cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2058
Views
0
Helpful
1
Replies

Facebook Forum: Basic introduction and troubleshooting on Cisco Nexus 7000 NX-OS Virtual Device Context(VDC)

ciscomoderator
Community Manager
Community Manager

Live chat with Cisco expert Vignesh Rajendran

Facebook_Forum_Template_067.png

When: January 3, 2012 7:00 - 8:00 AM PST (San Francisco; UTC -8:00 hrs)

This corresponds to:

4:00 PM CET(Paris; UTC +1 hr)

8:00 PM PKT (Pakistan, UTC +5 hrs)

8:30 PM IST (India; UTC +5:30 hrs)

10:00 PM (Indonesia; UTC +7 hrs)

What: Facebook Forum. (Live chat with a Cisco expert on Facebook)

How to participate: On the event date and time, go to our Facebook event page http://on.fb.me/VhdeUZ and join the forum. To RSVP visithttp://on.fb.me/VhdeUZ.

Topic Details: The Cisco® Nexus 7000 Series Switches introduce support for the Cisco NX-OS Software

platform, a new class of operating system designed for data centers. Based on the Cisco MDS 9000 SAN-OS platform, Cisco NX-OS introduces support for virtual device contexts (VDCs), which allows the switches to be virtualized at the device level. Each configured VDC presents itself as a unique device to connected users within the framework of that physical switch. The VDC runs as a separate logical entity within the switch, maintaining its own unique set of running software processes, having its own configuration, and being managed by a separate administrator.

Reference Url:

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/White_Paper_Tech_Overview_Virtual_Device_Contexts.html

About the Expert: Vignesh R. P. is a customer support engineer in the Cisco High Touch Technical Support center in Bangalore, India, supporting Cisco's major service provider customers in routing and MPLS technologies. His areas of expertise include routing, switching, and MPLS. Previously at Cisco he worked as a network consulting engineer for enterprise customers. He has been in the networking industry for 8 years and holds CCIE certification in the Routing & Switching and Service Provider tracks.

1 Reply 1

ciscomoderator
Community Manager
Community Manager

Here's a condensed summary of this forum in a Q&A format.

How does the a single vdc in nexus does cover the entire switching to routing perspective in a lan or it is specifically a product of datacenter only?

A single VDC in Nexus 7K would act like a normal switch & it is not specific to data centre. It can be placed in any environment ranging from data centre, enterprise network as well as service provider.

In NX-OS there are two flavours of OS: kickstart OS and IOS. What's the exact reason for going for two flavours of OS?

The Nexus 7000 has two images in order to run. The first is a Kickstart image and the second is the actual System image. The Kickstart image contains the Linux kernel, basic drivers, and initial file system. The System Image contains the system software and infrastructure code.

Updating a NX-OS is very time consuming. It's such a hefty file!! And the procedure we follow for it is also very complex. Can't it be minimised or eased? Are there any new procedure to follow up in this regards?

Perform the upgrade using the install all command at the command prompt on the active supervisor module.

switch# install all kickstart bootflash:n7000-s1-kickstart.4.0.1a.bin system

bootflash:n7000-s1-dk9.4.0.1a.bin

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_0/nx-os/upgrade/guide/nx-os_upgrade.html

VDC is to switching as VRF is to routing?

VDC feature helps enable the virtualization of a single physical device in one or more logical devices. A maximum of 4 VDCs can be created on a single N7K switch. So it is like having 4 Virtual switches on a single physical device. A VDC cannot be equated to a VRF though VRF too is logical.

What is the importance of kickstart image?

The Kickstart image contains the Linux kernel, basic drivers, and initial file system.

While we create multiple VDC do they bootup with a common kernel? What happens when kernel crashes - does it impact only the whole Nexus box?

Yes, if the kernel crashes the whole device would crash.

What are the recommendations for resource allocations for default VDC? I mean default VDC being the main VDC should it be allowed some min or max percentage of resources.

You can change the individual resource limits after you create the VDC as follows:

• Change an individual resource limit for a single VDC.

• Change the resource limits in a non-default VDC resource template and apply the template to the VDC. 7:51 AM

You can refer the below link for more insights

http://www.cisco.com/en/US/docs/switches/datacenter/sw/nx-os/virtual_device_context/configuration/guide/vdc_templates.html

While I give 5000 ping between two directly connected Nexus 7K's, I am getting 4-5 packet drops. What is the reason for that? I think its due to COPP, but what is the advantage of COPP in Nexus and why this feature is not in Higher end catalyst switches?

Depends if there is a pattern in packets drops or it's random. If there is a pattern seen then might be due to the rate-limit config on the box.

In Nexus COPP is available by default which can still be edited but whereas in devices like 7600 & 6500 we need to configure COPP manually. Basically protecting the CPU is the key.

