-
Overview
-
Configuring an Admin VDC
-
Configuring VDC Resource Templates
-
Creating VDCs
-
Managing VDCs
-
Quick Start
-
-
******************************
*
* ******************************
VDC(Virtual Device Context)是一种一虚多的技术,将一个物理设备虚拟成多个逻辑设备,每个逻辑设备的故障隔离、管理隔离、地址分配隔离、自适应资源管理、service differentiation domains。目前VDC仅在Cisco N7K平台支持。 - MAC地址:Default VDC有一个MAC地址;在Bootup过程中,Nondefault VDC自动创建MAC地址。如果没有充足的MAC供分配,将产生一条Syslog Message。
- Default VDC:只能在Default VDC或者Admin VDC中,创建、更改Nondefault VDC的属性,或者删掉Nondefault VDC
- VDC之间的通信:必须通过一条物理链路
-
---------------Storage VDC---------------
Storage VDC是一个Nondefault VDC,依赖FCoE许可。一台物理设备上仅可以运行一个Storage VDC,不能配置Default VDC为Storage VDC。 - 作用:在N7K上,通过Storage VDC来运行FCoE
- Vlan ID:FCoE与Ethernet使用的Vlan ID必须唯一,也就是说在Storage VDC中的FCoE Vlan ID不能与任何Ethernet VDC中Vlan ID相同。The VLAN numbering space for FCoE and Ethernet is shared only for those VDCs configured for port sharing.不同Ethernet VDC中的Vlan ID可以相同。
-
---------------VDC Resource---------------
1】Physical Resource
唯一可分配的物理资源是Ethernet Interfaces
- 对于Ethernet VDC,每一个物理Ethernet Interface只能被分配到一个VDC(包括Default VDC)
- 对于Storage VDC中的Shared Interface (能同时传输以太网与FC流量) ,物理接口可同时仅属于一个Ethernet VDC与一个Storage VDC
- 同一个Port Group (端口组中可能包括1接口、2接口、4接口、12接口) 的接口必须属于同一个VDC
- N7K从NX-OS 5.2(1)开始,当分配一个接口到VDC,该接口所属Port Group中的所有成员端口将自动分配到VDC中 (all members of a port group are automatically allocated to the VDC when you allocate an interface.)
- 原因:当在不同VDC的接口共享相同的接口ASIC时,重启VDC或将接口分配到VDC,可能引起这些接口在短时间内流量中断(大约1到2S)。为避免这种情况,需将相同端口ASIC的接口(也就是Port group的所有接口)分配相同的VDC (When interfaces in different VDCs share the same port ASIC, reloading the VDC (with the reload vdc command) or provisioning interfaces to the VDC (with the allocate interface command) might cause short traffic disruptions (of 1 to 2 seconds) for these interfaces. If such behavior is undesirable, make sure to allocate all interfaces on the same port ASIC to the same VDC.)
- 查看Interfaces与Port ASIC的映射关系: slot slot_number show hardware internal dev-port-map
![[转载]Cisco <wbr>N7K <wbr>VDC <wbr>基本原理与配置](http://simg.sinajs.cn/blog7style/images/common/sg_trans.gif "[转载]Cisco <wbr>N7K <wbr>VDC <wbr>基本原理与配置")
Interface number在FP Port列,Port ASIC number在MAC_0列。在上面这个例子中,Interface 1到12共享同一个Port ASIC(0)- 从NX-OS 6.1开始,CPU share可以用来在CPU发生争抢时,控制某VDC优先获得CPU资源, cpu-shares shares (VDC配置模式,范围值为1-10) ,比如:一个CPU share为10的VDC比一个CPU share为5的VDC,将获得2倍CPU时间 (a VDC with 10 CPU shares gets twice the CPU time compared to a VDC that has 5 CPU shares)
- 某些特性需要机箱中的所有模块是某种类型。从NX-OS 6.1(3)开始, system module-typer 命令可以限制在VDC内使用某种类型的板卡。( The modules that you do not enable must not be powered on after you configure this feature and enter yes . An error message will force you to manually disable these modules before proceeding. )
-
2】Logical Resources
在VDC中,所有的命名空间都是唯一的。
- 例外:不能使用相同的命名空间在Storage VDC与Ethernet VDC内
- 逻辑资源:SPAN monitoring sessions, port channels, VLANs, and VRFs
- When you are working with both storage VDCs and Ethernet VDCs, the VLAN ID and logical entity must be entirely separate for the storage VDCs.
