversubscriptionratewouldbe8:1;withfourlinksitwouldbe2:1.Regardlessofthenumberoflinks,eachindividualserverusesonlyasinglelinkperfabric.
The2204XPand2208XParesecond-generationIOMs,andtheyoffermoreoptionsandflexibility.OneofthebiggestimprovementsistheabilitytocreateportchannelsbetweentheIOMandthefabricinterconnect.Portchannelingallowsasingleservertohaveamaximumbandwidthinexcessof10Gb/s,supportsloadbalancing,andprovidessupportforthe40GUCSVIC1280
supportsloadbalancing,andprovidessupportforthe40GUCSVIC1280adapter.KeepinmindthatportchannelingisavailableonlyifthefabricinterconnectsandtheIOMsarebothsecondgeneration.Itisagreatadvantagebecauseitgivesushigherbandwidth,redundancy,andloadbalancing.
TheIOMismorethanjustafabricextender;itprovidesthreeadditionalfunctions:chassismanagementcontroller(CMC),chassismanagementswitch(CMS),andI/Omultiplexer(mux).TheCMCaidsinthediscoveryofchassisandcomponentsandalsomonitorschassissensors.TheCMShandlesmanagementtrafficbeingsenttotheCiscoIntegratedManagementController.Themuxmultiplexesthedatabetweenthefabricinterconnectandthehostports.
ThetwoIOMcardsinthe5108chassisconnecttothefabricinterconnectcardswithmultiple10GEthernetinterfaces.EachIOMAconnectstofabricinterconnectAandIOMBconnectstofabricinterconnectBonly.TheIOMlinkscanbeconnectedtoonlyasinglefabricinterconnect.
Thedownlink10GinterfacesontheI/Omodulesarestaticallyconnectedtotheuplinkportsofthefabricinterconnect;thisprocessiscalledpinning.
CiscoIntegratedManagementControllerOK,sonowthatwe’veachievedconnectivitybetweenourblades,theIOM,andthefabricinterconnects,wecanstartcommunicating,right?Yes,butit’svitaltounderstandhow!TheCiscoIntegratedManagementController(CIMC)chipisonthemotherboardofC-SeriesandB-SeriesUCSservers.TheCIMC,previouslyknownastheBaseboardManagementController,providessomethingcalled“lights-outmanagement,”whichsimplymeansthatyouremotelycontrolmanyoftheserver’sfunctions.ThisworksalotlikeDellRemoteAccessConsole(DRAC)orHPIntegratedLights-OutManagement(ILO).CIMCprovideskeyboard,video,andmouse(KVM)overIP,enablingyoutoconnecttotheserverevenwithoutanoperatingsysteminstalled.ViatheIntelligentPlatformManagementInterface(IPMI)ontheCiscoIntegratedManagementController,youcanremotelymonitorandmanagesomeserverfunctions,butIPMIisusuallyusedforremotepowermanagement.TheCIMCalsoprovidesSerialOverLAN(SOL),whichallowstheinputandoutputoftheserialporttoberedirectedoverIP.
EthernetInterfacePortPersonalityTheportsonthefabricinterconnectneedtobeconfiguredcorrectlybysettingtheirportpersonality.Thethreebasicstatesareunconfigured,server,anduplink.
Thedefaultsettingisunconfigured,anditwon’tpermittrafficflow.Theportshouldbeconfiguredasaserverifit’sconnectingtothechassis,andifaportconnectstoaswitchoutsidetheUCScluster,itwouldneedtobeconfiguredasanuplinkport.Theotherporttypesareusedforspecificstoragescenariosbeyondthescopeofthisbook.Figure7.20illustratesalloftheoptionsforconfiguringanEthernetport.
FIGURE7.20Configuringportpersonalityonfabricinterconnect
UCSDiscoveryProcessThediscoveryprocesshappensautomaticallywhenachassisisconnectedtoafabricinterconnectandtheportsarecorrectlyconfigured.Thefabricinterconnectestablishesaconnectiontothechassismanagementcontroller,and
interconnectestablishesaconnectiontothechassismanagementcontroller,anditgathersalloftheinformationaboutthecomponentswithinthechassis,suchasthefans,IOM,powersupplies,partnumbers,andserialnumbers.ThebladeserversinthechassisarealsoscannedforBIOSinformation,CPUtypesandnumbers,memory,serialnumbers,harddrives,andDIMMinformation.
Thediscoveryprocesscanalsobemanuallyinitiatedbyre-acknowledgingthechassis,asdemonstratedinFigure7.21.YoucanmonitortheprogressofthediscoveryontheFiniteStateMachine(FSM)taboftheIOM.Afterdiscovery,yoursystemshouldbeupandrunning.Thecollectedinformationisthenstoredinthedatamanagementengine,whichispartoftheUCSmanager.
FIGURE7.21Re-acknowledgingachassis
Animportantfacttokeepinmindisthatthediscoveryprocessactuallytearsdownthefabricforagivencontrollerandrebuildsit,soit’savoidedonsystemsthatareinproduction.Still,it’sisoftenusedwheninstallingnewequipmenttoensurethatalltheconnectivityisproperlydiscovered!
SeeingyourdevicesshowupintheUCSmanagerinterfaceverifiesthatthey’vebeensuccessfullydiscovered.TheUCSsystemshouldnowbeinstalled,cabled,andreadytorun!
SummaryInthischapter,youwereintroducedtotheCiscoUnifiedComputingSystem(UCS)andhowitfitsintothedatacenter.YoualsolearnedthatfabricinterconnectsareakeycomponentofUCS-providedconnectivityandcentralizedmanagement.YoustudiedthedifferentkindsoffabricinterconnectsandtheexpansionmodulesthatcanbeplacedintothemtobuildthecoreofyourUCSsystem.
Afterthat,youlearnedaboutthebladeserverchassisandtheI/Omodulesthatprovideitwithconnectivitytothefabricinterconnects.Youlearnedthatthechassisallowsuptoeightbladesandthatitcanprovidetremendousnetwork
chassisallowsuptoeightbladesandthatitcanprovidetremendousnetworkthroughput!
YounowknowthatB-SeriesbladeserversandC-Seriesrackmountserverscomeinlotsofvarietiesandthatmostofthemweredesignedassolutionstoproblems,providinggreatbenefitslikelargememory,highCPU,orlowcost.Alloftheavailableoptionsgiveyoutheflexibilitythatyouneedtoselectaserverthatmeetsyourparticularneeds.
AfterthatwemovedontoexaminetheconnectivitybetweenthecomponentsinaUCSsystem.Youlearnedthattherearemanywaystocableitbasedonhowmuchbandwidthyouneed,andyoualsofoundoutthattheCiscoIntegratedManagementControllerprovidesgreatremotemanagementcapabilitiesforyourservers.YounowknowthattheinterfacesonyourserverscanhandleEthernet,FibreChannel,orboth,whilethevirtualinterfacecardtrulycreatessomenewwaystothinkabouthowtodefineinterfaces.
Towrapthingsup,wecoveredthediscoveryprocess,whichallowsthesecomponentstofindandidentifyeachdeviceandsetupcommunications.ThischapterfocusedheavilyonUCShardwarecomponentsandhowtheyinteract,becausehavingasolidunderstandingofeachtypeofdeviceanditsspecificjobisanabsolutemustforyoutoattainyourCCNADataCentercertification!
ExamEssentialsDescribethefabricinterconnects.
FabricinterconnectsprovidephysicalconnectivityandasinglepointofmanagementforaUCSsystem.TheL1andL2portsareusedformanagementoftrafficbetweenthetwofabricinterconnects.Therearethreegenerationsoffabricinterconnectsandsixmodelsthatprovidedifferentfunctionality.
DescribeanI/Omodule.
TheIOMsorFEXsactasfabricextenderstoconnectthechassistothefabricinterconnects.TheyalsoprovidethefunctionsofCMS,CMC,andmux.Thesecond-generationIOMsupportsportchannels.TheIOMscomeinfour-andeight-portuplinkoptions.
DescribeEthernetportstates.
Thethreebasicportstatesareunconfigured,server,anduplink.TheserverportstateisusedtoconnecttoaUCSchassis,andtheuplinkportstateconnectstoadatacenterswitch.
datacenterswitch.
Describeinterfacecards.
Non-virtualizedadapterscanbeconfiguredforEthernetorFiberChannelbutnotbothatthesametime.ConvergednetworkadaptershavebothEthernetandFibreChannelinterfacesonthesamecard.VirtualizednetworkadaptersallowtheconfigurationofmanyEthernetandFibreChannelinterfacestobepresentedtotheoperationsystem.Itisimportanttoknowwhatfeatureseachcardsupports.
WrittenLabs7YoucanfindtheanswersinAppendixA.
1. NamethepurposeofeachoftheseportsonaUCSfabricinterconnect.
A. Consoleport
B. Managementport
C. L1/L2port
2. Foreachofthefollowinginterfacecards,identifywhetheritisavirtualizedornon-virtualizedadapter.
A. M72KR-E
B. VIC1280
C. M61KR-I
D. M81KR
3. AcustomerneedsaserverbladewithfourCPUsand1TBofRAM.Whichserversmeetthesecriteria,andwhatadditionalinformationwouldhelpthecustomertomakeagooddecision?
4. Acustomerneeds32half-widthbladesandwouldlikearecommendationfromyouonaUCSsolution.Listthecharacteristicsofasolutionthatwouldmeetthesecriteria.
A. Numberoffabricinterconnects
B. Numberofchassis
C. Typesofhalf-widthbladesavailable
5. AcustomerasksyouaboutthedifferencebetweenCMCandCIMC.Please
explainhowtheyaredifferentandwhytheymightusethem.
ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter’smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook’sIntroduction.YoucanfindtheanswersinAppendixB.
1. WhichisanexampleofanFEX?
A. UCSM81KR
B. UCS6248UP
C. UCS2104XP
D. B200M3
E. B22M3
F. C460
2. Whichofthefollowingarevirtualinterfacecards?(Choosefour.)
A. P81E
B. M71-KR
C. M81-KR
D. VIC-1280
E. VIC-1240
F. P71-KR
3. ThroughwhichdeviceismanagementofaUCSsystemnormallyaccomplished?
A. Fabricinterconnect
B. MultilayerDirectorSwitch
C. C5108chassis
D. 2104XPI/Omodule
4. WhatisthemaximumnumberofbladesthatcanfitintoaUCS5108chassis?
A. 4
B. 8
C. 12
D. 16
5. Howmanyfabricinterconnectsshouldyouhavetosupportasingleclusterwith16chassiswith128blades?
A. 2
B. 4
C. 8
D. 16
6. Whichofthefollowingcanaunifiedporthandle?
A. OnlyEthernet
B. OnlyFibreChannel
C. SimultaneouslyEthernetandFibreChannel
D. EthernetorFibreChannel
7. Basedonthenameoftheserver,whatdoyouknowaboutaB420M3server?(Choosethree.)
A. Second-generationserver
B. Third-generationserver
C. Rackmountserver
D. Bladeserver
E. TwoCPUsockets
F. FourCPUsockets
8. OntheUCSfabricinterconnect,whatdotheL1andL2portsprovide?(Chooseallthatapply.)
A. Managementtraffic
B. Heartbeats
C. Redundantdatapathforservers
D. Additionalbandwidthforservers
E. Consolemanagement
F. Webmanagement
9. WhenconfiguringaNexusdevicethathasa10GigabitEthernetinterfacelocatedinthefirstportofslot3,howwouldyoureferenceit?
A. 10G3/1
B. Gigabit3/1
C. Ethernet3/1
D. GBE3/1
10. Whichportprovidesout-of-bandEthernetmanagement?
A. L1
B. E0/0
C. Mgmt0
D. Console
11. WhichisnotavalidnumberoflinksbetweenafabricinterconnectandanIOM?
A. One
B. Six
C. Four
D. Two
12. Whatprovideskeyboard,video,andmouseoverIPonaUCSserver?
A. IPMI
B. SOL
C. CMC
D. CIMC
13. Whichofthefollowingisnottrueofaunifiedport?
A. ItcansupportEthernetSFPs.
B. ItcansupportFibreChannelSFPs.
C. AportcanbeconfiguredasEthernetorFibreChannel.
D. AportcanbeconfiguredasEthernetandFibreChannel.
14. TheUCS6120XPhas20built-inports.Whichportscanoperateat1Gb/sor10Gb/s?
A. Ports1–16
B. All
C. None
D. Ports1–8
15. WhichofthefollowingarecomponentsoftheUCS2104XPI/Omodule?(Choosethree.)
A. Chassismanagementcontroller
B. Consolemanager
C. Switchmanager
D. Multiplexer
E. Chassismanagementswitch
16. Non-virtualizedadapterssupportwhichofthefollowing?(Choosetwo.)
A. FibreChannel
B. FEX
C. Ethernet
D. OTV
E. DCB
17. InitialconfigurationoftheUCSfabricinterconnectofferswhichofthefollowingoptions?(Choosetwo.)
A. Initialize
B. Restore
C. SyncwithMaster
D. Setup
18. IOMserverdownlinksareinterconnectedtotheuplinksusingwhichofthe
following?
