FCoE Loadbalancing

On the N7K no need to make any changes since by default it support sid/did/oxid loadbalancing.

On the N5K the default load balance mechanism on the LACP port channel is sourcedest. If left in this state, all the FCoE traffic will take the same link in the port channel  when the N5K is forwarding frames to the N7K. To enable the N5K to load balance using exchange ID, we must configure the N5K for source-dest-port load balancing.
n5k-1(config)# port-channel load-balance ethernet ?
destination-ip Destination IP address
destination-mac Destination MAC address
destination-port Destination TCP/UDP port
source-dest-ip Source & Destination IP address –> SID/DID
source-dest-mac Source & Destination MAC address
source-dest-port Source & Destination TCP/UDP port –> SID/DID/OXID
source-ip Source IP address
source-mac Source MAC address
source-port Source TCP/UDP port
n5k-1(config)# port-channel load-balance ethernet source-dest-port

On UCS each vHBA gets either statically (through manual pinning policy)
bound to a northbound FC interface or dynamically pinned to a north bound
interface in a round robin fashion.  Individual flows will _NOT_ be load
balanced across links unless a f_port port-channel is used.

UCS Default Vlan 1

I wanted to have a disjoint L2 network at the UCS, but I noticed the following on the interface :

interface Ethernet1/2
description U: Uplink
pinning border
switchport mode trunk
switchport trunk native vlan 30
switchport trunk allowed vlan 1,30
no shutdown

 

Trying to disable or remote the default vlan 1, but without any luck.

After you configure VLANs in a Cisco UCS domain, default VLAN 1 remains implicitly on all uplink
ports and port channels. Y ou cannot explicitly assign default VLAN 1 to an uplink port or port channel,
nor can you remove it from an uplink port or port channel.

If you attempt to assign default VLAN 1 to a specific port or port channel, Cisco UCS Manager raises an
Update Failed fault.
Therefore, if you configure a Cisco UCS domain for disjoint L2 networks, do not configure any vNICs with default VLAN 1 unless you want all data traffic for that server to be carried on all uplink Ethernet ports and port channels and sent to all upstream networks.

vNIC creation UCS for ESXi

It is critical that the “Enable Failover” checkbox SHOULD NOT be selected.
There will be no “Native VLAN” selected since the installation of ESXi will have a vlan
tag for the service console.

CCIE DC Exam Topics

Cisco Data Center Infrastructure – NXOS

  • Implement NXOS L2 functionality
    Implement VLANs and PVLANs
    Implement Spanning-Tree Protocols
    Implement Port-Channels
    Implement Unidirectional Link Detection (UDLD)
    Implement Fabric Extension via the Nexus family

 

  • Implement NXOS L3 functionality
    Implement Basic EIGRP in Data Center Environment
    Implement Basic OSPF in Data Center Environment
    Implement BFD for Dynamic Routing protocols
    Implement ECMP
    Implement FabricPath

 

  • Implement Basic NXOS Security Features
    Implement AAA Services
    Implement SNMPv3
    Configure IP ACLs, MAC ACLs and VLAN ACLs
    Configure Port Security
    Configure DHCP Snooping
    Configure Dynamic ARP Inspection
    Configure IP Source Guard
    Configure Cisco TrustSec

 

  • Implement NXOS High Availability Features
    Implement First-Hop Routing Protocols
    Implement Graceful Restart
    Implement nonstop forwarding
    Implement Port-channels
    Implement vPC and VPC+
    Implement Overlay Transport Protocol (OTV)

 

  • Implement NXOS Management
    Implement SPAN and ERSPAN
    Implement NetFlow
    Implement Smart Call Home
    Manage System Files
    Implement NTP, PTP
    Configure and Verify DCNM Functionality

 

  • NXOS Troubleshooting
    Utilize SPAN, ERSPAN and EthAnalyzer to troubleshoot a Cisco Nexus problem
    Utilize NetFlow to troubleshoot a Cisco Nexus problem
    Given an OTV problem, identify the problem and potential fix
    Given a VDC problem, identify the problem and potential fix
    Given a vPC problem, identify the problem and potential fix
    Given an Layer 2 problem, identify the problem and potential fix
    Given an Layer 3 problem, identify the problem and potential fix
    Given a multicast problem, identify the problem and potential fix
    Given a FabricPath problem, identify the problem and potential fix
    Given a Unified Fabric problem, identify the problem and potential fix

