VDC
VDC (Virtual Device Context):
We can virtually divide a physical Nexus chassis in to multiple virtual chassis i.e. VDC.
Each VDC means a different switch (virtually). We can run all commands in each Switch (VDC)
We have to use cables between VDCs if we want to form trunk or any connection for transferring data because VDCs mean different switches
Physically – It will appear as a loop if both VDCs are part of same physical chassis
Creation, Deletion, Modification of VDCs can be done from Default VDC only
By default – a physical complete chassis is known as Default VDC or Admin VDC
User should have VDC-admin privileges to do changes in respective VDC. To be able to operate all VDCs – user need to be Network-Admin role
#show vdc To see the list of VDCs
#show vdc detail
#show run To see full details about all the VDCs
Supervisor engine defines the no. of VDCs we can create in Nexus 7K Switch
For Sup1 – we can create 4 VDCs including “default vdc”
For Sup2 – Total of 5 VDCs can be created – out of which one will be default VDC
#show module To verify the supervisor engine
We move switchports in to other VDCs from Default VDC. So, if we move the port eth1/2 in to VDC 2 then eth1/2 administration will happen from VDC2
If we want to move the port eth1/2 back to Default VDC from VDC 2 – then this operation can only happen from “admin or default vdc” i.e. not from VDC2
User of VDC 4 cannot “view or operate” ports of VDC2
#show vdc membership To view port allocation in each VDCs. Admin can view memberships of all VDCs
Control Plane i.e. CPU, memory is divided between each VDCs
Users of VDC2 will consider other VDCs as different switches, even though all are physically on same chassis
Remember that we can’t upgrade the IOS or Update License from “Non-default VDC”
If any global change is made – It will have impact on all VDCs. So “network-admin” should cautiously make changes
When we create VDC, then many things are shared such as CPU, RAM, MEMORY, Modules, Supervisor Engines, power supply, fabric modules, system tray, CMP and many more
VLAN information will not be shared between VDCs
Create VDC:
#conf t
#VDC vdctest vdctest is the name of the VDC
Delete VDC:
It is very dangerous as it will simply delete the virtual switch along with its configuration
Once we delete the VDC, all ports move to “default vdc or admin vdc”
#conf t
#no vdc vdctest
VDC information from default VDC:
Default VDC#show vdc vdctest detail
We can see VDC id, name, state, MAC, supported linecards, ha policy etc.
Saving Configuration:
For a VDC:
#copy run startup-config
For all VDCs:
Default VDC#copy run startup-config vdc-all
Note: #wr mem doesn’t work in Nexus
Switching VDCs:
Users of VDC1 will consider other VDCs as different switches, even though all are physically on same chassis
If we want to “move or switch” between VDCs (Ex, VDC 1 to VDC 3)
vdctest1#switchto vdc vdctest3 vdctest3 is name of VDC 3, we do not have to do Telnet or SSH or Console
vdctest3# Now we will be in vdctest3
In case we want to return to our own VDC (VDC 1)
vdctest3#switchback
vdctest1# now back to vdctest1
When we switched from VDC 1 to VDC 3, it does not tell you from which switch we’ve switched from, because we see only vdctest3#
To show the initial switch, we have to combine the names
We can do this on admin/default VDC
If VDC 1 is admin/default VDC
vdctest1#conf t
#vdc combined-hostname
#end
vdctest1#switchto vdc vdctest3
vdctest1-vdctest3# Now we will see both the names
Note: we cannot switch again to another vdc in here, only switchback
Vdctest1-vdctest3#switchback
vdctest1# now back to vdctest1
Port-group:
Port-group depends upon the model
As each model has difference in grouping ports, it is advisable to refer cisco data sheet
#show module To see Module, count of ports, Module-Type, Model, status and more information
Module 3 means Eth3/x
Module 4 means Eth4/x
Model Ex,
M132XP-12L has grouping of 4 ports
F132XP-15 has grouping of 2 ports
M series models does grouping of odd numbers and even number
If we move port 3, then ports 1, 5, 7 will be moved
If we move port 8, then ports 2, 4, 6 will be moved
F series models does grouping of 2 sequence numbers
If we move port 3, then port 4 will be moved
If we move port 17, then port 18 will be moved
VDC Port Allocation:
#conf t
#vdc vdctest
#allocate interface eth1/2 Eth1/2 will be allocated to VDC vdctest
Entire port-group is not present in the command. Missing ports will be included automatically
Moving ports will cause all config associated to them in source VDC will be removed
#end
#show vdc membership
when we move a port, It also moves the entire port-group. So missing ports will also be moved along with the port we want to move
So this port allocation has to be done very carefully. Ports may be having some servers connected. So, when we move, current configuration will be deleted and empty port will move along with members of port-group
Port-group depends upon the module model
M series models does grouping of odd numbers and even number
If we move port 3, then ports 1, 5, 7 will be moved
If we move port 8, then ports 2, 4, 6 will be moved
F series models does grouping of 2 sequence numbers
If we move port 3, then port 4 will be moved
If we move port 17, then port 18 will be moved
#show module To see Module, count of ports, Module-Type, Model, status and more information
Module 3 means Eth3/x
Module 4 means Eth4/x
Management (mgmt 0) in VDC:
Management 0 port i.e. mgmt0 is shared among VDCs. However, each VDC can have its own IP address on this interface
mgmt0 in VDC 1 can have IP address 10.1.1.1/24
mgm0 in VDC 2 can have IP address 10.1.1.2/24
mgmt0 is the only Single port on physical chassis, though it will appear as 4 ports in total (if 4 VDCs are present)
We can’t ping the Mgmt0 interfaces of other VDCs from one VDC if all are part of same Physical Nexus Switch
Means mgmt0 (10.1.1.1/24- VDC 1) can’t ping mgmt0 (10.1.1.2/24- VDC2), Since both VDC1 & 2 are part of same physical Box
However, if different chassis being used then, ping will work provided correct network and subnet mask is used
#show int status To see the mgmt0 and other ethernet interface status
#show run interface mgmt 0 To see the management config
VDC HA:
HA Policy means High Availability policy
We have three options for single-sup HA
Bringdown – Bring down the VDC
Reload – Reload the supervisor
Restart – Bring down the VDC, then bring the VDC back up
When we have only one supervisor engine (one sup) and if VDC gets corrupted / hung / stops working, we can set ha policy as RESTART
We can also set this policy to BRINGDOWN, but it will not serve any purpose because it will stop the operation for module. Restarting of module resolves many issues
Dual SUP HA Policy – We have three options for dual-sup HA
Bringdown – Bring down the VDC
Restart – Bring down the VDC, then bring the VDC back up
Switchover – Switchover the supervisor
When we have two supervisor engine (two sup) and if VDC gets corrupted/hung/stops working, we can set dual-sup ha policy as SWITCHOVER
It will switch the management of VDC to backup supervisor engine. we can also change this policy but “switchover” is best and recommended for dual sup environment
Default VDC#show vdc vdctest detail We can see ha policy, dual-sup ha policy etc.
To configure ha policy:
#conf t
#vdc vdctest
#ha-policy single-sup restart dual-sup switchover
#end
VDC resource limit:
To check the default resources allocated to VDCs
#show run To see full details about all the VDCs
To configure and limit the resources for a VLAN
#conf t
#vdc vdctest
#limit-resource vlan minimum 16 maximum 100
OR
#limit-resource vlan minimum 100 maximum equal-to-min
#end
Note: Minimum VLANs value should be between 16 – 4094
We can configure and limit the resources for vrf, port-channel etc.