cisco - global home page - collapsed data center and · scaling the overall systems. the...
TRANSCRIPT
Collapsed Data Center and Campus Core Deployment Guide
Cisco Nexus 7000 Supplemental
Revision: H2CY10
2Using this Borderless Networks Guide
Using this Borderless Networks Guide
This is guide is a concise reference on consolidating the campus and data center core layers and is broken up into a few sections.
The Introduction outlines the use-cases that often drive the consolidation of the campus and data center cores
The Technology Overview section introduces the Cisco Nexus 7000 Series and the capabilities that uniquely position the platform as the device that should be utilized in a collapsed campus and data center core.
The Configuration Details section details the processes and procedures required to deploy the Nexus 7000 Series as a collapsed campus and data center core.
This document is for the reader who:
• HasreadtheCisco Smart Business Architecture (SBA) for Government Large Agencies—Borderless Networks LAN Deployment Guide
• Hasintotal2000to10,000connectedemployees
• HasacampusLANthatsupportsupto5000connectedemployeesco-located with a data center
• Wantstoconsolidatethecampusanddatacentercoredevices
• Hashigh10-GigabitEthernetdensityinthecampusanddatacentercore
• HasITworkerswithaCCNA® certification or equivalent experience
• Wantstheassuranceofatestedsolution
Who Should Read This Guide
This guide should be of interest to anyone in a large agency that wants to understand why they might want to utilize the Cisco Nexus 7000 Series when they are collapsing the campus and data center core.
The audience also includes information technology staff and technology resellers who want to understand more about the Cisco Nexus 7000 Series and how to deploy it in a collapsed campus and data center core environment.
ThisguidedoesassumesaCCNA-leveltechnicalbackground.
Nexus 7000 Deployment Guide
Supplemental Guides
You are Here
Network ManagementGuides
Internet Edge Configuration Guide
Internet EdgeDeployment Guide
WAN Configuration Guide
WAN DeploymentGuide
LAN Configuration Guide
LAN DeploymentGuide
Foundation DeploymentGuides
Design Guides Deployment Guides
Table of Contents
ALLDESIGNS,SPECIFICATIONS,STATEMENTS,INFORMATION,ANDRECOMMENDATIONS(COLLECTIVELY,"DESIGNS")INTHISMANUALAREPRESENTED"ASIS,"WITHALLFAULTS.CISCOANDITSSUPPLIERSDISCLAIMALLWARRANTIES,INCLUDING,WITHOUTLIMITATION,THEWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSEANDNONINFRINGEMENTORARISINGFROMACOURSEOFDEALING,USAGE,ORTRADEPRACTICE.INNOEVENTSHALLCISCOORITSSUPPLIERSBELIABLEFORANYINDIRECT,SPECIAL,CONSEQUENTIAL,ORINCIDENTALDAMAGES,INCLUDING,WITHOUTLIMITA-TION,LOSTPROFITSORLOSSORDAMAGETODATAARISINGOUTOFTHEUSEORINABILITYTOUSETHEDESIGNS,EVENIFCISCOORITSSUPPLIERSHAVEBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THEDESIGNSARESUBJECTTOCHANGEWITHOUTNOTICE.USERSARESOLELYRESPONSIBLEFORTHEIRAPPLICATIONOFTHEDESIGNS.THEDESIGNSDONOTCONSTITUTETHETECHNICALOROTHERPROFESSIONALADVICEOFCISCO,ITSSUPPLIERSORPARTNERS.USERSSHOULDCONSULTTHEIROWNTECHNICALADVISORSBEFOREIMPLEMENTINGTHEDESIGNS.RESULTSMAYVARYDEPENDINGONFACTORSNOTTESTEDBYCISCO.
AnyInternetProtocol(IP)addressesusedinthisdocumentarenotintendedtobeactualaddresses.Anyexamples,commanddisplayoutput,andfiguresincludedinthedocumentareshownforillustrativepurposesonly.AnyuseofactualIPaddressesinillustrativecontentisunintentionalandcoincidental.CiscoUnifiedCommunicationsSRND(BasedonCiscoUnifiedCommunicationsManager7.x)
©2010CiscoSystems,Inc.Allrightsreserved.
Table of Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Agency Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Technology Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Configuration Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11ForAdditionalInformation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Appendix A: Large Agencies LAN Deployment Product List . . . . . . . . . . . . . .12
Appendix B: SBA for Large Agencies Document System . . . . . . . . . . . . . . . . .13
1Introduction
Introduction
This guide is a companion document to the Cisco SBA for Large Agencies—Borderless Networks Design Guide and LAN Deployment Guide.
TheCiscoSBAforLargeAgenciesisaprescriptivearchitecturethatdeliversaneasytouse,flexibleandscalablenetworkwithwired,wireless,security,WAN,and internet edge modules. It eliminates the challenges of integrating the vari-ous network components be using a standardized design that is reliable with comprehensive support offerings.
TheCiscoSBAforLargeAgencies—BorderlessNetworksisdesignedtoaddressthecommonrequirementsofagencieswith2000to10,000employees.EachagencyisuniquehoweverandsoareitsrequirementssoweensuredthattheCiscoSBAwasbuiltsothatadditionalcapabilitiescouldbe added on without redesigning the network.
OnewaytheCiscoSBAaccomplishesthisextensibilityisbybrakingdownthearchitectureintothreeprimarylayers,NetworkFoundation,NetworkServices,andUserServices,asillustratedinFigure1.
AcollapsedcampusanddatacentercoreispartoftheNetworkFoundation.ThereliablenetworkfoundationprovidedbytheCiscoSBAhelpsensureagovernment agency can rely on the network and user services required to operate effectively and achieve the agency mission objectives.
TolearnmoreaboutCiscoSBA,visit:
http://www.cisco.com/go/smartarchitecture or
http://www.cisco.com/go/partner/smartarchitecture
Figure1.SBAModel
2AgencyOverview
AgencyOverview
AstheLANenvironmentatalargerfacilitygrowsitoftencreatestheneedtousemultipleLANdistributionlayerblocks.Asthenumberofrequireddistribution layer blocks in a facility grows beyond two or three a solution is required to reduce the need and cost of fully meshing all interconnectivity while maintaining a design that provides a reliable infrastructure.
Whenanagencyhasalargeprimarysitetheagency’sprimarydatacenteris often located there also. If the data center is large enough that it also includes multiple distribution layer blocks then the data center will also need a solution for interconnectivity.
The similarities between the needs of the campus and the data center present an opportunity to consolidate the needs into a single set of devices which can save both operational and equipment costs.
3Technology Overview
Technology Overview
CiscohasarichtraditionofbuildingscalableandrobustLANandcampusnetworksusingtheCiscoCatalystswitchline.TheCatalyst6500seriesswitch has a long history as the flagship of large campus aggregation and corelayernetworks.Asof2008,state-of-the-artdatacenternetworksstartedusingCiscoNexusfamilyswitchingproducts.Specifically,datacenteraggregation(alsoreferredtoasdistribution),andcorelayersarebuiltusing the Cisco Nexus 7000 Series switch.
TheCiscoNexus7000Seriesdelivershighperformance,portdensity,avail-ability,andresiliencywithacomprehensivefeaturesettargetedforthecoreofdatacenterandcampusLANnetworks.TheCiscoNexus7000Seriesswitch effectively addresses data center core and aggregation requirements suchasahighdensity10-GigabitEthernetinterface,robustLayer3proto-cols,andazero-servicedisruptionarchitecture.Inenvironmentswherethecoredevicealsoactsasadatacenterinterconnect(DCI)platform,theCiscoNexus7000SeriesswitchsupportsOverlayTransportVirtualization(OTV),anindustrysolutionthatenablestheextensionofLayer2overLayer3net-works,withouttheoperationalcomplexitiesofotherinterconnectsolutions.
Outsideofthedatacenter,theCiscoNexus7000canalsobeusedinthecorelayerofthecampusLAN.ThemaindriverforutilizingtheCiscoNexus7000SeriesinthecoreofacampusLANnetworkistheabilitytocollapsetheLANandthedatacentercore,whichusuallyareonseparatepairsofdevices,ontoasinglepairofCiscoNexus7000Seriesswitches(Figure2).
The Cisco Nexus 7000 Series switch is uniquely positioned as the platform tosupportaconsolidatedcampusLANanddatacentercorebecauseofitshigh10-GigabitEthernetdensity,resiliencyandhighavailability,andexten-sive support of virtualization.
