cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5113
Views
0
Helpful
4
Replies

Creating vPC between two leafs

CSCO11598534
Level 1
Level 1

Hello,

Newbie here for ACI so i would like your help to understand how Fabric "Access policies" Tab works and in particular how you create a VPC. Lets say that i want to create one VPC for port 1/10 of both 101,102 leafs.

I will create an INTERFACE PROFILE for port 1/10 (this does not define which leaf i want, correct?)

Then i will create a SWITCH PROFILE where i will choose both leaves (this is where the vPC members are defined, correct?) and attach the INTERFACE PROFILE i have created.

IF what i said till now is correct, then how can i create a vPC for lets say port 1/8 of leaf 101 and port 1/9 of leaf 102 ?

Thank you

2 Accepted Solutions

Accepted Solutions

Nik Noltenius
Spotlight
Spotlight

Hi,


what you say is correct but you are missing some steps. The most important one for your question is the Interface Policy Group (IPG). This is where you define the characteristics of the physical Interface. For single Leaf Ports you can create IPGs for your typical use case and re-use them for every port where you want those settings to be.

For (virtual) Port-Channels this is a little bit different. Even if the settings you want might be identical, you have to create a separate IPG for every (v)PC. The IPG essentially defines which ports will be put into one (v)PC, so if you'd reuse an existing one ACI would try to put the new ports into the existing channel rather than creating a new one.
As to your second scenario: I would not recommend to do so but to achieve your goal you would first create a VPC IPG. Then you'd create two separate Interface Profiles one specifying port 1/8 and one specifiying port 1/9. Each will be linked to your IPG and thus showing ACI that they belong to the same VPC. Now you also need to separate Switch Profiles because you don't want port 1/8 on 102 and 1/9 on 101. After you created those you attach the Interface Profile for 1/8 to the Switch Profile of 101 and the Interface Profile for 1/9 to the Switch Profile of 102.

What you also need in either case (also with your 1/10 on both switches scenario) is a VPC Protection Group defining the VPC domain between 101 and 102. Also you need an AEP, VLAN Pool and Physical Domain to really make use of the VPC but I assume this is clear to you.

 

Kind regards,

Nik

View solution in original post


@CSCO11598534 wrote:

Thank you very much.

Does the "VPC Protection Group" need to be defined ONCE for each pair of leaves?

Yes. You can manually create each pair, or let the system assign consecutive switch IDs automatically into pairs.

What is the use of it?

When you create a VPC Protection Group, the system assigns the all-important VPC ANYCAST IP Address to each pair member.

Do we see it somewhere else in the GUI

Yes. Go to Fabric > Access Policies > Policies > Switch > Virtual Port Channel default and you'll see the Virtual IP address assigned to each pair of switches, along with the Logical Pair ID.  Note the Logical Pair IDs, then go to Fabric > Inventory > Pod1 > Leaf xxx > Interfaces > VPC Interfaces and you'll see the same logical pair IDs. If you actually have any port channels defined on that pair, you can furthere expand the Logical Pair ID to see the VPCs

and how can we see it in the CLI?
apic1# show vpc map

is a pretty good place to start and

apic1# fabric xxx,yyy show vpc [extended]

is also good (where xxx and yyy are the switch IDs of the VPC pair).

Here are some samples

apic1# show vpc map
Legends:
N/D : Not Deployed


 Virtual Port-Channel Name         Domain  Virtual IP        Peer IP           VPC    Leaf Id, Name                     Fex Id  PC Id   Ports
 --------------------------------  ------  ----------------  ----------------  -----  --------------------------------  -----   ------  --------------------
 T1:L101..102:1:35_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     686    101,Leaf101                               po20    eth1/35
 T1:L101..102:1:35_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     686    102,Leaf102                               po3     eth1/35

 T3:L101..102:1:37_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     345    101,Leaf101                               po2     eth1/37
 T3:L101..102:1:37_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     345    102,Leaf102                               po5     eth1/37

 T4:L101..102:1:38_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     2      101,Leaf101                               po3     eth1/38
 T4:L101..102:1:38_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     2      102,Leaf102                               po6     eth1/38

 T5:L101..102:1:39_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     3      101,Leaf101                               po4     eth1/39
 T5:L101..102:1:39_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     3      102,Leaf102                               po7     eth1/39

 T6:L101..102:1:40_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     344    101,Leaf101                               po1     eth1/40
 T6:L101..102:1:40_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     344    102,Leaf102                               po4     eth1/40

 T7:L101..102:1:41_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     688    101,Leaf101                               po6     eth1/41
 T7:L101..102:1:41_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     688    102,Leaf102                               po9     eth1/41

