NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures(Networking Technology)

NX-OS and Cisco Nexus Switching Next-Generation Data Center Architectures Second Edition   The complete guide to planning, configuring, managing, and troubleshooting NX-OS in the enterprise–updated with new technologies and examples   Using Cisco Nexus switches and the NX-OS operating system, data center professionals can build unified core networks that deliver unprecedented scalability, resilience, operational continuity, flexibility, and performance. NX-OS and Cisco Nexus Switching, Second Edition, is the definitive guide to applying these breakthrough technologies in real-world environments. This extensively updated edition contains five new chapters addressing a wide range of new technologies, including FabricPath, OTV, IPv6, QoS, VSG, Multi-Hop FCoE, LISP, MPLS, Layer 3 on Nexus 5000, and Config sync. It also presents a start-to-finish, step-by-step case study of an enterprise customer who migrated from Cisco Catalyst to a Nexus-based architecture, illuminated with insights that are applicable in virtually any enterprise data center. Drawing on decades of experience with enterprise customers, the authors cover every facet of deploying, configuring, operating, and troubleshooting NX-OS in today’s data center. You’ll find updated best practices for high availability, virtualization, security, L2/L3 protocol and network support, multicast, serviceability, provision of networking and storage services, and more. Best of all, the authors present all the proven commands, sample configurations, and tips you need to apply these best practices in your data center.   Ron Fuller, CCIE No. 5851 (Routing and Switching/Storage Networking), Technical Marketing Engineer on Cisco’s Nexus 7000 team, specializes in helping customers design end-to-end data center architectures. Ron has 21 years of industry experience, including 7 at Cisco. He has spoken at Cisco Live on VDCs, NX-OS multicast, and general design.   David Jansen, CCIE No. 5952 (Routing/Switching), is a Cisco Technical Solutions Architect specializing in enterprise data center architecture. He has 20 years of industry experience, 15 of them at Cisco (6 as a solution architect); and has delivered several Cisco Live presentations on NX-OS and data center solutions.   Matthew McPherson, senior systems engineer and solutions architect for the Cisco Central Select Operation, specializes in data center architectures. He has 12 years of experience working with service providers and large finance and manufacturing enterprises, and possesses deep technical knowledge of routing, switching, and security.   Understand the NX-OS command line, virtualization features, and file system Utilize the NX-OS comprehensive Layer 2/Layer 3 support: vPC, Spanning Tree Protocol, Cisco FabricPath, EIGRP, OSPF, BGP, HSRP, GLBP, and VRRP Configure IP multicast with PIM, Auto-RP, and MSDP Secure your network with CTS, SGTs, ACLs, CoPP, and DAI Establish a trusted set of network devices with Cisco TrustSec Maximize availability with ISSU, stateful process restart/switchover, and non-stop forwarding Improve serviceability with SPAN, ERSPAN, configuration checkpoints/rollback, packet analysis, Smart Call Home, Python, and PoAP Unify storage and Ethernet fabrics with FCoE, NPV, and NPIV Take full advantage of Nexus 1000V in a virtualized environment Achieve superior QoS with MQ CLI, queuing, and marking Extend L2 networks across L3 infrastructure with Overlay Transport Virtualization (OTV) Deliver on SLAs by integrating MPLS application components such as L3 VPNs, traffic engineering, QoS, and mVPN Support mobility via the new Locator ID Separation Protocol (LISP) Walk step-by-step through a realistic Nexus and NX-OS data center migration  

Table of Contents:
