CCNA®DataCenterIntroducingCiscoDataCenterTechnologies

StudyGuide

ToddLammle

ToddMontgomery

SeniorAcquisitionsEditor:KenyonBrownDevelopmentEditor:GarySchwartzTechnicalEditor:MarkDittmer,CiscoSystemsProfessionalServicesProductionEditor:ChristineO'ConnorCopyEditor:LindaRecktingwaldEditorialManager:MaryBethWakefieldProductionManager:KathleenWisorAssociatePublisher:JimMinatelBookDesigners:JudyFungandBillGibsonProofreader:JenLarsen,WordOneNewYorkIndexer:RobertSwansonProjectCoordinator,Cover:BrentSavageCoverDesigner:Wiley

CoverImage:GettyImagesInc./JeremyWoodhouseCopyright©2016byJohnWiley&Sons,Inc.,Indianapolis,Indiana

PublishedsimultaneouslyinCanada

ISBN:978-1-118-66109-3

ISBN:978-1-118-76320-9(ebk.)

ISBN:978-1-119-00065-5(ebk.)

Nopartofthispublicationmaybereproduced,storedinaretrievalsystemortransmittedinanyformorbyanymeans,electronic,mechanical,photocopying,recording,scanningorotherwise,exceptaspermittedunderSections107or108ofthe1976UnitedStatesCopyrightAct,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthroughpaymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,222RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600.RequeststothePublisherforpermissionshouldbeaddressedtothePermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030,(201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions.

LimitofLiability/DisclaimerofWarranty:Thepublisherandtheauthormakenorepresentationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthisworkandspecificallydisclaimallwarranties,includingwithoutlimitationwarrantiesoffitnessforaparticularpurpose.Nowarrantymaybecreatedorextendedbysalesorpromotionalmaterials.Theadviceandstrategiescontainedhereinmaynotbesuitableforeverysituation.Thisworkissoldwiththeunderstandingthatthepublisherisnotengagedinrenderinglegal,accounting,orotherprofessionalservices.Ifprofessionalassistanceisrequired,theservicesofacompetentprofessionalpersonshouldbesought.Neitherthepublishernortheauthorshallbeliablefordamagesarisingherefrom.ThefactthatanorganizationorWebsiteisreferredtointhisworkasacitationand/orapotentialsourceoffurtherinformationdoesnotmeanthattheauthororthepublisherendorsestheinformationtheorganizationorWebsitemayprovideorrecommendationsitmaymake.Further,readersshouldbeawarethatInternetWebsiteslistedinthisworkmayhavechangedordisappearedbetweenwhenthisworkwaswrittenandwhenitisread.

Forgeneralinformationonourotherproductsandservicesortoobtaintechnicalsupport,pleasecontactourCustomerCareDepartmentwithintheU.S.at(877)762-2974,outsidetheU.S.at(317)572-3993orfax(317)572-4002.

Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Somematerialincludedwithstandardprintversionsofthisbookmaynotbeincludedine-booksorinprint-on-demand.IfthisbookreferstomediasuchasaCDorDVDthatisnotincludedintheversionyoupurchased,youmaydownloadthismaterialathttp://booksupport.wiley.com.FormoreinformationaboutWileyproducts,visitwww.wiley.com.

LibraryofCongressControlNumber:2016933971

TRADEMARKS:Wiley,theWileylogo,andtheSybexlogoaretrademarksorregisteredtrademarksofJohnWiley&Sons,Inc.and/oritsaffiliates,intheUnitedStatesandothercountries,andmaynotbeusedwithoutwrittenpermission.CCNAisaregisteredtrademarkofCiscoTechnology,Inc.Allothertrademarksarethepropertyoftheirrespectiveowners.JohnWiley&Sons,Inc.isnotassociatedwithanyproductorvendormentionedinthisbook.

TomywonderfulsonWilliamandawesomedaughterAllison,whomakemylifesogreat.Thisbookisforbothofyou.

—ToddMontgomery

AcknowledgmentsIttakesmanypeopletoputabooktogether,andalthoughasauthorswededicateanenormousamountoftimetowritethebook,itwouldneverbepublishedwithoutthededicationandhardworkofmanyotherpeople.

First,IwouldliketothankKenyonBrown,myacquisitionseditor,whoconvincedmethatIcoulddothisandstuckwithmethroughouttheprocess.WithoutKenasamentorandguide,Icouldneverhavepulledthisoneoff.IamthankfulthatKenwastheretoleadmethoughthesometimes-confusingworldofpublishingabooklikethis.

IwouldalsoliketothankToddLammleforhishelpintransformingthisnetworkengineerintoaninspiredauthorandforbeinganewfriendinthesmallworldinsidethebigdatacenters.

Icanneverthankmydevelopmenteditor,GarySchwartz,enough.Garystuckwithme,patientlyguidingmethoughtheprocessandprovidingmewiththedirectionIneededwhenIwasoffinaditchagain.WithoutGary'shelp,puttingthisbooktogetherwouldhavebeenmuchmoredifficult.Thanksagain,Gary!

AbigthankyoutoChristineO'Connor,myproductioneditor,forlendingaguidinghandintheprocessofpublishingthisbook.Iamstillamazedathowherteamcouldtakemyworkandtransformitintoapresentablebook.I'msurethatthereisawholeteamatWileylurkinginthebackgroundwhowillneverknowhowmuchtheyreallyhelped,buttothewholeteamatWiley,abigthankyou!Youmadethelatenightsandlongweekendsofwritingallworthwhile.

Ofcourse,MarkDittmeratCiscoSystemsProfessionalServiceswasanexcellenttechnicaleditor,andhewasalwaystheretoclarifyandaddhisdeepinsightintotheCiscodatacenterproductstothiseffort.Mark,Ioweyou!

AbouttheAuthorsToddLammleistheauthorityonCiscocertificationandinternetworking.HeisCiscocertifiedinmostCiscocertificationcategories.Heisaworld-renownedauthor,speaker,trainer,andconsultant.ToddhasthreedecadesofexperienceworkingwithLANs,WANs,andlargeenterpriselicensedandunlicensedwirelessnetworks.Lately,he'sbeenimplementinglargeCiscodatacentersworldwide,aswellasFirePOWERtechnologies.Hisyearsofreal-worldexperienceareevidentinhiswriting;heisnotjustanauthorbutaknowledgeablenetworkingengineerwithverypracticalexperienceworkingonthelargestnetworksintheworldatsuchcompaniesasXerox,HughesAircraft,Texaco,AAA,Cisco,andToshiba,amongothers.Toddhaspublishedmorethan60books,includingtheverypopularCCNA:CiscoCertifiedNetworkAssociateStudyGuide,CCNAWirelessStudyGuide,andCCNADataCenterStudyGuide,aswellashisFirePOWERstudyguide,allfromSybex.ToddrunsaninternationalconsultingandtrainingcompanywithofficesinColorado,Texas,andSanFrancisco.YoucanreachToddthroughhiswebsiteatwww.lammle.com.

ToddMontgomeryhasbeeninthenetworkingindustryformorethan30yearsandholdsmanycertificationsfromCisco,Juniper,VMware,CompTIA,andothercompanies.HeisCCNADataCenter,CCNASecurity,andCCNPRoutingandSwitchingcertified.

ToddhasspentmostofhiscareeroutinthefieldworkingonsiteindatacentersthroughoutNorthAmericaandaroundtheworld.Hehasworkedforequipmentmanufacturers,systemsintegrators,andendusersofdatacenterequipmentinthepublic,serviceprovider,andgovernmentsectors.ToddcurrentlyworksasaseniordatacenternetworkingengineerforaFortune50corporation.Heisinvolvedinnetworkimplementationandsupportofemergingdatacentertechnologies.Healsoworkswithsoftware-definednetworking(SDN)evaluationplans,cloudtechnologies,CiscoNexus9000,7000,5000,and2000switches,Junipercorerouting,andfirewallsecurityproducts.

ToddlivesinAustin,Texas,andinhisfreetimeheenjoysautoracing,generalaviation,andsamplingAustin'slivemusicvenues.Youcanreachhimattoddmont@thegateway.net.

ContentsIntroduction

WhyShouldYouBecomeCertifiedinCiscoDataCenterTechnologies?WhatDoesThisBookCover?InteractiveOnlineLearningEnvironmentandTestBankHowtoUseThisBookWhereDoYouTaketheExams?DCICTExamObjectives

AssessmentTestAnswerstoAssessmentTestChapter1DataCenterNetworkingPrinciples

DataCenterNetworkingPrinciplesTheDataCenterLANTheDataCenterSANNetworkDesignUsingaModularApproachTheDataCenterCoreLayerTheDataCenterAggregationLayerTheDataCenterAccessLayerTheCollapsedCoreModelFabricPathHowDoWeInterconnectDataCenters?VirtualPortChannelsUnderstandingPortChannelsGoingVirtualwithVirtualDeviceContextsStorageNetworkingwithNexusConfiguringandVerifyingNetworkConnectivityIdentifyingControlandDataPlaneTrafficPerformingtheInitialSetupSummary

ExamEssentialsWrittenLab1ReviewQuestions

Chapter2NetworkingProductsTheNexusProductFamilyReviewingtheCiscoMDSProductFamilyCiscoApplicationControlEngineSummaryExamEssentialsWrittenLab2ReviewQuestions

Chapter3StorageNetworkingPrinciplesStorageAreaNetworkingStorageCategoriesFibreChannelNetworksDescribetheSANInitiatorandTargetVerifySANSwitchOperationsDescribeBasicSANConnectivityDescribeStorageArrayConnectivityDescribeStorageProtectionDescribeStorageTopologiesFabricPortTypesStorageSystemsWorldWideNamesSANBootVerifyNameServerLoginDescribe,Configure,andVerifyZoningPerformInitialMDSSetupDescribe,Configure,andVerifyVSAN

SummaryExamEssentialsWrittenLab3ReviewQuestions

Chapter4DataCenterNetworkServicesDataCenterNetworkServicesStandardACEFeaturesforLoadBalancingServerLoadBalancingVirtualContextandHAServerLoadBalancingManagementOptionsBenefitsoftheCiscoGlobalLoad-BalancingSolutionCiscoWAASNeedsandAdvantagesintheDataCenterSummaryExamEssentialsWrittenLab4ReviewQuestions

Chapter5Nexus1000VVirtualSwitchesNexus1000VSwitchInstallingNexus1000VSummaryExamEssentialsWrittenLab5ReviewQuestions

Chapter6UnifiedFabricUnifiedFabricConnectivityHardwareSummaryExamEssentialsWrittenLab6ReviewQuestions

Chapter7CiscoUCSPrinciplesDataCenterComputingEvolutionNetwork-CentricComputingUCSServersUCSConnectivitySummaryExamEssentialsWrittenLabs7ReviewQuestions

CHAPTER8CiscoUCSConfigurationUCSClusterSetupUCSManagerServiceProfilesSummaryExamEssentialsWrittenLab8Chapter8:Hands-OnLabsReviewQuestions

AppendixAAnswerstoWrittenLabsChapter1:DataCenterNetworkingPrinciplesChapter2:NetworkingProductsChapter3:StorageNetworkingPrinciplesChapter4:DataCenterNetworkServicesChapter5:Nexus1000VChapter6:UnifiedFabricChapter7:CiscoUCSPrinciplesChapter8:CiscoUCSConfiguration

AppendixBAnswerstoReviewQuestionsChapter1:DataCenterNetworkingPrinciplesChapter2:NetworkingProducts

Chapter3:StorageNetworkingPrinciplesChapter4:DataCenterNetworkServicesChapter5:Nexus1000VChapter6:UnifiedFabricChapter7:CiscoUCSPrinciplesChapter8:CiscoUCSConfiguration

AdvertEULA

ListofTablesChapter6

Table6.1

Table6.2

Table6.3

ListofIllustrationsChapter1

Figure1.1DatacenterLAN

Figure1.2SeparatedatacenterLAN/SANnetworks

Figure1.3Unifieddatacenternetwork

Figure1.4DatacenterCorenetwork

Figure1.5Datacenteraggregatednetwork

Figure1.6DatacenterAccesslayernetwork

Figure1.7Collapsedcoremodel

Figure1.8FabricPath

Figure1.9OverlayTransportVirtualization

Figure1.10VirtualPortChannels

Figure1.11Portchannels

Figure1.12Virtualdevicecontexts

Figure1.13Dataplane

Figure1.14Controlplane

Figure1.15VPCdiagram

Chapter2

Figure2.1Nexusproductfamily

Figure2.2Nexus1010

Figure2.3Nexus2000family

Figure2.4Nexus3000family

Figure2.5Nexus4000seriesbladeswitch

Figure2.6Nexus5000family

Figure2.7Nexus6000family

Figure2.8Nexus7000family

Figure2.9Nexus7700family

Figure2.10Nexus9000family

Figure2.11Nexus7009

Figure2.12Nexus7010

Figure2.13NexusSupervisorOne

Figure2.14Nexus7010fabricmodule

Figure2.15Nexus7000I/Omodules

Figure2.16Nexus7000powersupply

Figure2.17Nexus5500family

Figure2.18Nexus5010

Figure2.19Nexus5020

Figure2.20NexusGEM1cards

Figure2.21Nexus5596rear

Figure2.22Nexus5500UPGEMmodule

Figure2.235548Layer3card

Figure2.245596Layer3card

Figure2.25Nexus2000family

Figure2.26Nexus5000withfourFEXs

Figure2.27FEXMulti-cableattachment

Figure2.28FEXcomparison

Figure2.29MDSproductfamily

Chapter3

Figure3.1SCSIcables

Figure3.2FibreChannelframe

Figure3.3InternetSmallComputerSystemInterface(iSCSI)frame

Figure3.4DAS—computerwithlocalstorage

Figure3.5File-basedstorage

Figure3.6Filetransfer

Figure3.7SANnetwork

Figure3.8Unifiednetwork

Figure3.9SANinitiatorandtarget

Figure3.10LUNs

Figure3.11MDS9148switch

Figure3.12SFPmodule

Figure3.13Multimodefiber-opticcables

Figure3.14Point-to-pointtopology

Figure3.15FibreChannelArbitratedLoop

Figure3.16Simplefabric

Figure3.17Dualfabric

Figure3.18FibreChannelporttypes

Figure3.19FibreChannelSANcomponents

Figure3.20WorldWideNames

Figure3.21WordWidePortNames

Figure3.22SANboot

Figure3.23Fabriclogin

Chapter4

Figure4.1ACEloadbalancer

Figure4.2Round-robinpredictor

Figure4.3Least-loadedpredictor

Figure4.4Hashingpredictor

Figure4.5Leastnumberofconnectionspredictor

Figure4.6Health-checkingprobes

Figure4.7ACEHApair

Figure4.8CiscoACEDeviceManager

Figure4.9CiscoGlobalSiteSelector

Chapter5

Figure5.1Traditionalservers

Figure5.2Traditionalpoliciesandcontrol

Figure5.3Serverandnetworkvirtualization

Figure5.4Networkconnectivity

Figure5.5Policiesinavirtualenvironment

Figure5.6Insidethephysicalserver

Figure5.7Standardswitchconfiguration

Figure5.8FailedvMotion

Figure5.9Distributedvirtualswitch

Figure5.10Networkadministrationinavirtualenvironment

Figure5.11DeployOVFTemplate

Figure5.12Selectthesourcelocation

Figure5.13VerifyOVFtemplatedetails

Figure5.141000Vproperties

Figure5.15vCentercredentialsentryscreen

Figure5.16vCenterNetworkingSummaryscreen

Chapter6

Figure6.1Traditionalseparatenetworks

Figure6.2Unifiednetwork

Figure6.3MultihopFCoEnetwork

Figure6.4Protocolencapsulation

Figure6.5FCoEframe

Figure6.6Ethernetflowcontrol

Figure6.7FibreChannelflowcontrol

Figure6.8Per-priorityflowcontrol

Figure6.9FCoEporttypes

Figure6.10FEXcomparison

Figure6.11VN-Tag

Figure6.12Nexusfabricextension

Chapter7

Figure7.1Agroupoftowerservers

Figure7.2Rackmountserversconnectedtoaswitch

Figure7.3Chassiswith16blades

Figure7.4CiscoUCSfabricinterconnectmodel6248UP

Figure7.5UCSsystemwithtwofabricinterconnectsandfourchassis

Figure7.6UCSsystemwithtwofabricinterconnectsand12chassis

Figure7.76100Seriesfabricinterconnects

Figure7.86100Seriesexpansionmodules

Figure7.96248UPand6296UPfabricinterconnects

Figure7.106200unifiedportexpansionmodule

Figure7.116324fabricinterconnect

Figure7.12UCS5108chassiswithamixtureoffullandhalf-slotblades

Figure7.135108with2104XPI/Omodules(rearview)

Figure7.14B-Seriesservercomparison

Figure7.15C-Seriesservercomparison

Figure7.16Non-virtualizedinterfacecards

Figure7.17Virtualinterfacecards

Figure7.18FabricinterconnectL1/L2ports

Figure7.19FabricinterconnecttoI/Omoduleconnectivity

Figure7.20Configuringportpersonalityonfabricinterconnect

Figure7.21Re-acknowledgingachassis

Chapter8

Figure8.1Fabricinterconnectcabling

Figure8.2UCSinitialwebinterface

Figure8.3Javaapplicationwarning

Figure8.4UCSManagerLogin

Figure8.5UCSManagerlayout

Figure8.6UCSManagertabs

Figure8.7Finitestatemachinediscoveryprocess

Figure8.8CreatingaUUIDpool

Figure8.9CreatingaMACaddresspool

Figure8.10CreatingaWWNNpool

Figure8.11Serviceprofileassociationmethods

Figure8.12Manuallyassigningserverstoaserverpool

Figure8.13Serviceprofilecreationoptions

Figure8.14Simpleprofilecreation

Figure8.15Expertprofilecreation

Figure8.16Creatingaserviceprofiletemplate

Figure8.17Creatingserviceprofilesfromatemplate

Figure8.18Serviceprofilescreatedfromatemplate

IntroductionWelcometotheexcitingworldofCiscocertification!Ifyou’vepickedupthisbookbecauseyouwanttoimproveyourselfandyourlifewithabetter,moresatisfying,andmoresecurejob,you’vedonetherightthing.Whetheryou’restrivingtoenterthethriving,dynamicITsector,oryou’reseekingtoenhanceyourskillsetandadvanceyourpositionwithinyourcompanyorindustry,beingCiscocertifiedcanseriouslystacktheoddsinyourfavorinhelpingyoutoattainyourgoals!

Ciscocertificationsarepowerfulinstrumentsofsuccessthatmarkedlyimproveyourgraspofallthingsinternetworking.Asyouprogressthroughoutthisbook,you’llgainacompleteunderstandingofdatacentertechnologiesthatreachesfarbeyondCiscodevices.Bytheendofthisbook,you’llhavecomprehensiveknowledgeofhowCiscoNexusandUCStechnologiesworktogetherinyourdatacenter,whichisvitalintoday’swayoflifeinthenetworkedworld.Theknowledgeandexpertisethatyou’llgainhereisessentialforandrelevanttoeverynetworkingjob,anditiswhyCiscocertificationsareinsuchhighdemand—evenatcompanieswithfewCiscodevices!

Althoughit’scommonknowledgethatCiscorulestheroutingandswitchingworld,thefactthatitalsorocksthevoice,datacenter,andsecurityworldsisnowwellrecognized.Furthermore,Ciscocertificationsequipyouwithindispensableinsightintotoday’svastlycomplexnetworkingrealm.Essentially,bydecidingtobecomeCiscocertified,you’reproudlyannouncingthatyouwanttobecomeanunrivalednetworkingexpert—agoalthatthisbookwillputyouwellonyourwaytoachieving.Congratulationsinadvanceonthebeginningofyourbrilliantfuture!

TheCCNADataCentercertificationwilltakeyouwaybeyondthetraditionalCiscoworldofswitchingandrouting.Themoderndatacenternetworkincludestechnologiesthatwereoncetheprivatedomainofothergroups.Butwithnetworkconvergenceandvirtualizationtakingthedatacentertonewplaces,youmustnowlearnallaboutstorageandstoragenetworking,networkconvergence,thevirtualizationofservers,andnetworkservices.Moreover,asyouwillseeinthisbook,wewilltakeadeeplookatnewserverdesignsanddeploymentmodels.

WhyShouldYouBecomeCertifiedinCiscoDataCenterTechnologies?Cisco,likeMicrosoftandothervendorswhoprovidecertification,createdthecertificationprocesstogiveadministratorsaspecificsetofskillsandequipprospectiveemployerswithawaytomeasurethoseskillsormatchcertaincriteria.

RestassuredthatifyoumakeitthroughtheCCNADataCenterexamsandarestillinterestedinCiscoanddatacenters,you’reheadeddownapathtocertainsuccess!

WhatDoesThisBookCover?ThisbookcoverseverythingthatyouneedtoknowtopasstheIntroducingCiscoDataCenterTechnologies(640–916)exam.TheIntroducingCiscoDataCenterTechnologiesexamisthesecondoftwoexamsrequiredtobecomeCCNADataCenterCertified.ThefirstCCNADataCenterexamiscalledIntroducingCiscoDataCenterNetworking(DCICN),anditisexamnumber640–911.

AgreatresourceforlearningaboutdatacenternetworkingandexampreparationforthefirstCCNADataCenterexamisCCNADataCenter—IntroducingCiscoDataCenterNetworkingStudyGuide:Exam640–911byToddLammleandJohnSwartz(Sybex,2013).

Allchaptersinthisbookincludereviewquestionsandhands-onlabstohelpyoubuildastrongfoundation.

Youwilllearnthefollowinginformationinthisbook:

Chapter1:DataCenterNetworkingPrinciplesWegetrightdowntobusinessinthefirstchapterbycoveringabroadarrayofdatacenterprinciplesandconcepts,suchasEthernetandstoragenetworks,datacenterdesign,andtechnologiesspecifictodatacenternetworking,suchasdatacenterinterconnects,FabricPath,andvirtualPortChannels.

Chapter2:NetworkingProductsInthischapter,wetakeacloselookattheCisconetworkingproductsfoundinthedatacenter,suchasthecompleteNexusfamilyofswitchproductsandtheMDSstoragenetworkingproductmodels.

Chapter3:StorageNetworkingPrinciplesThischapterprovidesyouwiththebackgroundnecessaryforsuccessontheexamaswellasintherealworldwithathoroughpresentationofstoragetechnologiesandprinciples.Traditionally,storagehasbeenhandledbyspecializedengineersworkingonlywithSANandstoragetechnologies.InthemoderndatacenterwithconvergedLANandSANnetworks,itbecomesnecessarytolearnstoragetechnologies.ThischapterprovidesthebackgroundneededtomasterconvergednetworkscoveredinChapter6.

Chapter4:DataCenterNetworkServicesChapter4coversthetopicofnetworkservices,suchasloadbalancingandwideareanetworkacceleration.Thisisasmallbutimportantpartoftheexam.

Chapter5:Nexus1000VWenowstarttotakeadeeplookatnetworkand

devicevirtualization,whichisacentralpartofmoderndatacenters.WeusethesoftwarevirtualswitchfromCisco,theNexus1000V,todemonstrateboththisimportantproductandtheconceptsofvirtualization.

Chapter6:UnifiedFabricInthischapter,weusetheMDSSANandNexusLANproductlinestoshowhowtoconvergeLANandSANswitchingontoasingleswitchingfabric.Welookatthestandardsdevelopedtoensurelosslessswitchingtoprotectthestoragetrafficandtheconceptsoffabricextensions.

Chapter7:CiscoUCSPrinciplesThischaptertakesusawayfromnetworkingandintotheworldofUnifiedComputing.WelookattheCiscoUCSproductlineanddemonstratehowtosetupaUCScluster.WeintroducetheUCSManagerandlookathowitmanagesthecompleteUCS.

Chapter8:CiscoUCSConfigurationThischaptercovershowtousetheUCSManagertosetupandconfiguretheCiscoUnifiedComputingSystem.WeexploretheconceptsofpolicesandpoolsanddiscusshowtheyinteractwitheachotherinaCisco-basedserversolution.

AppendixA:AnswerstoWrittenLabsThisappendixcontainsalloftheanswerstothewrittenlabsfoundattheendofeachchapter.

AppendixB:AnswerstoReviewQuestionsThisappendixcontainsalloftheanswerstothereviewquestionsfoundattheendofeachchapter.

InteractiveOnlineLearningEnvironmentandTestBankWe’veworkedhardtoprovidesomereallygreattoolstohelpyouwiththecertificationprocess.TheinteractiveonlinelearningenvironmentthataccompaniesCCNADataCenter:IntroducingCiscoDataCenterTechnologiesStudyGuide:Exam640–916providesatestbankwithstudytoolstohelpyouprepareforthecertificationexamandincreaseyourchancesofpassingitthefirsttime!Thetestbankincludesthefollowing:

SampleTestsAllofthequestionsinthisbookareprovided,includingtheassessmenttest,whichyou’llfindattheendofthisintroduction,andthereviewquestionsattheendofeachchapter.Inaddition,thereisanexclusivepracticeexamwith110questions.Usethesequestionstotestyourknowledgeofthestudyguidematerial.Theonlinetestbankrunsonmultipledevices.

FlashcardsTheonlinetestbankincludes100flashcardsspecificallywrittento

hityouhard,sodon’tgetdiscouragedifyoudon’tacethematfirst!Theyaretheretoensurethatyou’rereadyfortheexam.Questionsareprovidedindigitalflashcardformat(aquestionfollowedbyasinglecorrectanswer).Youcanusetheflashcardstoreinforceyourlearningandprovidelast-minutetestprepbeforetheexam.

OtherStudyToolsAglossaryofkeytermsfromthisbookandtheirdefinitionsisalsoavailableasafullysearchablePDF.

Gotohttp://sybextestbanks.wiley.comtoregisterforandgain

accesstothisinteractiveonlinelearningenvironmentandtestbankwithstudytools.

HowtoUseThisBookIfyouwantasolidfoundationforpreparingfortheIntroducingCiscoDataCenterTechnologiesexam,thenlooknofurther.We’vespenthundredsofhoursputtingtogetherthisbookwiththesoleintentionofhelpingyoutopasstheexamaswellasreallylearninghowtoconfigureandmanageCiscodatacenterproductscorrectly!

Thisbookisloadedwithvaluableinformation,andyouwillgetthemostoutofyourstudytimeifyouunderstandwhythebookisorganizedthewayitis.

Thus,tomaximizeyourbenefitfromthisbook,werecommendthefollowingstudymethod:

1. Taketheassessmenttestthat’sprovidedattheendofthisintroduction.(Theanswersareattheendofthetest.)It’sOKifyoudon’tknowanyoftheanswers;that’swhyyouboughtthisbook!Carefullyreadovertheexplanationsforanyquestionyougetwrong,andnotethechaptersinwhichthematerialrelevanttothemiscovered.Thisinformationshouldhelpyouplanyourstudystrategy.

2. Studyeachchaptercarefully,makingsurethatyoufullyunderstandtheinformationandthetestobjectiveslistedatthebeginningofeachone.Payextra-closeattentiontoanychapterthatincludesmaterialcoveredinquestionsthatyoumissed.

3. Completeallhands-onlabsineachchapter,referringtothetextofthechaptersothatyouunderstandthereasonforeachstepyoutake.Trytogetyourhandsonsomerealequipment,ordownloadtheUCSsimulatorfromwww.cisco.com,whichyoucanuseforthehands-onlabsfoundonlyinthisbook.

4. Answerallofthereviewquestionsattheendofeachchapter.(TheanswersappearinAppendixA.)Notedownthequestionsthatconfuseyou,andstudythetopicstheyaddressagainuntiltheconceptsarecrystalclear.Andagain,andagain—donotjustskimthesequestions!Makesurethatyoufullycomprehendthereasonforeachcorrectanswer.Rememberthatthesearenottheexactquestionsthatyouwillfindontheexam,butthey’rewrittentohelpyouunderstandthechaptermaterialandultimatelypasstheexam!

5. Tryyourhandatthepracticeexamquestionsthatareexclusivetothisbook.Thequestionscanbefoundathttp://sybextestbanks/wiley.com.

6. Testyourselfusingalloftheflashcards,whicharealsofoundatthedownloadlink.Theseareawonderfulstudytoolwithbrand-new,updatedquestionstohelpyouprepareforCCNADataCenterexam!

Tolearneverybitofthematerialcoveredinthisbook,you’llhavetoapplyyourselfregularlyandwithdiscipline.Trytosetasidethesametimeperiodeverydaytostudy,andselectacomfortableandquietplacetodoso.We’reconfidentthatifyouworkhard,you’llbesurprisedathowquicklyyoulearnthismaterial!

Ifyoufollowthesestepsandreallystudy—doingHands-OnLabseverysingledayinadditiontousingthereviewquestions,thepracticeexam,andtheelectronicflashcards—itwouldactuallybehardtofailtheCiscoexam.Youshouldunderstand,however,thatstudyingfortheCiscoexamsisalotlikegettinginshape—ifyoudonotgotothegymeveryday,it’snotgoingtohappen!

WhereDoYouTaketheExams?YoumaytaketheIntroducingCiscoDataCenterTechnologies(DCICT)oranyCiscoexamatanyofthePearsonVUEauthorizedtestingcenters.Forinformation,checkoutwww.vue.comorcall877–404-EXAM(3926).

ToregisterforaCiscoexam,followthesesteps:

1. Determinethenumberoftheexamthatyouwanttotake.TheIntroducingCiscoDataCenterTechnologiesexamnumberis640–916.

2. RegisterwiththenearestPearsonVUEtestingcenter.Atthispoint,youwillbeaskedtopayinadvancefortheexam.Atthetimeofthiswriting,theexamcosts$250,anditmustbetakenwithinoneyearofyourpayment.Youcanscheduleexamsuptosixweeksinadvanceoraslateasthedayyouwanttotakeit.However,ifyoufailaCiscoexam,youmustwaitfivedaysbeforeyouareallowedtoretakeit.Ifsomethingcomesupandyouneedtocancelorrescheduleyourexamappointment,contactPearsonVUEatleast24hoursinadvance.

3. Whenyouscheduletheexam,you’llgetinstructionsregardingallappointmentandcancellationprocedures,theIDrequirements,andinformationaboutthetesting-centerlocation.

TipsforTakingYourCiscoExamsTheCiscoexamscontainabout65–75questions,andtheymustbecompletedinabout90minutesorless.Thisinformationcanchangebyexam.Youmustgetascoreofabout80percenttopassthe640–916exam,butagain,eachexammaybedifferent.

Manyquestionsontheexamhaveanswerchoicesthatatfirstglancelookidentical—especiallythesyntaxquestions!Soremembertoreadthroughthechoicescarefullybecauseclosejustdoesn’tcutit.Ifyougetcommandsinthewrongorderorforgetonemeaslycharacter,you’llgetthequestionwrong.So,topractice,dothehands-onexercisesattheendofeachchapteroverandoveragainuntiltheyfeelnaturaltoyou.

Also,neverforgetthattherightansweristheCiscoanswer.Inmanycases,morethanoneappropriateanswerispresented,butthecorrectansweristheonethatCiscorecommends.Ontheexam,youwillalwaysbetoldtopickone,two,orthreeoptions,never“chooseallthatapply.”TheCiscoexammayincludethefollowingtestformats:

Multiple-choicesingleanswer

Multiple-choicemultipleanswer

Drag-and-drop

Routersimulations

Herearesomegeneraltipsforexamsuccess:

Herearesomegeneraltipsforexamsuccess:

1. Arriveearlyattheexamcentersothatyoucanrelaxandreviewyourstudymaterials.

2. Readthequestionscarefully.Don’tjumptoconclusions.Makesurethatyou’reclearaboutexactlywhateachquestionasks.“Readtwice,answeronce”iswhatwealwaystellstudents.

3. Whenansweringmultiple-choicequestionsaboutwhichyou’reunsure,useaprocessofeliminationtogetridoftheobviouslyincorrectanswersfirst.Doingthisgreatlyimprovesyouroddswhenyouneedtomakeaneducatedguess.

4. YoucannolongermoveforwardandbackwardthroughtheCiscoexams,sodouble-checkyouranswerbeforeclickingNext,sinceyoucan’tchangeyourmind.

Afteryoucompleteanexam,you’llgetanimmediate,onlinenotificationonwhetheryoupassedorfailed,aprintedexaminationscorereportthatindicatesyourpassorfailstatus,andyourexamresultsbysection.(Thetestadministratorwillgiveyoutheprintedscorereport.)TestscoresareautomaticallyforwardedtoCiscowithinfiveworkingdaysafteryoutakethetest,soyoudon’tneedtosendyourscoretothem.Ifyoupasstheexam,you’llreceiveconfirmationfromCisco,typicallywithintwotofourweeks,sometimesabitlonger.

DCICTExamObjectivesFollowingarethemajorobjectivesoftheDCICTexam:

CandidateswilldemonstrateknowledgeofCiscodatacenterproductsandtechnologiesincludingtheUCS,MDS,andNexusseriesofproducts.

Theexamrequiresin-depthknowledgeofnetworkservices,storageconcepts,networking,devicevirtualization,andUCSservermanagementandconfiguration.

ExamtakerswillshowtheirskillsinusingandconfiguringCiscodatacentertechnology,includingNexusfeatures,MDSSANoperations,theUCSserversystem,convergednetworking,andnetworkservicessuchasloadbalancing.

ThisstudyguidehasbeenwrittentocovertheCCNADataCenter640–916examobjectivesatalevelappropriatetotheirexamweightings.Thefollowingtableprovidesabreakdownofthisbook’sexamcoverage,showingyoutheweightofeachsectionandthechapterwhereeachobjectiveorsubobjectiveis

weightofeachsectionandthechapterwhereeachobjectiveorsubobjectiveiscovered:

Objective/Subobjective PercentageofExam

Chapters

1.0CiscoDataCenterFundamentalsConcepts 30% 11.1aLAN 11.1.bSAN 11.2DescribetheModularApproachinNetworkDesign 11.3Describethedatacentercorelayer 11.4Describethedatacenteraggregationlayer 11.5Describethedatacenteraccesslayer 11.6Describethecollapsecoremodel 11.7DescribeFabricPath 11.8IdentifykeydifferentiatorbetweenDCIandnetworkinterconnectivity

1

1.9Describe,configure,andverifyvPC 11.10Describethefunctionalityofandconfigurationofportchannels

1

1.11Describeandconfigurevirtualdevicecontext(VDC)

1

1.12Describetheedge/corelayersoftheSAN 11.13DescribetheCiscoNexusproductfamily 21.14Configureandverifynetworkconnectivity 11.15Identifycontrolanddataplanetraffic 11.16Performinitialsetup 12.0DataCenterUnifiedFabric 20% 62.1DescribeFCoE 62.2DescribeFCoEmultihop 62.3DescribeVIFs 62.4DescribeFEXproducts 62.5Performinitialsetup 63.0StorageNetworking 18% 3

3.0StorageNetworking 18% 33.1DescribetheSANinitiatorandtarget 33.2VerifySANswitchoperations 33.3DescribebasicSANconnectivity 33.4Describethestoragearrayconnectivity 33.5Verifynameserverlogin 33.6Describe,configure,andverifyzoning 33.7Performinitialsetup 33.8Describe,configure,andverifyVSAN 34.0DCVirtualization 14% 54.1DescribedeviceVirtualization 54.2DescribeServerVirtualization 54.3DescribeNexus1000v 54.4VerifyinitialsetupandoperationforNexus1000 55.0UnifiedComputing 17% 7,85.1Describeandverifydiscoveryoperation 7,85.2Describe,configure,andverifyconnectivity 7,85.3Performinitialsetup 6,7,85.4DescribethekeyfeaturesofUCSM 7,86.0DataCenterNetworkServices 1% 46.1DescribestandardACEfeaturesforloadbalancing 46.2DescribeserverloadbalancingvirtualcontextandHA

4

6.3Describeserverloadbalancingmanagementoptions 46.4DescribethebenefitsofCiscoGlobalLoadBalancingSolution

4

6.5DescribehowtheCiscogloballoadbalancingsolutionintegrateswithlocalCiscoloadbalancers

4

6.6DescribeCiscoWAASneedsandadvantagesinthedatacenter

4

Examobjectivesaresubjecttochangeatanytimewithoutprior

noticeandatCisco’ssolediscretion.PleasevisitCisco’scertificationwebsite(http://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/dcict.html)forthelatestinformationontheDCICTexam.

AssessmentTest1. Whichofthefollowingischaracteristicofavirtualdevicecontext(VDC)?

A. AllowsLayer2accessacrossaLayer3network

B. Allowsmultipleloadbalancersononevirtualappliance

C. AllowsoneNexustoappearasmultiplevirtualswitches

D. SeparatesthecontrolandforwardingplanesonaNexus5500

2. FabricPathnetworkingissupportedonwhatCiscoswitchingplatforms?(Choosetwo.)

A. Nexus2000

B. 1000V

C. Nexus7000series

D. MDS9000series

E. Catalyst6513

F. Nexus5500

3. WhatpartofaNexus7000switchcontrolsthedataplane?

A. CMP

B. UCSM

C. Crossbarfabric

D. Supervisormodule

4. WhichNexusproductssupportLayer3switching?(Choosetwo.)

A. 2248PP

B. 5548

C. 5010

D. 7008

E. 2148T

5. FabricPathrequireswhatSpanningTreeoptionstobeset?

A. STPisrequiredontheedgeoftheFabricPathdomain.

B. MSTisthesuggestedconfigurationforSTPoverFabricPath.

C. STPisnotrequiredwhenFabricPathisused.

6. FibreChanneluseswhattoidentifyspecificports?

A. UUID

B. MAC

C. WWPN

D. FN_AL

7. TheCiscoACEloadbalanceruseswhatasitsdefaultpredictor?

A. Leastloaded

B. Responsetime

C. RoundR-robin

D. Leastconnections

8. WhatcommandisusedtodisplayallconnectedVEMsona1000VVSM?

A. showvembrief

B. show1000vmodules

C. showinventory

D. showmodule

E. showchassis

9. TheNexus1000VvirtualEthernetswitchcontainswhichofthefollowingfeatures?(Choosethree.)

A. Routing

B. CiscoDiscoveryProtocol

C. NX-OScommandline

D. Loadbalancing

E. Distributedlinecards

10. Whenconnectingaservertoastoragedevice,whatprotocolscanbeused?(Choosethree.)

A. FTP

B. NFS

C. iSCSI

D. FibreChannel

E. SecureCopy

11. ToenablelosslesstrafficinFCoE,IEEE802.1pisused.HowmanyCoSbitsareused?

A. 2

B. 3

C. 4

D. 8

E. 16

12. Thevirtualizationsoftwarethatrunsonaserverthatallowsguestoperatingsystemstorunonitiscalledwhat?

A. KVM

B. Hypervisor

C. VMware

D. UCS

E. Virtualization

13. TheCiscoUCSsystemwasdesignedtoaddresswhatissues?(Choosethree.)

A. SeparateEthernetandFibreChannelnetworking

B. Difficultymanagingalargenumberofservers

C. Lackofmanagementsystemintegration

D. Issuesencounteredwhenreplacingorupgradingaserver

E. Cloudhostingformfactors

14. TheUCSfabricinterconnectredundantconfigurationrequireshowmany

interconnects?

A. Two

B. Three

C. Four

D. Six

15. WhatprocessmonitorstheadditionandremovalofcomponentsinaUCSsystem?

A. Discoverydaemon

B. Scavengerprocess

C. Finitestatemachine

D. Hardwarearbitration

E. SNMPagent

16. UCSManagerSstoragepoolscontainwhichofthefollowing?(Choosetwo.)

A. WWPN

B. UUID

C. LUN

D. WWNN

17. Whenperformingtheinitialsetuponfabricinterconnects,whatarethetwoinstallationmodesavailable?

A. SNMP

B. GUI

C. SMTP

D. Console

E. CLI

18. WhichFEXproductsupportsonly1Gonallports?

A. 2148T

B. 2148E

C. 2232TM

D. 2248TP

E. 2232PP

19. WhatNexusproductlinesupportshigh-density40Ginterfacesandsoftwaredefinednetworking?

A. 7018

B. 7700

C. 5596

D. 9000

20. OntheMDS9000seriesSANswitches,whatprovidesfortheequivalentofphysicalseparationoftheswitchingfabric?

A. VLAN

B. LUN

C. Zone

D. FLOGI

E. VSAN

AnswerstoAssessmentTest1. C.AvirtualdevicecontextallowsaphysicalNexusswitchtobepartitioned

intoseverallogicalorvirtualswitches.AnswerAdescribesOTV,answerBisnotanaccuratetopology,andanswerDisnotrelatedtoVDC.WeintroduceVDCsinChapter1,“DataCenterNetworkingPrinciples”1ofthisStudyGuide.

2. C,F.Ofthechoicesgiven,onlytheNexus5500and7000offerFabricPathsupport,asdescribedinChapter1.

3. C.TheunifiedcrossbarfabricintheNexus7000interconnectsthelinecardsdataplane,anditisinsertedinthebackplane.CMPandUCSMareUCSproducts,andthesupervisormodulemanagesthecontrolplaneandnotthedataplane.WewilltakeadeepdiveintotheNexusproductlineinChapter2,“NetworkingProducts.”

4. BandD.OnlytheNexus5500seriesandtheNexus7000serieshaveLayer3support,asdescribedinChapter2.

5. C.FabricPathisaSpanningTreereplacement,anditdoesnotrequirethatSTPbeactive,ascoveredinChapter1.

6. C.TheWorldWidePortNameisusedinFibreChanneltoidentifyuniqueportnamessuchasahostbusadapterwithasingleport.Theotheranswersofferedarenotrelevant.StoragenetworkingandunifiedfabricsarecoveredinChapter3,“DataCenterNetworkingTechnologies”andChapter6,“UnifiedFabric.”

7. C.RoundrobinisthedefaultpredictorontheACEloadbalancer,anditcanbechangedtotheotheroptionslisted.WewilldiscussnetworkingservicesinChapter4,“DataCenterNetworkServices.”

8. D.showmoduleistheonlyvalid1000Vcommand,anditdisplaysinformationonconnectedvirtualEthernetmodules.SeeChapter5,“Nexus1000V”5foradditionalinformation.

9. B,C,andE.The1000VisavirtualizedNexusrunningthesameNX-OSoperatingsystemasthehardwareNexusversions.Thefeaturesetisfoundinthestand-aloneNexusswitches,anditisincludedinthevirtualswitchaswell.SeeChapter5foradditionalinformation.

10. B,C,andD.WhenconnectingtoaremotestorageNetworkFileSystem,iSCSIandFibreChannelareused.SecurecopyandFTParefiletransferandnotstorageprotocols.SeeChapter6,“UnifiedFabric”6formoreinformation.

11. B.ThreebitsareavailableforCoSmarkinginthe802.1pheadertomaptrafficclasses,whichiscoveredinChapter6.

12. B.Ahypervisorrunsonbaremetalservers,anditallowsvirtualmachines,sometimescalledguestoperatingsystems,torunontopofit.ThisisinvestigatedinChapter7,“CiscoUCSPrinciples.”

13. A,B,andD.TheUCSwasspecificallydesignedtoovercomethechallengesofintegratingLANandSANintoacommonfabric,howtomanagealargenumberofserverinstanceswithasingleapplications,andeaseofmigrationsandupgradeissuesseenoncommonserverhardwarearchitecture.ThesearecoveredinChapter7.

14. A.AUCSfabricinterconnectisformedwhenAandBswitchesarerunningtheUCSMcodeforredundancy.Thereisnoallowancefortwofabricinterconnectsinacluster,asdescribedinChapter8,“CiscoUCSConfiguration.”

15. A.ThefinitestatemachineintheUCSmonitorsallhardwareadditionsandremovals.AllotherselectionsarenotvalidfortheUCS.UCSdetailsarecoveredinChapter8.

16. AandD.TheUCSManagerusesstoragepoolsdynamicallytoassignWorldWideNodeNamesandWorldWidePortNamestotheserverhardware.UCSManagerdetailsarecoveredinChapter8.

17. BandD.TheconsoleandgraphicaluserinterfacearethetwooptionspresentedwheninitiallyconfiguringafabricinterconnectmoduleandarediscussedinChapter8.

18. A.The2148TisanolderNexus2000productthatdidnotsupport10Ginterfaces.TheNexus2000productlineiscoveredinChapter2.

19. D.TheNexus9000seriesisdesignedtosupportSDNandhashigh-density40GEthernetlinecards,asdescribedinChapter2.

20. E.Avirtualstorageareanetwork(VSAN)providesfortheseparationofstoragetrafficinaSANswitchingfabric.ThisiscoveredindetailinChapter6.

Chapter1DataCenterNetworkingPrinciples

THEFOLLOWINGCCNADCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:

1.0CiscoDataCenterFundamentalsConcepts

1.1Describenetworkarchitecturesforthedatacenteranddescribethepurposeandfunctionsofvariousnetworkdevices

1.1.aLANw

1.1.bSAN

1.2Describethemodularapproachinnetworkdesign

1.3Describethedatacentercorelayer

1.4Describethedatacenteraggregationlayer

1.5Describethedatacenteraccesslayer

1.6Describethecollapsecoremodel

1.7DescribeFabricPath

1.8IdentifykeydifferentiatorsbetweenDCIandnetworkinterconnectivity

1.9Describe,configure,andverifyvPC

1.10Describethefunctionalityofandconfigurationofportchannels

1.11Describeandconfigurevirtualdevicecontext(VDC)

1.12Describetheedge/corelayersoftheSAN

1.13DescribetheCiscoNexusproductfamily

1.14Configureandverifynetworkconnectivity

1.15Identifycontrolanddataplanetraffic

1.16Performinitialsetup

DataCenterNetworkingPrinciplesWiththeriseofcloudcomputingandadvancesinmoderndatacentertechnologies,Ciscohasreleasedahostofnewproductsandtechnologiesdesignedspecificallytomeetandaddresstheuniqueneedsofdatacenternetworking,includingLAN,SAN,andcomputingplatformsofascalableandresilientdatacenter.Theexplosivegrowthinthisareahasalsocreatedaneedforknowledgeableandcertifiedtechnicalstafftomakesenseofitallandtoimplementandsupportdatacenteroperations.

Wewillcoverthetechnologies,products,andprotocolsfortheIntroducingCiscoDataCenterTechnologies640–916CCNADataCenterexaminthisbook.Wewillbeginwithanoverviewandthenadetailedlookatthenetworkingarchitectureofthedatacenter.

TheDataCenterLANThereareuniqueLANrequirementsforthedatacenter,whichCiscohasaddressedwiththeNexusfamilyofdatacenterswitchingproducts.TheNexusproductlineisdesignedfornext-generationdatacenterswitchingand,asyouwillsee,ithasmanyfeaturesthatarespecifictothenetworkingchallengesfoundinlargedatacenters.Manyservicesandtechnologiesareusedprimarilyindatacenters,suchastheconvergenceofLANdataandSANstoragetrafficintooneunifiedswitchingfabric,asshowninFigure1.1.With10GigabitEthernet,themostcommonLANtransport,manynewtechnologieshavebeenimplementedtomakeuseofallofthebandwidthavailableandnotletanyredundantchannelssitidleasabackup.ThesenewtechnologiesincludeFabricPath,virtualPortChannels,TRILL,andothersthatwewillinvestigateasweprogressthroughthischapter.

FIGURE1.1DatacenterLAN

ThedatacenterLANisengineeredformaximumthroughputandextremelyhighredundancy,scalability,andreliability.Withtheintroductionof10,40,and100GigabitEthernet,thespeedoftheswitchingfabricandinterconnectionsisconstantlyincreasingasthebandwidthrequirementsoftheapplicationsgrowexponentially.

Toreducecablingandhardwarerequirementsinsidethedatacenter,theCiscoNexusproductlinehasfeaturessuchasdevicevirtualization,whereonephysicalswitchcanbedividedintoseverallogicalswitchesusingonechassis.

Traditionally,thestorageareanetworkandthelocalareanetworkwereseparateentitieswiththeirownhardwareandcabling,asshowninFigure1.2.Toreducethehardwareandcablingintheracks,technologieswithintheNexusswitchesallowtheLANandSANtosharethesameunifiedswitchingfabric.Figure1.3showsthehardwarereductionwhendataandstoragesharethesamefabric.Thisalsoreducesthecost,power,andcoolingrequirementsinthedatacenter.

FIGURE1.2SeparatedatacenterLAN/SANnetworks

FIGURE1.3Unifieddatacenternetwork

TheDataCenterSANStorageareanetworkinghastraditionallybeenseparatefromtheLANandmanagedbyaspecializedgroupofstorageengineers.WiththeNexus,MDS,andUnifiedComputingSystemsfromCisco,storageareanetworkingcanbeconvergedwithdatatraffictoreduceequipmentcostandpowerandheatingrequirements,consolidatecabling,andimprovemanageability.

StoragenetworksuseadifferentsetofprotocolsthantheEthernetusedinLANs.CommonstorageprotocolsincludeSCSIandFibreChannel.WiththeconvergenceoftheSANandLANnetworks,newprotocolssuchasiSCSIandFCoEhavearrived.

TheInternetSmallComputerSystemInterface(iSCSI)protocolallowsSCSIstoragetraffictotraverseatraditionallocalareaEthernetnetworkusingIPasitstransportprotocol.

FibreChanneloverEthernet(FCoE)wasdevelopedtoencapsulatetheFibreChannelprotocolinsideanEthernetframe.Specializedcardsinsidetheserverscalledconvergednetworkadapters(CNAs)combineFCoEandtraditionalEthernetintooneconnectiontotheNexusswitchingfabric.Theserverseesthenetworkandstorageconnectionsasseparateentities,asifastoragehostbusadapterandanEthernetLANcardwereinstalled.Storageareanetworkingwillbediscussedinalaterchapter.

NetworkDesignUsingaModularApproachThemodularapproachtonetworkingcreatesastructuredenvironmentthateasestroubleshooting,fosterspredictability,andincreasesperformance.Thecommonarchitectureallowsforastandarddesignapproachthatcanbereplicatedasthedatacenternetworkexpands.Severaldifferentdesignscanbeusedbasedonuniqueneeds.

TheDataCenterCoreLayerAttheheartofthedatacenternetworkistheaptlynameCore,asshowninFigure1.4.DataflowsfromtheedgeofthenetworkattheAccesslayertoaconsolidationpointknownastheDistributionlayer.ThevariousDistributionlayerswitchesallconnecttotheCoretoexchangeframeswithotherendpointsinthedatacenterandtocommunicatewiththeoutsideworld.TheCoreistheheartofthenetwork,anditisdesignedtobeveryhighspeedwithlowlatencyandhighredundancy.

FIGURE1.4DatacenterCorenetwork

TheCoreisjustasitsounds—thecenterofthedatacenternetworkwherealloftheserverfarmsandcommunicationracksmeetandinterconnect.TheCoreisgenerallyaLayer3routedconfigurationconsistingofvery-high-speedredundantroutersthataredesignedtoroutetrafficandnotaddmanyservices,whichslowforwardingdown,sincetheyareintendedtobehighperformanceandhighlyreliable.TheCoreinterconnectsthevariousAggregationlayerswitchesandperformshigh-speedpacketswitching.

Thehigh-densityandhighlyredundantNexus7000seriesswitchesaregenerallyusedforcoreswitchingandrouting.

TheDataCenterAggregationLayerThepurposeoftheAggregationlayeristoconsolidatetheAccesslayerswitcheswheretheserverfarmsconnectandprovidetheLayer2switchingtotheLayer3routingboundary.Manyservicesarefoundhere,suchasaccesscontrollists,monitoringandsecuritydevices,aswellastroubleshootingtools,networkacceleration,andload-balancingservicemodules.TheAggregationlayerissometimesreferredtoastheserviceslayer.TheAggregationlayerconsolidatestheAccesslayerandconnectstotheCore.Figure1.5illustratesanaggregateddatacenternetwork.

FIGURE1.5Datacenteraggregatednetwork

TheAggregationlayerisahighlyredundantpairofswitches,suchastheNexus5000orNexus7000series.

TheDataCenterAccessLayer

TheAccesslayeristheedgeofthedatacenternetworkwhereNexusswitchesconnectserversandstoragesystemstothenetwork,asshowninFigure1.6.TheNexus2000andNexus5000seriesswitchesarecommonAccesslayerswitches.

FIGURE1.6DatacenterAccesslayernetwork

Accessswitches,sometimesreferredtoastop-of-the-rackswitches,generallyareineachrack,neartheservers,andhavedense1Gigabitor10GigabitEthernetportsconnectingthehoststothenetwork.Thistop-of-rackdesignkeepscablingshortandconsolidated.Thehigh-density48-or96-portswitchesandFEXlinecardsareplacedasneartotheserversaspossibleinordertokeepthecablingrunsshortandallowformorecost-effectivecablingoptions.

TheAccesslayerswitchesarefoundingreaternumbersthantheAggregationlayerandCorelayerswitches.TheAccesslayerconnectstotheAggregationlayerusingmultipleredundanthigh-speedconnectionsthataregenerallymultiple10GEthernetinterfacesbundledtogetherinaportchannel.

QualityofService(QoS)markingisprovidedattheAccesslayertoidentifythe

QualityofService(QoS)markingisprovidedattheAccesslayertoidentifythetrafficprioritiesproperlyastheyenterthenetwork.

TheCollapsedCoreModelInmanydatacenterdesigns,theAggregationlayerandCorelayercanbecombinedintoacollapsedcoredesign.Figure1.7showsabasiccollapsedcoredesign.AsyouwillseelaterinthischapterwhenemployingafeatureintheNX-OSoperatingsystem,aNexus7000switchcanbevirtualizedandactastwoormorephysicalswitchesinthesamechassis.Thisallowsforaconsolidationofpower,cooling,andrackspacebyfullyutilizingtheNexuschassistoprovidetheservicesofboththeAggregationandCorelayersonthedatacenterdesignmodel.

FIGURE1.7Collapsedcoremodel

FabricPathModerndatacentershavemanybandwidth-intensiveapplicationsthatputademandontheAccess,Aggregation,andCorelayerNexusplatforms.Thecommontransportis10GigabitEthernet,whichhasanexpenseassociatedwith

it.Thetraditionalwayofpreventingswitchingloopsandbroadcaststormswastousethe802.1dSpanningTreeProtocoloroneofitsvariants.Thedownsidetodoingthisisthatmanyofthelinkswereblockedandunuseduntiltherewasafailureofoneoftheprimaryforwardinglinks.Thisisaveryinefficientuseofresources,whichledtothedevelopmentofmultipathload-sharingtechnologiessuchasFabricPathandTRILL.WithFabricPath,theNexusswitchesusecustomsiliconlinecardsandNX-OSfeaturestobuildatopologymapofthenetworkandcomputeashortest-path-firstalgorithm,whichallowsalllinkstobeactiveandforwarding.Ifthereshouldbealinkfailure,theconvergencetimeisextremelyfast.FabricPathisamodernreplacementfortheSpanningTreeProtocol,anditisshowninFigure1.8.

FIGURE1.8FabricPath

IfthissoundslikeroutingLayer2MACaddressframes,itis!Whatistheworldcomingto,anyway?TheroutingprotocolusedisIntermediateSystemtoIntermediateSystem(IS-IS),whichisindependentfromTCP/IPandhasdefinablefieldsthatfitwellwithFabricPath.IS-ISisalink-stateprotocolverysimilartoOSPF,whichcalculatestheshortestpathtothedestination.IS-ISalsoallowsmultiplepathstothedestination,whichovercomesaweaknessin

SpanningTreethatwouldblockalllinksotherthantheonetotherootswitch.Infact,SpanningTreeisdisabledandreplacedbyFabricPath.

ThereisanewerSpanningTreereplacementstandardcalledTransparentInterconnectionofLotsofLinks(TRILL).TRILLisanIEEEstandard,anditwaswrittenbytheoriginaldesignerofSpanningTree.FabricPathisaCiscoproprietaryimplementation.BothFabricPathandTRILLaccomplishthesamegoals.Theyareuniquetechnologiesthataregenerallyfoundonlyindatacenterenvironments.

Tousethesetechnologies,customsiliconchipshadtobedevelopedtoencapsulatetheLayer2frames.TherearealsolicenserequirementstoenabletheFabricPathfeature.CiscoNX-OSrequirestheEnhancedLayer2licensetobeinstalledbeforeenablingFabricPath.

Exercise1.1providesanexampleofenablingthefabricpathfeatureinNX-OSandenteringabasicconfiguration.TheCCNADataCentercertificationdoesnotrequireanin-depthknowledgeofFabricPath,butitishelpfultoknowwhenworkinginamodernNexus-baseddatacenter.

EXERCISE1.1

ConfiguringFabricPathonaNexusSwitch

1. Installthefeature:

N7K-1(config)#installfeature-setfabricpath

2. Enablethefeature:

N7K-1(config)#feature-setfabricpath

3. Verifythatfabricpathisenabled:

N7K-1#showfeature-set

FeatureSetNameIDState

——————————————————

fabricpath2enabled

4. Assignthefabricpath(IS-IS)switchIDs:

Spine1(config)#fabricpathswitch-id1

Spine2(config)#fabricpathswitch-id2

Spine3(config)#fabricpathswitch-id3

Spine4(config)#fabricpathswitch-id4

5. DefinetheVLANsthatwillbetransportedwithfabricpath:

Spine1(config)#vlan100–200

Spine1(config-vlan)#modefabricpath

Spine2(config)#vlan100–200

Spine2(config-vlan)#modefabricpath

Spine3(config)#vlan100–200

Spine3(config-vlan)#modefabricpath

Spine4(config)#vlan100–200

Spine4(config-vlan)#modefabricpath

6. Enablefabricpathontheinterface:

N7K-1(config-if)#switchportmodefabricpath

N7K-1#Showfabricpathisisadjacency

FabricpathIS-ISdomain:defaultFabricpathIS-ISadjacency

database:

SystemIDSNPALevelStateHoldTime

Interface

002a.fa75.c812N/A1UP00:00:23port-

channel1

N7K-1#showfabricpathswitch-id

FABRICPATHSWITCH-IDTABLE

Legend:''—thissystem

=========================================================================

SWITCH-IDSYSTEM-IDFLAGSSTATESTATIC

EMULATED

—————+————————+——————+—————-+——————————

100002a.53be.866PrimaryConfirmedYes

No

101002a.23e4.c663PrimaryConfirmedYes

No

1102002a.23e4.c663PrimaryConfirmedNo

Yes

1103002a.23e4.c663PrimaryConfirmedNo

Yes

TotalSwitch-ids:4

N7K-1#showfabricpathroute

FabricPathUnicastRouteTable

'a/b/c'denotesftag/switch-id/subswitch-id

'[x/y]'denotes[admindistance/metric]

ftag0islocalftag

subswitch-id0isdefaultsubswitch-id

FabricPathUnicastRouteTableforTopology-Default

0/100/0,numberofnext-hops:0

via——,[60/0],80day/s00:51:18,local

HowDoWeInterconnectDataCenters?Thereareuniquerequirementsforinterconnectingdatacentersaswellasmanyoptionsfordoingso.CiscohasdevelopedOverlayTransportVirtualization(OTV),asshowninFigure1.9,toencapsulateLayer2framesinsideaLayer3packetandsenditoveraroutednetworktoaremotedatacenter.ThisMAC-inside-IPapproachallowsVLANstobeextendedbetweendatacenters.SomeoftheapplicationsforVLANextensionarefordisasterrecovery,active-activedatacenters,andtherequirementsofmanyservervirtualizationproductstobeonthesameVLANforthedynamicmovementofvirtualmachinesandvirtualstorage.

FIGURE1.9OverlayTransportVirtualization

ManytypesoftunnelingprotocolshavebeendevelopedovertheyearsincludingLayer2Forwarding,Point-to-PointTunnelingProtocol,genericrouting

encapsulation,andcertaintypesofMultiprotocolLabelSwitching(MPLS),whichisprovidedbythepubliccarriers.

OTVstandsoutasaprotocolspecificallydesignedforinterconnectingdatacenters,becauseithasmanyfeaturesdesignedtopreventnetworkissuesfrompropagatingacrossthenetworktotheremotedatacenter.OTVhashighavailability,SpanningTreesuppression,failureisolation,built-inloopprevention,dynamicencapsulation,multipointdatacentersupport,redundancy,andscalability.Whileitisaverycomplexprotocol,itisrelativelyeasytosetupandoperate,withthecomplexitylargelyhiddenbehindthescenes.OTVissupportedonlyonNexus7000seriesandASR1000routerswithspecificsoftwarelicensesandlinecards.

VirtualPortChannelsInthemoderndatacenter,muchofthearchitectureisdesignedtoensuremaximumuptime,fastfailover,andfullutilizationofalloftheavailablebandwidthinordertomaximizethroughput.WithstandardSpanningTreeconfigurations,onlyoneEthernetinterfacecanbeactivetopreventloopsfromforminginthenetwork.TheconceptofcombiningmultipleEthernetinterfacesintoonelogicalinterfaceeventuallycamealongandallowedforadditionalbandwidthandactiveports.Thoughthisdesignworkswell,ultimatelytheconceptofvirtualPortChannels(vPCs)wasdevelopedbyCiscoandisnowcommoninthedatacenter.

Withstandardportchannels,allinterfacesaregroupedinabundleoriginatinginoneswitchandterminatinginanother.Thisisduetotherequirementofeachswitch’scontrolplanetorecombinethetrafficateachend.

vPC’sareillustratedinFigure1.10.

FIGURE1.10VirtualPortChannels

AvirtualPortChannelbasicallyliestotheconnectedswitchandfoolsitintobelievingthatitisconnectedtooneswitchwheninrealityitisconnectedtotwoupstreamswitches.TheadvantageofvPCsisthatallofthelinkscanbeusedandnotputintoblockingmodeaswouldbethecasewiththeSpanningTreeProtocol.Thisprovidesforadditionalthroughput,betterutilizationofexpensive10Gconnections,veryfastfailover,andactive-activeconnectionsfromthedownstreamportchannelswitchtotheupstreamvPCswitch.Anotheradvantageisthatdual-homedserverscanformaportchannelandruninactive-activemode,therebyincreasingserverbandwidthfromthenetwork.Toprovideforstability,eachofthetwovPCswitchesmaintainsacompletelyindependentcontrolplanesothatbothdevicescanworkindependentlyofeachother.

Thefunctionusedtocombineportchannelsacrossmultiplechassishasneverbeenstandardized,soeachvendorhasitsownimplementation.Thus,mixingandmatchingoccurswhensettingthisup.ANexusswitchrunningvPCwilltalkonlytootherCiscodevicesthatsupportvPCs,whichincluderoutersandfirewallsaswellastheNexusswitchingfamilyofproducts.

AnydevicethatsupportseitherstaticordynamicLACPportchannelscanconnecttoavPC-enabledpairofswitches,becauseitiscompletelyunawarethatitistalkingtotwoswitchesandisstillconvincedthatthereisonlyoneswitch.

itistalkingtotwoswitchesandisstillconvincedthatthereisonlyoneswitch.

Listing1.1showsthebasicvPCconfigurationandcommandsthatareusedinconfiguringvirtualPortChannelsinNX-OS.

Listing1.1:VirtualPortChannelconfiguration

N7K-1#showrunvpc

!Command:showrunning-configvpc

!Time:SatSep2010:33:392014

featurevpc

vpcdomain201

peer-switch

peer-keepalivedestination172.16.1.2source10.255.255.1vrf

vpc-keepalive

peer-gateway

interfaceport-channel1

vpcpeer-link

interfaceport-channel21

vpc21

interfaceport-channel22

vpc22

interfaceport-channel100

vpc100

interfaceport-channel101

vpc101

interfaceport-channel102

vpc102

interfaceport-channel103

vpc103

interfaceport-channel104

vpc104

interfaceport-channel200

vpc200

interfaceport-channel201

vpc501

ThevPCroledefinesthemasterandbackupswitchesandtheswitchthattakesmanagementcontrolduringafailover.

Listing1.2isanexampleshowingtheroleofthevirtualPortChannelsperswitch.

Listing1.2:RoleofvPCperswitch

N7K-1#showvpcrole

vPCRolestatus

——————————————————————————

vPCrole:primary

DualActiveDetectionStatus:0

vPCsystem-mac:00:23:04:ce:43:d9

vPCsystem-priority:32667

vPClocalsystem-mac:b3:87:23:ec:3a:38

vPClocalrole-priority:32667

ThevPCpeerkeepaliveisacommunicationchannelbetweenthetwovPC-speakingswitches,anditprovidesforhealthchecksandgracefulfailoverduringanetworkinterruption:

N7K-1#showvpcpeer-keepalive

vPCkeepalivestatus:peerisalive

—Peerisalivefor:(11010015)seconds,(443)msec

—Sendstatus:Success

—Lastsendat:2014.09.2014:44:29203ms

—Sentoninterface:Po10

—Receivestatus:Success

—Lastreceiveat:2014.09.2014:44:29707ms

—Receivedoninterface:Po10

—Lastupdatefrompeer:(0)seconds,(412)msec

vPCKeepaliveparameters

—Destination:172.16.1.2

—Keepaliveinterval:1000msec

—Keepalivetimeout:5seconds

—Keepaliveholdtimeout:3seconds

—Keepalivevrf:vpc-keepalive

—Keepaliveudpport:3200

—Keepalivetos:192

ThevPCpeerlinkinterconnectsthetwovPCswitches,anditisrecommendedtouseaportchannelofatleasttwo10Gigabitinterfacestocross-connecttheswitches.Thepeerlinkisfordatatrafficthatneedstocrossfromoneswitchtoanotherincaseofafailureofbroadcastormulticasttraffic:

N7K-1#showvpcstatisticspeer-link

port-channel1isup

adminstateisup,

Hardware:PortChannel,address:3200.b38723.ec3a(bia

3200.b38723.ec3a)

Description:INTERCONNECTTON7K-2

MTU9216bytes,BW50000000Kbit,DLY10usec

reliability255/255,txload1/255,rxload11/255

EncapsulationARPA,mediumisbroadcast

Portmodeistrunk

full-duplex,10Gb/s

Inputflow-controlisoff,outputflow-controlisoff

Auto-mdixisturnedoff

Switchportmonitorisoff

EtherTypeis0x8100

Membersinthischannel:Eth1/10,Eth1/11,Eth1/12,Eth1/13,

Eth1/14

Lastclearingof"showinterface"counters1w2d

0interfaceresets

30secondsinputrate2312842168bits/sec,326853packets/sec

30secondsoutputrate54908224bits/sec,18376packets/sec

Load-Interval#2:5minute(300seconds)

inputrate1.57Gbps,254.97Kpps;outputrate65.88Mbps,

17.80Kpps

RX

2656098890478unicastpackets3488139973multicastpackets

1065572884broadcastpackets

2660652603335inputpackets2510549942324604bytes

597047427jumbopackets0stormsuppressionpackets

0runts0giants0CRC0nobuffer

0inputerror0shortframe0overrun0underrun0ignored

0watchdog0badetypedrop0badprotodrop0ifdowndrop

0inputwithdribble1622248inputdiscard

0Rxpause

TX

176774626032unicastpackets3605583220multicastpackets

1197006145broadcastpackets

181577215397outputpackets97473344394685bytes

23357961jumbopackets

0outputerror0collision0deferred0latecollision

0lostcarrier0nocarrier0babble31541967outputdiscard

0Txpause

Listing1.3isanexampleofavPCtrunkconnectingtoadownstreamswitch,suchasaNexus5000,whichisconfiguredasaregularportchannel:

Listing1.3:ShowVPCstatisticsVPC100

N7K-1#showvpcstatisticsvpc100

port-channel100isup

adminstateisup,

vPCStatus:Up,vPCnumber:100

Hardware:PortChannel,address:3200.b38723.ec3a(bia

3200.b38723.ec3a)

Description:vPCTODOWNSTREAM5K-1and2

MTU9216bytes,BW20000000Kbit,DLY10usec

reliability255/255,txload2/255,rxload4/255

EncapsulationARPA,mediumisbroadcast

Portmodeistrunk

full-duplex,10Gb/s

Inputflow-controlisoff,outputflow-controlisoff

Auto-mdixisturnedoff

Switchportmonitorisoff

EtherTypeis0x8100

Membersinthischannel:Eth6/18,Eth6/19

Lastclearingof"showinterface"counters6w5d

0interfaceresets

30secondsinputrate317316592bits/sec,58271packets/sec

30secondsoutputrate214314544bits/sec,51157packets/sec

Load-Interval#2:5minute(300seconds)

inputrate283.62Mbps,51.76Kpps;outputrate212.04Mbps,

46.53Kpps

RX

265673077175unicastpackets587638532multicastpackets

77788213broadcastpackets

266338503920inputpackets233085090809109bytes

578180403jumbopackets0stormsuppressionpackets

0runts0giants0CRC0nobuffer

0inputerror0shortframe0overrun0underrun0ignored

0watchdog0badetypedrop0badprotodrop0ifdowndrop

0inputwithdribble10inputdiscard

0Rxpause

TX

217921592575unicastpackets433277238multicastpackets

375222491broadcastpackets

218730092304outputpackets118403825418933bytes

11548617jumbopackets

0outputerror0collision0deferred0latecollision

0lostcarrier0nocarrier0babble6278758outputdiscard

0Txpause

UnderstandingPortChannelsPortchannelingistheprocessoflogicallyconnectingmultiplephysicalinterfacesintoonelargerandhigher-bandwidthlogicalinterfaceforadditionalspeedandredundancy(seeFigure1.11).Thebenefitsofcreatingportchannelsareincreasedbandwidthandlinkredundancy.TherecanbetwotoeightlinksaggregatedintoasingleEtherChannel,andhundredsofEtherChannelscanbeconfiguredonaNexusswitch.

FIGURE1.11Portchannels

Trafficisdistributeddownanassignedlinkbasedonahashoftheconfiguredload-balancealgorithm.MethodsusedtodistributetrafficareaMACaddress,IPaddress,orLayer4port.Theydonotneedtomatchoneachendofthelink,buttrafficdistributionwillbeunevenifnot.Bestpracticeistohavetheload-balancealgorithmmatchoneachendofthelink,butitisnotrequired.

N5K-1#showEtherchannelload-balance

N5K-1#port-channelload-balance<dest-ip|dst-mac|src-dst-ip|

src-dst-mac|src-ip|srv-mac>

Broadcastandmulticasttrafficisallsentdownonlyoneassignedlink.Ifalinkgoesdown,trafficisdynamicallymovedovertoanotherlink,butitdoesnotmovebackifthelinkcomesbackup.

Therearetwosupportedlinkaggregationprotocols.Thefirstisastatictypeofconfigurationwhereitisenabledandalwayson.ThesecondmethodisadynamicnegotiationbasedontheLinkAggregationControlProtocol(LACP).AnolderCiscoproprietarylinkaggregationapproachcalledPortAggregationProtocol(PaGP)isnotsupportedinNX-OS,soallconnecteddevicesmust

supporteitherLACPorstaticportchannels.

ToformanEtherChannelbetweentwoswitches,somebaseconditionsmustbemet.Allportsmustbethesameduplexandspeed,andinterfacesgroupedinabundleareredundant(thetrafficflowsfailover).NointerfacesinabundlecanbeSPANports(nosniffing),andinterfacesgroupedinabundlemustbeinthesameVLAN/trunk(configuredonrealinterfacesusingtherangecommand).Also,anychangestoaportchannelinterfaceaffectallbundleportswithwhichitisassociated.Anychangestoindividualportsaffectonlythatportandnoneoftheothersinthebundle.

LACPisbasedontheindustrystandardprotocol802.3ad,andithasthreemodesofoperation:

Passive:ThisLACPmodeplacesaportinapassivenegotiationstate.Inthisstate,theportrespondstotheLACPpacketsthatitreceivesbutdoesnotinitiateLACPpacketnegotiation(default).

Active:ThisLACPmodeplacesaportinanactivenegotiatingstate.Inthisstate,theportinitiatesnegotiationswithotherportsbysendingLACPpackets.

On:ThisLACPmodeforcestheinterfacetochannelwithoutLACPnegotiations.

PortchannelscanbeeitherLayer2bridgedwithVLANsoraLayer3IPportchannelinterfaceroutedportusingthenoswitchportcommand.

LACPusesapriorityvalueofsystempriorityplusMACaddress.ThelowestvalueisallowedtomakedecisionsaboutwhichportswillactivelyparticipateinanEtherChannelandwhichportswillbeheldinastandbysite:

N5K-1(config-if)#channel-group<1-x>mode<active|on|etc.>

N5K-1(config)#interfacerangefastethernet0/1—2

N5K-1(config-if)#channel-group5modepassive|active

Ifoneendoftheportchannelisconfiguredaspassive,theotherendmustbeactiveinordertonegotiatetheportchannelsuccessfully.Thedefaultispassive,soyoumustpayattentiontotheconfigurationsonbothends.

Onemodecreatesagroup,whichisnotamodebutaforcedstaticconfiguration.Itisneitheractivenorpassiveanddoesnotsendoutnegotiationpackets.Theportchannelishard-configuredwithoutusingLACPwhenOnisused.

ConfiguringthechannelgroupasOncreatesanewinterface,port-channel1,andstaticallyconfiguresanEtherChannelwithnoLACPnegotiations:

N5K-1(config-if)#channel-group1on

Toconfigureaportchannel,usetheinterfaceconfigurationcommandchannel-group,andaddittothegroupthatsharesthesameportchannelnumberthatyouassign.Thisalsocreatesaportchannelinterface,suchasInterfacePo1.TheconfigurationisshowninListing1.4.

Listing1.4:Usingtheinterfaceconfigurationcommand

N5K-1(config-if)#interfaceFastEthernet0/1

N5K-1(config-if)#switchporttrunkencapsulationdot1q

N5K-1(config-if)#channel-group1modeactive

N5K-1(config-if)#interfaceFastEthernet0/2

N5K-1(config-if)#switchporttrunkencapsulationdot1q

N5K-1(config-if)#channel-group1modeactive

Toviewportchannelconfigurationsandstatistics,usethefollowingcommands:

N5K-1#showlacpcounters

N5K-1#showlacpinternal

N5K-1#showlacpneighbor

N5K-1#showlacpsys-id

N5K-1#showlacpport-channel

Thefollowingisaportchannelload-balancingconfiguration:

N5K-1#showport-channelload-balance

System:source-dest-ip

PortChannelLoad-BalancingAddressesUsedPer-Protocol:

Non-IP:source-dest-mac

IP:source-dest-ipsource-dest-mac

Youmayneedtomodifytheload-balancemetricinsituationswherethetrafficloadoverindividuallinksisnotoptimal.ThiscouldbecausedbyasingleMACaddressthatmatchesaconfiguration,whichdirectsalltrafficdownthesameEthernetlink.Bymodifyingtheload-balancemetricforyourenvironment,youcanbalancetrafficoptimallyoverallEthernetlinksintheportchannel.

Thefollowingoptionsallowyoutoadjusttheload-balancemetricssystem-wide:

destination-ipDestinationIPaddress

destination-macDestinationMACaddress

destination-portDestinationTCP/UDPport

source-dest-ipSource&DestinationIPaddress

source-dest-macSource&DestinationMACaddress

source-dest-portSource&DestinationTCP/UDPport

source-ipSourceIPaddress

source-macSourceMACaddress

source-portSourceTCP/UDPport

N7K-1#showport-channelcapacity

Port-channelresources

1600total10used1590free0%used

N7K-1#showport-channelcompatibility-parameters

portmode

Membersmusthavethesameportmodeconfigured.

portmode

Membersmusthavethesameportmodeconfigured,eitherE,For

AUTO.If

theyareconfiguredinAUTOportmode,theyhavetonegotiateEor

Fmode

whentheycomeup.Ifamembernegotiatesadifferentmode,itwill

be

suspended.

speed

Membersmusthavethesamespeedconfigured.Iftheyareconfigured

inAUTO

speed,theyhavetonegotiatethesamespeedwhentheycomeup.If

amember

negotiatesadifferentspeed,itwillbesuspended.

MTU

MembershavetohavethesameMTUconfigured.Thisonlyappliesto

ethernet

port-channel.

shutlan

Membershavetohavethesameshutlanconfigured.Thisonly

appliesto

ethernetport-channel.

MEDIUM

Membershavetohavethesamemediumtypeconfigured.Thisonly

appliesto

ethernetport-channel.

Spanmode

Membersmusthavethesamespanmode.

loadinterval

Membermusthavesameloadintervalconfigured.

negotiate

Membermusthavesamenegotiationconfigured.

subinterfaces

Membersmustnothavesub-interfaces.

DuplexMode

MembersmusthavesameDuplexModeconfigured.

EthernetLayer

MembersmusthavesameEthernetLayer(switchport/no-switchport)

configured.

*SpanPort

MemberscannotbeSPANports.

*StormControl

Membersmusthavesamestorm-controlconfigured.

FlowControl

Membersmusthavesameflowctrlconfigured.

Capabilities

Membersmusthavecommoncapabilities.

Capabilitiesspeed

Membersmusthavecommonspeedcapabilities.

Capabilitiesduplex

Membersmusthavecommonspeedduplexcapabilities.

ratemode

Membersmusthavethesameratemodeconfigured.

CapabilitiesFabricPath

Membersmusthavecommonfabricpathcapability.

PortisPVLANhost

PortChannelcannotbecreatedforPVLANhost

1Gportisnotcapableofactingaspeer-link

Membersmustbe10GtobecomepartofavPCpeer-link.

EthType

MembersmusthavesameEthTypeconfigured.

port

MembersportVLANinfo.

port

Membersportdoesnotexist.

switchingport

Membersmustbeswitchingport,Layer2.

portaccessVLAN

MembersmusthavethesameportaccessVLAN.

portnativeVLAN

MembersmusthavethesameportnativeVLAN.

portallowedVLANlist

MembersmusthavethesameportallowedVLANlist.

portVoiceVLAN

Membersmustnothavevoicevlanconfigured.

FEXpinningmax-linksnotone

FEXpinningmax-linksconfigisnotone.

Multipleport-channelswithsameFex-id

Multipleport-channelstosameFEXnotallowed.

*PortboundtoVIF

MemberscannotbeSIFports.

*Membersshouldhavesamefexconfig

MembersmusthavesameFEXconfiguration.

AllHIFmemberportsnotinsamepinninggroup

AllHIFmemberportsnotinsamepinninggroup

vPCcannotbedefinedacrossmorethan2FEXes

vPCcannotbedefinedacrossmorethan2FEXes

MaxmembersonFEXexceeded

MaxmembersonFEXexceeded

vPCcannotbedefinedacrossSTandAAFEX

vPCcannotbedefinedacrossSTandAAFEX

Slotinhostvpcmode

Cannotaddcfgedslotmembertofabricpovpc.

UntaggedCosParams

Membersmusthavethesameuntaggedcos.

PriorityFlowControlParams

Membersmusthavethesamepriorityflowcontrolparameters.

UntaggedCosParams

Membersmusthavethesameuntaggedcos.

PriorityFlowControlParams

Membersmusthavethesamepriorityflowcontrolparameters.

queuingpolicyconfiguredonport-channel

queuingservice-policynotallowedonRWHIF-portsandRWHIF-Po.

Portpriority-flow-control

PFCconfigshouldbethesameforallthemembers

Port-channelwithSTPconfiguration,notcompatiblewithHIF

HIFportscannotbeboundtoport-channelwithSTPconfiguration

PortSecuritypolicy

Membersmusthavethesameport-securityenablestatusasport-

channel

Dot1xpolicy

Membersmusthavehostmodeasmulti-hostwithnomab

configuration.Dot1X

cannotbeenabledonmemberswhenPortSecurityisconfiguredon

port

channel

PCQueuingpolicy

QueuingpolicyforthePCshouldbesameassystemqueuingpolicy

SlotinvpcA-Amode

CannotaddActive-Activehifporttovpcpo.

*PVLANportconfig

MembersmusthavesamePVLANportconfiguration.

*Emulatedswitchporttypepolicy

vPCportsinemulatedswitchcomplexshouldbeL2MPcapable.

VFCboundtointerface.Cannotadd

thisinterfacetotheportchannel.

VFCboundtoportchannel

PortChannelsthathaveVFCsboundtothemcannothavemorethan

onemember

VFCboundtoFCoEcapableportchannel

PortChannelsthathaveVFCsboundtothemcannothavenonfcoe

capablemember

VFCboundtomemberportofportchannel.

Failtoaddadditionalinterfacetoportchannel

vfcboundtomemberportofhifpo,Twomemberscannotbeonthe

samefex

Failtoaddadditionalinterfacetoportchannel

Flexlinkconfig

Featuresconfiguredonmemberinterfacemustbesupportableby

Flexlink.

Tolookattheportchannelstatistics,usethecommandsshowninListing1.5:

Listing1.5:Viewingportchannelstatistics

N7K-1#showport-channeldatabase

port-channel1

Lastmembershipupdateissuccessful

1portsintotal,1portsup

FirstoperationalportisEthernet1/40

Ageoftheport-channelis11d:00h:06m:26s

Timesincelastbundleis11d:00h:07m:20s

LastbundledmemberisEthernet6/36

Ports:Ethernet6/36[active][up]*

port-channel2

Lastmembershipupdateissuccessful

2portsintotal,0portsup

Ageoftheport-channelis11d:00h:06m:26s

Timesincelastbundleis11d:00h:07m:20s

LastbundledmemberisEthernet6/38

Ports:Ethernet6/37[active][individual]

Ethernet6/38[active][individual]

N7K-1#showport-channelinternalmax-channels

Maxportchannels=4096

N7K-1#showport-channelsummary

Flags:D—DownP—Upinport-channel(members)

I—IndividualH—Hot-standby(LACPonly)

s—Suspendedr—Module-removed

S—SwitchedR—Routed

U—Up(port-channel)

M—Notinuse.Min-linksnotmet

————————————————————————————————————————

GroupPort-TypeProtocolMemberPorts

Channel

————————————————————————————————————————

1Po1(SU)EthLACPEth3/18(P)

2Po2(SD)EthLACPEth3/20(I)Eth1/45(I)

N7K-1#showport-channeltraffic

ChanIdPortRx-UcstTx-UcstRx-McstTx-McstRx-BcstTx-Bcst

———————-———-———-———-———-———-———-

1Eth3/18100.00%100.00%100.00%100.00%100.00%100.00%

———————-———-———-———-———-———-———-

2Eth3/200.0%0.0%0.0%0.0%0.0%0.0%

2Eth1/50.0%0.0%0.0%0.0%0.0%0.0%

———————-———-———-———-———-———-———-

N7K-1#showport-channelusage

Total2port-channelnumbersused

============================================

Used:1—2

Unused:3—4096

(somenumbersmaybeinusebySANportchannels)

interfaceport-channel1

descriptionDOWNLINKTON5K-1

switchportmodetrunk

spanning-treeporttypenetwork

speed10000

vpcpeer-link

interfaceport-channel2

descriptionDOWNLINKTON5K-2

switchportmodetrunk

speed1000

N7K-1#showinterfaceport-channel1

port-channel1isup

Hardware:PortChannel,address:000c.ae56.ac59(bia

000c.ae56.bd82)

MTU1500bytes,BW10000000Kbit,DLY10usec

reliability255/255,txload1/255,rxload1/255

EncapsulationARPA

Portmodeistrunk

full-duplex,10Gb/s

Inputflow-controlisoff,outputflow-controlisoff

Switchportmonitorisoff

EtherTypeis0x8100

Membersinthischannel:Eth2/44,Eth2/45

Lastclearingof"showinterface"countersnever

30secondsinputrate264560bits/sec,290packets/sec

30secondsoutputrate253320bits/sec,284packets/sec

Load-Interval#2:5minute(300seconds)

inputrate199.38Kbps,152pps;outputrate267.90Kbps,140

pps

RX

13285983170unicastpackets95062519784multicastpackets

15003626146broadcastpackets

123352129100inputpackets30102124993337bytes

3012858323jumbopackets0stormsuppressionpackets

0runts0giants0CRC0nobuffer

0inputerror0shortframe0overrun0underrun0ignored

0watchdog0badetypedrop0badprotodrop0ifdowndrop

0inputwithdribble0inputdiscard

0Rxpause

TX

17914869680unicastpackets1548068310multicastpackets

231568384broadcastpackets

19694506383outputpackets17726936415623bytes

8484408762jumbopackets

9outputerrors0collision0deferred0latecollision

0lostcarrier0nocarrier0babble0outputdiscard

0Txpause

2interfaceresets

interfaceEthernet1/39

descriptionPORT-CHANNEL-1

switchportmodetrunk

channel-group1modeactive

interfaceEthernet1/40

descriptionPORT-CHANNLE-1

switchportmodetrunk

channel-group1modeactive

GoingVirtualwithVirtualDeviceContextsCanyoutakeachainsawandcutthatniceandexpensiveNexusswitchintomanyindividualplatforms?Iwouldnotrecommendit,butthewonderfulworldofvirtualizationallowsonebigphysicalNexusswitchtobeportionedandactas

ofvirtualizationallowsonebigphysicalNexusswitchtobeportionedandactasifitweremanyswitches!

Withvirtualdevicecontexts(VDCs),youcanassignasectionofthelinecardportsandmanagementprocessorcontroltovariousdevices,anditactsasifitwereitsownstandaloneNexusswitch,asshowninFigure1.12.TocommunicatebetweenVDCs,youneedtocableoutofonelinecardportinoneVDCandintotheotherVDCportonthesameswitch.

FIGURE1.12Virtualdevicecontexts

VDCscanbeusedtocreateacollapsedbackbonedesignorinmultitenantdatacenters.Eachcustomercanhavecontrolovertheirownvirtualdevicecontext,totallyindependentofothercustomersconnectedtothesameNexusswitch.

ThefollowingarestepstocreatenewVDCsandassignportstothem:

1. CreateavirtualdevicecontextcalledVDC-2:

N7K-1(config)#vdcVDC-2

Note:CreatingVDC,onemomentplease...

N7K-1(config-vdc)#2014SEP3000:43:18N7K-1%$VDC-1%$

%VDC_MGR-2-VDC_ONLINE:

vdc2hascomeonline

2. CreateanothervirtualdevicecontextcalledVDC-3:

N7K-1(config)#vdcVDC-3

Note:CreatingVDC,onemomentplease...

N7K-1(config-vdc)#2014SEP3000:47:08N7K-1%$VDC-1%$

%VDC_MGR-2-VDC_ONLINE:

vdc3hascomeonline

3. ShowthedefaultandtwonewVDCsconfigured:

N7K-1(config-vdc)#showvdc

vdc_idvdc_namestatemac

—————————-—————

1N7K-1active00:65:30:c8:c4:0a

2VDC-2active00:65:30:c8:fb:61

3VDC-3active00:65:30:c8:21:b6

4. AssignlinecardEthernetinterfacestobeusedbyVDC-2inthechassis:

N7K-1(config-vdc)#vdcvdc-2

N7K-1(config-vdc)#allocateinterfaceethernet1/10,e1/11,

e1/12,e1/13

Movingportswillcauseallconfigassociatedtotheminsource

vdctoberemoved.Areyousureyouwanttomovetheports

(y/n)?[yes]y

N7K-1(config-vdc)#allocateinterfaceethernet2/10,e2/11,

e2/12,e2/13

Movingportswillcauseallconfigassociatedtotheminsource

vdctoberemoved.Areyousureyouwanttomovetheports

(y/n)?[yes]y

N7K-1(config-vdc)#allocateinterfaceether3/1–10

Movingportswillcauseallconfigassociatedtotheminsource

vdctoberemoved.Areyousureyouwanttomovetheports

(y/n)?[yes]y

5. DisplaytheEthernetinterfacesassignedtoVDC-1:

N7K-1(config-vdc)#shvdcvdc-2membership

vdc_id:2vdc_name:VDC-2interfaces:

Ethernet1/10Ethernet1/11Ethernet1/12

Ethernet1/13Ethernet2/10Ethernet2/11

Ethernet2/12Ethernet2/13Ethernet3/1

Ethernet3/2Ethernet3/3Ethernet3/4

Ethernet3/5Ethernet3/6Ethernet3/7

Ethernet3/8Ethernet3/9Ethernet3/10

6. AssignlinecardEthernetinterfacestobeusedbyVDC-3inthechassis:

N7K-1(config-vdc)#vdcvdc-3

N7K1(config-vdc)#allocateinterfaceethernet7/10,e7/11,

e7/12,e7/13

Movingportswillcauseallconfigassociatedtotheminsource

vdctoberemoved.Areyousureyouwanttomovetheports

(y/n)?[yes]y

N7K-1(config-vdc)#allocateinterfaceethernet8/10,e8/11,

e8/12,e8/13

Movingportswillcauseallconfigassociatedtotheminsource

vdctobe

removed.Areyousureyouwanttomovetheports(y/n)?[yes]y

N7K-1(config-vdc)#allocateinterfaceether8/20—24

Movingportswillcauseallconfigassociatedtotheminsource

vdctobe

removed.Areyousureyouwanttomovetheports(y/n)?[yes]y

7. DisplaytheEthernetinterfacesassignedtoVDC-2:

N7K-1(config-vdc)#shvdcvdc-3membership

vdc_id:3vdc_name:VDC-3interfaces:

Ethernet7/10Ethernet7/11Ethernet7/12

Ethernet7/13Ethernet8/10Ethernet8/11

Ethernet8/12Ethernet8/13Ethernet8/20

Ethernet8/21Ethernet8/22Ethernet8/23

Ethernet8/24

8. PerformthefollowingtologintoaVDC:

Usethe"switchtovdc<vdcname>"commandtologintoanew

context:

N7K-1#switchtovdcvdc-2

N7K-1-vdc-2#

N7K-1-vdc-2#exit

N7K-1#

StorageNetworkingwithNexusTheNX-OSoperatingsystemintheNexuslinehasitsrootsinstoragenetworkingandtheCiscoMDSlineofstorageareanetworkswitchingproducts.Toreducecosts,complexity,cabling,power,andcoolinginthedatacenter,thestoragenetworkscansharethesameswitchingfabricasusedintheNexusproducts.

Withconvergednetworkadaptersintheserversystems,thecablingcanbe

Withconvergednetworkadaptersintheserversystems,thecablingcanbegreatlyreducedintheequipmentracksattheaccesstothenetwork.SANandLANtrafficcanconnectoverthesame10GigabitEthernetcablingandcanbeconsolidatedintheswitches.Thestoragetrafficcanbeconsolidatedinthiswayandtheninterconnectedtothestoragenetworktoaccessthestoragecontrollersandsystems.DevelopmentsinsharedfabrictechnologiesallowFibreChanneltobeencapsulatedintoEthernetframesandtosharetheLANswitchingfabric.Withenhancementstoqualityofserviceandflowcontrolmechanisms,theSANtrafficcanbesafeguardedagainstpacketlosstowhichitisinsensitive.

Laterinthebook,wewilltakeadeeperlookintotheconsolidationofLANandSANtrafficintoasharedswitchingfabric.

ConfiguringandVerifyingNetworkConnectivityToconfigurebasicnetworkconnectivityontheNexus7000andNexus5000series,anIPaddressandsubnetmaskmustbeconfiguredonthededicatedEthernetmanagementinterfacecalledmgmt0.Thisiscanbedonethroughtheserialportor,asyouwillseelater,throughaspecializedseriesofconfigurationquestionswheninsetupmode.

N5K-1#configt

Enterconfigurationcommands,oneperline.EndwithCNTL/Z.

N5K-1(config)#interfacemgmt0

N5K-1(config-if)#ipaddress192.168.1.5/24

N5K-1(config-if)#exit

N5K-1(config-if)#iproute0.0.0.0/0192.168.1.1

ThemanagementinterfacesofthenetworkingequipmentinthedatacenterdonotgenerallyusethesameEthernetinterfacesthatcarryusertraffic.Thisisdoneforsecuritypurposes,becausewecanplacethemanagementnetworksbehindafirewalltoprotectaccess.SeparatingthemanagementnetworkalsoprovidesanotherconnectionpathintotheNexusswitchesifthereisaproblemwiththeuserdataVLANs.Themanagementnetworkissometimescalledtheout-of-bandnetwork(OOB),anditusesaseparateexternalswitchtointerconnectallofthemanagementports.

IdentifyingControlandDataPlaneTrafficWewillnowdigalittledeeperintothearchitectureofbothswitchesandroutersinordertobecomefamiliarwiththeconceptsofhowmanagementandregular

inordertobecomefamiliarwiththeconceptsofhowmanagementandregulardatatrafficareseparatedinsidetheNexusswitches.DatatakesoneforwardingpaththroughaNexusswitch,andmanagementtrafficisseparateandusesitsowncontrolplane,aswewilldetailbelow.

DataPlaneThedataplane,showninFigure1.13(sometimesknownastheuserplane,forwardingplane,carrierplane,orbearerplane),isthepartofanetworkthatcarriesusertraffic.

FIGURE1.13Dataplane

Thedataplaneisforpacketstransitingthroughtheswitchandisthedatatraffictoandfromserversandotherdevicesinthedatacenter.Thedataplaneiswhatthenetworkreallyexistsfor,andthecontrolandmanagementplanesallowthesetupandmanagementinordertoprovidecorrectforwardinginthedataplane.

Itisimportanttorememberthatthedataplanecarriestrafficthattransitsthroughtheswitchesandroutersandnottothem.

ThedataplaneonaNexus7000usesaunifiedcrossbarfabric.Thefabriccardsarecircuitcardsthatinsertintothe7000chassisandsupplybandwidthtoeach

arecircuitcardsthatinsertintothe7000chassisandsupplybandwidthtoeachcardinthechassis.Thebandwidthisscalablebyaddingadditionalfabricmodules.

ControlPlaneThecontrolplane,illustratedinFigure1.14,consistsofalltrafficthatisdestinedtotheNexusswitchitself.Thiscanbenetworkmanagementtraffic,SSH,Telnet,routingprotocols,SpanningTreesignalingaprotocolanalyzer,ARP,VRRP,andanyothertrafficthattheNexususestocommunicatewithotherdevices.

FIGURE1.14Controlplane

Closelyrelatedtothecontrolplane,andsometimesusedinterchangeably,istheNexusmanagementplane.ThemanagementplaneisusedtomanagetheNexusswitchwithterminalemulationprotocols,suchasSSHandTelnet,andisundercontrolofnetworkmanagementsystemsusingtheSimpleNetworkManagementProtocol(SNMP).ThecontrolandmanagementplanesaremanagedbytheNexussupervisorCPU.

Abuilt-inprotectionmechanisminNX-OSthat’susedtoprotectthecontrolplanefromsecuritydenial-of-service(DoS)attacksiscalledControlPlanePolicing(CoPP).CoPPprovidessecuritybyrate-limitingtrafficfromthe

outsideasitentersthecontrolplane.Ifthereisafloodoftrafficfromlegitimateprotocols,suchasBGP,OSP,orSpanningTree,it’spossiblethattheCPUcanpegat100percentanddenySSH,Telnet,andSNMPconnectionsformanagingtheswitch.Allroutingandswitchingcouldalsobeaffected.CoPPisonbydefault,andwhileitcanbemodified,changingtheparametersisnotrecommendedunlessthereisaverygoodreasonfordoingso.

PerformingtheInitialSetupWhenpoweringupaNexusswitchthathasnoconfigurationsetup,youcanperformaprocesstosetthebaseconfiguration.Youcanrunthisatanytime,butitisusuallyperformedonlyatinitialsetup.WhenanewVDCiscreated,asetupscriptisrunforthatVDCsinceitcomesupinitiallywithablankconfiguration.

Connectaserialcableintotheconsoleportoftheswitch,andpowertheswitchuptoaccessthesetuputility.WhentheNexuscannotfindaconfiguration,itwillpromptyoutoseeifyouwanttorunthesetup.

Youwillneedtoknowseveralitems.ItisalwaysagoodideatousestrongpasswordstoaccesstheNexus.Astrongpasswordmustconsistofeightcharactersthatarenotconsecutivesuchas“abc”orthatdonotrepeatsuchas“ddee.”Alsoavoidusingdictionarywords,andusebothuppercaseandlowercasecharacters.Youmustuseatleastonenumberinastrongpassword.Ifthepassworddoesnotmeettheserequirements,itwillnotbeaccepted.Also,rememberthatthepasswordsarecasesensitive.Forsecurityreasons,allconsoletrafficshouldbeencryptedbyenablingtheSSHprotocolanddisablingTelnet.

ThereisanoptiontomakealloftheEthernetportseitherroutedLayer3orswitchedLayer2andtohavethemenabledordisabledbydefault.Inmostenvironments,theNexuswillmainlyhaveLayer2ports.Youcanchangethisonaper-portbasislaterasneeded.MostoftheCiscoswitchingproductlineleavestheLayer2portsenabledbydefaultandtheLayer3portsdisabled.

Listing1.6providesthesetupdialogsessiononaNexus7000seriesswitch.

Listing1.6:SetupdialogsessiononaNexus7000seriesswitch

——SystemAdminAccountSetup——

Doyouwanttoenforcesecurepasswordstandard(yes/no)[y]:y

Enterthepasswordfor"admin":<password>

Confirmthepasswordfor"admin":<password>

——BasicSystemConfigurationDialogVDC:1——

Thissetuputilitywillguideyouthroughthebasicconfiguration

ofthesystem.Setupconfiguresonlyenoughconnectivityfor

managementofthesystem.

PleaseregisterCiscoNexus7000Familydevicespromptlywithyour

supplier.Failuretoregistermayaffectresponsetimesforinitial

servicecalls.Nexus7000devicesmustberegisteredtoreceive

entitledsupportservices.

PressEnteratanytimetoskipadialog.Usectrl-catanytimeto

skiptheremainingdialogs.

Wouldyouliketoenterthebasicconfigurationdialog(yes/no):

yes

Createanotherloginaccount(yes/no)[n]:yes

EntertheUserloginId:<username>

Enterthepasswordfor"user1":<user_password>

Confirmthepasswordfor"user1":<user_password>

Entertheuserrole(network-operator|network-admin|vdc-

operator|vdc-admin)[network-operator]:<default_role>

Configureread-onlySNMPcommunitystring(yes/no)[n]:yes

SNMPcommunitystring:<snmp_community_string>

Entertheswitchname:<name>

Enablelicensegraceperiod?(yes/no)[n]:yes

ContinuewithOut-of-band(mgmt0)managementconfiguration?

[yes/no]:yes

Mgmt0IPv4address:<mgmt0_ip_address>

Mgmt0IPv4netmask:<mgmt0_subnet_mask>

Configurethedefault-gateway:(yes/no)[y]:yes

IPv4addressofthedefault-gateway:<default_gateway_IP>

ConfigureAdvancedIPoptions(yes/no)?[n]:yes

Configurestaticroute:(yes/no)[y]:yes

Destinationprefix:<destination_ip_prefix>

Destinationprefixmask:<dest_subnet_mask>

Nexthopipaddress:<next_hop_ip_address>

Configurethedefaultnetwork:(yes/no)[y]:yes

DefaultnetworkIPaddress[dest_prefix]:<dest_prefix>

ConfiguretheDNSIPaddress?(yes/no)[y]:yes

DNSIPaddress:ipv4_address

ConfigurethedefaultDNSdomain?(yes/no)[y]:yes

DNSdomainname:<domainname.com>

Enablethetelnetservice?(yes/no)[y]:yes

Enablethesshservice?(yes/no)[y]:yes

Typeofsshkeyyouwouldliketogenerate(dsa/rsa):<key_type>

Numberofkeybits<768–2048>:<number_of_bits>

ConfigureNTPserver?(yes/no)[n]:yes

NTPserverIPaddress:<ntp_server_IP_address>

Configuredefaultinterfacelayer(L3/L2)[L3]:

<default_interface_layer>

Configuredefaultswitchportinterfacestate(shut/noshut)[shut]:

<defaultisshutdown>

ConfigurebestpracticesCoPPprofile

(strict/moderate/lenient/none)[strict]:<profile_policy>

ConfigureCMPprocessoroncurrentsup(slot5)?(yes/no)[y]:yes

cmp-mgmtIPv4address:<IP_address>

cmp-mgmtIPv4netmask:<subnet_mask>

IPv4addressofthedefaultgateway:<default_gateway>

ConfigureCMPprocessoronstandbysup(slot5)?(yes/no)[y]:yes

cmp-mgmtIPv4address:<IP_address>

cmp-mgmtIPv4netmask:<subnet_mask>

IPv4addressofthedefaultgateway:<default_gateway>

Wouldyouliketoedittheconfiguration?(yes/no)[y]:yes

Usethisconfigurationandsaveit?(yes/no)[y]:yes

Whenyousavetheconfiguration,itwillbestoredinNVRAMtosurviveareboot.Severalotherparametersareautomaticallyadded,suchasthebootandNX-OSimagelocations.

SummaryInthisintroductorychaptercoveringtheCiscodatacenterproducts,wediscussedthedifferentdesignmethods,protocols,andtechnologiesthatmakeup

discussedthedifferentdesignmethods,protocols,andtechnologiesthatmakeupthemoderndatacenter.YoulearnedthatLANandSANdatacannowbesentsimultaneouslyacrossaunifiedswitchingfabricthatprovidesmanyadvantagesoverusingseparatenetworks.

WelookedindepthattheNexusfeaturesthatareusedinthedatacenter,suchasvirtualization,whichallowsasingleNexusswitchtobedividedintoseparatelogicalswitches.Weintroducedoverlaytransportandshowedhowitcanbeusedtointerconnectdatacenterstomakethemappearasiftheywerelocallyconnected.

With10GigabitEthernetinterfacesnowbeingusedinthedatacenter,weexamineddifferentmethodsforusingallofthelinksinaparallelandredundantfashioninordertoincreasespeedandefficiency.WeintroducedtechnologiessuchasFabricPathandvirtualPortChannelsthatcanbeusedtoaccomplishthis.

WealsocoveredthebasicsetupandconfigurationofNexusswitchesandthefunctionsoftheinternaldataandcontrolplanes.

Allofthiswillbeexpandedandexploredingreaterdetailasweprogressthroughoutthebook.

ExamEssentialsUnderstandandbeabletoidentifythemodulardatacenterdesign.Itisimportanttoknowthearchitectureofthemoderndatacenter.KnowthattheAccesslayerconnectstheserversandendpointsandthatitiswhereQoSmarkingtakesplace.

TheDistributionlayerinterconnectstheAccesslayerswitchestotheCore,anditprovidesnetworkservicessuchasfirewalls,monitoring,loadbalancing,androuting.

TheCoreiswherethehigh-speedswitchingtakesplace,anditistheheartofthedatacenternetwork.AcollapsedcoredesignisachievedbyusingvirtualdevicecontextsandperformingtheaggregationandcorefunctionsinthesamephysicalNexusswitch.

KnowtheNexusfeaturesthatareusedinthedatacenternetworkenvironment.UnderstandallpartsofvirtualPortChannels,andrecognizetheVPCpeerlinkandpeerkeepalivelinkfunctions.KnowthatavirtualPortChannelallowsforredundancy,fastfailover,andbetterlinkutilizationinthedatacenter.

OverlayTransportVirtualizationisusedtointerconnectdatacentersattheVLANlevelacrossaLayer3routednetwork.OTVencapsulatesVLANsinsideaLayer3IPpacketandroutesittotheremotesitewhereitisde-encapsulated,andbothendsofthenetworkappeartobelocallyconnected.

KnowwhatFabricPathisandwhatitdoes.FabricPathisareplacementfortheSpanningTreeProtocol,anditallowsallnetworklinksinterconnectingtheAccess,Aggregation,andCorelayerstobeactiveatthesametime.FabricPathusesamultipathroutingapproachtoallowmanypathsfromthesendertothereceiverandenableveryfastreroutesshouldalinkfail.

UnderstandtheproductsthatmakeuptheCiscoNexusfamily.TheNexus7000seriesisthechassis-basedplatformthatislocatedattheAggregationandCorelayersofthedatacenternetwork.Ithasredundantsupervisormodulesandpeersupplies.AdditionalslotsareavailableforlinecardstoprovideI/OEthernetconnectionstoupstreamanddownstreamswitchesandconnecteddevices.TheNexus7000hasslotsforfabricmodulesthatinterconnectthelinecardsandprovidetheswitchingbandwidthfordataplanetraffic.

TheNexus5000seriesprovidesconnectivityattheAccesslayer,Aggregationlayer,andinsmallnetworksattheCorelayer.ItisafixedI/Ounitthatcomesin48-and96-portmodels.TheNexus5000seriesdoesnothaveredundantsupervisors,andNexus5000switchesaretypicallydeployedinpairs.

The2000FEXseriesconsistsofremotelinecardsthatcontainnocontrolplaneandconnecttoupstreamNexus5000orNexus7000switches.Knowthatthe2000FEXseriesisalogicalextensionofI/O,muchlikealinecardinachassis-basedswitch.

TheNexus1000isasoftware-onlyswitchthatresidesinvirtualsystemssuchasVMwareinordertoprovideswitchingforthehypervisorandvirtualmachines.

Knowthedifferencebetweencontrolplaneanddataplanetraffic.ControlplanetrafficconsistsoftrafficgoingintoandcomingoutoftheNexusswitch.Thecontrolplanehandlesallroutingprotocoltraffic,SpanningTree,andOTVandsendscontrolinformationbetweenswitches.

DataplanetrafficisusertrafficthatpassesthroughtheNexusswitches.

KnowthatportchannelsareindividualEthernetinterfacesbundledintoonehigh-speedlogicalinterface.Portchannelsarefoundinalldatacenterdesigns.TheyprovideaddedbandwidthforinterconnectingswitchesandconnectingserverfarmstotheAccesslayerofthenetwork.Bycombining

multiplelinks,theyalsoprovideextremelyfastfailoverifalinkgoesdown.Thisfailoverismuchfasterthanmostotherredundancyoptions.Whenconfiguringportchannels,youcansetthemupeitherstaticallyordynamicallybyusingtheLinkAggregationControlProtocol(LACP).Trafficflowsareassignedtoaparticularportchannelusingaload-balancingorhashingapproachtoevenouttheflows.

WhileitmaynotbenecessarytogotoodeepintovirtualizationontheNexus7000series,knowthatitcanbelogicallydividedintomultipleseparateswitchesallresidinginthesamechassisbyusingvirtualdevicecontexts.

WrittenLab1YoucanfindtheanswersinAppendixA.

1. ExaminethediagraminFigure1.15.IdentifythevPCporttypesintheblanksprovided.

A. _______________________________

B. _______________________________

C. _______________________________

FIGURE1.15VPCdiagram

ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter'smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseetheIntroduction.YoucanfindtheanswersinAppendixB.

1. WhichofthefollowingisonefunctionofthedatacenterAggregationlayer?

A. QoSmarking

B. Networkservices

C. Serverfarmconnections

D. High-speedpacketswitching

2. Whichdatacenterdevicessupportvirtualportchannels?(Choosetwo.)

A. MDSseriesswitches

B. Nexus2000seriesswitches

C. Nexus5000seriesswitches

D. Nexus7000seriesswitches

3. WhichofthefollowinglinksinterconnecttwoNexusswitchesconfiguredforvPCandpassservertrafficbetweendataplanes?

A. vPCinterconnectlink

B. vPCpeerlink

C. vPCkeepalivelink

D. vPCportchannellink

4. WhatisneededtoscalethedataplanebandwidthonaNexus7000?

A. Fabricmodules

B. Additionalinterfacemodules

C. Redundantsupervisormodules

D. Systeminterconnectmodule

5. WhereareservicemodulessuchastheASA,WAAS,ACE,andFWSMconnected?

A. Corelayer

B. Networklayer

C. Accesslayer

D. Servicelayer

E. Aggregationlayer

6. TheAccesslayerprovideswhichofthefollowingfunctions?

A. High-speedpacketswitching

B. Routing

C. QoSmarking

D. Intrusiondetection

7. DuringtheinitialsetupofaNexus7000switch,whichofthefollowingareconfigured?

A. VirtualPortChannels

B. SpanningTreemode

C. Routingprotocol

D. Defaultinterfacestate

8. WhatfeatureofNexusswitchesisusedtocreatevirtualswitchesfromonephysicalswitch?

A. vPC

B. OTV

C. COPP

D. VDC

9. TheAggregationlayerprovideswhichtwooperations?

A. Qualityofservicemarking

B. High-speedswitching

C. Servicesconnections

D. Accesscontrollists

10. Whatarethetwolayersofacollapsedbackbonedesign?

A. Accesslayer

B. Overlaylayer

C. Corelayer

D. Aggregationlayer

11. TheCorelayerprovideswhichofthefollowingfunctions?

A. High-speedpacketswitching

B. Routing

C. QoSmarking

D. Intrusiondetection

12. WhattypesofportchannelsaresupportedontheNexusseriesofswitches?(Choosethree.)

A. PaGP

B. LACP

C. vDC

D. Static

13. Virtualdevicecontextsareusedinwhichofthefollowing?(Choosetwo.)

A. Nexussegmentation

B. Collapsedcore

C. VDCsupport

D. Storageareanetworking

14. OTVisusedforwhichofthefollowing?(Choosetwo.)

A. Creatingvirtualswitches

B. ExtendingVLANsacrossaroutednetwork

C. ProtectingthecontrolplanefromDoSattacks

D. Interconnectingdatacenters

15. Whichofthefollowingisusedtoprotectthecontrolplanefromdenial-of-serviceattacks?

A. SNMP

B. OSPF

C. CoPP

D. STP

16. FabricPathprovideswhatfunctionsinthedatacenter?(Choosetwo.)

A. Interconnectingdatacenters

B. ReplacingSpanningTree

C. Connectingstoragetothefabric

D. Allowingalllinkstobeused

17. ANexusswitchcansupporttheSCSIprotocolencapsulatedinwhichofthefollowing?(Choosethree.)

A. iSCSI

B. SNMP

C. FC

D. FCoE

18. WhatprotocolfoolstheconnectedswitchorserverintothinkingthatitisconnectedtoasingleNexusswitchwithmultipleEthernetconnections?

A. LACP

B. PaGP

C. OTV

D. vPC

19. Themodulardesignapproachprovideswhichofthefollowing?(Choosetwo.)

A. Interconnectingdatacenters

B. Easeoftroubleshooting

C. Increasedperformance

D. Controlplaneprotection

20. Whichofthefollowingreducesthecost,power,andcoolingrequirementsinthedatacenter?

A. OTV

B. FabricPath

C. Convergedfabrics

D. VDC

Chapter2NetworkingProducts

THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:

1.0CiscoDataCenterFundamentalsConcepts

1.13DescribetheCiscoNexusproductfamily

THEFOLLOWINGTOPICSARECOVEREDINTHISCHAPTER:

CiscoNexusDataCenterproductportfolio

CiscoNexus7000serieschassisoptions

CiscoNexus7000seriessupervisormodule

CiscoNexus7000serieslicensingoptions

CiscoNexus7000seriesfabricmodules

CiscoNexus7000seriesI/Omodules

CiscoNexus7000seriespowersupplyoptions

CiscoNexus5000serieschassisoptions

CiscoNexus5010and5020switchesfeatures

CiscoNexus5010and5020expansionmodules

CiscoNexus5500platformswitchesfeatures

CiscoNexus5500platformswitchesexpansionmodules

CiscoNexus5000switchseriessoftwarelicensing

CiscoNexus2000seriesFabricExtendersfunctionintheCiscodatacenter

CiscoNexus2000seriesFabricExtendersfeatures

THEFOLLOWINGCISCOMDSPRODUCTFAMILIESARE

REVIEWED:CiscoMDS9000seriesproductsuite

CiscoMDS9500serieschassisoptions

CiscoMDS9500seriessupervisormodules

CiscoMDS9500serieslicensingoptions

CiscoMDS9000seriesswitchingmodules

CiscoMDS9500seriespowersupplyoptions

CiscoMDS9100seriesswitches

CiscoMDS9222iswitch

CiscoApplicationControlEngine

Ciscoisahugecompanywithahordeofgoodstomatch.We’renowgoingtonarrowourfocustotheNexusandMDSproductlines.

Facedwithchoosingtherightdevicetofitperfectlyintoyourdatacenterimplementationiscertainlyachallengingtask,butit’salsocriticaltosuccess.Tosetyouupproperlytosucceed,firstwe’regoingtotakeyouonatourthroughCisco’sentireNexusportfolio.Wewillthenzoominonindividualmodelslikethe7000,5000,and2000series.Youmustbefamiliarwiththeselinesinordertomeetyourexamobjectives.Afterthat,we’llintroduceyoutotheMDSlineandfillyouinonexactlyhowthe9000and9500seriesfitintoasoliddatacentersolution.

Trynottogetoverwhelmedbythesheervolumeofproductscoveredinthischapter,becausemostmachineswithinagivenlineworksimilarly.Manyareevenconfiguredinthesameway.Keepthesefactorsinmindaswegetunderway,andthischapterwillbeabreezeforyou!

TheNexusProductFamily

NexuswasconceivedataCisco-sponsoredstartupcalledNuova,whichCiscopurchasedforahefty$678millioninApril2008.ItturnedouttobeagreatinvestmentbecauseCiscogottwoamazingproductlinesoutofthedeal:NexusandtheUnifiedComputingSystem(UCS).

ThefirstproductslaunchedweretheNexus5000andNexus2000series,withtheNexus7000beingdevelopedlaterwithinCisco.ShortlythereaftercamethepuresoftwareNexus1000V,adevicedesignedspecificallyfortheVMwarevirtualenvironment.ThesefourproductsconstitutethefocusoftheCCNAdatacenterobjective,butwewillstilltakeaquicklookattheentireproductline,asshowninFigure2.1.

FIGURE2.1Nexusproductfamily

NexusProductFamilyOverviewInsteadoforganizingthischapterbypowerorpopularity,weoptedtopresenttheNexuslinetoyounumerically,startingwiththe1000Vandendingwiththe

theNexuslinetoyounumerically,startingwiththe1000Vandendingwiththe9000series.

Nexus1000VAsyou’veprobablyguessed,theNexus1000Vwasdevelopedtodealwiththeexplosivegrowthofvirtualnetworking.Virtualmachineshavetocommunicateonthenetworktoo,andthisneedusedtobemetviaVMwarevirtualswitches.Problematically,thissolutionlefttheCisconetworkingprofessionalsoutoftheloop,leavingnetworkmanagementtoVMwareadministrators.The1000VjumpsthishurdlebyprovidingatrueCiscosolutiontoallofyourvirtualnetworkingneeds.YoucangetitassoftwareoryoucanbuyadedicateddeviceliketheNexus1010,whichisshowninFigure2.2.

FIGURE2.2Nexus1010

KeepinmindthattheNexus1000Visgenerallyimplementedasavirtualappliance—it’snotaphysicaldevice.TheNexus1010simplyhoststhe1000V,whichcanoperateondifferentplatforms.The1000Vispreinstalledonaserver,anditisreallygreatbecauseitrunstheNexusoperatingsystem(NX-OS).It’salsooneofthe“BigFour”deviceswithrespecttotheexamobjectives,soyougetanentirechapterdevotedtoitinthisbook!

Nexus2000TheNexus2000fabricextendersolvesanastydatacenterproblemthatweusedtotackleinoneoftwoless-than-idealways:Eitherweputahugeswitchattheendoftherow,towhichallofourserverswouldconnectforasinglepointofmanagement,orwehadabunchoflittleswitcheslocatedclosetoallofour

servers,typicallyatthetopofeachrack,creatingmanypointsofmanagement(seeFigure2.3).

FIGURE2.3Nexus2000family

TheNexus2000fabricextenderisreallyjustadumbbox,whichsuppliesportsthatcanbeplacedclosetoservers.Youmustunderstandthatfabricextendersaren’tautonomous,becausetheyrequireaparenttowork.Thecombinationofswitchandfabricextenderdeliversaneffectivewaytogetportsclosetotheserversplusprovidesasinglepointofmanagement.You’llfindoutalotmoreaboutthissolutionabitlater.

Nexus3000TheNexus3000series,showninFigure2.4,isanultra-low-latencyswitchthatisidealforenvironmentslikehigh-frequencystocktrading.ThisproductisnotontheCCNAobjectives,butithasbecomeprettypopular.TheNexus3500seriescanprovidealatencyoflessthan250nanoseconds,whichisfreakingamazing!

FIGURE2.4Nexus3000family

The3000isoftenusedasatop-of-rack(ToR)switchindatacenterstoreducecablingrunsfromtheservers.InaToRdesign,theswitchisboltedintothesameequipmentrackastheserverstoreducecabling.

Clearly,the3000productlineisidealforenvironmentsthatarefocusedonreducedlatency.The3200seriesalsosupports10,25,40,50,and100GigabitEthernetinterfaces.Theproductfamilyisbasedonindustry-standardsilicon,anditisverycosteffective.The3000seriescomesinmanymodels,whichsupportdifferentspeedsandportdensitiesandcanbeLayer2onlyorLayer3,anditrunsNX-OSandhasswitchingcapacitiesupto5.1terabits.

Nexus4000TheNexus4000,showninFigure2.5,isanothernon-objectiveswitchthatwasdevelopedtoprovideaparticularsolution.The4000seriesbladeswitchisinstalledinanIBMBladeCenterHorHTchassistoprovideserveraccessforphysicalandvirtualizedservices.

FIGURE2.5Nexus4000seriesbladeswitch

The4000hasfourteen1Gigabitor10GigabitEthernetdownlinkportstothebladeserversinthechassisandsix1GBor10GBportsheadinguptotheexternalNexusswitch.ItisafullNX-OS–basedNexusswitchthatsupportsdatacenterbridgingandFibreChanneloverEthernet.

Nexus5000TheNexus5000,showninFigure2.6,isoneofthekey“BigFour”devicesthatyoumustnaildownfortheCCNADataCenterexam.ThisawesomeswitchwasoneofthefirsttocombineEthernetandFibreChannelconnectivityinasingledevice,anditisoftenoneofthefirst10gigabitportsacquired.We’llcoverthe5000and5500generationsofthisfamilyindepthshortly.

FIGURE2.6Nexus5000family

The5010and5020productsarenowatendoflife,andtheyarenolongershipping.Thecurrentproductsintheseriesarethe5548/5596products.

Nexus6000Fittingneatlybetweenthe5000and7000,theNexus6000,showninFigure2.7,isagreatwaytodeployalargenumberof10gigabitportsinadatacenterenvironment.

FIGURE2.7Nexus6000family

Nexus7000ThesearethebiggunsoftheNexusproductline—ifyouhavethemoneyandneedthepower,thisiswheretospendthatcashandgetit!TheNexus7000isadatacenter–classswitchthatcaneasilymanagetrafficloadsofterabitspersecond.ThemodularswitchesshowninFigure2.8areavailablewithadifferentnumberofslots.

FIGURE2.8Nexus7000family

TheNexus7700isthesecond-generationmodel.Itisanon-objectivegroupthatyoucanthinkofasaNexus7000onsteroids(seeFigure2.9).

Nexus9000

WhiletheNexus9000lineisnotcoveredintheCCNADataCenterexam,itisimportanttobefamiliarwithitbecauseitisdesignedspecificallyfordatacenterapplications.The9000linerunsboththeNX-OSoperatingsystemandthenewApplicationCentricInfrastructure(ACI)code.ACIisanumbrellatermforCisco’ssoftware-definednetworking(SDN)technologyfeaturingtheApplicationPolicyInfrastructureController(APIC)SDNcontrollers.

SDNwillbeabigtopicoverthenextdecade,astheprocessofconfiguringindividualdevicestoautomaticcentralizedconfigurationevolves!ThemodularswitchesshowninFigure2.10areavailableinbothfixedconfigurationsandchassis-basedformfactors.

FIGURE2.9Nexus7700family

FIGURE2.10Nexus9000family

Nexus7000ProductFamilyTheNexus7000isthetrueworkhorseofthedatacenter,becausethesehighlyscalableswitchesofferhigh-performancearchitectureforeventhemostrobustenvironments.Asanaddedadvantage,the7000serieswasbuiltasahighlyfault-tolerantplatform,anditdeliversexceptionalreliabilityandavailability.

The7000seriesprovidesLayer2andLayer3supportforeachinterface.Acoolmemorytoolisthatthemodelnumberjusthappenstocorrespondtotheavailableslotsinthechassis,butkeepinmindthattwooftheseslotsarededicatedforusebythesupervisormodules.Youconfigurethedefaultinterfacelayerandstateduringsetupmode.

Thisseriescurrentlyincludesfourmodelsofswitches:the7004,7009,the7010,andthe7018.The7004istheonlyonethatisn’tanexamobjective,sowe’llfocusontheothermodels.CounttheavailableslotsintheNexus7009showninFigure2.11.

FIGURE2.11Nexus7009

TheNexus7010picturedinFigure2.12illustratesthattheinterfacesandsupervisormodulesarefoundonthefrontofthedevice,whilethefantrays,powersupplies,andfabricmodulesarelocatedontheback.Allofthesemodulesarehotpluggable,andtheycanbereplacedwithoutdisruptingoperation.

FIGURE2.12Nexus7010

Nexus7000SupervisorsThesupervisormodulesoperateinanactive/standbymode.Theconfigurationbetweenthetwosupervisorsisalwayssynchronized,anditprovidesstatefulswitchover(SSO)intheeventofafailure.TheSupervisorOneengine,showninFigure2.13,suppliestheswitch’scontrolplaneandmanagementinterface.

FIGURE2.13NexusSupervisorOne

Tobetrulyredundant,youmusthavetwosupervisorsinoperation.TheSupervisorOneenginegivesyouaconnectivitymanagementprocessor(CMP),aconsoleserialport,andanauxiliaryserialport.TheCMPprovidesremotetroubleshootingforthedeviceviaanEthernetport,butthisfeaturewasdiscontinuedinthesecond-generationsupervisormodules.

ThemanagementEthernetporthasitsownvirtualroutingandforwarding

(VRF),whichbasicallymeansthatithasaseparateroutingtablefromthemaindataports.Asanexample,topingfromthisinterfaceyouwouldusethecommandPing5.5.5.5vrfmanagement.

Thefirst-generationsupervisorscouldsupportfourVDCsessions,whilethesecondgenerationcansupportsixormoresessions.KeepinmindthatsupervisormodulesarethecentralprocessingandcontrolcenterwheretheNexusoperatingsystemactuallyrunsandwhereallconfigurationoccurs.

Nexus7000LicensingThereareawholebunchoflicensingoptionsforthe7000,includingBase,EnterpriseLAN,AdvancedLANEnterprise,MPLS,TransportServices,andmanymore.Basically,youchooseyourlicensesbasedonthefeaturesthatyourequire.Forexample,ifyouwantFabricPath,youneedanEnhancedLayer2license.FabricPathisanadvancedLayer2solutionforthedatacenterthat’ssupportedbyNexusswitches.

Installingalicenseinvolvesafewseparatesteps,buttheprocessisthesameformanyCiscodatacenterdevices.WhenyoupurchasealicensefromCisco,you’llreceiveaproductactivationkey(PAK),whichyou’lluseduringthelicensingprocess,butfirstyouhavetofindyourindividualswitch’schassisserialnumberusingtheshowlicensehost-idcommand.

Onceyou’veobtainedtheserialnumberorhostID,yougotoCisco’swebsite,www.cisco.com/go/license,whichrequiresaCCOaccounttoactivatealicense.ThewebsitewillaskforthechassisserialnumberandthePAKbecauseitwillusethesetwovaluestogeneratealicensefileforyourNexusdevice.You’llthendownloadthisfileanduploadittoyourNexusswitch,usuallyviaFTPorTFTP,whichwillbepermanentlystoredinbootflashnon-volatilememoryonthesupervisormodules.

You’llneedtoruntheinstalllicensecommandtoreadthelicensefileandinstalltheprivilegesthatitcontains.You’llthenusetheshowlicenseusagecommandtoverifythelicensesthathavebeeninstalledonyourswitch.Here’sanexampleoftheentiresequenceofcommandsusedforinstallingalicense:

switch#showlicensehost-id

Licensehostid:VDH=ABC123456789

switch#installlicensebootflash:license_file.lic

Installinglicense..done

switch#showlicenseusage

FeatureInsLicStatusExpiryDateComments

Count

-------------------------------------------------------------------

--

LAN_ENTERPRISE_SERVICES_PKGYes-InuseNever-

OneofthenicefeaturesabouttheNexusoperatingsystemisthatitgivesyouagraceperiod,whichallowsyoutotryanyfeatureyou’reevenmildlycuriousaboutfor120dayswithoutitbeinglicensed!

FabricModulesThefabricmodulessupplythebandwidthandconnectivitybetweenthevariousslotsonthechassisandarealsowherethedataplaneoperates.Fivefabricmodulesprovideupto550Gb/sperslotinasinglechassis!So,dependingonyourbandwidthneeds,youcanopttohaveanywherefromonetofivefabricmodulesinstalled.

Inadditiontoprovidingswitchingforthechassis,thefabricmodulesprovidevirtualoutputqueuing(VOQ)andcredit-basedarbitrationtomakeitpossiblefordifferingspeedinterfacestocommunicatewitheachother.Asnewgenerationsoffabricmodulesarereleased,they’llincreasetheswitch’sperformance.ApictureofaNexus7010fabricmoduleisshowninFigure2.14.

FIGURE2.14Nexus7010fabricmodule

Nexus7000LineCardsTheNexus7000supportsawidevarietyofI/Omodulesorlinecardswithspeedsfrom1G,10G,40G—upto100GigabitEthernet.ThesearegroupedintotwofamiliescalledtheMseries,whichwasreleasedfirstwithLayer3support,andtheFseries,whichisalower-costLayer2card.TheMseriesisusuallyaimedatcoreswitcheswhiletheFseriesisalotmorefabricfocused,supportingfeatureslikeFCoEandFabricPath,anditisoftentargetedattheAccessandAggregationlayers.Thelinecardscanbeinsertedinanycombinationandmodel.Figure2.15showsafewoftheNexus7000serieslinecards.

FIGURE2.15Nexus7000I/Omodules

Nexus7000PowerSuppliesPowersuppliesmaynotbethemostrivetingtopic,butthingsdefinitelygetexcitingwhenpowersuppliesfail.ThreedifferentpowersuppliesareavailablefortheNexus7000:Ata6kWrating,there’soneACandoneDCpowersupply,butatthe7.5kWrating,there’sAConly.ANexus7010cansupportthreepowersuppliesinfourdifferentmodeswithvaryingdegreesofredundancy:

Combined:Noredundancyorbackuppowersupply

Inputsource:Redundancygridwithmultipledatacenterpowerfeedsintothe7000chassis

Powersupplyredundancy(N+1):Oneonlinebackuppowersupply

Completeredundancy:Acombinationofpowersupplyandinputsourceredundancy

AtypicalpowersupplyisshowninFigure2.16.

FIGURE2.16Nexus7000powersupply

TheNexus7000seriespowersuppliessupportdualACfeedsthatalloweachpowersupplytoconnecttotwopowergridsinthedatacenter.ThisallowsonepowergridtobeofflinewhiletheNexusstilloperatesofftheremainingpowergrid.

Nexus5000ProductFamilyTheNexus5000(N5K)hasalsobecomeaworkhorseformanydatacenters,withthefirstgenerationincludingtheNexus5010andNexus5020andthesecondgenerationincludingtheNexus5548andNexus5596.Checkouttheentire5500family,whichisshowninFigure2.17.

FIGURE2.17Nexus5500family

Thefirst-generationswitchesprovidedacost-effective,line-ratesolutionwith10GbEthernetportsthatcouldbeconfiguredtosupportFibreChannel.TheNexus5000wasoneofthefirstswitchestocombineEthernetandFibreChannelsupportinasinglebox—prettyoutstandingatthattime!TheNexus5010,showninFigure2.18,isaone-rackunitdevicethatprovidestwenty10Gbportsandagenericexpansionmodule(GEM)slot,whichgivesyouadditionalports.

FIGURE2.18Nexus5010

TheNexus5010andNexus5020productsarenowatendoflifeandarenolongershipping.ThecurrentproductsintheseriesaretheNexus5548andNexus5596.

TheNexus5020,showninFigure2.19,isessentiallyadouble-wide5010.Itis

tworackunitstall,hasforty10Gbports,andofferstwoexpansionslots.Bothoftheseswitchessupplyfront-to-backairflowandN+1powerredundancy.

FIGURE2.19Nexus5020

ThegenericexpansionmoduleshowninFigure2.20isusedtoaddmoreEthernetports;itallowsyoutoaddmoreFibreChannelportsaswell.ThismakesitpossiblefortheNexus5000tomanageyourstorageandnetworktraffictoo,acapabilitythatwasalsoaddedlatertothe7000seriesforcertainlinecards.

FIGURE2.20NexusGEM1cards

YoucanchoosefromexpansionmodulesthatareEthernetonly,FibreChannelonly,oramixtureofboth.Keepinmind,however,thattheNexus5010andNexus5020arestrictlyLayer2devicesthatcan’tperformLayer3forwarding.Theexpansioncardsareinsertedintothebackofthechassis,asshowninFigure2.21.

FIGURE2.21Nexus5596rear

TheNexus5000gaveusagreatwaytomigrateto10GigabitEthernet,unifyingourstorageanddatanetworking.WhatcouldbebetterthanhavingFibreChannelandEthernetinthesamebox?

Enterthesecond-generation5500switch,that’swhat!Itactuallyintroducedanewtypeofport.Traditionally,agivenportwaseitherEthernetorFibreChannelbutneverboth.TheUniversalPort(UP)introducedontheNexus5500allowsasingleporttobeconfiguredtoreceiveanEthernetorFibreChannelSFPinterfaceadapters.ThemanagementportsfortheNexus5500arelocatedontherear,asshowninFigure2.22.

FIGURE2.22Nexus5500UPGEMmodule

Sobyjustchangingtheconfiguration,wecouldopttouseagivenportforeitherstorageordata—amazing!AndtheGEMcardfortheNexus5500sgivesus16

UPportstoconfigureaseitherEthernetorFibreChannel.OneofthebestthingsabouttheNexus5000andNexus5500isthattheyintegratewiththeNexus2000fabricextenders,whichwe’regoingtotalkaboutinthenextsection.

