http://www.cisco.com/go/govsba

Collapsed Data Center and Campus Core Deployment Guide

Cisco Nexus 7000 Supplemental

Revision: H2CY10

2Using this Borderless Networks Guide

Using this Borderless Networks Guide

This is guide is a concise reference on consolidating the campus and data center core layers and is broken up into a few sections.

The Introduction outlines the use-cases that often drive the consolidation of the campus and data center cores

The Technology Overview section introduces the Cisco Nexus 7000 Series and the capabilities that uniquely position the platform as the device that should be utilized in a collapsed campus and data center core.

The Configuration Details section details the processes and procedures required to deploy the Nexus 7000 Series as a collapsed campus and data center core.

This document is for the reader who:

• HasreadtheCisco Smart Business Architecture (SBA) for Government Large Agencies—Borderless Networks LAN Deployment Guide

• Hasintotal2000to10,000connectedemployees

• HasacampusLANthatsupportsupto5000connectedemployeesco-located with a data center

• Wantstoconsolidatethecampusanddatacentercoredevices

• Hashigh10-GigabitEthernetdensityinthecampusanddatacentercore

• HasITworkerswithaCCNA® certification or equivalent experience

• Wantstheassuranceofatestedsolution

Who Should Read This Guide

This guide should be of interest to anyone in a large agency that wants to understand why they might want to utilize the Cisco Nexus 7000 Series when they are collapsing the campus and data center core.

The audience also includes information technology staff and technology resellers who want to understand more about the Cisco Nexus 7000 Series and how to deploy it in a collapsed campus and data center core environment.

ThisguidedoesassumesaCCNA-leveltechnicalbackground.

Nexus 7000 Deployment Guide

Supplemental Guides

You are Here

Network ManagementGuides

Internet Edge Configuration Guide

Internet EdgeDeployment Guide

WAN Configuration Guide

WAN DeploymentGuide

LAN Configuration Guide

LAN DeploymentGuide

Foundation DeploymentGuides

Design Guides Deployment Guides

Table of Contents

ALLDESIGNS,SPECIFICATIONS,STATEMENTS,INFORMATION,ANDRECOMMENDATIONS(COLLECTIVELY,"DESIGNS")INTHISMANUALAREPRESENTED"ASIS,"WITHALLFAULTS.CISCOANDITSSUPPLIERSDISCLAIMALLWARRANTIES,INCLUDING,WITHOUTLIMITATION,THEWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITA-TION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHEDESIGNS,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THEDESIGNSARESUBJECTTOCHANGEWITHOUTNOTICE.USERSARESOLELYRESPONSIBLEFORTHEIRAPPLICATIONOFTHEDESIGNS.THEDESIGNSDONOTCONSTITUTETHETECHNICALOROTHERPROFESSIONALADVICEOFCISCO,ITSSUPPLIERSORPARTNERS.USERSSHOULDCONSULTTHEIROWNTECHNICALADVISORSBEFOREIMPLEMENTINGTHEDESIGNS.RESULTSMAYVARYDEPENDINGONFACTORSNOTTESTEDBYCISCO.

AnyInternetProtocol(IP)addressesusedinthisdocumentarenotintendedtobeactualaddresses.Anyexamples,commanddisplayoutput,andfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesinillustrativecontentisunintentionalandcoincidental.CiscoUnifiedCommunicationsSRND(BasedonCiscoUnifiedCommunicationsManager7.x)

©2010CiscoSystems,Inc.Allrightsreserved.

Table of Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Agency Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Technology Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11ForAdditionalInformation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

Appendix A: Large Agencies LAN Deployment Product List . . . . . . . . . . . . . .12

Appendix B: SBA for Large Agencies Document System . . . . . . . . . . . . . . . . .13

1Introduction

Introduction

This guide is a companion document to the Cisco SBA for Large Agencies—Borderless Networks Design Guide and LAN Deployment Guide.

TheCiscoSBAforLargeAgenciesisaprescriptivearchitecturethatdeliversaneasytouse,flexibleandscalablenetworkwithwired,wireless,security,WAN,and internet edge modules. It eliminates the challenges of integrating the vari-ous network components be using a standardized design that is reliable with comprehensive support offerings.

TheCiscoSBAforLargeAgencies—BorderlessNetworksisdesignedtoaddressthecommonrequirementsofagencieswith2000to10,000employees.EachagencyisuniquehoweverandsoareitsrequirementssoweensuredthattheCiscoSBAwasbuiltsothatadditionalcapabilitiescouldbe added on without redesigning the network.

