728x90
SMALL
안녕하세요. 오송입니다.
오늘은 Cisco Nexus의 vPC 구성을 해보도록 하겠습니다.
테스트는 EVE-NG에서 진행을 하도록 하겠습니다.
천천히 따라오시면서 모르는 부분이 있으시면, 댓글 달아주시면 됩니다.
PC1번은 제외하고 사용
vPC ( Virtual Port Channels)
- vPC는 서로 다른 장비에 연결된 Port를 묶어 논리적으로 하나의 포트로 인식하게 하는 것이며, 기존의 Port-Channel의 확장된 개념이다.
- Loop에 대한 Free 토폴로지를 제공하기 때문에 기존의 Spanning-tree의 Blocked Port를 제외할 수 있다.
- vPC는 vPC Domain을 통해서, 다른 Nexus 장비 간의 연결을 하고있으며, 2가지의 Link를 통해 vPC peer 간에 정보를 교환한다.
- vPC Peer-Keepalive Link
- vPC peer 간 Hearbeating을 하며, 장비 간에 상태 확인 및 Loop 구조 발생을 제외할 수 있게 한다.
- 별도의 VRF를 사용하여 vPC Peer 간에 L3 인터페이스로 구성하는 것을 권고한다.
- 별도 VRF 미구성 시에, management VRF를 기본적으로 사용한다.
- Peer 끼리 management port에 다이렉트로 연결 시에 하드웨어 Fail로 인한 Supervisor switchover나, ISSU 동안에 mgmt0 포트가 변경에 따라, Keepalive message가 중단 될 수 있다.
- management port 사용 시에는 management switch를 사용해서 peer간 구성하는 것이 이상적이다.
- 별도 VRF 미구성 시에, management VRF를 기본적으로 사용한다.
- vPC Peer Link
- vPC peer 간의 정보 교환
- vPC peer link 는 Layer 2 port channel로 구성하는 것을 권고하고 있다.
- vPC peer link는 10G 구성이 되어야하며, 같은 종류의 Line Card 간만 구성이 가능하다.
- vPC Peer-Keepalive Link
1. PC 설정
# PC2
ip 20.20.20.100 255.255.255.0 20.20.20.4
# PC3
ip 30.30.30.100 255.255.255.0 30.30.30.42. TOP 기본 설정
# TOP
switch(config)# hostname TOP
TOP(config)# feature interface-vlan
TOP(config)# feature lacp
TOP(config)# feature hsrp
TOP(config)# cfs eth distribute
TOP(config)# feature privilege
TOP(config)# clock timezone KST 9 0
TOP(config)# vlan 10
TOP(config-vlan)# exit
TOP(config)# interface vlan 10
TOP(config-if)# no sh
TOP(config-if)# ip add 10.10.10.1/24
TOP(config)# interface port-channel 1
TOP(config-if)# no sh
TOP(config-if)# switchport
TOP(config-if)# switchport mode access
TOP(config-if)# switchport access vlan 10
TOP(config)# interface ethernet 1/1-2
TOP(config-if-range)# no sh
TOP(config-if-range)# channel-group 1 force mode active
TOP(config)# ip route 20.20.20.0/24 10.10.10.4
TOP(config)# ip route 30.30.30.0/24 10.10.10.4
TOP# copy r scfs eth distribute
- CFS (Cisco Fabric Services)
- Cisco Nexus Switch에서 여러 네트워크 설정과 정책을 일관되게 관리하고 배포하는데 도움되는 분산된 서비스
- 해당 서비스는 네트워크 전반에 걸쳐 구성 변경 사항을 동기화하고, 중복 작업을 줄여주며, 설정 오류의 가능성을 낮추는데 유용하다.
- 해당 서비스는 Nexus Swithch에서 기본적으로 Enable 되어 있음.
- 해당 서비스로 인해 vPC Peer link를 통해 IGMP, STP, MAC Table을 동기화 한다.
