Ask the Expert: Nexus 5000, 3000 and 2000 Series - Page 5

ciscomoderator · ‎10-07-2011

With Lucien Avramov

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn about design, configuration and troubleshooting of the Cisco Nexus 2000, 3000, 5000 Series with cisco Expert Lucien Avramov. Lucien Avramov is a technical marketing engineer in the Server Access Virtualization Business Unit at Cisco, where he supports the Cisco Nexus 5000, 3000 and 2000 Series. He has several industry certifications including CCIE #19945 in Routing and Switching, CCDP, DCNIS, and VCP #66183

Remember to use the rating system to let Lucien know if you have received an adequate response.

Lucien might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Data Center sub-community discussion forum shortly after the event. This event lasts through October 21, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

Lucien Avramov · ‎10-19-2011

This is for the server ports. Let's say you dual home a server to 2 2148, then the server can be only with 1 port going to one 2148 and the other to the other 2148 with a vPC.

The 2148 10GE ports: you can use 4 of them if you desire.

Luciano Vigano' · ‎10-20-2011

Ciao Lucien,

now it's clear ... I think that the drowing in Chapter six was (for me!!) a little confusing

You have a message

Ciao e grazie!

Luciano

smartboy2255 · ‎10-19-2011

HI Lucien,

I have 2 * 5020 Nexus switch. Between Nexus I have port channel 5. Two ports are binded in the port channel5.I am frequently getting below error message and port channel is getting down.Port channel 5 is between my nexus switches.

Eth1/37 1 eth trunk down DCX-No ACK in 100 PDUs 10G(D) 5

Eth1/38 1 eth trunk down DCX-No ACK in 100 PDUs 10G(D) 5

Can you pls help on this..

Regards,

Ajith

Lucien Avramov · ‎10-20-2011

The error message that you have is due to missing ACK messages for Data Center Bridging type of traffic.

The port error disables every 50 minutes which is consistent with the error.
If 100 ACKs were missed in 100 PDUs, with default 30 second timer between PDUs this means
the interface is up for exactly 50 minutes before going down.

Typically this is related to physical cabling issues. 
The other case is if you upgraded from 4.1 to 5.0.3, if you did such upgrade and are not on latest 
5.0.3 code (5.0(3)N2(2)) you may experience this as well, in this case make sure you run the latest 
software revision.

vikkd1234 · ‎10-19-2011

Hi, can u have a redundant pair of firewalls connected as a sandwich between a pair of 5Ks on the inside of the FW using vPC and a pair of routers on the outside of the FW? Does this put any constraints on the firewall with regards to running it in Transparent or L3 mode due to the vPC design caveat related to duplicate frame prevention of not being able to route across the vPC peer link if the packet comes in on a vPC member link.

If the FWs were running in L3 routed mode using only static routes while the inside N5ks were forming a BGP peer with the routers on the outside would that scenario work inspite of the vPC loop prevention logic?

Tx

Lucien Avramov · ‎10-21-2011

You can not connect L3 device on each n5k and peer via L3 on the peer-link. You may find to see this to work actually when you configure it, however there are complications and therefore this is not supported for now. It will have to be prioritized on the software roadmap to be looked, make sure to communicte this to your account team so we can investigate further.

tiwang · ‎10-20-2011

Hi Lucien

I have been through Cisco DCI ver 2.0 design guide to find some problems in using the NX5k for the DCI between two sites (dark fiber - 2 10G connections - pure L2 with 50 km distance between) but everywhere I find NX7K instead of NX5K - besides of a more sophistacated L3 capable box - do I get any benefits of using a 7K here instead of the nx 5K - are there some difference in the vPC between nx 7k and nx 5k ?

Other question - I have a vPC running between 2 set of nexus boxes - if I issue the command "show vpc sta vpc 15" will I then only get the statistics from the local portchannel allocated on this box or from both boxes in the vPC - eg both interfaces in vpc 15 on the local and peer device)?

Lucien Avramov · ‎10-21-2011

There are no specific issues with Nexus 5000 regarding ethernet over dark fiber. The products are different as far as scale and the n7k is typically positionned for those types of workloads hence the paper you find mainly discusses n7k.

When you use the command show vpc statistics vpc X, this will display the local statistics only.

It's the same as using a show interface port-channel Y (where the vpc X is configured for port-channel Y)

Example:

nexus# show int po 3

port-channel3 is up

vPC Status: Up, vPC number: 3

Hardware: Port-Channel, address: 0005.73ff.5f51 (bia 0005.73ff.5f51)

MTU 1500 bytes, BW 20000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA

Port mode is trunk

full-duplex, 10 Gb/s

Beacon is turned off

Input flow-control is off, output flow-control is off

Switchport monitor is off

EtherType is 0x8100

Members in this channel: Eth1/10, Eth1/11

Last clearing of "show interface" counters never

30 seconds input rate 32536 bits/sec, 4067 bytes/sec, 50 packets/sec

30 seconds output rate 2304 bits/sec, 288 bytes/sec, 3 packets/sec

nexus# show vpc statistics vpc 3

port-channel3 is up

vPC Status: Up, vPC number: 3

Hardware: Port-Channel, address: 0005.73ff.5f51 (bia 0005.73ff.5f51)

MTU 1500 bytes, BW 20000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA

Port mode is trunk

full-duplex, 10 Gb/s

Beacon is turned off

Input flow-control is off, output flow-control is off

Switchport monitor is off

EtherType is 0x8100

Members in this channel: Eth1/10, Eth1/11

Last clearing of "show interface" counters never

30 seconds input rate 32536 bits/sec, 4067 bytes/sec, 50 packets/sec

30 seconds output rate 2304 bits/sec, 288 bytes/sec, 3 packets/sec

vikkd1234 · ‎10-21-2011

Hi Lucien,

Thx for replying to my post earlier regarding L3 over vPC. Can you direct me to the specific document that speaks more on this topic referencing the diagram you posted. From what I have read on the documents I could find on cisco as well as external resources it seems that you cannot run routing over a vPC peer link with an external device because of the design caveat related to duplicate frame prevention of not being able to route across the vPC peer link if the packet comes in on a vPC member link. Does this limitation still hold true? If it does than I am a bit confused when you mention "You can even peer routing over them like you would do on top of a regular L2 shared network as the example here". Thx for your help.

Lucien Avramov · ‎10-21-2011

You're correct no routing over a VPC peer-link