 T8:L101..102:1:42_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     689    101,Leaf101                               po7     eth1/42
 T8:L101..102:1:42_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     689    102,Leaf102                               po10    eth1/42

and

apic1# fabric 101,102 show vpc extended
----------------------------------------------------------------
 Node 101 (Leaf101)
----------------------------------------------------------------
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 12
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : Disabled
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : primary
Number of vPCs configured         : 7
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)
Operational Layer3 Peer           : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans
--   ----   ------ --------------------------------------------------
1           up     -

vPC status
---------------------------------------------------------------------------------
id   Port   Status Consistency Reason       Active vlans         Bndl Grp Name
--   ----   ------ ----------- ------       -------------------- ----------------
2    Po3    up     success     success      2043-2044            T4:L101..102:1:
                                                                 38_VPCIPG
3    Po4    up     success     success      -                    T5:L101..102:1:
                                                                 39_VPCIPG
344  Po1    up     success     success      2063-2064            T6:L101..102:1:
                                                                 40_VPCIPG
345  Po2    up     success     success      2034                 T3:L101..102:1:
                                                                 37_VPCIPG
686  Po20   up     success     success      2013-2014            T1:L101..102:1:
                                                                 35_VPCIPG
688  Po6    up     success     success      -                    T7:L101..102:1:
                                                                 41_VPCIPG
689  Po7    up     success     success      2083-2084            T8:L101..102:1:
                                                                 42_VPCIPG

----------------------------------------------------------------
 Node 102 (Leaf102)
----------------------------------------------------------------
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 12
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : Disabled
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : secondary
Number of vPCs configured         : 7
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)
Operational Layer3 Peer           : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans
--   ----   ------ --------------------------------------------------
1           up     -

vPC status
---------------------------------------------------------------------------------
id   Port   Status Consistency Reason       Active vlans         Bndl Grp Name
--   ----   ------ ----------- ------       -------------------- ----------------
2    Po6    up     success     success      2043-2044            T4:L101..102:1:
                                                                 38_VPCIPG
3    Po7    up     success     success      -                    T5:L101..102:1:
                                                                 39_VPCIPG
344  Po4    up     success     success      2063-2064            T6:L101..102:1:
                                                                 40_VPCIPG
345  Po5    up     success     success      2034                 T3:L101..102:1:
                                                                 37_VPCIPG
686  Po3    up     success     success      2013-2014            T1:L101..102:1:
                                                                 35_VPCIPG
688  Po9    up     success     success      -                    T7:L101..102:1:
                                                                 41_VPCIPG
689  Po10   up     success     success      2083-2084            T8:L101..102:1:
                                                                 42_VPCIPG

I hope this helps

 



Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem


RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

4 Replies 4

Nik Noltenius
Spotlight
Spotlight

Hi,


what you say is correct but you are missing some steps. The most important one for your question is the Interface Policy Group (IPG). This is where you define the characteristics of the physical Interface. For single Leaf Ports you can create IPGs for your typical use case and re-use them for every port where you want those settings to be.

For (virtual) Port-Channels this is a little bit different. Even if the settings you want might be identical, you have to create a separate IPG for every (v)PC. The IPG essentially defines which ports will be put into one (v)PC, so if you'd reuse an existing one ACI would try to put the new ports into the existing channel rather than creating a new one.
As to your second scenario: I would not recommend to do so but to achieve your goal you would first create a VPC IPG. Then you'd create two separate Interface Profiles one specifying port 1/8 and one specifiying port 1/9. Each will be linked to your IPG and thus showing ACI that they belong to the same VPC. Now you also need to separate Switch Profiles because you don't want port 1/8 on 102 and 1/9 on 101. After you created those you attach the Interface Profile for 1/8 to the Switch Profile of 101 and the Interface Profile for 1/9 to the Switch Profile of 102.

What you also need in either case (also with your 1/10 on both switches scenario) is a VPC Protection Group defining the VPC domain between 101 and 102. Also you need an AEP, VLAN Pool and Physical Domain to really make use of the VPC but I assume this is clear to you.

 

Kind regards,

Nik

Thank you very much.

Does the "VPC Protection Group" need to be defined ONCE for each pair of leaves? What is the use of it? Do we see it somewhere else in the GUI and how can we see it in the CLI?


@CSCO11598534 wrote:

Thank you very much.

Does the "VPC Protection Group" need to be defined ONCE for each pair of leaves?

Yes. You can manually create each pair, or let the system assign consecutive switch IDs automatically into pairs.

What is the use of it?

When you create a VPC Protection Group, the system assigns the all-important VPC ANYCAST IP Address to each pair member.

Do we see it somewhere else in the GUI

Yes. Go to Fabric > Access Policies > Policies > Switch > Virtual Port Channel default and you'll see the Virtual IP address assigned to each pair of switches, along with the Logical Pair ID.  Note the Logical Pair IDs, then go to Fabric > Inventory > Pod1 > Leaf xxx > Interfaces > VPC Interfaces and you'll see the same logical pair IDs. If you actually have any port channels defined on that pair, you can furthere expand the Logical Pair ID to see the VPCs

and how can we see it in the CLI?
apic1# show vpc map

is a pretty good place to start and

apic1# fabric xxx,yyy show vpc [extended]

is also good (where xxx and yyy are the switch IDs of the VPC pair).

Here are some samples

apic1# show vpc map
Legends:
N/D : Not Deployed


 Virtual Port-Channel Name         Domain  Virtual IP        Peer IP           VPC    Leaf Id, Name                     Fex Id  PC Id   Ports
 --------------------------------  ------  ----------------  ----------------  -----  --------------------------------  -----   ------  --------------------
 T1:L101..102:1:35_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     686    101,Leaf101                               po20    eth1/35
 T1:L101..102:1:35_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     686    102,Leaf102                               po3     eth1/35

 T3:L101..102:1:37_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     345    101,Leaf101                               po2     eth1/37
 T3:L101..102:1:37_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     345    102,Leaf102                               po5     eth1/37

 T4:L101..102:1:38_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     2      101,Leaf101                               po3     eth1/38
 T4:L101..102:1:38_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     2      102,Leaf102                               po6     eth1/38

 T5:L101..102:1:39_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     3      101,Leaf101                               po4     eth1/39
 T5:L101..102:1:39_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     3      102,Leaf102                               po7     eth1/39

 T6:L101..102:1:40_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     344    101,Leaf101                               po1     eth1/40
 T6:L101..102:1:40_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     344    102,Leaf102                               po4     eth1/40

 T7:L101..102:1:41_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     688    101,Leaf101                               po6     eth1/41
 T7:L101..102:1:41_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     688    102,Leaf102                               po9     eth1/41

 T8:L101..102:1:42_VPCIPG          12      10.0.192.67/32    10.0.16.64/32     689    101,Leaf101                               po7     eth1/42
 T8:L101..102:1:42_VPCIPG          12      10.0.192.67/32    10.0.16.66/32     689    102,Leaf102                               po10    eth1/42

and

apic1# fabric 101,102 show vpc extended
----------------------------------------------------------------
 Node 101 (Leaf101)
----------------------------------------------------------------
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 12
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : Disabled
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : primary
Number of vPCs configured         : 7
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)
Operational Layer3 Peer           : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans
--   ----   ------ --------------------------------------------------
1           up     -

vPC status
---------------------------------------------------------------------------------
id   Port   Status Consistency Reason       Active vlans         Bndl Grp Name
--   ----   ------ ----------- ------       -------------------- ----------------
2    Po3    up     success     success      2043-2044            T4:L101..102:1:
                                                                 38_VPCIPG
3    Po4    up     success     success      -                    T5:L101..102:1:
                                                                 39_VPCIPG
344  Po1    up     success     success      2063-2064            T6:L101..102:1:
                                                                 40_VPCIPG
345  Po2    up     success     success      2034                 T3:L101..102:1:
                                                                 37_VPCIPG
686  Po20   up     success     success      2013-2014            T1:L101..102:1:
                                                                 35_VPCIPG
688  Po6    up     success     success      -                    T7:L101..102:1:
                                                                 41_VPCIPG
689  Po7    up     success     success      2083-2084            T8:L101..102:1:
                                                                 42_VPCIPG

----------------------------------------------------------------
 Node 102 (Leaf102)
----------------------------------------------------------------
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 12
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : Disabled
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : secondary
Number of vPCs configured         : 7
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)
Operational Layer3 Peer           : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans
--   ----   ------ --------------------------------------------------
1           up     -

vPC status
---------------------------------------------------------------------------------
id   Port   Status Consistency Reason       Active vlans         Bndl Grp Name
--   ----   ------ ----------- ------       -------------------- ----------------
2    Po6    up     success     success      2043-2044            T4:L101..102:1:
                                                                 38_VPCIPG
3    Po7    up     success     success      -                    T5:L101..102:1:
                                                                 39_VPCIPG
344  Po4    up     success     success      2063-2064            T6:L101..102:1:
                                                                 40_VPCIPG
345  Po5    up     success     success      2034                 T3:L101..102:1:
                                                                 37_VPCIPG
686  Po3    up     success     success      2013-2014            T1:L101..102:1:
                                                                 35_VPCIPG
688  Po9    up     success     success      -                    T7:L101..102:1:
                                                                 41_VPCIPG
689  Po10   up     success     success      2083-2084            T8:L101..102:1:
                                                                 42_VPCIPG

I hope this helps

 



Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem


RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

RedNectar
VIP
VIP

I suggest you do a Google Search for ACI Access Policy Chain Tutorial

I hope this helps


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem


 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License