Hi Steven,Q: "Do I still need

Steven Williams · ‎04-18-2014

really need some guidance here....I am trying to deploy the 1000v in l3 mode, which to my understanding using mgmt0 and control0 only. Packet and control traffic are carried on the same interface. So here are my questions:

Do I still need 3 port-groups for mgmt., packet, and control or can I do control and mgmt only?

Do my VSMs still need 3 nic's? If 3 port-groups are not configured but I need 3 nics, do you map two nics to control vlan?

...

I am not using vlan 1 at all, my native vlan is set to 202 in USCM which is the same vlan my ESXi hosts reside in, so therefore the Esxi management port group on my current vDS does not use a vlan ID. Does the vlan 1 in 1000v map to my native vlan of 202 or do I need to configure the 1000v specifically for vlan 202? Examples I am looking at are using vlan 1 everyone and it confuses me.

The vlan that is created for Control0 has to be different than my mgmt0 vlan, but does this vlan need to exist on the links from the FI to 5108 Chassis?

I am getting really lost on the whole native vlan and vlan 1 thing...I have literally been at this for months with many "hand up, give up" moments.

show run

!Command: show running-config
!Time: Sat Apr 19 01:01:37 2014

version 4.2(1)SV2(2.2)
svs switch edition essential

no feature telnet

username admin password 5 $1$pIdF9m7q$PIhIpsr//2BIkySzd5y9r. role network-admin

banner motd #Nexus 1000v Switch#

ip domain-lookup
ip host N1KV-01 10.170.202.5
switchname N1KV-01
errdisable recovery cause failed-port-state
vem 3
host id c4b52629-fbe7-e211-0000-000000000005
snmp-server user admin network-admin auth md5 0x7bfb0100d1a2c5faf79c77aad3c8ecec p
riv 0x7bfb0100d1a2c5faf79c77aad3c8ecec localizedkey
snmp-server community atieppublic group network-operator
ntp server 10.170.5.10

vrf context management
ip route 0.0.0.0/0 10.170.202.1
vlan 1,5,201-205,900

port-channel load-balance ethernet source-mac
port-profile default max-ports 32
port-profile type ethernet Unused_Or_Quarantine_Uplink
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type ethernet VM-Sys-Uplink
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 1,5,201-205,900
switchport trunk native vlan 202
channel-group auto mode on mac-pinning
no shutdown
system vlan 1,5,201-205,900
state enabled
port-profile type vethernet Mgmt1
vmware port-group
switchport mode access
switchport access vlan 1
no shutdown
state enabled
port-profile type vethernet N1KV-Control
vmware port-group
switchport mode access
switchport access vlan 201
no shutdown
system vlan 201
state enabled
port-profile type vethernet vMotion
vmware port-group
switchport mode access
switchport access vlan 203
no shutdown
state enabled
port-profile type vethernet Servers-Prod
vmware port-group
switchport mode access
switchport access vlan 5
no shutdown
state enabled
port-profile type vethernet N1kV-Mgmt
vmware port-group
switchport mode access
switchport access vlan 202
no shutdown
system vlan 202
state enabled
port-profile type vethernet NS_NI_1_1
vmware port-group
switchport mode access
switchport access vlan 5
no shutdown
state enabled
port-profile type vethernet NFS
vmware port-group
switchport mode access
no shutdown
state enabled
port-profile type vethernet DMZ
vmware port-group
switchport mode access

system storage-loss log time 30
vdc N1KV-01 id 1
limit-resource vlan minimum 16 maximum 2049
limit-resource monitor-session minimum 0 maximum 2
limit-resource vrf minimum 16 maximum 8192
limit-resource port-channel minimum 0 maximum 768
limit-resource u4route-mem minimum 1 maximum 1
limit-resource u6route-mem minimum 1 maximum 1

interface mgmt0
ip address 10.170.202.5/24

interface control0
line console
boot kickstart bootflash:/nexus-1000v-kickstart.4.2.1.SV2.2.2.bin sup-1
boot system bootflash:/nexus-1000v.4.2.1.SV2.2.2.bin sup-1
boot kickstart bootflash:/nexus-1000v-kickstart.4.2.1.SV2.2.2.bin sup-2
boot system bootflash:/nexus-1000v.4.2.1.SV2.2.2.bin sup-2
svs-domain
domain id 202
control vlan 201
packet vlan 201
svs mode L3 interface mgmt0
svs connection vcenter
protocol vmware-vim
remote ip address 10.170.5.35 port 80
vmware dvs uuid "7a 82 10 50 a3 3c 4c fe-df 91 60 28 66 1d 6f 59" datacenter-nam
e Nashville HQ
admin user n1kUser
max-ports 8192
connect
vservice global type vsg
tcp state-checks invalid-ack
tcp state-checks seq-past-window
no tcp state-checks window-variation
no bypass asa-traffic
vnm-policy-agent
registration-ip 0.0.0.0
shared-secret **********
log-level

N1KV-01# show vlan br

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
5    VLAN0005                         active
201 VLAN0201                         active
202 VLAN0202                         active
203 VLAN0203                         active
204 VLAN0204                         active
205 VLAN0205                         active
900 VLAN0900                         active

N1KV-01# show mod
Mod Ports Module-Type                       Model               Status
--- ----- -------------------------------- ------------------ ------------
1    0      Virtual Supervisor Module         Nexus1000V          ha-standby
2    0      Virtual Supervisor Module         Nexus1000V          active *

Mod Sw                  Hw
--- ------------------ ------------------------------------------------
1    4.2(1)SV2(2.2)      0.0
2    4.2(1)SV2(2.2)      0.0

Mod Server-IP        Server-UUID                           Server-Name
--- --------------- ------------------------------------ --------------------
1    10.170.202.5     NA                                    NA
2    10.170.202.5     NA                                    NA

* this terminal session

Joe LeBlanc · ‎04-21-2014

Hi Steven,

Q: "Do I still need 3 port-groups for mgmt., packet, and control or can I do control and mgmt only?"

A: In reality, everything could be on the same VLAN. But that would be poor practice... So the answer is, control and management should be on two different L2 networks. This means two different port-profiles are needed. For the packet adapter (third adapter), I would assign a dummy port-profile.

Q: "I am not using vlan 1 at all, my native vlan is set to 202 in USCM which is the same vlan my ESXi hosts reside in, so therefore the Esxi management port group on my current vDS does not use a vlan ID. Does the vlan 1 in 1000v map to my native vlan of 202 or do I need to configure the 1000v specifically for vlan 202? Examples I am looking at are using vlan 1 everyone and it confuses me."

A: VLAN 1 on N1k does not map to Native VLAN 202 on the UCS. You would need to configure N1k specifically. If your vethernet port-profile is config'd for 'sw acc vlan 202' and your uplink port-profile is 'sw tr native vlan 202', the frames will be sent out of n1k untagged. Which is, i think, what you're going for...

Q: The vlan that is created for Control0 has to be different than my mgmt0 vlan, but does this vlan need to exist on the links from the FI to 5108 Chassis?

A: Yes. The Control0 interface on VSMs are used for HA heartbeats between the two VSMs. The traffic between VSMs is L2. So if the VSMs live on different hosts, that control VLAN needs to be end to end between the hosts.

Feel free to get back with questions and we can try to work through your scenario.

Thanks,

Joe

Nexus1000v Configuration and Migration from vmware vDS