Introduction to nexux from zero to Hero

Introduction
• Nexus switches in the datacenter offers
• Nexus Family in 8 category
High Availability
Infrastructure
Scalability
Operational
Continuity
High Performance
Nexus 9000
ACI
Nexus 4000Nexus 5000Nexus 6000Nexus 7000
Nexus 3000
Nexus 2000
Nexus 1000

Nexus Switches 7000/7700
Main components:
• Chassis – It is the hardware chassis which compromises Fan modules, Sub Engines, Power Supplies.
• I/O modules – Line Cards (M & F Series) for Data plane.
• Supervisor Engines- Brain of the switch which consist of management (SSH & SNMP) and control plane
(routing table(L3)/MAC Address Table, LACP, Spanning Tree(L2)). Every chassis has redundancy
available for supervisor i.e. two modules are reserved for supervisor, except nexus 7702. It has ethereal
(packet capture tool for CPU) & Protocol decoding tool. MGMT port belongs to SUP.
• Fabric Modules – High bandwidth interconnect between I/O module
Note:
Although this series is module based & supports 1, 10, 40 & 100 Gbps port density, but the hardware (like
interfaces) of 7000 chassis cannot be interchanged with 7700.
Nexus 7004 has 4 modules (2 – supervisor & 2 for data plane) & Nexus 7010 has 10 modules.

• You need to make sure you select the right device as per your requirement by evaluating below
components:
• Chassis Hardware
• Line Card
• Supervisor Module
• Fabric Module
• NX-OS version
• Feature and License

Description Nexus 7000 Nexus 7700
Models 7004, 7009, 7010, 7018 7702, 7706, 7710, 7718
Supervisor Redundancy Yes Yes except 7702
Supervisor Modules types Sup1, Sup2 & Sup 2E Sup 2E, Sup 3E
Total Slots 4, 9, 10, 18 2, 6, 10, 18
I/O Modules 2, 7, 8, 16 1, 4, 8, 16
Max Bandwidth Per Slot 550 Gbps 2.8 Tbps
Max Switching Capacity 17.6 Tbps (Nexus 7018) 90 Tbps (Nexus 7718)
Supported M Series Line
Cards
M1, M2, M3
N7K-M148GS-11L
N7K-M224XP-23L
M3 Only
Supported F Series Line
Cards
F1, F2, F2e & F3 F2e, F3 & F4
Fabric Modules Fab1 & Fab2 Fab2 & Fab3
Max Fabric Modules
Supported
5 6
Data Plane Only

M & F Line Cards ??
M series were initially was introduced
to offer new features and were capable
of providing Layer 2 and Layer 3
function.
F Series were introduced for Layer 2
functionality only.
M1: Layer 2 basic + Layer 3
M2: Layer 2 basic + Layer 3
F1: L2 Only
F2: L2 + basic Layer 3
F2E: same as F2 (more capable)
F3: Layer 2+ Layer 3 (Basic + Advance)

Comparison 7000 Chassis
Features Nexus 7004 Nexus 7009 Nexus 7010 Nexus 7018
Sup Redundancy Yes Yes Yes Yes
I/O Modules 2 7 8 16
Bandwidth Per slot 1.3 Tbps 2.8 Tbps 2.8 Tbps 1.3 Tbps
Switching Capacity 5 Tbps 23 Tbps 45 Tbps 90 Tbps
Number of 1 GE
Ports
48 192 384 768
Number of 10 GE
Ports
48 192 384 768
Number of 40 GE
Ports
60 120 240 480
Number of 100 GE
Ports
60 120 240 480
Rack Units (1 RU =
1.75 inch)
3 9 14 26
AirFlow Front -Back

Comparison 7700 Chassis
Features Nexus 7702 Nexus 7706 Nexus 7710 Nexus 7718
Sup Redundancy No Yes Yes Yes
I/O Modules 1 4 8 16
Bandwidth Per slot 1.3 2.8 2.8 1.3
Switching Capacity 5 23 45 90
Number of 1 GE
Ports
48 192 384 768
Number of 10 GE
Ports
48 192 384 768
Number of 40 GE
Ports
60 120 240 480
Number of 100 GE
Ports
60 120 240 480
Rack Units (1 RU =
1.75 inch)
3 9 14 26
AirFlow Front -Back Front -Back Front -Back Front -Back

Interfaces on a Nexus
switch are always displayed
as Ethernet Interfaces
&there isn’t slot number
zero..
We need a license to enable
features over the Nexus
switch, unlike catalyst
switches.
We need to create User
accounts, User Roles & their
Credentials to manage
Nexus.
NXOS is not a single OS
image but consists of 3 sub
images.
We don’t use ‘wr’ or write
memory to save the
configuration on the NXOS,
instead we use “copy run
start”.
We don’t use macors, like in
catalyst switches, in nexus.
Instead we use Port
Profiling.
Nexus support VDC.
Nexus support FEX-Fabric
Extender.
Nexus support vPC.
Virtualization

Interfaces
• All interfaces from the CLI is denoted as Ethernet interfaces. Even if the interfaces are 10G
interfaces, the interfaces still will show as Ethernet interfaces.
• Interfaces doesn’t start from 0 i.e. no eth 0/1. it always start from ‘1 or 2’ eth 1/1, eth 1/2 and so
on, as shown below.

Licenses
• Unlike catalyst IOS switches, within NXOS we need to install license.
• To view licenses : Show license | show license brief
• View flash drive for license, as shown below.
• SSH ver 2 is enabled by default on the management interface, but TELNET isn’t enabled. If
required you need to enable it.

Introduction to nexux from zero to Hero

User Accounts
• Network-Admin—Complete read-and-write access to the entire NX-OS device (only available in
the default VDC).
• Network-Operator—Complete read access to the entire NX-OS device (Default User Role).
• VDC-Admin—Read-and-write access limited to a VDC (VDCs are not yet available on Nexus 5000).
• VDC-Operator—Read access limited to a VDC (Default User Role).
Note: Usernames are case sensitive. DHRUV & dhruv are considered two user accounts.
Note: Unlike IOS, all passwords are encrypted.

NX-OS
NXOS compromises of below sub OS components:
• Kick Start Image: OS which consists to drive - kernel and drivers.
• System Image: Operating System Image.
• EPLD: Used for upgrading input / output module like interfaces. Cisco provides electronic
programmable logic device (EPLD) image upgrades to enhance hardware functionality or to
resolve known issues. EPLD image upgrades for a line card disrupt the traffic going through the
module because the module must power down briefly during the upgrade. The system performs
EPLD upgrades on one module at a time, so at any one time the upgrade disrupts only the traffic
going through one module.
Note: Using “Show version” you can view the details. When the switch boots, BIOS launches the
kickstart image, which then launches the system image.
Kick Start Image System Image
EPLD

Spanning Tree
• Nexus doesn’t have STP, but it uses below two protocols.
• Rapid PVST+ (Per VLAN Spanning Tree): Each VLAN is mapped to a single spanning tree
instance. When you have 20 VLANs, it means there are 20 instances of spanning tree. If we
are running PVST or Rapid PVST this means that we have 199 different calculations for each
VLAN. This requires a lot of CPU power and memory.
• MST (Multiple Spanning Tree): Instead of calculating a spanning tree for each VLAN we can
use instances and map VLANS to each instance. MST works with the concept of regions.
Switches that are configured to use MST need to find out if their neighbors are running MST.
For the network above I could do something like this:
• Instance 1: VLAN 100 – 200
• Instance 2: VLAN 201 – 300

Spanning Tree
• View details

Spanning Tree
• Spanning tree vlan 3 root primary

Port Profiling
• Port Profiles is a feature of Nexus switches, which allow a template of configuration to apply to a
group of ports. This is similar to interface macros in Catalyst IOS. Unlike Catalyst IOS macros, NX-
OS port-profiles are event driven, meaning IOS macros apply only once during initial
configuration, but Port profiles immediately re-apply any time a change is made to the profile.
Create the profile:
N7K-01(config)# port-profile type ethernet OurPortProfiles
Apply configuration to profile:
N7K-01(config-port-prof)# no shutdown
N7K-01(config-port-prof)# switchport mode access
N7K-01(config-port-prof)# switchport access vlan 10
N7K-01(config-port-prof)# spanning-tree port type edge
Ethernet: It is used when port-profile applied on the physical
interfaces.
Port Channel: used with port channel
Interface VLAN: When port-profile is applied on the SVI.

Port Profiling
Check Status
N7K-01# show port-profile
SHOW PORT_PROFILE
port-profile OurPortProfiles
type: Ethernet
description:
status: disabled
max-ports: 16384
inherit:
Enable the profile
By default, port-profiles are disabled. We can verify it using
“show port-profile” command.
N7K-01(config-port-prof)# state enabled
Check Status
N7K-01# show port-profile
SHOW PORT_PROFILE
port-profile OurPortProfiles
type: Ethernet
description:
status: enabled
max-ports: 16384
inherit:
Config demo: http://netterrene.blogspot.com/2014/09/nexus-port-profile.html

• VDC ( Virtual Device Context)

Introduction
• The Cisco Nexus 7000 Series inherits a number of virtualization technologies present in Cisco IOS
Software.
• From a Layer 2 perspective, virtual LANs (VLAN) virtualize bridge domains in the Nexus 7000
chassis.
• Virtualization support for Layer 3 is supported through the concept of virtual route
forwarding instances (VRF). A VRF can be used to virtualize the Layer 3 forwarding and
routing tables.
• The virtualization aspect of the Cisco NX-OS Software platform has been extended to support
the notion of virtual device contexts (VDCs). A VDC can be used to virtualize the device itself,
presenting the physical switch as multiple logical devices. Within that VDC it can contain its
own unique and independent set of VLANs and VRFs. Each VDC can have assigned to it
physical ports, thus allowing for the hardware data plane to be virtualized as well. Within
each VDC, a separate management domain can manage the VDC itself, thus allowing the
management plane itself to also be virtualized.

Introduction
• Number of VDC we can create on a nexus switch depends on the supervisor engine.
• Control Plane is distributed among CDV
• Data plane Interface distribution among VDC
Supervisor Engine Type Number of VDC Supported
SUP1 4 VDC (including default VDC -1)
SUP2 5 VDC (including default VDC -1)

Managing VDC
• You can switch into other VDC from the default VDC for management/configuration purposes.
• However you can configure separate management IP address to each virtual switches.
• However you can manage other VDC by first connecting to default VDC and later switch to other
VDC as shown.
• From custom VDC you cannot directly go to other custom VDC, but first you need to go back to
default (switchback) and later switch to custom.

Managing VDC
• Delete the VDC
• Create VDC
Note: For most modules ports in a nexus are part of a group and if you move one port into a
VDC, over nexus, rest of the ports will also move. This can lead to outage, as once ports are
moved from default VDC/ custom VDC to another VDC, all configuration will be lost. For more
information about the groups refer link - https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-
os/virtual_device_context/configuration/guide/b-7k-Cisco-Nexus-7000-Series-NX-OS-Virtual-Device-Context-Configuration-
Guide/managing-vdc.html
switch# configure terminal
switch(config)# vdc MyVDC
Note: Creating VDC, one moment please ...
switch(config-vdc)#
switch(config-vdc)# allocate interface ethernet 2/11
Moving ports will cause all config associated to them in source vdc to be removed.
Are you sure you want to move the ports? [yes] yes

Quick Information about VDC
• You can view or update license only from default VDC.
• You can upgrade your device only from default VDC.
• Shared services between VDC – Power supply, fan module, supervisor engine, fabric module,
SPAN
• You can save configuration of all VDC only from default vdc. From custom VDC, you can save
configurations of the same VDC you are connected.

HA in VDC
• This policy comes into action when a VDC on a nexus switch is corrupted and non operational.
• HA policy for VDC provides us below options:
• You can configure to bring down the VDC [ not desirable]
• You can configure to reload the supervisor [ not desirable]
• You can configure to restart the VDC itself and bring itself up. [ desirable]

Introduction
• N2K (nexus 2K)fabric extender ( FEX) acts as a remote line card of 7K or 5K chassis. It is actually
an interface of parent Nexus 7K switch, which is further extended.
• All management performed on Parent switch
• No console or VTY ports on FEX
• NX-OS automatically downloaded from Parent
• No Local Switching
• Traffic between local ports on FEX must flow “north” via uplink to Parent and the “south”
back down
• Can impact design decision of platform placement
• Spanning tree is disabled on downstream port facing towards FEX
• FEX Port configuration is equivalent to below (hidden)
• Switchport mode access
• Spanning-tree portfast
• Spanning-tree bpduguard enable

Introduction
Adapter FEX provides these benefits:
• Flexible and efficient deployment for non virtualized environments
• Scalability for traditional virtualized environments using virtual embedded bridges
• Highly optimized virtual machine connectivity for virtualized environments