3. BB1 기본 설정
# BB1
switch(config)# hostname BB1
BB1(config)# feature privilege
BB1(config)# cfs eth distribute
BB1(config)# feature interface-vlan
BB1(config)# feature hsrp
BB1(config)# feature lacp
BB1(config)# feature vpc
BB1(config)# clock timezone KST 9 0
BB1(config)# vlan 10,20,30
BB1(config)# interface vlan 10
BB1(config-if)# no sh
BB1(config-if)# ip add 10.10.10.2/24
BB1(config-if)# hsrp 10
BB1(config-if-hsrp)# ip 10.10.10.4
BB1(config-if-hsrp)# priority 110
BB1(config)# interface vlan 20
BB1(config-if)# no sh
BB1(config-if)# ip add 20.20.20.2/24
BB1(config-if)# hsrp 20
BB1(config-if-hsrp)# ip 20.20.20.4
BB1(config-if-hsrp)# priority 110
BB1(config-if)# interface vlan 30
BB1(config-if)# no sh
BB1(config-if)# ip add 30.30.30.2/24
BB1(config-if)# hsrp 30
BB1(config-if-hsrp)# ip 30.30.30.4
BB1(config-if-hsrp)# priority 110
BB1(config)# ip route 0.0.0.0/0 10.10.10.1
BB1# copy r sSMALL
4. BB2 기본 설정
# BB2
switch(config)# hostname BB2
BB2(config)# feature privilege
BB2(config)# cfs eth distribute
BB2(config)# feature interface-vlan
BB2(config)# feature hsrp
BB2(config)# feature lacp
BB2(config)# feature vpc
BB2(config)# clock timezone KST 9 0
BB2(config)# vlan 10,20,30
BB2(config)# interface vlan 10
BB2(config-if)# no sh
BB2(config-if)# ip add 10.10.10.3/24
BB2(config-if)# hsrp 10
BB2(config-if-hsrp)# ip 10.10.10.4
BB2(config)# interface vlan 20
BB2(config-if)# no sh
BB2(config-if)# ip add 20.20.20.3/24
BB2(config-if)# hsrp 20
BB2(config-if-hsrp)# ip 20.20.20.4
BB2(config-if)# interface vlan 30
BB2(config-if)# no sh
BB2(config-if)# ip add 30.30.30.3/24
BB2(config-if)# hsrp 30
BB2(config-if-hsrp)# ip 30.30.30.4
BB2(config)# ip route 0.0.0.0/0 10.10.10.1
BB2# copy r s5. SW1 기본설정
# SW1
switch(config)# hostname SW1
SW1(config)# feature privilege
SW1(config)# cfs eth distribute
SW1(config)# feature interface-vlan
SW1(config)# feature lacp
SW1(config)# clock timezone KST 9 0
SW1(config)# vlan 20
SW1(config-vlan)# exit
SW1(config)# interface vlan 20
SW1(config-if)# no sh
SW1(config-if)# ip add 20.20.20.5/24
SW1(config)# interface port-channel 1
SW1(config-if)# no sh
SW1(config-if)# switchport
SW1(config-if)# switchport mode trunk
SW1(config-if)# switchport trunk allowed vlan 20
SW1(config)# interface ethernet 1/1-2
SW1(config-if-range)# no sh
SW1(config-if-range)# channel-group 1 force mode active
SW1(config)# interface ethernet 1/3
SW1(config-if)# no sh
SW1(config-if)# switchport
SW1(config-if)# switchport mode access
SW1(config-if)# switchport access vlan 20
SW1(config-if)# end
SW1(config)# ip route 0.0.0.0/0 20.20.20.4
SW1# copy r s6. SW2 기본설정
# SW2
switch(config)# hostname SW2
SW2(config)# feature privilege
SW2(config)# cfs eth distribute
SW2(config)# feature interface-vlan
SW2(config)# feature lacp
SW2(config)# clock timezone KST 9 0
SW2(config)# vlan 30
SW2(config-vlan)# exit
SW2(config)# interface vlan 30
SW2(config-if)# no sh
SW2(config-if)# ip add 30.30.30.5/24
SW2(config)# interface port-channel 1
SW2(config-if)# no sh
SW2(config-if)# switchport
SW2(config-if)# switchport mode trunk
SW2(config-if)# switchport trunk allowed vlan 30
SW2(config)# interface ethernet 1/1-2
SW2(config-if-range)# no sh
SW2(config-if-range)# channel-group 1 force mode active
SW2(config)# interface ethernet 1/3
SW2(config-if)# no sh
SW2(config-if)# switchport
SW2(config-if)# switchport mode access
SW2(config-if)# switchport access vlan 30
SW2(config-if)# end
SW2(config)# ip route 0.0.0.0/0 30.30.30.4
SW2# copy r s7. vPC 설정
7.1 BB1 설정
# BB1
BB1(config)# vrf context vpc_keepalive
BB1(config-vrf)# exit
BB1(config)# vpc domain 10
BB1(config-vpc-domain)# peer-switch