Is it possible to configure secondary IP address for vlan interface in Nexus 7K. If possible what is the command for that?

Yes it is possible:

interface Vlan100

no ip redirects

ip address 2.2.2.2/24

ip address 1.1.1.1/24 secondary

Here is some bonus information prepared by our expert on this topic in a Q&A format

What is Cisco Nexus 7000 all about?

The Cisco Nexus 7000 Series offers a comprehensive one-platform solution for the data center core network. It also offers aggregation, high density, and end-of-row and top-of-rack server connectivity. For campus core deployments, it provides a scalable, highly resilient, high-performance solution.

The Cisco Nexus 7000 Series platform runs on Cisco NX-OS Software. It was specifically designed for the most mission-critical deployments in the data center and campus.

How does the fundamental N7K specifications look like?

Specifications at a Glance

Number of slots:             4, 9, 10, and 18

Bandwidth per slot:             550 Gbps

Max switching capacity:  17.6 Tbps

Redundant supervisors:   Yes

Hitless software upgrade: Yes (In Service Software Upgrade (ISSU))

Switch virtualization:             Yes (Virtual Device Context (VDC))

What are the striking differences between NX-Os & IOS?

If you are familiar with traditional Cisco IOS command-line interface (CLI), the CLI for NX-OS is similar to Cisco IOS. There are key differences that should be understood prior to working with NX-OS, however:

• When you first log into NX-OS, you go directly into EXEC mode.

• NX-OS has a setup utility that enables a user to specify the system defaults, perform basic configuration, and apply a predefined Control Plane Policing (CoPP) security policy.

• NX-OS uses a feature-based license model. An Enterprise or Advanced Services license is required depending on the features required.

•NX-OS has the capability to enable and disable features such as OSPF, BGP, and so on via the feature configuration command. Configuration and verification commands are not available until you enable the specific feature.

•Interfaces are labeled in the configuration as Ethernet. There aren't any speed designations in the interface name. Interface speed is dynamically learned and reflected in the appropriate show commands and interface metrics.

•NX-OS supports Virtual Device Contexts (VDC), which enable a physical device to be partitioned into logical devices. When you log in for the first time, you are in the default VDC.

•The Cisco NX-OS has two preconfigured instances of VPN Routing Forwarding (VRF) by default (management, default). By default, all Layer 3 interfaces and routing protocols exist in the default VRF. The mgmt0 interface exists in the management VRF and is accessible from any VDC. If VDCs are configured, each VDC has a unique IP address for the mgmt0 interface.

•Default login administrator user is predefined as admin; a password has to be specified when the system is first powered up. With NX-OS, you must enter a username and password; you cannot disable the username and password login. In contrast, in IOS you can simply type a password; you can optionally set the login to require the use of a username.

•NX-OS uses a kickstart image and a system image. Both images are identified in the configuration file as the kickstart and system boot variables; this is the same as the Cisco Multilayer Director Switch (MDS) Fiber Channel switches running SAN-OS.

•NX-OS removed the write memory command; use the copy running-config startup-config; there is also the alias command syntax.

•The default Spanning Tree mode in NX-OS is Rapid-PVST+.

What is a Kickstart image?

The Nexus 7000 has two images in order to run. The first is a Kickstart image and the second is the actual System image. The Kickstart image contains the Linux kernel, basic drivers, and initial file system. The System Image contains the system software and infrastructure code.

What is Connectivity Management Processor (CMP)?

The supervisor incorporates an innovative dedicated connectivity management processor (CMP) to support remote management and troubleshooting of the complete system. The CMP provides a complete out-of-band management and monitoring capability independent from the primary operating system. The CMP enables lights out management of the supervisor module, all modules, and the Cisco Nexus 7000 Series system without the need for separate terminal servers with the associated additional complexity and cost. The CMP delivers the remote control through its own dedicated processor, memory, and boot flash memory and a separate Ethernet management port. The CMP can reset all system components, including power supplies; it can also reset the host supervisor module to which it is attached, enabling a complete system restart.

What is VOQ?

The Cisco Nexus 7000 series devices implement an advanced technology called Virtual Output Queues that can help to alleviate a condition known as Head-of-Line (HOF) blocking. Head-of-Line blocking can occur when traffic from multiple interfaces contend for the same egress port. Specifically, what ends up happening is traffic that is destined for a non-congested port, can actually be blocked by traffic that is waiting for a congested resource.