A. OTV
B. DCB
C. Pinning
D. VPC
19. WhatchassiscomponentsdoestheUCSdiscover?(Choosetwo.)
A. BIOS
B. IOM
C. Serialnumbers
D. Harddrives
20. WhatservercomponentsdoestheUCSdiscover?(Choosethree.)
A. IOM
B. BIOS
C. Harddrives
D. DIMMs
CHAPTER8CiscoUCSConfiguration
THEFOLLOWINGCCNAEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:
5.0UnifiedComputing
5.1Describeandverifydiscoveryoperation
5.2Describe,configure,andverifyconnectivity
5.3Performinitialsetup
5.4DescribethekeyfeaturesofUCSM
HERE’SAPREVIEWOFTHETOPICSWE’LLEXPLOREINTHISCHAPTER:
SettingupaninitialCiscoUCSBseriescluster
CablingaCiscoUCSfabricinterconnectcluster
Initialsetupscriptfortheprimarypeer
Initialsetupscriptforthesecondarypeer
Verifyingafabricinterconnectcluster
DescribingCiscoUCSManageroperations
CiscoUCSManager
LayoutoftheCiscoUCSManagerGUI
Navigationwindowtabs
DevicediscoveryinCiscoUCSManager
VerifyingdevicediscoveryinUCSManager
DescribingCiscoUCSManagerpools,policies,templates,andserviceprofiles
Benefitsofstatelesscomputing
Usingidentitypoolsinserviceprofiles
Usingserviceprofiletemplatestoenablerapidprovisioningandconsistentapplicationofpolicy
Creationofpoliciesforserviceprofilesandserviceprofiletemplates
Chassisandbladepowercapping
Nowthatwe’veexhaustedthemyriadofhardwareoptionsavailableinCisco’sUnifiedComputingSystem(UCS),it’shightimeforustoexplorethefunstuff!Inthischapter,we’llshowyouhowtosetupaUCSsystem,cableittogether,configureit,andmanagethisremarkabledevice.
Theunifiedsystem’sapproachtomanagingcopiousnumbersofcomputingdevicesfollowsauniqueandinnovativepath.Havenoworries;we’llhelpyoutogainasolidgraspofthistechnologyalongtheway!
UCSClusterSetupFinally,theUCSsystemyou’vebeenwaitingforarrivesatyourdatacenter.Thefirstchallengethatyouarepresentedwithisareminderthatyoushoulddefinitelyworkoutmore—thesebeautiescanbeheavy!Afterstrugglingtogetitunboxedandinstalledintoyourdatacenter’scabinets,youwiselybeginbyconnectingthechassiswiththerequired220vcapacitypowercables.Awesome!Nowwhat?Yournexttaskistocablethetwofabricinterconnectstogetherproperlyandthenconnectthemtothechassis.We’llguideyouthroughthatnow.
CablingtheFabricInterconnectsFirst,youshouldknowthatfabricinterconnectsarealmostalwaysinstalledaspairs,becausedoingthisensuresaredundanttopology.Youcaninstalloneasastandalone,butwerecommenddoingthatonlyfortestinginthelabenvironment
—neverinaproductionenvironment!Also,theUCSisdesignedtorundualfabricsforredundancy.Ifonlyonefabricinterconnectisused,therewillbenofabricredundancy.Inthepreviouschapter,wetalkedabouttheveryspecialL1andL2portsusedforcommunicationbetweenthetwofabricinterconnects,andthesetwoportsaretypicallythefirsttoconnect.ExamineFigure8.1.
FIGURE8.1Fabricinterconnectcabling
YouconnectfabricinterconnectsviatwostandardEthernetcablesthatlinktheL1portofthefirstswitchtotheL1portofthesecondswitchandthentheL2portofthefirstswitchtotheL2portofthesecondswitch.
Yourtwofabricinterconnectsshouldbethesamemodel;for
example,youshouldconnecta6120XPtoa6120XP.Theexceptiontothisruleoccursonlywhenupgradingyourhardwarebecauseyoucantemporarilyconnectthenewerfabricinterconnecttotheoldonetoallowthenewswitchtolearntheconfigurationofthecluster—nice!Thislittletrickhelpsyoutoavoidanydowntimeduringahardwareupgrade.Nonetheless,onceeverythingissynchronized,youstillneedtoremovetheolderswitchandreplaceitwiththenew,matchingone.
Afteryou’vesuccessfullycabledportsL1andL2,yournextstepistoconnect
Afteryou’vesuccessfullycabledportsL1andL2,yournextstepistoconnecttheEthernetcablethatrunsfromthemanagement0portofeachfabricinterconnecttoyourmanagementnetwork.Moreover,bothofthosemanagementportsmustbeinthesameVLAN!Finally,you’regoingtorunrolledcabletotheconsoleport,andfromtheretoyourmanagementcomputer,whereyou’llopenaterminalprogram,turnonyourfabricinterconnects,andletthefunbegin.
SetupDialogfortheFabricInterconnectsWhileyourfabricinterconnectsarebootingupisagreattimetocollectsomekeyinformationthatyou’llneedtoconfigureyoursystem.Firstonthatlististhesystemnameandadministratorpasswordthatwillbesharedbythefabricinterconnect.Next,you’llneedthreeIPaddressesonthesamesubnet—oneaddresstouseasthephysicaladdressforeachfabricinterconnect,thesecondasavirtualIPaddressforthecluster,andthethirdforthesubnetmaskanddefaultgateway.AddingaDNSserveranddomainnameisoptional.
Thefollowingisadisplayofanentiresetupdialogthatweachievedafterweconfiguredthefirstfabricinterconnectinaclusterknownastheprimarypeer.Don’tpanic—we’llbreakthismonsterdownpiecebypiecewithyou!
Entertheinstallationmethod(console/gui)?console
Enterthesetupmode(restorefrombackuporinitialsetup)
[restore/setup]?setup
Youhavechosentosetupanewswitch.Continue?(y/n):y
Enterthepasswordfor"admin":Todd!John123
Confirmthepasswordfor"admin":Todd!John123
Doyouwanttocreateanewclusteronthisswitch(select'no'for
standalonesetuporifyouwantthisswitchtobeaddedtoan
existingcluster)?(yes/no)[n]:yes
Entertheswitchfabric(A/B):A
Enterthesystemname:UCS
Mgmt0IPv4address:10.10.10.101
Mgmt0IPv4netmask:255.255.255.0
IPv4addressofthedefaultgateway:10.10.10.1
VirtualIPv4address:10.10.10.100
ConfiguretheDNSServerIPv4address?(yes/no)[n]:yes
DNSIPv4address:8.8.8.8
Configurethedefaultdomainname?(yes/no)[n]:yes
Defaultdomainname:lammle.com
Followingconfigurationswillbeapplied:
SwitchFabric=A
SystemName=UCS
ManagementIPAddress=10.10.10.101
ManagementIPNetmask=255.255.255.0
DefaultGateway=10.10.10.1
ClusterEnabled=yes
VirtualIpAddress=10.10.10.100
DNSServer=8.8.8.8
DomainName=lammle.com
Applyandsavetheconfiguration(select'no'ifyouwanttore-
enter)?(yes/no):yes
Thescriptbeginswithachoicetoconfigurethedevicefromtheconsole,thecurrentcommand-lineprompt,orfromaGUI,awebinterfacethataskstheexactsamequestions.Asyoucansee,wewentwiththeconsolemethod.Wedidsobecauseit’sbyfarthebestwaytoconfigurethisdevice.Plus,itjustmakesuslookreallysmart:
Entertheinstallationmethod(console/gui)?console
Next,wearriveatsetupmode,whichcanbeusedtoconfigureaswitchinitiallyorrestoretheswitchfromasavedbackup.Wechosesetupsincethisisanewswitch.Knowthatyouhavetocomeupwithagood,solid,complexpasswordcomposedofupper-andlowercaseletters,numbers,andsymbols,ortheNexuswillrejectitandmakeyoutryagain:
Enterthesetupmode(restorefrombackuporinitialsetup)
[restore/setup]?setup
Youhavechosentosetupanewswitch.Continue?(y/n):y
Enterthepasswordfor"admin":Todd!John123
Confirmthepasswordfor"admin":Todd!John123
Justbecausewe’llbesettingupbothfabricinterconnects,doesn’tmeanthatthey’llbesetupexactlythesameway.We’regoingtocreateanewclusteronthefirstone,butwe’llhavethesecondonejointheexistingcluster.Asmentioned,standalonemodeisjustfortestinginalabenvironment.Wechoseyestoindicatethatwewanttocreateanewclusteronthefirstswitch:
Doyouwanttocreateanewclusteronthisswitch(select'no'for
standalonesetuporifyouwantthisswitchtobeaddedtoan
existingcluster)?(yes/no)[n]:yes
EachfabricinterconnectisidentifiedbyanAoraBindicatingafabricidentifier.Itreallydoesn’tmatter,butmostpeoplesetupthefirstswitchonAandthesecondoneonB:
Entertheswitchfabric(A/B):A
Sometimespeoplegetconfusedwhenfacedwithenteringthesystemnamebecauseit’saskingforthenameoftheclusterandnotthenameofthefabricinterconnect.Theactualfabricinterconnectnameistheclusternamefollowedbytheswitchfabric.BecausewechosetheclusternameUCSandaswitchfabricofA,thefabricinterconnect’snamebecomesUCS-A:
Enterthesystemname:UCS
Thisbringsustothenetworkinformationinthefinalstretchofthesetup.We’regoingtoassigntheMgmt0addresstothisfabricinterconnect’sphysicalport,andwe’llusethevirtualIPaddresstoconnecttoandmanagetheUCS.Thefirst,primaryfabricinterconnectwillhandlethemanagementtraffic.We’lltellyoumoreaboutthereasonforthatinabit.Therestoftheinformationinthischunkofoutputisjusttypicalnetworkconfiguration:
Mgmt0IPv4address:10.10.10.101
Mgmt0IPv4netmask:255.255.255.0
IPv4addressofthedefaultgateway:10.10.10.1
VirtualIPv4address:10.10.10.100
ConfiguretheDNSServerIPv4address?(yes/no)[n]:yes
DNSIPv4address:8.8.8.8
Configurethedefaultdomainname?(yes/no)[n]:yes
Defaultdomainname:lammle.com
Theverylastpartofthedialogdisplaysasummaryoftheconfigurationthatwillbeappliedtothefabricinterconnect,anditasksifyouwanttouseit.Ifyouseeanythingwrongwithit,justenternotorunthroughthesetupconfigurationagain:
Followingconfigurationswillbeapplied:
SwitchFabric=A
SystemName=UCS
ManagementIPAddress=10.10.10.101
ManagementIPNetmask=255.255.255.0
DefaultGateway=10.10.10.1
ClusterEnabled=yes
VirtualIpAddress=10.10.10.100
DNSServer=8.8.8.8
DomainName=lammle.com
Applyandsavetheconfiguration(select'no'ifyouwanttore-
enter)?(yes/no):yes
Atthispoint,thefirstfabricinterconnectisconfiguredandoperational,andweonlyhadtoansweradozenquestionstogetitupandrunning!Dealingwiththe
secondfabricinterconnect,knownasthesecondarypeer,iseveneasier,anditrequiresansweringonlyfivemorequestions.Thefollowingexamplesetsupthesecondfabricinterconnectforaclusterconfigurationusingtheconsole:
Entertheinstallationmethod(console/gui)?console
Installerhasdetectedthepresenceofapeerswitch.Thisswitch
willbeaddedtothecluster.Continue?[y/n]y
Entertheadminpasswordofthepeerswitch:Todd!John123
Mgmt0IPv4address:10.10.10.102
ManagementIpAddress=10.10.10.100
Applyandsavetheconfiguration(select'no'ifyouwanttore-
enter)?(yes/no):yes
OK.ThesecondlinetellsusthatthesecondfabricinterconnecthasdetectedthepresenceofanotherfabricinterconnectovertheL1andL2links,anditpromptsustojointhecluster.Wejustsayyestobeaddedtoit,andthenweenterthepasswordtoauthenticatetotheprimaryfabricinterconnect.Theconfigurationinformation,includingtheclusterIPaddress,DNS,andsystemname,arelearnedfromtheprimaryfabricinterconnect.TheonlyinformationlefttoenterisanIPaddressforthisspecificfabricinterconnect.Prettyeasysofar,no?