Withhigherdensityandthepotentialforcombiningmultiplelayers,thebarforavailabilityandresiliencymoveshigher.Fromahigh-availabilitystand-point,theCiscoNexus7000Seriesisaveryrobustandresilientplatform.In addition to the hardware redundancy that is built into every hardware componentoftheCiscoNexus7000Series,itsoperatingsystem,Cisco
NX-OS,providesaunique,highly-resilientcapabilitythatsupportsnon-stoppacketforwarding,evenintheeventofasoftwareupgradewiththehitlessin-servicesoftwareupgrade(ISSU)feature.Furthermore,CiscoNX-OSontheCiscoNexus7000Seriessupportsgracefulrestart,aswellasnon-stoprouting(NSR)functionalitiesforroutingprotocolstheoperatingsystemiscapableofdetectingandrestartingafaultyprocess,withoutdisruptingtheother operations of the switch. The zero-service disruption architecture of the Cisco Nexus 7000 Series switch is paramount in a collapsed core environment,whereinfrastructurefailureormaintenancewindowscanhavea broad impact.
Figure2.CollapsedDataCenterandLANCore
LAN DistributionSwitches
Data CenterAggregationSwitches
Data Center andLAN Core Switches
Data CenterAccess
Switches
LANAccess
Switches
Building 1 Building 2 Building 4Building 3
Local AreaNetwork
DataCenter
4Technology Overview
Inadatacenternetworkwitha3-tierarchitecture(Figure3),theCiscoNexus7000Seriesswitchisthestate-of-the-artLayer3switchforthecoreandaggregationlayers.TypicallytheaggregationlayeristheLayer2orLayer3boundary.
Inasmallormediumsizedatacenternetwork,thecoreandaggregationmay collapse into one single layer that leverages the virtual device contexts capabilityforconsolidation(Figure4).
Virtualdevicecontexts(VDCs)allowaCiscoNexus7000Seriesswitchtobecarvedupintologicallyseparatedevices.Eachofthoseentitiescanbemanaged separately to allow operational independence and isolation from each other. This isolation can be useful for environments where layers of
networksmaybephysicallycombinedwhilelogicallystayingindependent,or where organizational units have to be separated from a management and configurationaccessstandpoint(suchasforcompliancereasons).
Forexample,adatacentercoreandaggregationcanfallintoonepairofswitches. To still follow the hierarchical network model as well as to respect operationalboundaries,devicevirtualizationcanbeusedviaavirtualdevicecontext(VDC),whichisthefirstcontrolplanevirtualizationinanetworkdevice.Asingleswitchcanbecarvedupintoamaximumoffourlogicalswitches(thatis,fourVDCs),whereresourcessuchasinterfaces,memory,andsoonareexplicitlyallocatedtotherespectiveVDC.Besidesofferingconsolidationandoperationalbenefits,theconfigurationofVDCsoffersflexible separation and distribution of resources. The hardware and software isolationperVDCnotonlydelineatesadministrativecontexts,butalsoallowsscalingtheoverallsystems.ThevirtualizationcapabilitiesofVDCsarekeyto deploy a collapsed core on a single Cisco Nexus 7000 Series switch with multiple logical cores.
TheaggregationlayerusuallyactsasaLayer2orLayer3boundary.Alongwithroutingtechnologies,theCiscoNexus7000Seriesswitchoffersflexibleswitchingfunctionalities,suchasvirtualPortChannels(vPC),rapidspanningtree,andPortChannels,thatareallhandledinastatefulfashiontoguaran-tee a very high level of system reliability.
Core Layer Architecture
ThecorelayeroftheLANisacriticalpartofthescalablenetwork,yetbydesign,isoneofthesimplest.Likethedistributionlayer,thecorelayeraggregatesconnectivity,butformultipledistributionlayersinsteadofaccesslayers.Asnetworksgrowbeyondthreedistributionlayersinasinglelocation,acorelayershouldbeusedtooptimizethedesign.
Beyondthesimpleaggregationofconnectivity,thecorelayerservestoreduce the number of paths between distribution layers which in turn lowers the time required to converge the network after a failure. By upgrading bandwidthbetweenadistributionlayerandthecore,multipledistributionlayer blocks can benefit from the increase versus the need to upgrade the bandwidth to every other device in a design without a core. The core layer is especially relevant to designs where the data center resources might be collocatedwiththeLAN.
Figure4.CollapsedCore/AggregationDataCenterArchitecture
Access
Core /Aggregation
Figure3.3-TierDataCenterArchitecture
Access
Aggregation
Core
5Technology Overview
InlargemodularandscalableLANdesigns,acorelayerisusedtoaggregatemultiple user connectivity distribution layer blocks. In designs with a collocated datacenter,thecoreprovideshighspeedfanoutconnectivitytotherestofthenetwork.ThecorelayeralsoservesastheinterconnectfortheWideAreaNetwork(WAN)andInternetEdgedistributionlayerblocks.Becauseofthiscentralpointofconnectivityforalldataflows,thecoreispartofthebackboneIProutingaddressspaceandisdesignedtobehighlyresilienttoprotectfromcomponent-,power-,oroperational-inducedoutages.
