Nexus vPC | How vPC works

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
you of all the videos I have made VPC configuration is by far the most popular but I never really explained how BBC works so now it's time to go back and have a look below the surface of EPC before we go on please subscribe to be notified of any new videos or follow me on Twitter a V PC is a special type of ether channel or lag it connects a device to two switches not just one this is why it's part of the multi shafting either channel family vbc is a cisco technology found in the nexus platform it's a bit like VSS which is also a cisco technology but for the catalyst platform other vendors have similar technologies as well there is no special requirement on the device and as long as they support LACP they'll be fine the dual active links help with increasing bandwidth and decreasing the need for spanning tree when connecting switches with spanning tree some links will be active while others will be disabled VBC is an effective way to work around this bbc's provide redundancy and you'll active paths as there are two or more paths to two switches there is no single point of failure even if one switch fails traffic will still flow Keitha channel CPC is a layer 2 technology frames may be sent over any link frames are not duplicated over links to both switches as we'll see a bit later this would be really bad let's start with a you basics BBC uses to Nexis switches called piers the two piers in there related components are collectively called a VPC demean each domain has a unique value called the domain ID each switch can only be in a single domain one of the switches will be primary and the other will be the secondary both switches forward traffic the primary switch handles the majority of control plane traffic CPC uses two special links to connect the two switches these are the pair link and the keepalive link the pier switches use the layer-3 keepalive link for sending and receiving heartbeats this is how one Pierre can see if the other Pierre is still alive some failures could cause a situation where both switches are up but they cannot see each other both will think they are the primary switch causing a split brain scenario to prevent this the keepalive link is isolated in a separate vrf this gives each switch a unique way of seeing if the Pierre is up a good option for a small network is to connect the management interfaces of the two switches in a larger environment the mange of an interface may connect to the out-of-band management network another alternative is not to use the management interface at all but use normal interfaces in a dedicated vrf the P link is critical it's a high-speed link used for forwarding traffic and sharing state updates it forms a sort of backplane between the two peers the P link forwards broadcast and multicast traffic under some conditions such as a link failure it will also carry regular unicast traffic as well MAC addresses that the switches have learned are synchronized by sharing this information they can recover faster during a switch failure in any switch with VPC there are two types of host ports these are member ports and orphan ports a member port is any port that is configured with VPC such as ports connected to a server any VLANs allowed on the member ports must also be allowed on the P link an orphan port is any port that has no V PC configuration this is common for individual ports connected to routers any VLANs on these ports do not need to be on the P link vbc will check each member port for inconsistencies if it finds a problem it calls them a type 1 or type 2 inconsistency error if a type 1 error is found the primary switch will keep the ports up and the secondary switch will disable its port this allows the traffic to continue to flow without causing errors this type of error is common if some of the config doesn't match on both switches on type 2 error is less severe both switches will keep their ports up and will generate syslog messages VPC is still very much like active ether channel connected devices still use LACP to negotiate the lag yet with VPC there's a catch in a normal lag each LACP device has a system ID the system ID is used to make sure that there is only one device at each end of the lag this is a problem CPC which uses two switches on the end of the lag not just one Nexus which work around this they use the domain ID which we configure to generate the system Mac they then use the system Mac to generate the system ID when generating the system ID LACP also uses the system priority this means that the system priority also needs to be the same on both switches with the same system ID they now appear as a single switch to any connected device the domain ID brings up an interesting point what happens if you have several pairs of V PC switches in the network to prevent problems from bad cabling each pair should have a different domain ID which results in a different system ID you duplicate frames are a very bad thing imagine a scenario where server one is sending traffic to server to server ones and frames to switch one what would happen if switch one forded the frames to switch two over the P link both the switches would attempt to deliver the traffic this can be annoying for some kinds of traffic but could cause serious problems father's the good news is that V PC won't allow us to happen you see V BC lives by a personal code they go something like this if a frame is received on the P link and the frame needs to be delivered to a member port the frame will be dropped let's think about the earlier scenario server1 send the frame which one gets the frame and forwards it to serve to and over the P link to switch to switch to gets the frame and realizes that it needs to go to a member port switch to recognises that switch one will already have delivered the frame and will drop it what if the traffic needs to be send out an orphan port the duplicate frame prevention rule does not apply here and switch to will not drop the traffic you VPC is very useful for limiting the negative effects of spanning-tree but that doesn't mean you should disable spanning tree entirely think for a moment about what would happen if other switches are connected to the VPC domain if spanning tree were disabled a loop could form as you can see spanning trees critical vbc switches can still run spanning tree as you would expect the VPC pair still appear as a single switch by default only the primary switch will send and process BPD use you can optimize this with the peer switch command which allows both switches to take part in spanning tree even when they're both processing VP to use the V PC pair will still appear as a single switch this is because they use the same bridge ID and generally would use the same bridge priori VPC is resilient but it is not invincible member ports can go down the P link or people life can go down or an entire switch could fail it's time to take a look at what will happen during a failure let's start with failing member ports this one's quite simple if a member port fails the second switch continues passing traffic and of course you'll get some messages in your syslog what if an entire switch fails this is also a pretty simple scenario the ultimate switch continues to forward traffic unless of course you have orphan ports orphan ports are only connected to a single switch anyway so these devices will now be isolated if the fails which was the primary the secondary will take over the primary role what will happen when the switch has been restored will the fail switch become primary again I'll give you a few seconds to think about this so what do you think vbc switches are not pre-emptive this means that the restored switch will be the secondary and the other will remain as the primary this happens because there is a risk of traffic loss when the switch transitions to the primary role now for some or tricky failures the peeling is the most critical component of the vbc system when the peeling fails both switches are still able to see that the partner is up thanks to the keepalive link this creates two problems duplicate frames and loops to handle this the secondary switch shots down as member ports the primary switch continues to forward traffic as normal orphan ports also stay up let's make this a little more interesting what happens if the primary switch fails now this is a pretty unlucky scenario to be in the secondary switch notice of the failure when it misses heartbeats on the keeper live link the secondary does duty and takes over the primary role its member ports are enabled and traffic flows again if the keepalive link fails there will be no heartbeats pretty bad right well no as long as bad as it sounds the peer link is still up so the peers are still happy let's look at another a scenario where both the keeper life and pealing fail the first possibility is where the P link fails first and then the keeper life fails this isn't too bad the secondary has already disabled its member points so when the Kiba life fails there's no operational impact as only the primary is forwarding traffic anyway let's imagine that you're having a really bad day first the keepalive fails not too bad so far then the peer link fails each switch thinks that the other switch has failed the secondary switch does its duty and takes on the primary role both switches are now trying to forward traffic this is called a split brain scenario this is where you as the administrator need to intervene while this is rare it highlights the need to design the solution well for example use redundant physical links for the P link and that's the high-level explanation of how V PC works you can get more detail in the full article on the network direction site I'm also considering a short video on dynamic routing with V PC if this is something you'd like to see let me know in the comments below don't forget to subscribe and thanks for watching
Info
Channel: Network Direction
Views: 129,708
Rating: 4.9603133 out of 5
Keywords: virtual port channel, cisco nexus vpc configuration, cisco nexus vpc, how vpc works, cisco vpc explained, vpc domain, vpc explained, nexus vpc explained, vpc nexus, how does vpc work, vpc cisco nexus, nexus vpc, vpc cisco, nexus vpc tutorial, vpc in nexus, cisco vpc, how vpc works in nexus, cisco vpc configuration, what is vpc in nexus, vpc configuration, keep alive link, nexus vpc configuration, cisco nexus basics, virtual port channel (vpc), cisco nexus, amazon
Id: EaJsb2PNBqg
Channel Id: undefined
Length: 14min 1sec (841 seconds)
Published: Sun Aug 06 2017
Related Videos
Nexus vPC | Configuration on Real Cisco Nexus Switches
Network Direction
83K
Data Center:Network:Cisco:Nexus:Advanced Virtual Port Channel (VPC) Designs
IT-TALK IT-TALK
7.9K
CCIE Data Center Video Training :: VPC
IPexpertInc
28K
DO NOT design your network like this!! // FREE CCNA // EP 6
NetworkChuck
1.2M
One of the Greatest Speeches Ever | Steve Jobs
Motivation Ark
10M
BGP Introduction - Video By Sikandar Shaik || Dual CCIE (RS/SP) # 35012
Sikandar Shaik
303K
AWS VPC | Create New VPC with Subnets, Route Tables, Security Groups, NACL | AWS Beginners Tutorial
LearnITGuide Tutorials
105K
How Hidden Technology Transformed Bowling
Veritasium
5.3M
What is a SWITCH? // FREE CCNA // Day 1
NetworkChuck
526K
Amazon Virtual Private Cloud (VPC) | AWS Tutorial For Beginners | AWS Training Video | Simplilearn
Simplilearn
352K
How VRFs Work (VRF Lite) | VRFs Part 1
Network Direction
119K
Data Center:Network:Cisco:Nexus: Overlay Transport Virtualization (OTV)
IT-TALK IT-TALK
8K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.