原文地址:N7K VDC 基本原理与配置”>Cisco N7K VDC 基本原理与配置作者:用户3725503853
Overview
Configuring an Admin VDC
Configuring VDC Resource
Templates
Creating VDCs
Managing VDCs
Quick Start
******************************
*
Overview
*
******************************
VDC(Virtual Device
Context)是一种一虚多的技术,将一个物理设备虚拟成多个逻辑设备,每个逻辑设备的故障隔离、管理隔离、地址分配隔离、自适应资源管理、service
differentiation domains。目前VDC仅在Cisco N7K平台支持。
– MAC地址:Default VDC有一个MAC地址;在Bootup过程中,Nondefault
VDC自动创建MAC地址。如果没有充足的MAC供分配,将产生一条Syslog Message。
– Default VDC:只能在Default VDC或者Admin VDC中,创建、更改Nondefault
VDC的属性,或者删掉Nondefault VDC
– VDC之间的通信:必须通过一条物理链路
—————Storage VDC—————
Storage VDC是一个Nondefault VDC,依赖FCoE许可。一台物理设备上仅可以运行一个Storage
VDC,不能配置Default VDC为Storage VDC。
– 作用:在N7K上,通过Storage VDC来运行FCoE
– Vlan ID:FCoE与Ethernet使用的Vlan ID必须唯一,也就是说在Storage
VDC中的FCoE Vlan ID不能与任何Ethernet VDC中Vlan ID相同。The VLAN numbering
space for FCoE and Ethernet is shared only for those VDCs
configured for port sharing.不同Ethernet VDC中的Vlan ID可以相同。
—————VDC Resource—————
1】Physical Resource
唯一可分配的物理资源是Ethernet Interfaces
– 对于Ethernet VDC,每一个物理Ethernet
Interface只能被分配到一个VDC(包括Default VDC)
– 对于Storage VDC中的Shared Interface (能同时传输以太网与FC流量) ,物理接口可同时仅属于一个Ethernet VDC与一个Storage VDC
– 同一个Port Group (端口组中可能包括1接口、2接口、4接口、12接口) 的接口必须属于同一个VDC
– N7K从NX-OS 5.2(1)开始,当分配一个接口到VDC,该接口所属Port
Group中的所有成员端口将自动分配到VDC中 (all
members of a port group are automatically allocated to the VDC when
you allocate an interface.)
–
原因:当在不同VDC的接口共享相同的接口ASIC时,重启VDC或将接口分配到VDC,可能引起这些接口在短时间内流量中断(大约1到2S)。为避免这种情况,需将相同端口ASIC的接口(也就是Port
group的所有接口)分配相同的VDC (When
interfaces in different VDCs share the same port ASIC, reloading
the VDC (with the reload vdc command) or provisioning interfaces to the VDC
(with the allocate interface
command) might cause short traffic
disruptions (of 1 to 2 seconds) for these interfaces. If such
behavior is undesirable, make sure to allocate all interfaces on
the same port ASIC to the same VDC.)
– 查看Interfaces与Port ASIC的映射关系: slot slot_number show hardware internal dev-port-map
Interface number在FP Port列,Port ASIC
number在MAC_0列。在上面这个例子中,Interface 1到12共享同一个Port ASIC(0)
– 从NX-OS 6.1开始,CPU
share可以用来在CPU发生争抢时,控制某VDC优先获得CPU资源, cpu-shares shares (VDC配置模式,范围值为1-10) ,比如:一个CPU share为10的VDC比一个CPU
share为5的VDC,将获得2倍CPU时间 (a VDC
with 10 CPU shares gets twice the CPU time compared to a VDC that
has 5 CPU shares)
– 某些特性需要机箱中的所有模块是某种类型。从NX-OS 6.1(3)开始, system module-typer
命令可以限制在VDC内使用某种类型的板卡。( The modules that you do not enable must not be
powered on after you configure this feature and enter
yes
. An error message will force you to
manually disable these modules before proceeding.