Configuration Demo
• Nexus configuration summary
---------------------Nexus 7K----------------------------
N7K ( config)# install feature-set fex ( on default vdc )
N7K ( config)# feature-set fex
N7K ( config)# fex 101
N7K ( config-fex)# pinning max -link 2
N7K ( config)# interface eth1/4-5
N7K ( config-if-range)# channel-group 10
N7K ( config-if-range)# no shut
N7K ( config)# interface Po10
N7K ( config-if-range)# switchport mode fex
N7K ( config-if-range)# fex associate 101
--------------------Nexus 5K---------------------------
N5K ( config)# feature fex
N5K ( config)# fex 101
N5K ( config-fex)# pinning max -link 2
N5K ( config)# interface eth1/4-5
N5K ( config-if-range)# switchport mode fex
N5K ( config-if-range)# fex associate 101
N5K ( config-if-range)# no shut

Analysis
Run “show fex” to see the currently
attached FEX units:
1. N5K Port 1 and 2 to attach the FEX
for 2x10GbE links, we need to
create a port-channel.
2. Post configuration output

Configuration Demo
Interfaces added from FEX 2K

• vPC in Nexus
https://itnetworkingpros.files.wordpress.com/2014/04/vpc_best_practices_design_guide.pdf

Introduction
Question: Why vPC ?
Answer:
A Port-Channel is a technology that provides a way to aggregate (bond) multiple interfaces together. Traffic
is then load-balanced across each of the connections. Port-Channels provide 3 key benefits
1. Increase Bandwidth: Increase in bandwidth due to bundling multiple interfaces together. Traffic is then
load balanced across each of the links within the 'bundle'.
2. Avoid STP convergence Time: Port-Channels are seen as a single switch-port by Spanning-Tree protocols.
3. Redundancy: Should one of the interfaces fail traffic is sent over the remaining links.
 It was introduced in NXOS 4.1(4) & available on Nexus 3K, 5K and 7K.
 Only Layer 2 links can be used with VPC &Dynamic Routing protocols won’t work over these links.
 It is a layer 2 port channel. There is no concept like Layer 3 VPC
 Port channel has two protocols- LACP and PaGP.

Introduction
Question: Why vPC ?
Answer:
• If we connect the switch, as shown above, using STP, one port of each port is configured in
forward state, and other two in blocking state.
• Using VPC all links will remain active and switches will offer higher bandwidth.

Introduction
Question: Why vPC ?
Answer: Device Level Redundancy, Increased BW and STP convergence will stop. This magic is
created by vPC Peer Link (discussed later).

Introduction
Double sided vPC Single sided vPC

Introduction
• vPC uses a unique type of MAC address called vPC system MAC address. When the switch isn’t
part of a vPC it use switch’s normal MAC address.
• vPC system MAC = 00:23:04:ee:be:<vpc domain-id in hexa decimal>
• vPC MAC address is identical on both peer switches, which make vPC system represents itself as a
unique logical device.

Introduction
vPC Roles:
• There are two vPC roles: primary and secondary. Primary vPC is the sole responsible to work.
• This role defines, which out of two vPC device process BPDUs and respond to ARP request.
• Use role priority (lowest prefered) <value: 1-65535> command to force a vPC role to primary for a
dedicated peer device. After priority lowest MAC address will be dedicated the primary peer
device.

vPC Configuration
• Building Blocks for VPC
• Step 1: vPC Domain configuration: This is the common domain configured across two vPC
peer devices and this value identifies the vPC.
• Step 2: vPC Keep Alive(layer 3 IP/UDP packets on port 3200): The peer keepalive link monitors
the vitality of a vPC peer switch periodically. The vPC peer keepalive link can be a
management interface or switched virtual interface (SVI). Using keep-alive peer devices
inform the heath of vPC link and thus avoid split brain situation. However, if peer link itself
goes down, no impact to vPC.
• Step 3: vPC Peer Link(layer2-10G): This link is used to synchronize the state between vPC peer
devices via vPC control packets which creates the illusion of a single control plane. In addition
the vPC peer-link is used to synchronize control plane of two switches. Please ensure that the
port type is identical on both switches. CFS (cisco Fabric Services) protocol work in the
background.
• Step 4: Member Port Assignment: vPC member ports are interfaces that belong to the vPCs.

vPC Configuration single side vPC
• Topology

vPC Configuration
• Step 1: Enable Feature & Setup Domain
• Step 2: Setup Keep alive
switchA(config)# feature vpc
switchB(config)# feature vpc
switchA(config)# vpc domain 1
switchB(config)# vpc domain 1
switchA(config)# vlan 19
switchA(config)# int vlan 19
switchA(config)# ip address 1.1.1.1/24
switchA(config)# int e1/19
switchA(config-if)# switchport mode access
switchA(config-if)# switchport access vlan 19
switchA(config-vpc-domain)# peer-keepalive
destination 1.1.1.2 source 1.1.1.1 vrf default
switchB(config)# vlan 19
switchA(config)# int vlan 19
switchA(config)# ip address 1.1.1.2/24
switchB(config)# int e1/19
switchB(config-if)# switchport mode access
switchB(config-if)# switchport access vlan 19
switchA(config-vpc-domain)# peer-keepalive
destination 1.1.1.1 source 1.1.1.2 vrf default

vPC Configuration
• Step 3: Setup Peer Link
switchA# configure terminal
switchA(config)# feature lacp
switchA(config)# interface port-channel 1
switchA(config-if)# switchport mode trunk
switchA(config-if)# switchport allowed vlan all
switchA(config-if)# vpc peer-link
switchA (config)# interface ethernet 1/20
switchA(config-if)# channel-group 1 mode active
switchB# configure terminal
switchB(config)# feature lacp
switchB(config)# interface port-channel 1
switchB(config-if)# switchport mode trunk
switchB(config-if)# switchport allowed vlan all
switchB(config-if)# vpc peer-link
switchB (config)# interface ethernet 1/20
switchB(config-if)# channel-group 1 mode active

vPC Configuration
• Step 4: Member port assignment
Switch A(config)# interface port-channel 10
switchA(config-if)# vpc 10 (prefer to give vPC ID same as port channel)
switchB(config)# int port-channel 10
switchB(config-if)# vpc 10
switchC (config)# interface ethernet 1/1
switchC(config-if)# channel-group 10 mode active
switchC (config)# interface port-channel 10
switchC(config-if)# switchport mode trunk

vPC Configuration double side vPC
• Topology

VPC Configuration
• Step 3: Setup Peer Link
switchA# configure terminal
switchA(config)# feature lacp
switchA(config)# interface port-channel 1
switchA(config-if)# vpc peer-link
switchB# configure terminal
switchB(config)# feature lacp
switchB(config-if)# vpc peer-link

vPC Configuration
• Step 4: Member port assignment
switchA(config-if)# vpc 2
switchA(config)# vpc 3
switchB (config)# interface Ethernet 1/15
switchB (config)# interface po3

vPC Verification
• Show vpc || show vpc peer-keepalive

vPC Verification
• Show port-channel summary
• For more commands refer below link:
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/c
li/CLIConfigurationGuide/EtherChannel.html

Questions & Answers
Q) While managing the VDC, it is difficult to identify which is default/admin and which is custom ?
Answer: We highly recommend to run below command from Admin or Default VDC. This will help
us to identify if we are in default or custom VDC, as it will prefix the name of default VDC, as you
move into custom VDC.
====================
vdc combined-hostname
====================
SW1-4# SW1-1-SW1-4#

Questions & Answers
Q) If nexus 2K is disconnected or fex link is broken, will nexus 2k will retain the configuration ?
Answer: Yes, the configuration will be retained as configuration is performed over nexus 5K, not
over nexus 2K.

Questions & Answers
Q) Any DR functionality with FEX 2K ? What if the cable between nexus 7K and nexus 2K is
disconnected ?
Answer: Use the fex pinning redistribute command or configure port channel.

Questions & Answers
Q) Any recommendations for settings Keep Alive for vPC ?
Answer: Yes, we do not recommend to setup keep alives over mgmt port for intra VDC
communication, which is hosted over Supervisor engine. Keep alive work on active supervisor
engine only.
VDC 1 VDC 2
VDC 3 VDC 4
SUP1
MGMT 192.168.10.1/24
192.168.10.2/24 192.168.10.3/24
192.168.10.5/24192.168.10.4/24

Questions & Answers
Q) Any recommendations for settings Keep Alive for vPC ?
Answer: In below deployment, where we are setting up vPC between two separate switches. We
highly recommend to use a Layer 2 switch to connect keep alive cable, rather than connecting
them directly. As if one SUP1 engine fails on one switch, other SUP1 engine has no way to connect
it to other SUP 2.

Questions & Answers
Q) Any recommendations for setting up vPC ?
Answer: Yes, vPC is basically recommended between two chassis i.e. Inter chassis not intra chassis
as shown below.

Questions & Answers
What are Orphan devices with respect to vPC ?
Answer: This is a device that is on a VPC VLAN but only connected to one VPC peer and not to both.
This is a device that is on a VPC VLAN but only connected to one VPC peer and not to both.

Questions & Answers
What is Orphan port with respect to vPC ?
Answer: An orphan port is an interface that connects to an orphan device vPC VLAN.

Questions & Answers
Question: What happen if vPC Peer Link goes down ?
Answer: vPC Peer-Links on the Secondary Nexus fail the status of the peer vPC is examined using
the Peer Keepalive Link. At this point traffic continues flowing through the Primary vPC without
any disruptions. In the unfortunate event there is an orphan device connected to the secondary
peer, then its traffic will be black-holed.
http://www.firewall.cx/cisco-technical-knowledgebase/cisco-data-center/1208-nexus-vpc-configuration-design-operation-
troubleshooting.html#vpc_failure_scenario_vpc_peer_link_failure

Questions & Answers
What is CFS (Cisco Fabric Services) protocol ?
Answer: This protocol provides reliable synchronization and consistency check mechanism between the 2
peer devices and run on top of vPC peer-link. It perform following functions:
1. Configuration validation and comparison (consistency check)
2. Synchronization of MAC address for vPC member ports
3. vPC member port status advertisement
4. Spanning Tree protocol management
5. Synchronization of HSRP and ICMP snooping
Note: CFS is enabled by default when vPC is turned ON
Note: CFS message is encapsulated in standard Ethernet frames that are delivered between peers on
peer link. CFS messages are tagged with CoS=4 for reliable communication.

Questions & Answers
Consistency checks:
There are two types of consistency checks:
● Type 1 - Puts peer device or interface into a suspended state to prevent invalid packet forwarding
behavior. With vPC Graceful Consistency check, suspension occurs only on the secondary peer
device.
● Type 2 - Peer device or Interface still forward traffic. However they are subject to undesired
packet forwarding behavior.

Questions & Answers
• Type 2 consistency parameters

Commands
• Setup trunk
• Check status

Commands
Roll back changes:
• Once we perform the changes over Nexus, we can easily roll them back
• Command to revert is very simple. Use “rollback running-config checkpoint file_name”
• Use “show difference rollback-patch checkpoint cp1 running-config” to get the difference.
• Syntax : “show difference rollback-patch checkpoint <checkpoint> <source to compare with>”
SW#checkpoint CP1
SW(config)# int po32
SW(config-if)#ip address 2.2.2.2/24
SW# rollback running-config checkpoint CP1

Commands
• TCP Dumps in Control Plane
Since we are dealing with the control plane, we cannot place a capture on an interface, but on a CPU,
so we need to follow below command.
SW # ethanalyzer local interface inband limit-captured-frames 30
SW # ethanalyzer local interface inband capture-filter “host 10.1.1.1” limit-captured-frames 11
SW # ethanalyzer local interface inband capture-filter “net 10.1.1.0/24” limit-captured-frames 11
SW # ethanalyzer local interface inband capture-filter “src 10.1.1.1” limit-captured-frames 11
SW # ethanalyzer local interface inband capture-filter “dst 10.1.1.1” limit-captured-frames 11
SW # ethanalyzer local interface inband capture-filter “port 1985” limit-captured-frames 11
SW # ethanalyzer local interface inband capture-filter “portrange 1985-1986” limit-captured-frames 11
SW # ethanalyzer local interface inband capture-filter “udp port1985” limit-captured-frames 11

Commands
• TCP Dump in data Plane
Switch(config)# ip access-list dhruv
Switch(config-acl)# statistics per-entry
Switch(config-acl)# permit tcp host 1.1.1.1 host 2.2.2.2 eq 88 log
Switch(config)# int e3/25
Switch(config-if)# ip access-group dhruv in
Switch# ethanalyzer local interface inband capture-filter “host 1.1.1.1” limit-captured-frames 1000
write bootflash:dhruv
Switch# dir bootflash:dhruv
4012Aug 26 2020 dhruv
Switch# ethanalyzer local read bootflash:dhruv