Atthispoint,weshouldhaveafunctioningUCScluster,buthowcanwereallytellifwedoornot?
ClusterVerificationPredictably,thetwofabricinterconnectsintheUCSclustersynchronizedatawitheachother.Changesarefirstimplementedontheprimaryandreplicatedtothesecondary.Notethatit’sreallyimportantthatthesetwodevicesoperatelogicallyasone.Thecommandshowclusterextended-stateisthetoolthatwe’llusetotellusallaboutthestatusofthecluster.Here’stheoutputfromtheprimaryswitch:
UCS-A#showclusterextended-state
ClusterId:0xe5bd11685a7211e2–0xb39f000573cd7a44
Starttime:MonMay2717:37:432013
Lastelectiontime:MonMay2717:38:112013
A:UP,PRIMARY
B:UP,SUBORDINATE
A:membstateUP,leadstatePRIMARY,mgmtservicesstate:UP
B:membstateUP,leadstateSUBORDINATE,mgmtservicesstate:UP
heartbeatstatePRIMARY_OK
INTERNALNETWORKINTERFACES:
eth1,UP
eth2,UP
HAREADY
DetailedstateofthedeviceselectedforHAstorage:
Chassis1,serial:FOX1442GZZQ,state:active
ThisoutputconfirmsthatAistheprimaryandthatBisthesubordinate.Wecanalsodeterminethatthememberstate,managementservices,andnetworkinterfaces(L1andL2)areup.ThemostimportantthingtolookforisthelineHAREADY(highavailability).Thisonelinewilltellyouifyourclusterisfunctioningproperlyornot.
Ifyouhaveeverythingcabledproperlyandpoweredonbutthingsstillaren’tworking,youprobablyhaveaconfigurationerrorsomewhere.ThemostcommoninitialconfigurationissuestemsfromincorrectIPinformation.Tosolvethistypeofproblem,youreallyneedtobecomefamiliarwiththeUCScommand-lineinterface(CLI).
Nottoscareyou,butthisisnottheCiscoIOSorNexusOS!MostUCSadministratorsrarelyusethecommand-lineinterface,butwe’rebetterthanthatsoinwego!Thecommandswithwhichwewillarmourselvesarescope,up,set,andcommit.ThescopecommandchangeswhichpartoftheUCSconfigurationyou’remodifying.UsingtheupcommandinUCSisbasicallylikeexecutingtheexitcommandinIOS,becausebothcommandsmoveyoubackonelevel.Althoughyoucanusetheexitcommand,youneedtoknowtheupcommandtoo.Thesetcommandmodifiesaproperty,butitdoesn’tworkthesamewaythatitdoesinotherCiscooperatingsystemsbecauseanychangesmadeusingsetinUCSwon’ttakeeffectuntilyouenterthecommitcommandaswell.
ThisoutputgivesusasnapshotofwhathappenswhenwechangethevirtualIPaddressofthecluster:
UCS-A#scopesystem
UCS-A/system#setvirtual-ip10.10.100.10
UCS-A/system*#commit
UCS-A/system#
Sowhatdoesthistellus?Well,wecanseethatthescopecommandgotusintosystemconfigurationmodewherethevirtualIPaddresswaschanged.Doyou
seethatasteriskonthethirdline?Itindicatesthattherearemorechangesthathaven’tbeencommitted.Oncethecommitcommandhasbeenexecuted,theasteriskdisappears,indicatingthechangehasbeenimplementedandsaved.
ButwhatifwehadincorrectIPaddressesononeofthemanagementinterfacesofafabricinterconnect?Again,wecouldcorrectitfromthecommandlineinasimilarway:
UCS-A/system#up
UCS-A#scopefabric-interconnecta
UCS-A/fabric-interconnect#setout-of-bandip10.10.100.11
Warning:Whencommitted,thischangemaydisconnectthecurrentCLI
session
UCS-A/fabric-interconnect*#setout-of-bandnetmask255.255.0.0
Warning:Whencommitted,thischangemaydisconnectthecurrentCLI
session
UCS-A/fabric-interconnect*#setout-of-bandgw10.10.1.1
Warning:Whencommitted,thischangemaydisconnectthecurrentCLI
session
UCS-A/fabric-interconnect*#commit
UCS-A/fabric-interconnect#
OK.Youcanseethatbyusingtheupcommand,we’vechangedtheconfigurationmodefromsystembacktotheroot.TherestofthecommandsbringustofabricinterconnectaandthenconfigureandapplytheIPsettings.Wecanverifythesesettingsviatheshowconfigurationcommandlikethis:
UCS-A/fabric-interconnect#showconfiguration
scopefabric-interconnecta
activatefirmwarekernel-version5.0(3)N2(2.11a)
activatefirmwaresystem-version5.0(3)N2(2.11a)
setout-of-bandip10.10.100.101netmask255.255.0.0gw
10.10.1.1
exit
NowwerealizethattheUCScommandlineisinaweirdplace,butdon’tworryaboutthatbecause,onceyou’veinitiallyconfiguredyourUCSsystem,it’slikelythatyouwon’thavetovisittheUCSCLIeveragain!TheUCSCLIisusefulfordisplayinglogginganddebugginginformationthatisnotavailablewiththeGUI.
Next,we’llshowyouhowtomanagethesystem,aswellasitsbrilliantinterface,theCiscoUCSManagerGUI.
UCSManagerUCSManageristhesinglepointofmanagementforaUCSsystem.Thissingletoolwillopenthedoorsforyoutomanagethefabricinterconnects,bladeserverchassis,bladeserversandtheircomponents,rackservers,andsubsystems,plusanythingconnectedtothem,fromfull-widthserverbladestofanmodulesandpowersupplies.Seriously,evenwhenfacingahugeUCSwith16chassisand128servers,youwouldmanageallofitviathissingleinterface!
Inrecentyears,Ciscohasstandardizedthemethodusedtostoreinformationacrossdevices.ExtensibleMarkupLanguage(XML)providesarobustwaytostorethatdata,whichisstillreadablebyhumaneyesandtoseasonedorbs.XMLfileseerilyresemblewhatyoumightendupwithifanoldINIconfigurationfileandanHTMLfilehadbabies.Butnoworries—youwon’tbeeditingXMLfiles!Instead,you’llrelyoncooltoolsliketheUCSManagerGUIortheCLIfordaycarebecausetheyworkinthebackgroundtomakethosechangesforyoupainlessly.Anotherwonderfulbenefitofthisstandardizedformatisthatitsconsistencymakesitsupereasyforthird-partyproviderstodevelopapplicationsandtoolsforUCS.
Nevertheless,theXMLinterfaceisn’ttheonlywaytocommunicatetotheUCSsystem.KeyprotocolslikeSNMPandIPMI(IntelligentPlatformManagementInterface),aswellasrelativelyobscurestandardslikeCIM-XML(CommonInformationModel)andSMASHCLP(ServerManagementCommandLineProtocol)arealsosupported.KeepinmindthatCIM-XMLisread-only,anditcannotbeusedtoconfigureUCS.
YouwillgrowtoloveKVM(keyboardvideomouse)overIP.Thisawesomefeatureactuallyletsyouremotelymanagetheserver,evenifthere’snoOSinstalledonit!Withallthisinmind,it’stimetodiverightintoactualconfiguration.
WelcometotheGUIYou’verecentlybeenintroducedtotheinitialconfigurationofaUCScluster,aswellashowtogivethesystemavirtualIPaddress.WhenyouopenawebbrowsertotheclusterIPaddress,you’llseeascreensimilartotheonedepictedinFigure8.2.
FIGURE8.2UCSinitialwebinterface
TheLaunchUCSManageroptionwillstartuptheGUI,whereastheKVMManagerallowsyoutoconnecttoyourserverswithoutlaunchingtheUCSManageratall.Ohandbytheway,thisisacross-platformapplicationwritteninJava,somakesurethatyouhaveJavainstalledbeforelaunching.Keepinmindthatbecauseyou’rerunninganapplicationfromawebbrowser,you’llprobablyseeawarningliketheoneshowninFigure8.3.
FIGURE8.3Javaapplicationwarning
ChoosingRunwillbringupaprompttologintotheUCS,asshowninFigure8.4,usingthecredentialsconfiguredduringtheinitialsetup:
FIGURE8.4UCSManagerLogin
UCSGUINavigationExamineFigure8.5foraclearpictureoftheprimaryUCSManagerGUI.Theleftsidehousesthenavigationpane,whiletherightsideshowsyouthecontent.Atthetopisthenavigationtrailthatshowswhereyouareintheconfigurationtree.Youcanmoveforwardandbackwardbyselectingtheareaonthistrail.Afaultsummaryareaabovethenavigationtabsshowscritical,major,minor,andwarningfaults.SeethosesixtabsjustabovethenavigationpaneforLAN,SAN,VM,Admin,Equipment,andServers?Thosetabsaretheprimarywaymovearoundtheinterface.
FIGURE8.5UCSManagerlayout
TheEquipmenttabdisplaysallofthephysicalcomponentsfortheUCS—ifit’ssomethingthatyoucanactuallytouch,it’sundertheEquipmenttab.ThethreeareasoftheEquipmenttabarethebladechassis,therackmountservers,andthefabricinterconnects.UnderstandthattheServerstabdoesn’tcontainthephysicalservers,onlythelogicalservercomponentsandsettings,andtheLANandSANtabscontaintheirrelevantnetworkandstorageitems.KeepinmindthatifyouhaveyourUCSlinkedintoaVMwarevSphereenvironment,thoseelementswillshowupundertheVMtab.TheAdmintabpredictablycontainsanabundanceofitemsassociatedwiththegeneraladministrationoftheUCS.AcollageofallofthetabsisshowninFigure8.6.