-
3】Configuration Files
每一个VDC在NVRAM中维护一个分离的配置文件,配置文件描述了分配到VDC的接口、任何VDC相关的配置元素 (any VDC-specific configuration elements)
-
---------------VDC Management---------------
1】VDC的默认用户角色
- Network-admin (物理设备级别读写)
- 仅存在于Default VDC - 权限:允许访问在物理设备级别的所有全局配置命令与所有特性 如:升级软件、运行SPAN、create and delete VDCs, allocate resources for these VDCs, manage device resources reserved for the VDCs, and configure features within any VDC. - 通过 - Network-operator (物理设备级别只读)
- 仅存在于Default VDC - 权限:显示在物理设备上所有VDC的信息,各种Show信息 - 通过 - vdc-admin (VDC级别读写)
- 在VDC级别,配置所有的特性 - 权限:拥有Network-admin或者vdc-admin的用户可以在VDC内创建、更改、删除用户账号,不允许执行与物理设备相关命令 - vdc-operator (VDC级别只读)
- 在VDC级别,显示所有信息 -
2】Configuration Modes
配置模式:
- Default VDC,可以分配接口,改变VDC属性
- VDC内全局配置模式 (global configuration mode within the VDC itself)
3】VDC Management Connections
- 统一带外管理,NX-OS通过mgmt0来实现
- 独立带内管理,通过分配到VDC的Interface来实现,Admin vdc与Storage vdc不支持该方式
******************************
*
Configuring an Admin VDC * ******************************
-
---------------Admin VDC---------------
- 作用:仅仅用于管理,只有mgmt0被分配到Admin VDC(不需要VDC License)
- 前提条件:Sup2 or Sup 2E,NX-OS 6.1以及后续版本
-
- 创建Admin VDC的方法 :
- 第一次启动时," Do you want to enable admin vdc (yes/no) [no]:",选择"yes"。适用场景:对于全新部署推荐该方式
- 在启动后, system admin-vdc ,Default VDC将转为Admin vdc,当输入该命令,在Default VDC中所有的非全局配置将会丢失。适用场景:当Default VDC仅用于管理,没有传输任何业务流量时,推荐使用
- system admin-vdc migrate new vdc name,当输入该命令,在Default VDC的所有非全局配置迁移到一个新的VDC。适用场景:当Default VDC用于传输业务流量时,推荐该方式。
- 创建Admin VDC的指南与局限性:
- 在admin VDC,不能启用features or feature set
- 仅mgmt0被分配到admin VDC,因此仅支持带外管理或Console
- 在bootup时启用admin VDC,它将替代Default VDC
- 一旦创建admin vdc,它将不能被删除或切换回Default VDC。如果需切换回Default VDC,需erase配置,执行重新bootup
对于使用 system admin-vdc 与 system admin-vdc migrate 命令迁移到Admin VDC的操作指南与限制:- 在Admin VDC迁移时,一些特性配置(如ACL)复制到新VDC,但这些配置在admin vdc中没有被移除。为了避免其他影响,建议手动移除
对于使用 system admin-vdc migrate 命令迁移到Admin VDC的操作指南与限制:- 当在Default VDC中启用了VTP、time-zone,VTP配置不会自动迁移。在迁移完成后,需在新VDC重新配置
- Default VDC中的管理IP不会迁移到新VDC;任何外部设备,如在VPC peer的VPC keepalive over 管理接口 或SNMP需重新配置
- 在迁移过程中,如果N7K有足够的系统资源,Default VDC的资源限制将复制到迁移后的VDC,否则迁移失败,并提示错误消息
- 如果Default VDC启用并配置了FEX,Default VDC配置将迁移几分钟
***************************************
*
***************************************
-
---------------原理---------------
- 作用:当创建VDC时,设置共享物理设备资源的最小值与最大值。如果创建Nondefault VDC时未指定资源模板,默认使用vdc-default
- 资源:
- IPv4 multicast route memory
- IPv6 multicast route memory
- IPv4 unicast route memory
- IPv6 unicast route memory
- Port channels
- Switch Port Analyzer (SPAN) sessions (在物理设备上,最多两个SPAN monitoring session)
- VLANs
- Virtual routing and forwarding instances (VRFs)
- 计算路由条目的内存资源
从NX-OS 5.2(1)开始,不管是4GB还是8GB的Supervision,默认内存为300MB 计算方法:可通过如下命令计算单播RIB(IPv4 RIB and IPv6 RIB)所需内存资源: show routing memory estimate routes number-of-routes next-hops number-of-next-hops 。以下输出基于NX-OS 6.1(1),具体情况查看Cisco Nexus 7000 Verified Scalability Guide。路由内存大小的单位为MB。 !计算11000条路由,每条路由16个下一跳时的内存占用
N7K-2# show routing memory estimate routes 11000 next-hops 16
