Introduction
Virtual Port channels allow administrators to configure a device with upstream connectivity to two NX-OS devices. This provides multiple benefits including redundancy, avoiding STP issues and maximising bandwidth. It is one of the great features of the new platform which compares to VSS in the Cisco 6500 platforms.
NX-OS
If you are used to using Cisco IOS at the CLI then you will love NX-OS. It is similar and intuitive and has some really top notch functionality built in. The first thing to be aware of is you actually need to enable features. Most features are not enabled by default so they have to be enabled manually. The features we are going to need for my implementation is lacp, vpc, interface-vlan and hsrp. These can be enabled by running the following commands:
feature hsrp
feature lacp
feature vpc
feature interface-vlan
Of course you can question mark and get a load of other features which can be enabled or disabled as per your requirements.
Configuration
In my example, I am using a pair of Nexus 56128P’s as layer3 switches in a data centre and they are connecting to a pair of stacked 3850 management switches and a number of servers and storage devices via LACP port channels. I have a number of vlans configured on the devices with their respective SVI’s and a FHRP of HSRP configured across the devices. This is why in my case the feature interface-vlan is required.
vPC Configuration
Now the physical configuration is as follows, we need either a routed link using either an SVI, dedicated VRF or the management interfaces as the peer-keepalive link. This is used as a secondary communication link only, no real bandwidth requirement here but is used to provide protection in case of peer link failure.
The primary link however is the peer link. This link does have a bandwidth requirement with a minimum requirement of at least 2 x 10GE links configured. If you can get the 40GE QSFP then great, otherwise I would go for minimum 4 x 10GE interface port-channeled links. This link carries all VLAN’s and control plane traffic.
Once your setup is cabled it is really quite simple.
You need a VPC domain. You can have one per pair of devices / or VDC’s if you using them.
vpc domain 10
role priority 2000
system-priority 4000
peer-keepalive destination 10.0.0.2 source 10.0.0.1
delay restore 150
auto-recovery
The only part of the configuration which is not the same across the devices is the role-priority in the vPC domain configuration. This gives the administrator the control to determine which switch will make decisions, lower is priority.
You need a port channel for the vPC peer link and the member ports.
interface port-channel2000
description *** vPC Peer Link ***
switchport mode trunk
switchport trunk allowed vlan 70-75,101
spanning-tree port type network
vpc peer-link
interface Ethernet1/49
switchport mode trunk
switchport trunk allowed vlan 70-75,101
channel-group 2000
interface Ethernet1/50
switchport mode trunk
switchport trunk allowed vlan 70-75,101
channel-group 2000
You need the peer keepalive link which in my case is the management interface with a direct connection:
interface mgmt0
vrf member management
ip address 10.0.0.1/30
The rest of the configuration for links to the servers and the 3850 pretty trivial but you do need one special command to change the port channel from a regular port channel into a virtual port channel.
interface port-channel128
description *** vPC Inter Switch Link ***
switchport mode trunk
switchport trunk allowed vlan 70-75,101
speed 1000
vpc 128
This vPC command is what makes this port-channel work across the two upstream devices.
Further great post with diagrams available here:
http://paulgporter.net/2013/01/14/nexus5k-vpc-configuration-1/