OnewaytheCiscoSBAaccomplishesthisextensibilityisbybrakingdownthearchitectureintothreeprimarylayers,NetworkFoundation,NetworkServices,andUserServices,asillustratedinFigure1.

AcollapsedcampusanddatacentercoreispartoftheNetworkFoundation.ThereliablenetworkfoundationprovidedbytheCiscoSBAhelpsensureagovernment agency can rely on the network and user services required to operate effectively and achieve the agency mission objectives.

TolearnmoreaboutCiscoSBA,visit:

http://www.cisco.com/go/smartarchitecture or

http://www.cisco.com/go/partner/smartarchitecture

Figure1.SBAModel

2AgencyOverview

AgencyOverview

AstheLANenvironmentatalargerfacilitygrowsitoftencreatestheneedtousemultipleLANdistributionlayerblocks.Asthenumberofrequireddistribution layer blocks in a facility grows beyond two or three a solution is required to reduce the need and cost of fully meshing all interconnectivity while maintaining a design that provides a reliable infrastructure.

Whenanagencyhasalargeprimarysitetheagency’sprimarydatacenteris often located there also. If the data center is large enough that it also includes multiple distribution layer blocks then the data center will also need a solution for interconnectivity.

The similarities between the needs of the campus and the data center present an opportunity to consolidate the needs into a single set of devices which can save both operational and equipment costs.

3Technology Overview

Technology Overview

CiscohasarichtraditionofbuildingscalableandrobustLANandcampusnetworksusingtheCiscoCatalystswitchline.TheCatalyst6500seriesswitch has a long history as the flagship of large campus aggregation and corelayernetworks.Asof2008,state-of-the-artdatacenternetworksstartedusingCiscoNexusfamilyswitchingproducts.Specifically,datacenteraggregation(alsoreferredtoasdistribution),andcorelayersarebuiltusing the Cisco Nexus 7000 Series switch.

TheCiscoNexus7000Seriesdelivershighperformance,portdensity,avail-ability,andresiliencywithacomprehensivefeaturesettargetedforthecoreofdatacenterandcampusLANnetworks.TheCiscoNexus7000Seriesswitch effectively addresses data center core and aggregation requirements suchasahighdensity10-GigabitEthernetinterface,robustLayer3proto-cols,andazero-servicedisruptionarchitecture.Inenvironmentswherethecoredevicealsoactsasadatacenterinterconnect(DCI)platform,theCiscoNexus7000SeriesswitchsupportsOverlayTransportVirtualization(OTV),anindustrysolutionthatenablestheextensionofLayer2overLayer3net-works,withouttheoperationalcomplexitiesofotherinterconnectsolutions.

Outsideofthedatacenter,theCiscoNexus7000canalsobeusedinthecorelayerofthecampusLAN.ThemaindriverforutilizingtheCiscoNexus7000SeriesinthecoreofacampusLANnetworkistheabilitytocollapsetheLANandthedatacentercore,whichusuallyareonseparatepairsofdevices,ontoasinglepairofCiscoNexus7000Seriesswitches(Figure2).

The Cisco Nexus 7000 Series switch is uniquely positioned as the platform tosupportaconsolidatedcampusLANanddatacentercorebecauseofitshigh10-GigabitEthernetdensity,resiliencyandhighavailability,andexten-sive support of virtualization.

Withhigherdensityandthepotentialforcombiningmultiplelayers,thebarforavailabilityandresiliencymoveshigher.Fromahigh-availabilitystand-point,theCiscoNexus7000Seriesisaveryrobustandresilientplatform.In addition to the hardware redundancy that is built into every hardware componentoftheCiscoNexus7000Series,itsoperatingsystem,Cisco

NX-OS,providesaunique,highly-resilientcapabilitythatsupportsnon-stoppacketforwarding,evenintheeventofasoftwareupgradewiththehitlessin-servicesoftwareupgrade(ISSU)feature.Furthermore,CiscoNX-OSontheCiscoNexus7000Seriessupportsgracefulrestart,aswellasnon-stoprouting(NSR)functionalitiesforroutingprotocolstheoperatingsystemiscapableofdetectingandrestartingafaultyprocess,withoutdisruptingtheother operations of the switch. The zero-service disruption architecture of the Cisco Nexus 7000 Series switch is paramount in a collapsed core environment,whereinfrastructurefailureormaintenancewindowscanhavea broad impact.

