Руководство По Проектированию для Cisco Cisco Nexus 5010 Switch

Page 12 of 32

Layer 2 Best Practices

Remember that vPCs are switch ports, not Layer 3 ports, and if they are not configu

red as such, the vPC doesn’t

come up.

vPC Best Practices

The following list summarizes the best practice recommendations for vPC configurations. As a reference and

summary for vPC configurations, Figure 10 highlights the components of a vPC design.

●

Connect the two Cisco Nexus 7000 Series Switches through redundant 10 Gigabit Ethernet links (operated

in dedicated mode) from 10 Gigabit Ethernet line cards for the purpose of forming the peer link between

vPC peers. Preferably this link carries only vPC VLANs.

●

A single 10 Gigabit Ethernet card providing both the Layer 3 core links and vPC peer links is not

recommended, as the card failure on a primary vPC Cisco Nexus 7000 Series would disconnect it from core

connectivity and also create a failure scenario where the primary device would keep the vPC member ports

up, thus blackholing traffic. If you deploy such a topology, you should use the object-tracking capabilities of

Cisco NX-OS Software Release 4.2 and track the core links under the vPC role configuration.

●

An additional Layer 2 link is allocated to carry non-vPC VLANs between the vPC members. In a Rapid

PVST+ deployment, you can trunk the non-vPC VLANs on a separate PortChannel connecting the vPC

peers. If vPC and non-vPC VLANs share the same link, you should consider using dual-active exclude

interface-vlan <non-vPC vlans list> to decouple the SVI status from the peer-link failure.

●

Configure the spanning tree root and secondary root priorities as usual. The adjacent switches will see the

root switch bridge ID (regardless of whether the root is the primary or secondary vPC). Matching primary

root and vPC primary is recommended.

●

A Layer 3 VLAN connecting the Cisco Nexus 7000 Series routing engines makes the Open Shortest Path

First (OSPF) Protocol area contiguous and does not require HSRP tracking.

●

The peer keepalive traffic should never be carried as a VLAN over the peer link.

●

Use a routed Layer 3 connection between the Agg1 and Agg2 for the peer keepalive, in order to resolve

dual-active scenarios.

●

mgmt0 can be used if you route the peer keepalive through the out-of-band management network, in which

case each Cisco Nexus 7000 Series is connected to the management network through both the mgmt0 of

supervisor slot 5 and supervisor slot 6. If you follow this approach regardless of which supervisor is active,

the Cisco Nexus 7000 Series will have one of the mgmt0 interfaces connected to the management network,

which can then be used for peer-keepalive purposes.

●

Direct connectivity of the peer keepalive through mgmt0 from one vPC peer to the other should never be

utilized.

●

If direct connectivity for the peer keepalive is required between vPC peers, you should use a dedicated

Gigabit Ethernet port from one of the line cards.

●

Configure Layer 2 links from acc1, acc2, acc3 as Layer 2 EtherChannels.

●

Port channels on the Cisco Nexus 7000 Series side are configured for LACP active mode.

●

If the access switch is a Cisco Catalyst platform, you may have to disable the EtherChannel

misconfiguration guard (unless you are using a Cisco NX-OS release higher than 4.2(X) on the Cisco

Nexus 7000).