)
2】Logical Resources
在VDC中,所有的命名空间都是唯一的。
– 例外:不能使用相同的命名空间在Storage VDC与Ethernet VDC内
– 逻辑资源:SPAN monitoring sessions, port channels, VLANs, and
VRFs
– When you are working with both storage VDCs and Ethernet
VDCs, the VLAN ID and logical entity must be entirely separate for
the storage VDCs.
3】Configuration Files
每一个VDC在NVRAM中维护一个分离的配置文件,配置文件描述了分配到VDC的接口、任何VDC相关的配置元素
(any VDC-specific configuration
elements)
—————VDC Management—————
1】VDC的默认用户角色
Network-admin (物理设备级别读写)
– 仅存在于Default
VDC
–
权限:允许访问在物理设备级别的所有全局配置命令与所有特性
如:升级软件、运行SPAN、create and delete VDCs, allocate
resources for these VDCs, manage device resources reserved for the
VDCs, and configure features within any VDC.
– 通过
switchto vdc
命令切换到Nondefault VDC,并获得VDC-Admin权限
Network-operator (物理设备级别只读)
– 仅存在于Default
VDC
–
权限:显示在物理设备上所有VDC的信息,各种Show信息
– 通过
switchto vdc
命令切换到Nondefault VDC,并获得VDC-operator权限
vdc-admin (VDC级别读写)
–
在VDC级别,配置所有的特性
–
权限:拥有Network-admin或者vdc-admin的用户可以在VDC内创建、更改、删除用户账号,不允许执行与物理设备相关命令
vdc-operator (VDC级别只读)
–
在VDC级别,显示所有信息
2】Configuration Modes
配置模式:
Default VDC,可以分配接口,改变VDC属性
VDC内全局配置模式 (global
configuration mode within the VDC itself)
3】VDC Management Connections
统一带外管理,NX-OS通过mgmt0来实现
独立带内管理,通过分配到VDC的Interface来实现,Admin vdc与Storage
vdc不支持该方式
******************************
* Configuring an Admin VDC *
******************************
—————Admin VDC—————
– 作用:仅仅用于管理,只有mgmt0被分配到Admin VDC(不需要VDC
License)
– 前提条件:Sup2 or Sup 2E,NX-OS 6.1以及后续版本
– 创建Admin VDC的方法
:
第一次启动时,” Do you want to enable admin vdc (yes/no)
[no]:”,选择”yes”。适用场景:对于全新部署推荐该方式
在启动后, system
admin-vdc ,Default VDC将转为Admin vdc,当输入该命令,在Default
VDC中所有的非全局配置将会丢失。适用场景:当Default
VDC仅用于管理,没有传输任何业务流量时,推荐使用
system admin-vdc migrate
new vdc name,当输入该命令,在Default
VDC的所有非全局配置迁移到一个新的VDC。适用场景:当Default VDC用于传输业务流量时,推荐该方式。
– 创建Admin VDC的指南与局限性:
在admin VDC,不能启用features or feature set
仅mgmt0被分配到admin VDC,因此仅支持带外管理或Console
在bootup时启用admin VDC,它将替代Default VDC
一旦创建admin vdc,它将不能被删除或切换回Default VDC。如果需切换回Default
VDC,需erase配置,执行重新bootup
对于使用 system admin-vdc 与
system admin-vdc migrate
命令迁移到Admin VDC的操作指南与限制:
在Admin VDC迁移时,一些特性配置(如ACL)复制到新VDC,但这些配置在admin
vdc中没有被移除。为了避免其他影响,建议手动移除
对于使用 system admin-vdc migrate
命令迁移到Admin VDC的操作指南与限制:
当在Default
VDC中启用了VTP、time-zone,VTP配置不会自动迁移。在迁移完成后,需在新VDC重新配置
Default VDC中的管理IP不会迁移到新VDC;任何外部设备,如在VPC peer的VPC
keepalive over 管理接口 或SNMP需重新配置
在迁移过程中,如果N7K有足够的系统资源,Default
VDC的资源限制将复制到迁移后的VDC,否则迁移失败,并提示错误消息
如果Default VDC启用并配置了FEX,Default VDC配置将迁移几分钟
***************************************
* Configuring VDC Resource Templates
*
***************************************
—————原理—————
– 作用:当创建VDC时,设置共享物理设备资源的最小值与最大值。如果创建Nondefault
VDC时未指定资源模板,默认使用vdc-default
– 资源:
IPv4 multicast route memory
IPv6 multicast route memory
IPv4 unicast route memory
IPv6 unicast route memory
Port channels
Switch Port Analyzer (SPAN) sessions (在物理设备上,最多两个SPAN monitoring session)
VLANs
Virtual routing and forwarding instances
(VRFs)
– 计算路由条目的内存资源
从NX-OS
5.2(1)开始,不管是4GB还是8GB的Supervision,默认内存为300MB
计算方法:可通过如下命令计算单播RIB(IPv4 RIB and IPv6
RIB)所需内存资源: show routing
memory estimate routes number-of-routes next-hops number-of-next-hops 。
以下输出基于NX-OS 6.1(1),具体情况查看Cisco Nexus
7000 Verified Scalability Guide。路由内存大小的单位为MB。
!计算11000条路由,每条路由16个下一跳时的内存占用
N7K-2# show routing memory estimate routes
11000 next-hops
16
Shared memory
estimates:
Current max
96 MB;
70182 routes with 16 nhs
in-use 1 MB;
8 routes
with 1 nhs (average)
Configured max
96 MB; 70182 routes with 16
nhs
Estimate memory with fixed
overhead: 19 MB; 11000 routes
with 16 nhs
Estimate with
variable overhead included:
– With MVPN
enabled VRF: 20 MB
– With OSPF route
(PE-CE protocol): 26 MB
– With EIGRP route
(PE-CE protocol): 32 MB
N7K-2# show vdc resource template
?
>
Redirect it to a file
>>
Redirect it to a file in append
mode
WORD
Resource
template name (Max Size 100)
global-default (no
abbrev)
vdc-default (no
abbrev)
|
Pipe command output to filter
!global-default用于Default
VDC
N7K-2# show vdc resource template
global-default
global-default
—————-
Resource
Min
Max
———-
—–
—–
m6route-mem
8
8
m4route-mem
58
58
u6route-mem
24
24
u4route-mem
96
96
N7K-2# show vdc resource template
vdc-default
vdc-default
————-
Resource
Min
Max
———-
—–
—–
port-channel
0
768
vlan
16
4094
m6route-mem
5
5
m4route-mem
8
8
u6route-mem
4
4
u4route-mem
8
8
vrf
2
4096
– 若更改了VDC Resource
Template,之前调用该模板的VDC,需重新调用方可生效。也可以在创建后的VDC中,单独修改。
–
修改资源限制立即生效。除IPv4与IPv6路由表内存空间,将在VDC重启、物理设备重启或物理设备Switchover后生效
(Changes to the limits take effect
immediately except for the IPv4 and IPv6 routing table memory
limits, which take effect after the next VDC reset, physical device
reload, or physical device stateful switchover.)
– VDC模板无需License
– VDC template只能由network administrator在Default
VDC中创建( Default VDC转成了Admin
VDC呢??? )
– 限制的最大值/最小值可以只设置一个(set only one
value for the multicast and unicast route memory resources maximum
and minimum
limits)。如果仅设置最小值X,那么X=最小值=最大值;如果仅设置最大值Y,那么Y=最大值=最小值。(有点闲得蛋疼,建议同时设置最小值、最大值)
—————配置—————
1. config
t
2. vdc resource
template vdc-template-name
3. limit-resource
m4route-mem [ minimum min-value ] maximum max-value
limit-resource
m6route-mem [ minimum min-value ] maximum max-value
limit-resource
monitor-session minimum min-value maximum { max-value | equal-to-min
}
limit-resource
port-channel minimum
min-value maximum { max-value | equal-to-min
}
limit-resource
u4route-mem [ minimum min-value ] maximum max-value
limit-resource
u6route-mem [ minimum min-value ] maximum max-value
limit-resource vrf
minimum min-value
maximum {
max-value | equal-to-min
}
4. exit
5.(Optional) show
vdc resource template
6.(Optional) show
run { vdc | vdc-all }
7.(Optional) copy
running-config
startup-config
******************************
*
Creating
VDCs
*
******************************
================== 原理 ==================
—————High-Availability
Policies—————
– 作用:当VDC出现不可恢复的错误时,NX-OS根据HA策略采取相应动作
– 单个引擎时,定义的动作:
Bringdown,将VDC置为失败状态
Reload,重启Supervisor模块。 (Note:The reload action affects all interfaces and
all VDCs on the physical device.) Default VDC默认动作
Restart,Takes down the VDC processes and interfaces and
restarts it using the startup configuration.Nondefault
VDC默认动作
– 双引擎时,定义的动作:
Bringdown,Puts the VDC in the failed state.
Restart,Takes down the VDC processes and interfaces and
restarts it using the startup configuration.
Switchover,Initiates a supervisor module
switchover.Nondefault VDC与Default VDC的默认动作( Switchover是针对单个VDC还是整机??? )
– 不能更改Default VDC的HA策略
—————VDC License—————
—————Guidelines and Limitations for
VDCs—————
– switchto
vdc 命令
只有Network-admin或Network-operator有权限执行该命令
没有用户可以授予使用该命令的权限给其他用户
当network-admin角色的用户使用switchto
vdc命令时,在新VDC中,该用户将自动获得VDC-Admin角色;当network-operator角色的用户使用switchto
vdc命令时,在新VDC中,该用户将自动获得VDC-operator角色
无法使用switchto vdc从一个Nondefault VDC切换到另一个Nondefault
VDC。只能使用switchback切换到Default VDC或源VDC,再来执行switchto
VDC命令
– F2与F2E系列模块
默认情况下,VDC不支持F2与F2E系列模块。You can allocate F2/F2E ports to a
VDC only after limiting the VDC module type to
F2 .
Use the system
module-type f2 (全局模式)
command to allow F2E Series modules
into a VDC. The ports from F2 and F2E Series modules can be
allocated like any other ports.
There are no restrictions on the
type of mix allowed for the system module-type
command. The system module-type
command allows a mix of F1, F2, M1,
M1XL, and M2XL Series modules in the VDC.
F2 and F2E Series modules cannot
exist in the same VDC with any other module type. This applies to
both LAN and storage VDCs.
F2 and F2E Series modules cannot exist in the same VDC
with F1, M1, M1XL, and M2XL Series modules. Use the
limit-resource module-type
f2 command to allow only F2 or F2E Series modules into
a VDC. The ports from F2 and F2E Series modules can be allocated
like any other ports.
You can configure the limit-resource module-type command
only from the VDC configuration mode and not from a VDC resource
template.
F2 and F2E Series modules support FCoE only with
Supervisor 2 modules.( 与Compare
Models有出入,F2E应该也支持 )
==================
配置 ==================
—————创建VDC步骤—————
创建一个VDC资源模板(可选)
创建VDC,并分配接口(分配接口可选)
初始化新VDC
Note:当创建FCoE类型的VDC(storage VDC),必需指定type,并指定FCoE
VLAN:
N7K-2(config)# vdc vdc10 type storage ?
ha-policy Change HA
policy for this VDC
id
Force this vdc into a
specific id
template Resource
template for this vdc
—————第二步 创建VDC—————
首先,必须以network-admin的角色登录到默认或admin VDC,步骤如下:
1. config
t
!Creates a VDC and enters the VDC
configuration mode.
! switch
-Specifies the default VDC. VDC number 1 is reserved for the
default VDC.
!Nondefault VDC numbers are from 2 to 9.
2. vdc
{ switch
| vdc-name
} [ ha-policy
{ dual-sup
{ bringdown
| restart
| switchover
} [ single-sup
{ bringdown
| reload
| restart
}] [ id
vdc-number ] [
template template-name ] [
type storage ]
3.(Optional) [ no ] allocate interface ethernet slot/port
!注意”-“前后的空格
[ no
] allocate interface
ethernet slot/port –
last-port
[ no
] allocate interface
ethernet slot/port
, ethernet slot/port,…
4.(Optional) show
vdc membership
5.(Optional) show
vdc shared membership
6. exit
7.(Optional) show
vdc
!After you create a VDC, you must
copy the default VDC running configuration to the startup
configuration so that a VDC user can copy the new VDC running
configuration to the startup configuration.
8.(Optional) copy
running-config startup-config
—————第三步 初始化新VDC—————
首先,必须以network-admin的角色登录到默认或admin VDC,准备新VDC
mgmt0的IP地址
1. switchto
vdc vdc-name
!Displays the current VDC
number.
2.(Optional) show
vdc current-vdc
—————验证VDC配置—————
!Displays the VDC information in
the running configuration.
show
running-config {
vdc
| vdc-all }
!Displays the VDC configuration
information.
show vdc
[vdc-name]
!Displays the detailed information
about many VDC parameters.
show vdc
detail
!Displays the current VDC
number.
show vdc
current-vdc
!Displays the VDC interface
membership information.
show vdc
membership [
status
]
!Displays the VDC template
configuration.
show vdc
resource template
!Displays the VDC resource
configuration for the current VDC.
show
resource
!Displays the VDC resource
configuration for all VDCs.
show vdc
[vdc-name] resource [resource-name]
!Displays the MAC address for a
specific VDC.
show mac
vdc {vdc_id}
******************************
*
Managing
VDCs
*
******************************
==================
原理 ==================
—————配置保存—————
单个VDC:在Nondefault
VDC中,拥有vdc-admin与network-admin角色的用户可以保存running-config到startup-config
所有VDC:在Default
VDC中,用户可以保存running-config到startup-config(应该是network-admin角色的用户)
—————暂停与恢复VDC—————
什么情况下,需要执行暂停与恢复,测试???
– 拥有network-admin角色的用户
可以对 Nondefault VDC
执行暂停与恢复(无法暂停Default VDC)
–
在执行暂停前,必须保存配置。否则,在恢复时,将丢失Running-config的改变部分,因为恢复时加载Startup-config的配置
–
在暂停状态的VDC:不能移除接口,被该VDC使用的所有其他资源将被释放,不能执行ISSU;在该VDC上的流量将中断
– 命令
为:[ no ] vdc vdc-name suspend
—————VDC Reload—————
– 仅能重启nondefault VDC,无法重启Default 或 Admin VDC
– 重启nondefault
VDC的影响与重启物理设备的影响相似,重启后将加载Startup-config
– reload default vdc将重启所有的VDC
– 命令
:
!在nondefault vdc中执行
switch-TestVDC# reload vdc
—————VDC Boot Order—————
– 多个VDC可以拥有相同的Boot Order。默认,所有的VDC的boot order为1
– 最小的boot order值,最先启动,相同boot order的VDC,同时启动
– starts all VDCs with the same boot order value followed
by the VDCs with the next highest boot order value
– 仅能更改nondefault VDC的boot order,无法更改default VDC的boot
order
– 命令:
!在default
VDC中执行,boot-order范围值为1-4
switch(config)# vdc Engineering
switch(config-vdc)# boot-order 2
—————管理VDC的操作指南与限制—————
–
仅拥有network-admin角色的用户可以管理VDC
– 只能从Default VDC更改VDC
– If sufficient MAC addresses to
program the management port of all the nondefault VDCs are
unavailable, do not program the MAC address in any of the
nondefault VDCs.
– 当发生硬件问题,syslog message将发送到所有VDC
–
当在同一个VDC的两个不同VRF之间使用背对背接口连接时,因VRF获得他们自己的源MAC地址,因此ARP解析失败,数据将无法发送。如果在同一个VDC的不同VRF之间使用两个接口来背对背连接,需给VRF接口静态分配MAC。
(When you have back-to-back connected
interfaces in two different Virtual and Routine Forwarding
Instances (VRFs) within the same VDC, the Address Resolution
Protocol (ARP) fails to complete and packet drops occur because the
VRFs obtain their own source MAC addresses. If you need two
interfaces on the same VDC with different VRFs, assign a static MAC
address to the VRF interfaces.)
==================
配置 ==================
—————改变nondefault
VDC提示符—————
默认情况下,提示符为default VDC name + nondefault VDC
name
!To change the prompt to show only
the nondefault VDC name, use the no format of the command,在Default
VDC中执行
[ no ] vdc
combined-hostname
!Copies the running configuration
for all the VDCs to the startup configuration.
