cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
18593
Views
10
Helpful
24
Replies

Nexus 7K port channel to F5 LTM load balancer

josephsmar
Level 1
Level 1

I am hoping some has set this up already, but I have not been able to find any examples in this forum or on the internet. What we are trying to do is setup a port channel from our nexus 7k to a F5 LTM load balancer. The links are two 10gig. One thing I found was the when applying the channel group to the interface you need to use the following command: 

 

channel-group XX mode active

 

This is for the lacp portion of the interface. We set that and setup the LTM, but still cannot get traffic to pass.

1 Accepted Solution

Accepted Solutions

Hello, I have configured N7Ks with F5 5200v's before, here is what I do. This design is probably a little more complex than yours since we use vCMPs on the F5 and vPCs on the N7Ks, but never the less, it should be more or less similar/same.

Config on F5:

 

N7K-1 Config:

DC1-N7K1# show port-channel summary interface port-channel 10
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
10    Po10(SU)    Eth      LACP      Eth3/41(P)   
DC1-N7K1# 
DC1-N7K1# 
DC1-N7K1# show run int po10

!Command: show running-config interface port-channel10
!Time: Fri Jan 30 08:24:46 2015

version 6.2(8a)

interface port-channel10
  description ## Uplink to DC1-F5LTM-PROD01 ##
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 18,24,1103
  spanning-tree port type edge trunk
  spanning-tree bpduguard enable
  logging event port link-status
  logging event port trunk-status
  vpc 10

DC1-N7K1# show run int e3/41

!Command: show running-config interface Ethernet3/41
!Time: Fri Jan 30 08:24:52 2015

version 6.2(8a)

interface Ethernet3/41
  description ## Uplink to DC1-F5LTM-PROD01 ##
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 18,24,1103
  spanning-tree port type edge trunk
  spanning-tree bpduguard enable
  logging event port link-status
  logging event port trunk-status
  channel-group 10 mode active
  no shutdown

DC1-N7K1#

 

DC1-N7K2

 

DC1-N7K2# show port-channel summary interface port-channel 10
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
10    Po10(SU)    Eth      LACP      Eth3/41(P)   
DC1-N7K2# 
DC1-N7K2# 
DC1-N7K2#  show run int po10

!Command: show running-config interface port-channel10
!Time: Fri Jan 30 08:26:11 2015

version 6.2(8a)

interface port-channel10
  description ## Uplink to DC1-F5LTM-PROD01 ##
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 18,24,1103
  spanning-tree port type edge trunk
  spanning-tree bpduguard enable
  logging event port link-status
  logging event port trunk-status
  vpc 10

DC1-N7K2# 
DC1-N7K2# 
DC1-N7K2# 
DC1-N7K2# show run int e3/41

!Command: show running-config interface Ethernet3/41
!Time: Fri Jan 30 08:26:21 2015

version 6.2(8a)

interface Ethernet3/41
  description ## Uplink to DC1-F5LTM-PROD01 ##
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 18,24,1103
  spanning-tree port type edge trunk
  spanning-tree bpduguard enable
  logging event port link-status
  logging event port trunk-status
  channel-group 10 mode active
  no shutdown

DC1-N7K2# 

 

I usually set them up with 2 N7Ks with vPC, but you can ignore the vPC config.

In case anyone is interested at vpc, and what is shown on N7Ks with this setup:

Same for these on both sides N7Ks.

DC1-N7K2# show vpc consistency-parameters interface port-channel 10

    Legend:
        Type 1 : vPC will be suspended in case of mismatch

Name                        Type  Local Value            Peer Value             
-------------               ----  ---------------------- -----------------------
STP Port Type               1     Edge Trunk Port        Edge Trunk Port       
STP Port Guard              1     Default                Default               
STP MST Simulate PVST       1     Default                Default               
lag-id                      1     [(2000,                [(2000,               
                                  0-23-4-ee-be-1, 800a,  0-23-4-ee-be-1, 800a, 
                                  0, 0), (c9c0,          0, 0), (c9c0,         
                                  0-23-e9-88-c9-c0, 3,   0-23-e9-88-c9-c0, 3,  
                                  0, 0)]                 0, 0)]                
mode                        1     active                 active                
Speed                       1     10 Gb/s                10 Gb/s               
Duplex                      1     full                   full                  
Port Mode                   1     trunk                  trunk                 
Native Vlan                 1     1103                   1103                  
MTU                         1     1500                   1500                  
LACP Mode                   1     on                     on                    
Interface type              1     port-channel           port-channel          
Admin port mode             1     trunk                  trunk                 
vPC card type               1     Clipper                Clipper               
Allowed VLANs               -     18,24,1103             18,24,1103            
Local error VLANs           -     -                      -                     
DC1-N7K2# 
DC1-N7K2# show vpc 10 


vPC status
----------------------------------------------------------------------
id   Port      Status Consistency Reason                  Active vlans
--   ----      ------ ----------- ------                  ------------
10   Po10      up     success     success                    18,24,1103      
 

