Blog‎ > ‎

Nexus NX-OS L2/L3 Switching

posted Oct 18, 2013, 3:58 PM by Rick McGee   [ updated Nov 12, 2013, 10:48 AM ]
Nexus NX-OS L2/L3 Switching    
    
At it's core it's a L2/L3 Switch
    Similar to Catalyst IOS
        VLAN's, Trunking, VTP, Rapid-PVST etc.
    New Features
        FEX, vPC, Fabricpath, OTV, Native fiber channel switching, FCOE, and more

    VLAN's and VTP
    Unlike IOS, NX-OS pre-reserves certain VLAN's for internal usages
        3968- 4047 and 4094 with NX-OS version before 5.2(1) 
        3968-4094 with NX-OS version 5.2(1) and after (I.E. the last 128 VLAN's)
    Can change this range with "System VLAN <#> reserve" (you cannot do this with the Cisco UCS Fabric Interconnects)

VTP is disabled by default in NX-OS (hurray)
    To enable have to turn on the feature with "feature VTP
    No additional configuration needed for extended VLAN's (1001-4044)
Trunking
    Doesn't support DTP (dynamic trunking protocol)
    Two Types: 
        Static Access or Static Trunk
        NO ISL the trunks must be 802.1Q
        NO PAGP
            Channels must be statically on (LACP)
                Feature LACP
vPC's
    Multi-Chassis Etherchannel

Spanning-Tree
    NO CST/PVST+ (this are legacy protocols)
    Default mode is Rapid-PVST+ (802.1w)
        Can configure with MST  (802.1s)
    With the support of MST
        Group forwarding paths together with MST
        This is usually for very large deployments of 2,000 VLAN's or more

Port-Types
    Normal= Normal in Catalyst Switches
    Edge= Portfast in Catalyst Switches no learning, directly into a forwarding state
    Network= STP bridge Assurance
        Sends out BPDU's regardless of the state, not just when a link is down like in 802.1b
        The BPDU becomes a bidirectional keep alive
            This Replace Loopguard
            Secondary effect is VLAN pruning (act's similar to VTP pruning)
                    When seeing certain STP hellos across a link for VLAN's 10,20,30,40 and the other side only replies with VLAN's 10,20,and 30 
                    VLAN 40 is removed from the trunk
            Also serves as the bidirectional UDLD 
            Per VLAN basses MST per group

Configuring 
    Go to configuration mode
    config terminal 
    int e1/3 switchport mode trunk spanning-tree port type network no shutdown

    When connecting NX-OS to NX-OS switches use spanning-tree port type network. 
    When connecting NX-OS to IOS switches use spanning-tree port type normal or edge

NX-OS Port Profiles
    Template of a configuration that can be applied to a group of ports
    Templates are event driven
    Have to re-apply any time a change is made to the profile

Create a Profile
    Port-profile type [ ethernet, interface-vlan, port-channel]
    Apply configuration to profile
    E.G. switchport mode access, spanning-tree port type, ect.
    enable the profile
        state enable
    Assign to interfce
        int e1/32 inherit port-profile [name]
    show port-profile expand-interface name [name]

Nexus Layer 3
    IPv4 and IPv6
    Nexus supported modules for L3
    M1, M2, and F2/F2E
    F1 modules depend on proxy routing  from M1/2 modules
    Nexus 5K daughter card in the Nexus 5548 and a module for Nexus 5596

L3 Port types
    Same as with Catalyst IOS
    Native Layer 3 routed interface
            "no switch port"
    Switched virtual interface (SVI's)
        I.E. VLAN interface
        Feature Interface-VLAN must be enabled first

Nexus Routing protocols
    Static Routing
    RIPv2 and RIPNG (next generation IPv6)
    EIGRP and EIGRPv6
    OSFP and OSPFv3
    IS-IS 
    BGP
    Policy Based Routing (PBR)
    
Feature RIP/EIGRP
    "router rip 1" (process)
    "address-family ipv4"
    
    "router eigrp 1"
    "address-family ipv4"
    There are not network statement under the process, must be configured under an interface)
    "autonomous-system 1234"
OSPF has it's own feature for IPV4 and IPv6
    "feature ospf" and "feature osspv4"    
    "router ospf 1" and "router ospfv3 1"

NX-OS VRF's
    Used to create separate logical routing tables
    VLAN 10 and VLAN 20 kept separate 
    They don't have routed to each other
    Not active separation of control plane like VDC's 
L3 Virtulization 
    Layer 3 interfaces in a different VRF's cannot exchange traffic by default
    Slightly different then Catalyst IOS, as
    All L3 interfaces are automatically in VRF table "default"
    MGMT0 is automatically in vrf management
    VRF's are defined as a "vrf context"
    Static routes are defined under the "vrf context"
    Dynamic routing is VRP aware, but configured under the same process
    Exec mode "routing-context vrf" can change the default VRF for verifications
    Can use the "show ip route vrf management"
VRF Verifiacations
    EX. in exec mode "routing-context vrf EFG"
    Will change prompt to N7K-10%EFG
    
Policy Based Routing
    Will override the routing table
    Classify with an ACL
    Choose next-hop, output interface, etc...
    
NX-OS PBR
    "feature pbr"
    route-map [name] pbr-statistics
        This will turn on pbr statistics otherwise you wont see any hits on the route maps
    
Dynamic routing
    Has both global and interface routing
        Global routing process affects all links or the routing instance as a whole
            E.g. EIGRP AS, OSFP SFP timers, IS-IS level
        Interface commands affect routing protocols behavior of that link
        Interface commands affect routing protocol behavior of that link
             E.g. Passive interface, EIGRP route filters, OSPF hello timmer, and so on
        Unlike IOS there is no "network" command for IGP
              Protocols are enabled directly at the link level
              network commands are still used for BGP NLRI origination 
         
Route Redistribution
    Unlike IOS, route-maps are required to perform redistribution on NX-OS
        Same route-map match/set logic as IOS
    Redistribution doesn't include directly connected interfaces
         required "redistribute direct route-map" command
Comments