BB1(config-vpc-domain)# role priority 10
BB1(config-vpc-domain)# peer-keepalive destination 1.1.1.2 source 1.1.1.1 vrf vpc_keepalive
BB1(config-vpc-domain)# delay restore 10
BB1(config-vpc-domain)# peer-gateway
BB1(config-vpc-domain)# auto-recovery
BB1(config)# interface port-channel 1
BB1(config)# description #peer_link#
BB1(config-if)# no sh
BB1(config-if)# switchport
BB1(config-if)# switchport mode trunk
BB1(config-if)# switchport trunk allowed vlan 10,20,30
BB1(config-if)# spanning-tree port type network
BB1(config-if)# speed 10000
BB1(config-if)# vpc peer-link
BB1(config)# interface port-channel 2
BB1(config-if)# no sh
BB1(config-if)# description #VPC_PKAL#
BB1(config-if)# no switchport
BB1(config-if)# vrf member vpc_keepalive
BB1(config-if)# ip add 1.1.1.1/30
BB1(config)# interface port-channel 10
BB1(config-if)# no sh
BB1(config-if)# switchport
BB1(config-if)# switchport mode access
BB1(config-if)# switchport access vlan 10
BB1(config-if)# vpc 10
BB1(config)# interface port-channel 20
BB1(config-if)# no sh
BB1(config-if)# switchport
BB1(config-if)# switchport mode trunk
BB1(config-if)# switchport trunk allowed vlan 20
BB1(config-if)# vpc 20
BB1(config)# interface port-channel 30
BB1(config-if)# no sh
BB1(config-if)# switchport
BB1(config-if)# switchport mode trunk
BB1(config-if)# switchport trunk allowed vlan 30
BB1(config-if)# vpc 30
BB1(config)# spanning-tree vlan 10,20,30 priority 4096
BB1(config)# interface ethernet 1/1
BB1(config-if)# no sh
BB1(config-if)# channel-group 10 force mode active
BB1(config)# interface ethernet 1/2-3
BB1(config-if-range)# no sh
BB1(config-if-range)# channel-group 1 force mode active
BB1(config)# interface ethernet 1/4-5
BB1(config-if-range)# no sh
BB1(config-if-range)# channel-group 2 force mode active
BB1(config)# interface ethernet 1/6
BB1(config-if)# no sh
BB1(config-if)# channel-group 20 force mode active
BB1(config)# interface ethernet 1/7
BB1(config-if)# no sh
BB1(config-if)# channel-group 30 force mode active7.2 BB2 설정
# BB2
BB2(config)# vrf context vpc_keepalive
BB2(config-vrf)# exit
BB2(config)# vpc domain 10
BB2(config-vpc-domain)# peer-switch
BB2(config-vpc-domain)# role priority 20
BB2(config-vpc-domain)# peer-keepalive destination 1.1.1.1 source 1.1.1.2 vrf vpc_keepalive
BB2(config-vpc-domain)# delay restore 10
BB2(config-vpc-domain)# peer-gateway
BB2(config-vpc-domain)# auto-recovery
BB2(config)# interface port-channel 1
BB2(config)# description #peer_link#
BB2(config-if)# no sh
BB2(config-if)# switchport
BB2(config-if)# switchport mode trunk
BB2(config-if)# switchport trunk allowed vlan 10,20,30
BB2(config-if)# spanning-tree port type network
BB2(config-if)# speed 10000
BB2(config-if)# vpc peer-link
BB2(config)# interface port-channel 2
BB2(config-if)# no sh
BB2(config-if)# description #VPC_PKAL#
BB2(config-if)# no switchport
BB2(config-if)# vrf member vpc_keepalive
BB2(config-if)# ip add 1.1.1.2/30
BB2(config)# interface port-channel 10
BB2(config-if)# no sh
BB2(config-if)# switchport
BB2(config-if)# switchport mode access
BB2(config-if)# switchport access vlan 10
BB2(config-if)# vpc 10
BB2(config)# interface port-channel 20
BB2(config-if)# no sh
BB2(config-if)# switchport
BB2(config-if)# switchport mode trunk
BB2(config-if)# switchport trunk allowed vlan 20
BB2(config-if)# vpc 20
BB2(config)# interface port-channel 30
BB2(config-if)# no sh
BB2(config-if)# switchport
BB2(config-if)# switchport mode trunk
BB2(config-if)# switchport trunk allowed vlan 30
BB2(config-if)# vpc 30
BB2(config)# spanning-tree vlan 10,20,30 priority 4096
BB2(config)# interface ethernet 1/1
BB2(config-if)# no sh
