Настройка vPC стэка на Cisco Nexus #
Multi-Chassis Link Aggregation (MC-LAG) — это технология, позволяющая объединить несколько физических коммутаторов в единую логическую точку агрегации, обеспечивая избыточность и отказоустойчивость. В отличие от традиционного EtherChannel, который работает внутри одного устройства, MC-LAG позволяет распределить порты агрегации между разными шасси, создавая видимость единого устройства для подключённых клиентов. Реализация MC-LAG варьируется в зависимости от производителя и может использовать различные протоколы для синхронизации состояния между коммутаторами.
Cisco vPC (Virtual Port-Channel) — это проприетарная технология Cisco, реализующая концепцию MC-LAG в экосистеме Nexus. Она позволяет двум физическим коммутаторам Nexus работать как единый логический коммутатор, предоставляя подключённым устройствам возможность использовать агрегацию каналов (Port-Channel) через оба коммутатора одновременно. Это устраняет необходимость в протоколах, таких как Spanning Tree Protocol (STP), для предотвращения петель, и обеспечивает эффективное использование всех доступных линков.
Конфигурация SW-N9K-1 #
SW-N9K-1# sh run
!Command: show running-config
!Running configuration last done at: Mon Apr 7 21:01:57 2025
!Time: Mon Apr 7 21:02:02 2025
version 9.2(3) Bios:version 07.68
hostname SW-N9K-1
vdc SW-N9K-1 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource u4route-mem minimum 248 maximum 248
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature lldp
clock timezone EST 3 3
username admin password 5 6xQ4h6ny20VTQXwES
1 role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 0x33d9333
priv 0x33d9333 localizedkey
rmon event 1 description FATAL(1) owner PMON@FATAL
rmon event 2 description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 description ERROR(3) owner PMON@ERROR
rmon event 4 description WARNING(4) owner PMON@WARNING
rmon event 5 description INFORMATION(5) owner PMON@INFO
ip route 0.0.0.0/0 10.0.91.1
vlan 1-100,1000
vlan 2
name MGMT
vlan 1000
name keepalive
vrf context keepalive
vrf context management
vpc domain 1
role priority 5
peer-keepalive destination 20.20.20.10 source 20.20.20.9 vrf keepalive
interface Vlan1
interface Vlan2
description === MGMT ===
no shutdown
ip address 10.0.91.125/25
interface Vlan1000
description === VPC PEER KEEPALIVE ===
no shutdown
vrf member keepalive
ip address 20.20.20.9/30
interface port-channel2000
description === VPC PEER LINKS ===
switchport
switchport mode trunk
switchport trunk allowed vlan 2-100
spanning-tree port type network
vpc peer-link
interface Ethernet1/1
switchport
switchport access vlan 2
no shutdown
interface Ethernet1/2
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
interface Ethernet1/30
interface Ethernet1/31
interface Ethernet1/32
interface Ethernet1/33
interface Ethernet1/34
interface Ethernet1/35
interface Ethernet1/36
interface Ethernet1/37
interface Ethernet1/38
interface Ethernet1/39
interface Ethernet1/40
interface Ethernet1/41
interface Ethernet1/42
interface Ethernet1/43
interface Ethernet1/44
interface Ethernet1/45
interface Ethernet1/46
description === VPC PEER LINK ===
switchport
switchport mode trunk
switchport trunk allowed vlan 2-100
channel-group 2000 mode active
no shutdown
interface Ethernet1/47
description === VPC PEER LINK ===
switchport
switchport mode trunk
switchport trunk allowed vlan 2-100
channel-group 2000 mode active
no shutdown
interface Ethernet1/48
description === VPC PEER KEEPALIVE ===
switchport
switchport access vlan 1000
no shutdown
interface Ethernet1/49
interface Ethernet1/50
interface Ethernet1/51
interface Ethernet1/52
interface Ethernet1/53
interface Ethernet1/54
interface mgmt0
vrf member management
line console
line vty
boot nxos bootflash:/nxos.9.2.3.bin
Конфигурация SW-N9K-2 #
SW-N9K-2# sh run
!Command: show running-config
!Running configuration last done at: Mon Apr 7 20:56:59 2025
!Time: Mon Apr 7 20:57:30 2025
version 9.2(3) Bios:version 07.68
hostname SW-N9K-2
vdc SW-N9K-2 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource u4route-mem minimum 248 maximum 248
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
cfs eth distribute
feature interface-vlan
feature lacp
feature vpc
feature lldp
clock timezone EST 3 3
username admin password 5 $5$V7Ely7pc$Nu4
5 role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 0x59de6f5
priv 0x59de6f5 localizedkey
rmon event 1 description FATAL(1) owner PMON@FATAL
rmon event 2 description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 description ERROR(3) owner PMON@ERROR
rmon event 4 description WARNING(4) owner PMON@WARNING
rmon event 5 description INFORMATION(5) owner PMON@INFO
ip route 0.0.0.0/0 10.0.91.1
vlan 1-100,1000
vlan 2
name MGMT
vlan 1000
name keepalive
vrf context keepalive
vrf context management
vpc domain 1
role priority 10
peer-keepalive destination 20.20.20.9 source 20.20.20.10 vrf keepalive
interface Vlan1
interface Vlan2
description === MGMT ===
no shutdown
ip address 10.0.91.126/25
interface Vlan1000
description === VPC PEER KEEPALIVE ===
no shutdown
vrf member keepalive
ip address 20.20.20.10/30
interface port-channel2000
description === VPC PEER LINKS ===
switchport
switchport mode trunk
switchport trunk allowed vlan 2-100
spanning-tree port type network
vpc peer-link
interface Ethernet1/1
switchport
switchport access vlan 2
no shutdown
interface Ethernet1/2
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
interface Ethernet1/30
interface Ethernet1/31
interface Ethernet1/32
interface Ethernet1/33
interface Ethernet1/34
interface Ethernet1/35
interface Ethernet1/36
interface Ethernet1/37
interface Ethernet1/38
interface Ethernet1/39
interface Ethernet1/40
interface Ethernet1/41
interface Ethernet1/42
interface Ethernet1/43
interface Ethernet1/44
interface Ethernet1/45
interface Ethernet1/46
description === VPC PEER LINK ===
switchport
switchport mode trunk
switchport trunk allowed vlan 2-100
channel-group 2000 mode active
no shutdown
interface Ethernet1/47
description === VPC PEER LINK ===
switchport
switchport mode trunk
switchport trunk allowed vlan 2-100
channel-group 2000 mode active
no shutdown
interface Ethernet1/48
description === VPC PEER KEEPALIVE ===
switchport
switchport access vlan 1000
no shutdown
interface Ethernet1/49
interface Ethernet1/50
interface Ethernet1/51
interface Ethernet1/52
interface Ethernet1/53
interface Ethernet1/54
interface mgmt0
vrf member management
line console
line vty
boot nxos bootflash:/nxos.9.2.3.bin
Проверяем SW-N9K-1 #
SW-N9K-1# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is on.(timeout = 30s, 22s left)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po2000 up 2-100
SW-N9K-1# sh vpc peer-keepalive
vPC keep-alive status : peer is alive
--Peer is alive for : (32) seconds, (719) msec
--Send status : Success
--Last send at : 2025.04.07 21:02:36 706 ms
--Sent on interface : Vlan1000
--Receive status : Success
--Last receive at : 2025.04.07 21:02:36 914 ms
--Received on interface : Vlan1000
--Last update from peer : (0) seconds, (697) msec
vPC Keep-alive parameters
--Destination : 20.20.20.10
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : keepalive
--Keepalive udp port : 3200
--Keepalive tos : 192
SW-N9K-1# sh port-channel sum
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
b - BFD Session Wait
S - Switched R - Routed
U - Up (port-channel)
p - Up in delay-lacp mode (member)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
2000 Po2000(SU) Eth LACP Eth1/46(P) Eth1/47(P)
Проверяем SW-N9K-2 #
SW-N9K-2# sh vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po2000 up 2-100
SW-N9K-2# sh vpc peer-keepalive
vPC keep-alive status : peer is alive
--Peer is alive for : (289) seconds, (982) msec
--Send status : Success
--Last send at : 2025.04.07 21:05:34 217 ms
--Sent on interface : Vlan1000
--Receive status : Success
--Last receive at : 2025.04.07 21:05:34 141 ms
--Received on interface : Vlan1000
--Last update from peer : (0) seconds, (660) msec
vPC Keep-alive parameters
--Destination : 20.20.20.9
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : keepalive
--Keepalive udp port : 3200
--Keepalive tos : 192
SW-N9K-2# sh port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
b - BFD Session Wait
S - Switched R - Routed
U - Up (port-channel)
p - Up in delay-lacp mode (member)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
2000 Po2000(SU) Eth LACP Eth1/46(P) Eth1/47(P)
Сохраняемся #
SW-N9K-1# copy running-config startup-config
[########################################] 100%
Copy complete, now saving to disk (please wait)...
Copy complete.
SW-N9K-2# copy running-config startup-config
[########################################] 100%
Copy complete, now saving to disk (please wait)...
Copy complete.
Подключение сервера VMware-ESXi к портам Eth1/45 стэка через LAG Static #
SW-N9K-1
interface Ethernet1/45
description === VMware-ESXi NIC0 ===
channel-group 45
no shut
interface port-channel45
description === VMware-ESXi ===
switchport mode trunk
switchport trunk allowed vlan 2-100
vpc 45
SW-N9K-2
interface Ethernet1/45
description === VMware-ESXi NIC1 ===
channel-group 45
no shut
interface port-channel45
description === VMware-ESXi ===
switchport mode trunk
switchport trunk allowed vlan 2-100
vpc 45
Подключение одного доп. свитча Cisco-3750G к портам Eth1/44 стэка через LAG LACP #
SW-N9K-1
interface Ethernet1/44
description === Cisco-3750G Eth1/47 ===
channel-group 44 mode active
no shut
interface port-channel44
description === Cisco-3750G ===
switchport mode trunk
switchport trunk allowed vlan 2
vpc 44
SW-N9K-2
interface Ethernet1/44
description === Cisco-3750G Eth1/48 ===
channel-group 44 mode active
no shut
interface port-channel44
description === Cisco-3750G ===
switchport mode trunk
switchport trunk allowed vlan 2
vpc 44
Настройка LAG LACP на свитче Cisco-3750G через порты Eth1/47 и Eth/48 #
vlan 2
name MGMT
interface Vlan2
description === MGMT ===
no shutdown
ip address 10.0.63.122/24
ip route 0.0.0.0/0 10.0.53.1
interface ethernet1/1-46
switchport access vlan 2
shut
interface Ethernet1/47
description === SW-N9K-1 ===
channel-group 1 mode active
no shut
interface Ethernet1/48
description === SW-N9K-2 ===
channel-group 1 mode active
no shut
interface port-channel1
description === SW-N9K-1/2 ===
switchport mode trunk
switchport trunk allowed vlan 2