Figure2.CollapsedDataCenterandLANCore

LAN DistributionSwitches

Data CenterAggregationSwitches

Data Center andLAN Core Switches

Data CenterAccess

Switches

LANAccess

Switches

Building 1 Building 2 Building 4Building 3

Local AreaNetwork

DataCenter

4Technology Overview

Inadatacenternetworkwitha3-tierarchitecture(Figure3),theCiscoNexus7000Seriesswitchisthestate-of-the-artLayer3switchforthecoreandaggregationlayers.TypicallytheaggregationlayeristheLayer2orLayer3boundary.

Inasmallormediumsizedatacenternetwork,thecoreandaggregationmay collapse into one single layer that leverages the virtual device contexts capabilityforconsolidation(Figure4).

Virtualdevicecontexts(VDCs)allowaCiscoNexus7000Seriesswitchtobecarvedupintologicallyseparatedevices.Eachofthoseentitiescanbemanaged separately to allow operational independence and isolation from each other. This isolation can be useful for environments where layers of

networksmaybephysicallycombinedwhilelogicallystayingindependent,or where organizational units have to be separated from a management and configurationaccessstandpoint(suchasforcompliancereasons).

Forexample,adatacentercoreandaggregationcanfallintoonepairofswitches. To still follow the hierarchical network model as well as to respect operationalboundaries,devicevirtualizationcanbeusedviaavirtualdevicecontext(VDC),whichisthefirstcontrolplanevirtualizationinanetworkdevice.Asingleswitchcanbecarvedupintoamaximumoffourlogicalswitches(thatis,fourVDCs),whereresourcessuchasinterfaces,memory,andsoonareexplicitlyallocatedtotherespectiveVDC.Besidesofferingconsolidationandoperationalbenefits,theconfigurationofVDCsoffersflexible separation and distribution of resources. The hardware and software isolationperVDCnotonlydelineatesadministrativecontexts,butalsoallowsscalingtheoverallsystems.ThevirtualizationcapabilitiesofVDCsarekeyto deploy a collapsed core on a single Cisco Nexus 7000 Series switch with multiple logical cores.

TheaggregationlayerusuallyactsasaLayer2orLayer3boundary.Alongwithroutingtechnologies,theCiscoNexus7000Seriesswitchoffersflexibleswitchingfunctionalities,suchasvirtualPortChannels(vPC),rapidspanningtree,andPortChannels,thatareallhandledinastatefulfashiontoguaran-tee a very high level of system reliability.

Core Layer Architecture

ThecorelayeroftheLANisacriticalpartofthescalablenetwork,yetbydesign,isoneofthesimplest.Likethedistributionlayer,thecorelayeraggregatesconnectivity,butformultipledistributionlayersinsteadofaccesslayers.Asnetworksgrowbeyondthreedistributionlayersinasinglelocation,acorelayershouldbeusedtooptimizethedesign.

Beyondthesimpleaggregationofconnectivity,thecorelayerservestoreduce the number of paths between distribution layers which in turn lowers the time required to converge the network after a failure. By upgrading bandwidthbetweenadistributionlayerandthecore,multipledistributionlayer blocks can benefit from the increase versus the need to upgrade the bandwidth to every other device in a design without a core. The core layer is especially relevant to designs where the data center resources might be collocatedwiththeLAN.

Figure4.CollapsedCore/AggregationDataCenterArchitecture

Access

Core /Aggregation

Figure3.3-TierDataCenterArchitecture

Access

Aggregation

Core

5Technology Overview

InlargemodularandscalableLANdesigns,acorelayerisusedtoaggregatemultiple user connectivity distribution layer blocks. In designs with a collocated datacenter,thecoreprovideshighspeedfanoutconnectivitytotherestofthenetwork.ThecorelayeralsoservesastheinterconnectfortheWideAreaNetwork(WAN)andInternetEdgedistributionlayerblocks.Becauseofthiscentralpointofconnectivityforalldataflows,thecoreispartofthebackboneIProutingaddressspaceandisdesignedtobehighlyresilienttoprotectfromcomponent-,power-,oroperational-inducedoutages.