BB2(config-if)# channel-group 10 force mode active
BB2(config)# interface ethernet 1/2-3
BB2(config-if-range)# no sh
BB2(config-if-range)# channel-group 1 force mode active
BB2(config)# interface ethernet 1/4-5
BB2(config-if-range)# no sh
BB2(config-if-range)# channel-group 2 force mode active
BB2(config)# interface ethernet 1/6
BB2(config-if)# no sh
BB2(config-if)# channel-group 20 force mode active
BB2(config)# interface ethernet 1/7
BB2(config-if)# no sh
BB2(config-if)# channel-group 30 force mode active7.3 vPC 구성 확인
# BB1 및 BB2
BB1# show run vpc
feature vpc
vpc domain 10
peer-switch
role priority 10
peer-keepalive destination 1.1.1.2 source 1.1.1.1 vrf vpc_keepalive
delay restore 10
peer-gateway
auto-recovery
interface port-channel1
vpc peer-link
interface port-channel10
vpc 10
interface port-channel20
vpc 20
interface port-channel30
vpc 30
***********************************************************************
BB1# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 3
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 10s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po1 up 10,20,30
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
10 Po10 up success success 10
20 Po20 up success success 20
30 Po30 up success success 30
Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency
***********************************************************************
BB1# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:0a
vPC system-priority : 32667
vPC local system-mac : 50:00:00:09:00:07
vPC local role-priority : 10
vPC local config role-priority : 10
vPC peer system-mac : 50:00:00:0a:00:07
vPC peer role-priority : 20
vPC peer config role-priority : 20
***********************************************************************
BB1# show vpc consistency-parameters global
Legend:
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
------------- ---- ---------------------- -----------------------
STP MST Simulate PVST 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Region Name 1 "" ""
STP Disabled 1 None None
STP Mode 1 Rapid-PVST Rapid-PVST
STP Bridge Assurance 1 Enabled Enabled
STP Loopguard 1 Disabled Disabled
STP MST Region Instance to 1
VLAN Mapping
STP MST Region Revision 1 0 0
Interface-vlan admin up 2 10,20,30 10,20,30
Interface-vlan routing 2 10,20,30 10,20,30
capability
QoS (Cos) 2 ([0-7], [], [], [], ([0-7], [], [], [],
[], []) [], [])
Network QoS (MTU) 2 (1500, 1500, 1500, (1500, 1500, 1500,
1500, 0, 0) 1500, 0, 0)
Network Qos (Pause: 2 (F, F, F, F, F, F) (F, F, F, F, F, F)
T->Enabled, F->Disabled)
Input Queuing (Bandwidth) 2 (0, 0, 0, 0, 0, 0) (0, 0, 0, 0, 0, 0)
Input Queuing (Absolute 2 (F, F, F, F, F, F) (F, F, F, F, F, F)
Priority: T->Enabled,
F->Disabled)
Output Queuing (Bandwidth 2 (100, 0, 0, 0, 0, 0) (100, 0, 0, 0, 0, 0)
Remaining)
Output Queuing (Absolute 2 (F, F, F, T, F, F) (F, F, F, T, F, F)
Priority: T->Enabled,
F->Disabled)
Allowed VLANs - 10,20,30 10,20,30
Local suspended VLANs - - -8. 통신 확인
# PC2
VPCS> ping 20.20.20.4
84 bytes from 20.20.20.4 icmp_seq=1 ttl=255 time=18.317 ms
84 bytes from 20.20.20.4 icmp_seq=2 ttl=255 time=20.743 ms
84 bytes from 20.20.20.4 icmp_seq=3 ttl=255 time=57.613 ms
VPCS> ping 10.10.10.1
84 bytes from 10.10.10.1 icmp_seq=1 ttl=254 time=35.127 ms
84 bytes from 10.10.10.1 icmp_seq=2 ttl=254 time=22.714 ms
84 bytes from 10.10.10.1 icmp_seq=3 ttl=254 time=28.405 ms728x90
LIST
'Network > Cisco' 카테고리의 다른 글
| [Cisco] 보안 취약점 점검 가이드 -기능관리 (0) | 2024.04.26 |
|---|---|
| [Cisco] 보안 취약점 점검 가이드 - 접근 관리 및 패치관리 (0) | 2024.04.25 |
| [Cisco] 보안 취약점 점검 가이드 - 계정관리 (0) | 2024.04.24 |
| [Cisco] vPC - Peer-Switch (0) | 2024.04.15 |