AllofthishelpstoexplainwhytheNexus5500hasbecomethego-toswitchformanydatacenters.Moreover,itcanhandleLayer2andLayer3trafficifyouaddtheLayer3cardtoit.TheLayer3cardforthe5548isadaughterboard,showninFigure2.23,andthe5596’sversionisaGEMthat’sshowninFigure2.24.Bytheway,it’sverycommontoorderNexus5500seriesLayer3–enabledswitchesstraightfromCisco!

FIGURE2.235548Layer3card

FIGURE2.245596Layer3card

Nexus2000ProductFamilyDatacenterscommonlyhavemanyrackscontaininglotsofservers,andcablingthemhastraditionallybeenimplementedviaatop-of-rack(ToR)orend-of-row(EoR)solution.WithaToRsolution,youplaceasmallswitchatthetopofeachrack,whichpermitsonlyreallyshortcablerunstotheserversandmakeseachswitchgiverisetoanothermanagementpoint.TheEoRmethodemploysalargerswitchplacedattheendoftherowwithlongcablerunstoeachserverandonlyonemanagementpoint.Neithersolutionwasideal,becausewhatwereallywantedwasasolutionwithshortcablerunsbutonlyasinglemanagementpoint.

Asmentionedearlier,theNexus2000seriesoffabricextenders(FEXs)cametotherescue!TheideabehindtheircreationwastoallowtheplacementofaswitchattheendoftherowtoperformallmanagementwhilealsoprovidingadditionaldevicestoinstalltopofrackthatwouldactaspartoftheEoRswitch.Basically,theToRdevicesextendtheEoRswitch’sfabric,hencethenamefabricextenders.CheckthemoutinFigure2.25.

FIGURE2.25Nexus2000family

Remember,fabricextendersaredumbdevicesthatmustconnecttoaparentswitchtowork.Oncethey’reconnectedtotheparentswitch,anyandallconfigurationisdonefromthatswitch,nottheFEX.Also,eveniftrafficismovingbetweentwoportsinthesameNexus2000,thetrafficwillneedtouplinktotheNexus5000tobeswitchedandreturnedtotheNexus2000tobeforwarded.

FEXsalsocostconsiderablylessthanswitches,whilestillgivingyoucapacityforToRcablingplusasinglepointofmanagement.Inshort,FEXsaretotallyawesome,afactthatsalestodatehavedemonstratedverywell!

Evenbetter,asingleparentswitchcansupportmultipleFEXs,asshowninFigure2.26.ThereyoucanseethatthefourFEXswillbemanagedfromtheCLIoftheNexus5000.FEXshavenoconsoleport,sotheycan’tbedirectlymanaged.

FIGURE2.26Nexus5000withfourFEXs

SohowdoyouconfiguretheNexus5000toaddtheoh-so-popularFEXstoit?Let’sassumethattheN2K-2connectstoport1/10ofN5K.Asdemonstratedinthefollowingconfiguration,youmustconfiguretheportintoFEXmodefirstviatheswitchportmodefex-fabriccommandandthenassignamodulenumberwiththefexassociate100command:

N5K#configureterminal

N5K(config)#interfaceethernet1/10

N5K(config-if)#switchportmodefex-fabric

N5K(config-if)#fexassociate100

AlloftheportsontheFEXwillappeartobepartoftheN5Kconfiguration.Theshowinterfaceethernet1/10fex-intfcommanddisplaysall48portsasbeingattachedtomodule100:

N5K#showinterfaceethernet1/10fex-intf

FabricFEX

InterfaceInterfaces

---------------------------------------------------

Eth1/40Eth100/1/48Eth100/1/47Eth100/1/46Eth100/1/45

Eth100/1/44Eth100/1/43Eth100/1/42Eth100/1/41

Eth100/1/40Eth100/1/39Eth100/1/38Eth100/1/37

Eth100/1/36Eth100/1/35Eth100/1/34Eth100/1/33

Eth100/1/32Eth100/1/31Eth100/1/30Eth100/1/29

Eth100/1/28Eth100/1/27Eth100/1/26Eth100/1/25

Eth100/1/24Eth100/1/23Eth100/1/22Eth100/1/21

Eth100/1/20Eth100/1/19Eth100/1/18Eth100/1/17

Eth100/1/16Eth100/1/15Eth100/1/14Eth100/1/13

Eth100/1/12Eth100/1/11Eth100/1/10Eth100/1/9

Eth100/1/8Eth100/1/7Eth100/1/6Eth100/1/5

Eth100/1/4Eth100/1/3Eth100/1/2Eth100/1/1

Inthisscenario,we’rekeepingthingssimplebyhavingonlyasinglewirebetweentheN2KandN5K.Cisco’srecommendationistohavemultiplecablesbetweentheFEXandparentswitch,asshowninFigure2.27.

FIGURE2.27FEXMulti-cableattachment

TheportchannelmethoddepictedinthefigureispreferredbecausealloftheportsontheFEXsharetheportchannel.Thismeansthatifonelinkgoesdown,alloftheportscanstillcommunicate.ThestaticpinningsolutionlinkscertainportsontheFEXtospecificuplinkports,soitmakessensethatifagivenuplinkportfails,thecorrespondingFEXportswillfailtoo.

TheNexus5000andNexus5500supportallmodelsofFEXs,whereastheNexus7000seriessupportsonlyasubsetofFEXs,whichincludethe2224TP,2248TP-E,and2232PP.Figure2.28givesyouacomparisonofsomeofthemorecommonFEXsavailablefromCisco.Thisisaveryimportantchartthatyoushoulddefinitelymemorize!Ofthese,the2232PPisuniquebecauseitprovides10GbpsportsandFCoEcapability.

FIGURE2.28FEXcomparison

Fabricextendersaren’tcreatedequally,andnotallarestand-aloneboxes.TheNexusB22HPisspeciallydesignedtoinstallintoanHPBladeSystemenclosure.Laterinthisbook,we’llintroduceyoutotheCiscoUCS,whichusesadifferentkindofFEX.

ReviewingtheCiscoMDSProductFamilyIn2003,Ciscoenteredtheworldofstorageareanetworks(SAN)withtheMultilayerDirectorSwitch(MDS).TheMDSproductfamilyisshowninFigure2.29.TheMDS9000familyprovidesawiderangeofsolutionsfromthesmall9124uptothemassive9513;however,alloftheseswitcheshavemanyfeaturesincommonandvarymainlyinportdensityandformfactor.

FIGURE2.29MDSproductfamily

SANisoneofthemostcriticalcomponentsofthedatacenter,andCiscohasactedaccordinglybybuildinginmanykeyfeatureslikehighavailability,multiprotocolsupport,security,andscalability,combinedwitheaseofmanagement.YoushouldunderstandthattheMDSisfocusedmainlyonFibreChannelandFCoEtrafficmanagement.TheMDSlineusesanoperatingsystemcalledSAN-OS,whichwasthebasecodeusedtobuildtheNX-OSfortheNexusproductline.

MDS9500TheMDS9506,9509,and9513switchestargetlargedatainstallationsandprovideanextraordinarylevelofperformanceandscalability.Again,thenamesofthemodelsindicatehowmanyslotsareavailableonaparticulardevice,sothe9506wouldoffersixslots.TheMDS9500series1,2,4,8,and10GbpsFibreChannelswitchesofferconnectivityalongwithnumerousnetworkservices.

Thedual-redundantcrossbarfabricandvirtualoutputqueues(VOQs)createahigh-performancenon-blockingarchitecture.Dualpowersupplies,supervisors,andfabriccrossbarsgiveusahardwareplatformthatoffersveryhighavailability.

RememberthatthesupervisormodulesarethebrainsbehindanyofCisco’smodularswitches,includingtheMDSline.TheSupervisor-2moduleallowsforIn-ServiceSoftwareUpgrade(ISSU),anditprovidesfaulttolerance.TheSupervisor-2AwasthefirstMDSsupervisortosupportFCoE,anditprovidesthenecessarybandwidthtodeliverfullperformancetoalloftheports.The9513

chassisrequiresaSupervisor-2A.

The9513usesfabricmodulestoprovidethecrossbarswitchingfabric.Thisredundantfabricloadbalancestrafficacrossbothfabricsandprovidesrapidfailover.Andthat’snotall—there’salegionofdifferentmodulesthatyoucanaddintothe9500serieschassisthatdeliverhigh-speedFibreChannel,FCIP,FCoE,andmore!

MDS9100/9200The9100seriesistypicallyusedinsmall-andmedium-sizedSANs.The9124supports24line-rateFibreChannelportsrunningat4Gb/s,whilethe9148provides48portsrunningat8Gb/s.The9148,showninFigure2.29,hasbecomearemarkablypopularswitchbecauseofitshighperformanceandlowoperatingcosts.Plusit’sabreezetoconfigurewithazero-touchconfigurationoptionandtaskwizards!

The9222iisasemi-modularswitchwithonefixedslotandoneopenslot.Thisswitchcansupportupto66FibreChannelports,anditprovidesFCIP,iSCSI,andFICON.TheMDSswitchescoverawiderangeofformfactorsandfeaturesthataresuretomeetalmostanySANnetworkingneed.

CiscoApplicationControlEngineTheCiscoACEfamilyofproductsoffersfeatureslikeloadbalancing,applicationoptimization,serveroffload,andsiteselect.ThesemodulescanbeinstalledintocertainCatalystswitchesorevendeliverasastand-aloneappliance.AlthoughtheACEisattheendoflife,itisstillcoveredontheexamandwillbeaddressedhere.

TheACEplatformhelpsbyreducingthetimeittakesforanapplicationtobedeployed,improvestheresponsetimeoftheapplication,andgenerallyprovidesimproveduptimefeatures.

ApplicationavailabilityisincreasedviaacombinationofLayer4loadbalancingandLayer7contentswitching,whichhelpsensurethattrafficissenttotheservermostavailabletoprocesstherequest.Applicationperformanceisimprovedusinghardware-basedcompression.

TheCiscoACEactsasthefinallineofsecurityforaserverbyprovidingprotectionagainstdenial-of-serviceandotherattacksviadeeppacketinspectionandprotocolsecurity.

TheACEcanbedeployedinahigh-availabilitymeshwithuptoeightappliancesusingthe4400series.Therearedifferentmechanismstoconfigurethepredictoronthesedevices,butthemostcommonareleastconnectionsandthedefaultpredictor,round-robin.

SummaryThischapterisfullofproducts,partnumbers,gizmos,andgadgets.MostotherCiscocertificationsfocusontechnology,liketheCiscoIOS,andnotsomuchonspecificproducts.Thisexamistheexceptionand,makenomistake,theobjectivesforthisexamincludeproductsandpartnumbers,andyouhavetoknowthemtopass!

Foreverythingcoveredinthischapter,focusmainlyonthe“BigFour”productlinesthattheobjectivesrequireyoutonail:

Nexus1000V

Nexus2000fabricextenders

Nexus5000/5500switches

Nexus7000switches

TheMDSproductlineislessimportantandsharesmanycharacteristicswiththeNexusproductline,butyoustillneedtobefamiliarwithit.CiscoACEisaweirdadditiontotheobjectives,butit’sverycool.Still,youdon’tneedtoknowallthatmuchaboutitfortheexam.Happystudies!

ExamEssentialsKnowthemodelsoffabricextenders.TheNexus2000fabricextendershaveverydifferentabilities.The2148wasthefirst,andithasthemostlimitedfunctionality.The2232PPishighperformanceandsupports10Gbpsconnectivity.TheFEXssupportdifferentnumbersofuplinkandhostports.TheNexus7000canconnecttoonlyasubsetoftheavailableFEXs.

DescribebasicACEfeatures.TheCiscoApplicationControlEnginecanoperateindependentlyorasamesh.Thedefaultmodeofloadbalancingisround-robin.

UnderstandNexus7000planesandports.TheportsonaNexus7000canoperateinLayer2orLayer3mode,andthisisconfigurableduringtheinitial

setup.Thecontrolplaneoperatesprimarilyonthesupervisor.Thedataplanefunctionsontheunifiedcrossbarfabric.

Knowthe5000and5500.The5000isastrictlyLayer2switch.The5500seriescanoperateatLayer2bydefault,andwiththeadditionofaLayer3card,itcanalsooperateatLayer3.The5500alsointroducedtheuniversalports,whichcanbeconfiguredforFibreChannelorEthernet.

WrittenLab2YoucanfindtheanswersinAppendixA.

Foreachfabricextender,selecttheoptionsthataretrue:

1. 2148T

2. 2224TP

3. 2248T

4. 2232PP

Options:

A. 4fabricports

B. FCoEsupport

C. Only1Gbpsports

D. 2fabricports

E. Has10Gbpsports

F. Supports24hostportchannels

ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter'smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook'sIntroduction.YoucanfindtheanswersinAppendixB.

1. TheNexus5000andNexus7000canconnecttowhichNexus2000seriesfabricextenders?

A. 2148T

B. 2248TP

C. 2232PP

D. 2148E

E. 2232TM

2. FCoEissupportedbywhichCiscoNexus2000seriesfabricextender?

A. 2232TP

B. 2232PP

C. 2248PP

D. 2248TP

3. Layer3switchingispossibleonwhichofthefollowingNexusswitches?(Choosetwo.)

A. Nexus5010

B. Nexus5548

C. Nexus2232PP

D. Nexus7010

E. Nexus2148T

4. WheredoesthedataplaneoperateontheNexus7000seriesswitch?

A. Supervisormodule

B. Virtualsupervisormodule

C. Featurecard

D. Unifiedcrossbarfabric

5. Whichofthefollowingsupportsonly1Gbaccessspeedonall48hostports?

A. 2148T

B. 2248TP

C. 2232PP

D. 2148E

E. 2232TM

6. Whichofthefollowingsupports100Mband1Gbaccessspeedsonall48hostports?

A. 2148T

B. 2248T

C. 2232PP

D. 2148E

E. 2232TM

7. Whichofthefollowingsupporthostportchannels?

A. 2148T

B. 2248T

C. 2232PP

D. 2248E

E. 2232TM

F. 2248TP

8. Whichfabricextendershavefour10GEfabricconnectionstotheparentswitch?(Choosethree.)

A. 2148T

B. 2248T

C. 2232PP

D. 2248E

E. 2232TM

F. 2248TP

9. DuringtheinitialsetupofaNexus7000switch,whichtwoconfigurationelementsarespecified?

A. Defaultinterfacelayer

B. VDCadminmode

C. VDCdefaultmode

D. CoPPinterfaceplacement

E. BitsusedforTelnet

F. Defaultinterfacestate

10. WhatisthedefaultlengthofthegraceperiodonaNexus7000switch?

A. 90minutes

B. 90days

C. 90months

D. 120days

11. WhatcommandpingsfromthemanagementinterfaceofaNexusswitchto5.5.5.5?

A. Ping5.5.5.5

B. Ping-m5.5.5.5

C. Ping5.5.5.5vrfmanagement

D. Ping5.5.5.5vdcmanagement

12. WhatisthemaximumnumberofACE4400seriesappliancesthatcanbepartofanHAmesh?

A. 4

B. 8

C. 16

D. 32

E. 64

13. WhatisthedefaultpredictoronanACE4710?

A. Round-robin

B. FIFO

C. Lowestbandwidth

D. Highestbandwidth

14. WhatisrequiredforaNexus5010torouteLayer3packets?

A. Justconfiguration

B. Layer3card

C. Supervisor-2A

D. Notpossible

15. WhichcommandwouldshowtheserialnumberofaNexusorMDSdevice?

A. showlicenseserial

B. showserial

C. showlicensehost-id

D. showhost-id

16. AuniversalportonaNexusswitchsupportswhichofthefollowing?(Choosetwo.)

A. OTV

B. FibreChannel

C. DCB

D. Ethernet

17. End-of-rowswitchesdowhichofthefollowing?(Choosetwo.)

A. Shortencablerunsinsideeachcabinet

B. Provideasinglemanagementpoint

C. Havehigh-densityinterfaceconfigurations

D. ArebasedonFEXtechnology

18. Whichofthefollowingisasemi-modularSANswitchthatsupportsFCIP,iSCSI,andFICON?

A. 9124

B. 9506

C. 9124

D. 9222i

19. WhatNexusproductisdesignedforoperationwithvirtualservers?

A. 2248T

B. 5596

C. 1000V

D. 7010

20. WhatNexusproductlinesupportssoftware-definednetworkingand40Ginterfaces?

A. 7018

B. 7700

C. 5596

D. 9000

Chapter3StorageNetworkingPrinciples

THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:

StorageAreaNetworking

StorageCategories

FibreChannelNetworks

DescribetheSANInitiatorandTarget

VerifySANSwitchoperations

DescribeBasicSANConnectivity

DescribeStorageArrayConnectivity

DescribeStorageProtection

DescribeStorageTopologies

SANFabrics

SANPortTypes

SANSystems

SANNamingTypes

VerifyNameServerLogin

Describe,Configure,andVerifyZoning

PerformInitialMDSSetup

Describe,Configure,andVerifyVSAN

StorageAreaNetworkingNetworking,computing,virtualization,andstoragemakeupthefourmainpartsoftheCCNADataCenterexam.Outofthisgroup,thestoragefactorisoftenthemostdifficulttomaster.It’sdefinitelylesschallenging,however,ifyou’realreadysavvywithdatanetworking,becausemanyofthestoragenetworkingconceptsarebasicallythesameideastaggedwithnewnames.

Toensurethatyou’venaileddownthischallengingsubject,we’llopenthechapterwithalookintothehistoryofstoragenetworking.Afterthat,we’llanalyzethedifferenttypesofstorageandtheirrespectivecategories.Thenwe’llshiftourfocustoFibreChannelconceptsandconfiguration.AllthingsFibreChannelareespeciallyvitalforpassingtheexam,aswellasbeingkeyskillsthatyou’llneedintherealworld.We’llclosethechapterbycoveringwaystoverifyFibreChannelconfigurationsonCiscoMDSswitches.

ThebeginningofmodernstorageareanetworksstartedwithaprotocolcalledSmallComputerSystemInterface(SCSI),anditistotallyacceptabletocallitScuzzy.SCSIwasdevelopedin1978,anditallowedacomputertocommunicatewithalocalharddriveoverashortcable,asdepictedinFigure3.1.

FIGURE3.1SCSIcables

TwokeyaspectsofSCSIareasfollows:

It’salosslessprotocol,designedtorunoverashort,directlyconnectedcablethatpermitsnoerrorsorerrorcorrection.

It’sablock-basedprotocol,meaningthatdataisrequestedinsmallunitscalledblocks.

SCSIisthebasisformostSANstoragetoday.Theprotocolcontactsaspecificdevice—theinitiator,whichiscommonlytheserverwishingtoaccessthestorage—tostarttheconversationwithanotherdeviceknownasthetarget,whichistheremotestorage.SCSIisacommand-setprotocolthatallowstheinitiatorandthetargettoreadandwritetostoragebasedonasetofstandards.TheoriginalSCSIribboncabledistancewasupto25meters,andthefirstversionallowedeightdevicesonthebus.Whenversion2camealong,thenumberofdeviceswasincreasedtoamaximumof16drivesperSCSIattachment.Thespeedremainedat640Mbpsandwashalf-duplex.Whileharddrivesarethemostcommonattachments,manyothertypesofdevicescanconnecttoSCSI,suchastapesandDVDdrives.Theinitiatorisgenerallythehostcomputerorserver,andthetargetsarethedrivesonthecable.

Around1988,whenfiber-opticspeedswerereachinggigabitlevels,someonehadthegreatideatosendSCSIrequestsoverfibermediaandFibreChannelwasborn.TheideawastousetheSCSIcommandstoreadandwritefromtheremotestoragebuttothrowawaytheoriginalphysicallayerandreplaceitwiththe

newerandfastertechnologies,suchasfiberopticsandEthernet.LikeSCSI,FibreChannelisalosslessandblock-basedprotocol,whichhaseffectivelyencapsulatedSCSIcommands,asshowninFigure3.2.

FIGURE3.2FibreChannelframe

Towardtheendofthe1990s,mostoftheworldhadstandardizedonTCP/IP.In1999,theSCSIprotocolwasencapsulatedinTCP/IPusingTCPport3260toallowforareliableconnection,andtheInternetSmallComputerSystemInterface(iSCSI)framewascreated.iSCSIallowsforthedatacentertoreducecablingandtocollapsethestoragenetworkintothedatanetworkbycombiningLANandSANintothesameswitchingfabric.iSCSIisstillpopulartoday,anditworksbyencapsulatingSCSIcommandsintoanIPpacket,asdemonstratedinFigure3.3.

FIGURE3.3InternetSmallComputerSystemInterface(iSCSI)frame

StorageCategoriesBeforewetakealookatstoragenetworking,let’sfirststepbackandreviewthedifferenttypesorcategoriesofstoragethatwewillbeworkingwith.Wewillreviewwhatblockstorageisandwhereitismostcommonlyusedandthenmoveontotakealookatfilesbasedstorage.

Block-BasedStorageThetwomajorcategoriesofprotocolsthatwe’regoingtocoverareblock-basedandfileprotocols.Theoddsareverygoodthatyouusedblock-basedstoragetoday,withthemostcommontypesbeingSATA(SerialAdvancedTechnologyAttachment)andSCSI.Bothworkviaashortcablethatconnectstotheharddriveinsidethecomputer,asshowninFigure3.4,amodelknownasdirectlyattachedstorage(DAS).

FIGURE3.4DAS—computerwithlocalstorage

That’sright.Yourlaptopusesblock-basedstoragetotalktothelocalharddrive.Buthowdoesitdothis?Dataisrequestedfromthestorageinsmallchunkscalledblocks.Let’ssaythatyouwanttoopenafilecalledREADME.TXT.Yourcomputerrespondstothisrequestbycheckingthefileallocationtable,whichcontainsalistofalltheblocksthatmakeupthefiletodetermineitslocation.Yourcomputerthenrequeststheappropriateblockstoopenthefile.

SANsextendthisconceptoverthenetwork.FibreChannel,iSCSI,andFCoE

SANsextendthisconceptoverthenetwork.FibreChannel,iSCSI,andFCoE(FibreChanneloverEthernet)areallblock-basedprotocols.Desiredblocksarerequestedoverthenetworkinthesamewaythatyourcomputerrequestsblockslocally.

File-BasedStorageFile-basedstorageisnetworkbased,anditsimplyinvolvesrequestingafilebynametogetthefilesentwithouttherequestingcomputerhavinganyknowledgeofhowthatfileisstored.File-basedstoragetypicallyemploysanEthernetnetworkforcommunicationbetweentheendhostandthestoragearray.

Acoupleofgoodexamplesoffile-basedstorageareCIFS(CommonInternetFileSystem)usedbyWindowscomputers,HFS+onMacOS,andNFS(NetworkFileSystem)usedbyUNIX.NFShasbecomethemorepopularchoiceoverthepastfewyears.

Bytheway,blockandfilestoragearen’tmutuallyexclusive.You’lloftenfindnetworksusingacombinationofNFS,CIFS,FibreChannel,andiSCSI.Figure3.5picturesadatacenterwithfilestorageimplementedonanEthernetnetworkandblockstorageontheFibreChannelnetwork.

FIGURE3.5File-basedstorage

BlockandFileStorage

Thesetwostoragetechnologiescanalsoworktogether.Saythatwehavetwocomputers:PCAandPCB.PCAhasaSATAharddiskand,usingblock-basedstorage,itcreates—andcanlateraccess—afilecalledTODD.TXT.Nowlet’ssaythatPCAsharesthefolderwherethisfileresidesinWindowsusingCIFSsothatotherscanaccessitonthenetwork.WhenPCBaccessesthisfile,itmustusefile-basedstoragebecauseithasnowayofknowinghowthefileisstoredonthedisk(seeFigure3.6).

FIGURE3.6Filetransfer

TheflowofthefiletransferconversationbetweenPCBandPCAwouldfollowthesesteps:

1. PCBusesfile-basedstoragetorequestTODD.TXToverthenetwork.

2. PCAgetsthefile-basedrequest.

3. PCAlooksupthefileinthefileallocationtable.

4. PCArequeststhefilefromtheSATAdriveusingblock-basedstorage.

5. PCAreturnsthefileoverthenetworktoPCBusingfile-basedstorage.

Nice!Justrememberthatblock-basedstoragemeansknowledgeofthespecificblocksofwhichthefilesarecomposed,whilefile-basedstoragemeansthatonlythefilenameisknown.

FibreChannelNetworks

FiberChannelisthelower-levelprotocolthatbuildsthepathsthroughaswitchedSANnetworkthatallowsSCSIcommandstopassfromtheserver’soperatingsystemtoremotestoragedevices.Theserver,whichiscommonlycalledtheinitiator,contactstheswitch,andtheyhaveadiscussionaboutobtainingremotestorage.ThepaththengetssetupthatallowstheinitiatortotalktothetargetacrosstheFibreChannelnetwork.AftertheFibreChannelconnectionismade,itactsasatunnelthroughtheswitchingfabricthattheSCSIprotocolusesbetweentheinitiatorandthetargettostoreandretrieveinformationofftheharddrives.

Astorageareanetwork(SAN)isahigh-speednetworkcomposedofcomputersandstoragedevices.Insteadofservershavinglocallyattachedstoragewithharddrivesinstalled,thestoragearraysareremoteandaccessedoveraSAN.Inmoderndatacenters,thisallowsfordedicatedstoragearraysthatcanholdmassiveamountsofdataandthatarehighlyredundant.Theserversandtheirhostoperatingsystemscaneasilybereplacedorrelocatedviahostvirtualizationtechniquessincetheharddrivesremainstationaryanddonotneedtobemovedwiththeservers.

Theserverscanrunmultiplestorageprotocols,suchasFibreChannel,iSCSI,FCOE,orstandardEthernetorFibreChannelswitchingfabricstoaccessstorageshares.

TheservercommunicateswiththeFibreChannelnetworkviahostbusadapters(HBA)installedintheservers,muchlikeNICcardsareinstalledtoaccesstheLAN.Totheserver’soperatingsystem,thestorageappearstobeattachedlocallyasittalkstotheHBA.ThemagicgoesonbehindthesceneswheretheHBAtakestheSCSIstoragecommandsandencapsulatesthemintotheFibreChannelnetworkingprotocol.FibreChannelisahigh-speed,opticalSAN,withspeedsrangingfrom2gigabitspersecondto16gigabitsandhigher.ThereareusuallytwoSANnetworks—SANAandSANB—forredundancy,andtheyhavetraditionallybeenseparatefromtheLAN;seeFigure3.7.

FIGURE3.7SANnetwork

Withtheintroductionoftheconvergedfabricinthedatacenter,anewspinontheFibreChannelprotocoliscalledFibreChanneloverEthernet(FCoE).TheFibreChannelframesareencapsulatedintoanEthernetframe,andtheswitchinghardwareissharedwiththeLAN.Thisapproachsavesonswitchinghardware,cabling,power,andrackspacebycollapsingtheLANandSANintooneconverged—alsocalledunified—switchingfabric(seeFigure3.8).

FIGURE3.8Unifiednetwork

Storagerequiresalosslessconnectionbetweentheserverandthestoragearray.Bydesign,EthernetisnotlosslessandwilldropEthernetframesifthereiscongestion.Thiscouldcauseanoperatingsystemtofail.Inordertomakethestoragetrafficlossless,thereareseveralmechanismsthatusequalityofservice

(QoS)andthevariousnetworkinglayerstoidentifywhichtrafficisstorageandtomakeitahigherprioritythanthenormalLANdataonthesamelink.Thesemethodsandstandardswillbecoveredinlatersections.

DescribetheSANInitiatorandTargetWhentheserverwantstoeitherreadorwritetothestoragedevice,itwillusetheSCSIprotocol,whichisthestandardthatdefinesthestepsneededtoaccomplishblock-levelstoragereadandwriteoperations.TheserverrequestsablockofstoragedatatowhatitthinksisalocallyattachedSCSIdrive.TheHBAoriSCSIsoftwareinstalledontheserverreceivestherequestsandtalkstothenetworkeitherviaiSCSIoverEthernetorbyusingtheFibreChannelprotocoloveraSAN.Theserverisknownastheinitiatorandthestoragearrayisthetarget(seeFigure3.9).

FIGURE3.9SANinitiatorandtarget

ThetargetdoesnotrequestaSCSIconnectionbutreceivestherequestfromtheinitiatorandperformstheoperationrequested.Theinitiatorusuallyrequestsareadorwriteoperationforablockofdata,anditisuptothestoragecontrolleronthetargettocarryouttherequest.

Thestoragearraycontainsblocksofstoragespacecalledlogicalunitnumbers(LUNs),whichareshowninFigure3.10.ALUNcanbethoughtofasaremoteharddrive.TheLUNismadevisibletothenetworkandtheinitiatorsthatrequestthedatastoredontheLUNasifitwasastoragedevicedirectlyattachedtotheoperatingsystem.

FIGURE3.10LUNs

VerifySANSwitchOperationsSANswitchingisabitofadifferentworldfromtraditionalLANs.SANsruntheFibreChannelprotocol,andforredundancyitiscommontodeploytwocompletelyseparatenetworksinparallel.TraditionalSANswitchessupportonlytheFibreChannelprotocolanddonottransmitanyEthernet-basedLANtraffic.ASANisacompletelyseparatenetworkfromtheLAN.

LikeEthernetswitches,FibreChannelswitchescarryouttheirforwardingdutiesbasedonLayer2information.Theyalsoutilizestartopologyandoftencontroltraffic.ButunlikeEthernet,FibreChannelswitchesrequireenddevicestologinandidentifythemselves.Plustheytakecontroltoanewlevelbyregulatingwhichenddevicescancommunicatewitheachotherthroughzoning,whichwe’llcoversoon.Figure3.11depictstheMDS9148,acommonFibreChannelswitch.

FIGURE3.11MDS9148switch

Withever-increasingserverpowerandtheabilitytorunmanyvirtualmachinesononehostcomputer,thedemandontheSANisgrowing.Onstoragearrays,newtechnologiessuchassolid-statedrives(SSDs)havemuchfasterreadandwriteperformancethantraditionalmechanicaldrives,whichaddsextraSANtrafficloadsontheswitchfabric.FibreChannelinterfaceshavekeptpacebyincreasingtheirspeed,andtheycomeinavarietyofspeedsstartingat1gigabitandprogressingthrough2,4,8,and16gigabitspeeds,with32gigabitand128gigabitproductsbeingintroducedtothemarket.TheSFPspeedsmustmatchbetweentheHBAandtheFportontheswitchornothingwillwork.

Withmoderndatacentersconsolidatingmanyhostsintoasingle-serverplatform,thenumberofcablesgoingintoeachserverhasexplodedattheaccesspointofthedatacenternetwork.Andwiththedeploymentof10GEthernettotheserversandconsolidationofLANandSANtrafficonconvergednetworkadapters,theamountofcablingintotheservershasbeengreatlyreduced.TherearemanyoptionsonMDSswitches,includingtheabilitytointerconnectdissimilarstorageprotocolssuchasFibreChannel,FCoE,andiSCSI.

TheMultilayerDirectorSwitch(MDS)istheCiscoproductfamilyforSANnetworking.TheMDSproductfamilyconsistsofsmallstand-aloneswitchesuptolargechassis-basedsystemsofvariousportdensities,redundancy,andfeaturesthatfittherequirementsofanySANenvironment.ItisinterestingtonotethattheNX-OSoperatingsystemdevelopedfortheMDSproductfamilywasmodifiedandusedastheoperatingsystemfortheNexusproductfamilyofdatacenterswitches,andNexusstoragesupportisasubsetofMDScapabilities.

TheMDSswitchesconnecttheinitiatorstothetargetsusingtheSCSIprotocolencapsulatedinsideFibreChannel,orinsomecasesFCOEandiSCSI.MultipleMDSswitchescanbeconnectedtogetherinanetworkandtheirdatabasesofconnecteddevicessharedamongthem.

Sincestorageissocriticaltotheoperationofaserver,twohostbusadaptersareusuallyinstalledinaserver,andoneHBAportisconnectedtoSANAandthesecondporttoSANB.Thesetwonetworksarephysicallyseparatefromoneanotherandhavetheirowncontrolanddataplaneforredundancy.BothSANAandSANBconnecttothestoragearraystoallowfortwocompletelyseparatepathsfromtheinitiatortothetarget.

DescribeBasicSANConnectivity

FibreChannelcansupportavarietyofportspeeds,andthefiberadaptersmustmatchupwiththedeviceconnectedateachend.Forexample,ifyouareconnectingaserver’sHBAtotheMDSswitchandtheHBAhasmultimodefiberand8Gbpsoptics,thenyoumusthavethesamefibertypeandspeedateachend.FiberopticsdonotnegotiatespeedasdomostLANconnections.ItisalsoimportantthattheMDSswitchsupportthespeedoftheinsertedsmallform-factorpluggable(SFP)modules.Figure3.12showsacommonSFPwithafiber-opticconnection,andFigure3.13showsastandardmultimodefiber-opticcablecommonlyusedinSANnetworking.

FIGURE3.12SFPmodule

FIGURE3.13Multimodefiber-opticcables

TherearemanyporttypesdefinedintheFibreChannelspecifications,suchasanodeporttodefineaconnectedhostorstoragearray.TheporttypesmustbeconfiguredintheMDStomatchtheconnecteddevice.IfyouareconnectingMDSswitchestogether,theninter-switchlinks(ISLs)mustalsobeconfiguredusingthecommandline.Wewillgointodetailontheseissueslaterinthechapter.

SANswitchesuseIPaddressesformanagementconnectivityusingTelnet,SSH,SNMP,orHTTP.CiscoalsohasafamilyofmanagementapplicationsthatprovidegraphicalconfigurationandmanagementoftheSANsaswell.EachMDSswitchisgivenaname,asaLANswitchwouldhave.Next,eachswitchmusthaveitsownuniquedomainID,whichisusuallyanumberbetween1and255.ThedomainIDmustnotbeduplicatedintheSANfabric,anditisusedtoidentifythatparticularMDSswitchinthenetwork.

DescribeStorageArrayConnectivityStoragearrayswithFibreChannelconnectivityareadominantfocusinthischapter.Keepinmindthatthestoragearrayisreallyacollectionofharddiskswithanetworkinterfaceatitscore.FibreChannelswitchesallowforblockaccesstostorageacrosstheFibreChannelnetwork.

WithSANscomemanyaddedadvantagesovertraditionalSCSIcabling:thedistancehasincreasedwithFibreChannel,performanceismuchfaster,anddiskutilizationisimprovedsincestoragelocaltoaservermayneverbefullyutilized.Withmultiplepaths,thereisgreaterreliability.Absenttheneedtoinstalllocalharddrivesintoeachserver,thedatacenterfootprintcanbereduced.Also,storagespaceonthediskarrayscanbeprovisioneddynamicallywithoutdowntime.Thecentralizedstoragesystemsallowforeaseofbackupandcontrolofthedata.

Storagearraysrangefromthebasictotheamazinglycomplex.AtthebottomofthestoragefoodchainistheJBOD,or“justabunchofdrives.”AJBODisanexternalrackofharddrivesthatactasremotedrivestoaserver,anditdoesnothaveanyadvancedfeaturesetsofferedbythehigher-endstoragecontrollersfoundinthemoderndatacenter.

Thestoragearrayapproachismorecommon,anditoffersmanyadvancedfeaturesbyusingaspecialsystemcalledastoragecontrollertomanagetheracksofdisksattachedtoit.ThestoragecontrollerthenattachesandmanagestheinteractionamongtheSAN,initiators,andthestorageresources.ThecontrollersaregenerallyredundantandcontainsystemsthatcontainflashstorageforcachingandI/Ooptimization.TheyalsohouseracksofharddrivesorSSDsandmanagetheRAIDlevels,LUNs,andothervendorfeatures.MoststoragearrayconnectionsareFibreChannel,andwith10GEthernetFCoEwithiSCSIconnections,theyarebecomingpopularinterfaces.

EMCandNetApparetwooftheleadingstoragearrayvendors.Havenofear;we’llshowyouhowtoconnectallthesecomponentstogetherverysoon!

DescribeStorageProtectionStoragearraysprotecttheirdataviathreetypesofRedundantArrayofIndependentDisks(RAID)technology.Raid0isnotredundantatall,becauseitcombinestwodrivesintoonebutdoesnotputbackupcopiesontheotherdisk.Instead,itwritesacrossthedrives,leavingmanytowonderhowitbecamea

memberofthefamily.Raid1isdeployedusingtwodrivestomirrordatafromonedrivetotheother.Thisprovidesredundancybutuses50percentofeachdisk’scapacitytobackuptheotherdrive.

TouseRaid5,youneedaminimumofthreedisks.Alldataiswrittentoeachdiskinstripes.Amathematicalcalculationcalledparityiswrittentooneofthedisks,which,incombinationwiththeotherdisks,worksasabackupincaseoneofthenon-paritydisksfailstorebuildmissingdata.

Raid6usestwoparitydrives,whichmeanstwodrivescanbelostwithoutlosinganydata.

ThestrangelynamedRAID1+0usestwoRAID0arraysandthenwritesanexactcopybetweenthem,asdoesRAID1.ThisincreasestheperformanceofRAID0+1,andithasredundancywithouttheneedtosetasidediskspaceforparity.

DescribeStorageTopologiesReady?It’stimetotakethattourofkeytopologiesthatwepromisedearlier.KeepinmindaswemovethroughthissectionthatacombinationofHBA,FibreChannelswitches,andstoragearrayscanbeconfiguredinavarietyofthesetopologies.

Point-to-PointInapoint-to-pointtopology,theworkstationorserverisdirectlyattachedtothestoragearray,asshowninFigure3.14.Makeamentalnotethatonlyasingledevicecanaccessthestoragearraywhenusingapoint-to-pointtopology.

FIGURE3.14Point-to-pointtopology

ThistopologywassopopularforvideoeditingthatMacworkstationsactuallyshippedwithabuilt-inFibreChannelHBAjusttosupportthetaskforaseriousstretch!

ArbitratedLoopFibreChannelArbitratedLoop(FC-AL)connectseverythinginvolvedinaunidirectionalloop.Theserialarchitecturesupports127devices,suchasSCSIs,andbandwidthissharedamongallofthem,aspicturedinFigure3.15.

FIGURE3.15FibreChannelArbitratedLoop

Westillemployarbitratedloopswithstoragesystemsforconnectingtraysofdiskstothestoragecontroller.Fabricconnectivityismorecommonlyusedforserverconnections.

FabricFabric,orswitchedfabrictopology,usesSANswitchestoconnectthenodesofanetworktogether.Figure3.16providesasimpleexamplewhereindevicesconnectonlytoasinglenetworkorfabric.Thisimplementationworksgreat,butsinceitdoesn’tprovideanyfaulttolerance,it’susedonlyinanon-production

environment.

FIGURE3.16Simplefabric

Themostcommonimplementationthatyou’llfindisthatofutilizingtwoseparatefabrics,asshowninFigure3.17.NotethatunlikewithEthernetswitches,thereisnointerconnectionbetweenthetwofabrics.Keepthatinmind!Theendnodeshavetwoseparateports,andeachofthemconnectstoonefabric,addingvitallyimportantfaulttolerance.Ifonefabricfails,theendnodecanusetheotherfabrictocommunicate.

FIGURE3.17Dualfabric

PortTypesFibreChanneloffersanumberofdifferentporttypesdependingonthepurposethey’reneededtoserve.Anodeport(Nport)ispredictablyfoundonthenodeitself,anditoperatesjustlikeaportinastoragearrayoronaserver.Nportsconnectpoint-to-pointeithertoastorageenclosureortoaSANswitch.Afabricport(Fport)islocatedontheFibreChannelswitchandconnectstoanNport.AnEport,orexpansionport,connectsoneswitchtoanotherswitchforinter-switchlink(ISL)communications.Inaloop,whetherarbitratedorviaahub,thenodeloopports(NLports)aretheportsonthehostsorstoragenodes.Justso

youknow,thereareseveralotherporttypes,butthey’reoutsidetheexamobjectives,sowe’renotgoingtocoverthem.Figure3.18showsanexampleofthevariousporttypesthatwejustdiscussed.

FIGURE3.18FibreChannelporttypes

StorageSystemsIt’snotjustarumor—storagesystemscanbestunninglycomplex!Fortunately,youneedonlyabasicunderstandingofthemajorcomponentstomeettheobjectives.Asmentionedearlier,thestoragearrayisessentiallyacollectionofharddisks,aspicturedinFigure3.19.

FIGURE3.19FibreChannelSANcomponents

Storageisallocatedtohostsbasedonlogicalunitnumbers(LUNs),notonphysicaldisks.Whenaserveradministratorrequests10GBofdiskspaceonthestoragearray,a10GBLUNportionisallotted,whichcancomprisequiteafewkindsofphysicalstorageunderneath.ThestorageadministratorcanincreaseordecreasetheLUNsize,withsomeLUNsbeingusedbyasinglehostforthingslikebootingup.SharedLUNsareaccessiblebymultiplehosts,andtheyareoftenfoundwherevirtualmachineimagesareshared.

TheentirestoragearrayconnectstotheFibreChannelviathestorageprocessors(SPs).Therearetypicallytwoofthemsothatoneisavailableforconnectingtoeachfabric.IndividualSPshavetheirownuniqueaddresses,whichhostdevicesusetoconnecttothestoragesystem.

WorldWideNamesJustasMACaddressesareusedinEthernetnetworkstoidentifyaninterfaceuniquely,FibreChannelemploysWorldWideNames(WWNs)toidentifyspecificportsknownasWorldWidePortNames(WWPNs).AnHBAwithone

interfacewouldhaveoneWWPN;anHBAwithtwointerfaceswouldhavetwo,andsoon,withoneWWPNusedforeachSANfabric,asshowninFigure3.20.

FIGURE3.20WorldWideNames

WorldWideNodeNames(WWNNs)representspecificdeviceslikethecarditself,andtheyareunique8-bytevendor-assignednumbers.AnHBAwithtwointerfaceswouldhaveoneWWNNandtwoWWPNs.

Tovisualizethis,lookatFigure3.21,whichshowsasinglefabricnetworkmadeupofaserver,aswitch,andastoragearray.Asyoucansee,aWWPNisbeingusedtoidentifyeachofthesedevicesonthenetwork.Tocommunicatewiththestoragearray,theserverisusingWWPN50:00:00:11:22:33:44:55andthestoragearrayisusingWWPN20:01:00:11:11:11:11:11toidentifythehost.

FIGURE3.21WordWidePortNames

We’lldiscussthisprocessingreaterdetailabitlaterwhenweexplorewhat’s

We’lldiscussthisprocessingreaterdetailabitlaterwhenweexplorewhat’sdonewiththisinformationandmore.

Don’tgettooconfused—knowthatevenwhenconsultingCiscoliteratureexclusively,you’lllikelycomeacrosspWWNandnWWNasalternativesforWWPNandWWNN!

SANBootServersinmoderndatacentersrarelyhavealocaldiskdrive,sotheyhavetobootthroughastorageareanetworkusingSANboot.UnderstandinghowSANbootworksisimportantbecauseitreallyputsallofthepiecestogether.Let’sstartwiththetopologyshowninFigure3.22.

FIGURE3.22SANboot

Yes,we’vemadetheWWPNssupershortsothatthey’reeasytodiscuss,buttheconceptisstillhereinfull.Let’ssaythatyou’retheserveradministratorandyouwantyournewservertobootofftheSAN.Thefirstthingthatyouwoulddoiscallthestorageadministratorandrequesta50GBLUN.IftheSANadministratoragrees,heorshewillaskyouabouttheserver’sWWPNbeforecreatingyour50GBLUN,whichwe’regoingtocallXYZ.TheSANadminwillthenconfigureLUNmaskingonthestoragearraysothatonlytheserver’sWWPN(444)canaccessLUNXYZ.

Astheserveradmin,yournextstepistoconfiguretheHBAtoconnecttothestoragearraywhenthecomputerboots—aprocessachievedbyrebootingtheserverandpressingakeycombinationtoaccesstheHBABIOS.NeverforgetthattheboottargetmustbesettotheWWPNofthestoragecontroller(888).

thattheboottargetmustbesettotheWWPNofthestoragecontroller(888).

Asyouknow,theFibreChannelswitchdoesn’tallowcommunicationbydefault.Thus,tomakecommunicationhappen,youhavetocreateanewzonethatwillallowserverWWPNtotalktostoragearrayWWPN(444to888)andaddittotheactivezoneset.

SANbootingisnowconfigured.Whentheserverpowerson,theHBAwilllogintotheSANfabricandattempttoconnectto888,andtherequestwillbeallowedbecauseofthezoningontheMDS.What’sactuallygoingonhereisthatthestoragearrayreceivestherequestfrom444,checkstheLUNmaskingtodetermineifLUNXYZisaccessible,andrespondsaccordinglytotheserverHBA.Ifallgoeswell,theHBAwillprovidea50GBLUNtotheserverasifitwerealocaldisk.However,sometimesyou’llseean“Operatingsystemnotfound”messageinstead.Ifyougetthismessage,it’sactuallybecauseanOShasn’tbeeninstalledyet!YoucaninstallanoperatingsystemfromaDVD,andassoonasyouhavedonethat,theservercanbootfromtheSAN.

VerifyNameServerLoginInorderfortheretobeend-to-endcommunicationsfromtheSANinitiatortotheSANtarget,thedevicesmustlogintotheSANfabric.OntheMDSswitches,eachvirtualstorageareanetwork(VSAN)runsitsowninstanceofadatabasethatkeepstrackoflogged-indevices.TheVSANdatabaseincludesthenameoftheVSAN,whetheritisinanactiveorsuspendedstate,andiftheVSANhasactiveinterfacesandisup.

SAN_A#showvsan20

vsan020information

name:VSAN0020state:active

in-orderguarantee:nointeroperabilitymode:no

loadbalancing:src-id/dst-id/oxid

Thefabriclogin(FLOGI)showswhichinterfacesareloggedintothefabric,theirVSANID,FibreChannelID,WorldWidePortName,andtheWorldWideNodeName,asshowninFigure3.23.

FIGURE3.23Fabriclogin

OntheCiscoMDSSANswitchcommandline,youcanmonitorSANoperationsasshownhere:

SAN_A#showflogidatabase

—————————————————————————————————————-

INTERFACEVSANFCIDPORTNAMENODE

NAME

—————————————————————————————————————-

sup-fc020xb3010010:00:00:05:50:00:fc:23

20:00:00:05:50:00:fc:89

fc1/1210xb200e121:00:00:04:de:27:18:8a

20:00:00:04:de:27:18:8a

fc1/1210xb200e221:00:00:04:de:4c:5c:88

20:00:00:04:de:4c:5c:88

fc1/1210xb200de21:00:00:04:de:4c:5c:29

20:00:00:04:de:4c:5c:29

fc1/1210xb200b421:00:00:04:de:4c:3f:8c

20:00:00:04:de:4c:3f:8c

fc1/1210xb200b421:00:00:04:de:4c:86:cf

20:00:00:04:de:4c:86:cf

Totalnumberofflogi=6.

TheFibreChannelNameServer(FCNS)isthedatabasethatkeepstrackofconnectedhosts,theirIDs,whethertheyarenodesoranothertypeofconnection,themanufacturer,andwhatfeaturestheysupport:

SAN_A#showfcnsdatabase

—————————————————————————————————————

FCIDTYPEPWWN(VENDOR)FC4-

TYPE:FEATURE

—————————————————————————————————————

0x010000N50:06:0b:00:00:10:b9:7fscsi-

fcpfc-gs

0x010001N10:00:00:05:30:00:8a:21(Cisco)ipfc

0x010002N50:06:04:82:c3:a0:ac:b5(Company1)scsi-

fcp250

Totalnumberofentries=3

Describe,Configure,andVerifyZoningItisveryimportthattherebesomeformofsecuritybetweentheinitiatorandthetargetinaSANnetwork.Forexample,ifaLinuxhostwereabletoattachtoastoragedevicethatisformattedtosupportaMicrosoftoperatingsystem,thereisaverygoodpossibilitythatitwouldbecorrupted.Zoningisafabric-wideservicethatallowsdefinedhoststoseeandconnectonlytotheLUNstowhichtheyareintendedtoconnect.ZoningsecuritymapshoststoLUNs.Membersthatbelongtoazonecanaccesseachotherbutnotportsonanotherzone.Nevertheless,itispossibletoassignadevicetomorethanonezone.

Itiscommontoconfigureazoneforeachinitiatorportandthetargettowhichitisallowedtocommunicate.Zonescanbecreatedtoseparateoperatingsystemsfromeachother,tolocalizetrafficbydepartment,ortosegmentsensitivedata.

Multiplezonescanbegroupedtogetherintoazoneset.Thiszonesetisthenmadeactiveonthefabric.Whilewecanconfiguremultiplezonesets,onlyonecanbeactiveatatimeonthefabric.Azonecanbelongtomultiplezonesetsbecauseonlyonezonesetatatimeisallowedtobeactiveonthefabric.

CreatingaZoneonanMDSSwitchandAddingMembers

SAN_A(config)#zonename<nameofzone>vsan<VSANnumber>

SAN_A(config-zone)#memberpwwn<portworldwidename1>

SAN_A(config-zone)#memberpwwn<portworldwidename2>

SAN_A(config-zone)#exit

Alternatively,youcandothefollowing:

UsingAliasesInsteadoftheirPortWorldWideNames

SAN_A(config)#zonename<nameofzone>vsan<VSANnumber>

SAN_A(config-zone)#memberfcalias<aliasname1>

SAN_A(config-zone)#memberfcalias<aliasname2>

SAN_A(config-zone)#exit

CreatingaZoneSetonanMDSSwitchandAddingtheZonestothe

ZoneSet

SAN_A(config)#zonesetname<nameofzoneset>vsan<VSANnumber>

SAN_A(config-zoneset)#member<zone1>

SAN_A(config-zoneset)#member<zone2>

SAN_A(config-zoneset)#member<zone3>

SAN_A(config-zoneset)#exit

MakingtheZoneSetActiveontheFabric

SAN_A(config)#zonesetactivatename<zonesetname>vsan<VSAN

number>

Afterthezoneconfigurationiscompletedandthezonesethasbeenappliedtothefabric,thefollowingshowcommandsarehelpful:

ShowtheStatusoftheActiveZone

SAN_A#showzonestatusvsan111

ShowtheZoneSetsonaFabric

SAN_A#showzoneset|inczoneset

ShowtheActiveZoneSetsonaFabric

SAN_A#showzonesetactive|inczoneset

ShowtheZoneSet/ZonesinVSAN20

SAN_A#showzonesetactivevsan20

PerformInitialMDSSetupAttheNX-OSprompt,youcantypesetup,orifyoubootaMDSswitchwithnoconfiguration,itwillentersetupmodebydefault.SetupmodeletsyouenterabasicconfigurationintoanMDSswitch,butitdoesnotconfiguretheindividualports.

Exercise3.1

PerformingtheInitialMDSSetup

YouarenowintheinitialsetupdialogoftheMDSswitch,andyouwillgothroughaquestionandanswerprocesstoenterthedata.

1. Answeryesattheprompttoenterthebasicconfigurationdialog.

Thissetuputilitywillguideyouthroughthebasic

configurationofthesystem.Setupconfiguresonlyenough

connectivityformanagementofthesystem.

PleaseregisterCiscoMDS9000Familydevicespromptlywith

yoursupplier.Failuretoregistermayaffectresponsetimes

forinitialservicecalls.MDSdevicesmustberegisteredto

receiveentitledsupportservices.

PressEnterincaseyouwanttoskipanydialog.Usectrl-c

atanytimetoskipawayremainingdialogs.

Wouldyouliketoenterthebasicconfigurationdialog

(yes/no):yes

2. administhedefaultMDSmanagementaccount.Addthepasswordhere:

Enterthepasswordforadmin:admin

3. Youcancreateanewaccountinadditiontothedefaultadminaccount:

Createanotherloginaccount(yes/no)[n]:yes

4. Addtheuser_nameforthenewaccount:

EntertheuserloginID:user_name

5. Addyourpasswordfortheuser_name:

Enterthepasswordforuser_name:user-password

6. Ifyouchoosetouseversion3ofSNMP,enteryes:

ConfigureSNMPv3Managementparameters(yes/no)[y]:yes

7. AddtheSNMPversion3user_name(thedefaultisadmin):

SNMPv3username[admin]:admin

8. EntertheSNMPversion3passwordtomatchwhatisonthemanagementstation.Thepassworddefaultstoadmin123,anditneedstobeatleasteightcharacters:

SNMPv3userauthenticationpassword:admin_pass

9. Enteryestosettheread-onlycommunitystringforSNMP:

Configureread-onlySNMPcommunitystring(yes/no)[n]:yes

SNMPcommunitystring:snmp_community

10. AddthenameoftheMDSswitch:

Entertheswitchname:switch_name

11. Enteryes(thedefault)toconfigurethemgmt0portthatisusedforout-of-bandmanagement:

ContinuewithOut-of-band(mgmt0)managementconfiguration?

[yes/no]:yes

Mgmt0IPv4address:ip_address

Mgmt0IPv4netmask:subnet_mask

Configurethedefault-gateway:(yes/no)[y]:yes

IPv4addressofthedefault-gateway:default_gateway

12. ConfigurewhatCiscoreferstoastheadvancedIPoptions,suchasthein-bandmanagement,staticroutes,thedefaultnetwork,DNSserveraddresses,andthedomainname:

ConfigureAdvancedIPoptions(yes/no)?[n]:yes

Continuewithin-band(VSAN1)managementconfiguration?

(yes/no)[no]:no

Enabletheiprouting?(yes/no)[y]:yes

13. Ciscosuggeststhatastaticroutebeusedtoreachthegateway:

Configurestaticroute:(yes/no)[y]:yes

Destinationprefix:dest_prefix

Destinationprefixmask:dest_mask

Nexthopipaddress:next_hop_address

Configurethedefaultnetwork:(yes/no)[y]:yes

DefaultnetworkIPaddress[dest_prefix]:dest_prefix

14. AddtheIPaddressoftheDNSserverandthedomainname:

ConfiguretheDNSIPaddress?(yes/no)[y]:yes

DNSIPaddress:name_server

Configurethedefaultdomainname?(yes/no)[n]:yes

Defaultdomainname:domain_name

15. TelnetandSSHaccesscanbeenabledordisabled.SSHisdisabledbydefault,anditisagoodsecuritypracticetoenablethesecureSSHprotocolanddisabletheunencryptedTelnetprotocol:

Enablethetelnetservice?(yes/no)[y]:no

EnabledSSHservice?(yes/no)[n]:yes

TypetheSSHkeyyouwouldliketogenerate(dsa/rsa/rsa1)?

dsa

Enterthenumberofkeybits?(768to2048):1028

16. NTPistheNetworkTimeProtocolserverthattheMDSaccessestosyncitsclocktofortime-stampingloggingevents.Configureithere:

ConfigureNTPserver?(yes/no)[n]:yes

NTPserverIPaddress:ntp_server_IP_address

17. Decidewhethertheportsareenabledordisabledbydefault.Thisdoesnotaffectthemanagement0interface.Shutisthedefaultsetting,anditcanbechangedifdesired:

Configuredefaultswitchportinterfacestate(shut/noshut)

[shut]:shut

18. Thedefaultswitchporttrunkmodeison,anditcanbeleftinthatstate:

Configuredefaultswitchporttrunkmode(on/off/auto)[on]:

on

19. ItisagoodideatoleavethedefaultmodeasF:

ConfiguredefaultswitchportmodeF(yes/no)[n]:y

20. Thismaybeasecurityissueinsomedatacenters,anditwouldthusneedtobechangedfromthedefaultofhavingportchannelsautocreate.Thedefaultisenabled:

Configuredefaultport-channelautocreatestate(on/off)

[off]:on

21. Byenteringpermit,youallowalltrafficbetweendevicesinthedefaultzone:

Configuredefaultzonepolicy(permit/deny)[deny]:permit

22. Enteryestoenableafullzonesetdistribution:

Enablefullzonesetdistribution(yes/no)[n]:yes

23. Nowthatyouhavecompletedtheinitialsetup,youcanreviewtheconfigurationandmakeanychangesthatyouwantbeforeapplyingit.

24. Enterno(noisthedefault)ifyouaresatisfiedwiththeconfiguration.Thefollowingconfigurationwillbeapplied:

usernameadminpasswordadmin_passrolenetwork-admin

usernameuser_namepassworduser_passrolenetwork-admin

snmp-servercommunitysnmp_communityro

switchnameswitch

interfacemgmt0

ipaddressip_addresssubnet_mask

noshutdown

iprouting

iproutedest_prefixdest_maskdest_address

ipdefault-networkdest_prefix

ipdefault-gatewaydefault_gateway

ipname-servername_server

ipdomain-namedomain_name

telnetserverenable

sshkeydsa768force

sshserverenable

ntpserveripaddrntp_server

systemdefaultswitchportshutdown

systemdefaultswitchporttrunkmodeon

systemdefaultswitchportmodeF

systemdefaultport-channelautocreate

zonedefault-zonepermitvsan1–4093

zonesetdistributefullvsan1–4093

Wouldyouliketoedittheconfiguration?(yes/no)[n]:no

25. SavetheconfigurationinNX-OS:

Usethisconfigurationandsaveit?(yes/no)[y]:yes

Aftertheconfigurationissaved,ittakeseffectintherunningoroperatingconfigurationoftheMDSanditisalsostoredinnon-volatilememoryasthestartupconfigurationandcansurviveareboot.

Describe,Configure,andVerifyVSANAvirtualstorageareanetwork(VSAN)operatesinthesamemannerasaVLANintheEthernetworld.ItcanonlycommunicatewithitselfonthesamefabricorwithotherfabricsusingVSANtrunking,butoneVSANcannotcommunicatewithanother.IfaportisamemberofadifferentVSAN,itwillnotbeabletocommunicatewithportsassignedtoadifferentVSAN.AVSANisalogicalSANcreatedonaphysicalSANnetwork.

EachVSANisseparatedfromtheotherVSANsonthesamefabricsothatthesameFibreChannelIDscanbeusedineachVSAN.

ThestepsrequiredforconfiguringaVSANandaddinginterfacesincludefirstcreatingtheVSANandthenaddingthedesiredinterfacesintotheVSAN.Youthenconfiguretheinterfaces,enablethem,andthencablethefiberconnectionstotheservers,storagearrays,orotherconnectedFibreChannelswitches.

VSAN1isthedefaultVSAN,sinceitisusedformanagementandotherfunctions.ItisnotrecommendedtousethisasaproductionVSAN.Bydefault,allinterfacesareinVSAN1.WhenadditionalVSANsarecreated,theinterfacescanbemovedintothedesiredVSAN.

Exercise3.2

CreatingaNewVSAN

TocreateanewVSANfollowtheseconfigurationsteps:

MDS_1#configt

MDS_1(config)#vsandatabase

MDS_1(config-vsan-db)#

1. TheVSANdatabaseallowsfortheconfigurationandadditionofVSANs:

MDS_1(config-vsan-db)#vsan2

MDS_1(config-vsan-db)#

2. vsan2isnowcreatedandaddedtothedatabaseifitdidnotexistpreviously:

MDS_1(config-vsan-db)#vsan2nameCCNA-DC

updatedvsan2

MDS_1(config-vsan-db)#

3. Updatevsan2withthenameCCNA-DCbysuspendingvsan2andthenreenablingit,asshowninstep4.

MDS_1(config-vsan-db)#vsan2suspend

MDS_1(config-vsan-db)#

4. Enablevsan2withthenovsan2suspendcommand:

MDS_1(config-vsan-db)#novsan2suspend

MDS_1(config-vsan-db)#end

MDS_1#

5. AssigninterfacestotheVSANthatyoucreatedpreviously:

MDS_1#configt

MDS_1(config)#vsandatabase

MDS_1(config-vsan-db)#

MDS_1(config-vsan-db)#vsan2

MDS_1(config-vsan-db)#

6. Assigntheinterfacefc1/2tovsan2:

MDS_1(config-vsan-db)#vsan2interfacefc1/2

MDS_1h(config-vsan-db)#

7. YoucannowusetheCLIshowcommandstoreviewtheconfigurations:

showvsanDisplaysallVSANinformation.

showvsan2ShowsinformationonaspecificVSAN.

showvsanusageShowsstatisticsonVSANusage.

showvsan2membershipwillshowtheVSANmembershipinformation

onforVSAN2

showvsanmembershipshowsthemembershipinformationforallVSANs.showvsanmembershipinterfacefc1/2showsthemembershipinformationfortheinterfacethatyouareinvestigating.fcindicatesthatitisaFibreChannelinterfaceonslot1andport2ofaCiscoMDSseriesswitch,whichdisplaysVSANmembershipinformationforaspecifiedinterface.

SummaryStoragenetworkingcanbethemostchallengingpartofaCCNAdatacenterformanypeople.Whattripsupmostpeople,however,isn’tthatit’sextremelycomplicatedanddifficult;it’sjustthatit’sforeigntomanywithaCiscobackground.Onceyougettheconceptsdownandbecomefluentwiththenewterminology,you’llfeelalotmoreconfident!Youwillfindthatthestorageworldusesslightlydifferentterminologythanthatusedinthenetworkingworldtodescribeverysimilarprotocols.

Mostdatacenterswilluseacombinationofblockandfilestorage,soyoureallydoneedaworkingknowledgeofboth.Asyoustudythischapter,takehowevermuchtimeyouneedtoensurethatyouhaveaseriouslysolidgraspofSANboot,becauseonceyou’resavvywiththat,you’llhavethischapter’sconceptsnaileddown.

ExamEssentialsUnderstandblockandfilestorage.BlockstorageisusedwithSCSI,iSCSI,andFibreChannelprotocols.Blockstorage,whetherlocaloracrossthenetwork,requestsindividualsectionsofstoreddataresidingonastoragedevice.Filestoragecommunicatesacrossthenetworkbyrequestingfiles,anditisusedbyCIFSandNFS.

KnowFibreChanneltopologies.Point-to-pointtopologiesdirectlyconnectastoragearraytoaworkstation.FibreChannelArbitratedLoopisusedwithinstoragearrays.FabricswitchednetworksallowforcomplexnetworkstobecreatedusingFibreChannelswitchesthataresimilartoEthernetswitchesbutaredesignedspecificallyforstorageapplications.

RecognizethedifferentFibreChannelporttypes.PortsonendnodesareN_Ports.PortsonswitchesareFPortstoconnecttoendnodesandE_Portstoconnecttootherswitches.NLPortsconnecttoaFibreChannelhuborinanarbitratedloop.

RememberWorldWideNames.WWPNsrepresentaportonanHBAorstoragearray.WWNNsrepresentadevice.IfanHBAhasmultipleportsassignedtoit,thenitwillhavebothaWWNNandmultipleWWPNsassignedtoit.

Identifydifferencesbetweenzoningandmasking.Zoningisimplementedontheswitch,anditcontrolswhichendnodecancommunicatewithotherendnodes.Maskingisdoneonthestoragecontroller,anditcontrolswhichLUNsareaccessiblebywhichendnodes.

WrittenLab3YoucanfindtheanswersinAppendixA.

1. Examinethediagram,andidentifytheFibreChannelporttypesintheblanksprovided.

A. _______________

B. _______________

C. _______________

D. _______________

2. Examinethediagram,andidentifytheSANinitiatorandtheSANtargetintheblanksprovided.

A. _______________

B. _______________

3. Examinethediagram,andidentifythetechnologiesusedinaunifiednetworkintheblanksprovided.

A. _______________

B. _______________

C. _______________

ReviewQuestionsYoucanfindtheanswersinAppendixB.

1. WhatdeviceisusedtoconnectaservertoaFibreChannelSAN?

A. SCSI

B. NIC

C. HBA

D. JBOD

2. Aconvergedfabricconsistsofwhattwoprotocols?

A. ISL

B. Ethernet

C. FibreChannel

D. FLOGI

3. WhatuniqueaddressmusteachMDSswitchhaveassigned?

A. FLOGI

B. FCNS

C. ISL

D. DomainID

4. WhichprotocolencapsulatesstoragerequestsintoaprotocolthatcanberoutedoveraLAN?

A. FibreChannel

B. Ethernet

C. iSCSI

D. FCOE

5. WhenperforminganinitialsetuponaMDS9000seriesFibreswitch,whichtwoitemsarerequired?

A. Defaultzoneset

B. Date

C. Hostname

D. Defaultswitchportmode

6. Whichofthefollowingarefile-basedstorageprotocols?

A. CIFS

B. NFS

C. FibreChannel

D. iSCSI

E. FCoE

7. WhatistheporttypeforaFibreChannelHBAconnectedtoaFibreChannelhub?

A. N_Port

B. E_Port

C. NL_Port

D. F_Port

8. WhataretheporttypesbetweenaFibreChannelHBAconnectedtoanMDSswitch?

A. N_PorttoF_Port

B. E_PorttoN_Port

C. N_PorttoE_Port

D. F_PorttoE_Port

9. ThestorageinitiatorandtargetperformwhichfunctionwhenfirstconnectingtoaSAN?

A. VSAN

B. FLOGI

C. FCNS

D. Userauthentication

10. ASANfabricservicethatrestrictsinitiators’connectivitytotargetsisknownaswhichofthefollowing?

A. LUNmasking

B. VSAN

C. Zoning

D. Accesscontrollists

11. Multiplezonesbegroupedtogetherintowhichofthefollowing?

A. VSAN

B. LUN

C. Zoneset

D. SAN

12. WhatsegmentsaSANswitchingfabricwhereportsareassignedintoseparategroupingsontheMDS,runaseparateprocess,andcanonlycommunicatewiththemselves?