ThecorelayerintheSBAdesignisbasedontwophysicallyandlogicallyseparateswitches.ConnectivitytoandfromthecoreshouldbeLayer3only.NoVLANsshouldspanthecoretodriveincreasedresiliencyandstability.Since the core does not need to provide the same services or boundaries thatthedistributionlayerdoes,thetwo-boxdesigndoesnotsignificantlyincrease the complexity of the solution. The core layer should not contain highly-complexorhigh-touchservicesthatrequireconstantcareandtuning,toavoiddowntimerequiredbycomplexconfigurationchanges,increasedsoftwareupgradesfornewservices,orlinksthattoggleup/downaspartofnormal operations like user endpoint connectivity.

The core is built on dual switches to provide a completely separate control planehousedoneachswitch,thatprovidesredundantlogic,linecards,hardware,andpowerforthebackboneoperation.Eachdistributionlayerblock,router,orotherapplianceconnectingtothecoreshouldbedual-homedwithanEtherChannelorlinktoeachcoreswitch.ThisdualhomedapproachprovidesEqualCostMultiplePath(ECMP)loadsharingofIPtrafficacrosslinksfortraffictraversingthecore,andfastfailoverbasedoneitherEtherChannelorECMPalternaterouteswithoutwaitingforroutingprotocoltopology changes to propagate the network.

The core is designed to be high speed and provides for connectivity rang-ingfromGigabitEthernet,GigabitEtherChannel,10GigabitEthernet,andupto10GigabitEtherChannel.Thecorecanprovidenon-blockingbandwidthbasedondesignandconfiguration.EtherChannellinkshomedtoaswitchshould be spread across line cards when possible.

The core switches can be provisioned with dual supervisors for Stateful Switchover(SSO)operationtoprotectthecorebandwidthintheeventacontrol plane hardware or software failure occurs. The core switches are NonstopForwarding(NSF)awaretoprovideenhancedresilienceforanydualsupervisorconnecteddevicesandNSFcapableifprovisionedwithdual supervisors per switch.

Attaching the Data Center Aggregation Layer

The links from the Core layer facing the data center aggregation or dis-tribution layer are configured in the same way as the links facing campus distributionlayers.Morespecificallytheseareroutedlayer3interfaceswithpoint-to-point subnets and a routing configuration as outlined below.

The Data Center aggregation layer configuration follows a similar model as thecampusdistributionlayer.Integrationofservicessuchasfirewalling,intrusion prevention and load-balancing are typically added. Design aspects and sample configurations for the aggregation layer using the Cisco Nexus 7000 Series switch are further described in the design guides referenced at the end of this document.

6Configuration Details

Configuration Details

This chapter describes the configuration for the core layer using the Cisco Nexus 7000 Series. Only core relevant features are described. The core layeristypicallyaLayer3configureddevice;therefore,configurationdetailsofCiscoNexus7000SeriesLayer2features,suchasspanningtree,VLANTrunkingProtocol(VTP),andvirtualPortChannel(vPC),areintentionallyomitted.Forthosescenariosthatrequirehavingspanningtreeasasafeguard,RapidSpanningTreeProtocol(RSTP)isenabledbydefaulton the Cisco Nexus 7000 Series switch and does not require any additional configuration.

Thecorelayerdesignisbasedondualswitches;therefore,programmingofthecoredevicesissymmetricalforsimplicity,exceptforIPaddressingandservices that must be unique in the network. Because we cover the global configurationoptionsindetailintheAccessLayersection,thecommandsare listed here for easy reference.

Process

1. PlatformConfiguration

2. LANSwitchGlobalConfiguration

3. Core Switch Global Configuration

4. ConnectivitytoLANandDataCenterAggregationSwitchConfiguration

Procedure 1 Platform Configuration

Some platforms require a one-time initial configuration prior to configuring thefeaturesandservicesoftheswitch.Ifyoudon’thaveaplatformlistedinthe following steps they can be skipped.

Step 1:SoftwareLicensePrerequisites

The Cisco Nexus 7000 Series offers a simplified software management mechanism based on software licenses. These licenses are enforceable onachassisbasisandenableafullsuiteoffunctionalities.AsthecorelayerischaracterizedbyaLayer3configuration,theCiscoNexus7000SeriesswitchrequirestheEnterpriseLANlicense,whichenablesroutingfunctionalities.

TheVDCconfigurationisnotincludedinthisaddendum.However,forthosedeploymentswhereVDCisrecommended,theAdvancedLANlicenseneedstobeinstalled.Otherbaselinefeatures(suchasQoSandLayer2)donot require any additional licenses.

Step 2:FeatureCommands

DuetothemodularnatureofCiscoNX-OS,processesareonlystartedwhenafeatureisenabled.Asaresult,commandsandcommandchainsonlyshowuponcethefeaturehasbeenenabled.Forlicensedfeatures,the feature feature-name command can only be used once the appropri-atelicenseisinstalled.Fortrialandtestingpurposes,thereisagraceperiod of 120 days during which all features can be tried within the sys-tem.Toenablethisgraceperiod,usethelicense grace-period command.

7Configuration Details

Procedure 2 LAN Switch Global Configuration

Withinthisdesign,therearefeaturesandservicesthatarecommonacrossallLANswitchesregardlessofthetypeofplatformorroleinthenetwork.Theseare system settings that simplify and secure the management of the solution.

This procedure provides examples for some of those settings. The actual settings and values will depend on your current network configuration.

Common Network Services Used in the Deployment Examples

Domain Name: cisco.local

MulticastRP: 10.4.60.254

AuthenticationControlSystem: 10.4.200.15

NetworkTimeProtocolServer: 10.4.200.17

Step 1: Configure the Device Hostname

Configure the device hostname and domain name to make it easy to identify the device.

hostname [hostname]ip domain-name cisco.local

Step 2: ConfigureDeviceManagementProtocols

SecureShell(SSH)isanapplicationandaprotocolthatprovideasecurereplacement to RSH and Telnet. Secure management access is enabled through the use of the SSH protocol. The protocol is encrypted for privacy.

SSH is enabled by default and does not require any specific configuration. Cisco NX-OS can store SSH authentication keys and therefore simplify the login process while still using strong authentication. Non-secure protocols like Telnet are disabled by default.

SimpleNetworkManagementProtocol(SNMP)isenabledtoallowthenetwork infrastructure devices to be managed by a network management system(NMS).SNMPv2cisconfiguredbothforaread-onlyandaread-writecommunitystring.TheconfigurationoftheNMSisoutsidethescopeofthisdocument.

ThebasicSNMPconfigurationisasfollows:snmp-server community cisco group network-operator snmp-server community cisco123 group network-admin

Step 3: ConfigureSecureUserAuthenticationConfiguration

Authentication,AuthorizationandAccounting(AAA)isenabledforaccesscontrol.AllmanagementaccesstothenetworkinfrastructuredevicesiscontrolledwithAAA.

TheAAAserverusedinthisarchitectureistheCiscoAuthenticationControlSystem.ConfigurationofACSisdiscussedintheACSDeploymentSupplement.

RADIUSistheprimaryprotocolusedtoauthenticatemanagementloginsontheinfrastructuredevicestotheAAAserver.AlocalAAAuserdatabaseisalso defined each network infrastructure device to provide a fallback authen-ticationsourceincasethecentralizedRADIUSserverisunavailable.

ToenableRADIUSauthenticationandspecifyaRADIUSserver,usethefollowing commands:

username admin password c1sco123 role network-adminaaa authentication login default group radius radius-server host 10.4.200.15 key 7 “SecretKey”

Step 4: SetupSynchronizedClockandTimezoneforManagement

TheNetworkTimeProtocol(NTP)isdesignedtosynchronizeanetworkofdevices.AnNTPnetworkusuallygetsitstimefromanauthoritativetimesource,suchasaradioclockoranatomicclockattachedtoatimeserver.NTPthendistributesthistimeacrossthenetwork.NTPisextremelyeffi-cient;nomorethanonepacketperminuteisnecessarytosynchronizetwodevices to within a millisecond of one another.

NetworkdevicesshouldbeprogrammedtosynchronizetoalocalNTPserverinthenetwork.ThelocalNTPservertypicallyreferencesamoreaccurate clock feed from an outside source. Configuring console mes-sages,logs,anddebugoutputonswitches,routers,andotherdevicesinthenetwork to provide time stamps on output allows cross-referencing of events in a network.