ThecorelayerintheSBAdesignisbasedontwophysicallyandlogicallyseparateswitches.ConnectivitytoandfromthecoreshouldbeLayer3only.NoVLANsshouldspanthecoretodriveincreasedresiliencyandstability.Since the core does not need to provide the same services or boundaries thatthedistributionlayerdoes,thetwo-boxdesigndoesnotsignificantlyincrease the complexity of the solution. The core layer should not contain highly-complexorhigh-touchservicesthatrequireconstantcareandtuning,toavoiddowntimerequiredbycomplexconfigurationchanges,increasedsoftwareupgradesfornewservices,orlinksthattoggleup/downaspartofnormal operations like user endpoint connectivity.
The core is built on dual switches to provide a completely separate control planehousedoneachswitch,thatprovidesredundantlogic,linecards,hardware,andpowerforthebackboneoperation.Eachdistributionlayerblock,router,orotherapplianceconnectingtothecoreshouldbedual-homedwithanEtherChannelorlinktoeachcoreswitch.ThisdualhomedapproachprovidesEqualCostMultiplePath(ECMP)loadsharingofIPtrafficacrosslinksfortraffictraversingthecore,andfastfailoverbasedoneitherEtherChannelorECMPalternaterouteswithoutwaitingforroutingprotocoltopology changes to propagate the network.
The core is designed to be high speed and provides for connectivity rang-ingfromGigabitEthernet,GigabitEtherChannel,10GigabitEthernet,andupto10GigabitEtherChannel.Thecorecanprovidenon-blockingbandwidthbasedondesignandconfiguration.EtherChannellinkshomedtoaswitchshould be spread across line cards when possible.
The core switches can be provisioned with dual supervisors for Stateful Switchover(SSO)operationtoprotectthecorebandwidthintheeventacontrol plane hardware or software failure occurs. The core switches are NonstopForwarding(NSF)awaretoprovideenhancedresilienceforanydualsupervisorconnecteddevicesandNSFcapableifprovisionedwithdual supervisors per switch.
Attaching the Data Center Aggregation Layer
The links from the Core layer facing the data center aggregation or dis-tribution layer are configured in the same way as the links facing campus distributionlayers.Morespecificallytheseareroutedlayer3interfaceswithpoint-to-point subnets and a routing configuration as outlined below.
The Data Center aggregation layer configuration follows a similar model as thecampusdistributionlayer.Integrationofservicessuchasfirewalling,intrusion prevention and load-balancing are typically added. Design aspects and sample configurations for the aggregation layer using the Cisco Nexus 7000 Series switch are further described in the design guides referenced at the end of this document.
6Configuration Details
Configuration Details
This chapter describes the configuration for the core layer using the Cisco Nexus 7000 Series. Only core relevant features are described. The core layeristypicallyaLayer3configureddevice;therefore,configurationdetailsofCiscoNexus7000SeriesLayer2features,suchasspanningtree,VLANTrunkingProtocol(VTP),andvirtualPortChannel(vPC),areintentionallyomitted.Forthosescenariosthatrequirehavingspanningtreeasasafeguard,RapidSpanningTreeProtocol(RSTP)isenabledbydefaulton the Cisco Nexus 7000 Series switch and does not require any additional configuration.
Thecorelayerdesignisbasedondualswitches;therefore,programmingofthecoredevicesissymmetricalforsimplicity,exceptforIPaddressingandservices that must be unique in the network. Because we cover the global configurationoptionsindetailintheAccessLayersection,thecommandsare listed here for easy reference.
Process
1. PlatformConfiguration
2. LANSwitchGlobalConfiguration
3. Core Switch Global Configuration
4. ConnectivitytoLANandDataCenterAggregationSwitchConfiguration
Procedure 1 Platform Configuration
Some platforms require a one-time initial configuration prior to configuring thefeaturesandservicesoftheswitch.Ifyoudon’thaveaplatformlistedinthe following steps they can be skipped.
Step 1:SoftwareLicensePrerequisites
The Cisco Nexus 7000 Series offers a simplified software management mechanism based on software licenses. These licenses are enforceable onachassisbasisandenableafullsuiteoffunctionalities.AsthecorelayerischaracterizedbyaLayer3configuration,theCiscoNexus7000SeriesswitchrequirestheEnterpriseLANlicense,whichenablesroutingfunctionalities.