A. Zoning

B. VSAN

C. LUNmasking

D. ACL

13. WhatdevicesconnecttoaSANswitch?

A. JBOD

B. ACE

C. HBA

D. LAN

14. Whichofthefollowingareblock-basedstorageprotocols?

A. CIFS

B. NFS

C. FibreChannel

D. iSCSI

E. FCoE

15. WhatisthedefaultVSANID?

A. 4096

B. 10

C. 1

D. 32768

16. OntheMDS9000serviceFibreChannelswitches,whichfeatureistheequivalentofphysicalfabricseparation?

A. LUN

B. VLAN

C. Zoning

D. VSAN

17. HowwouldyoudeterminewhichportsareassignedtoaVSAN?

A. MDS#showvsan<VSANid>

B. MDS#showfcnsdatabase

C. MDS#showvsan<VSANid>ports

D. MDS#showvsan<VSANid>membership

18. WhichcommanddisplayswhetheranHBAisloggingintotheMDSfabric?

A. MDS#showHBAhost

B. MDS#showhostlogin

C. MDS#showfcns

D. MDS#showflogidatabase

19. ASCSItargetiscontactedbywhichofthefollowing?

A. Initiator

B. Originator

C. Source

D. Successor

20. WhatisthemaximumnumberofactivezonesetsonaMDS9500SANswitch?

A. 3

B. 256

C. 1

D. 1024

Chapter4DataCenterNetworkServices

THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:

6.0DataCenterNetworkServices

6.1DescribestandardACEfeaturesforloadbalancing

6.2DescribeserverloadbalancingvirtualcontextandHA

6.3Describeserverloadbalancingmanagementoptions

6.4DescribethebenefitsofCiscoglobalload-balancingsolution

6.5DescribehowtheCiscoglobalload-balancingsolutionintegrateswithlocalCiscoloadbalancers

6.6DescribeCiscoWAASneedsandadvantagesinthedatacenter

DataCenterNetworkServicesInthedatacenter,manyapplicationsarebestsuitedtorunonthenetworkitself,ratherthanonclientsorservers.Sincealltrafficflowsthroughthenetwork,specialdevicesandsoftwareapplicationscanbeinstalledatthisfocalpointtoprovideacentrallocationforvarioustypesofnetworkservices.

Manytypesoftechnologiesareincludedinthetermservice,suchasserverloadbalancing,networkingmonitoringandmanagementsystems,firewalls,intrusiondetectionsystems(IDS),intrusionpreventionsystems(IPS),networkanalyzers,andSSLoffloaddevices,aswellasotherservices.Bycentralizingtheseservices,

theburdenofinstallingandmaintainingsoftwareacrossmanyserverswithvaryingoperatingsystemsandclientscanbeeliminatedandconsolidatedintoacentralizednetworklocationforeaseofmaintenanceandmanagement.

TheservicedevicesresideattheAggregationlayerofthedatacenternetwork,andtheyareusuallygroupedtogetherinablockwithhighavailabilityandredundancy.Withthegrowthinvirtualization,itispossibletohaveonepieceofhardwareseparatedintomultiplevirtualserviceappliances.

StandardACEFeaturesforLoadBalancingTheApplicationControlEngine,orACE,isaCiscoproductlinethatisnearingtheendoflifebutistouchedonintheCCNADataCenterexambecausetheservicesitprovidesarerelevantregardlessofthehardwareproductsused.Wewillnotgointoallofthevarioustypesofserviceapplications,insteadwewillfocusonaverycommonapplicationserviceknownasloadbalancing.

Asworkloadsandconnectionsincrease,atsomepointasingleserverwillnolongerbeabletohandletheworkloadandscaletheperformanceofwebsitesandotherapplications,suchasDNSorFTPserverfirewallsandintrusiondetection/preventiondevices.Otherload-balancingfunctionsmayincludeoffloadingapplicationsandtasksfromtheapplicationserver,suchastheprocessingforSSL,compression,andTCPhandshakes.Also,byhavingmanyserversworkingtogetherandsharingtheload,redundancyandscalabilitycanbeachieved.

Serverloadbalancingiscommonlyfoundinfrontofwebservers.AsingleIPaddressisadvertisedtothewebserverviadomainnamesystem(DNS).ThisIPaddressisnotthatoftherealwebserver;ratheritisaninterfaceontheACEloadbalancer(seeFigure4.1).Astrafficforthewebsitearrivesatthisinterface,theACEbalancesthetrafficbydistributingtheconnectionstooneofmanyrealserversconnectedtoit.ThisIPaddressisknownasthevirtualIP,orVIP,anditabstractsthepoolofrealserversitrepresents.

FIGURE4.1ACEloadbalancer

TherealserverssitbehindtheACE,andtheyreceiveconnectionrequestsusingapredictor.Apredictoristhemethodtheloadbalancerusestodeterminewhichrealserverwillreceivethenextincomingconnectionrequest.Themostcommonpredictorsarelistedhere:

Round-robinThisisthedefaultmodeontheACEifnothingelseisconfigured.Thenextrequestsarehandedtowebserversonalistfromfirsttolast,andthentheprocessisrepeated(seeFigure4.2).

FIGURE4.2Round-robinpredictor

Least-loadedTheloadbalancercanlookwithinitsconnectiontablesandseewhichserverhastheleastnumberofconnections,orload,asapredictor,asshowninFigure4.3.AllowancescanbemadefortheserverforCPUsizeandutilization,memory,andothermetrics.

FIGURE4.3Least-loadedpredictor

HashingHashingoccurswhenahashiscreatedusingametricsuchasthesourceIPaddress,anHTTPcookie,ortheURLofthewebsite.Thishashisthenusedtomakesurethatanotherconnectionrequestfromthesamesourcewillreachthesamewebserver(seeFigure4.4).

FIGURE4.4Hashingpredictor

Serverresponsetimesandleastnumberofconnectionsareexamplesofotherpredictorsthatcanbeconfiguredonaloadbalancer.AnexampleofleastnumberofconnectionsisshowninFigure4.5.Withtheresponsetimemetric,theACEwillprobetherealserverstoseewhichonehasthefastestreply,anditwillassignanewconnectionrequesttothatserver.Thistakesintoaccountsuchmetricsasprocessorspeedandcurrentprocessing,anditisamoreaccuratemetricthanround-robin.

FIGURE4.5Leastnumberofconnectionspredictor

AnothercomponentoftheACEishealthchecks,whicharealsosometimescalledprobes,asshowninFigure4.6.Probestestthehealthoftherealservers.Theloadbalancerisconstantlycheckingthehealthoftheservers,andiftheyfallbelowaspecifiedthresholdorfailcompletely,theyaretakenoutofrotation.HealthcheckscanbeasbasicasapingoraselaborateasperforminganHTTPGEToperationforapieceofdataonabackendstoragearray.

FIGURE4.6Health-checkingprobes

ThestepstoconfigurealoadbalancerincludedefiningtherealserversbyIPaddressand,usually,theTCPportandthenassigningthemintoapoolorfarmofotherserversthatwillbeusedinloadbalancing.ThevirtualIPisassociatedwiththepool.Otherconfigurationitemsincludethedesiredpredictoralgorithmandthehealthchecks.

ServerLoadBalancingVirtualContextandHATheACEproductfamilysupportsvirtualdevicecontextsonasinglehardwareplatform.Thevirtualdevicearchitectureallowsupto250virtualdevicecontextstobeconfiguredonasinglepieceofhardware.Eachcontextiscompletelyseparateandisolatedfromtheother.Itisalmostasifthereare250separateloadbalancersinasingleACE!ThissavesonpowerandcoolingcostsandthenumberofACEdevicestomanage.

Sincealoadbalancerisacriticalpieceofdatacenterequipment,anditsitsbetweentheInternetandthewebservers,itisimportanttodeploytheminpairsinahighavailability(HA)arrangement.TheACEserversareconnectedwithanHAEthernetlinkthatsynchronizesconfigurationandconnectiontableinformation.TheACEappliancemonitorsthehealthofitspairedACE,andit

willtakeovertheloadbalancingshouldtherebeafailureofoneoftheACEloadbalancersinthepair(seeFigure4.7).

FIGURE4.7ACEHApair

Highavailabilitycanbeeitheractive-active,wherebothACEserversareoperationalandreadytotakethefullworkloadiftheotherfails,oractive-standby,whichisthemostcommonstatewhereoneACEisthemasterandastandbyiswaitingtotakeovershouldthemasterfail.

ServerLoadBalancingManagementOptionsInadditiontothecommand-lineinterface(CLI)fortheACEappliance,thereisalsoCiscoACEDeviceManagersupport,whichprovidesaGUIinterfaceaswellasSNMPsupport(seeFigure4.8).

FIGURE4.8CiscoACEDeviceManager

Multiplerole-basedoptionsareavailable.Youcanconfigurevirtualcontexts,loadbalancing,highavailability,andmanyotheroptionsfortheACEDeviceManager.Thegraphicalinterfaceallowsfordetailedviewingofload-balancingstatisticsformonitoringandmanagingtheACEappliances.

BenefitsoftheCiscoGlobalLoad-BalancingSolutionTheCiscoGlobalSiteSelectorusestheDNSfunctiontooptimizeconnectionrequestsbasedonvariousmetrics(seeFigure4.9).ItintegrateswiththeDNSserverinfrastructureanddirectsincomingconnectionrequeststoremoteorlocalsites.Forexample,allconnectionrequestsinEuropecanbedirectedtoacompany’sEuropeandatacenterinsteadofcrossingtheoceantoanAmericansite.Wecanextendthisfordisasterrecovery;thatis,shouldtherebeafailure,allrequestscanberedirectedtoanotherlocation.

FIGURE4.9CiscoGlobalSiteSelector

Thedatacenterloadmaybeconsideredwhendeterminingwheretosendconnectionrequests,aswellascapacityorcompanypolicies.Also,denial-of-service(DoS)attackscanbeaddressedwithoptionalDDoSprotectionfeatures,suchasblockingDNSrequestsifaDDoSattackisdetected.

ByintelligentlydistributingconnectionswiththeACEglobalload-balancingsolution,userswillexperiencefasterresponsetimes,lessWANbandwidthutilizationonlong-distanceconnections,andbetterdatacenterutilizationandredundancy.

CiscoWAASNeedsandAdvantagesintheDataCenterAsremoteserversandapplicationsarebeingconsolidatedfrombranchlocationstothedatacenter,thereisnowthenewchallengeofdeliveringthesamelevelofserviceremotelyfromthedatacenterthatwasexperiencedwhentheserversresidedlocally.

residedlocally.

TheCiscoWideAreaApplicationServices(WAAS)productlineprovidesWANaccelerationthatgivesremotelocationsLAN-likeresponsetocentrallylocatedstorage,applications,andserversinthedatacenter.WAASservicesacceleratetheperformanceofTCP-basedapplicationsacrossawideareanetwork.WAASreduceslatencyandtrafficacrossawideareanetwork.

WAASservicesallowconsolidationofstorage,applications,printservices,andasinglemanagementlocationbyusingcompression,TCPoptimization,andcachingoffilesbetweenthedatacenterandtheremotebranches.

WAASservicesusemanydifferenttechnologiestoaccomplishWANacceleration.Differentcompressiontechniquesareused,suchasLZandDRE,whichcompressthedatabeforesendingitacrosstheWANlinkandthenperformadecompressionoperationattheremotesitetoincreasethroughputacrossWANlinksthataremuchslowerthanLANspeeds.AttheTransportlayer,WAASemploysTCPmodificationofthewindowsizeandspecializedcongestionmanagementprocesses.AdditionalfeaturesincludefileandprintserverdrivecacheandDHCPservicesattheremotelocations.

TheWAASserviceisdesignedtointegratewithotherservicesonthenetwork,suchasfirewallsandtheACEproducts.TheWAASservicesresidebetweentheclientsattheremotesitesandtheserversinthedatacenter.TheclientandtheserveraretotallyunawarethattrafficisbeingoptimizedacrosstheWAN.Thisisatransparentfunction,becausetheWAASservicesaredeployedinthemiddleanddependonadeviceatboththedatacenterandremotesite.Thesedevicescanbeadedicatedappliance,softwareinahigh-endrouter,oranetworkmoduleinstalledinarouter.

InadditiontotheCLI,aCentralManagerapplicationforWAASprovidesagraphicaluserinterface,managesalloftheWAASservices,andallowscentralcollectionofstatisticsanderrormessages.

SummaryWhilenetworkservicesarenotabigpartoftheCCNADataCenterExam,theyplayacriticalroleinoperations,monitoring,andtroubleshootinginamoderndatacenter.

Sincethenetworkisthecoreofthedatacenter’sconnectivity,andalldatacrossesthenetwork,itisusefultoplaceservicemoduleshereinsteadofattheendpoints,servers,orotheredgedevices.

Manydifferentservicescanbeplacedonthenetworksuchasloadbalancers,intrusion-detectionandpreventionmodules,firewalls,packetcapturedevices,andSSLoffload.

ExamEssentialsUnderstandbasicACEload-balancingfunctions.Itisimportanttounderstandexactlywhatloadbalancingis,thattheVIPistheincomingIPaddressoftheloadbalancer,andthatrealserversareconnectedtosharetheloadoftheservice.TheserviceisgenerallyHTTP/webaccess,butotherprotocolscanbeloadbalanced,suchasDNSandFTP.HealthchecksthatrunfromtheACEtotherealserversmakesuretheapplicationisoperationalsothattheservercanremaininservice.Thereareseveraltypesofload-balancingmetrics,withround-robinbeingthedefaultandmostcommonapproach.

Understandglobalserverloadbalancing(GSLB).Knowthatglobalserverloadbalancinglocalizestraffictothenearestdatacenter,andthatitcanmodifyDNSrepliestotheclienttodirecttraffic.Itisalsousedfordisasterrecoveryandloadsharingbetweenlocations.

WrittenLab41. Explainwhatloadbalancingisandwhyitisusedinmoderndatacenters.

2. Nameandexplainfourload-balancingpredictortypes.

3. Whatishighavailabilityinloadbalancing?

4. WhatisthefunctionofCiscoDeviceManager?

5. Globalserverloadbalancingsolveswhatdatacenterneeds?

6. BrieflydescribeWideAreaApplicationServices(WAAS).

ReviewQuestionsYoucanfindtheanswersinAppendixB.

1. Whatisthedefaultload-balancingpredictorontheACE4710appliance?

A. Hashing

B. Round-robin

C. Responsetime

D. Leastnumberofconnections

2. Whichofthefollowingallowsgeographicalconcentrationofdatacenteraccess?

A. DNS

B. ACE-GLB

C. Hashing

D. VDC

3. Theadvantagesofgloballoadbalancingincludewhichofthefollowingoptions?(Choosethree.)

A. Fasterresponsetimes

B. LessWANutilization

C. Datacenterredundancy

D. Predictorutilization

4. WhichapplicationprovidesGUIsupportforconfiguringaCiscoACEloadbalancer?

A. ASDM

B. UCSM

C. CDM

D. ACEDM

5. Whichofthefollowingarenetworkservicesforsecurity?(Choosethree.)

A. IDS

B. IPS

C. Firewalls

D. SSLoffload

6. Whatload-balancingtechnologyusesametrictoensuresessionpersistence?

A. Predictor

B. Hashing

C. Persistence

D. Probes

7. Inthetieredmodelofdatacenterdesign,wheredotheservicesmodulesattach?

A. Accesslayer

B. Corelayer

C. Aggregationlayer

D. Networklayer

8. Whatarethreeadvantagesofusingvirtualdevicecontextsonservicemodules?

A. Reducedrackspace

B. Reducedpowerrequirements

C. Reducedneedforcooling

D. Physicalseparationofservers

9. Whatarethreeadvantagesofcentralizingnetworkservices?

A. Youdonothavetoinstallsoftwareonmanyservers.

B. Easeofmaintenance.

C. Distributedcontrol.

D. Easeofmanagement.

10. Whatnetworkserviceallowstheconsolidationofstorage,applications,printservices,andasinglemanagementlocationbyusingcompression,TCPoptimization,andcachingoffilesbetweenthedatacenterandtheremotebranches?

A. ACE

B. Predictor

C. WAAS

D. NAM

11. DNSandFTPserverscanscaletohandlelargeworkloadsbyusingwhat

networkservice?

A. WAAS

B. Firewalls

C. ACE

D. VDC

12. Onserverloadbalancers,theIPaddressoftheloadbalancerthatisadvertisedtotheworldonDNSiscalledwhat?

A. VRF

B. STP

C. VIP

D. OTV

13. ACEloadbalancersareconstantlycheckingthehealthoftherealserversconnectedtothemusingwhat?(Chooseone.)

A. Hashing

B. Probes

C. VIPs

D. Round-robin

14. Datacenterservicemodulesconnectatwhichlayerofthedatacentermodel?

A. Access

B. Core

C. LAN

D. Aggregation

15. WAASservicesallowtheconsolidationofwhichservices?(Choosetwo.)

A. Storage

B. Printservices

C. Intrusiondetection

D. Loadbalancing

16. Denial-of-service(DoS)attackscanbeaddressedwithoptionalDDoS

protectionfeaturesusingwhichofthefollowing?

A. WAAS

B. GlobalSiteSelector

C. CiscoDeviceManager

D. Intrusionprevention

17. Whichofthefollowingisanetworkingsecuritydeviceorsoftwareprogramthatallowsforfilteringandsecuritybetweentwointerconnectednetworks?

A. Loadbalancer

B. Siteselector

C. Firewall

D. Intrusiondetection

18. ToconfigurerealserversonACE,whatisneededtodefinetheserver?(Choosethree.)

A. IPaddress

B. VirtualIPaddress

C. Pooling

D. TCPport

19. WAASservicesusewhichofthefollowingtechnologiestoaccomplishWANacceleration?(Choosethree.)

A. Windowsizemodification

B. Firewalls

C. Cache

D. LZcompression

20. Highavailabilityallowsbackupofloadbalancers.WhataretwotypesofACEhighavailabilityconfigurations?

A. Peering

B. Active-active

C. Active-standby

D. Master-slave

Chapter5Nexus1000V

THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:

4.0.DCVirtualization

4.1.Describedevicevirtualization

4.2.Describeservervirtualization

4.3.DescribeNexus1000v

4.4.VerifyinitialsetupandoperationforNexus1k

Untilthesoftware-onlyNexus1000Vswitchesarrivedonthescene,CiscoswitcheswerecomposedofhardwareandtheCiscosoftwarerunningonit.Thisverycoolswitchisvirtual,softwareonly,anditworksonx86serversrunningspecialHypervisorsoftware.

Ifyoudidn’talreadyknowthatvirtualizationisthebiggestleapindatacentertechnologyinadecade,youshouldrecognizethatit’saparadigmshift;thatis,millionsofvirtualmachineshavebeendeployed,andallofthemmustconnecttothephysicalnetworkandtoeachother.Predictably,virtualswitchesarewhatwerelyontomakethiskindofcommunicationhappen,sowe’regoingtocheckoutacoupleofdifferenttypesbeforewefocusontheCiscoNexus1000V.Youshouldgetveryusedtovirtualization,becauseCiscoisvirtualizingevenmorenetworkgoods,suchasfirewallsandgateways.

VirtualSwitches

Okay,Irealizethatnetworkingwasagreatdealeasierbeforevirtualizationwasintroducedtothedatacenter.ServersranasingleOSandwereusuallydedicatedtoaparticulartask—wehadmailservers,webservers,adatabaseserver,andsoforth,andeachoneofthesewasconnectedtoaportonaswitch,asshowninFigure5.1.

FIGURE5.1Traditionalservers

Sometimesserverswereconnectedtomultipleportsforredundancy,addingfaulttoleranceandmakingnetworkadministrativedutiesmorestraightforward.Serveradminswouldmakeanannouncementaboutanewwebservercomingonline,andaportwasassignedtoconnectitrightup.Ofcourse,wehadtoconfigurethatportforthecorrectVLANandpolicieslikeport-specificsecuritysettings,butthatwasn’ttoohard.Forthesakeofexample,let’sputthewebserverportonVLAN20andallowTCPtrafficdestinedtothecommonwebports,80and443.Thewebserverwouldthenconnecttotheappropriateport,asyoucanseeinFigure5.2.

FIGURE5.2Traditionalpoliciesandcontrol

Thistraditionalwayofdoingthingsgaveusindividualcontrolofeachserverandthelinesofresponsibilitywereclearlydrawn:Serveradministratorstookcareofservers,networkadministratorstookcareofnetworking,andthestorageadministrationteamhandledstorageduties.Storageisthethirdsilo.IfaserverbecamecompromisedwithsomethinginvasivelikeaTrojan,avirus,oraworm,intelligentintrusion-preventionsoftwareorantivirussoftwarewouldpolicetheattack.Itmonitoredthenetwork,trackeddowntheroguetraffic’sorigin,andthendecisivelyshutdownthecorrespondingport.So,iftheemailserverwascompromised,wewouldhavejustshutdownthatspecificportuntiltheserverwaspatchedandrepaired.Thisone-to-onerelationshipbetweenserversandinterfacesonaswitchwasoneofthethingsthatmadenetworkmanagementsuchabreeze!

ServerVirtualizationThewindsofchangeblewinwiththevirtualizationofservers,whichrevolutionizedthedatacenterbyallowingmultiple,logicalserverstorunonasinglephysicalbox.IntelhasdevelopedastoundinglypowerfulCPUsthatcan

pullthisoffwithoutahitch.Thenewmemoryarchitectureallowsforatremendousamountofmemoryperphysicalserver,andwiththesemassiveresourcesatourdisposal,wecanrunalegionofvirtualmachinesonasinglehost!

Figure5.3displaysasimpleexampleofserverandnetworkvirtualization,wherethephysicalhostonthelefthastwovirtualmachines,onerunninganemailserver.Theoneontherighthasasinglevirtualmachinethat’srunningSharePointServer.Thesedevicesaren’tawarethatthey’revirtualizedorthatthey’resharinghardwarewithothervirtualmachines,becausefromtheirperspectiveitappearsthattheyhavededicated,physicalsystems.Boththeemailserverandthewebservermustaccessnetworkresourcesviathephysicalnetworkinterfaceonthehost.Thisfactprettymuchscreamsthatwereallyneedawaytomanagetheiraccesstothephysicalnetwork.Anditdoesn’tendthere—communicationsbetweentheseserversmustalsobecontrolledatthevirtuallevel!

FIGURE5.3Serverandnetworkvirtualization

Thekeytomakingthisfeatofvirtualizationpossibleisacomponentcalledahypervisor.Thisimportantpieceofsoftware,suchasVMwarevSphereorMicrosoftHyper-V,allowsustocreatemultiple,logicallydefinedmachinesfromasinglephysicaldevice.

NetworkConnectivity

Networkconnectivityinsidethephysicalhostisvitaltounderstand.Figure5.4illustratesthebasiccomponentsthatpermitcommunicationtoandfromvirtualmachines.Eachofthesedeviceshasoneormorevirtualnetworkinterfacecards,orvnics,whichconnecttoavirtualportonavirtualswitchthatbehavesjustlikeaphysicalswitchdoes—only,wecan’ttouchit!WetakethephysicalNICandchopitupintoabunchofvirtualNICsthatwecanthenattachtothevirtualmachinesrunningonthehypervisor.TrafficfromthevirtualmachineisreceivedbythevirtualswitchandfloodedorforwardedbasedonitsMACaddresstables.Furthermore,trafficfromallvirtualmachinesonagivenphysicalhostthat’sdestinedforlocationsoutsideofitmustexitthroughphysicalinterfaces.Allofthisbegsthequestions:Where,exactly,doweimplementpoliciesonthephysicalswitch,andwheredowedothatonthevirtualswitchaswell?

FIGURE5.4Networkconnectivity

Figure5.5describespoliciesinavirtualenvironment,anditshowsthattheycanbeimplementedinmultiplelocations.Let’stakealookatthevirtualswitchfirstandtalkabouttheconnectivityaspectsofthevirtualmachine,includingVLANspecificsandsecuritypolicies.

FIGURE5.5Policiesinavirtualenvironment

VirtualmachinesareoftenlocatedindifferentVLANs,sotheinterfacecomingoutofthephysicalhostmustbeintrunkmodewhenitconnectstothephysicalnetworkswitchesinordertocarrytrafficfrommultipleVLANs.WecanalsoimplementpoliciesonthephysicalswitchtocontroltrafficbasedontheMACaddressorIPaddress.

EventhoughtheNexus1000VsupportsboththeMicrosoftHyper-VandVMwarevSpheresolutions,we’regoingtofocusonaVMwaresysteminordertocorrelatewiththeexamobjectives.

Figure5.6providesasnapshotofwhat’sgoingoninsidethephysicalVMwareserver.Seethatportgroup?Portgroupsareusedtodefinevariouscharacteristicsofoneormoreportsonavirtualswitch,butusuallyweusethemtodefineVLANs.

FIGURE5.6Insidethephysicalserver

Sofar,we’vebeentalkingaboutvirtualmachineportgroupsbecausethey’rethemostcommon.Normalday-to-daymanagementofavirtualnetworkusuallyrevolvesaroundvirtualmachineportgroups.Butthere’saspecialtypecalledaVMkernelportgroupthat’susedforaccessingIP-basedstorage,hypervisormanagementtraffic,andvirtualmachinemigration.ServiceconsoleportsareusedonolderESXserverstoprovideacommand-lineinterface(CLI).

StandardVirtualSwitchVMwarevirtualswitchesareprettyeasytoconfigure.JustlogintothemanagementinterfaceviathevSphereGUI,webclient,orCLI,createtheportgroup,andthendefinetowhichVLANitbelongs.ThestandardvirtualswitchisincludedinVMwareEssentials,EssentialsPlus,Standard,andEnterpriseversions.

Whenyoucreateavirtualmachine,thevirtualnetworkinterfaceisassignedtoaportgroup.Usingtemplatesmakesthingseveneasierbecausetheyletyoucreateawholebunchofsimilarvirtualmachines.WhenusingVMware’sstandardvSwitches,keepinmindthattheymustbeconfiguredindividuallyoneachhost.Anotherimportantfactoristhattheydon’treplicate,soanychangesmadetoone

host’sstandardvSwitchmustbemanuallymodifiedonalloftheotherstandardvSwitchesifyouwantconsistency.Thisincreasesthemanagementeffort,thatis,havingtoconnectandmakechangestoeachindividualstandardvirtualswitch.UnderstandthatcoolfeatureslikevMotionwillfailifthestandardvSwitchconfigurationsaren’tconsistentamongallhosts!

AVMwareserverhasthecapacityformorethanonestandardvirtualswitch(vSwitch)tobeactiveatthesametime.RemembertheseareLayer2switches,sotheyprovidebasicfunctionalityforportchannels,CDP,andtrunking.

Clearly,standardswitchconfiguration,asshowninFigure5.7,cangetalittlecomplicatedifyouhavemanyservers,becauseyoumustconfigureeveryhostseparately.ThismeansthatifyouwanttocreateVLAN20onallsixofthesehosts,youwouldhavetoconnecttoeachoneandcreateVLAN20oneverystandardswitch.Thistypeofconfigurationcancreatenumerousproblems.Besidesthetediumandoverheadissues,there’stheveryrealthreatofamisconfigurationbetweenstandardswitches.

FIGURE5.7Standardswitchconfiguration

CheckouttheexampleinFigure5.8,wherewewanttovMotionavirtualmachinethat’scurrentlyassociatedwithaportgroupassignedtoVLAN20.vMotionpermitsalivemigrationofourvirtualmachinefromonephysicalhost

toanotherwhilethevirtualmachineisrunning.Ofcourse,thevirtualmachinethat’sbeingvMotionedexpectstofindthesameenvironmentonthedestinationhostthatexistsonthesourcehost.Ifthatdoesn’thappen,themachinewon’thavethenecessaryresourcestocompletetheprocessandvMotionwillfail.

FIGURE5.8FailedvMotion

Thisiswhystandardvirtualswitchesaregreatforsmallenvironmentsbutnotforlargedatacenterenvironments—theyjustdon’tscaleupwellenough.Forthatreason,we’regoingtomoveontoexplorethewondersofthedistributedvirtualswitch.

VMwareDistributedVirtualSwitchSohowdoyougoaboutsecuringaconsistentconfigurationforeveryoneofyourvirtualswitches?Youhavetocentralizetheconfigurationintoasinglepoint,that’show!TotherescuecomessomeverysweettechnologycalledVMwaredistributedvirtualswitch(DVS).DVScomesonlyintheEnterprisePluseditionofVSphere,anditisrequiredifyouplantoinstalltheCisco1000Vswitches,becauseitincludesalloftheapplicationprograminterfaces(APIs)requiredforthirdpartiestoinstalltheirvirtualswitchesintoVMWare.ItworksviaacentralizedmanagementserverwithinVMwarecalledvCenter,whichprovidesawaytomanageadistributedvirtualswitch.TheideaisforasinglelogicalswitchtoservetheentireVMwareenvironment,asshowninFigure5.9.

FIGURE5.9Distributedvirtualswitch

Tomakethishappen,youhavetologintovCenter,gotoDVS,andcreateanewportgroupforVLAN20.Itworkslikethis:OncetheportgrouphasbeencreatedinDVS,vCenterwillthenreachouttoeachphysicalserverassociatedwiththatspecificDVStocreateorreplicatetheportgrouponeveryoneofthosemachines.ThisishowDVSsecuresconsistentconfigurationthroughoutyourenvironment.

Asifthatwasn’tcoolenough,DVScanimpressivelytrackavirtualmachine’sportgroup,itspolicy,andstatistics,evenifthatvirtualmachinevMotionsfromonehosttoanotherhost—sweet!

EventhoughVMware’sDVSprovidesasuper-sleeksolutionformanagingawholebunchofvirtualswitchesatonce,youstillhavetwochallengingissuestotacklewiththistypeofimplementation.Thefirstoneisthatjustbecauseyouhaveacompletelyfunctionalswitch,itdoesn’tmeanthatyoualsohavealloftheadvancedcapabilitiesthatamodern,physicalswitchfromCiscoorothermajorvendorhas.YoursecondchallengepresentsitselfinFigure5.10.Inthefigure,youcaneasilyseethatactuallyyounowhaveaCiscoswitchplusaVMwareswitchtomanage—twodistinctlydifferenttypes!

FIGURE5.10Networkadministrationinavirtualenvironment

Thisisaproblem—andabigoneatthat.Ciscoadministrators,whoareusedtohavingsupremecontrolovertheirnetworks,arenowfacedwithmanaginginaVMwareenvironmentinadditiontotheirnativeCiscoenvironment.Andthey’renotalone—VMwareadminsmustnowdealwithanunfamiliarCisconetworkand,predictably,thiskindofsplitadministrationcancausealotofgrief!Becausethenetworkingteamcanonlybeinchargeoftheconnectiontothephysicalswitch,theyalsolosesomevisibilityintothevirtualnetworkandtheaccessportsthatconnecttothevirtualservers.Thiscomplicatestroubleshooting,anditdoesnotallowforsecurityfeaturestobeimplementedinsidethevirtualswitch.Withthelossofmanagementandmonitoringtoolsinthestandardswitchconfigurations,amoreefficientapproachwasneeded.RollingoutasimpleVLANnowrequirestwototallydifferentgroupsofadministrators.Theproblemisn’tsimplythatyounowhaveadistributedvirtualswitch.Atitscore,theproblemisthatthenewswitchisn’taCiscodistributedvirtualswitch,whichleadsstraighttotheNexus1000Vforthesolutiontothisdilemma!

Nexus1000VSwitchThereasonthattheNexus1000Vswitchissuchatightsolutionisthatthisdeviceis,infact,adistributedvirtualswitchthatalsohappenstoberunninga

CiscoNexusNX-OSoperatingsystemwithanextensivelistofvaluablefeatures.The1000VactuallyreplacestheVMwaredistributedvirtualswitchinaVMwareenvironment,whileitfullyappearstotheVMwareadministratorasjustanothertypeofdistributedvirtualswitch.CiscoadministratorsaregivenabonafideCiscoNexusswitchdevicerunninginthevirtualenvironment,andtheycanuseallofthetoolsandcommandswhilegettingeverybitofthefunctionalitytowhichthey’vegrownaccustomed.Thisisarareandvaluablewin-winsolutionforall!

Ofcourse,allofthismeansthatthewholeadministrationmodelforthenetworkmustchange.VMwareadministratorsarenolongerresponsibleformanagingthevirtualnetwork,andrelievedofthatburdentheycannowfocusallresourcesonadministeringvirtualmachines.Wheneverachangeneedstobemadeonthenetwork,eitherphysicallyorvirtually,theCiscoadministratorwillbeabletohandleitwithoutpause.Thisalsonowgivesthenetworkteamtheabilitytomanagethenetworkallthewaytothevirtualmachine’sNICcard,anditgivescompletevisibilitytothenetworkmanagementtools.

