Switching Protocols Flashcards
Port Channel
Aggregation of multiple physical interfaces to create one logical interface.
Provides;
Redundancy, if a member port fails traffic switches to the remaining member ports.
Bandwidth, traffic is load balanced accross the links to increase bandwidth
Spanning tree, port channels are seen as a single switchport by spanning tree so all interfaces are in a forwarding state.
Link Aggregation Control Protocol (LACP)
NXOS supports port-channels in static or LACP mode.
LACP is more advantageous as it allows automatic failover by sending control packets to the peer system. It also allows dynamic configuration to be negotiated between peers
Virtual Port Channel (VPC)
Allows a port channel across two devices, allowing 2 NXOS switches to appear as a single device to downstream devices (vPC Domain)
vPC switches are connected by a peer link, which forwards BPDU or LACP packets from the secondary to the primary peer.
Priority of a device determines if it is the primary
Rapid PVST+
Rapid Per VLAN Spanning Tree
Each VLAN has a separate instance. Enabled by default on VLAN1
Is the IEEE 802.1w standard which offers faster convergence than the IEEE 802.1d standard (STP).
Default STP on Cisco Nexus Switches
IEEE 802.1D
Is NOT run on Nexus switches, but is interoperable with 802.1w.
Runs on other vendor switches
Configuring Rapid PVST+
Enabled by default, but if needed to manually enable:
spanning-tree mode rapid-pvst
To configure switch as root:
spanning-tree vlan 1,2,4,6,8 root primary
To configure switch as backup root:
spanning-tree vlan 3,5,7,9,11
STP Bridge Assurance
Helps prevents bridging loops in Layer 2 networks
When enabled BPDUs are sent on all interfaces even blocked.
If no BDPU is recieved in a certain time, interface is put in blocking state.
When an interface recieves BPDUs aagin, the interface is unblocked and goes through normal STP states again.
This helps prevent loops where an interface doesnt recieve BPDUs (due to a switch malfunction for example) and goes from blocked to forwarding.
Bridge assurance is enabled by default, and needs to be enabled on both ends of a link for it to work. If not enabled on one end the connecting port is blocked.
Only supported in Rapid PVST+ and MST. Legacy 802.1D does not support.
STP Edge Port
Also known as portfast
Configured on access ports only
Bypasses the listening and learn phase
Starts forwarding immediately
Deployed on L2 switches connected to servers, PCs, etd
No received BPDUs expected
No topology change generates when link state changes
To configure, in interface config mode;
spanning-tree port type edge
STP Edge Port with BPDU Guard
Prevents loops by shutting down a port in error state if it recieves a BPDU. NOT enabled by default.
Configured in interface mode;
spanning-tree bpduguard enable
BPDU Filter
BPDUs are sent out all ports by default.
This can be stopped by using BPDU filter
Can be enabled on edge ports
Used a workaround, should be used cautiously as it can cause loops to be created
Configured in interface mode;
spanning-tree bpdufilter enable
STP Root Guard
If a bride ID is lowerd, an access switch could become the root bridge.
An older switch added to the network ccould become the root bridge, which is undesirable.
Root guard limits ports on which the root may exist. Activated on the distribution switches.
STP Loop Guard
When a port no longer receives BPDUs, STP considers that the segment is loop-free. For example a hardware error preventing BPDUs from being sent.
STP Blocking port transitions to forwarding which can create a loop.
Loop guard checks for BPDUs on a protected port, not recieving any will cause the port to go into loop-inconsistent blocking state.
Configured in interface mode;
spanning-tree guard loop
Configuring LACP
feature lacp
in interface mode;
channel-group 1 mode { active | on | passive }
verification
show port-channel summary
Load Balancing options
Source and/or dest MAC address at L2
Source and/or dest IP address at L3
Source and/or dest TCP or UDP ports at L4
Verify:
show port-channel load-balance
vPC Switches
Primary vPC switch generates BDPUs using its Bridge ID
Secondary vPC relays BDPUs, doesn’t generate them
vPC Advantages
Allows a single device to use a port channel across two upstream devices.
Loop-free topology - both uplinks are active. No STP blocked ports.
Uses all available uplink bandwidth.
Downstreams devices experiences vPC peers as if they are a single device
Ensures high-availability and link-level resiliency
Cisco Fabric Services (CFS) and vPC
CFS over Ethernet synchronizes;
MAC address table entries
IGMP Snooping entries
ARP tables
CFS ensures config consistency between vPC peer switches
CFS tracks vPC status on the peer
vPC Domain
vPC Peer link - BDPU and LACP control packets, sync MAC address table
vPC Peer Keepalive LInk - Logical link over L3, determines if the remote peer is up.
vPC Peer - One of the swiches in the domain
vPC Member Port - A port on a peer switch that is configured as part of the vPC
vPC - L2 port channel that spans across peer switches
Orphan port - Port connected to a single vPC peer but not the other
vPC Configuration
feature vpc
vpc domain 10
peer-keepalive destination 10.10.10.11 source 10.10.10.10 vrf VRF
interface port-channel x
vpc peer-link
interface port-channel y
vpc 10
vPC guidelines
Switch type must be the same platform
Only two switches in a vPC and only a single vPC domain per switch
Avoid running vPC keepalive over vPC peer link
The vPC peer link requires a minimum 10 Gbps ethernet port
vPC Peer-Switch
Nexus enahancment, allows vPC peer switches to appear as a single device in STP topology
Improves STP convergence time from 3 seconds to subseconds
Configure;
vpc domain x