TheVDCconfigurationisnotincludedinthisaddendum.However,forthosedeploymentswhereVDCisrecommended,theAdvancedLANlicenseneedstobeinstalled.Otherbaselinefeatures(suchasQoSandLayer2)donot require any additional licenses.
Step 2:FeatureCommands
DuetothemodularnatureofCiscoNX-OS,processesareonlystartedwhenafeatureisenabled.Asaresult,commandsandcommandchainsonlyshowuponcethefeaturehasbeenenabled.Forlicensedfeatures,the feature feature-name command can only be used once the appropri-atelicenseisinstalled.Fortrialandtestingpurposes,thereisagraceperiod of 120 days during which all features can be tried within the sys-tem.Toenablethisgraceperiod,usethelicense grace-period command.
7Configuration Details
Procedure 2 LAN Switch Global Configuration
Withinthisdesign,therearefeaturesandservicesthatarecommonacrossallLANswitchesregardlessofthetypeofplatformorroleinthenetwork.Theseare system settings that simplify and secure the management of the solution.
This procedure provides examples for some of those settings. The actual settings and values will depend on your current network configuration.
Common Network Services Used in the Deployment Examples
Domain Name: cisco.local
MulticastRP: 10.4.60.254
AuthenticationControlSystem: 10.4.200.15
NetworkTimeProtocolServer: 10.4.200.17
Step 1: Configure the Device Hostname
Configure the device hostname and domain name to make it easy to identify the device.
hostname [hostname]ip domain-name cisco.local
Step 2: ConfigureDeviceManagementProtocols
SecureShell(SSH)isanapplicationandaprotocolthatprovideasecurereplacement to RSH and Telnet. Secure management access is enabled through the use of the SSH protocol. The protocol is encrypted for privacy.
SSH is enabled by default and does not require any specific configuration. Cisco NX-OS can store SSH authentication keys and therefore simplify the login process while still using strong authentication. Non-secure protocols like Telnet are disabled by default.
SimpleNetworkManagementProtocol(SNMP)isenabledtoallowthenetwork infrastructure devices to be managed by a network management system(NMS).SNMPv2cisconfiguredbothforaread-onlyandaread-writecommunitystring.TheconfigurationoftheNMSisoutsidethescopeofthisdocument.
ThebasicSNMPconfigurationisasfollows:snmp-server community cisco group network-operator snmp-server community cisco123 group network-admin
Step 3: ConfigureSecureUserAuthenticationConfiguration
Authentication,AuthorizationandAccounting(AAA)isenabledforaccesscontrol.AllmanagementaccesstothenetworkinfrastructuredevicesiscontrolledwithAAA.
TheAAAserverusedinthisarchitectureistheCiscoAuthenticationControlSystem.ConfigurationofACSisdiscussedintheACSDeploymentSupplement.
RADIUSistheprimaryprotocolusedtoauthenticatemanagementloginsontheinfrastructuredevicestotheAAAserver.AlocalAAAuserdatabaseisalso defined each network infrastructure device to provide a fallback authen-ticationsourceincasethecentralizedRADIUSserverisunavailable.
ToenableRADIUSauthenticationandspecifyaRADIUSserver,usethefollowing commands:
username admin password c1sco123 role network-adminaaa authentication login default group radius radius-server host 10.4.200.15 key 7 “SecretKey”
Step 4: SetupSynchronizedClockandTimezoneforManagement
TheNetworkTimeProtocol(NTP)isdesignedtosynchronizeanetworkofdevices.AnNTPnetworkusuallygetsitstimefromanauthoritativetimesource,suchasaradioclockoranatomicclockattachedtoatimeserver.NTPthendistributesthistimeacrossthenetwork.NTPisextremelyeffi-cient;nomorethanonepacketperminuteisnecessarytosynchronizetwodevices to within a millisecond of one another.
NetworkdevicesshouldbeprogrammedtosynchronizetoalocalNTPserverinthenetwork.ThelocalNTPservertypicallyreferencesamoreaccurate clock feed from an outside source. Configuring console mes-sages,logs,anddebugoutputonswitches,routers,andotherdevicesinthenetwork to provide time stamps on output allows cross-referencing of events in a network.