Shared memory estimates:
Current max 96 MB; 70182 routes with 16 nhs in-use 1 MB; 8 routes with 1 nhs (average) Configured max 96 MB; 70182 routes with 16 nhs Estimate memory with fixed overhead: 19 MB; 11000 routes with 16 nhs Estimate with variable overhead included: - With MVPN enabled VRF: 20 MB - With OSPF route (PE-CE protocol): 26 MB - With EIGRP route (PE-CE protocol): 32 MB N7K-2# show vdc resource template ?
> Redirect it to a file >> Redirect it to a file in append mode WORD Resource template name (Max Size 100) global-default (no abbrev) vdc-default (no abbrev) | Pipe command output to filter !global-default用于Default VDC
N7K-2# show vdc resource template global-default
global-default ---------------- Resource Min Max ---------- ----- ----- m6route-mem 8 8 m4route-mem 58 58 u6route-mem 24 24 u4route-mem 96 96 N7K-2# show vdc resource template vdc-default
vdc-default ------------- Resource Min Max ---------- ----- ----- port-channel 0 768 vlan 16 4094 m6route-mem 5 5 m4route-mem 8 8 u6route-mem 4 4 u4route-mem 8 8 vrf 2 4096 - 若更改了VDC Resource Template,之前调用该模板的VDC,需重新调用方可生效。也可以在创建后的VDC中,单独修改。
- 修改资源限制立即生效。除IPv4与IPv6路由表内存空间,将在VDC重启、物理设备重启或物理设备Switchover后生效 (Changes to the limits take effect immediately except for the IPv4 and IPv6 routing table memory limits, which take effect after the next VDC reset, physical device reload, or physical device stateful switchover.)
- VDC模板无需License
- VDC template只能由network administrator在Default VDC中创建( Default VDC转成了Admin VDC呢??? )
- 限制的最大值/最小值可以只设置一个(set only one value for the multicast and unicast route memory resources maximum and minimum limits)。如果仅设置最小值X,那么X=最小值=最大值;如果仅设置最大值Y,那么Y=最大值=最小值。(有点闲得蛋疼,建议同时设置最小值、最大值)
-
---------------配置---------------
1. config t
2. vdc resource template vdc-template-name
3. limit-resource m4route-mem [ minimum min-value ] maximum max-value
limit-resource m6route-mem [ minimum min-value ] maximum max-value
limit-resource monitor-session minimum min-value maximum { max-value | equal-to-min }
limit-resource port-channel minimum min-value maximum { max-value | equal-to-min }
limit-resource u4route-mem [ minimum min-value ] maximum max-value
limit-resource u6route-mem [ minimum min-value ] maximum max-value
limit-resource vrf minimum min-value maximum { max-value | equal-to-min }
4. exit
5.(Optional) show vdc resource template
6.(Optional) show run { vdc | vdc-all }
7.(Optional) copy running-config startup-config
-
******************************
*
******************************
-
================== 原理 ==================
---------------High-Availability Policies---------------
- 作用:当VDC出现不可恢复的错误时,NX-OS根据HA策略采取相应动作
- 单个引擎时,定义的动作:
- Bringdown,将VDC置为失败状态
- Reload,重启Supervisor模块。 (Note:The reload action affects all interfaces and all VDCs on the physical device.) Default VDC默认动作
- Restart,Takes down the VDC processes and interfaces and restarts it using the startup configuration.Nondefault VDC默认动作
- 双引擎时,定义的动作:
- Bringdown,Puts the VDC in the failed state.
