Hi Guys!
Well there is no shame in admitting I took my first attempt at CCIE DC and didn't make it this first time, I was very close but not close enough, I am looking to book again ASAP so if you know anyone who is going to cancel let me know if my blog has been helpful at all :).
Anyway back on that horse, today I am going to talk about FCoE Storage ports on UCS, In case you have been living under a rock, UCS 2.1 allows us (finally!) to have northbound FCoE Connectivity!
HIP HIP HOORAY!
There are some good news with it too, you DON'T have to configure it in switch mode for FC or anything funky like that, you can be in NPV mode, you can do port channels and trunking too, so there really are no restrictions with this.
It's also quite easy to configure and works quite well. Let's take a look
So, first thing is first, you have to create your uplink from your FI to your Nexus or other FCoE capable device, this is exactly what you would expect, you just configure your port channel as you normally would:
Nothing special so far, Next, you want to go ahead and create your VSAN like you normally would on both the Nexus (the FCOE Device) and the Fabric Interconnect:
FI:
Nexus 5000:
vsan database
vsan 88
vlan 88
fcoe vsan 88
!
Pretty straight forward so far and nothing special, but now we want to take that lovely port channel we just created, and make an FCoE Port channel uplink from it.
So on our N5k we would have some config like this:
feature fcoe
feature npiv (still have to do feature NPIV since we are still an NPV switch on the FI)
interface port-channel1
switchport mode trunk
speed 10000
switchport trunk allowed vlan 1-10, 88
!
interface vfc1
bind interface port-channel1
no shutdown
!
On the FI, go to the SAN tab, then expand out the FCoE Port Channels branch:
Add a new FCoE Port Channel, you will be asked to enter an ID, be sure to enter the same ID for the port channel as for your actual Ethernet Uplink, this is crucial, so for example if your northbound (to the nexus 5k) PO uplink is Port Channel ID 10, this must also be port channel ID 10 set here and we will find out why later
Since you have used the same port channel number, you now do not need to choose the ports, as the UCS will be smart enough to know that you mean to use those ports already associated with the other port channel.
Here will be your finished product if you where to look at the output produced by NX-OS:
UCS-SB58-B(nxos)# show run int vfc693
!Command: show running-config interface vfc693
!Time: Wed Aug 21 06:53:44 2013
version 5.0(3)N2(2.11a)
interface vfc693
bind interface port-channel10
switchport mode NP
no shutdown
So as you can see, it simply creates a new VFC interface and binds it to whatever port channel number you placed here, this is what it is doing in the background, and is why you don't have to select any ports, if you WHERE to select ports it wouldn't hurt anything it would just make it re-add the ports to the port channel which could interrupt traffic, when there is no real point to doing that. So create your ethernet uplink as normal THEN create your vfc.
Here is an example of it logging in from one i created earlier:
Pod8-5548-B# show int vfc1
vfc1 is trunking (Not all VSANs UP on the trunk)
Bound interface is port-channel1
Hardware is Ethernet
Port WWN is 20:00:54:7f:ee:46:30:bf
Admin port mode is F, trunk mode is on
snmp link state traps are enabled
Port mode is TF
Port vsan is 1
Trunk vsans (admin allowed and active) (1,88)
Trunk vsans (up) (88)
Trunk vsans (isolated) ()
Trunk vsans (initializing) (1)
1 minute input rate 88 bits/sec, 11 bytes/sec, 0 frames/sec
1 minute output rate 1432 bits/sec, 179 bytes/sec, 0 frames/sec
7 frames input, 900 bytes
0 discards, 0 errors
53 frames output, 8316 bytes
0 discards, 0 errors
last clearing of "show interface" counters never
Interface last changed at Wed Aug 21 06:51:53 2013
Pod8-5548-B# show flogi database
--------------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
--------------------------------------------------------------------------------
vfc1 88 0xd60000 22:b3:00:0d:ec:f0:77:ff 20:58:00:0d:ec:f0:77:c1
Total number of flogi = 1.
Now the only other small thing I wanted to show you was, what if you only wanted a single port to be your FCoE Uplink? Well first of all you might need to go to the doctor and get your head examined for such a risky idea, but assuming your OK with it, here is how to do it:
Go to SAN Uplink Manager, find a port that has been configured as an ethernet uplink port but NOT as a port channel, highlight the port and click "Make FCoE Uplink Port"
This will make NXOS on the FI create a new VFC interface and bind it to the port you highlighted:
UCS-SB58-A(nxos)# show run int vfc694
!Command: show running-config interface vfc694
!Time: Wed Aug 21 06:44:34 2013
version 5.0(3)N2(2.11a)
interface vfc694
bind interface Ethernet1/14
switchport mode NP
no shutdown
I hope this helps someone out there and wish me luck for my second attempt i will get it this time!
CCIE DC: Unfiltered Blog Post from IPExpert Bootcamp day 2 and 3
Hi Guys!
Sorry for no update yesterday, I went out with some of the nice people from the bootcamp so didn't get home until late.
Here are some of those 1 percenters we covered off today in the bootcamp:
Sorry that it's a bit all over the place guys but i hope it helps someone
Sorry for no update yesterday, I went out with some of the nice people from the bootcamp so didn't get home until late.
Here are some of those 1 percenters we covered off today in the bootcamp:
- With authentication key chains, the key chain number must match
- Show vpc role is a nice handy once off command to show the roles and configured priorities etc of both switches easily
- Graceful consistency check was explained in greater detail for me, basically it is on by default and allows vPC to turn off the secondary vPC peer's member port for a particular vPC if there are either global vPC config mismatches (consistency parameters) OR issues on a particular member, now if you turn it on, instead BOTH vPC member ports on both switches stay up but the vlan's go into err-disabled state, which is not as nice as the graceful failover, hence 'Graceful consistency check"
- The "Authentication-check" command for ISIS authentication is ON by default, if you turn it OFF, the devices will auth with each other, _BUT_ they will STILL establish adjacency even if there was a password error, but if you have authentication check ON (whcih is the default don't forget) then the adjacency won't work if the passwords are wrong, so saying under an int: no authentication-check is a great way to troubleshoot your auth
- did you know that you can say peer-gateway and then also "Exclude-vlan" to exclude specific vlan's from having the peer-gateway feature if for some reason you need to garuantee that those particular vlan's your excluding are RFC compliant or something like that
- Here was a big one, i think i ran into this before but forgot; OTV INTERFACE ID's _MUST_ match between OTV peers, they MUST or it won't work, because the OTV interface ID becomes the VPN Name
- (One of the guys in the bootcamp came out with this command) show fspf internal route is a great way to see your FC Routes
- Here was another huge one, i totally forgot how to do this, "POWEROFF MODULE 2" to turn off the expansion slot module on a Nexus 5000
- DId you know you can make vsan 1 inactive? you can't delete it, but you can suspend it with: vsan 1 suspend, Rick mur pointed this out, and then you will have problems with your trunk links if you do this
- Did you know you can restrict CFS functions to certain areas of the network using regions
Sorry that it's a bit all over the place guys but i hope it helps someone
Subscribe to:
Posts (Atom)
Popular old posts.
-
Hi Guys Having spent a lot of time with customers working on vPC deployments, I have found quite a few of the gotcha's for vPC that I w...
-
Hi Guys! This blog post is attempting to be the DEFINITIVE guide on Jumbo MTU, It's a topic that DOES MY HEAD IN! There are SO many ...
-
So some of the readers of this blog might already know this little trick, and what's more some of you might be surprised I didn't kn...