Introduction
• FabricPath (FP) is a L2 Routing = “MAC-in-MAC” Routing. FabricPath is Cisco proprietary and
works in the same way as TRILL (Transparent Interconnection of Lots of Links) that is an IETF
standard.
• FP: to remove STP from the topology
• vPC: only 2 switches
• FP: full mesh, partial mesh, triangle, square etc
FabricPath Control Plane
•IS-IS for L2 Routing
•Goal is to compute SPT (Shortest Path Tree) between
all
•FabricPath nodes
Why IS-IS?
uses its own L3 transport (IP is not required)
natively extensible (supports new TLVs: switch id
etc)
natively supports ECMP (Equal-cost multi-path
routing)
FabricPath data plane
CE frames are encapsulated with new FabricPath
header (only Nexus 7K F1 & F2 and Nexus 5500 only)
FabricPath header has SRC and DST FP Switch IDs
Traditional MAC learning
Learn SRC MAC of all received traffic
flood traffic to elict response from DST
leard SRC MAC of DST from its response
Conversational MAC learning
only learn SRC MAC if it already knows DST MAC
Note: FP Leaf Switches must be STP Root for Classical
Ethernet domain

Introduction
1. Ingress FabricPath switch determines destination Switch ID and imposes FabricPath Header
2. Destination Switch ID used to make routing decision through Fabric Core
3. No MAC learning or lookups required inside the core
4. Egress FabricPath swith removed FabricPath header and forwards to CE

Source MAC -A
Destination MAC-B
Payload
Source MAC -A
Destination MAC-B
Payload
Source MAC -A
Destination MAC-B
Payload
Source MAC -A
Destination MAC-B
Payload
Source Switch ID: S11
Destination Switch ID: S10
Source MAC -A
Destination MAC-B
Payload
Source Switch ID: S11
Destination Switch ID: S10
Source MAC -A
Destination MAC-B
Payload
1
2
3
4
5
6

Introduction
• Conversational Learning
Fabric-Path switches learn MAC addresses selectively, allowing a significant reduction in the size
of the MAC address table. Conversational MAC address learning means that each switch learns
only those MAC addresses for interested hosts, rather than all MAC addresses in the domain.
Each switch learns only those MAC addresses that are actively speaking with it. In this way,
conversational MAC learning consists of a three-way handshake.
This selective learning, or conversational MAC address learning, allows you to scale the network
beyond the limits of individual switch MAC address tables. All FabricPath VLANs use
conversational MAC address learning.
Note CE VLANs support only traditional MAC address learning, where each switch learns the
MAC addresses of all hosts in the network.
• To use conversational MAC address learning, you must do the following:
- Enable FabricPath.
- Ensure VLANs do not have switch virtual interface (SVI) enabled.

Components:
• Classical Ethernet (CE)
• Regular ethernet with regular flooding, regular STP
• Leaf Switch
• Connects CE domain to FP domain
• Spine Switch
• FP backbone switch with all ports in the FP domain only
• FP Core Ports
• links on Leaf up to Spine or Spine to Spine
• The switchport mode fabricpath links
• CE Edge Ports
• links on Leaf connecting to regular CE domain
• NOT the switchport mode fabricpath links

Classic Spanning Tree Setup
n7k(config)# vlan 100
n7k(config-vlan)# exit
n7k(config)# int e1/11-18
n7k(config-if-range)# switchport mode trunk
n7k(config-if-range)# switchport trunk allowed vlan 100
n7k(config-if-range)# no sh
n7k(config-if-range)# end
n5k(config-if-range)# switchport mode trunk

Fabric Path Setup
• Ensure License “Install Enhanced Layer 2 PKG” is installed.
n7k(config)# feature-set fabricpath
n7k(config-vlan)# mode fabricpath
n7k(config-if-range)# switchport mode fabricpath
n5k(config)# install feature-set fabricpath
n5k(config)# feature-set fabricpath
n5k(config-vlan)# mode fabricpath
n5k(config-if-range)# switchport mode fabricpath

Verification
• Verify the properties of the interfaces and the difference between fabric path and access ports.
Show interface brief

Verification
• Show fabricpath isis adjacency
• Show fabricpath switch-id
• Show fabricpath route

References
• https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/n
exus7000/sw/matrix/technical/reference/Module_Comparison_Matri
x.pdf
• https://community.cisco.com/t5/switching/cisco-catalyst-vs-nexus-
switches/td-p/2519675

Introduction to nexux from zero to Hero

More Related Content

What's hot (20)

Similar to Introduction to nexux from zero to Hero (20)

More from Dhruv Sharma (18)

Recently uploaded (20)

Introduction to nexux from zero to Hero

Editor's Notes