FIGURE8.6UCSManagertabs
FiniteStateMachineLet’sfocusonthatEquipmenttab,whichhostslotsofvitaldetailsaboutthesystem’sservers,FEXs,andchassis.Atthispoint,agoodquestionwouldbe,“HowdidUCSlearnaboutallofthisphysicalgear?”ThediscoveryprocessinUCSManagerisalwaysrunningsothatitcandeterminewheneverhardwarehasbeenadded,changed,orremoved.Cool—buthow?
Thesystemmonitorsanyportsconfiguredasserverportstodetermineifsomethingnewhasbeenpluggedin.Whenalinkisdetected,acommunicationchannelisopenedtotheFEXlocatedinthechassis.ThesystemverifiesthetypeofFEX,andthenitdeterminesthatchassisinformationandaddsittotheUCSdatabase.Sensorsthroughoutthesystemmonitorvoltageandpresence,sothatifanythingchanges,thefinitestatemachinewilldiscoverandrecordthechange.TheFSMtabinUCSManagerletsyoumonitortheprocesses.
Oncethechassisisdiscovered,thediscoveryprocesswillquerytheCMCtoseeiftherearebladesintheslots.Ifoneisdetected,thesystemqueriestheCIMContheserverandbeginsanin-depthdiscoveryprocessofservercomponents,likeBIOS,drives,NICs,andHBAs,asshowninFigure8.7.
FIGURE8.7Finitestatemachinediscoveryprocess
Thefinitestatemachine(FSM)monitorsthediscoveryprocess,displayingeachstepthatoccursandwhetheritwassuccessfulornot.Ifyouwanttoobservethisprocesspersonallyonanon-productionsystem,youcanchooseanIOM,resetit,andthenselecttheFSMtabandwatchallofthestepsinrealtime.
Let’smoveontocoversomeoftheotheractivitiesmonitoredbytheFSM.
ServiceProfilesBeforewejumpintostatelesscomputingandservicesprofiles,itisworthnotingsomecurrentchallengesinherenttomanagingserversinthedatacenter.ThisisimportantbecauseunderstandingtheseissueswillbringhomejusthowelegantCisco’ssolutionsreallyare!
TraditionalComputingFirst,askyourselfthis:“Whatexactlyisitthatmakesacomputerdeployedinthedatacenterunique?”IfyouhavetwoACME100VXswiththesamememory,CPU,NICs,hostbusadapters,andsoon,doesthatmeanthey’reexactlythesame?
Ifthere’snoonenearby,scream,“No!”Why?Therearelotsofreasons,andwe’llwalkyouthroughthemonebyone.Tobegin,statefulcomputingmeansthatindividualservershaveuniquecharacteristics,sothesetwomachinesaren’teveninthesamestate.Andthenetworkenvironmentbetweenthesetwomachinesmaybeverydifferent.Thinkaboutit—we’redealingwithmachinesthathavedifferentMACaddressesburnedintotheNICsandcabledtodifferentports,whichmaybelongtodifferentVLANsthathavedifferentsecuritypolicies—there’salottoconsiderhere!Furthermore,there’sthewholestoragesideofthings.ThehostbusadapterswillhavedifferentWWPNsandWWNNs,andtheSANbootsettingwillbedifferenttoo.TheMDSswitchthey’repluggedintowillhaveaVSANconfigurationandzoningspecifictotheirparticularWWPN,andthestoragearraywillhavemaskingconfiguredfortheirindividualWWPN.
That’snotall—theUUID(universallyuniqueidentifier),whichisburnedintothemotherboard,isuniquetoeachserver,andtheBIOSsettingsmaybedifferentaswell.Thus,it’sdefinitelysafetosaythattheseseeminglyidenticalserversareactuallyverydifferent,indeed!Butwhydowecare?
UpgradingorReplacingaServerConsiderthatit’snotuncommonforpeopletowanttoupgradeorreplaceaserverinadatacenter.Let’ssaythatoneofthoseserverswejustreferredtoexperiencesacatastrophicfailureanddies.Noproblem,right?We’lljustrunoutandbuyanotherACME100VXwiththeexactsamehardwareastherecentlydeceased,plugitintotheexactsameports,andcrossourfingers!
Holdingourbreath,wewatchnervouslyasournewserverstartstoboot.Itstopsbecauseitcan’tfindthedisk.Inahuff,wethinkaboutthisforawhileuntilwerememberthatwehavetoconfiguretheHBABIOSwiththecorrecttargetforourSAN.Yet,afteraquickrebootoftheserverandreconfigurationoftheHBABIOSwiththecorrectSANsettingresults,it’sstillnotworking!Oneahamomentlater,werealizethatourWWPNhaschanged,sowedecidethatithastobethezoningontheMDSswitchthat’sstoppingus.WecalltheMDSadministratortoreconfigurethezoningwithournewWWPN,butwe’restilldeadinthewater.
Sowecallthestoragearrayadministratortodiscussthesituation.TheadministratorremindsusthatwehavetoremaskthestoragearraytoallowtheserverwiththenewWWPNtoconnecttothecorrectLUNs.Finally,ourserverbootsupandtheoperatingsystemloads—sweetsuccess!
Toverifythings,wetrytopingsomething,butwefindthatwecannotping
Toverifythings,wetrytopingsomething,butwefindthatwecannotpinganythinganywhereonthenetwork—rats!WeaskthenetworkadministratortochangeportsecuritysothatournewMACaddresswillbeallowedontothenetwork.Nowouroperatingsystemisbooted,andwe’regoodtoaccessthenetwork….
Ornot!Hittingyetanothersnag,theOStellsusthatthisserverisn’tlicensedandneedstobeactivated.AlittleresearchtellsusthattheUUIDisusedforsoftwareactivation,andsinceourshaschanged,wehavetoreactivateit.Sowefixthatandnowwereallyandtrulyareupandrunning—lifeisgood!Intoday’svirtualizedenvironmentwithasmanyas100virtualmachinesormoreonaphysicalserver,replacingthehardwarecanbeveryexpensiveandtimeconsuming.
Meanwhile,acrosstown,anotheradministratorisreplacingaCiscoUCSserverwithanewone.Theadministratorsimplyplugsinthenewserver,clicksacoupleofthingsintheGUI,andeverythingworkswonderfully.Howcanthisbe?What’sdifferent?
StatelessComputingWhatifwetoldyouthatCiscomakesanetworkcardthatdoesnothaveaMACaddress?Iknowitseemsodd,butit’scompletelytrue—thesecardsdonothaveauniqueidentityuntiloneisactuallyassignedbyanadministrator!Thismakesreplacingoneofthesecardsreallyeasy.Justremovetheoldcard,putinthenewcard,andgiveitthesameaddressthatthepreviouscardhad.Thiswholeconceptofhardwarenothavingaburnedorfixedidentityisthefundamentalideabehindstatelesscomputing.
Statelesscomputingallowsidentificationinformationtraditionallythoughtofasbeingpartofthehardwareinsteadtobeabstractedand,therefore,changeable.Thethingsthatmakeaserverunique—theMACaddress,WWNN,WWPN,UUID,VSAN,VLAN,vHBA,vNICs,andsoon—arenolongerdependentonthephysicalserver;they’redependentonthesettingsappliedtothatphysicalserverinstead!Thisisanimportantinnovation,solet’stakeadeeperlookintohowitworks.
ServiceProfilesAserviceprofileiscreatedinsoftwareontheUCSManager,anditiscomposedofallofthecharacteristicsthatuniquelydefineaserver.That’sright—everybitofidentityinformationlikeMAC,WWPN,WWNN,UUID,vHBA,andvNICs
isneatlystoredwithintheserviceprofile,includingconnectivityinformation.ThepoliciesthatgovernthebehavioroftheservermakeupthefinalpartofaUCSserviceprofile.
Thus,justbecauseyouhaveagorgeousnewCiscoUCSbladeserverwithcoolvirtualinterfacecardsinstalledinthechassis,itdoesn’tmeanthatyou’regoodtogo.Nope—yousimplywon’tgetittoworkuntilaserviceprofileiscreatedandassignedtoit.AssigningaserviceprofiletoaUCSserverisknownasassociation,ortheprocessthatcollectsallofthesettingsdefinedintheserviceprofileandappliesthemtothephysicalbladeitself.
Asyoucanimagine,serviceprofilesgiveyousomeamazingbenefits.Yougettopreconfigureserviceprofilesbeforethebladesevenarriveorbuildserviceprofilestoallowforfutureexpansion.Ifabladefails,simplydisassociatetheserviceprofilefromthefailedblade,associateitwithafunctioningblade,andpresto!Thenewbladebecomesanexactreplacementfortheoldone.Ifyouwanttoupgradeaserver,yousimplyinstallthenewbladeintothechassis,disassociatetheserviceprofilefromtheoldblade,andassociateitwithyournew,morepowerfulserver—prettyslick!
Evenso,therearestillacoupleofimportantthingsthatyouneedknowaboutthisprocess.First,whileyou’redisassociatingandassociatingtheserver,itwillpredictablybedown.Second,therelationshipbetweenbladesandserviceprofilesisonetoone.Serviceprofilesactuallyturnserversintoeasilyreplaceablecommodities!
AssigningAddressesSoasyoucansee,serviceprofilesareagreatinnovationthatmakesmanaginginfrastructureabundantlyeasier!Butbeforeweshowyouhowtocreatethem,youneedtounderstandhowserviceprofilesacquireaddresseslikeWWPN,WWNN,UUID,vHBA,vNICs,andMAC.Thisprocesshappensviaoneofthreebasicways:derived,manual,andpools,withderivedbeingthedefault.
Understandthattheunderlyinghardware’sMACaddresswillbesourcediftheserviceprofileisconfiguredtouseaderivedaddress.Thisisbadbecausevirtualinterfacecardsdon’thaveaburned-inMAC,WWPN,orWWPN,meaningaserviceprofileconfiguredwithaderivedaddresswon’tbeabletoassociatetoabladewithavirtualinterfacecardatall.Plus,ifyoumoveserviceprofilesfromonebladetoanother,theaddresseswillchangebecausetheunderlyinghardwareaddresseshavechanged,totallyblowingupthewholeideaofstatelessprofilesbeingindependentofunderlyinghardware!Nowyou’vebeenwarned—justdon’tgowiththedefaultderivedaddresssettingwhenyoucreateaservice
don’tgowiththedefaultderivedaddresssettingwhenyoucreateaserviceprofile—ever.
Predictably,manualaddressesareenteredintoaserviceprofilebyadministrators,andit’scommonpracticetousetheminasmallenvironment,especiallyforSANaddresses.Justbecausemostofusdon’tcarewhichMACaddressorUUIDaddressagivenserverhas,astorageadministratordefinitelydoescareabouttheWWPNandWWNNbeingused!
Evenso,CiscoreallydesignedtheUCSsystemtoscaleuptohugedeployments,andmanuallyassigningaddressesinbigplacesisunmitigatedtorture.ThisiswhereCiscoUCSidentitypoolscomeintoplay.
CreatingIdentityPoolsIdentitypoolsallowyoutocreatearangeofaddressesandprovidethemtoserviceprofilesasneeded.Thiscapabilitystreamlinesaddressdeployment,whilepermittingserviceprofilestomaintaintheiridentitywhenbeingmovedfromonephysicalbladetoanother.ThefourtypesofidentitypoolsusedmostoftenareMAC,UUID,WWPN,andWWNN.AserviceprofilecantellanetworkinterfacecardtopointtoaMACpoolandacquireanavailableaddressfromit,whichprettymuchensuresthateachaddress’sgivenidentityisunique.
UUIDsare128-bitnumbers,whichuniquelyidentifyaserverandareusuallystoredintheBIOS.They’reoftenusedbydigitalrightsmanagementsoftwaretopreventpiracyandtoensureproperlicensing.TheUCSsystemallowsforeithermanualconfigurationorusingpoolsthatallowdynamicassignmentofUUIDs.Toenablethemovementbetweenservers,theprofilesdecoupletheUUIDfromthehardwareandmoveitfromthefailedservertothereplacementserver.CheckoutthepoolofUUIDaddressesthatwe’vecreatedinFigure8.8,beingsuretonotethatweallowedforatleastoneaddressperserver.
FIGURE8.8CreatingaUUIDpool
MACaddresspoolscansupplyaddressestotheservers’networkinterfacecard.Whenformingthesepools,makesurethatyoucreateenoughtosupplyeveryoneofyourNICs.InthepoolshowninFigure8.9,youcanseethattheOUIpartoftheMACaddressis00:25:B5,whichidentifiestheadapterasbeingpartofCiscoUCS.
FIGURE8.9CreatingaMACaddresspool
YoucreateWWPNandWWNNpoolsinexactlythesameway,evendowntousingthesamedialogboxes,asshowninFigure8.10.ThesepoolsareusedtosupplyappropriateSANaddressingtotheserverHBAandHBAports.InnewerversionsofUCS,youcanactuallycreateaconsolidatedpoolcalledaWWxNpool,whichcansupplyeithertypeofaddress—nice!
FIGURE8.10CreatingaWWNNpool
Nowthatwehavethesefourpoolssetup,we’realmostreadytostartcreatingserviceprofiles.Rememberthatserviceprofilesarelogicaldefinitionsofservercharacteristicsandthattheymustbeappliedtoanactualbladetofunction.Therearefourwaystoassociateaserviceprofilewithaphysicalcomputernode,asshowninFigure8.11.
FIGURE8.11Serviceprofileassociationmethods
ThedefaultwayofassigningaserverisAssignLater,whichisself-explanatory.Thesecondwayistopre-provisionaslottouseinthefuturesothatwhenyouwanttoputaserverbladeintoservice,theslotandwillautomaticallybeassociatedwithyourready-madeserviceprofile.Thethirdoptionistoselectanexistingservertobringupacompletelistofalloftheavailableserverspopulatingthesystemandtopickoneofthem.Butthelast,andCiscopreferred,wayofdoingthisistouseserverpools.
Aserverpoolisacollectionofserversthatyoucaneitherplacemanuallyintothepool,asshowninFigure8.12,orhaveassignedautomaticallybasedonpolicies.It’simportanttorememberthatasinglebladeservercanbeamemberofmultiplepoolsatthesametime.Whenaserviceprofileisassociatedwithaserverpool,anavailablebladeisselectedfromthepool,thereuponbecomingunavailabletootherserviceprofiles.
FIGURE8.12Manuallyassigningserverstoaserverpool
Afterallofthetimethatwe’vespentontalkingaboutpoolsandwhatserviceprofilescando,we’refinallygettingtothefunpart,thatis,creatingserviceprofiles!
CreatingServiceProfilesAtfirstglance,itlookslikeyoucanjustright-clickServiceProfilestocreateoneinUCSManager.However,whenyoudothat,yougetpromptedwiththefouroptionsshowninFigure8.13.Theseoptionsgiveyoutheopportunitytocreateaserviceprofilemanuallyinexpertorsimplemode,aswellasofferyoutheoptiontocreateasingleprofileorawholebunchofthembasedonatemplate.
FIGURE8.13Serviceprofilecreationoptions
Ifyouchoosetogowithcreatingaserviceprofileviasimplemode,asinglewindowwillappearforyoutofillintheinformation,asshowninFigure8.14.Whilesimplemodeiscertainlyjustthat,itdoesn’tletyouplaywithalloftheavailableoptions.ThisisOK,becauseyoucanalwaysgobackintotheprofilelaterandtightenthingsupnicely.
FIGURE8.14Simpleprofilecreation
Ifyouwanttodiverightintoexpertmode,however,you’llgetatotalofninedifferentscreens,whichthewizardwillwalkyouthrough.AsshowninFigure8.15,thesescreenspavethewayforadetailed,preciseconfigurationofLAN,SAN,policies,boot,andeverythingelsethatyoucandreamof.Expertmodeisthemostcommonwaypeoplecreateserviceprofiles.Onceyou’veconfiguredandoptimizedtheprofile,you’rereadyforthenextsection.
FIGURE8.15Expertprofilecreation
CreatingServiceProfileTemplatesWithalloftheglow,polish,andshinethatexpertmodeprovides,managingyourprofileswouldbecomequiteachoreifyouhad,say,64serverblades,right?Thisisexactlywhyyouwillloveserviceprofiletemplates!Thesebeautiesletyoueasilycreateanentireswarmofserviceprofiles,andyoucanbringthemintobeingtwodifferentways:fromscratch,whichessentiallymirrorstheprocessofcreatingaserviceprofile,orbytakinganexistingserviceprofileandcreatingatemplatefromit,asshowninFigure8.16.Makeamentalnotethatagoodserviceprofiletemplateshouldalwaysbeconfiguredtouseidentitypools,sothattheserviceprofilecreatedfromitcanhaveuniqueaddresses!
FIGURE8.16Creatingaserviceprofiletemplate
Byfarthebiggestdecisionyou’llmakewhenyoucreateatemplateiswhethertomakeitanupdatingtemplateoraninitialtemplate.GoingwiththeUpdatingTemplateoptionmeansthatitwillmaintainarelationshipwiththeserviceprofilescreatedfromit,sothatifitischangedlateron,anyprofilescreatedfromitwillalsobechanged.Anongoingrelationshiplikethiswillnotbemaintainedfromaninitialtemplatetotheserviceprofilescreatedfromit.
Oncethetemplateiscreated,justright-clickittocreatemultipleserviceprofiles.Youmustprovidethebasenamefortheserviceprofileandthenumberthatyouwantcreated,asdemonstratedinFigure8.17.
FIGURE8.17Creatingserviceprofilesfromatemplate
UCSwillcreatealloftheserviceprofilesbasedonthistemplate.Presumingthatwe’redealingwithpools,thisiswherethemagicreallykicksin.Viapools,eachnewserviceprofilegrabsavailableMAC,UUID,WWPN,andWWNNaddressesfromthepools.Theserviceprofilethenfindsanavailablebladeintheserverpoolwithwhichitisassociatedandpoof—you’reupandrunning!Figure8.18listssomeserviceprofilescreatedfromaserviceprofiletemplate.
FIGURE8.18Serviceprofilescreatedfromatemplate
StudyWhyBotherwithTemplates?
Notallthatlongago,Iwasworkingwithacompanythatmanufactureslunchmeat.ThesefolkshaddecidedtogowithCiscoUCSbecausetheyhadasmallITdepartmentandwantedasystemtheycould“setandforget.”TheinitialdeploymentwasaNexus5108chassiswithfourB200blades.TheoperatingsystemwasESX.
Afterthesystemwasdeliveredandrackmounted,Ivisitedthecompanytodotheconfiguration.ThestaffknewVMwareaswellasVMwaredoes,buttheywerenewbiestoUCS,sowebuiltaserviceprofileforthefirstbladetogetherandspentlotsoftimemakingsurethatitwasconfiguredcorrectly.Webootedthefirstserver,installedESXontheNetAppstoragearray,andpresto—wehadonebladeupandrunning.
ThestoragearrayadministratorduplicatedtheLUNwithESXinstalledonitsevenmoretimes.Wethencreatedatemplatebasedonthatserviceprofileandmadesevenserviceprofiles.Weassociatedthreeoftheserviceprofileswiththeexistingblades.ThebladesbootedESX,andweconnectedwithKVMandsetthecorrectIPaddressforeach.TheneachserverwasaddedtothevCenterserver.
Eventhougheverythingcameupandallfourbladeswererunning,weweren’tfinishedyetbecausetheITstaffplannedonaddingfourmoreB200bladesthenextyear.Sowetooktheremainingserviceprofilesandassociatedthemwithemptyslots,readytoreceiveabladewheneverthetimecame.Thiswasagoodthing,becausebarelysixmonthslatertheyhadtwomoreB200bladesdeliveredandwantedtoinstallthem.Theyreallydidn’treallyneedanyfurtherhelpbecausetheycouldsimplyslidethebladesintothechassis.ThebladesbooteduptoESX,andtheychangedtheIPaddressesandaddedthemintovCenterwithoutevenloggingintoUCSManager!
So,asyoucansee,youcansaveaboatloadoftimeandtroubleviaserviceprofiletemplatesandpredeployment,somakesureyoubillbytheproject,notbythehour!
Well,finally,hereweare,theproudcreatorsofahealthyUCScluster,configuredandreadyforoperation.KeepinmindthatthiswasmoreofanoverviewofUCS,sincethesystemcandosomuchmore.We’vecoveredenoughforyoutogetasystemupandrunning,andwe’vegivenyoutheinformationthatyouneedtomeettheCiscoobjectives.Nevertheless,we’rereallyjustgettingstarted!
SummaryYoulearnedthenutsandboltsofdeployingaUCSsysteminthischapter.Wediscussedcablingthesystemandtheinitialconfigurationdialog.YounowknowthatUCSCLIisverydifferentfromtheIOSworld,andyoulearnedhowtoverifythattheclusterisoperationalandhowtoperformsomebasicconfigurationinthisnewrealm.
TheUCSManagermadeeverythingseemsoeasy!Thefinitestatemachinemonitoredtheprocessesastheyoccurred.YoudiscoveredhowtocreateUUID,MAC,WWPN,WWNN,andthevitalserverpools.Youobservedhowserviceprofilesabstractedthehardware-basedidentificationintoalogicalsoftware-basedidentification,andyoufoundouthowserviceprofiletemplatessupportanefficientwaytodeployalargenumberofserviceprofiles.
ExamEssentialsDescribetheCiscoUCSproductfamily.
FabricinterconnectsarethekeytotheUCScluster.ThesedevicesmaintainthedatabasefortheclusterandhandleEthernetandFibreChanneltraffic.TheUCSManagerishostedonthefabricinterconnects.
DescribetheCiscoUCSManager.
UCSManagerisanXMLinterfacethatcanbeaccessedviatheCLIorGUI.TheentiresystemandallconnectedUCSdevicescanbecontrolledfromthissingleinterface.
Describe,configure,andverifyclusterconfiguration.
Theinitialsetupscriptconfigurestheadministratorpasswordandenoughbasicoptionstoputthefabricinterconnectonthenetwork.FromtheCLI,youcanverifyclusteroperation.
Describeandverifydiscoveryoperation.
UCSautomaticallydetectswhennewhardwarehasbeenaddedtothesystem.Thediscoveryprocessismanagedbythefinitestatemachine,interrogatesthenewhardware,andplacestheresultsintotheUCSManagerdatabase.
Performinitialsetup.
Theinitialsetupisstartedfromtheconsoleportofoneofthefabricinterconnects.Passwords,IPaddresses,andotherbasicsettingsareconfigured.
interconnects.Passwords,IPaddresses,andotherbasicsettingsareconfigured.Aftersetup,theconfigurationissavedandthefabricinterconnectisoperational.
DescribethekeyfeaturesoftheCiscoUCSManager.
UCSManagerisaJavaapplicationthatprovideseasyconfigurationandmanagementofequipment,serviceprofiles,LAN,SAN,andadministrativesettings.
WrittenLab81. YoucanfindtheanswersinAppendixA.1.Writeoutthecommandor
commandsforthefollowingquestions:
A. IntheUCSCLI,whatcommandmovesyoutotherootofthehierarchy?
B. IntheUCSCLI,whatcommandverifiestheclusterstate?
C. IntheUCSCLI,whatcommandsaveschangesmadewiththesetcommand?
D. IntheUCSCLI,whatcommandsetsthefabricinterconnect’sphysicalIPaddress?
E. IntheUCSCLI,whatcommandallowsyoutoviewthecurrentconfiguration?
Chapter8:Hands-OnLabsInthefollowingHands-OnLabs,youwillusetheCiscoUCSemulatortocompletevariousexercises.
