vPC+ at the Edge
A Virtual PortChannel (vPC) allows links that are physically connected to two different Cisco Nexus switches to appear as a single portchannel to the connected device (host or a Classic Ethernet (CE) switch). In FabricPath network, a host or CE switch can be connected to two FabricPath switches through a portchannel. A concept called¬†“Emulated Switch”¬†is implemented between FabricPath switches which provide vPC to a third device. This is called¬†vPC+.
Emulated switch is a construct in which two FabricPath switches emulate a single switch to the rest of the FabricPath network. The FabricPath switches are configured with a unique¬†emulated switch-id. The packets are sourced with the emulated switch-id. Other FabricPath switches only see the Emulated switch.
Review of vPC+ terminology
Although vPC and vPC+ terminology is same, here’s a quick review.
- vPC+ peer device:¬†A FabricPath switch participating in vPC+ peering.
- vPC+ peer link:¬†The link between vPC+ peer devices to synchronize states, exchange MAC address information and used by Orphan ports for direct communication.
- vPC+ domain:¬†This domain is formed by two vPC+ peer devices.
- vPC+ peer-keepalive link:¬†A Layer 3 link between vPC+ peer devices used to ensure that both devices are up. The peer-keepalive link sends periodic keepalive messages between the peer devices on an out-of-band path.¬†It is recommended that these Layer 3 interfaces be in a separate VRF.
- vPC+ member port:¬†An interface that belongs to the VPC+.
Consider figure 1 for this article where the¬†spine¬†devices are S1 and S2 (preferably Cisco Nexus 7000 switches), and the¬†edge/leaf¬†devices are S3, S4 and S5 (preferably Cisco Nexus 5500 switches).
It is recommended that the vPC+ be implemented at the spine devices, however, this articles focuses on vPC+ at the edge devices.¬†
One of the biggest advantages of FabricPath is that it is “almost” plug-and-play – there is only a small configuration required. The VLANs that are supposed to travel the FabricPath network must be configured in FabricPath mode as follows-
The interfaces connecting to other FabricPath switches must be defined as type fabricpath as follows-
interface ethernet 1/1
¬†switchport mode fabricpath
The vPC+ related configuration is-
vpc domain 1
¬† ¬†¬†fabricpath switch-id 34
¬† ¬† peer-keepalive destination 10.0.0.2 source 10.0.0.1 vrf mgmt
¬† ¬† system-priority 1000
¬† ¬† role priority 1000
interface port-channel 100
¬† ¬†¬†switchport mode fabricpath
¬† ¬† vpc 10
¬† ¬† vpc peer-link
¬† ¬† no shutdown
The command¬†“fabricpath switch-id 34”¬†is used to configure the emulated switch S34. Also note that the vPC peer-link is configured with¬†type fabricpath.
Assuming the FabricPath network has fully converged, i.e. the control-plane routing information already exists and data-plane MAC address learning of Host A and Host B has already occurred, the forwarding of unicast frames from Host A to Host B would follow the path as shown in figure 2 (data-plane forwarding).¬†
- Host A sends Classical Ethernet (CE) frame with source MAC address MAC A, destination MAC address MAC B. The ingress FabricPath switch S3 (active) receives the frame in a VLAN set to FabricPath mode on the edge ports and performs a lookup on MAC B.
- The MAC lookup indicates that the frame should be forwarded to FabricPath switch S5. The FabricPath switch S3 encapsulates the frame in a Cisco FabricPath Header with source switch-id S34 (emulated switch) and destination switch S5. Switch S3 has a least cost to destination switch S5 via switch S2. It selects that path and forwards the frame towards switch S2.¬†
- Switch S2 simply forwards the frame to switch S5 based on its routing table.
- When switch S5 receives the frame, it removes the FabricPath header and forwards the frame as a Classical Ethernet frame on the edge port to Host B.
When the peer-link fails, vPC+ operates similarly to vPC –
- The secondary (standby) switch brings down all its vPC links, while the primary (active) switch takes no action.
- The secondary switch stops advertising any reachability information related to Emulated switch S34 so that other FabricPath switches do not send any traffic to it.
Any hosts connected to FabricPath switches S3 and S4 via Orphan ports who were using peer-link can still communicate via the spine switches.
Integrating with FEX
It is also possible to implement vPC+ with FEX by connecting Cisco Nexus 2000 series Fabric Extender to Nexus 5500 switches.
Figure 5 shows the logical representation of integrating FEX to FabricPath edge switches. FEX is managed by the uplink switches.¬†FEX ports will appear in both uplink switches, S3 and S4. This diagram is inspired byBrad Hedlund’s blog¬†(highly recommended).
- Cisco FabricPath is only implemented on F1-series modules.
- It is recommended that the switch-ids be configured manually.
- By default, VLANs are configured with type Classical Ethernet. “mode fabricpath” is required to define VLANs with type FabricPath.
- The vPC peer-link must be configured with mode fabricpath.