Nexus 5000 and 2000 Series Configuration and Troubleshooting - Questions and Answers from live Webca...

Monica Lluis · ‎10-07-2010

Introduction
Related Information

Introduction

Lucien Avramov is a Customer Support Engineer at the Cisco Technical Assistance Center. He currently works in the data center switching team supporting customers on the Cisco Nexus 5000 and 2000. He was previously a technical leader within the network management team. Lucien holds a bachelor's degree in general engineering and a master's degree in computer science from Ecole des Mines d'Ales. He also holds the following certifications: CCIE #19945 in Routing and Switching,CCDP, DCNIS, and VCP #66183.

This document contains the answers provided for the questions asked during the live "Ask the Expert" Webcast session on the Topic - Nexus 2000 and 5000: Configuration and Troubleshooting.

The series of Ask The Expert sessions is available in the Ask The Expert section of Cisco Support Community.

The Complete Recording of this live Webcast is present below:

Nexus

Q. Does the N5K support vPC sync between the vPC peers?

A. Excellent question. We know that there's a CFS protocol that is used between the 5K peer. As of today's code there is no configuration sync. However, very soon in our next release of code there's a feature called config sync so you don't have to replicate all the configurations across each other and the configuration changes.

Q. What is the appropiate method of toggling the vpc role when there is a role mismatch?

A. Typically you will not see a mismatch. There will be an election based on the priority. You will have a primary and a secondary mismatch that will be elected. In the case of failure vpc scenarios if we lose connection to the primary the secondary can take over and assume the primary role and it will tell you the vpc secondary is acting as the primary.

Q. I have a 5010 and a 5020. Can I use the ports with a speed of 1 gig?

A. Yes. On the 5010 it's the first 8 ports where you can set the speed to 1 gig. On the 5020 it's the first 16 ports. The command is P1000. Keep in the first interfaces are the ones you can use to set the speed.

Q. Assume the following: a Nexus 5k with 2k fabric extender. The fabric extender fails and a new one is requested from TAC. Assume when the 2k goes down all the configuration is lost or gone from the 5k. When the new 2k is connected do we have to reapply the configuration for the relevant portion of the 2k?

A. When you get a new fabric extender connect it directly and it will come up with the FEX number configured. I encourage you to save your configuration because you may need to reapply it. The FEX number will be defined but you will have to answer your other settings for the ports.

Q. Does the Nexus 5K provide 10-gig speed to every port?

A. Yes. You can use all of its ports with a 10-gig speed.

Q. Is jumbo-mtu enabled by default on the Nexus 5K?

A. It is not enabled by default, so make sure to configure this as we saw in our jumbo frame section slide and enable the frames for the 5K.

Q. What kind of L3 features will be supported in N5K? EIGRP, OSPF, RIP2, ISIS, MPLS, VRF-lite etc?

A. As the L3 functionality has not been released, it cannot be discussed here. You will want to discuss this with your local Cisco account team. Very good question. As of today, the 5K is a pure layer-2 switch. There will be an additional module that will later provide layer 3 features (couldn't understand). I'd like not to detail all of the features it will support today. You will have routing protocols. You will have a good hanful of layer 3 features. I can provide you all the details in the Ask the Expert event following today.

Q. Can I use an ethanalyzer to (sniff) traffic between two hosts?

A. You should use (span), not ethanalyzer, keeping in mind that ethanalyzer is for traffic that is going directly to the 5K.

Q. What SFPs can I use with Nexus switches?

A. There's a metrics compatibility guide. For the 10-gig we support the SFP 10-gigs which are the SR and the LR. We support the Twinax cables with the 1,3, 5 meters - all the Twinax cables available. We also support FETs (Fabric Extenders) which are the SFPs. FET stands for fabric extenders. Those are for the 10-gig. For the 1-gig you can use the GLCT. Make sure to use Cisco SFPs, otherwise you'll get an "unsupported SFP" message.

Q. Is RSPAN supported on the 5K?

A. RSPAN as of now is not supported. There is ERSPAN support, but not RSPAN support, although it's in the works..

Q. What would you use as a core to go with the N5K?

A. If you'd like 10-gig and up use N7Ks as a pair if you can. If not, use the CAT 6K with the VSS. Those would come to mind first in large datacenter deployments but you could use other switches as well, like Catalysts 4500s, depending on what design you are trying to achieve.

Q. Would we be able to upgrade existing N5Ks to support L3 features and cards?

A. There may be a need to change your Nexus, but not for the L3. There will be a newer hardware coming, but for L3 you will be able to use it with your actual. You don't have to upgrade your hardware to support the L3 feature card.

Q. Is the jumbo-mtu effecting performance if it's configured unnecessarily?

A. No, it doesn't. You can configure it. All the traffic is hardware switched. If it's not configured the 5K will try to reduce the size of packets that are larger.

Q. Can I use an ethanalyzer to (sniff) traffic between two hosts?

A. You should use (span), not ethanalyzer, keeping in mind that ethanalyzer is for traffic that is going directly to the 5K.

Q. Can I use the N5K FEX together with a pair of 6500s as a core/distribution layer in a VSS configuration. Can you show us how the layout would look? Any caveats or other things to look out for?

A. Absolutely. With your 6500 running VSS your deploymant will likely look something like this: VSS1=====VSS2 \ / \ / <----Port channel \ / Nexus5k | | FEX | Hosts As the VSS system will act as one switch, you will create a port channel from the Nexus up to the 6500. This way if either one of the 6500 chassis fails you still have connectivity through the remaining 6500.

Q. Is it true that 12 2248's can connect to a 5548 and will that number increase? When and how?

A. The upcoming 5548 will support all current FEX models. From the Biz Unit, a 5548/5596 can support up to 16 FEX units, compared to 12 FEX units.http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/qa_c67-618605_ps9670_Products_Q_and_A_Item.html

Q. I have a 6500 series switch and a 4500 switch. How would you compare the Nexus 5000 series switch with these switches?

A. The Cisco Nexus 5000 Series is designed for data center environments with cut-through technology that enable consistent low-latency Ethernet solutions with front-to-back cooling, and with data ports in the rear, bringing switching into close proximity with servers and making cable runs short and simple. The switch series is highly serviceable, with redundant, hot-pluggable power supplies and fan modules. It uses data center-class Cisco® NX-OS Software for high reliability.

Q. When will 4.2 will be available?

A. The 4.2 code for N5K has been out for a few months. The incoming release for N5K is 5.0 (Eaglehawk) and the release date is supposed to be in Nov. 2010.

Q. Does the Cisco Nexus 5548P support Layer 3 routing?

A. In a remote office/teleworker scenario, either EZVPN or DMVPN will work since you typically do not require dynamic spoke to spoke connectivity. The difference there is whether you want to have an overlay routing in the VPN layer, or keep it simple like EZVPN. This really depends on your specific deployment requirements.

Q. Do you have any information about the licensing and features for the upcoming L3 engine for N5500?

A. We don't have too much information on the L3 engine right now. The L3 engines on 5548 and 5596 are differently located. On 5548, it sits on the supervisor (you will need to remove the fans, then the power unit and insert the card), while on 5596 it is a module card in the GEM slot.

Q. What does the feature does the LACP command execute?

A. LACP is the link aggregation control protocol. It is a smart way for etherchannel/portchannels to be negotiated between two devices. It can detect when the other side is not configured for channeling and is considered safer than using channel-mode on..

Q. Assume the following design: two 5k switches setup in a VPC domain and one 2k that is dual-homed to both 5ks. Assume the 5ks are not running the latest NX-OS. The new replacement 5k arrives from TAC with a newer version of NX-OS. Is there a concern with installing this new 5k into the network into the VPC domain or should it be upgraded before being reinstalled? Also, is there a specific order of operation that needs to be followed when adding the 5k back to the VPC pair (i.e. only put partial config on the new switch and then first bring up peer keep alive, then peer link, etc...)?

A. The two Nexus 5000s need to be running the same code. You will want to upgrade/downgrade to the NXOS to match the peer. Configure the replacement Nexus with the same configuration as the production, minus VPC. Once put on the network, configure VPC. A configuration mismatch while VPC is running can cause port to shut down.

Q.Can vPC have more than one portchannel?

A. You can use multiple VPC Member links to connect multiple devices to the two Nexus 5000s. However, you can only have one VPC peer link.

Q. Are the vPC configuration options on the N5K and 2K devices the same for the UCS 6120 and 2104 devices?

A. They are similar from a topology standpoint. The actual commands will vary as the Nexus 5000 uses NX-Os, and the 6100/2100 are configured through the UCS CAM/SAM (GUI).

Q. Is dual-tiered vPC supported now?

A. We can do vPC on the 5k and pair up to another pair of n5k or nk7, but this would be referred to as a bi-directional vPC. Two-layer vPC is not supported yet, but it is being worked on. We understand this is a desirable feature.

Q. With regards to QoS, are we going to have the ability to mark traffic with DSCP in the future at the 2k/5k level?

A. Review this site regarding configuring QoS: http://www.cisco.com/en/US/partner/docs/switches/datacenter/nexus5000/sw/qos/Cisco_Nexus_5000_Series_NX-OS_Quality_of_Service_Configuration_Guide_chapter3.html. You will need to have all discussions about future capability with your local Cisco account team.

Q. How does ISSU work on the 5K?

A. The Cisco Nexus 5000 supports a single "supervisor" ISSU architecture and performs a stateful restart of the entire operating system upon execution, while leaving data plane forwarding intact. Critical processes are run in protected memory space and independently of each other and the kernel, providing granular service isolation and fault containment and enabling modular patching and upgrading and rapid restartability. Review this site for more information on Cisco NX-OS Software Release 4.2(1) N1(1) for Cisco Nexus 5000 Series Switches and Nexus 2000 Series Fabric Extenders http://www.cisco.com/en/US/partner/prod/collateral/switches/ps9441/ps96 /product_bulletin_c25-620447_ps9670_Products_Bulletin.html ISSU.

Q. Assume I have two types of servers/hosts off my Nexus2k and I want to ensure one group of servers/application is always guaranteed the full use of a FEX link if available? If there are multiple links between the 2k and 5k, can you "policy route" the mission critical application traffic over one of the uplinks (but failover to other if that link goes down)?

A. You can configure fex pinning to map host interfaces to network interfaces. This setting does not allow you to dynamically detect when a link is not utilized, so it is a bit more manual than the feature you are asking about. You can re-allocate pinned interfaces by configuration at a later time.

Q. Does the Ethanalyzer only capture inbound?

A. Ethanalyzer can capture both ingress and egress.

Q. How does the Nexus 1000V change the way vPC is used from the N5K or FEX?

A. You will want to look into vPC host mode on the Nexus 1000v when connecting to a vPC: http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/interface/configuration/guide/if_5portchannel.html#wp1235649.

Q. Is oversubscription a consideration for the Nexus sw?

A. The nexus lowloss ethernet capability allows the nexus to send pause frames to sender to slow traffic.

Q. What latency should I expect on a 5010 for Oracle RAC installations compared to Infini-Band and is 10GB connectivity over copper any different in terms of performace than fiber?

A. We can get down to 3.2us and tranceiver latency does vary. See table 3 on this datasheet: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/data_sheet_c78-461802.html.

Q. What would you use as a core to go with the N5K?

A. The nexus class switch is design for 10Gb lowloss datacenter environments. Optimal core would be the Nexus 7000. The Nexus 5000 will work with any core switch at 1Gb or 10Gb speeds.

Q. Will remarking of packets with DSCP values be added to the next release of NX/OS? It seems that the Nexus 5k goes against Cisco recommendations of marking packets at the edge of the network?

A. DSCP marking will be available in a future release on the 2nd generation n5k - the 5548/5596: http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/qa_c67-618605_ps9670_Products_Q_and_A_Item.html.

Q. Is active SFP (7 and 10 meters) supported on the 5K?

A. They are not supported today, but we understand customer's desire to push Twinax further than 5m and are looking into the possibility and certification.

Q. Are the Cookbook docs similar to the MDS?

A. Do you mean the N5K/N2K configuration guide: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide.html.

Q. Will Netflow be supported on the N5K. If not, how to get L2 flow data?

A. The current generation of Nexus 5000s will not support Netflow. To collect this information you would need to have an upstream device that would support this and design accordingly.

Q. Can I use N5K as core switches?

A. You can use NKs as an L2 switch as long as your design allows for an L2 core.

Q. Can you run vPC from 5K to 6509E-Sup720-3CXL without using VSS on the 6509's?

A. Yes you can. In this type of setup each 6500 will have a port channel that is a vPC on the Nexus 5000s.

Q. Why don't you provide information about N5500 and L3 module, as the N5500 is in Cisco configurator? Our customers love that vision, but we as a Cisco partner are not able to provide enough info about that product.

A. You can get more information via your Cisco account team. The documentation is in the works and the commands are defined. Your System Engineer (SE) will be able to share more details.

Miscellaneous

Q. Will the presentation be available for download or later review?

A. Yes, it will be available so that you can review and download. It will be on the Cisco Support Community https://supportforums.cisco.com

.

Related Information

http://www.cisco.com/en/US/products/hw/modules/ps2706/ps4452/tsd_products_support_model_home.html