- Restart,Takes down the VDC processes and interfaces and restarts it using the startup configuration.
- Switchover,Initiates a supervisor module switchover.Nondefault VDC与Default VDC的默认动作( Switchover是针对单个VDC还是整机??? )
- 不能更改Default VDC的HA策略
-
---------------VDC License---------------
---------------Guidelines and Limitations for VDCs---------------
- switchto vdc 命令
- 只有Network-admin或Network-operator有权限执行该命令
- 没有用户可以授予使用该命令的权限给其他用户
- 当network-admin角色的用户使用switchto vdc命令时,在新VDC中,该用户将自动获得VDC-Admin角色;当network-operator角色的用户使用switchto vdc命令时,在新VDC中,该用户将自动获得VDC-operator角色
- 无法使用switchto vdc从一个Nondefault VDC切换到另一个Nondefault VDC。只能使用switchback切换到Default VDC或源VDC,再来执行switchto VDC命令
- F2与F2E系列模块
- 默认情况下,VDC不支持F2与F2E系列模块。You can allocate F2/F2E ports to a VDC only after limiting the VDC module type to F2 .
- Use the system module-type f2 (全局模式) command to allow F2E Series modules into a VDC. The ports from F2 and F2E Series modules can be allocated like any other ports.
- There are no restrictions on the type of mix allowed for the system module-type command. The system module-type command allows a mix of F1, F2, M1, M1XL, and M2XL Series modules in the VDC.
- F2 and F2E Series modules cannot exist in the same VDC with any other module type. This applies to both LAN and storage VDCs.
- F2 and F2E Series modules cannot exist in the same VDC with F1, M1, M1XL, and M2XL Series modules. Use the limit-resource module-type f2 command to allow only F2 or F2E Series modules into a VDC. The ports from F2 and F2E Series modules can be allocated like any other ports.
- You can configure the limit-resource module-type command only from the VDC configuration mode and not from a VDC resource template.
- F2 and F2E Series modules support FCoE only with Supervisor 2 modules.( 与Compare Models有出入,F2E应该也支持 )
================== 配置 ==================
---------------创建VDC步骤---------------
- 创建一个VDC资源模板(可选)
- 创建VDC,并分配接口(分配接口可选)
- 初始化新VDC
Note:当创建FCoE类型的VDC(storage VDC),必需指定type,并指定FCoE VLAN:
N7K-2(config)# vdc vdc10 type storage ?
ha-policy Change HA policy for this VDC id Force this vdc into a specific id template Resource template for this vdc ---------------第二步 创建VDC---------------
首先,必须以network-admin的角色登录到默认或admin VDC,步骤如下:
1. config t
!Creates a VDC and enters the VDC configuration mode.
! switch -Specifies the default VDC. VDC number 1 is reserved for the default VDC.
!Nondefault VDC numbers are from 2 to 9.
2. vdc { switch | vdc-name } [ ha-policy { dual-sup { bringdown | restart | switchover } [ single-sup { bringdown | reload | restart }] [ id vdc-number ] [ template template-name ] [ type storage ]
3.(Optional) [ no ] allocate interface ethernet slot/port
!注意"-"前后的空格
[ no ] allocate interface ethernet slot/port - last-port
[ no ] allocate interface ethernet slot/port , ethernet slot/port,...
