I recently had the opportunity to deploy a Cisco Nexus solution 5596UP switches for a healthcare customer. The Nexus switches represent Cisco’s presence in the Converged Fabric segment, which is gaining momentum recently as more IT shops seek to streamline datacenter infrastructure towards a “private cloud” approach. The Nexus 5000 series is primarily aimed at the edge, with Layer 3 capabilities available as an add-on.
The Nexus switches support vPC (Virtual Port Channels), which “allows links that are physically connected to two different Cisco Nexus 5000 Series switches or Cisco Nexus 2000 Series Fabric Extenders to appear as a single port channel by a third device.” (Cisco)
Here is a diagram of the planned configuration of vPC uplinks between the Nexus 5596UP and Catalyst 6509 (core) switches:
To setup vPC on the Nexus switches, first you need to create a vPC peer-link between the pair of Nexus switches. The peer-link must include at least 2 interfaces.
Notice that spanning-tree Loop Guard has been enabled on the uplinks to prevent STP looping issues. Also, the Allowed VLAN’s should match the VLAN ID’s allowed in the peer-link.
Finally, create the port channels on the Catalyst side. Here we will create ONE port channel per Catalyst, consisting of the uplinks from each Nexus switch, so that the Catalyst will see the Nexus pair as a single switch. Until this step is complete, the vPC status will show as down.
interface Port-channel200 description “Connection to Nexus” switchport switchport trunk encapsulation dot1q switchport mode trunk no ip address spanning-tree guard root
interface TenGigabitEthernet7/6 description NEXUS SW2 PORT1 switchport switchport trunk encapsulation dot1q switchport mode trunk no ip address spanning-tree guard root channel-group 200 mode active
interface TenGigabitEthernet7/8 description NEXUS SW1 PORT1 switchport switchport trunk encapsulation dot1q switchport mode trunk no ip address spanning-tree guard root channel-group 200 mode active
Repeat this process for the 2nd Catalyst switch.
Now the vPC status should show as up-
5596-sw1(config-if)# sh vpc Legend: (*) – local vPC is down, forwarding via vPC peer-link
vPC domain id : 1 Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status: success Per-vlan consistency status : success Type-2 consistency status : success vPC role : primary Number of vPCs configured : 2 Peer Gateway : Disabled Dual-active excluded VLANs : – Graceful Consistency Check : Enabled
vPC Peer-link status ——————————————————————— id Port Status Active vlans — —- —— ————————————————– 1 Po20 up 1,100,103-104
vPC status —————————————————————————- id Port Status Consistency Reason Active vlans —— ———– —— ———– ————————– ———– 1 Po1 up success success 1,100,103-104 2 Po2 up success success 1,100,103-104
Here is a useful Cisco reference document on vPC for the Nexus 5000 series.
This configuration only applies if there is NOT VSS established between the Catalyst 6509 core’s.
You can rely on Spanning Tree for establishing redundant links from a Nexus pair to dual Core’s, with only one uplink marked as active by STP. This customer insisted on getting the aggregated bandwidth from both 10Gb uplinks, as they planned to converge additional applications onto the Nexus in the future.
If at all possible, you should test this configuration in a lab before production deployment. At a minimum, deploy these changes during a maintenance window as there is a risk of network outage mainly due to looping behavior – spanning-tree root guard, loop guard are strongly recommended!