Hands-OnLab8.1:InstallingtheUCSEmulatorInthislab,youwillinstalltheUCSemulatoronyourlaptop/desktop:
1. TheCiscoUCSemulatorislocatedathttp://developer.cisco.com.Youmayneedtocreateanaccounttodownloadtheemulator.Ifyousearchfor“CiscoUCSemulator,”yoursearchenginewilltakeyoutotherightplace.Atthetimeofthiswriting,thedirectlinkishttp://developer.cisco.com/web/unifiedcomputing/ucsemulatordownload.
2. Locatethedocumentationonthissite,andopenthePDF.Theemulatorrunsasavirtualmachine,anditrequiresvirtualizationsoftware.Ifyoudonothaveany,locateanddownloadtheVMwareWorkstationPlayer,whichisfree.
3. InstallandlaunchtheemulatorasinstructedinthePDF.Thissoftwareisupdatedfrequently,soitisbesttofollowtheonlineinstructions.Beaware,however,thatitdoestakequiteawhiletobootthefirsttime.
4. OpenyourwebbrowsertotheIPaddressshowninthevirtualmachine.
5. LaunchtheUCSGUIandloginwithusernameAdminandpasswordAdmin.
Hands-OnLab8.2:CreatingaUUIDAddressPoolInthislab,youwillcreateaUUIDaddresspoolthatwilllaterbeassignedtoaserviceprofile:
1. IntheleftpaneoftheUCSManager,clicktheServerstab.
2. ChangetheFilterdrop-downmenutoPools,sothatonlyPoolsareshown.
3. Right-clickUUIDSuffixPools,andselectCreateUUIDSuffixPools.
4. NamethepoolMy_UUID_Pool,andclickNext.
5. ClicktheAddbuttontocreateablockofUUIDsuffixes.
6. Changethesizeto20toallowplentyofaddresses.ClickOKandthenFinish.Adialogboxwillappearindicatingthatyouhavecreatedapool.
ClickOK.
7. YoushouldnowseeyourUUIDaddresspool.
Hands-OnLab8.3:CreatingaMACAddressPoolInthislab,youwillcreateaMACaddresspoolthatwilllaterbeassignedtoaserviceprofile:
1. IntheleftpaneoftheUCSManager,clicktheLANtab.
2. ChangetheFilterdrop-downmenutoPools,sothatonlyPoolsareshown.
3. Right-clickMACPools,andselectCreateMACPools.
4. NamethepoolMy_MAC_Pool,andclickNext.
5. ClicktheAddbuttontocreateablockofMACaddresses.
6. Changethesizeto20toallowplentyofaddresses.ClickOKandthenFinish.Adialogboxwillappearindicatingthatyouhavecreatedapool.ClickOK.
7. YoushouldnowseeyourMACaddresspool.
Hands-OnLab8.4:CreatingaSimpleServiceProfileInthislab,youwillcreateasimpleprofile.
1. IntheleftpaneoftheUCSManager,clicktheServerstab.ChangetheFilterdrop-downmenutoServiceProfiles,sothatonlyserviceprofilesareshown.
2. Right-clickCreateServiceProfile,andselectCreateServiceProfile(theonewithouttheexpertafterit).
3. NametheserviceprofileMy_Service_Profile.
4. UndervHBAs,uncheckPrimaryvHBAandSecondaryvHBA.
5. InthePrimaryBootDevicearea,selectCD-ROM.FortheSecondaryBootDeviceselectlocal-disk.
6. ClickOK,andyouwillreceiveamessagethataserviceprofilehasbeencreated.ClickOKagain.
7. Right-clickyourserviceprofile,andselectChangeUUID.FromtheUUIDAssignmentoptionsdrop-down,selecttheUUIDpoolthatyoucreated.ClickOK.
8. Clickyourserviceprofile,andthenselecttheNetworktabintherightwindow.
9. SelectvNICeth0,andclickModify.IntheMACaddressAssignmentdrop-down,selectthepoolthatyoucreated.ClickOK,andrepeattheprocessforvNICeth1.ClicktheSaveChangesbutton.YoushouldseetheMACaddresseschange.
10. Right-clickyourserviceprofile,andselectSetDesiredPowerState.SelectDown,andclickOK.
Hands-OnLab8.5:CreatinganAssociateServiceProfileInthislab,youwillassociateyourserviceprofilewithablade.Afterassociation,inarealenvironment,youwouldhaveafullyfunctioningserver.
1. IntheleftpaneoftheUCSManager,clicktheServerstab.ChangetheFilterdrop-downmenutoServiceProfiles,sothatonlyserviceprofilesareshown.
2. Right-clickServiceProfile,andselectChangeServiceProfileAssociation.
3. FromtheServerAssignmentdrop-down,selectExistingServer.
4. UnderAvailableServers,selectChassis1Slot1,andclickOK.ThenclickOKagain.
5. IntheleftpaneoftheUCSManager,clicktheEquipmenttab.
6. NavigatetoandselectServer1.
7. Intherightpane,selecttheFSMtableandnotethestepsthatoccurduringassociationuntilitis100percentcomplete.
ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter’smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook’sIntroduction.YoucanfindtheanswersinAppendixB.
1. WhichofthefollowingarebasicstatesofanEthernetinterfaceonaUCSfabricinterconnect?(Choosethree.)
A. Enabled
B. Disabled
C. Uplink
D. Server
E. Unconfigured
2. WhatcanyouuseonaUCSsystemtomonitorthestatetransitionsofcomponentsandprocesses?
A. Servicesmonitor
B. Processmonitor
C. Finitestatemachine
D. Servicemanager
3. Comparedtoserviceprofiles,whatisuniquetoserviceprofiletemplatesforthemtofunctioncorrectly?
A. Identitypools
B. vNIC
C. VSAN
D. Dynamicallocation
4. HowmanypeersdoesaUCSfabricinterconnectclustersupport?
A. Upto2
B. Upto4
C. Upto8
D. Upto32
5. WhatarethreeoftheconfigurationtabsinthenavigationpaneintheUCSManagerGUI?
A. VLAN
B. LAN
C. VSAN
D. Equipment
E. Admin
6. WhichmethodcannotbeusedtoconfigureaUCSsystem?
A. XMLAPI
B. CIM-XML
C. UCSManagerGUI
D. UCSManagerCLI
7. WhatisthecorrectmethodforcablingtheL1andL2portsonthefabricinterconnectsonaUCSclusters?
A. Category5crossovercables
B. L1toL1andL2toL2
C. L1toL2andL1toL2
D. L1stooneswitch,L2stoanotherswitch
8. Duringtheinitialsetupscript,whatarethetwoinstallationmethodsavailable?
A. CLI
B. Console
C. SNMP
D. SMTP
E. GUI
9. WhichofthefollowingdoestheFSMmonitor?(Choosethree.)
A. Logins
B. Serverdiscovery
C. Backupjobs
D. Firmwaredownloads
E. Heartbeats
10. WhensettingupaUCSfabricinterconnect,whattwomodesareoffered?
A. FileorCLI
B. Restoreorsetup
C. Recoveryorboot
D. Automaticormanual
11. WhatcommandwouldtellyouiftheUCSclusterisfunctioning?
A. showhastate
B. showclusterextended-state
C. showfistate
D. showstatecluster
12. WhatcommanddoyouusebeforesettingthevirtualIPaddressonthefabricinterconnect?
A. scopesystem
B. cdsystem
C. cd.\system
D. commitsystem
13. WhatcommandsaveschangesmadewithinthefabricinterconnectUCSManagerCLI?
A. save
B. write
C. copyrunstart
D. commit
14. WhatuniquelyidentifiestheserverinUCS?
A. BIOSID
B. UUID
C. SID
D. MAC
15. Whattypeoftemplatemaintainsarelationshiptoallserviceprofilescreatedfromit?
A. Permanent
B. Initial
C. Updating
D. Parent
16. Allbladeserverconfigurationsaredonewhere?
A. OntheBseriesservers
B. BIOS
C. Serviceprofiles
D. Policies
17. Whichofthefollowingallowsforremotecontrolofaserver?
A. XML
B. KVM
C. SMASHCLP
D. UCS
18. Identitypoolscontainwhichofthefollowing?
A. Rangesofaddresses
B. Servergroupings
C. UUIDandMAC
D. Finitestatemachinestatus
19. Instatelesscomputing,hardwareidentifiersareappliedwhere?
A. Serverpools
B. XMP
C. WWPN
D. Serviceprofiles
20. Storagepoolscontainwhichofthefollowing?(Choosetwo.)
A. WWPN
B. UUID
C. LUN
D. WWNN
AppendixAAnswerstoWrittenLabs
Chapter1:DataCenterNetworkingPrinciples1.
A. vPCpeerkeepalive
B. vPCpeerlink
C. vPCportchannel
Chapter2:NetworkingProducts1. A,C
2. D,F
3. A,F
4. B,E
Chapter3:StorageNetworkingPrinciples1.
A. N_Port
B. F_Port
C. E_Port
D. N_Port
2.
A. Initiator
B. Target
3.
A. FCoE
B. FibreChannel
C. Ethernet
Chapter4:DataCenterNetworkServices1. AloadbalancerallowsasingleIPaddresstobeadvertisedbyDNSservers
totheInternetandmultipleserverssittingbehindit.Forexample,asinglewebsitecanbeservicedbymanyrealserversconnectedtoaloadbalancerforscalabilityandfaulttolerance.
2. Round-robin,leaseloaded,andhashing.Round-robinassignsincomingconnectionstorealserversinasequentialmanner;leastloadedchecksthenumberofconnectionseachrealserverisservicingandassignsincomingconnectionrequeststotheserverwiththeleastnumberofconnections.Hashingallowsanincomingusertoalwaysconnecttothesameserverbyapplyingahashingalgorithmtoensurethattheclientrequestsareconnectedtothesamerealserver.Responsetimeteststherealserverstoseewhichhasthefastestresponsetime,anditassignsincomingconnectionstothatserver.
3. SincealoadbalancerisplacedbetweenincomingInternettraffic,ACEloadbalancerscanbedeployedinpairsforredundancyandloadsharingusingaprocesscalledhighavailability.
4. CiscoDeviceManagerisagraphicaluserinterfacethatallowsconfigurationandmonitoringoftheACEloadbalancerwithoutusingthecommand-lineinterface.
5. GSLBallowsdatacenterfaulttolerance,anditcanredirectInternettraffictoasecondarydatacentershouldtheprimaryonebecomeunavailable.Italsomaintainsgeographicalproximitybydirectingincomingconnectionrequeststothenearestdatacenter,whichsavesWANbandwidthandimprovesresponsetimes.
6. WAASmaximizesWANbandwidthtoremotebranchofficesbyoptimizingtrafficoverthenetworkusingcaching,compression,andTCPheadermanipulation.
Chapter5:Nexus1000V1. Standard
2. showsvsconnections
3. showmodules
4. VSM
5. stateenabled
6. Control
7. True
8. VEM
9. vMotionfails
10. VirtualNIC
Chapter6:UnifiedFabric1. N5K-1(config)#featurefex
2. N5K-1#showfeature|includefexN5K-1#fex1enabled
3. N5k-1(config)#fex100
4. N5K-1(config)#intethernet1/1,ethernet1/21
N5k-1(config-if)#switchportN5k-1(config-if)#switchportmodefex-fabricN5k-1(config-if)#channel-group100
5. N5k-1(config)#interfaceport-channel100
N5k-1(config-if)#fexassociate100
N5k-1#showruninterfaceport-channel100
interfaceport-channel100
switchportmodefex-fabricfexassociate100
6. N5k-1#showruninterfaceeth1/1
interfaceEthernet1/1
switchportmodefex-fabricfexassociate100
channel-group100
Verifytheconfiguration:N5k-1#showruninterfaceeth1/21
interfaceEthernet1/21
switchportmodefex-fabricfexassociate100
channel-group100
Chapter7:CiscoUCSPrinciples1.