ToconfigureNTPinCiscoNX-OS,usethefollowingfeaturecommandandspecifytheNTPserver.Theexamplealsoshowshowtoenablethecorrecttime zone and daylight savings settings.
ntp server 10.4.200.17clock timezone PST -8 0clock summer-time PDT 1 Sunday March 02:00 1 Sunday November 02:00 60!logging timestamp milliseconds
8Configuration Details
Step 5:ConfigureDeviceResiliencyFeatures
UniDirectionalLinkDetection(UDLD)isaLayer2protocolthatenablesdevicesconnectedthroughfiber-opticortwisted-pairEthernetcablestomonitor the physical configuration of the cables and detect when a unidi-rectionallinkexists.WhenUDLDdetectsaunidirectionallink,itdisablesthe affected port and alerts you. Unidirectional links can cause a variety of problems,includingspanning-treeloops,blackholes,andnon-deterministicforwarding.Inaddition,UDLDenablesfasterlinkfailuredetectionandquickreconvergenceofporttrunks,especiallywithfiber,whichcanbesusceptibleto unidirectional failures.
Innormalmode,ifthelinkstateoftheportisdeterminedtobeunidirec-tional,thentheportcontinuestoforwardtrafficnormally,buttheportismarked as undetermined. The port cycles through the regular spanning tree protocolstatesandcontinuestoforwardtraffic.Inaggressivemode,theport enters the errdisable state and effectively shuts down. To recover from errdisable,youhavetoshutdownandrestarttheportbyissuingtheshutandnoshutcommands.UDLDdoesnotfunctionanydifferentlyforeithermode. The same messages are sent and the same messages are expected tobereceived.ThemodesonlydifferinthewaythatUDLDreactstoaunidirectional link failure.
ToenableUDLD,usethefollowingcommand:feature udld
Procedure 3 Core Layer Switch Global Configuration
Step 1: ConfigureanIn-BandManagementInterface
The loopback interface is a logical interface that is always reachable as long asthedeviceispoweredonandanyIPinterfaceisreachabletothenetwork.Because of this capability the loopback address is the best way to manage theswitchin-band.Layer3processandfeaturesarealsoboundtotheLoopbackinterfacetoensureprocessesresiliency.
Theloopbackaddressiscommonlyahostaddresswitha32-bitaddressmask.AllocatetheloopbackaddressfromthecoreIPaddressblock.Wehave included the ip pim sparse-mode command that will be explained furtherinstep3.
interface loopback 1 ip address [ip address]/32 ip pim sparse-mode
OncetheIPloopbackinterfaceiscreated,SNMPcanbeassociatedwiththat interface address.
snmp-server source-interface trap loopback1
Step 2: IPUnicastRoutingConfiguration
You must enter the feature eigrp command to enable this feature. Only after the featureisenabled,doalltheEIGRPconfigurationcommandsappear.
Cisco NX-OS routing configuration follows an interface-centric model. Insteadofaddingnetworkstobeadvertisedvianetworkstatements,EIGRPisenabledonaper-interface-basis.EachLayer3interfacethatcarriesanetworkthatmaybeadvertisedviaEIGRPrequirestheiproutereigrpstate-ment.Ifanetworkmaybeadvertised,butnoadjacencymaybeformed,theip passive-interface eigrp command should be used.
InthisconfigurationtheonlyparameterconfiguredundertheEIGRPpro-cess(routereigrp100)istherouter-ID.Theloopback1IPaddressisusedfortheEIGRProuterID.
feature eigrprouter eigrp 100 router-id [ip address of loopback 1]interface loopback1 ip router eigrp 100
9Configuration Details
Step 3: IPMulticastRoutingConfiguration
ToenableAnycastRPoperation,thefirststepistoconfigureasecondloopback interface on each of the core switches. The key is that this second loopbackinterfacewillhavethesameIPaddressonbothcoreswitchesandwilluseahostaddressmask(32bits).AllroutersthenpointtothiscommonIPaddressonloopback2fortheRPintheirconfiguration.WeconfiguredtheRPaddressfromthecoreIPaddressspace.
interface Loopback2 ip address 10.4.60.252/32 ip pim sparse-mode ip router eigrp 100
ThefinalstepfortheAnycastRPconfigurationistoenableMulticastSourceDiscoveryProtocol(MSDP)torunbetweenthetwocoreRPswitches.ToenableMSDP,youmustuseuniqueaddressesateachendofthelink;there-fore,weusetheloopback1addressesofeachcoreroutertoconfiguretheMSDPsession(Figure5).Enterthefeaturemsdpcommandfirsttoenablethe feature.