4.(Optional) show vdc membership
5.(Optional) show vdc shared membership
6. exit
7.(Optional) show vdc
!After you create a VDC, you must copy the default VDC running configuration to the startup configuration so that a VDC user can copy the new VDC running configuration to the startup configuration.
8.(Optional) copy running-config startup-config
-
---------------第三步 初始化新VDC---------------
首先,必须以network-admin的角色登录到默认或admin VDC,准备新VDC mgmt0的IP地址
1. switchto vdc vdc-name
!Displays the current VDC number.
2.(Optional) show vdc current-vdc
-
---------------验证VDC配置---------------
!Displays the VDC information in the running configuration.
show running-config { vdc | vdc-all }
!Displays the VDC configuration information.
show vdc [vdc-name]
!Displays the detailed information about many VDC parameters.
show vdc detail
!Displays the current VDC number.
show vdc current-vdc
!Displays the VDC interface membership information.
show vdc membership [ status ]
!Displays the VDC template configuration.
show vdc resource template
!Displays the VDC resource configuration for the current VDC.
show resource
!Displays the VDC resource configuration for all VDCs.
show vdc [vdc-name] resource [resource-name]
!Displays the MAC address for a specific VDC.
show mac vdc {vdc_id}
-
******************************
*
******************************
-
================== 原理 ==================
---------------配置保存---------------
- 单个VDC:在Nondefault VDC中,拥有vdc-admin与network-admin角色的用户可以保存running-config到startup-config
- 所有VDC:在Default VDC中,用户可以保存running-config到startup-config(应该是network-admin角色的用户)
---------------暂停与恢复VDC---------------
什么情况下,需要执行暂停与恢复,测试???
- 拥有network-admin角色的用户 可以对 Nondefault VDC 执行暂停与恢复(无法暂停Default VDC)
- 在执行暂停前,必须保存配置。否则,在恢复时,将丢失Running-config的改变部分,因为恢复时加载Startup-config的配置
- 在暂停状态的VDC:不能移除接口,被该VDC使用的所有其他资源将被释放,不能执行ISSU;在该VDC上的流量将中断
- 命令 为:[ no ] vdc vdc-name suspend
-
---------------VDC Reload---------------
- 仅能重启nondefault VDC,无法重启Default 或 Admin VDC
- 重启nondefault VDC的影响与重启物理设备的影响相似,重启后将加载Startup-config
- reload default vdc将重启所有的VDC
- 命令 :
!在nondefault vdc中执行 switch-TestVDC# reload vdc -
---------------VDC Boot Order---------------
- 多个VDC可以拥有相同的Boot Order。默认,所有的VDC的boot order为1
- 最小的boot order值,最先启动,相同boot order的VDC,同时启动
- starts all VDCs with the same boot order value followed by the VDCs with the next highest boot order value
- 仅能更改nondefault VDC的boot order,无法更改default VDC的boot order
- 命令:
!在default VDC中执行,boot-order范围值为1-4
switch(config)# vdc Engineering
switch(config-vdc)# boot-order 2
-
---------------管理VDC的操作指南与限制---------------
- 仅拥有network-admin角色的用户可以管理VDC
- 只能从Default VDC更改VDC
- If sufficient MAC addresses to program the management port of all the nondefault VDCs are unavailable, do not program the MAC address in any of the nondefault VDCs.
- 当发生硬件问题,syslog message将发送到所有VDC
- 当在同一个VDC的两个不同VRF之间使用背对背接口连接时,因VRF获得他们自己的源MAC地址,因此ARP解析失败,数据将无法发送。如果在同一个VDC的不同VRF之间使用两个接口来背对背连接,需给VRF接口静态分配MAC。 (When you have back-to-back connected interfaces in two different Virtual and Routine Forwarding Instances (VRFs) within the same VDC, the Address Resolution Protocol (ARP) fails to complete and packet drops occur because the VRFs obtain their own source MAC addresses. If you need two interfaces on the same VDC with different VRFs, assign a static MAC address to the VRF interfaces.)