A. Theconsoleportisaserialportusedforout-of-bandconfiguration.
B. ThemanagementportisadedicatedEthernetportthatallowsforremoteout-of-bandconfiguration.
C. TheL1/L2portsareusedformanagementtrafficandheartbeats.
2.
A. Non-virtualized
B. Virtualized
C. Non-virtualized
D. Virtualized
3.
TheB420M3ortheB440M2wouldmeettherequirements.Thetwoadditionalpointsthatwouldhelpdeterminewhichisbettersuitedtotheproblemarebandwidthneedsandfuturememoryexpansion.
4.
Apairoffabricinterconnectscanmanageupto40chassis,sotwofabricinterconnectswouldbeneededinthisscenario.Sinceachassishaseighthalf-widthslots,aminimumoffour8-slotchassiswouldberequiredfor32servers.Anyavailablehalf-widthservercanbeused,includingtheB22,B200,andB230.
5.
TheCMCaidsinthediscoveryofchassisandcomponentsandalsomonitorschassissensors.TheCiscoIntegratedManagementController(CIMC)providesKVM,IPMI,andSOL.
Chapter8:CiscoUCSConfiguration1. top
2. showclusterextended-state
3. commit
4. setout-of-bandip
5. showconfiguration
AppendixBAnswerstoReviewQuestions
Chapter1:DataCenterNetworkingPrinciples
1. B.TheAggregationlayerhostsmanynetworkservicessuchasaccesscontrollists,monitoringandsecuritydevices,aswellastroubleshootingtools,networkacceleration,andload-balancingservicemodules.TheAggregationlayerissometimesreferredtoastheServiceslayer.
2. C,D.VirtualPortChannelsallowportchannelstospanmultipleswitchesforadditionalredundancyandareanNX-OSfeatureoftheNexus5000and7000seriesswitches.
3. B.ThevPCpeerlinkinterconnectstwoNexusswitchesconfiguredwithvirtualPortChannelsinasingledomain.DataplanetrafficthattraversesthesetwoswitchesusesthevPCpeerlink.
4. A.FabricmodulesinsertedintotheNexus7000chassistoallowincrementalbandwidthperslotforeachlivecardareneededtoscalethedataplanebandwidthonaNexus7000.
5. E.TheDistributionlayersitsbetweentheAccessLayer,wheretheserverfarmsconnect,andthehigh-speedCore.Servicessuchasmonitoring,routing,andsecurityandloadbalancingareconnectedattheAggregationlayer.
6. C.TheAccesslayeriswheretheendpointisderived,suchasserversconnectedtothenetwork,anditiswherethequalityofservicemarkingsareappliedtotheincomingdataframes.
7. D.WhenconfiguringtheinitialsetupdialogontheNexus7000thedefaultinterfacestateoflayer2switchingorlayer3routingmustbespecified.
8. D.Virtualdevicecontextsareusedtocreateoneormorelogicalswitchesfromasinglephysicalswitch.
9. C,D.TheAggregationlayerprovidesservicessuchasfirewalls,intrusiondetection,andloadbalancing,aswellasaccesscontrol.QoSmarkingisfoundontheAccesslayerofthenetworkandhigh-speedswitchingisatthe
Core.
10. A,D.Inacollapsedbackbonetopology,theAggregationlayeriscollapsedintotheCorelayer.
11. A.TheCorelayerinterconnectstheDistributionlayerswitches,anditisdesignedforhigh-speedpacketswitching.
12. B,C,D.DynamicportchannelnegotiationisperformedbytheLinkAggregationControlProtocol(LACP)andcanalsobestaticallyconfigured.PaGPisaCiscoproprietarylinkaggregationprotocol,anditisnotsupported.VirtualPortChannelsareatypeofcross-chassisportchannel.
13. A,B.ANexus7000seriesswitchcanbevirtualizedintoseveraldistinctvirtualswitchesbyimplementingvirtualdevicecontexts.WhenaNexus7000switchisrunningmultipleVDCs,itcanbeconfiguredtothecollapsedcoremodel.
14. B,D.OTVisusedtooverlayanetworkbyextendingVLANsacrossaroutednetworkandtointerconnectdatacenters.
15. C.ControlPlanePolicing,orCoPP,isabuilt-inprotectionmechanisminNX-OSusedtoprotectthecontrolplanefromdenial-of-serviceattacks.CoPPprovidessecuritybyrate-limitingtrafficfromtheoutsideasitentersthecontrolplane.
16. B,D.FabricPathisaSpanningTreereplacementprotocolthatallowsmultilinkshortest-pathswitchingbetweenNexusswitches.
17. A,C,D.ThestoragestandardforinterconnectingharddrivesandstorageadaptersisSCSI,anditisencapsulatedinFibreChannel,FibreChanneloverEthernet,andiSCSIfortransportacrosstheNexusswitchingfabric.
18. D.AvirtualPortChannelcreatesasingleportchannelbetweentwoNexusswitchesthatappearstotheconnectedswitchorserverasasingledeviceforfastfailoverandredundancy.
19. B,C.Themodularapproachtonetworkingcreatesastructuredenvironmentthateasestroubleshooting,fosterspredictability,andincreasesperformance.Thecommonarchitectureallowsastandarddesignapproachthatcanbereplicatedasthedatacenternetworkexpands.
20. C.ByconvergingtheLANandSANintoasingleswitchingfabric,lessequipmentisneeded,whichsavesoncabling,power,andcoolinginthedatacenter.
Chapter2:NetworkingProducts1. B,C.The2232PPandthe2248TPcanuseaNexus5000oraNexus7000as
aparentswitch.
2. B.FCoEissupportedontheNexus2232TPfabricextender.
3. B,D.TheNexus7000seriesandtheNexus5500seriessupportLayer3switching.
4. D.Theunifiedcrossbarfabricprovidesaredundantscalabledataplane.
5. A.The2148Tdoesnotsupport100Mbaccessspeed.
6. B.The2248Tisasecond-generationcard,anditsupportsboth100Mband1Gbaccessspeeds.
7. B,C,E,F.The2184Tdoesnotsupporthostchannels,andthe2248Edoesnotexist.
8. A,B,F.Typically,the48-portfabricextendershavefour10GEfabricconnections.
9. A,F.Duringsetup,youspecifywhetherinterfacesdefaulttoLayer2orLayer3andwhethertheydefaulttoshutdownorenabledstate.
10. D.Ifyouenableanunlicensedfeature,youcanuseitfor120days.
11. C.ThemanagementinterfaceisinthemanagementVRF.
12. B.Eightappliancescanbepartofahigh-availabilitymesh.
13. A.Asimpleround-robinalgorithmisusedontheACE4710bydefault.
14. D.The5010isstrictlyaLayer2switch.
15. C.Theshowlicensehost-idcommandwillgiveyoutheserialnumber.
16. B,D.UniversalportssupportbothFibreChannelandEthernetSFPs.
17. B,C.End-of-rowarchitectureshaveahigh-densityinterfaceforserverconnectionsintherowandasinglemanagementinterface.
18. D.The9222iisamemberoftheMDSfamilythatisafixedconfigurationSANswitch.
19. C.TheNexus1000Visasoftware-onlyvirtualswitchthatcanbeoperatedwithVMwaretosupportconnectionstovirtualservers.
20. D.TheNexus9000isdesignedtosupportSDN.
Chapter3:StorageNetworkingPrinciples1. C.Thehostbusadapterisinstalledintheserver,anditencapsulatesthe
server’sSCSIrequestinsidetheFibreChannelprotocolandconnectstoaSAN.
2. B,C.TheconvergedfabricinamoderndatacentercombinesboththeEthernetLANtrafficandFibreChannelSANtrafficontoacommonswitchingfabric.
3. D.EachMDSswitchmusthaveitsownuniquedomainIDthatisusuallyanumberbetween1and255.ThedomainIDmustnotbeduplicatedintheSANfabric,anditisusedtoidentifythatparticularMDSswitchinthenetwork.
4. C.iSCSIencapsulatestheSCSIcommandsintoaTCP/IPpacketthatcanberoutedacrossanEthernetnetwork.
5. A,D.WhenyouperformtheinitialsetupoftheMDS9000switches,aseriesofquestionsisaskedandyouareallowedtomakechangestothedefaults.Thedefaultswitchportmodeisrequired,anditisusuallysetupasanNornodeportandthezonesetisapplied.
6. A,B.CIFSandNFSarepopularfile-basedstorageprotocols.
7. C.AnodeloopportconnectstoaFibreChannelhub.
8. A.Theconnectionisfromanodeporttoafabricport.
9. B.TheFLOGIprocessauthenticatestheattachedserverorstoragedevicetotheSANfabricandregisterstheFibreChannelIDandWorldWideNodeNametotheSANport.
10. C.Zoningisafabric-wideservicethatallowsdefinedhoststoseeandconnectonlytotheLUNstowhichtheyareintendedtoconnect.ZoningsecuritymapshoststoLUNs.Membersthatbelongtoazonecanaccesseachotherbutnottheportsonanotherzone.
11. C.Multiplezonescanbegroupedtogetherintoazoneset.Thiszonesetisthenmadeactiveonthefabric.
12. B.AVSANisavirtualstorageareanetwork,anditoperatesinthesamemannerasaVLANintheEthernetworld.VSANisalogicalSANcreatedonaphysicalSANnetwork.
13. A,C.AJBOD,or“justabunchofdrives,”enclosurewillconnecttoaSANswitchonthestorageend.Ontheserver,ahostbusadapter(HBA)isused.TheACEandLANarenotstorage-basedtechnologies.
14. C,D,E.FibreChanel,iSCSI,andFCoEarepopularblock-basedstorageprotocols.
15. C.TheCiscoMDSdefaultVSANIDis1.
16. D.AVSANcreatesalogicalSANonaphysicalFibreChannelfabricforseparationofSANsonthesamenetwork.
17. D.Theshowvsan<VSANid>membershipglobalcommandshowstheinterfacesassignedtothespecifiedVSAN.
18. D.EachhostbusadapterNportmustlogintothefabricandisregisteredintheFLOGIdatabase.Todeterminewhichhostsareregistered,issuetheshowflogidatabaseglobalcommandontheMDSSANswitch.
19. A.TheSCSIprotocolinitiatorrequestsdatafromthetarget.
20. C.OnanySANfabric,therecanbeonlyoneactivezonesetthatdefinesthezonesrunningonthefabric.Youcanconfigureandstoremultiplezonesets,butonlyonecanbeactiveatatime.
Chapter4:DataCenterNetworkServices1. B.ThepredictoristhemethodtheACEapplianceusestoconnecttraffic
fromthevirtualIPtotherealservers.Theround-robinpredictoristhedefaultmethod.
2. B.Globalloadbalancing(GLB)modifiesDNSresponsesinordertoredirectallconnectionrequestsinEuropetoAmericaduringafailure.
3. A,B,C.GloballoadbalancingallowsforlocalizationofdatathatreducesWANutilization,offersfasterresponsetimes,andprovidesdatacenterredundancy.
4. C.TheCiscoDeviceManagerprovidesagraphicaluserinterfacetoconfigureaCiscoACEloadbalancer.
5. A,B,C.Intrusiondetectionandpreventionsystemsandfirewallsarenetworksecurityservices.
6. B.Hashingisusedtomakesurethatanotherconnectionrequestfromthesamesourcewillreachthesamedestinationserver.
7. C.ServicesmodulessuchastheACE4710,ASAfirewalls,WAAS,andIDS/IPSdevicesareconnectedattheAggregationlayerofthedatacenternetworkingdesignmodel.