On core switch #1:feature msdpip msdp originator-id loopback1ip msdp peer 10.4.60.253 connect-source loopback1! The IP address for the listed above is the core switch #2 loopback
On core switch #2: feature msdpip msdp originator-id loopback1ip msdp peer 10.4.60.254 connect-source loopback1! The IP address for the listed above is the core switch #1 loopback
TheMSDPconfigurationiscompleteandconvergencearoundafailedRPisnowasfastastheunicastroutingprotocol(EIGRP)convergence.YoucanseetheMSDPprotocolsessionactivatelaterasyouenabletherout-ing links between the core switches and the distribution layer blocks that establishLayer3connectivity.Usethe show ip msdp summary command for verification.
EveryLayer3switchandroutermustbeconfiguredwiththeaddressoftheIPmulticastRP,includingthecoreswitchesthatareservingastheRP.ConfigurethecoreswitchestopointtheirRPaddresstotheloopback2IPaddressaswellaseveryotherremoterouterandLayer3switch.Usethe rp-address command in conjunction with a group-list to limit the network size thattheRPisresponsiblefor.AlsonotethatyouneedtoenterthefeaturepimcommandtoexposealltheCLIcommandsforProtocolIndependentMulticast(PIM).
feature pimip pim rp-address [rp address] group-list [multicast network]/[mask]
AllLayer3interfacesinthenetworkmustbeenabledforsparsemodemulticast operation.
ip pim sparse-mode
IntheeventthatyouaddacorelayertoyourexistingnetworkandtheRPiscurrentlyconfiguredonadistributionlayer,youmaywanttomovetheRPtothecore.WithAnycastRP,youcanmovetheRPtoanewlocationbyprogrammingtheRPaddressontheloopback2interfacesatthenewloca-tion,andthenenablingandestablishingIPmulticastandMSDPpeering.AllremoteroutersshouldstillpointtothesameRPaddress,whichsimpli-fiesthemoveandreducesdisruptiontotheIPmulticastenvironment.
Figure5.MSDPOverview
MSDP
SA Message SA Message
RP1 RP2
Source Source
10.4.60.252 10.4.60.252
10Configuration Details
Step 4: QualityofService(QoS)
ThecorelayerQoSconfigurationhonorstheQoSvaluespresentinthetraffic because classification and marking of traffic has already happened attheedgeofthenetwork.Fortrafficnothittinganycongestionpointwhentraversingthroughthecore,theoriginalQoS(DSCP)valuesarepreservedand not altered. In case congestion occurs once traffic travels through the core,areclassificationormarkdowncanoccur.
ACiscoNexus7000SeriesswtichhasQoSenabledbydefault.Allinter-facesareconfiguredtobetrusted,whichmeansthattheQoSvaluespresentintheIPpacketsarehonoredforqueuingandscheduling.Bydefaultthen,noQoSconfigurationisrequiredinthecore.
Procedure 4 Distribution Layer Aggregation Configuration
Inthisdesign,linksinthecorelayerareconfiguredaspoint-to-pointLayer3routedlinksorLayer3routedEtherChannels.
IfyouareusingtheCiscoCatalyst6500VSS1440systeminthedistribu-tionlayer,werecommendthatallpeer-connectedlinksareEtherChannellinks.EtherChanneltotheCatalyst6500VSSprovidesforoptimalforward-ing as a packet that is received on the switch will be forwarded out a link on thatsameswitchinnormaloperationversustraversingtheVSLlink.
OtherbenefitsofEtherChanneltoanysinglephysicalorlogicaldevicearetheease of growing bandwidth without changing the topology and that a single linkfailureusesEtherChannelrecoveryversususingECMPoraroutingtopol-ogy change to reroute the data flows for fastest recovery.
Sincethecorelinksarepoint-to-pointroutedlinks,use30-bitIPaddresssubnetsandmasksanddonotuseSwitchedVirtualInterfaces(SVI).
ForcoreconnecteddevicesthatdonotrequireEtherChannel,configureroutedinterfaceswiththeIPaddressdirectlyonthephysicalinterfaceanddonotuseaswitchvirtualinterface(SVI).
interface ethernet[number] logging event link-status ip address [ip address]/[mask] ip pim sparse-mode ip router eigrp 100
CreatingtheEtherChannel(sometimesreferencedasaportchannel)in Cisco NX-OS means adding the channel-group command under the respective channel member interfaces. Note that Cisco NX-OS labels all Ethernetinterfacesasinterfaceethernetirrespectiveoftheactualinterfacespeed.(ThisstyleoflabelingisdifferentthanIOSwhichusesinterfaceGigabitEthernet,interfaceTenGigabitEthernetandsoon.).
