爱华网用途:扩展port-channel,将连接不同设备链路汇聚成一条逻辑的链路。(个人理解)
支持设备:N5K、N7K、N2K
优势:
设备级别冗余,收敛速度比STP快(无STP) 去除了STP BLOCK端口,提供无环路网络 更好的带宽利用(线路能负载均衡)
注意:VPC只能用于二层,VPC端口不能运行路由协议。
实现方式:将2个nexus设备关联到VPC domain。两台设备通过2条特殊链路实现信息交换:
vPC peer-keepalive link:心跳链路,确保两台VPC设备在线。避险A/A或者split-brain情况导致VPC拓扑环路。VPC端口可以是1G或者10G端口
vPC peer link:VPC邻居之间交换状态信息,提供而外的机制发现和防止split-brain情况
split-brain是什么?
关于peer-keepalive端口
MGT可以作为vPC peer-keepalive link接口。在N7K上如果引擎切换或者在线服务升级(ISSU)管理端口会改变,导致keepalive中断。 如果使用MGT口,保证所有MGT口接入到网管交换机。 可以使用数据接口的port-channel接口提高更高级别的冗余。
配置:
1、开启VPC特性
Congo(config)# feature vpc
Egypt(config)# feature vpc
2、创建用于VPC的VRF
创建VRF
Congo(config-if)# vrf context vpc-keepalive
Egypt(config)# vrf context vpc-keepalive
3、创建VPC keeplive链路
Congo(config)# int ethernet 2/47
Congo(config-if)#no switchport
Congo(config-if)# vrf member vpc-keepalive
Congo(config-if)# ip address 1.1.1.1 255.255.255.252
Egypt(config)# interface ethernet 2/48
Egypt(config-if)# no switchport
Egypt(config-if)# vrf member vpc-keepalive
Egypt(config-if)# ip address 1.1.1.2 255.255.255.252
测试连通性:Congo# ping 1.1.1.2 vrf vpc-keepalive
查看:
Congo# sho vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer link not configured
vPC keep-alive status : peer is alive
Configuration consistency status: failed
Configuration consistency reason: vPC peer-link does not exists
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
可以看到keepalive已经OK,但vpc peer没有起来
4、建立VPC-domain
Congo(config)# vpc domain 1
Congo(config-vpc-domain)# peer-keepalive destination 1.1.1.2 source1.1.1.1 vrf vpc-keepalive
Egypt(config)# vpc domain 1
Egypt(config-vpc-domain)# peer-keepalive destination 1.1.1.1 source1.1.1.2 vrf vpc-keepalive
5、配置VPC peer链路(NEXUS交换机互联)
必须使用10G端口,并且指定速率。
配置port-channel 100(省略)
Congo(config)# interface port-channel 100
Congo(config)#switchport mode trunk
Congo(config)# interface port-channel 100
Congo(config-if)# vpc peer-link
Egypt(config)# interface port-channel 100
Egypt(config)#switchport mode trunk
Egypt(config)# interface port-channel 100
Egypt(config-if)# vpc peer-link
配置后STP端口类型从network变为vPC peer-,STPBridge Assurance将会开启,并且不能被关闭。
验证:
Egypt# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
vPC role : secondary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
vPC Peer-link status
---------------------------------------------------------------------id Port Status Active vlans
-- ---- ------ --------------------------------------------------1 Po100 up 1-20,100
如果Configuration consistency status状态为any,可以通过下面命令检查具体不一致的信息
Congo# show vpc consistency-parameters global
Legend:
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
------------- ---- ---------------------- -----------------------
STP Mode 1 Rapid-PVST Rapid-PVST
STP Disabled 1 VLANs 91 VLANs 91
STP MST Region Name 1 customer customer
STP MST Region Revision 1 1 1
STP MST Region Instance to 1
VLAN Mapping
STP Loopguard 1 Disabled Disabled
STP Bridge Assurance 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal,Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Simulate PVST 1 Enabled Enabled
Interface-vlan admin up 2 40-43,50,60,70-71,91,1 40-43,50,60,70-71,91,100-103 00-103
Allowed VLANs - 40-43,50,60,91,100-103 9,40-43,50,60,91,100-1,1000 03,1000
Local suspended VLANs - - -
6、将port-channel加入VPC(连接下行端口)
Congo(config)# interface ethernet 2/1
Congo(config-if)# channel-group 1 mode active
Congo(config)# interface port-channel 1
Congo(config-if)# switchport
Congo(config-if)# switchport mode trunk
Congo(config-if)# vpc 1
Egypt(config)# int ethernet 2/2
Egypt(config-if)# channel-group 1 mode active
Egypt(config)# int port-channel 1
Egypt(config-if)# switchport
Egypt(config-if)# switchport mode trunk
Egypt(config-if)# vpc 1
下行交换机配置(不支持VPC设备)配置为普通ether-channel
Kenya(config)# interface ethernet 2/11-12
Kenya(config-if-range)# switchport
Kenya(config-if-range)# channel-group 1 mode active
Kenya(config-if-range)# no shutdown
Kenya(config)# int port-channel 1
Kenya(config-if)# switchport
Kenya(config-if)# switchport mode trunk
验证VPC
Congo# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -vPC Peer-link status
---------------------------------------------------------------------id Port Status Active vlans
-- ---- ------ --------------------------------------------------1 Po100 up 1-20,100
vPC status
----------------------------------------------------------------------id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- -------------------------- ------------1 Po1 up success success 1-20,100
7、配置VPC Peer-Gateway(可选)
Peer-Gateway用于fast-pathfunctionality。(存储,应用服务器)
节点发送返回流量到发送方的一个特殊的mac地址而不是hsrp mac地址(由于VPC防环机制,默认情况这种流量会被丢弃------不允许将VPC peer link收到的流量发送到VPC端口--VPC防环机制)
VPC Peer-Gateway使VPC对端(peer)设备转发目的MAC地址为对端路由器的本地mac地址的流量
配置:Congo(config-vpc-domain)# peer-gateway
应用场景:
有一些NAS设备(NETAPP Fast-Path或EMC IP-Reflect)回应的时候使用的是发送设备的实MAC地址,而不是HSRP网关的虚拟MAC地址
报文被负载分担到非实MAC所在VPC设备时,会通过peer-link发送到实MAC所在的VPC设备上,而由于重复帧防护机制,该设备会把报文丢弃.
Vpc peer-gateway 解决方案:
当目标MAC地址为peer vpc设备的三层报文发送到本地时,该功能允许本地vpc设备网关正常转发该报文.
欢迎纠错~