 

Cisco Storage Networking

  • Implement Fiber Channel Protocols Features
    Implement Port Channel, ISL and Trunking
    Implement VSANs
    Implement Basic and Enhanced Zoning
    Implement FC Domain Parameters
    Implement Fiber Channel Security Features
    Implement Proper Oversubscription in an FC environment

 

  • Implement IP Storage Based Solution
    Implement IP Features including high availability
    Implement iSCSI including advanced features
    Implement SAN Extension tuner
    Implement FCIP and Security Features
    Implement iSCSI security features
    Validate proper configuration of IP Storage based solutions

 

  • Implement NXOS Unified Fabric Features
    Implement basic FC in NXOS environment
    Implement Fiber channel over Ethernet (FCoE)
    Implement NPV and NPIV features
    Implement Unified Fabric Switch different modes of operation
    Implement QoS Features
    Implement FCoE NPV features
    Implement multihop FCoE
    Validate Configurations and Troubleshoot problems and failures using Command Line, show and debug commands.

 

Cisco Data Center Virtualization

  • Manage Data Center Virtualization with Nexus1000v
    Implement QoS, Traffic Flow and IGMP Snooping
    Implement Network monitoring on Nexus 1000v
    Implement n1kv portchannels
    Troubleshoot Nexus 1000V in a virtual environment
    Configure VLANs
    Configure PortProfiles

 

  • Implement Nexus1000v Security Features
    DHCP Snooping
    Dynamic ARP Inspection
    IP Source Guard
    Port Security
    Access Control Lists
    Private VLANs
    Configuring Private VLANs

 

Cisco Unified Computing

  • Implement LAN Connectivity in a Unified Computing Environment
    Configure different Port types
    Implement Ethernet end Host Mode
    Implement VLANs and Port Channels.
    Implement Pinning and PIN Groups
    Implement Disjoint Layer 2

 

  • Implement SAN Connectivity in a Unified Computing Environment
    Implement FC ports for SAN Connectivity
    Implement VSANs
    Implement FC Port Channels
    Implement FC Trunking and SAN pinning

 

  • Implement Unified Computing Server Resources
    Create and Implement Service Profiles
    Create and Implement Policies
    Create and Implement Server Resource Pools
    Implement Updating and Initial Templates
    Implement Boot From remote storage
    Implement Fabric Failover

 

  • Implement UCS Management tasks
    Implement Unified Computing Management Hierarchy using ORG and RBAC
    Configure RBAC Groups
    Configure Remote RBAC Configuration
    Configure Roles and Privileges
    Create and Configure Users
    Implement Backup and restore procedures in a unified computing environment
    Implement system wide policies

 

  • Unified Computing Troubleshooting and Maintenance
    Manage High Availability in a Unified Computing environment
    Configure Monitoring and analysis of system events
    Implement External Management Protocols
    Collect Statistical Information
    Firmware management
    Collect TAC specific information
    Implement Server recovery tasks

 

Cisco Application Networking Services – ANS

  • Implement Data Center application high availability and load balancing
    Implement standard ACE features for load balancing
    Configuring Server Load Balancing Algorithm
    Configure different SLB deployment modes
    Implement Health Monitoring
    Configure Sticky Connections
    Implement Server load balancing in HA mode

Nexus 1000v verification commands

sh port-profile brief

show interface bries

show svs domain

show svs connection

show module

show interface virtual

show port-profile usage

 

Nexus 1000v Uplinks

First create some vlans:

Nexus1000V# configure terminal
Nexus1000V(config)# vlan 10
Nexus1000V(config-vlan)# name Management-VMotion
Nexus1000V(config-vlan)# vlan 11
Nexus1000V(config-vlan)# name Data-Network
Nexus1000V(config-vlan)# vlan 12
Nexus1000V(config-vlan)# name iSCSI
Nexus1000V(config-vlan)# vlan 111
Nexus1000V(config-vlan)# name PVLAN-Secondary
Nexus1000V(config-vlan)# end

Uplink port profile for Management :