Whiletheport-channelinterfaceisautomaticallycreated,itdoesnotcarryanyIPaddress,routing,andloggingconfigurationyet.Theport-channelinterface number matches the number specified at the channel-group command.TogetaLACPconfigurationstarted,makesureyoufirstentertherespective feature command.
feature lacpinterface ethernet[interface 1]-[interface 2] logging event port link-status channel-group [number] mode active
interface port-channel [number] logging event port link-status ip address [ip address]/[mask] ip pim sparse-mode ip router eigrp 100
Makesureyouenterthenoshutcommandtobringuptheport-channelinterface and the channel member interfaces to an operational state.
11Summary
Summary
The Cisco Cisco Nexus 7000 Series is a key platform for the data center and campus core deployments.
BuiltaroundtheflexibleandscalableCiscoNX-OSoperatingsystem,the Cisco Nexus 7000 Series combines hardware and software to deliver unprecedentedhighavailability.Fullhardwareredundancyandsophisticatedmechanisms for recovering from failure conditions make the Cisco Nexus 7000Seriesaveryrobust,zero-downtimeplatformforcorenetworksforbothscenarios of collapsed data center and campus core or separate cores.
TheVDCtechnologyprovidesavarietyofbenefitsrangingfromsimplifiedoperations,hardwareandsoftwareresourcesseparation,virtualization,andconsolidation.Whilerelevanttoallthecorearchitectures,VDCaddsgreatvalueinacollapsedcoreenvironment.Inthisscenario,eachVDCcanvirtualizeacoredevice,presentingthephysicalswitchasmultiplelogicaldeviceswiththeirownuniquesetofVLANs,IProutingtables,VRFs,andphysical interfaces.
Furthermore,scalableandefficientmulticastcapabilities,alongwithaflexibleQualityofServicemodel,enabletheCiscoNexus7000SeriestoembracetheCiscoMedianetsolution.
For Additional Information
CiscoNX-OSProductPage:http://www.cisco.com/go/nxos
Cisco NX-OS / IOS Comparison: http://docwiki.cisco.com/wiki/Cisco_Nexus_7000_NX-OS/IOS_Comparison_Tech_Notes
CiscoNexus7000SeriesProductPage:http://www.cisco.com/go/nexus7000
CiscoNexus7000SeriesProductDocumentation:http://www.cisco.com/en/US/products/ps9402/tsd_products_support_series_home.html
MedianetonCisco.com:http://www.cisco.com/go/medianet
Borderless Networks: http://www.cisco.com/go/borderless
Data Center Design and Configuration documents:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/DC-3_0_IPInfra.html
http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/nx_7000_dc.html
12AppendixA
AppendixA: LargeAgenciesLANDeploymentProductList
Functional Area Product Part Numbers Software Version
CoreLayer Nexus 7000 N7K-C7010 Nexus7000C7010(10Slot)Chassis
N7K-SUP1 Nexus 7000 Supervisor module-1X
N7K-M148GS-11 Nexus700048-portGigEMod(SFP)
N7K-M132XP-12 Nexus700032-port10GigEModule
N7K-M108X2-12L Nexus70008-port10GigEEthernetModule(X2)
4.2(4)
13AppendixB
AppendixB: SBAforLargeAgenciesDocumentSystem
Design Overview
IPv6 AddressingGuide
LAN DeploymentGuide
LAN Configuration Guide
WAN DeploymentGuide
WAN Configuration Guide
Internet EdgeDeployment Guide
Internet Edge Configuration Guide
SolarWinds Deployment Guide
Foundation DeploymentGuides
Network ManagementGuides
Wireless CleanAirDeployment Guide
Data SecurityDeployment Guide
Nexus 7000 Deployment Guide
ArcSight SIEM Partner Guide
LogLogic SIEM Partner Guide
nFx SIEM Partner Guide
RSA SIEM Partner Guide
Splunk SIEM Partner Guide
CREDANT Data Security Partner Guide
Lumension Data Security Partner Guide
SIEM DeploymentGuide
Design Guides Deployment Guides
You are Here
Supplemental Guides
Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco Website at www.cisco.com/go/offices.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Americas HeadquartersCisco Systems, Inc.San Jose, CA
Asia Pacific HeadquartersCisco Systems (USA) Pte. Ltd.Singapore
Europe HeadquartersCisco Systems International BVAmsterdam, The Netherlands
C07-640796-0002/11