!在Default VDC中执行
copy running-config
startup-config vdc-all
—————删除VDC—————
!无法删除default vdc与admin
vdc
switch(config)# no
vdc NewVDC
参考资料:
1】Cisco Nexus 7000 Series NX-OS
Virtual Device Context Configuration Guide
******************************
*
Quick Start
*
******************************
Step 1
Log in to the default VDC with a username
that has the network-admin role.
Step 2
Enter configuration mode and create the VDC
using the default settings.
switch# configure
terminal
switch(config)# vdc MyVDC
Note: Creating VDC, one moment please
…
switch(config-vdc)#
Step 3
(Optional) Allocate interfaces to the
VDC.
switch(config-vdc)# show vdc membership
vdc_id: 1 vdc_name: switch interfaces:
Ethernet2/1
Ethernet2/2
Ethernet2/3
Ethernet2/4
Ethernet2/5
Ethernet2/6
Ethernet2/7
Ethernet2/8
Ethernet2/9
Ethernet2/10
Ethernet2/11
Ethernet2/12
Ethernet2/13
Ethernet2/14
Ethernet2/15
Ethernet2/16
Ethernet2/17
Ethernet2/18
Ethernet2/19
Ethernet2/20
Ethernet2/21
Ethernet2/22
Ethernet2/23
Ethernet2/24
Ethernet2/25
Ethernet2/26
Ethernet2/27
Ethernet2/28
Ethernet2/29
Ethernet2/30
Ethernet2/31
Ethernet2/32
Ethernet2/33
Ethernet2/34
Ethernet2/35
Ethernet2/36
Ethernet2/37
Ethernet2/38
Ethernet2/39
Ethernet2/40
Ethernet2/41
Ethernet2/42
Ethernet2/43
Ethernet2/44
Ethernet2/45
Ethernet2/46
Ethernet2/47
Ethernet2/48
switch(config-vdc)# allocate interface ethernet 2/11-1
Moving ports will cause all config associated to them in
source vdc to be removed.
Are you sure you want to move the ports?
[yes] yes
Note:When you allocate an interface
to a VDC, the interface configuration is lost.
Step 4
Verify the VDC configuration.
switch(config-vdc)# show vdc MyVDC
vdc_id vdc_name
state
mac
—— ——–
—–
———-
2
MyVDC
active
00:00:00:00:00:00
Step 5
Switch to the new VDC and enter the VDC
admin user account password.
switch(config-vdc)# switchto vdc MyVDC
—- System Admin Account Setup —-
Do you want to enforce secure password standard (yes/no)
[y]: y
Enter the password for “admin”:
输入密码
Confirm the password for “admin”: 输入密码
Step 6
(Optional) Execute the setup script for your VDC.
—- Basic System Configuration Dialog VDC: 2
—-
This setup utility will guide you through the basic
configuration of
the system. Setup configures only enough connectivity for
management
of the system.
Please register Cisco Nexus7000 Family devices promptly
with your
supplier. Failure to register may affect response times
for initial
Please register Cisco Nexus7000 Family devices promptly
with your
service calls. Nexus7000 devices must be registered to
receive
entitled support services.
Press Enter at anytime to skip a dialog. Use ctrl-c at
anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog
(yes/no): no
Note:You can bypass the setup
script and execute it later from within the VDC using the setup
command.
Step 7
When you finish the setup script, or bypass
it, you enter your new VDC.
Cisco Nexus Operating System (NX-OS)Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2011, Cisco Systems, Inc. All rights
reserved.
The copyright to certain works contained in this software
are
owned by other third parties and usedand distributed
under
license. Certain components of this software are licensed
under
the GNU General Public License (GPL) version 2.0 or the
GNU
Lesser General Public License (LGPL) Version 2.1. A copy
of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php
and
http://www.opensource.org/licenses/lgpl-2.1.php
参考资料:
1】Cisco Nexus 7000 Series NX-OS Virtual Device Context
Quick Start
支付宝扫一扫
微信扫一扫