8. A,B,C.Byusingvirtualdevicecontexts,asinglepieceofhardwarecanbevirtualizedintomanysystems,therebysavingonrackrealestate,cooling,andpower.
9. A,B,D.Centralizednetworkservicesprovideeaseofmaintenancebynothavingtoinstallspecializedsoftwareonmultipleserverswithdifferentoperatingsystems;itiscentralizedandhasacentralcontrolpoint.
10. C.TheWideAreaApplicationServices(WAAS)productoffersthefeatureslistedforremoteofficeoptimization.
11. C.TheACEloadbalancersallowapplicationservers,suchasthoserunningDNSorFTP,toscalebyloadbalancingincomingrequestsacrossmultipleservers.
12. C.ThevirtualIP,orVIP,istheIPaddressadvertisedinDNS.WhentrafficarrivesattheVIP,itisdistributedacrossmultiplerealserversconnectedtotheloadbalancer.
13. B.Loadbalancersuseprobes,sometimescalledhealthchecks,toverifythattherealserversareactiveandcanacceptconnections.
14. D.TheseservicedevicesresideattheAggregationlayerofthedatacenternetwork,andtheyareusuallygroupedtogetherinablockwithhighavailabilityandredundancy.
15. A,B.SomeoftheservicesthatWAASconsolidatesarestoragecache,compression,headermanipulation,printservices,andDHCPservices.
16. B.TheGlobalSiteSelectorhasadistributeddenial-of-service(DDoS)preventionfeature.
17. C.Firewallsarenetworkservicedevicesthatfilterconnectionsforsecurityonthenetwork.
18. A,C,D.RealserversaredefinedbytheIPaddressandTCPportnumberandarepooledtogether.
19. A,C,D.WAASconsolidatesmanyWANaccelerationtechnologiesintooneproductincludingcompression,DHCP,filecache,andTCPwindowmanipulation.
20. B,C.Active-activeandactive-standbyarethetwomodesofhighavailabilityfortheCiscoACEloadbalancer.
Chapter5:Nexus1000V1. D.ThestateenabledcommandtellstheVSMtosendtheportprofileto
vCenter.
2. B.Thecontrolinterfaceisusedforkeepalivemessages.
3. C.VirtualEthernetModulescanbedisplayedwiththeshowmodulescommand.
4. B.TheshowsvsconnectionscommandcanbeusedtoverifycorrectconfigurationbetweentheVSMandvCenter.
5. A,B,E.AVirtualSupervisorModule,aVirtualEthernetModule,andalicensekeyareneededtodeployaNexus1000V.
6. D.Heartbeatmessagesaresentviathecontrolinterface.
7. C.TheportprofileswillbesenttothevCenterafterthestateenabledcommandisexecuted.
8. A.TheconnectedVirtualEthernetModulescanbedisplayedwiththeshowmodulescommand.
9. D.TheshowsvsconnectionscommandshowsthestatusoftheconnectionbetweenvCenterandVSM.
10. A,D,E.The1000VexceedstheDVSbyincludingfeatureslikeQoSmarking,portsecurity,accesscontrollists,SPAN,andERSPAN.
11. D.TheNexusproductfamilyconsistsofthesoftware-based1000Vvirtualswitch.
12. C,E.TheVMWaredistributedvirtualswitchandtheCiscoNexus1000Vhaveacentralcontrolplaneanddistributedforwardingmodules.
13. A,B,E.ThebaseLayer2virtualswitchthatisincludedwithVMWarehasabasicfeatureset.
14. B,C,E.VMWare’ssoftwareswitchwithasinglecontrolleranddistributedinterfacessupportsAPIsandacentralmanagementserverforalldistributedESXservers.
15. B,C,E.The1000VisavirtualizedNexusrunningthesameNX-OSoperatingsystemasthehardwareNexusversion.Thefeaturesetfoundinthe
stand-aloneNexusswitchesisincludedinthevirtualswitchaswell.
16. B,C,E.TheVirtualEthernetModuleperformsforwardingplanefunctions.
17. B,C,E.1000Vinstallationcomponentsincludetheindustry-standardOpenVirtualizationFormatvirtualmachineimageforexpeditedinstallation.
18. A,C.AdditionalNexus1000VVirtualEthernetModulescanbemanuallyaddedorautomatedusingtheVMWareupdatemanager.
19. A.DuringtheinstallationprocessoftheNexus1000V,thereisanoptiontomigrateconnectionstotheNexusswitch.
20. A,C.TheNexus1000VVirtualSupervisorModulecanberedundantwiththemasterinactivemodeandthebackupinha-standbymode.
Chapter6:UnifiedFabric1. B.Priority-basedFlowControlallowsdatacenterEthernettobealossless
fabric.
2. A.EnhancedTransmissionSelectionprovidesbandwidthmanagementandpriorityselection.
3. D.InanFCoEswitch,thevirtualexpansionportisusedtoconnecttoanotherFCoEswitch.
4. B,C.FCoEencapsulatesaFibreChannelframe,whichhasSCSIcommands.
5. C.TheNexus5000,Nexus7000,andMDS9500canallparticipateinmultihopFCoE.
6. B.AllthreeCoSbitsareused.
7. A,C.ReducedcablingandhavingLANandSANtrafficonacommontransportaretwoofthebiggestadvantagestoUnifiedFabric.
8. D.Priority-basedFlowControlallowsdatacenterEthernettobealosslessfabric.
9. C.EnhancedTransmissionSelectionprovidesbandwidthmanagementandpriorityselection.
10. A.InanFCoEswitch,thevirtualexpansionportisusedtoconnecttoanotherFCoEswitch.
11. A,D.FCoErequiresFibreChannelframestobeencapsulatedinEthernetata10-Gigabitlinerate.
12. B,D.AunifiedfabricconsolidatesLANandSANontoacommonswitchingfabric.
13. C.VN-TaggingisusedtoidentifyremoteFEXports.
14. A,C.FEXisusedtoextendthedataplanetoremoteNexus2000switchesandNICs.
15. A,C,D.Enablethefeature,configurethefex-fabricportprotocol,andassociateitwitharemoteNexus2000.Theuseofaportchannelisoptional.
16. B,D.DCBXstandardizesthecapabilitiesandconfigurationexchangebetweenswitches.
17. A,C.Twinax,MMF,andCategory6a/7aresupported.
18. B.AllNexus2000switchingisperformedontheupstreamNexus5000orNexus7000.
19. C,D.FCoEmultihopallowsmultipleconvergedfabricswitchesinthenetworkpathtocarryFCoEtrafficfromtheinitiatorandthetarget.
20. A,C,D.AVIFisthevirtualizationofnetworkinterfacephysicalhardware
Chapter7:CiscoUCSPrinciples1. C.TheCiscoUCS2104XPI/OmodulesareoftenreferredtoasFEXs,which
isshortforfabricextenders.
2. A,C,D,E.TheM81-KR,VIC-1280,andVIC-1240areVICcardsforbladeservers,whiletheP81Eisacardforrackmountservers.
3. A.TheUCSfabricinterconnectprovidesnotonlyconnectivitytothechassisbutalsocentralizedmanagement.
4. B.The5108chassiscanhandlefourfull-widthbladesoreighthalf-widthblades.
5. A.EachUCSclusterusestwofabricinterconnectsthatprovideasinglepointofmanagement.
6. D.Aunifiedport(UP)canbeconfiguredtosupporteitherFibreChannelorEthernetmodules.
7. B,D,F.TheBindicatesthatthisisabladeserver,the4showsthatithasfoursockets,andtheM3indicatesthirdgeneration.
8. A,B.TheL1andL2portsarededicatedtocarryingmanagementtrafficandheartbeatinformationbetweenthefabricinterconnects.
9. C.Ethernetinterfacesarealwaysreferencedas“Ethernet”onaNexusdevice,regardlessofthespeedatwhichtheyareoperating.
10. C.TheMgmt0portisanout-of-bandEthernetmanagementport.
11. B.Youcanuseone,two,four,oreightlinksfromtheIOMtoafabricinterconnect.
12. D.TheCiscoIntegratedManagementController(CIMC)providesKVM,IPMI,andSOL.
13. D.UnifiedportscansupporteitherFibreChannelorEthernetbutnotbothatthesametime.
14. D.Thefirsteightportsona6120XPcanoperateatbothspeeds.
15. A,D,E.TheCMC,CMS,andmultiplexerareallcomponentsofthe2104XP.
16. A,C.Non-virtualizedadapterssupporteitherEthernetorFibreChannelbut
notboth.
17. B,D.InitialconfigurationoftheUCSmanagerallowsforeitherarestoreoptionorasetup.
18. C.PinningisthetermusedtoconnecttheIOMdownlinksstaticallytothefabricinterconnectuplinks.
19. B,C.TheUCSdiscoveryprocessscanstheinventoryofthe5108bladechassisandtheservers.Onthe5108,itdiscoverstheIOMs,partandserialnumbers,fans,andpowersupplies.
20. B,C,D.TheUCSmanagerdiscoversandstoresserver-relatedinformationsuchastheBIOSversion,harddrives,andRAM.
Chapter8:CiscoUCSConfiguration1. C,D,E.Althoughthereareotheroptions,thethreebasicstatesareuplink,
server,andunconfigured.
2. C.TheFSMmonitorsthestatetransitions,anditiskeytotroubleshootingUCSproblems.
3. A.Pooledidentitiesensurethattheserviceprofilescreatedfromatemplatehaveuniqueidentities.
4. A.Afabricinterconnectclustercancontainoneortwofabricinterconnects.
5. B,D,E.TheServertabandtheSANtabarealsofrequentlyused.
6. B.TheXMLAPI,UCSManagerGUI,andCLIcanbeusedforconfiguration.TheCIM-XMLisread-only.
7. B.UsetwostandardEthernetcablestoconnectL1ofthefirstswitchtoL1ofthesecondswitchandthenL2ofthefirstswitchtoL2ofthesecondswitch.
8. B,E.ThescriptbeginsbyaskingwhethertoconfigurethedevicefromtheconsoleorGUI.Theconsoleisthecommand-linepromptyoucurrentlysee,andtheGUIisawebinterfacethataskstheexactsamequestions.
9. B,C,D.Thefinitestatemachinevalidatesmanyprocessesincludingserverdiscovery,firmwaredownloads,andbackupjobs.
10. B.Setupisusedforinitialconfiguration,andrestoreistypicallyusedfordisasterrecovery.
11. B.Thecommandshowclusterextended-stateisusedtodisplaythestatusofthecluster.
12. A.ThescopecommandtakesyouintosystemconfigurationmodewherethevirtualIPaddressischanged.
13. D.ThecommitcommandsavesthechangesmadeintheUCSManagerCLI.
14. B.TheUUIDsare128-bitnumbersthatuniquelyidentifytheserversandareusuallystoredintheBIOS.
15. C.Anupdatingtemplatemaintainsarelationshipwiththeserviceprofilescreatedfromit.
16. C.Allserverconfigurationparametersarecreatedintheserviceprofilesand
thenserversareassignedtotheserviceprofiles.
17. B.Keyboardvideomouse(KVM)allowsremotecontrolofaserveroverIPtomanagetheserver,evenifthereisnooperatingsysteminstalledonit.
18. A,C.Identitypoolscreatearangeofaddressestobeassignedtoserviceprofiles.PoolscanbeusedforMAC,UUID,WWPN,andWWNN.
19. A.Instatelesscomputing,theserverhardwarenolongercontainsanyaddressing.TheaddressesareappliedtothehardwarebyserverprofilesontheUCSManager.
20. A,D.StoragepoolsdynamicallyassignWorldWideNodeNamesandWorldWidePortNamestotheserverhardware.
WILEYENDUSERLICENSEAGREEMENTGotowww.wiley.com/go/eulatoaccessWiley’sebookEULA.