The Virtual Output Queuing system works as follows:

Step 1 – each module informs the supervisor engine of the egress buffers that are available

Step 2 – each module creates a Virtual Output Queue for each egress buffer

Step 3 – when a frame is to be switched between modules, the ingress module queues the frame in a VOQ, the ingress module then requests permission to transmit the frame over the crossbar to the egress module

Step 4 – if the egress buffers are available, the central arbiter grants the request from the ingress module and deducts one record from the available egress buffers; the frame is then transmitted

Step 5 – when the egress modules is able to transmit the frame on the physical port, it notifies the supervisor engine that the egress buffer is now available

The hope is that Virtual Output Queues can result in the following:

•Fair access to bandwidth for multiple ingress ports transmitting to one egress port

•The prevention of congested egress ports from blocking ingress traffic destined for other ports

•Priority traffic taking precedence over best effort traffic

What is VDC (Virtual Device context)?

Cisco's VDC feature helps enable the virtualization of a single physical device in one or more logical devices. Each of the provisioned logical devices is configured and managed as if it were a separate physical device. Operating system processes and hardware resources can be partitioned and grouped to form a VDC. This logical partitioning of the device throughout the control, data, and management planes provides similar fault domain isolation and enables the approximation of air-gapped multidevice network environments. In fact, the same VLAN number can be configured in different VDCs without problems. Note, though, that the VDC is a local construct and does not extend between two devices.

What are the Switch resources that can & cannot be allocated to a VDC?

Switch Resources that Can Be Allocated to a VDC are Physical Interfaces, PortChannels, Bridge Domains and VLANs, HSRP and GLBP Group IDs, and SPAN.

Switch Resources that Cannot Be Allocated to a VDC are CPU*, Memory*, TCAM Resources such as the FIB, QoS, and Security ACLs.

* Future releases may allow allocation of CPU or memory to a VDC.

How to create a VDC and assign interfaces to it?

N7K1-VDC1# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

N7K1-VDC1(config)# vdc N7K1-VDC2

Note: Creating VDC, one moment please ...

N7K1-VDC1(config-vdc)# show vdc

vdc_id vdc_namestate mactype lc

--------------------------------------------

1 N7K1-VDC1 active 00:26:51:c7:34:41Ethernet m1f1m1xl

2 N7K1-VDC2 active 00:26:51:c7:34:42Ethernet m1f1m1xl

3 N7K1-VDC3 active 00:26:51:c7:34:43Ethernet m1f1m1xl

4 N7K1-VDC4 active 00:26:51:c7:34:44Ethernet m1f1m1xl

N7K1-VDC1(config-vdc)# allocate interface e8/1-12

Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes] yes

N7K1-VDC1(config-vdc)# show vdc membership

vdc_id: 4 vdc_name: N7K1-VDC2 interfaces:

Ethernet8/1 Ethernet8/2 Ethernet8/3

Ethernet8/4 Ethernet8/5 Ethernet8/6

Ethernet8/7 Ethernet8/8 Ethernet8/9

Ethernet8/10 Ethernet8/11 Ethernet8/12

How to switch between VDCs?

After the VDC has been created, resource limits assigned and physical ports have been allocated, the administrator must session into, or switch to that VDC to perform additional configuration. From the default VDC CLI, the active VDCs can be seen using the following command:

switch# show vdc

vdc_id vdc_name state mac

------ -------- ----- ----------

1 switch active 00:18:ba:d8:4c:3d

2 production active 00:18:ba:d8:4c:3e

3 beta active 00:18:ba:d8:4c:3f

The switchto command is used to allow the administrator to move between VDCs. When in the default VDC, the administrator can move to any VDC that is shown in the preceding VDC list. For example, switching to the engineering VDC is done as follows:

switch# switchto vdc ?

production VDC number 2

beta VDC number 3

switch VDC number 1

switch# switchto vdc production

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2007, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software may be covered under the GNU Public License or the GNU Lesser General Public License. A copy of

each such license is available at http://www.gnu.org/licenses/gpl.html and http://www.gnu.org/licenses/lgpl.html

switch(vdc)# show vdc current-vdc

Current vdc is 2

switch(vdc)#

What is Virtual Device Context Administration all about?

The VDC architecture defines a number of administrator levels that can be used to administer the physical switch and the VDCs. Each level defines access rights to configuration commands that can be invoked on the switch at both a global level and within a VDC. Commands outside the scope of a given user role are either hidden from the user's view or can return an error if the command is invoked. There are three user levels as seen in the following figure-super user, VDC administrator and VDC user.

---------------------------------------------------------------------------------------------------------------------------

Here are the links to the actual forum that took place on Facebook:

http://www.facebook.com/events/345354148905796/permalink/346234355484442/

http://www.facebook.com/events/345354148905796/permalink/346235565484321/

http://www.facebook.com/events/345354148905796/permalink/346239335483944/

http://www.facebook.com/events/345354148905796/permalink/346240592150485/

http://www.facebook.com/events/345354148905796/permalink/346243875483490/

Here's the link to the event announcement page on Facebook:

http://www.facebook.com/events/345354148905796/

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: