cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1360
Views
0
Helpful
4
Replies

Alternative OOB Management for Nexus 5548UP in vPC - Please Help!

Andres Franco
Level 1
Level 1

Hello everyone,

I've the following scenario:

2x5548UP Nexus devices with interfaces Eth1/1,Eth2/1 as member of Po1 (vPC Peer-link) and using mgmt0 interfaces on both devices for the vPC Peer-keepalive. Nexus don´t have L3 daughter card.

-----------------                                                    ----------------

|                  | mgmt0____vPC-PLK___ mgmt0|                  |

|N5K - 1      |==========Po1============|  N5K-2      |

---------------- Eth1/1,Eth2/1         Eth1/1,Eth2/1 ----------------

   |                                                                                  |

   | Eth2/16                                                                    | Eth2/16

   | (access-port on VlanX)                                            |

   |                              |------------------------|                     |

    -------------------------|Management SW |------------------

                                  |------------------------|

Since I´m using mgmt0 interfaces on both devices for the peer-keepalive, I would like to configure another vrf (different from the management vrf, let´s say the OOB vrf, because the client requires out-of-band management), create an SVI for VlanX as a member of this new OOB management vrf and configure physical interfaces (Eth2/16) as access ports on VlanX.

I already know that mgmt0 interfaces are members of the management vrf, and that all interfaces and SVIs belong to the default vrf. When I created the new OOB vrf and the SVI, the interface VlanX did not came up despite the fact that physical interfaces Eth2/16 on VlanX where showing as up/up.

This is the config I´m using on both Nexus devices (with different IP in each case):

vlan X
 name OOB


vrf context OOB
 ip route 0.0.0.0/0 1.2.3.1

interface VlanX
 description **MANAGEMENT OUT-OF-BAND**
 no shutdown 
 management
 vrf member OOB
 ip address 1.2.3.4/24


interface Ethernet2/16
 description **MANAGEMENT OUT-OF-BAND**
 switchport access vlan X
 speed 1000
 duplex full

Nexus displayed this message:

N5K-1(config)# sh int vlanX

VlanX is down (Non-routable VDC mode), line protocol is down
Hardware is EtherSVI, address is c0c0.c0c0.c0c0
Description: **MANAGEMENT OUT-OF-BAND**
Internet Address is 1.2.3.4/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec

So I decide to configure the management command under the SVI and int VlanX did came up, but I was not able to ping the management switch with and SVI also in VlanX (I will use vlan X as source interface for management protocols, and the client must be able to manage the device in-band using IP address on Vlan1 on the default vrf). I already have the default route on the new OOB vrf. Should this configuration work? How can I provide additional out-of-band management when mgmt0 interfaces are used for vPC peer-keepalive?

Any idea or comment will be appreciated!

Regards.

1 Accepted Solution

Accepted Solutions

jeestrad
Cisco Employee
Cisco Employee

Hello Andres,

From your description and topology, i understood the mgmt0 interfaces are directly connected to each other, correct? Now, without a Layer3 daughter card, you won't be able to bring up any SVI or physical interface as Layer-3. The reason you are able to bring the SVIs Up after associating them to the management VRF is because it will use mgmt0 port as proxy for L3, but it wont be functional.
The best way to proceed in your case without purchasing the Layer-3 daughter card is by changing the current topology. How? Well, the vPC peer keepalive interfaces dont need to be directly connected to each other. the messages sent between them are merely UDP hellos, which never contains any Control or Data plane for the vPC. You can use the Mgmt0 ports to connect the Nexus5k to your customer's OOB Management network, while still functioning as the Peerkeepalive link. The only requirement for this link is that both Mgmt0 ports can reach each other by ping.

That way, your topology would end  up looking like this:

-----------------                                                    ----------------

|                  |                                                     |                  |

|N5K - 1      |==========Po1============|  N5K-2      |

---------------- Eth1/1,Eth2/1         Eth1/1,Eth2/1 ----------------

   |                                                                                  |

   | mgmt0            vpc PeerKeepalive                            | mgmt0

   |                                                                                 |

   |(access VlanX)     |------------------------|                     |

    -------------------------|Management SW |------------------ (access-port on VlanX)   

                                  |------------------------|

Best Regards!

View solution in original post

4 Replies 4

jeestrad
Cisco Employee
Cisco Employee

Hello Andres,

From your description and topology, i understood the mgmt0 interfaces are directly connected to each other, correct? Now, without a Layer3 daughter card, you won't be able to bring up any SVI or physical interface as Layer-3. The reason you are able to bring the SVIs Up after associating them to the management VRF is because it will use mgmt0 port as proxy for L3, but it wont be functional.
The best way to proceed in your case without purchasing the Layer-3 daughter card is by changing the current topology. How? Well, the vPC peer keepalive interfaces dont need to be directly connected to each other. the messages sent between them are merely UDP hellos, which never contains any Control or Data plane for the vPC. You can use the Mgmt0 ports to connect the Nexus5k to your customer's OOB Management network, while still functioning as the Peerkeepalive link. The only requirement for this link is that both Mgmt0 ports can reach each other by ping.

That way, your topology would end  up looking like this:

-----------------                                                    ----------------

|                  |                                                     |                  |

|N5K - 1      |==========Po1============|  N5K-2      |

---------------- Eth1/1,Eth2/1         Eth1/1,Eth2/1 ----------------

   |                                                                                  |

   | mgmt0            vpc PeerKeepalive                            | mgmt0

   |                                                                                 |

   |(access VlanX)     |------------------------|                     |

    -------------------------|Management SW |------------------ (access-port on VlanX)   

                                  |------------------------|

Best Regards!

Hello Jeestrad,

Thanks for taking part of your time for replyin to this case. Ok, I understand your proposal.

I just wanted to avoid that kind of topology for vPC peer-keepalive thinking that it might cause some issue to send that heartbeat traffic through the network, but if there is no choice because of the lack of L3 daugther card, I will proceed accordingly. 

Now, just to have the whole view of possible escenarios, would the settings that I was trying to configure work if both nexus had the L3 daugther card?. 

Regards.

Hi Andres,

That is correct, if you have Layer-3 cards installed in your Nexus, you will able to bring up the scenario you described,  with the SVIs being part of the OOB vrf.

About your concerns, remember that if the peerlink keepalive fails,  there is NO impact on Data or Control plane, it just impact on the Role election:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_vpc_ops.html#pgfId-425287

So i believe there is a minor impact if you connect the mgmt0 ports to your Management Switch.

Regards!

-Enrique

Well, thanks for your answer.

I'll try out with the new scenario using mgmt0 interfaces for both management and peer-keepalive.

Regards.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: