What is VPC?
VPC means Virtual PortChannel. It allows links that are physically connected to two different Cisco Nexus switches to appear as a single PortChannel to a third device. The third device can be a Fabric Extender or a switch, server, or any other networking device for that matter.
A VPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bandwidth, enabling multiple parallel paths between nodes and load-balancing traffic where alternative paths exist.
After you enable the VPC function, you create a peer keepalive link, which sends heartbeat messages between the two peer devices. This provides the VPC function with up-to-date information and status on the ports using it.
The VPC domain includes all of the following: peer devices, the VPC peer keepalive link, the VPC peer link, and all the Port Channels in the VPC domain. You can have only one VPC domain ID on each device. Therefore if you are in a multi-switch environment this needs to be planned properly before implementation.
So what is the key terminology and what does it mean
• VPC: Official explanation is the combined PortChannel between the VPC peer devices and the downstream device.
• VPC peer switch: The VPC peer switch is one of a pair of switches that are connected to the special PortChannel known as the VPC peer link. One device will be selected as the primary device, and the other will be the secondary device. You can find this out by the command show vpc role
• VPC peer link: The VPC peer link is the link used to synchronise states between the VPC peer devices. The VPC peer link carries control traffic between two VPC switches and also multicast, broadcast data traffic. This will be a trunk between your two devices. You should have at least two 10 Gigabit Ethernet interfaces for peer links.
• VPC domain: This domain includes both VPC peer devices, the VPC peer keepalive link, and all the PortChannels in the VPC connected to the downstream devices. It is also associated with the configuration mode that you must use to assign VPC global parameters.
• VPC peer keepalive link: The peer keepalive link monitors the vitality of a VPC peer switch. The peer keepalive link sends periodic keepalive messages between VPC peer devices. The VPC peer keepalive link can be a management interface or switched virtual interface (SVI). No data or synchronization traffic moves over the VPC peer keepalive link; the only traffic on this link is a message that indicates that the originating switch is operating and running VPC.
• VPC member port: VPC member ports are interfaces that belong to the VPC.
Now the theory is done. Let’s configure VPc
The configuration below is explained for each step on Nexus 1 and then straight configuration for Nexus 2.
Enable the vPC feature
Create a vPC domain and assign a domain ID
nexus1(config)# vpc domain 8
Configure the IPv4 address for the remote end of the vPC peer keepalive link.
nexus1(config-vpc-domain)#peer-keepalive destination 172.16.8.9
Select the PortChannel that you want to use as the vPC peer link for this device, and enter the interface configuration mode.
Configure the selected PortChannel as the vPC peer link.
nexus1(config)# interface port-channel 8
Name & configure the selected PortChannel as the vPC peer link.
nexus1(config-if)# description VPC-Peer
nexus1(config-if)# vpc peer-link
Add the interface to the PortChannel and then move the PortChannel to the vPC to connect to the downstream device. The vPC number ranges from 1 to 4096. The vPC number does not need to match the PortChannel number, but it must match the number of the vPC peer switch for that vPC bundle. A PortChannel is needed even if there is only one member interface for the PortChannel. When there is only one member for the PortChannel, the hardware PortChannel resource will not be created.
nexus1(config)#description VPC-PeerPort | e1/1-Nexus2
nexus1(config-if)# interface port-channel 8
nexus1(config-if)# vpc 8
nexus2(config)# vpc domain 8
nexus2(config-vpc-domain)#peer-keepalive destination 172.16.8.8
nexus2(config)# interface port-channel 8
nexus2(config-if)# description VPC-Peer
nexus2(config-if)# vpc peer-link
nexus2(config)#description VPC-PeerPort | e1/1-Nexus1
nexus2(config-if)# interface port-channel 8
nexus2(config-if)# vpc 8
Here is a collection of my most used and favourite commands with a brief description of what they do. If you haven’t used them before then hopefully you will find these useful! :-)
1. show interface fax/x – this gives you some really in depth information about the switch port. The most used thing for myself here would be the CRC section to check for errors on the port. Example below:
2. show interface fa0/8 status - this will tell you the status of the port. It will show if you have a cable connected and will say ‘connect’ under status or if it has no cable plugged in and will be ‘notconnect’. Will also show the VLAN, Duplex & Speed settings and the Type of connection.
3. show mac address-table | i - insertMAC (in the format of xxxx.xxxx.xxxx)Handy for troubleshooting. If you know the MAC address you can track down which VLAN it is in and the port it's attached to. This is good if the ports aren’t labelled with a description.
4. show logging - this shows what’s going on with various elements of the switching environment, can show flapping ports etc. This is also a good one for troubleshooting.
5. show clock & show version - Show clock relates strongly to the above show logging command. The show logging will give a time stamp and if you want to work out when a particular event happened and the clock is nonsensical then show clock will give you the time set on the switch. The event might have happened sooner than what you thought.
Show version is mostly used for checking the firmware on the switch and the uptime of the device. I use this all the time to figure out whether there has been power outages or circuit outages.
Example below shows both commands:
6. show vlan - this will show you which ports belong to which VLAN and will also show the VLANs that are currently setup on the switch. Unlike the example below, you should name your VLANs to make everyone’s life easier!
7. show run - No example for this as one as the output is the entire configuration of the switch. To narrow your search down you can also use pole include to refine the output i.e show run | i 192.168.8.8
8. show arp - useful for finding any IP addresses that are associated with the MAC address that you are troubleshooting.
9. show run interface fa0/8 - very handy command and one of my favourites. This saves you trawling through the running configuration, if you know the interface number then just show run on that interface to show only the config of that interface!
10. show interface description - Arguably my top command. As long as the descriptions are there, clear and useful (which they should be) then this allows you to find what you need quickly! Normally proceeded this would be show run interface fa0/8 to show how the interface is configured.
WHAT ARE YOU FAVOURITE COMMANDS? LEAVE A COMMENT BELOW :)
About Port Channels
Cisco NX-OS provides wider bandwidth, redundancy, and load balancing across the channels in a port channel.
You can collect up to eight ports into a static port channel or you can enable the Link Aggregation Control Protocol (LACP).
A port channel bundles individual links into a channel group to create a single logical link that provides the aggregate bandwidth of up to eight physical links. If a member port within a port channel fails, traffic previously carried over the failed link switches to the remaining member ports within the port channel.
These ports can be configured over two or more stacked switches, so the commands below will need to be issued on both switches to ensure the global configuration for the Port Channel is correct.
What needs to be running?
VPC if the ports are physically connected to two different switches and also LACP. *Please note that if VPC is not running then this documentation is irrelevant as here we focus on bonded ports between switches until you follow my other blog on What is VPC and how do you configure it on a Cisco Nexus 6000 series switch?
For port channels to work LACP and VPC need to be enabled on the Nexus’. You can view the status of these in the running configuration and they will be displayed like this, if they do not appear then they are not running.
If LACP is not shown then you will need to add this feature by typing in configuration mode feature lacp
You can verify that this is now running by typing in the command below, which will then list the enabled features show system internal clis feature.
Check the next Port Channel
To check the next available port channel type show port-channel summary. This will display the already configured groups, which protocol they are running and which member ports are in the group. As shown below:
You can either choose to use Group 104 as this does not currently have any member ports. Or to be cautious you can create a new Group with the next available number - 105.
Configuring the Port Channel
To configure the Port Channel, type in configuration terminal interface port-channel105. If you are using the Port Channel over more than one switch then you will need to do the same on the other Nexus. Fill in the rest of ports details as you would do normally for an interface including the switchport mode and the vlan.
Two additional configurations to add are spanning-tree guard root so that it does not allow the port to become a root port. Also to add the vpc number, which in this case is 105. VPC stands for Virtual PortChannel.
The Port Channel configuration should look like this:
description My New Port Channel
switchport mode access
switchport access vlan 100
spanning-tree guard root
Configuring the Member Ports
In configuration terminal go into the interface that you would like to add to the Port Channel (this will need to be done on both Switches). Put a useful description on the port. Set the port to the vlan that you would like it to be a part of and also put in spanning-tree guard root as per the Port Channel configuration.
The two additional and most important lines of config are logging event port link-status and also channel-group 105 mode active. The logging event port link-status command will log all UP/DOWN and CHANGE messages. You can only add interfaces configured with the channel mode as active or passive to port channels that are running LACP. Therefore the command channel-group 105 mode active will allow these ports to be added to the Port Channel you have created.
Once this is all added the interfaces configurations should like this:
description My New PortChannel Member
no cdp enable
switchport mode access
switchport access vlan 100
spanning-tree guard root
The definition of ‘passive’, ‘active’ and ‘on’ are you shown below for reference.
Once patched, you will now see these ports listed as Member Ports using show port-channel summary command.