-
================== 配置 ==================
---------------改变nondefault VDC提示符---------------
默认情况下,提示符为default VDC name + nondefault VDC name
!To change the prompt to show only the nondefault VDC name, use the no format of the command,在Default VDC中执行
[ no ] vdc combined-hostname
!Copies the running configuration for all the VDCs to the startup configuration.
!在Default VDC中执行
copy running-config startup-config vdc-all
-
---------------删除VDC---------------
!无法删除default vdc与admin vdc
switch(config)# no vdc NewVDC
-
******************************
*
Quick Start * ******************************
Step 1
Log in to the default VDC with a username that has the network-admin role. Step 2
Enter configuration mode and create the VDC using the default settings. switch# configure terminal
switch(config)# vdc MyVDC
Note:
Creating VDC, one moment please ... switch(config-vdc)#
Step 3
(Optional) Allocate interfaces to the VDC. switch(config-vdc)# show vdc membership
vdc_id: 1 vdc_name: switch interfaces:
Ethernet2/1 Ethernet2/2 Ethernet2/3 Ethernet2/4 Ethernet2/5 Ethernet2/6 Ethernet2/7 Ethernet2/8 Ethernet2/9 Ethernet2/10 Ethernet2/11 Ethernet2/12 Ethernet2/13 Ethernet2/14 Ethernet2/15 Ethernet2/16 Ethernet2/17 Ethernet2/18 Ethernet2/19 Ethernet2/20 Ethernet2/21 Ethernet2/22 Ethernet2/23 Ethernet2/24 Ethernet2/25 Ethernet2/26 Ethernet2/27 Ethernet2/28 Ethernet2/29 Ethernet2/30 Ethernet2/31 Ethernet2/32 Ethernet2/33 Ethernet2/34 Ethernet2/35 Ethernet2/36 Ethernet2/37 Ethernet2/38 Ethernet2/39 Ethernet2/40 Ethernet2/41 Ethernet2/42 Ethernet2/43 Ethernet2/44 Ethernet2/45 Ethernet2/46 Ethernet2/47 Ethernet2/48 switch(config-vdc)# allocate interface ethernet 2/11-1
Moving ports will cause all config associated to them in source vdc to be removed.
Are you
sure you want to move the ports? [yes] yes -
Note:When you allocate an interface to a VDC, the interface configuration is lost.
-
Step 4
Verify the VDC configuration. switch(config-vdc)# show vdc MyVDC
vdc_id
vdc_name state mac ------
-------- ----- ---------- 2
MyVDC active 00:00:00:00:00:00 -
Step 5
Switch to the new VDC and enter the VDC admin user account password. switch(config-vdc)# switchto vdc MyVDC
---- System Admin Account Setup ---- Do you want to enforce secure password standard (yes/no) [y]: y
Enter the password for "admin": 输入密码Confirm the password for "admin": 输入密码
-
Step 6 (Optional) Execute the setup script for your VDC.
---- Basic System Configuration Dialog VDC: 2 ----
This setup utility will guide you through the basic configuration of
the system. Setup configures only enough connectivity for management
of the system.
Please register Cisco Nexus7000 Family devices promptly with your
supplier. Failure to register may affect response times for initial
Please register Cisco Nexus7000 Family devices promptly with your
service calls. Nexus7000 devices must be registered to receive
entitled support services.
Press Enter at anytime to skip a dialog. Use ctrl-c at anytime
to skip the remaining dialogs.
Would you like to enter the basic configuration dialog (yes/no): no
-
Note:You can bypass the setup script and execute it later from within the VDC using the setup command.
-
Step 7
When you finish the setup script, or bypass it, you enter your new VDC. Cisco Nexus Operating System (NX-OS)Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.
The copyright to certain works contained in this software are
owned by other third parties and usedand distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
-
-
参考资料:
1】Cisco Nexus 7000 Series NX-OS Virtual Device Context Quick Start