ToconfigureNTPinCiscoNX-OS,usethefollowingfeaturecommandandspecifytheNTPserver.Theexamplealsoshowshowtoenablethecorrecttime zone and daylight savings settings.

ntp server 10.4.200.17clock timezone PST -8 0clock summer-time PDT 1 Sunday March 02:00 1 Sunday November 02:00 60!logging timestamp milliseconds

8Configuration Details

Step 5:ConfigureDeviceResiliencyFeatures

UniDirectionalLinkDetection(UDLD)isaLayer2protocolthatenablesdevicesconnectedthroughfiber-opticortwisted-pairEthernetcablestomonitor the physical configuration of the cables and detect when a unidi-rectionallinkexists.WhenUDLDdetectsaunidirectionallink,itdisablesthe affected port and alerts you. Unidirectional links can cause a variety of problems,includingspanning-treeloops,blackholes,andnon-deterministicforwarding.Inaddition,UDLDenablesfasterlinkfailuredetectionandquickreconvergenceofporttrunks,especiallywithfiber,whichcanbesusceptibleto unidirectional failures.

Innormalmode,ifthelinkstateoftheportisdeterminedtobeunidirec-tional,thentheportcontinuestoforwardtrafficnormally,buttheportismarked as undetermined. The port cycles through the regular spanning tree protocolstatesandcontinuestoforwardtraffic.Inaggressivemode,theport enters the errdisable state and effectively shuts down. To recover from errdisable,youhavetoshutdownandrestarttheportbyissuingtheshutandnoshutcommands.UDLDdoesnotfunctionanydifferentlyforeithermode. The same messages are sent and the same messages are expected tobereceived.ThemodesonlydifferinthewaythatUDLDreactstoaunidirectional link failure.

ToenableUDLD,usethefollowingcommand:feature udld

Procedure 3 Core Layer Switch Global Configuration

Step 1: ConfigureanIn-BandManagementInterface

The loopback interface is a logical interface that is always reachable as long asthedeviceispoweredonandanyIPinterfaceisreachabletothenetwork.Because of this capability the loopback address is the best way to manage theswitchin-band.Layer3processandfeaturesarealsoboundtotheLoopbackinterfacetoensureprocessesresiliency.

Theloopbackaddressiscommonlyahostaddresswitha32-bitaddressmask.AllocatetheloopbackaddressfromthecoreIPaddressblock.Wehave included the ip pim sparse-mode command that will be explained furtherinstep3.

interface loopback 1 ip address [ip address]/32 ip pim sparse-mode

OncetheIPloopbackinterfaceiscreated,SNMPcanbeassociatedwiththat interface address.

snmp-server source-interface trap loopback1

Step 2: IPUnicastRoutingConfiguration

You must enter the feature eigrp command to enable this feature. Only after the featureisenabled,doalltheEIGRPconfigurationcommandsappear.

Cisco NX-OS routing configuration follows an interface-centric model. Insteadofaddingnetworkstobeadvertisedvianetworkstatements,EIGRPisenabledonaper-interface-basis.EachLayer3interfacethatcarriesanetworkthatmaybeadvertisedviaEIGRPrequirestheiproutereigrpstate-ment.Ifanetworkmaybeadvertised,butnoadjacencymaybeformed,theip passive-interface eigrp command should be used.

InthisconfigurationtheonlyparameterconfiguredundertheEIGRPpro-cess(routereigrp100)istherouter-ID.Theloopback1IPaddressisusedfortheEIGRProuterID.

feature eigrprouter eigrp 100 router-id [ip address of loopback 1]interface loopback1 ip router eigrp 100

9Configuration Details

Step 3: IPMulticastRoutingConfiguration

ToenableAnycastRPoperation,thefirststepistoconfigureasecondloopback interface on each of the core switches. The key is that this second loopbackinterfacewillhavethesameIPaddressonbothcoreswitchesandwilluseahostaddressmask(32bits).AllroutersthenpointtothiscommonIPaddressonloopback2fortheRPintheirconfiguration.WeconfiguredtheRPaddressfromthecoreIPaddressspace.

interface Loopback2 ip address 10.4.60.252/32 ip pim sparse-mode ip router eigrp 100

ThefinalstepfortheAnycastRPconfigurationistoenableMulticastSourceDiscoveryProtocol(MSDP)torunbetweenthetwocoreRPswitches.ToenableMSDP,youmustuseuniqueaddressesateachendofthelink;there-fore,weusetheloopback1addressesofeachcoreroutertoconfiguretheMSDPsession(Figure5).Enterthefeaturemsdpcommandfirsttoenablethe feature.

