- Cisco Community
- Technology and Support
- Data Center and Cloud
- Application Centric Infrastructure
- Re: Creating vPC between two leafs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2019 03:31 AM
Hello,
Newbie here for ACI so i would like your help to understand how Fabric "Access policies" Tab works and in particular how you create a VPC. Lets say that i want to create one VPC for port 1/10 of both 101,102 leafs.
I will create an INTERFACE PROFILE for port 1/10 (this does not define which leaf i want, correct?)
Then i will create a SWITCH PROFILE where i will choose both leaves (this is where the vPC members are defined, correct?) and attach the INTERFACE PROFILE i have created.
IF what i said till now is correct, then how can i create a vPC for lets say port 1/8 of leaf 101 and port 1/9 of leaf 102 ?
Thank you
Solved! Go to Solution.
- Labels:
-
Cisco ACI
-
Other ACI Topics
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2019 06:30 AM
Hi,
what you say is correct but you are missing some steps. The most important one for your question is the Interface Policy Group (IPG). This is where you define the characteristics of the physical Interface. For single Leaf Ports you can create IPGs for your typical use case and re-use them for every port where you want those settings to be.
For (virtual) Port-Channels this is a little bit different. Even if the settings you want might be identical, you have to create a separate IPG for every (v)PC. The IPG essentially defines which ports will be put into one (v)PC, so if you'd reuse an existing one ACI would try to put the new ports into the existing channel rather than creating a new one.
As to your second scenario: I would not recommend to do so but to achieve your goal you would first create a VPC IPG. Then you'd create two separate Interface Profiles one specifying port 1/8 and one specifiying port 1/9. Each will be linked to your IPG and thus showing ACI that they belong to the same VPC. Now you also need to separate Switch Profiles because you don't want port 1/8 on 102 and 1/9 on 101. After you created those you attach the Interface Profile for 1/8 to the Switch Profile of 101 and the Interface Profile for 1/9 to the Switch Profile of 102.
What you also need in either case (also with your 1/10 on both switches scenario) is a VPC Protection Group defining the VPC domain between 101 and 102. Also you need an AEP, VLAN Pool and Physical Domain to really make use of the VPC but I assume this is clear to you.
Kind regards,
Nik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 05:20 AM
@CSCO11598534 wrote:Thank you very much.
Does the "VPC Protection Group" need to be defined ONCE for each pair of leaves?
Yes. You can manually create each pair, or let the system assign consecutive switch IDs automatically into pairs.
What is the use of it?
When you create a VPC Protection Group, the system assigns the all-important VPC ANYCAST IP Address to each pair member.
Do we see it somewhere else in the GUI
Yes. Go to Fabric > Access Policies > Policies > Switch > Virtual Port Channel default and you'll see the Virtual IP address assigned to each pair of switches, along with the Logical Pair ID. Note the Logical Pair IDs, then go to Fabric > Inventory > Pod1 > Leaf xxx > Interfaces > VPC Interfaces and you'll see the same logical pair IDs. If you actually have any port channels defined on that pair, you can furthere expand the Logical Pair ID to see the VPCs
and how can we see it in the CLI?
apic1# show vpc map
is a pretty good place to start and
apic1# fabric xxx,yyy show vpc [extended]
is also good (where xxx and yyy are the switch IDs of the VPC pair).
Here are some samples
apic1# show vpc map Legends: N/D : Not Deployed Virtual Port-Channel Name Domain Virtual IP Peer IP VPC Leaf Id, Name Fex Id PC Id Ports -------------------------------- ------ ---------------- ---------------- ----- -------------------------------- ----- ------ -------------------- T1:L101..102:1:35_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 686 101,Leaf101 po20 eth1/35 T1:L101..102:1:35_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 686 102,Leaf102 po3 eth1/35 T3:L101..102:1:37_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 345 101,Leaf101 po2 eth1/37 T3:L101..102:1:37_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 345 102,Leaf102 po5 eth1/37 T4:L101..102:1:38_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 2 101,Leaf101 po3 eth1/38 T4:L101..102:1:38_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 2 102,Leaf102 po6 eth1/38 T5:L101..102:1:39_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 3 101,Leaf101 po4 eth1/39 T5:L101..102:1:39_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 3 102,Leaf102 po7 eth1/39 T6:L101..102:1:40_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 344 101,Leaf101 po1 eth1/40 T6:L101..102:1:40_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 344 102,Leaf102 po4 eth1/40 T7:L101..102:1:41_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 688 101,Leaf101 po6 eth1/41 T7:L101..102:1:41_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 688 102,Leaf102 po9 eth1/41 T8:L101..102:1:42_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 689 101,Leaf101 po7 eth1/42 T8:L101..102:1:42_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 689 102,Leaf102 po10 eth1/42
and
apic1# fabric 101,102 show vpc extended
----------------------------------------------------------------
Node 101 (Leaf101)
----------------------------------------------------------------
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 12
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 7
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -
vPC status
---------------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans Bndl Grp Name
-- ---- ------ ----------- ------ -------------------- ----------------
2 Po3 up success success 2043-2044 T4:L101..102:1:
38_VPCIPG
3 Po4 up success success - T5:L101..102:1:
39_VPCIPG
344 Po1 up success success 2063-2064 T6:L101..102:1:
40_VPCIPG
345 Po2 up success success 2034 T3:L101..102:1:
37_VPCIPG
686 Po20 up success success 2013-2014 T1:L101..102:1:
35_VPCIPG
688 Po6 up success success - T7:L101..102:1:
41_VPCIPG
689 Po7 up success success 2083-2084 T8:L101..102:1:
42_VPCIPG
----------------------------------------------------------------
Node 102 (Leaf102)
----------------------------------------------------------------
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 12
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 7
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -
vPC status
---------------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans Bndl Grp Name
-- ---- ------ ----------- ------ -------------------- ----------------
2 Po6 up success success 2043-2044 T4:L101..102:1:
38_VPCIPG
3 Po7 up success success - T5:L101..102:1:
39_VPCIPG
344 Po4 up success success 2063-2064 T6:L101..102:1:
40_VPCIPG
345 Po5 up success success 2034 T3:L101..102:1:
37_VPCIPG
686 Po3 up success success 2013-2014 T1:L101..102:1:
35_VPCIPG
688 Po9 up success success - T7:L101..102:1:
41_VPCIPG
689 Po10 up success success 2083-2084 T8:L101..102:1:
42_VPCIPGI hope this helps
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2019 06:30 AM
Hi,
what you say is correct but you are missing some steps. The most important one for your question is the Interface Policy Group (IPG). This is where you define the characteristics of the physical Interface. For single Leaf Ports you can create IPGs for your typical use case and re-use them for every port where you want those settings to be.
For (virtual) Port-Channels this is a little bit different. Even if the settings you want might be identical, you have to create a separate IPG for every (v)PC. The IPG essentially defines which ports will be put into one (v)PC, so if you'd reuse an existing one ACI would try to put the new ports into the existing channel rather than creating a new one.
As to your second scenario: I would not recommend to do so but to achieve your goal you would first create a VPC IPG. Then you'd create two separate Interface Profiles one specifying port 1/8 and one specifiying port 1/9. Each will be linked to your IPG and thus showing ACI that they belong to the same VPC. Now you also need to separate Switch Profiles because you don't want port 1/8 on 102 and 1/9 on 101. After you created those you attach the Interface Profile for 1/8 to the Switch Profile of 101 and the Interface Profile for 1/9 to the Switch Profile of 102.
What you also need in either case (also with your 1/10 on both switches scenario) is a VPC Protection Group defining the VPC domain between 101 and 102. Also you need an AEP, VLAN Pool and Physical Domain to really make use of the VPC but I assume this is clear to you.
Kind regards,
Nik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 02:04 AM
Thank you very much.
Does the "VPC Protection Group" need to be defined ONCE for each pair of leaves? What is the use of it? Do we see it somewhere else in the GUI and how can we see it in the CLI?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-11-2019 05:20 AM
@CSCO11598534 wrote:Thank you very much.
Does the "VPC Protection Group" need to be defined ONCE for each pair of leaves?
Yes. You can manually create each pair, or let the system assign consecutive switch IDs automatically into pairs.
What is the use of it?
When you create a VPC Protection Group, the system assigns the all-important VPC ANYCAST IP Address to each pair member.
Do we see it somewhere else in the GUI
Yes. Go to Fabric > Access Policies > Policies > Switch > Virtual Port Channel default and you'll see the Virtual IP address assigned to each pair of switches, along with the Logical Pair ID. Note the Logical Pair IDs, then go to Fabric > Inventory > Pod1 > Leaf xxx > Interfaces > VPC Interfaces and you'll see the same logical pair IDs. If you actually have any port channels defined on that pair, you can furthere expand the Logical Pair ID to see the VPCs
and how can we see it in the CLI?
apic1# show vpc map
is a pretty good place to start and
apic1# fabric xxx,yyy show vpc [extended]
is also good (where xxx and yyy are the switch IDs of the VPC pair).
Here are some samples
apic1# show vpc map Legends: N/D : Not Deployed Virtual Port-Channel Name Domain Virtual IP Peer IP VPC Leaf Id, Name Fex Id PC Id Ports -------------------------------- ------ ---------------- ---------------- ----- -------------------------------- ----- ------ -------------------- T1:L101..102:1:35_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 686 101,Leaf101 po20 eth1/35 T1:L101..102:1:35_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 686 102,Leaf102 po3 eth1/35 T3:L101..102:1:37_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 345 101,Leaf101 po2 eth1/37 T3:L101..102:1:37_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 345 102,Leaf102 po5 eth1/37 T4:L101..102:1:38_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 2 101,Leaf101 po3 eth1/38 T4:L101..102:1:38_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 2 102,Leaf102 po6 eth1/38 T5:L101..102:1:39_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 3 101,Leaf101 po4 eth1/39 T5:L101..102:1:39_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 3 102,Leaf102 po7 eth1/39 T6:L101..102:1:40_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 344 101,Leaf101 po1 eth1/40 T6:L101..102:1:40_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 344 102,Leaf102 po4 eth1/40 T7:L101..102:1:41_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 688 101,Leaf101 po6 eth1/41 T7:L101..102:1:41_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 688 102,Leaf102 po9 eth1/41 T8:L101..102:1:42_VPCIPG 12 10.0.192.67/32 10.0.16.64/32 689 101,Leaf101 po7 eth1/42 T8:L101..102:1:42_VPCIPG 12 10.0.192.67/32 10.0.16.66/32 689 102,Leaf102 po10 eth1/42
and
apic1# fabric 101,102 show vpc extended
----------------------------------------------------------------
Node 101 (Leaf101)
----------------------------------------------------------------
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 12
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 7
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -
vPC status
---------------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans Bndl Grp Name
-- ---- ------ ----------- ------ -------------------- ----------------
2 Po3 up success success 2043-2044 T4:L101..102:1:
38_VPCIPG
3 Po4 up success success - T5:L101..102:1:
39_VPCIPG
344 Po1 up success success 2063-2064 T6:L101..102:1:
40_VPCIPG
345 Po2 up success success 2034 T3:L101..102:1:
37_VPCIPG
686 Po20 up success success 2013-2014 T1:L101..102:1:
35_VPCIPG
688 Po6 up success success - T7:L101..102:1:
41_VPCIPG
689 Po7 up success success 2083-2084 T8:L101..102:1:
42_VPCIPG
----------------------------------------------------------------
Node 102 (Leaf102)
----------------------------------------------------------------
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 12
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 7
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -
vPC status
---------------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans Bndl Grp Name
-- ---- ------ ----------- ------ -------------------- ----------------
2 Po6 up success success 2043-2044 T4:L101..102:1:
38_VPCIPG
3 Po7 up success success - T5:L101..102:1:
39_VPCIPG
344 Po4 up success success 2063-2064 T6:L101..102:1:
40_VPCIPG
345 Po5 up success success 2034 T3:L101..102:1:
37_VPCIPG
686 Po3 up success success 2013-2014 T1:L101..102:1:
35_VPCIPG
688 Po9 up success success - T7:L101..102:1:
41_VPCIPG
689 Po10 up success success 2083-2084 T8:L101..102:1:
42_VPCIPGI hope this helps
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-10-2019 03:20 PM
I suggest you do a Google Search for ACI Access Policy Chain Tutorial
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