Foreword xxiii Introduction xxiv   Chapter 1 Introduction to Cisco NX-OS 1 NX-OS Overview 1     NX-OS Supported Platforms 3     NX-OS Licensing 7         Nexus 7000 7         Nexus 5500 8         Nexus 3000 8         Nexus 2000 9         Nexus 1000v 9         Installing the NX-OS License File 9     Cisco NX-OS and Cisco IOS Comparison 10 NX-OS User Modes 12     EXEC Command Mode 12     Global Configuration Command Mode 13     Interface Configuration Command Mode 13 Management Interfaces 14     Controller Processor (Supervisor Module) 15     Connectivity Management Processor (CMP) 16     Telnet 18     SSH 19     SNMP 23     DCNM 26 Managing System Files 28     File Systems 28     Configuration Files: Configuration Rollback 33     Operating System Files 35 Virtual Device Contexts 37     VDC Configuration 43     VDC Interface Allocation 46         Interface Allocation: N7K-M132XP-12 and L 46         Interface Allocation: N7K-F132XP-15 47         Interface Allocation: N7K-M108X2-12L 48         Interface Allocation: 10/100/1000 Modules 48         Interface Allocation on M2 Modules 52 Troubleshooting 54     show Commands 54     debug Commands 55 Topology 56 Further Reading 57   Chapter 2 Layer 2 Support and Configurations 59 Layer 2 Overview 59     Store-and-Forward Switching 60     Cut-Through Switching 60     Fabric Extension via the Nexus 2000 60     Configuring Nexus 2000 Using Static Pinning 61     Nexus 2000 Static Pinning Verification 62     Configuring Nexus 2000 Using Port-Channels 66     Nexus 2000 Static Pinning Verification 67     Layer 2 Forwarding on a Nexus 7000 69     L2 Forwarding Verification 70 VLANs 71     Configuring VLANs 72     VLAN Trunking Protocol 72     Assigning VLAN Membership 73     Verifying VLAN Configuration 74 Private VLANs 76     Configuring PVLANs 77     Verifying PVLAN Configuration 80 Spanning Tree Protocol 80     Rapid-PVST+ Configuration 82         Verifying Spanning Tree State for a VLAN 83         Spanning Tree Timers 84     MST Configuration 87     Additional Spanning Tree Configuration 91         Port Cost 91         Port Priority 94     Spanning Tree Toolkit 94         BPDUGuard 94         BPDUFilter 95         RootGuard 96         LoopGuard 97         Dispute Mechanism 98         Bridge Assurance 98     Spanning Tree Port Types 99     Virtualization Hosts 100     Configuring Layer 2 Interfaces 100         Trunk Ports 100         Standard Host 101         Link to Virtualization Host 101         Port-Profiles 102 Port-Channels 103     Assigning Physical Ports to a Port-Channel 104     Port-Channel Flow Control 107     Verifying Load Distribution Across a Port-Channel 108 Virtual Port-Channels 109     vPC Peer-Gateway 116     vPC Peer-Switch 116     ARP Synchronization 117 Unidirectional Link Detection 118 Cisco FabricPath 119     vPC+ 127     Configuring vPC+ 127 Summary 133   Chapter 3 Layer 3 Support and Configurations 135 EIGRP 135     EIGRP Operation 136     Configuring EIGRP 137     EIGRP Summarization 142     EIGRP Stub Routing 145     Securing EIGRP 147     EIGRP Redistribution 149 OSPF 154     OSPFv2 Configuration 154     OSPF Summarization 160     OSPF Stub Routing 163     Securing OSPF 167     OSPF Redistribution 169     OSPFv3 Configuration 177 IS-IS 178     IS-IS Configuration 178 BGP 183     BGP Configuration 184     BGP Neighbors 187     Securing BGP 190     BGP Peer Templates 192     Advertising BGP Networks 194     Modifying BGP Routing Metrics 197     Verifying BGP-Specific Configuration 198 First Hop Redundancy Protocols 198     HSRP 199         HSRP Configuration 199         HSRP Priority and Preempt 200         Verifying the HSRP Configuration 201         Securing HSRP 202         HSRP Secondary Support 204         HSRP Support for IPv6 204     VRRP 205         VRRP Configuration 205         VRRP Priority and Preempt 207         Verifying VRRP Configuration 208         Securing VRRP 208         VRRP Secondary Support 209     HSRP, VRRP, and vPC Interactions 210     GLBP 212         GLBP Configuration 212         GLBP Priority and Preempt 214         Verifying GLBP Configuration 214         Securing GLBP 215         GLBP Secondary Support 218 Summary 220   Chapter 4 IP Multicast Configuration 221 Multicast Operation 221     Multicast Distribution Trees 222     Reverse Path Forwarding 225     Protocol Independent Multicast (PIM) 225     RPs 226 PIM Configuration on Nexus 7000 and Nexus 5500 227     Configuring Static RPs 230     Configuring BSRs 232     Configuring Auto-RP 235     Configuring Anycast-RP 237     Configuring SSM and Static RPF 239 IGMP Operation 241 IGMP Configuration on Nexus 7000 242 IGMP Configuration on Nexus 5000 245 IGMP Configuration on Nexus 1000V 246 MSDP Configuration on Nexus 7000 248 Administrative Scoping of Multicast RPs in PIM 250 Configuring PIM Join and Prune Policies 252 Multicast and Control Plane Policing (CoPP) 253 Summary 253   Chapter 5 Security 255 Configuring RADIUS 256     RADIUS Configuration Distribution 259 Configuring TACACS+ 266     Enabling TACACS+ 266         TACACS+ Configuration Distribution 267         Configuring the Global TACACS+ Keys 268         Configuring the TACACS+ Server Hosts 268         Configuring TACACS+ Server Groups 269         Configuring TACACS+ Source Interface 270 Configuring SSH 275 Cisco TrustSec 278     Configuring AAA for Cisco TrustSec 281         Defining Network Device Admission Control 282         Configuring the Nexus 7000 for 802.1x and SGA Features 285         SGT Assignment via ISE Server 288         Policy Component: IP to SGT Mapping 290         Policy Component: SGACL Creation 292 Configuring Cisco TrustSec: IEEE 802.1AE LinkSec 294     Layer 2 Solutions Between Data Centers 301 Configuring IP ACLs 302 Configuring MAC ACLs 305 Configuring VLAN ACLs 307 Configuring Port Security 308     Security Violations and Actions 311 Configuring DHCP Snooping 313 Configuring Dynamic ARP Inspection 316     Dynamic ARP Inspection Trust State 317 Configuring IP Source Guard 321 Configuring Keychain Management 322 Configuring Traffic Storm Control 323 Configuring Unicast RPF 325 Configuring Control Plane Policing 327 Configuring Rate Limits 335 SNMPv3 340 Summary 347   Chapter 6 High Availability 349 Physical Redundancy 349     Redundant Power Supplies 350     Redundant Cooling System 352     Redundant Supervisors 355     Redundant Ethernet Out-of-Band (EOBC) 357     Redundant Fabric Modules 357 Generic Online Diagnostics 358     Bootup Diagnostics 359     Runtime Diagnostics 360     On-Demand Diagnostics 365 NX-OS High-Availability Architecture 365 Process Modularity 366 Process Restart 368 Stateful Switchover 369 Nonstop Forwarding 370 In-Service Software Upgrades 370 Summary 383   Chapter 7 Embedded Serviceability Features 385 SPAN 386     SPAN on Nexus 7000 386     Configuring SPAN on Nexus 7000 387     SPAN on Nexus 5x00 392     Configuring SPAN on Nexus 5x00 393     SPAN on Nexus 1000V 397     Configuring SPAN on Nexus 1000V 398 ERSPAN on Nexus 1000V 400 ERSPAN on Nexus 7000 406 ERSPAN on Nexus 5x00 412 Embedded Analyzer 414 Smart Call Home 424     Smart Call Home Configuration 428 Configuration Checkpoint and Rollback on Nexus 7000 431     Checkpoint Creation and Rollback 432 Configuration Checkpoint and Rollback on Nexus 5x00 434     Checkpoint Creation and Rollback 435 NetFlow 437     Configuring NetFlow on Nexus 7000 438     Configuring NetFlow on Nexus 1000V 442 Network Time Protocol 444 Precision Time Protocol 445 IEEE 802.3az (Energy Efficient Ethernet) 447 Power On Auto-Provisioning 448 Python 449 Summary 454   Chapter 8 Unified Fabric 455 Unified Fabric Overview 455 Enabling Technologies 456     10-Gigabit Ethernet 456     Fibre Channel over Ethernet 458     Single-Hop Fibre Channel over Ethernet 461     Multhop Fibre Channel over Ethernet 462     Storage VDC on Nexus 7000 463 N-Port Virtualization 465     N-Port Identification Virtualization 466     FCoE NPV Mode 466 Nexus 5x00 Unified Fabric Configuration 467     Single-Hop FCoE Configuration: Nexus 5x00 469     FCoE-NPV on Nexus 5x00 473 Nexus 7000 Unified Fabric Configuration 477 Summary 488   Chapter 9 Nexus 1000V 489 Hypervisor and vSphere Introduction 489 Nexus 1000V System Overview 490 Nexus 1000V Switching Overview 494 Nexus 1000V VSM Installation 496     Nexus 1000V Deployed on Nexus 1010 Virtual Services Blade 497         Registering the Nexus 1000V Plug-In to VMware Virtual Center Management Application 502         Configuring the SVS Domain and Networking Characteristics 507         Connecting the Nexus 1000V VSM to the vCenter Server 508     Nexus 1000V Installation Management Center 510     VEM Installation Option on the Nexus 1000V Management Installation Center 519     vCenter Connection Option on the Nexus 1000V Management Installation Center 523     Creating the Uplink Profile 526     Adding the VEM to a ESX vSphere Host 528     Enabling the Telnet Server Process 536     Changing the VSM Hostname 536     Layer 3 Control 536 1000V Port Profiles 542 Virtual Network Management Center 552     Installing Virtual Network Management Center Software from OVA Downloaded from Cisco.com 553     Adding the VM-Manager for vCenter Connectivity in VNMC Management Application 564     Configuring the Cisco VNMC Policy-Agent on the 1000v VSM 570 Virtual Security Gateway 571 Install Virtual Security Gateway on the Nexus 1010 574     Configuring the Cisco VNMC Policy-Agent on the VSG 577     Verify That the VSG and VSM Are Registered Clients in VNMC 578     Creating a Tenant in VMMC 579 Virtual Extensible LAN 602     Deploying Virtual Extensible