On core switch #1:feature msdpip msdp originator-id loopback1ip msdp peer 10.4.60.253 connect-source loopback1! The IP address for the listed above is the core switch #2 loopback

On core switch #2: feature msdpip msdp originator-id loopback1ip msdp peer 10.4.60.254 connect-source loopback1! The IP address for the listed above is the core switch #1 loopback

TheMSDPconfigurationiscompleteandconvergencearoundafailedRPisnowasfastastheunicastroutingprotocol(EIGRP)convergence.YoucanseetheMSDPprotocolsessionactivatelaterasyouenabletherout-ing links between the core switches and the distribution layer blocks that establishLayer3connectivity.Usethe show ip msdp summary command for verification.

EveryLayer3switchandroutermustbeconfiguredwiththeaddressoftheIPmulticastRP,includingthecoreswitchesthatareservingastheRP.ConfigurethecoreswitchestopointtheirRPaddresstotheloopback2IPaddressaswellaseveryotherremoterouterandLayer3switch.Usethe rp-address command in conjunction with a group-list to limit the network size thattheRPisresponsiblefor.AlsonotethatyouneedtoenterthefeaturepimcommandtoexposealltheCLIcommandsforProtocolIndependentMulticast(PIM).

feature pimip pim rp-address [rp address] group-list [multicast network]/[mask]

AllLayer3interfacesinthenetworkmustbeenabledforsparsemodemulticast operation.

ip pim sparse-mode

IntheeventthatyouaddacorelayertoyourexistingnetworkandtheRPiscurrentlyconfiguredonadistributionlayer,youmaywanttomovetheRPtothecore.WithAnycastRP,youcanmovetheRPtoanewlocationbyprogrammingtheRPaddressontheloopback2interfacesatthenewloca-tion,andthenenablingandestablishingIPmulticastandMSDPpeering.AllremoteroutersshouldstillpointtothesameRPaddress,whichsimpli-fiesthemoveandreducesdisruptiontotheIPmulticastenvironment.

Figure5.MSDPOverview

MSDP

SA Message SA Message

RP1 RP2

Source Source

10.4.60.252 10.4.60.252

10Configuration Details

Step 4: QualityofService(QoS)

ThecorelayerQoSconfigurationhonorstheQoSvaluespresentinthetraffic because classification and marking of traffic has already happened attheedgeofthenetwork.Fortrafficnothittinganycongestionpointwhentraversingthroughthecore,theoriginalQoS(DSCP)valuesarepreservedand not altered. In case congestion occurs once traffic travels through the core,areclassificationormarkdowncanoccur.

ACiscoNexus7000SeriesswtichhasQoSenabledbydefault.Allinter-facesareconfiguredtobetrusted,whichmeansthattheQoSvaluespresentintheIPpacketsarehonoredforqueuingandscheduling.Bydefaultthen,noQoSconfigurationisrequiredinthecore.

Procedure 4 Distribution Layer Aggregation Configuration

Inthisdesign,linksinthecorelayerareconfiguredaspoint-to-pointLayer3routedlinksorLayer3routedEtherChannels.

IfyouareusingtheCiscoCatalyst6500VSS1440systeminthedistribu-tionlayer,werecommendthatallpeer-connectedlinksareEtherChannellinks.EtherChanneltotheCatalyst6500VSSprovidesforoptimalforward-ing as a packet that is received on the switch will be forwarded out a link on thatsameswitchinnormaloperationversustraversingtheVSLlink.

OtherbenefitsofEtherChanneltoanysinglephysicalorlogicaldevicearetheease of growing bandwidth without changing the topology and that a single linkfailureusesEtherChannelrecoveryversususingECMPoraroutingtopol-ogy change to reroute the data flows for fastest recovery.

Sincethecorelinksarepoint-to-pointroutedlinks,use30-bitIPaddresssubnetsandmasksanddonotuseSwitchedVirtualInterfaces(SVI).

ForcoreconnecteddevicesthatdonotrequireEtherChannel,configureroutedinterfaceswiththeIPaddressdirectlyonthephysicalinterfaceanddonotuseaswitchvirtualinterface(SVI).

interface ethernet[number] logging event link-status ip address [ip address]/[mask] ip pim sparse-mode ip router eigrp 100

CreatingtheEtherChannel(sometimesreferencedasaportchannel)in Cisco NX-OS means adding the channel-group command under the respective channel member interfaces. Note that Cisco NX-OS labels all Ethernetinterfacesasinterfaceethernetirrespectiveoftheactualinterfacespeed.(ThisstyleoflabelingisdifferentthanIOSwhichusesinterfaceGigabitEthernet,interfaceTenGigabitEthernetandsoon.).

