UCS Unified Storage Ports

Hi Guys!

Well there is no shame in admitting I took my first attempt at CCIE DC and didn't make it this first time, I was very close but not close enough, I am looking to book again ASAP so if you know anyone who is going to cancel let me know if my blog has been helpful at all :).

Anyway back on that horse, today I am going to talk about FCoE Storage ports on UCS, In case you have been living under a rock, UCS 2.1 allows us (finally!) to have northbound FCoE Connectivity!

HIP HIP HOORAY!


There are some good news with it too, you DON'T have to configure it in switch mode for FC or anything funky like that, you can be in NPV mode, you can do port channels and trunking too, so there really are no restrictions with this.


It's also quite easy to configure and works quite well. Let's take a look


So, first thing is first, you have to create your uplink from your FI to your Nexus or other FCoE capable device, this is exactly what you would expect, you just configure your port channel as you normally would:









Nothing special so far, Next, you want to go ahead and create your VSAN like you normally would on both the Nexus (the FCOE Device) and the Fabric Interconnect:

FI:




Nexus 5000:
vsan database
  vsan 88 

vlan 88
 fcoe vsan 88
!



Pretty straight forward so far and nothing special, but now we want to take that lovely port channel we just created, and make an FCoE Port channel uplink from it.

So on our N5k we would have some config like this:
feature fcoe
feature npiv (still have to do feature NPIV since we are still an NPV switch on the FI)

interface port-channel1
  switchport mode trunk
  speed 10000

  switchport trunk allowed vlan 1-10, 88
!
interface vfc1
  bind interface port-channel1
  no shutdown

 !

On the FI, go to the SAN tab, then expand out the FCoE Port Channels branch:



Add a new FCoE Port Channel, you will be asked to enter an ID, be sure to enter the same ID for the port channel as for your actual Ethernet Uplink, this is crucial, so for example if your northbound (to the nexus 5k) PO uplink is Port Channel ID 10, this must also be port channel ID 10 set here and we will find out why later


Since you have used the same port channel number, you now do not need to choose the ports, as the UCS will be smart enough to know that you mean to use those ports already associated with the other port channel.

Here will be your finished product if you where to look at the output produced by NX-OS:

UCS-SB58-B(nxos)# show run int vfc693

!Command: show running-config interface vfc693
!Time: Wed Aug 21 06:53:44 2013

version 5.0(3)N2(2.11a)

interface vfc693
  bind interface port-channel10
  switchport mode NP
  no shutdown



So as you can see, it simply creates a new VFC interface and binds it to whatever port channel number you placed here, this is what it is doing in the background, and is why you don't have to select any ports, if you WHERE to select ports it wouldn't hurt anything it would just make it re-add the ports to the port channel which could interrupt traffic, when there is no real point to doing that. So create your ethernet uplink as normal THEN create your vfc.

Here is an example of it logging in from one i created earlier:



Pod8-5548-B# show int vfc1
vfc1 is trunking (Not all VSANs UP on the trunk)
    Bound interface is port-channel1
    Hardware is Ethernet
    Port WWN is 20:00:54:7f:ee:46:30:bf
    Admin port mode is F, trunk mode is on
    snmp link state traps are enabled
    Port mode is TF
    Port vsan is 1
    Trunk vsans (admin allowed and active) (1,88)
    Trunk vsans (up)                       (88)
    Trunk vsans (isolated)                 ()
    Trunk vsans (initializing)             (1)
    1 minute input rate 88 bits/sec, 11 bytes/sec, 0 frames/sec
    1 minute output rate 1432 bits/sec, 179 bytes/sec, 0 frames/sec
      7 frames input, 900 bytes
        0 discards, 0 errors
      53 frames output, 8316 bytes
        0 discards, 0 errors
    last clearing of "show interface" counters never
    Interface last changed at Wed Aug 21 06:51:53 2013


Pod8-5548-B# show flogi database
--------------------------------------------------------------------------------
INTERFACE        VSAN    FCID           PORT NAME               NODE NAME      
--------------------------------------------------------------------------------
vfc1             88    0xd60000  22:b3:00:0d:ec:f0:77:ff 20:58:00:0d:ec:f0:77:c1

Total number of flogi = 1.





Now the only other small thing I wanted to show you was, what if you only wanted a single port to be your FCoE Uplink? Well first of all you might need to go to the doctor and get your head examined for such a risky idea, but assuming your OK with it, here is how to do it:

Go to SAN Uplink Manager, find a port that has been configured as an ethernet uplink port but NOT as a port channel, highlight the port and click "Make FCoE Uplink Port"























This will make NXOS on the FI create a new VFC interface and bind it to the port you highlighted:

UCS-SB58-A(nxos)# show run int vfc694

!Command: show running-config interface vfc694
!Time: Wed Aug 21 06:44:34 2013

version 5.0(3)N2(2.11a)

interface vfc694
  bind interface Ethernet1/14
  switchport mode NP
  no shutdown




I hope this helps someone out there and wish me luck for my second attempt i will get it this time!

CCIE DC: Unfiltered Blog Post from IPExpert Bootcamp day 2 and 3

Hi Guys!

Sorry for no update yesterday, I went out with some of the nice people from the bootcamp so didn't get home until late.

Here are some of those 1 percenters we covered off today in the bootcamp:

  • With authentication key chains, the key chain number must match
  • Show vpc role is a nice handy once off command to show the roles and configured priorities etc of both switches easily
  • Graceful consistency check was explained in greater detail for me, basically it is on by default and allows vPC to turn off the secondary vPC peer's member port for a particular vPC if there are either global vPC config mismatches (consistency parameters) OR issues on a particular member, now if you turn it on, instead BOTH vPC member ports on both switches stay up but the vlan's go into err-disabled state, which is not as nice as the graceful failover, hence 'Graceful consistency check"
  • The "Authentication-check" command for ISIS authentication is ON by default, if you turn it OFF, the devices will auth with each other, _BUT_ they will STILL establish adjacency even if there was a password error, but if you have authentication check ON (whcih is the default don't forget) then the adjacency won't work if the passwords are wrong, so saying under an int: no authentication-check is a great way to troubleshoot your auth
  • did you know that you can say peer-gateway and then also "Exclude-vlan" to exclude specific vlan's from having the peer-gateway feature if for some reason you need to garuantee that those particular vlan's your excluding are RFC compliant or something like that
  • Here was a big one, i think i ran into this before but forgot; OTV INTERFACE ID's _MUST_ match between OTV peers, they MUST or it won't work, because the OTV interface ID becomes the VPN Name
  • (One of the guys in the bootcamp came out with this command) show fspf internal route is a great way to see your FC Routes
  • Here was another huge one, i totally forgot how to do this, "POWEROFF MODULE 2" to turn off the expansion slot module on a Nexus 5000
  • DId you know you can make vsan 1 inactive? you can't delete it, but you can suspend it with: vsan 1 suspend, Rick mur pointed this out, and then you will have problems with your trunk links if you do this
  • Did you know you can restrict CFS functions to certain areas of the network using regions


Sorry that it's a bit all over the place guys but i hope it helps someone

Popular old posts.