LAN 604 Nexus 1000v Network Analysis Module 629     Installing Nexus 1000v Network Analysis Module 630     Deploying the Nexus 1000v NAM as a Virtual Services Blade on the Nexus 1010 641 Summary 642   Chapter 10 Quality of Service (QoS) 643 QoS on Nexus 7000 646     Forwarding Architecture 646     Network-QoS Policies 648     Queuing Policies 650     QoS and Nexus 2000 Fabric Extenders 661     QoS and Nexus 7000 Virtual Device Contexts 663 QoS on Nexus 5x00 663     Forwarding Architecture 663     Network-QoS Policies 664     Queuing Policies 667     QoS and Nexus 2000 Fabric Extenders 668 QoS on Nexus 1000V 670     Forwarding Architecture 670     Classification in Nexus 1000V 670 Summary 674   Chapter 11 Overlay Transport Virtualization (OTV) 675 OTV Terminology and Concepts 677 OTV Control Plane 682 Multicast-Enabled Transport Infrastructure 687 Unicast-Enabled Transport Infrastructure 691 OTV Data-Plane 695 Data-Plane Multicast Traffic 697 OTV and QoS 698 Failure Isolation 698     STP Isolation 698     Unknown Unicast Handling with OTV 699     Broadcast Traffic Handling with OTV 699 Multihoming with OTV 700     OTV and ARP 700 First-Hop Routing Protocol Localization 702 Inbound Path Optimization 705 Summary 707   Chapter 12 Layer 3 Virtualization and Multiprotocol Label Switching (MPLS) 709 Virtual Routing and Forwarding 709     Predefined VRFs 710     VRF Operational Commands 713     VRF-Lite 713 MPLS Introduction 717     MPLS Terminology 718     LDP and Layer 3 VPNs 720     Quality of Service 723     Traffic Engineering 723     MPLS and IPv6: 6PE and 6VPE 725     Management and Troubleshooting 725     High Availability 725 Nexus Hardware Requirements and NX-OS Licensing for MPLS and VRF 726 Summary 727   Chapter 13 LISP 729 LISP Overview 729 LISP Terminology 730 LISP Prerequisites 731 LISP Control Plane 732 LISP Data Plane 733 Communicating Between LISP and non-LISP Sites 735 LISP Host Mobility with an Extended Subnet Mode 736 LISP Deployment Best Practices 746 Summary 746   Chapter 14 Nexus Migration Case Study 749 Existing Environment 749 Design Goals 750 The Design 751 Migration Plan 752 Premigration Steps 752 Maintenance Window #1 754 Maintenance Window #1 Summary 760 Maintenance Window #2 760 Ongoing Maintenance Windows 788 Summary 788   Index 789  

About the Author :
Ron Fuller, CCIE No. 5851 (Routing and Switching/Storage Networking), is a technical marketing engineer (TME) on the Nexus 7000 team for Cisco. He has 21 years of experience in the industry and has held certifications from Novell, HP, Microsoft, ISC2, SNIA, and Cisco. His focus is working with customers worldwide to address their challenges with comprehensive end-to-end data center architectures and how they can best use Cisco technology to their advantage. He has had the opportunity to speak at Cisco Live on VDCs, NX-OS Multicast, and general design. He lives in Ohio with his wife and four wonderful children and enjoys travel and auto racing. He can be found on Twitter @ccie5851.   David Jansen, CCIE No. 5952, is a technical solutions architect for Data Center for Enterprise Central Area. David has more than 20 years’ experience in the information technology industry. He has held multiple certifications from Microsoft, Novell, Checkpoint, and Cisco. His focus is to work with Enterprise customers to address end-to-end data center Enterprise architectures. David has been with Cisco for 15 years and working as a technical solutions architect for 6 years and has provided unique experiences helping customers build architectures for Enterprise data centers. David holds a B.S.E. degree in computer science from the University of Michigan (Go Blue!) and an M.A. degree in adult education from Central Michigan University.   Matthew McPherson is a senior systems engineer and solutions architect for Cisco in the Central Select Operation, specializing in data center architectures. Matt has been with Cisco for more than 2 1/2 years and has more than 12 years of experience in the industry working for service providers and large enterprise customers in the financial and manufacturing verticals. He has held certifications from Juniper, Netscreen, and Cisco, and possesses a deep technical background in the areas of routing, switching, and security. His primary focus is working with strategic customers in greater Michigan to address their overall infrastructure challenges. He lives in Michigan with his wife and enjoys biking and collecting cars.