Whiletheport-channelinterfaceisautomaticallycreated,itdoesnotcarryanyIPaddress,routing,andloggingconfigurationyet.Theport-channelinterface number matches the number specified at the channel-group command.TogetaLACPconfigurationstarted,makesureyoufirstentertherespective feature command.

feature lacpinterface ethernet[interface 1]-[interface 2] logging event port link-status channel-group [number] mode active

interface port-channel [number] logging event port link-status ip address [ip address]/[mask] ip pim sparse-mode ip router eigrp 100

Makesureyouenterthenoshutcommandtobringuptheport-channelinterface and the channel member interfaces to an operational state.

11Summary

Summary

The Cisco Cisco Nexus 7000 Series is a key platform for the data center and campus core deployments.

BuiltaroundtheflexibleandscalableCiscoNX-OSoperatingsystem,the Cisco Nexus 7000 Series combines hardware and software to deliver unprecedentedhighavailability.Fullhardwareredundancyandsophisticatedmechanisms for recovering from failure conditions make the Cisco Nexus 7000Seriesaveryrobust,zero-downtimeplatformforcorenetworksforbothscenarios of collapsed data center and campus core or separate cores.

TheVDCtechnologyprovidesavarietyofbenefitsrangingfromsimplifiedoperations,hardwareandsoftwareresourcesseparation,virtualization,andconsolidation.Whilerelevanttoallthecorearchitectures,VDCaddsgreatvalueinacollapsedcoreenvironment.Inthisscenario,eachVDCcanvirtualizeacoredevice,presentingthephysicalswitchasmultiplelogicaldeviceswiththeirownuniquesetofVLANs,IProutingtables,VRFs,andphysical interfaces.

Furthermore,scalableandefficientmulticastcapabilities,alongwithaflexibleQualityofServicemodel,enabletheCiscoNexus7000SeriestoembracetheCiscoMedianetsolution.

For Additional Information

CiscoNX-OSProductPage:http://www.cisco.com/go/nxos

Cisco NX-OS / IOS Comparison: http://docwiki.cisco.com/wiki/Cisco_Nexus_7000_NX-OS/IOS_Comparison_Tech_Notes

CiscoNexus7000SeriesProductPage:http://www.cisco.com/go/nexus7000

CiscoNexus7000SeriesProductDocumentation:http://www.cisco.com/en/US/products/ps9402/tsd_products_support_series_home.html

MedianetonCisco.com:http://www.cisco.com/go/medianet

Borderless Networks: http://www.cisco.com/go/borderless

Data Center Design and Configuration documents:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/DC-3_0_IPInfra.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/nx_7000_dc.html

12AppendixA

AppendixA: LargeAgenciesLANDeploymentProductList

Functional Area Product Part Numbers Software Version

CoreLayer Nexus 7000 N7K-C7010 Nexus7000C7010(10Slot)Chassis

N7K-SUP1 Nexus 7000 Supervisor module-1X

N7K-M148GS-11 Nexus700048-portGigEMod(SFP)

N7K-M132XP-12 Nexus700032-port10GigEModule

N7K-M108X2-12L Nexus70008-port10GigEEthernetModule(X2)

4.2(4)

13AppendixB

AppendixB: SBAforLargeAgenciesDocumentSystem

Design Overview

IPv6 AddressingGuide

LAN DeploymentGuide

LAN Configuration Guide

WAN DeploymentGuide

WAN Configuration Guide

Internet EdgeDeployment Guide

Internet Edge Configuration Guide

SolarWinds Deployment Guide

Foundation DeploymentGuides

Network ManagementGuides

Wireless CleanAirDeployment Guide

Data SecurityDeployment Guide

Nexus 7000 Deployment Guide

ArcSight SIEM Partner Guide

LogLogic SIEM Partner Guide

nFx SIEM Partner Guide

RSA SIEM Partner Guide

Splunk SIEM Partner Guide

CREDANT Data Security Partner Guide

Lumension Data Security Partner Guide

SIEM DeploymentGuide

Design Guides Deployment Guides

You are Here

Supplemental Guides

Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)

Americas HeadquartersCisco Systems, Inc.San Jose, CA

Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore

Europe HeadquartersCisco Systems International BVAmsterdam, The Netherlands

C07-640796-0002/11