Hope this helps.

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

24 Replies 24

Reza Sharifi
Hall of Fame
Hall of Fame

Do you have 2 7ks or just 1?

Can you post the config from the 7k?

also can you post:

sh port-channel summary interface port-channel x/x (x/x is the po that connects to F5.

Are you running vrrp on the F5s?

 

 

We are running only 1 7K.

I cannot post the whole config. The F5 is not runnning vrrp.

XX  PoXX(SD)  Eth      NONE     Ethx/x(D) Ethx/x(D)

interface port-channelXX
  description -----
  switchport access vlan X
  switchport trunk native vlan X
  switchport trunk allowed vlan X,X,X,X
  spanning-tree port type normal

interface Ethernet8/12  
  switchport mode trunk
  switchport access vlan x
  switchport trunk native vlan x
  switchport trunk allowed vlan x,x,x,x,x
  spanning-tree port type normal
  channel-group 2012 mode active
  no shutdown


interface Ethernet8/13  
  switchport mode trunk
  switchport access vlan x
  switchport trunk native vlan x
  switchport trunk allowed vlan x,x,x,x,x
  spanning-tree port type normal
  channel-group 2012 mode active
  no shutdown

 

 

SD indicate that the po is in suspended mode and down.

What is the output of sh int poxx?

try this

config t

no int poxx

interface Ethernet8/12

switchport mode trunk

switchport trunk native vlan x
  switchport trunk allowed vlan x,x,x,x,x 
  channel-group xx mode active
  no shutdow

 

interface Ethernet8/13

switchport mode trunk
  switchport trunk native vlan x
  switchport trunk allowed vlan x,x,x,x,x
  channel-group xx mode active
  no shutdow

int po xx

switchport trunk native vlan x
  switchport trunk allowed vlan x,x,x,x,x

no sh

and test again with "sh int poxx"

HTH

 

It is shut down right now, we had to resort to setting up a single trunk interface and a single switchport access interface so we could test connectivity. 

oh ok, understand. When you have time and a maintenance window you can try the above. When building a layer-2 port-channel, there is no need to build the po itself first.  When you add the physical interfaces to the po id you want, the switch will create that po id for you but keep it in "sh" mode until you issue "no sh". From that point you add all the configs to the po interface only and the physical interfaces will inherit the configs.

Good Luck

 

So basically you want me to set it up that same way it is now, leave out the 

switchport access vlan x  command?

Correct.

the "switchport access vlan x"  command does not have any effect as the port mode is already trunk.  So, there is no need for it.

HTH

Would it keep the port channel from passing traffic?

No, it will not have any effect on the port-channel.


 

As Reza says it should have no effect on the links.

You should add a "switchport mode trunk" to your port channel configuration.

I haven't done what you are trying to do but from the Cisco end it is fairly straightforward.

When it was not passing traffic was the etherchannel actually showing as up on the Cisco end ?

You are using LACP on the etherchannel, have you selected that on the LTM as well ?

I did a quick search and there seems to be differing opinions on what the LTM should use ie. LACP active or passive as both have been reported to work.

As long as it one or the other then that should be okay.

Jon

Yeah, we have lacp set on the LTM and I found the same thing active passive. There was one thread on F5s forum that said to set the uldl value on the interface.

You shouldn't need to.  As long as the load balancer side is passive you are good.

 

We do have the load balancer set to passive and the nexus set to active. Still no traffic will pass. What I would love to find is someone who has configured this exact setup and get a sample configuration from them. Also what was setup on the F5 as well. 

Hello, I have configured N7Ks with F5 5200v's before, here is what I do. This design is probably a little more complex than yours since we use vCMPs on the F5 and vPCs on the N7Ks, but never the less, it should be more or less similar/same.

Config on F5:

 

N7K-1 Config:

DC1-N7K1# show port-channel summary interface port-channel 10
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
10    Po10(SU)    Eth      LACP      Eth3/41(P)   
DC1-N7K1# 
DC1-N7K1# 
DC1-N7K1# show run int po10

!Command: show running-config interface port-channel10
!Time: Fri Jan 30 08:24:46 2015

version 6.2(8a)

interface port-channel10
  description ## Uplink to DC1-F5LTM-PROD01 ##
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 18,24,1103
  spanning-tree port type edge trunk
  spanning-tree bpduguard enable
  logging event port link-status
  logging event port trunk-status
  vpc 10

DC1-N7K1# show run int e3/41

!Command: show running-config interface Ethernet3/41
!Time: Fri Jan 30 08:24:52 2015

version 6.2(8a)

interface Ethernet3/41
  description ## Uplink to DC1-F5LTM-PROD01 ##
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 18,24,1103
  spanning-tree port type edge trunk
  spanning-tree bpduguard enable
  logging event port link-status
  logging event port trunk-status
  channel-group 10 mode active
  no shutdown

DC1-N7K1#

 

DC1-N7K2

 

DC1-N7K2# show port-channel summary interface port-channel 10
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
10    Po10(SU)    Eth      LACP      Eth3/41(P)   
DC1-N7K2# 
DC1-N7K2# 
DC1-N7K2#  show run int po10

!Command: show running-config interface port-channel10
!Time: Fri Jan 30 08:26:11 2015

version 6.2(8a)

interface port-channel10
  description ## Uplink to DC1-F5LTM-PROD01 ##
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 18,24,1103
  spanning-tree port type edge trunk
  spanning-tree bpduguard enable
  logging event port link-status
  logging event port trunk-status
  vpc 10

DC1-N7K2# 
DC1-N7K2# 
DC1-N7K2# 
DC1-N7K2# show run int e3/41

!Command: show running-config interface Ethernet3/41
!Time: Fri Jan 30 08:26:21 2015

version 6.2(8a)

interface Ethernet3/41
  description ## Uplink to DC1-F5LTM-PROD01 ##
  switchport mode trunk
  switchport trunk native vlan 1103
  switchport trunk allowed vlan 18,24,1103
  spanning-tree port type edge trunk
  spanning-tree bpduguard enable
  logging event port link-status
  logging event port trunk-status
  channel-group 10 mode active
  no shutdown

DC1-N7K2# 

 

I usually set them up with 2 N7Ks with vPC, but you can ignore the vPC config.

In case anyone is interested at vpc, and what is shown on N7Ks with this setup:

Same for these on both sides N7Ks.

DC1-N7K2# show vpc consistency-parameters interface port-channel 10

    Legend:
        Type 1 : vPC will be suspended in case of mismatch

Name                        Type  Local Value            Peer Value             
-------------               ----  ---------------------- -----------------------
STP Port Type               1     Edge Trunk Port        Edge Trunk Port       
STP Port Guard              1     Default                Default               
STP MST Simulate PVST       1     Default                Default               
lag-id                      1     [(2000,                [(2000,               
                                  0-23-4-ee-be-1, 800a,  0-23-4-ee-be-1, 800a, 
                                  0, 0), (c9c0,          0, 0), (c9c0,         
                                  0-23-e9-88-c9-c0, 3,   0-23-e9-88-c9-c0, 3,  
                                  0, 0)]                 0, 0)]                
mode                        1     active                 active                
Speed                       1     10 Gb/s                10 Gb/s               
Duplex                      1     full                   full                  
Port Mode                   1     trunk                  trunk                 
Native Vlan                 1     1103                   1103                  
MTU                         1     1500                   1500                  
LACP Mode                   1     on                     on                    
Interface type              1     port-channel           port-channel          
Admin port mode             1     trunk                  trunk                 
vPC card type               1     Clipper                Clipper               
Allowed VLANs               -     18,24,1103             18,24,1103            
Local error VLANs           -     -                      -                     
DC1-N7K2# 
DC1-N7K2# show vpc 10 


vPC status
----------------------------------------------------------------------
id   Port      Status Consistency Reason                  Active vlans
--   ----      ------ ----------- ------                  ------------
10   Po10      up     success     success                    18,24,1103      
 

Hope this helps.

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
Review Cisco Networking for a $25 gift card