Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2548
Views
0
Helpful
1
Comments

pVLAN hopping for UCS & Nexus 1000v

mwronkow
Cisco Employee
Cisco Employee

on ‎09-08-2012 09:56 AM

Here lies the configuration to provide the same pvlan to both UCS N1k VMs while continuing to protect physical servers on an upstream Nexus.  Note the promiscuous vlan is flipped between the N1k uplink (397) to N7k (396).  The gateway resides on vlan 396.  This is confusing to configure & troubleshoot.  It is highly recommended to use a different pVLAN upstream until UCS supports multiple isolated vlans per vNIC.

# N1k SS1(5.1a)

vlan 396

  private-vlan isolated

vlan 397

  private-vlan primary

  private-vlan association 396

!

port-profile type vethernet isolated396

  vmware port-group

  switchport mode private-vlan host

  switchport private-vlan host-association 397 396

  no shutdown

  state enabled

port-profile type ethernet pvlan-uplink

  vmware port-group

  switchport mode private-vlan trunk promiscuous

  switchport private-vlan trunk allowed vlan 119,219,396-397

  switchport private-vlan mapping trunk 397 396

  switchport private-vlan trunk native vlan 219

  channel-group auto mode on mac-pinning

  no shutdown

  system vlan 119

  state enabled

# UCS

- trunk all regular vlans

# N7k - 6.0(3) w/ EPLD6.0(2)

  Note: 5.0(2) + 5.x EPLD required to carry +1 pvlan pair per trunk (max 16 pairs per trunk)

feature private-vlan

vlan 396

  private-vlan primary

  private-vlan association 397

vlan 397

  private-vlan isolated

!

interface Ethernet2/14

  description Physical Server - Promiscuous

  switchport

  switchport mode private-vlan promiscuous

  switchport private-vlan mapping 396 397

  no shutdown

!

interface Ethernet7/25

  description to_UCS#1

  switchport

  switchport mode private-vlan trunk secondary

  spanning-tree port type edge trunk

  spanning-tree bpduguard enable

  spanning-tree bpdufilter enable

  switchport private-vlan trunk allowed vlan 119,219,390-391,396-397

  switchport private-vlan association trunk 396 397

  no shutdown

!

interface Ethernet7/26

  description to_N5k_router

  switchport

  switchport mode private-vlan trunk promiscuous

  spanning-tree port type edge trunk

  switchport private-vlan trunk allowed vlan 119,219,390-391,396-397

  switchport private-vlan mapping trunk 396 397

  no shutdown

# Upstream N5k / router

interface Vlan396

  no shutdown

  ip address 10.10.20.254/24

SV15b# sh mac address-table vlan 397

VLAN      MAC Address       Type    Age       Port                           Mod

---------+-----------------+-------+---------+------------------------------+---

397       0050.56a9.0000    static  0                                        5 

397       0050.56a9.0013    static  0                                        5 

397       0050.56a9.0000    static  0         Veth13                         6   <---VM

397       0050.56a9.0013    static  0         Veth12                         6   <---VM

397       547f.ee2f.3381    dynamic 0         Po4                            6   <---Router

Total MAC Addresses: 5

f340-31-12-ucs-1-B(nxos)# sh mac address-table vlan 397

   VLAN     MAC Address      Type      age     Secure NTFY    Ports         

---------+-----------------+--------+---------+------+----+------------------

* 397      0050.56a9.0000    dynamic   0          F    F  Veth736

* 397      0050.56a9.0013    dynamic   0          F    F  Veth736

N7K-VDC04(config-if)# sh mac address-table vlan 396

   VLAN     MAC Address      Type      age     Secure NTFY Ports/SWID.SSID.LID

---------+-----------------+--------+---------+------+----+------------------

* 396      0050.56a9.0000    dynamic   0          F    F  Eth7/25

* 396      0050.56a9.0013    dynamic   0          F    F  Eth7/25

* 396      547f.ee2f.3381    dynamic   0          F    F  Eth7/26      <---Router

f340-31-19-5548-1# sh mac address-table vlan 396

        age - seconds since last seen,+ - primary entry using vPC Peer-Link

   VLAN     MAC Address      Type      age     Secure NTFY   Ports/SWID.SSID.LID

---------+-----------------+--------+---------+------+----+------------------

* 396      0050.56a9.0000    dynamic   10         F    F  Po1000      <---PO to UCS

* 396      0050.56a9.0013    dynamic   0          F    F  Po1000

* 396      547f.ee2f.3381    static    0          F    F  Router

0 Helpful
Comments
hdecreis
Level 1
Level 1
‎03-25-2013 07:35 AM

Hi !

Thanks for this wrap-up on the scenario (upstream-nexus: with hosts) - (UCS: without physical srvs) - (1KV: hosting vms).

First, I agree, you should use a different vlan as primary, swapping primary and isolated on the middle hop could be extremely confusing for a supporting team.

I have a less-comfortable scenario: Let's imagine you have the following:

- UCS with

    - ESXi hosts with Nexus 1kv

    - some physical (that is, not ESXi hosts but Win and Linux) hosts

- some physical hosts on the upstream N5K.

All sharing some isolated pvlans.

The only idea (still have to lab it) I've found until now is to:

- dedicate one vNIC on all the 1000v ESXi to each pvlan isolated.

- trunk the isolated+primary pvlans as you would towards "normal" switch on the upstream switch towards UCS

- defines a "proper" pvlan configuration on the UCS, upstream switch, and N1Kv (not promisc-pvlan)

That's really ugly, and does not scale AT ALL.

I can't understand why Cisco is not working on a proper version of PVLAN for UCS: the configuration on the 5K is quite easy, what difference does that make ?

Someone at Cisco, any idea when will UCS support PVLANs _PROPERLY_ ? is that even on the roadmap ?

Thanks,

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents