FCOE Configuration

Configuration of FCOE using Nexus 5k

·         Enable features

·         Set fiber ports for SAN

·         Create VSAN

·         Create SAN port channel

·         Create VSAAN VLAN mapping

·         QOS for FCOE

·         ZONING config- http://callmanager111.blogspot.com/2013/05/zoning-configuration-of-cisco-nexus.html

Conf t

feature fcoe

feature npiv

feature fport-channel-trunk

qos

class-map type qos class-fcoe

class-map type queing class-fcoe

match qos-group 1

class-map type network-qos class-fcoe

  match qos-group 1

policy-map type network-qos fcoe

  class type network-qos class-fcoe

    pause no-drop

    mtu 2158

system qos

service-policy type network-qos fcoe

( the QOS steps are

Start qos by creating class- map   class-map type qos

Use class-map type queing for BW assignment

Create policy-map, policy-map type qos CLASS-MAP

Class-map type network-qos – create network-qos group

Policy-map type network-qos xxxx

Apply all QOS to system QOS)

SAN port channels are utilized for the aggregation of multiple physical interfaces into one logical interface to provide higher aggregated bandwidth, load balancing, and link redundancy.

Create SAN Port channel

interface san-port-channel 13

  channel mode active

  switchport mode F

  switchport speed 8000

Interface fc 1/46

Switchport speed 8000

Interface fc 1/46

Channel-group 13 fcoe

No shutdown

Switchport description XXX server 1 FCOE port

Interface fc 1/25-27

Switchport mode F

No shutdown

Create VSAN

vsan database

Add the SAN-Port-channel and FC to VSAN

  vsan 20 interface san-port-channel 13

vsan 20 interface fc1/25

  vsan 20 interface fc1/26

  vsan 20 interface fc1/27

create fcalias

fcalias name VMAX_01 vsan 20

member pwwn:50:00:09:77:01:69:44:72

fcalias esx01_1

member pwwn:20:00:00:15:07:b4:0b:af 

Create Zoning for the vsan- Need WWN for the host CNA and SAN

show zone member command for host and storage to verify that they are both in the same zone.

 If they are not in the same zone create the  zone name

zone name esx01_1  vsan 20

member fcalias VMAX_01   -  SAN side

member fcalias exs01_1      HOST CAN side

or

zone name esx01_1  vsan 20

member pwwn 21:00:00:20:37:9e:02:3e

member pwwn 21:00:00:c0:dd:12:04:ce

check the zone by command to verify both host and storage are in same zone.

SHOW ZONE VSAN 20

Add Zone members to zoneset

Zoneset name SAN-ESXi_server vsan 20

Member VMAX_01

Member esx01_1

(You can add other servers and SAN ports)

Activate the zoneset

Zoneset activate name SAN-ESXi_server

You can run show fcns database which gives the PWWN of the adapter

The hosts are type scsi-fcp:init

And SAN ports are scsi-fcp:target

Useful commands

Show zone status vsan 20

To clear lock, clear zone lock command

show vsan membership  - to check host and SAN in same VSAN

show zone member

show zoneset active vsan 20   to check the active zone.

show fcns database

VSAN 20:

--------------------------------------------------------------------------

FCID        TYPE  PWWN                    (VENDOR)        FC4-TYPE:FEATURE

--------------------------------------------------------------------------

0x9c0000    N     21:00:00:e0:8b:08:96:22 (EMC)        scsi-fcp:init

0x9c0100    N     10:00:00:05:30:00:59:1f (Clarion)       ipfc

0x9c0200    N     21:00:00:e0:8b:07:91:36 (Company 3)        scsi-fcp:init

0x9c03d6    NL    21:00:00:20:37:46:78:97 (Company 4)       scsi-fcp:target

IP Prefix-List

IP Prefix List:

IP prefix is heavily used in routing protocols mainly BGP. It is the updated form of traditional access list; unlike ACLs it is easy to modify the prefix-list.

Similar to ACL, there is implicit deny at the end of the sequence.

To Permit any any  rule

Use the prefix rule

Ip prefix-list x permit 0.0.0.0/32

Ip  prefix-list x permit 0.0.0.0/0  >> permits default route 0.0.0.0/0

Case 1

No conditions, for example, ip prefix-list x permit 10.20.3.0/24; first 24 bits has to match. So it will permit only 10.20.3.x with mask 24

Case 2

If ip prefix-list 10.20.3.0/24 ge 25 le 27.

Again first 24 bits need to match with 10.20.3, 4^th octet can be changed with a condition of subnet mask equals to 25 or greater and less or equal to 27.

The subnet 10.20.3.32/27 will match the condition.

Case 3

If ip prefix-list 10.20.3.0/24 ge 28 le 28- In this case there are 2 conditions, first 24 bits are unchanged and mask should be 28.

The following subnets will meet the conditions

10.20.3.0/28

10.20.3.16/28

10.20.3.32/28

10.20.3.48/28

10.20.3.64/28

10.20.3.80/28

Case 4

 

If ip prefix-list 10.20.3.0/25 ge 28 le 28

In this case we need to find the 25^th bit which is

0  0000011, so we can change only other bits. In this case 0 1000000 thru  01111111 but we can use only subnet mask 28. We can go up to 127 (128 bit is unchanged)

For example 10.20.3.16/28 will match the criteria.

Case 4

If ip prefix-list x permit 170.159.208.0/21  le 32

In this case it has to match 21^st bit and subnet mask less than 32

Converts to Binary

11010  000 which means

11010xxx

The possible subnets are 209,210,211,212,213,214,215

This rule covers a large number of subnets, useful in corporate networks

Case 4

ip prefix-list 5 deny 10.168.0.0/23 ge 30 le 30

Binary of 3^rd octet with 23rd bit 000000xx

0000 0001> 10.168.1.0

00000010 >10.168.2.0

0000 0011  > 10.168.3.0

So it matches 10.168.1-3.0/30

In real life, we need to create prefix list from the given networks

For example, create a prefix list which matches 10.2.x.x/24,  10.4.x.x/24 and 10.6.x.x/24

In this case, first octet is same, we need to play with second octet.

The binary conversion is

128 64 32 16 8 4 2 1

0 0 0 0 0 0 0 0 0

To match 2,4 and 6, we need to mask the bits at the position of 1,2,4

Which is 0000 0xxx > means /13

So the prefix is 10.0.0.0/13 ge 24 le 24

Case 5 

Create a prefix list for the following networks

10.10.10.0/24

10.10.13.0/24

10.10.11.00/24

10.10.14.0/24

In this case first 2 octets are same; we need to modify the 3^rd octet. So the binary conversion is

128 64 32 16 8 4 2 1. To meet the range 10-14, we need to mask 8 4 2 and 1. So the mask is /20

So the prefix is ip prefix-list x permit 10.10.10./20 ge 24 le 24

Case 6

Create a prefix list for the following routes

10.8.3.x/24

10.8.4.x/25

10.8.5.x/26

10.8.7.x/27

10.8.9.x/30

In this case, to meet the range 3-9 in the 3^rd octet, we need to mask last 4 bits

So the prefix is 10.8.0/20 ge 24 le 30

If you want to deny 10.8.6.0/24 then the prefix-list is

Ip prefix-list 1 deny 10.8.6.0/24

Ip prefix-list 1 permit 10.8.0/20 ge 24 le 30

Case 7

We need to create a prefix list for 10.16.32-35.0/24 networks

In this case first 2 octets are unchanged.

We convert 32 into binary > 0010 0000

In order to get 33, we need to mask last bit,34- we need to mask 2^nd from right. 35 – mask last 2 bits

So it will be 001000xx   which is /22

So the prefix is ip prefix-list  X permit 10.16.32.0/22 ge  24 le 24

VPC configuration of Nexus Switches

VPC configuration of Nexus

Enable udld and lacp

NX_SW01(config)#feature udld

NX_SW01(config)#feature lacp

NX_SW01(config)# inter ethernet 1/3, ethernet 2/3    select ports

NX_SW01 (config-if-range)# description VPC Peer Link   vpc peer link
NX_SW01 (config-if-range)# switchport
NX_SW01 (config-if-range)# switchport mode trunk
NX_SW01 (config-if-range)# spanning-tree port type network
NX_SW01 (config-if-range)# rate-mode dedicated
NX_SW01 (config-if-range)# udld aggressive
NX_SW01 (config-if-range)# channel-group 1 mode active
NX_SW01 (config-if-range)# no shut

NX_SW01 (config-if-range)#exit

Secondary Switch

NX_SW02(config)#feature udld

NX_SW02(config)#feature lacp

Set up vpc peer link

NX_SW02(config)# inter ethernet 1/3, ethernet 2/3    select ports

NX_SW02 (config-if-range)# description VPC Peer Link   vpc peer link
NX_SW02 (config-if-range)# switchport
NX_SW02 (config-if-range)# switchport mode trunk
NX_SW02 (config-if-range)# spanning-tree port type network
NX_SW02 (config-if-range)# rate-mode dedicated
NX_SW02 (config-if-range)# udld aggressive
NX_SW02 (config-if-range)# channel-group 1 mode active
NX_SW02 (config-if-range)# no shut

NX_SW02(config-if-range)#exit

Primary SW01 as primary of even vlans

NX_SW01 (config)# spanning-tree vlan  200,202,204,206,208,210 root primary

NX-SW01 (config)# spanning-tree vlan 201,203,205,207,209,211 root secondary

SW02 as Primary for odd VLAN

NX-SW02 (config)# spanning-tree vlan 201,203,205,207,209,211 root primary

NX_SW02 (config)# spanning-tree vlan  200,202,204,206,208,210 root secondary

Primary switch

vpc domain 1

  peer-switch

  role priority 1024

  system-priority 4096   >>>> same in both primary and secondary switches

  peer-keepalive destination 10.10.10.2 source 10.10.10.1

delay restore 45

  peer-gateway

  auto-recovery

  ip arp synchronize

Secondary Switch

vpc domain 1

  peer-switch

  role priority 2048  >>higher number

  system-priority 4096 >>>> same in both primary and secondary switches

  peer-keepalive destination 10.10.10.1 source 10.10.10.1

  delay restore 45

  peer-gateway

  auto-recovery

  ip arp synchronize

Check the vpc status

Sh vpc br

Sh vpc peer-keepalive

Create port channel for peer link

Primary Sw01

Int po 1

Switchport

Switchport mode trunk

spanning-tree port type network

  vpc peer-link

Secondary Sw02

Int po 1

Switchport

Switchport mode trunk

spanning-tree port type network

  vpc peer-link

It is a good idea keep vpc peer link in different vrf

Create new vrf

NX_SW01 (config)# vrf context VPC_KEEPALIVE

NX_SW01 (config)# interface ethernet 1/3, ethernet 2/3
NX_SW01 (config-if-range)# channel-group 1 mode active
NX_SW01 (config-if-range)# udld enable
NX_SW01 (config-if-range)# description VPC Peer-keepalive link
NX_SW01 (config-if-range)# no shut

Nx_sw02

NX_SW02 (config)# vrf context VPC_KEEPALIVE

NX_SW02 (config)# interface ethernet 1/3, ethernet 2/3
NX_SW02 (config-if-range)# channel-group 1 mode active
NX_SW02 (config-if-range)# udld enable
NX_SW02 (config-if-range)# description VPC Peer-keepalive link
NX_SW02 (config-if-range)# no shut

NX_SW01 (config-if-range)# inter port 1
NX_SW01 (config-if)# vrf member VPC_KEEPALIVE
NX_SW01 (config-if)# ip address 10.10.10.1/30
NX_SW01 (config-if)# no shut

Nexus2 (config-if-range)# inter port 1
Nexus2 (config-if)# vrf member VPC_KEEPALIVE
Nexus2 (config-if)# ip address 10.10.10.2/30
Nexus2 (config-if)# no shut

Vlan conf

Vlan 20

  no ip redirects

  ip address x.x.x.x/24

  no ipv6 redirects

 

  hsrp version 2

  hsrp 0

        preempt delay minimum 90 reload 120

    priority 120

    timers msec 300 msec 900

    ip x.x.x.1

int po 20

switchport
switchport mode trunk
vpc 20

Trunk to another switch

interface port-channel19

  switchport

  switchport mode trunk

  vpc 19

interface Ethernet1/5

  switchport

  switchport mode trunk

  channel-group 19 mode active

  no shutdown

Trunk to Host Server like UCS

interface Ethernet1/8

  

  switchport mode trunk

  channel-group 31 mode active

interface port-channel31

    switchport mode trunk

  vpc 31

Access Port

interface port-channel 32

 

  vpc 32

  switchport access vlan 205

  spanning-tree port type edge

interface Ethernet1/32

  switchport access vlan 205

  channel-group 32 mode active

Secondary switch

interface port-channel32

  vpc 32

  switchport access vlan 205

  spanning-tree port type edge

interface Ethernet1/32

 

  switchport access vlan 205

  channel-group 32 mode active