Nexus1000V# configure terminal
Nexus1000V(config)# port-profile type ethernet mgmt-uplink 
Nexus1000V(config-port-prof)# vmware port-group
Nexus1000V(config-port-prof)# switchport mode access
Nexus1000V(config-port-prof)# switchport access vlan 10
Nexus1000V(config-port-prof)# no shutdown
Nexus1000V(config-port-prof)# system vlan 10
Nexus1000V(config-port-prof)# state enabled
Nexus1000V(config-port-prof)# end

Uplink Port-profile for iSCSI Storage:
Nexus1000V# configure terminal
Nexus1000V(config)# port-profile type ethernet iscsi-uplink 
Nexus1000V(config-port-prof)# vmware port-group
Nexus1000V(config-port-prof)# switchport mode access
Nexus1000V(config-port-prof)# switchport access vlan 12
Nexus1000V(config-port-prof)# no shutdown
Nexus1000V(config-port-prof)# system vlan 12
Nexus1000V(config-port-prof)# state enabled
Nexus1000V(config-port-prof)# end
Uplink Port-profile for VM Data:
Nexus1000V# configure terminal
Nexus1000V(config)# feature private-vlan 
Nexus1000V(config)# port-profile type ethernet data-uplink 
Nexus1000V(config-port-prof)# vmware port-group
Nexus1000V(config-port-prof)# switchport mode private-vlan trunk promiscuous
Nexus1000V(config-port-prof)# switchport private-vlan trunk allowed vlan 11,111
Nexus1000V(config-port-prof)# channel-group auto mode on mac-pinning
Nexus1000V(config-port-prof)# no shutdown
Nexus1000V(config-port-prof)# state enabled
Nexus1000V(config-port-prof)# end



OSPF Type 1 vs Type 2

A type 1 route has a metric that is the sum of the internal OSPF cost and the external redistributed cost.

A type 2 route has a metric equal only to the redistributed cost.

ospftypes

VRRP

feature vrrp

int vlan 30

vrrp 1

address 10.10.30.254

prioirty 200 (Higher is better)

no shut
N7K-N7K-DC1-2(config-if-vrrp)# sh vrrp
Interface VR IpVersion Pri Time Pre State VR IP addr
—————————————————————
Vlan30 1 IPV4 100 1 s Y Master 10.10.30.254
N7K-N7K-DC1-2(config-if-vrrp)# sh vrrp det

Vlan30 – Group 1 (IPV4)
State is Master
Virtual IP address is 10.10.30.254
Priority 100, Configured 100
Forwarding threshold(for VPC), lower: 1 upper: 100
Advertisement interval 1
Preemption enabled
Virtual MAC address is 0000.5e00.0101
Master router is Local
N7K-N7K-DC1-2(config-if-vrrp)#

 

HSRP

hsrp priority 1-255… Higher means becoming the active router.

But only if the active router fails or interface will be shut / no shut

with : hsrp preempt the router will be active.

 

feature hsrp

int vlan 30

hsrp 1 ipv4

ip 10.10.30.254

sh hsrp

Vlan30 – Group 1 (HSRP-V1) (IPv4)
Local state is Active, priority 100 (Cfged 100)
Forwarding threshold(for vPC), lower: 1 upper: 100
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.057000 sec(s)
Virtual IP address is 10.10.30.254 (Cfged)
Active router is local
Standby router is 10.10.30.1 , priority 100 expires in 6.457000 sec(s)
Authentication text “cisco”
Virtual mac address is 0000.0c07.ac01 (Default MAC)
12 state changes, last state change 00:01:49
IP redundancy name is hsrp-Vlan30-1 (default)

preemptdefaultsettings

OSPF

Heres a simple configuration :

!Command: show running-config ospf
!Time: Tue Apr 2 09:24:35 2013

version 5.0(2)
feature ospf

router ospf 1
router-id 10.10.10.6

interface loopback0
ip router ospf 1 area 0.0.0.0

interface Ethernet2/2
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.1

ip ospf cost 25

N7K-6(config-if)# sh ip ospf neigh
OSPF Process ID 1 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
10.10.10.2 1 EXSTART/ – 00:02:20 192.168.7.6 Eth2/2

 

The system is stuck in EXSTART !

N7K-6(config-if)# ip ospf mtu-ignore
N7K-6(config-if)# sh ip ospf neigh
OSPF Process ID 1 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
10.10.10.2 1 FULL/ – 00:00:03 192.168.7.6 Eth2/2