Asofthiswriting,therearethreedistinctswitchtypesavailableinavirtualenvironment:

Standardvirtualswitchesconfiguredonaper-hostbasis.

VMwareDVSformanagingasinglelogicalswitchthatspansmultipleserversusingVMwaretools.Theaddedfeaturesofthestandardswitchincludeportmirroring,QoS,inboundtrafficshaping,NICteamingbasedonthetrafficload,netflowtrafficmonitoring,LACP,andLLDP.

TheNexus1000VDVSthatpermitsuseofCiscotoolsandaddedfunctionalityovertheVMwareDVSincludingaccesscontrollists,portsecurity,SPAN,ERSPAN,privatevLANs,andQoSmarking.Therearealwaysnewfeaturesbeingaddedwitheveryreleaseofallthreetypesofswitches,soitisbesttocheckonlinetoseeifthefeaturesthatyouneedhavebeenaddedtothevirtualswitches.

WhenVMwaredesignedthenetworkingarchitecturefortheirservers,theywiselycreatedapluggablesystemwherethird-partyvendorscouldcreatemodules.ThesewereaddedtotheEnterprisePluseditionofVSphere,andtheyarepartofthedistributedswitch.Ciscowasthefirstcompanytobite,creatingadistributedvirtualswitchforVMware.IBMwasthenextcompanyupwiththeintroductionofthe5000Vdistributedvirtualswitch.

Nexus1000VComponentsTheNexus1000VwasdesignedtoemulateotherCiscolargeswitches.Atypicaldatacenterchassis-basedswitchhastwosupervisormodulesformanagingtheswitch,plusanumberoflinecardsthatprovidenetworkconnectivityandforwardtraffic.

VirtualSupervisorModuleDiggingalittledeeper,theVirtualSupervisorModule(VSM)isthebrainoftheNexus1000V.Itiswhereallconfigurationandmanagementoccurs.TheVSMisinchargeofallmanagementandcontrolfunctionsofthevirtualNexusLayer2switch.However,itisnotinchargeofactuallypassingdataframestoandfromthehostinterfaces.

TheVSMissimilartoafullyfunctioningNexus7000seriessupervisormodule.TheVSMalsocommunicateswiththevCentermanagersothatthemanagementdomainsfromtheCiscoNX-OSoperatingsystemandthevCentercanshareadministrationandconfigurationinformation.ItisrecommendedthatyouinstalltwoVSMs,justastherearetwosupervisormodulesonaphysicalswitch,whichprovideredundancyandaddedstabilitytothenetwork.TheVSM’svirtualappliancecanalsobeinstalledonstand-alonehardwaremadebyCiscocalledthe1010.

TheVSMisinstalledasavirtualapplianceontwoseparateESXihosts.Technically,youcouldinstallthembothonthesamephysicalserver,butifyoudidandtheserverwentdown,youwouldeffectivelyloseallabilitytomakeanychangestotheswitchingenvironmentandtheveryfaulttolerancethatyou’reattemptingtobuild.Foradditionalfaulttolerance,youcanevenruntheVSMsintwocompletelydifferentdatacenterstoallowforresiliencyandhotstandbyshouldyoueverloseconnectionsbetweenlocations.

EachVSMrunsacopyoftheNexusOperatingSystem(NX-OS)that’sverysimilartotheonethat’srunningonthephysicalNexusswitches.Forthoseofyouwhojusthavetohavesomehardwareintherack,CiscoalsomakesapplianceversionsoftheVSMcalledthe1010andthe1100Vvirtualserverappliances.YoucanconnecttotheVSMcommand-lineinterfaceandexecutecommandswithwhichyouarealreadyfamiliarlikethis:

n1000v#configt

n1000v(config)#

n1000v(config)#vlan5

n1000v(config-vlan)#

n1000v(config)#showvlanid5

n1000v(config)#copyrunning-configstartup-config

n1000v#ping172.28.15.1

PING172.28.15.1(172.28.15.1):56databytes

Request0timedout

64bytesfrom172.28.15.1:icmp_seq=1ttl=63time=0.799ms

64bytesfrom172.28.15.1:icmp_seq=2ttl=63time=0.597ms

64bytesfrom172.28.15.1:icmp_seq=3ttl=63time=0.711ms

64bytesfrom172.28.15.1:icmp_seq=4ttl=63time=0.67ms

---172.28.15.1pingstatistics---

5packetstransmitted,4packetsreceived,20.00%packetloss

round-tripmin/avg/max=0.597/0.694/0.799ms

YoucanseeifthereareanyotherVSMsbesidestheonetowhichyouareconnectedbyexecutingtheshowmodulecommand:

n1000v#showmodule

ModPortsModule-TypeModel

Status

-------------------------------------------------------------

---------

10VirtualSupervisorModuleNexus1000V

ha-standby

20VirtualSupervisorModuleNexus1000V

active*

3248VirtualEthernetModuleNAok

ModSwHw

------------------------

14.2(1)SV1(4)0.0

24.2(1)SV1(4)0.0

34.2(1)SV1(4)VMwareESXi4.1.0Releasebuild-208167(2.0)

ModMAC-Address(es)Serial-Num

---------------------------------------------------

100-19-07-6c-5a-a8to00-19-07-77-62-a8NA

200-19-07-6c-5a-a8to00-19-07-79-62-a8NA

302-00-0c-00-03-00to02-00-0c-00-03-80NA

Youshouldfindthreemodulesintheoutputofthiscommand.TwoofthemareVSMs,butonerepresentsamodulethatwehaven’tdiscussedyet—theVirtualEthernetModule(VEM),whichwe’llgettoinaminute.Fornow,focusonthefirstsupervisormoduleintheright-handcolumninthepreviouscodesnippetthatsaysha-standby.Thisindicatesthatthatmoduleisn’tcurrentlyinchargeofoperations.Thesecondone,whichispresentlyincharge,isindicatedbythe

active*notation.DidyounoticethatthesecommandsarethesameastheyareonotherphysicalNexusswitches?Goodjob!

VirtualEthernetModuleRememberthis—theVirtualEthernetModuleisinstalledoneachVMwareESXiserver’shypervisorkernel,andonlyoneinstanceissupportedperhostthat’sgoingtobemanagedbytheNexus1000Vswitchsupervisormodules.Itworksasaremotelinecard,anditisresponsibleforforwardingframes.NoconfigurationisapplieddirectlyontheVEM;it’sperformedontheVSMinstead.TheVEMisinchargeofpassingserverdatatoandfromtheexternalphysicalnetworkandthevirtualinterfacecards.Itdoesnotpassthedatathroughthesupervisormoduleatall.AsingleNexus1000VswitchcanaccommodateuptotwoVSMsand64VEMs,butbeinglimitedto64VEMsrarelyfactorsintoimplementationbecausemostVMwareclusterstypicallycontainonly8–16servers.

CommunicationbetweentheVEMandVSMTheremustbeapathtosendtheinformationtotheVEMofeveryhostforaconfigurationcommandtobeenteredontheVSM.Therealsomustbeapathforthetrafficcreatedwhenamessagethat’sdestinedfortheVSMisreceivedbytheVEMfromthenetwork.VLANsarethetoolsthatwetypicallyusetocreatethesethree,separatenetworks,allofwhichareusedtocommunicatewiththeVSM:

ThecontrolVLANthatcarriesconfigurationinformationbetweentheVSMandtheVEMs,anditalsoprovidescommunicationamongVSMsandkeepaliveheartbeats

ThepacketVLANthatcarriesnetworkinformationlikeLACP,NetFlow,SNMP,andCDP

ThemanagementVLAN,whichisusedbyanadministratortoconnecttoandmanagetheVSM

CommunicationbetweentheVSMandvCenterIt’sreallyimportanttonotethattheconfigurationthat’simplementedontheVSMmustnotonlybesenttotheVEMbutalsobereflectedintheVMwarevCentertobeusedbytheVMwareadministrator.Tofacilitatethis,VMwarehascreatedanapplicationprograminterfacecalledVirtualInfrastructure

Methodology(VIM),whichisusedbyaNexus1000Vtosendnetworkconfigurationinformation.

ButwhatgivestheNexus1000VpermissiontomakechangestothevCenternetworkconfiguration?Aspecialsecuritycertificatefromthe1000VcalledaServerVirtualizationSwitch(SVS)connectionisinstalledintovCenter,givingitthisauthority.Youcanverifyitfromthecommandlinelikethis:

n1000v(config-svs-conn#)showsvsconnectionsvc

connectionVC:

hostname:12.8.1.1

protocol:vmware-vimhttps

certificate:default

datacentername:MyDC

DVSuuid:6dfd375037450564-b9a4904e66

configstatus:Enabled

operationalstatus:Connected

n1000v(config-svs-conn#)

Okay—there’sabitofinformationhere,buttherealkeyisfoundtowardthebottomofthecodesnippetwhereitindicatesthattheoperationalstatusis“connected.”ThisisimportantbecauseittellsyouthattheSVSconnectionisworkingandthatthe1000VswitchcanpassconfigurationandoperationalinformationtovCenteroverthemanagementnetwork.

PortProfilesYoualreadyknowthatVMwareusestheconceptofportgroupsfordefiningasetofnetworkcharacteristicsandpolicies,butyouprobablydidn’trealizethatthe1000Vusesasimilarconstructcalledaportprofile.Portprofilesareusedtocreateagroupofsettingsthatcanbeappliedtooneormoreinterfaces.Thissavesyoualotofconfigurationeffortandreducesthechanceforerrors.Allyouneedtodoismaketheportprofileandthenassignittotheportswhereit’sneeded,andalloftheportswillinherittheconfiguration.Shouldyouneedtochangeaspecificportconfiguration,youcanaddthechangeattheportlevelanditwilloverridetheprofileassignedtothatport,becausethemorespecificconfigurationshaveprecedenceoverthemoregeneralprofiles.Portprofilescanbeassignedtobothphysicalports(vmnics)andthevirtualinterfaceports(vnics)forvirtualmachines.Moreover,eventhoughit’stechnicallypossibletoconfigureindividualinterfacesmanually,Ciscostronglyrecommendsusingportprofilesinstead.They’recreatedfromtheNX-OScommandline:

n1000v#configt

n1000v(config)#port-profilewebservers

n1000v(config-port-prof)#switchportmodeaccess

n1000v(config-port-prof)#switchportaccessvlan300

n1000v(config-port-prof)#noshutdown

n1000v(config-port-prof)#VMwareport-groupWWWservers

n1000v(config-port-prof)#stateenabled

Thisoutputrevealsthatwe’vejustcreatedaNexus1000Vportprofilecalledwebservers.Let’sreviewsomeofitscharacteristics.webserversisconfiguredasanaccessportprofileassignedtoVLAN300.Alternatively,itcould’vebeenconfiguredfortrunkingmultipleVLANs.Thenoshutdowncommandselectsthedefaultsettingofaninterfacewhenavirtualmachineconnects.ThenexttwostatementsrelatetotheconnectionbetweentheNexus1000VandthevCenterserver.ThefirstonedefinesthenameoftheportgroupthatwillbecreatedinvCenter,andthesecondonedirectsthatthisportprofileshouldbesentthere.

InstallingNexus1000VWhenCiscofirstreleasedtheNexus1000V,installationwasanepicnightmaredreadedbymany.Thegoodnewsisthatithasbecomesomucheasiertodosincethen!Nowwehavesimplewizardsthatmaketheinstallationrelativelypainless.Still,thereareacoupleofdifferentwaystogoabouttheinstallationbasedonyourexperiencelevel.Forthisexample,we’regoingtousetheGUIbecauseit’sreallythefastestwaytogetaNexus1000Vupandrunning.

Alittledisclaimerhere—thisbookisn’tareplacementfortheCiscoNexus1000Vinstallationmanual,butitshouldclearthewaytogetyoustarted.InstallingtheNexus1000Vcanalsobeviewedasdoingamigration,anditshouldbeplannedaccordingly.

InstallationPreparationThoughnoonewouldrecommendsayingthismorethanonce,it’strue:priorproperplanningpreventspoorperformance!Clearly,youstillneedsoftwareandaVMwareserveronwhichtoinstallit,butthereareafewthingstosortoutfirst.First,thebasicsneededfordeployingaNexus1000VareaVSM,aVEM,andalicensekey.

Next,it’sgoodtoselectanamingconventionforyourswitches.Remember,you’llhavetwoVSMs,socomingupwithanamingstandardthatreflectsthisisagoodidea.AndchooseamanagementIPaddressandsubnetmaskthat’saccessiblefromtheadministrator’ssubnetwhileyou’reatit.

accessiblefromtheadministrator’ssubnetwhileyou’reatit.

Oncethat’sdone,createaseparateVLANformanagement,packet,andcontroltraffic.Don’tforgetthatyoualsoneedalloftheconnectioninformationforlinkingthe1000VtothevCenterserverincludingcredentials,IPaddress,andlocationtoinstallthe1000V.Also,ifyou’regoingtohavemorethanone1000V,youshouldselectaDomain-ID,whichhastobeuniqueifthereareotherNexus1000Vinstancesinstalledintheenvironment.

Nexus1000VSoftwareYougetthissoftwarefromCisco’swebsite,andyoumusthaveavalidCCOID.Thesoftwareusedtobeofferedfora60-dayfreetrial,butnowCiscohasalightversionthat’sfreeforever.Ifyoudon’talreadyhaveoneofthese,it’ssimpletocreateone.JustnavigatetotheNexus1000VsoftwareontheCiscowebsite,downloadit,gotothefolderwhereit’sbeensaved,andunzipthefile.

We’llbeusingatypeoffilecalledOVF,whichstandsforOpenVirtualizationFormat.TheOVFtemplatedefinesthebasiccharacteristicsofthevirtualmachine,anditscontentsandOVFfilesarecompatiblewithVMware,ESXihosts,andVMwaredesktopproducts.Othervendorsalsosupportthisformat,butthe1000VisreallydesignedforinstallationonanESXiserver.

DeployingtheOVFTemplateAnOVFtemplatecandeployedfromwithinvCenter.UndertheFilemenu,selectDeployOVFTemplate,asshowninFigure5.11.

FIGURE5.11DeployOVFTemplate

Next,selectthesourcelocationfortheOVFfile,whichshouldbeplacedwhereveryouunzipthearchive,asshowninFigure5.12.Onceyoulocatethefile,clickNexttocontinue.

FIGURE5.12Selectthesourcelocation

Figure5.13containsdetailsaboutthetemplate,andit’sreallyjustthereforinformationalpurposes.ClickNexttocontinuetheinstallationprocess,whichwillcausetheEULAscreentoappear.AccepttheagreementandclickNext.

FIGURE5.13VerifyOVFtemplatedetails

Inthenextthreesteps,NameandLocation,DeploymentConfiguration,andDatastore,maketheappropriateselectionsforyourenvironment.ChooseanamefortheVSMthatindicatesthatit’sthefirstoftwoVSMs.

ThePropertieswindowiswhereyouenterthemostcriticalsettings:thepassword,managementIPaddress,andotherimportantsettings,asshowninFigure5.14.Aftercompletingthisform,clickNextandthenFinishinordertobegintheinstallation.

Oncetheinstallationiscomplete,yourNexus1000Visaccessible.Whileit’struethatyoucan’tdoawholelotwithityet,itisrunning!

FIGURE5.141000Vproperties

InitialConfigurationTobeginconfiguration,openawebbrowser,pointtotheIPaddressoftheVSMthatyou’vejustcreated,andclicktheLaunchInstallerApplicationlink.Thisinstallerwilltakeyouthroughthefollowingsteps:

1. EnterVSMcredentials

2. EntervCentercredentials

3. SelecttheVSM’shost

4. SelecttheVSMVMandportgroups

5. ProvideVSMconfigoptions

6. Summaryreview

7. DVSmigrationoptions

8. Summary:migrateDVS

We’renotgoingtocovereachstepcomprehensively,becauseit’sbeyondthescopeofthisbookandyoucanrefertoCisco’sinstallationguideforthatinformation.However,wedoneedtocoverstep2,whichisshowninFigure5.15.ThevCentercredentialsstepiswherethelinkbetweentheNexus1000VandvCenterisestablished,andit’sherethatwe’llcreatetheSVSconnectionthatwetalkedaboutearlierinthischapter.

FIGURE5.15vCentercredentialsentryscreen

It’simportantnottotrytocontinueiftheprocessfailshere,becausedoingsocouldresultinhavingtoreinstalltheNexus1000V!Butifthingsproceedwithoutaglitch,onceyou’vecompletedalleightwizardsteps,youshouldhaveafunctioningVSM.TheinstallationoftheVEMscanbeautomatedusingtheVMwareupdatemanagerorbymanuallyinstallingthem.

VerifyInstallationYoumustexecuteseveralcommandsintheproperordertoverifythattheNexus

1000Visupandrunning.Thefirstoftheseistheshowmodulescommand.ThistoolwillrevealallofthemodulesthatareinstalledonyourNexus1000VineachVMwareserver.ThereshouldbeoneVirtualEthernetModule(VEM)foreachVMwareserver,andthefollowingoutputprovidesagreatexampleofthis:

n1000v#showmodules

ModPortsModule-TypeModel

Status

-------------------------------------------------------------

----1

0VirtualSupervisorModuleNexus1000Vha-

standby

20VirtualSupervisorModuleNexus1000V

active*

3248VirtualEthernetModuleNAok

Onceyou’veverifiedthatallofyourcomponentsareinstalled,youneedtoverifythecommunicationbetweenNexus1000VandtheVMwarevCenterserver.Todothat,justexecutethecommandshowsvsconnections,andchecktoseeiftheoperationalstatusdisplaysConnected.

n1000v(config)#showsvsconnections

connectionVC:

hostname:12.8.1.1

protocol:vmware-vimhttps

certificate:default

datacentername:MyDC

DVSuuid:6dfd375037450564-b9a4904e66

eb8cf5

configstatus:Enabled

operationalstatus:Connected

n1000v(config-svs-conn#)

TheshowsvsdomaincommandletsyouverifythatchangesmadetotheVSMarebeingpusheduptotheVMwarevCenterserver,andthefollowingoutputrevealsthatthepushtovCenterwassuccessful:

n1000v(config)#showsvsdomain

SVSdomainconfig:

Domainid:100

Controlvlan:190

Packetvlan:191

L2/L3Aipcmode:L2

L2/L3Aipcinterface:mgmt0

Status:ConfigpushtoVCsuccessful.

Okay.Sofarwe’veverifiedourcomponents,aswellasthefactthattheVSMissuccessfullycommunicatingwithvCenter.ThefinalstepistoverifytheVEMstatus.EachVMwareserverisidentifiedbyaUniversallyUniqueIdentifier(UUID)andthecommandshowmodulevemmappingwillrevealthespecificmodulenumbersthatcorrespondtoeachUUID.Inthefollowingoutputyoucanseethatmodule4ismissing,soeitherthemachineisn’tpoweredonortheVEMisn’tcommunicatingwiththeVSM:

n1000v(config)#showmodulevemmapping

ModStatusUUIDLicenseStatus

-----------------------------------------------------------

3powered-up93312881-11db-afa1-0015170f51a8licensed

4absent33393935-5553-4538-35314e355400unlicensed

n1000v(config)#

InadditiontothecommandsavailableontheNexus1000V,therearealsothreecommandsforverifyingtheVEMstatusundertheVMwareEXSservercommandline:vemstatus,vemcmdshowport,andmodulevemXvemcmdshowcardinfo.Thesetoolsprovidesomegreatinformation,asyoucanseeinthefollowingoutput.

ThevemstatuscommandverifiesthattheVEMmoduleisloadingandrunning:

~#vemstatus

VEMmodulesareloaded

SwitchNameNumPortsUsedPortsConfiguredPortsMTU

Uplinks

vSwitch0643641500

vmnic0

DVSNameNumPortsUsedPortsConfiguredPortsUplinks

n1000v2569256vmnic1

VEMAgentisrunning

ThevemcmdshowportcommanddisplaystheVEMportonthehostandonthe1000V,includinginformationregardingtheport’sstatus:

~#vemcmdshowport

LTLVSMPortAdminLinkStatePC-LTLSGIDVemPort

18Eth3/2UPUPF/B*0vmnic1

Thecommandmodulevem3vemcmdshowcardinfodisplaysthecardname,carddomainID,cardslot,VLANinformation,andMACaddresses:

~#modulevem3vemcmdshowcardinfo

CardUUIDtype0:4908a717-7d86-d28b-7d69-001a64635d18

Cardname:sfish-srvr-7

Switchname:N1000v

Switchuuid:5084065081364c22-9b4ec53e1f67e5ff

Carddomain:11

Cardslot:12

ControlVLANMAC:00:02:3d:10:0b:0c

InbandMAC:00:02:3d:20:0b:0c

SPANMAC:00:02:3d:30:0b:0c

USERDPAMAC:00:02:3d:40:0b:0c

ManagementIPaddress:172.28.30.56

Maxphysicalports:16

Maxvirtualports:32

CardcontrolVLAN:3002

CardpacketVLAN:3003

There’sonelastplacetoverifytheinstallation,thatis,viatheGUIofvCenter.TheNexus1000VshouldshowupundertheHome➢Inventory➢Networkingsection.Thesummaryinformationwilldisplaythenumberofhostsandvirtualmachinesassociatedwiththe1000V,asshowninFigure5.16.

FIGURE5.16vCenterNetworkingSummaryscreen

OurNexus1000Visnowoperational,andtheinstallationhasbeencompletedsuccessfully.It’sfullyfunctionalandreadytogo!

SummaryIfyou’refindingthe1000VtobethemostchallengingthingtolearnforyourCCNADataCentercertification,noworries—itisthiswayforalotofpeople.Themerefactthatyou’reconnectingaswitchthatdoesn’tphysicallyexisttovirtualmachinesthatdon’treallyexist,viavirtualnetworkcardsthatdon’texisteithercertainlydoesmakethisaconceptualreach!Somecheerynewsisthatthistopicdoesn’tencompassabigportionoftheCCNAobjectives,soyoucanrelax—atleastalittle.

JustmakesurethatyouunderstandtheadvantagesoftheNexus1000Vversusthealternative:standardanddistributedswitches.Alsobecomefluentintheterminologywithagoodgraspofportgroupsandportprofiles.

ExamEssentialsDescribethenetworksusedforcommunicatingwiththeVSM.Thethreenetworksarepacket,control,andmanagement.Thecontrolnetworkcarriesconfigurationinformationandheartbeatkeepalives.ThepacketnetworkcarriesnetworktrafficlikeCDP,netflow,SNMP,multicastsnooping,andotherpacketsthattheVEMsendstotheVSMtobeanalyzed.ThecontrolnetworkisusedasaconnectiontoaredundantVSMandtheVEMsonthehostservers.ThemanagementnetworkisusedforloggingintotheVSMforadministrationandforcommunicationtotheVCenterserver.TheVEMmodulescanbedisplayedwiththeshowmodulescommand.

KnowtheconfigurationfortheVSMtoconnecttoVMwarevCenter.TheSVSconnectiondefinesthelinktovCenter,andthestateenabledcommandontheportprofilepushesittotheserver.Theconnectioncanbeverifiedwiththeshowsvsconnectionscommand.ThemanagementinterfaceoftheVSMisusedtocommunicatewiththevCenterserver.

UnderstandtherequirementstodeployaNexus1000V.ThefundamentalitemsneededtodeployaNexus1000VareaVSM,aVEM,andalicensekey.TheNexus1000VrequirestheEnterprisePluseditionofvSphere4.0orhigher.

DescribetheadvantagesoftheNexus1000V.TheadvantagesovertheVMwareDVSareaccesscontrollists,portsecurity,SPAN,ERSPAN,andsupportforadvanceddatacenterfeaturesincludingnetworkvisibilitytothevirtualmachineNIC,networkmonitoringandmanagementinsidethecomputerhostingthevirtualmachines,andQoSmarking.Italsoprovidesafamiliarcommand-lineinterfaceandfeaturesetthatexternallyconnectedNexusLayer2switchesofferintheNX-OSoperatingsystem.

WrittenLab51. virtualswitchesneedtobeconfiguredseparatelyoneachVMwareserver.

2. WhatcommandcanbeusedtoverifytheconnectivitybetweentheVMwareserverandtheNexus1000V?

3. OntheNexus1000,whichcommandwillshowtheconnectedVEMs?

4. TheactsasthebrainofaNexus1000Vswitch.

5. Whencreatingaportprofile,whichcommandensuresthattheportprofileinformationwillbesenttothevCenterserver?

6. OntheNexus1000V,keepalivemessagesaresentoverwhichnetwork?

7. True/False:The1000VcansupportERSPAN.

8. Whatmodulefunctionsasaremotelinecard?

9. WhathappensifavirtualmachineisvMotionedtoaserverthatdoesnothavetheneededVLAN?

10. Howdoesavirtualmachineconnecttoavirtualswitch?

ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter'smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook'sIntroduction.YoucanfindtheanswersinAppendixB.

1. WhichcommandonaNexus1000VVSMpushesaportprofilecalledFunDatatotheVMwarevCenterserver?

A. N1K(config)#port-profileFunData

N1K(config-port-prof)#pushenabled

B. N1K(config)#port-profileFunDataN1K(config-port-prof)#pushupdate

C. N1K(config)#port-profileFunDataN1K(config-port-prof)#updateenabled

D. N1K(config)#port-profileFunDataN1K(config-port-prof)#stateenabled

2. KeepalivemessagesbetweentheVSMandVEMareprovidedbywhichinterface?

A. Packet

B. Control

C. Management

D. Heartbeat

3. WhatcommandontheNexus1000VVirtualSupervisorModuledisplaystheconnectedVEMs?

A. N1K#showstatus

B. N1K#showvem

C. N1K#showmodules

D. N1K#showinterface

4. WhatcommandvalidatestheconnectionbetweentheNexus1000VVSMandVMwarevCenter?

A. N1K#showsvsstatus

B. N1K#showsvsconnections

C. N1K#showvcenterstatus

D. N1K#showvcenterconnections

5. WhatisrequiredtodeployaNexus1000V?(Choosethree.)

A. VSM

B. VEM

C. VRF

D. VDC

E. Licensekey

6. WhatdoesthecontrolinterfaceprovideontheNexus1000V?

A. ACLI

B. High-speedthroughput

C. SVIcommunication

D. Heartbeatmessages

7. WhatdoesthestateenabledcommanddoontheVirtualSupervisorModulesonaNexus1000V?

A. Enablesaninterface

B. EnablesVRF

C. PushestheportprofiletovCenter

D. EnablesVLAN

8. WhatdoestheshowmodulescommanddoontheVirtualSupervisorModulesonaNexus1000V?

A. ShowstheconnectedVEMs

B. Showsloadedprocesses

C. Showsloadedservices

D. Showsenabledfeatures

9. WhatdoesthecommandshowsvsconnectionsaccomplishonaNexus1000VVSM?

A. Verifiestheswitchedvirtualservice’sIPaddress

B. EstablishesaconnectiontovCenter

C. EstablishesaconnectiontotheVSM

D. VerifiestheconnectionbetweentheVSMandvCenter

10. WhichfeaturesdoestheNexus1000VhavethattheVMwareDVSdoesnot?(Choosethree.)

A. Portsecurityandaccesscontrollists

B. PrivateVLANs

C. Statisticsmigration

D. SPANandERSPAN

E. QoSmarking

11. Whatisanexampleofavirtualswitch?

A. Hyper-V

B. Catalyst

C. VMware

D. Nexus1000V

E. Alloftheabove

12. Choosetwoexamplesofswitcheswithacentralizedcontrolplane.

A. Standardvirtualswitch

B. VCenter

C. Distributedvirtualswitch

D. VMware

E. Nexus1000V

13. Thestandardvirtualswitchhaswhichofthefollowingfeatures?(Choosethree.)

A. VSpheremanagementinterface

B. Portgroups

C. Portsecurity

D. Distributedarchitecture

E. Portchannels

14. TheVMWaredistributedvirtualswitchincludeswhichofthefollowing?(Choosethree.)

A. Hyper-Vintegration

B. Applicationprograminterfaces

C. Centralizedmanagementserver

D. ERSPAN

E. SinglelogicalswitchfortheentireVMWareenvironment

15. TheNexus1000Vcontainswhichofthefollowingfeatures?(Choosethree.)

A. Routing

B. CiscoDiscoveryProtocol

C. NX-OScommandline

D. Loadbalancing

E. Distributedlinecards

16. TheVirtualEthernetModuleperformswhichfunctions?(Choosethree.)

A. Distributedcontrol

B. Interfacestovirtualservers

C. ForwardingserversEthernetframes

D. ForwardingserverframestotheVSM

E. ConnectingtothephysicalEthernetports

17. AnOVFtemplateforthe1000Viswhichofthefollowing?(Choosethree.)

A. ApreconfiguredversionoftheNexus1000V

B. Standardinstallationimage

C. OpenVirtualizationFormat

D. Optimizedvirtualforwarding

E. Partofthe1000Vinstallationpackage

18. VirtualEthernetmodulescanbeaddedbywhichprocess?(Choosetwo.)

A. Manualinstallation

B. ReinstallingVSM

C. VMwareupdatemanager

D. InstallingESXi

E. InitiatingtheHyper-Vprocess

19. Howdoesthe1000VdistributedvirtualswitchallowmigrationfromVMware’ssoftwareswitch?

A. Duringtheinitialinstallationofthe1000V

B. AwizardinVCenter

C. ByNX-OSscripting

D. VMwaredistributedswitchcommand-lineconfigurations

E. Alloftheabove

20. Whenrunningredundant1000VVirtualSupervisorModules,inwhattwostatescantheyexist?

A. Active

B. Forwarding

C. ha-standby

D. Passive

E. Alloftheabove

Chapter6UnifiedFabric

THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:

2.0DataCenterUnifiedFabric

2.1DescribeFCoE

2.2DescribeFCoEmultihop

2.5Performinitialsetup

THEFOLLOWINGTOPICSARECOVEREDINTHISCHAPTER:

DescribingDCB

UnifiedFabricbenefits

IEEEstandardsthatenableFCoE

Priorityflowcontrol

Enhancedtransmissionselection

DCBexchange

IdentifyingconnectivityoptionsforFCoEontheCiscoNexus5000seriesswitch

SFPmodules

CablingrequirementsanddistancelimitationsforcommonSFPandSFP+transceivers

ConnectingtheCiscoUCSP81EvirtualinterfacecardtoCiscoNexus5500UPUnifiedFabricswitches

ConnectingtheCiscoNexus5500UPUnifiedFabricswitchtonorthboundLANandSANfabrics

DescribingenhancedFCoEscalabilitywithCiscoNexus223210GEfabric

extenders

ScalingthedatacentervirtualizedAccesslayerwiththeCiscoNexus223210GEfabricextenders

CiscoNexus223210GEfabricextender-to-CiscoNexus5500switchconnectivity

AdapterFEXontheCiscoNexus223210GEfabricextender

VerifyingadapterFEXontheCiscoNexus223210GEfabricextender

ThisnextsectionisaboutUnifiedFabric.FibreChannelandEthernettechnologieshavebeenseparatedsincetheirinvention.Maintainingtwonetworks,andtypicallytwodifferentsetsofadministrators,hasnotbeenveryefficient.Toachievethiscombinednetwork,anewareaofnetworkingisemergingcalledDataCenterEthernet,whichaddressestheuniquerequirementsofnetworkinginsideamoderndatacenter.ToaccommodateFibreChannelontheEthernetbackbone,astorageprotocolcalledFibreChanneloverEthernetwasdeveloped,andtheswitchingplatformsweredevelopedspecificallyforthenewcombinednetwork.Wewillexaminetheideaofcombiningthesetwoverydifferenttypesofnetworkingintooneinthischapter.

MostnetworkengineersareintimatelyfamiliarwithEthernet.Weareusedtocollisions,packetdrops,andretransmissions.Ethernetnetworkinghasalwaysbeenabest-effortscenario.ThefundamentalnatureofEthernetisthatitislossy.

FibreChannelhasaverydifferentlineage.SCSIwasoriginallyusedtotalktoaharddriveoverashortcable.Thatmeantthattherewasnolostdataandnoretransmission.FibreChannelwasbuiltonthesameprinciple,whichmeansthatFibreChannelislossless.

FibreChannelandEthernetnetworkshavebeenimplementedastwoseparatenetworks,asshowninFigure6.1.Theswitches,cabling,andadministrationwereisolated.

FIGURE6.1Traditionalseparatenetworks

Builttoleveragefiber-optictechnology,FibreChannelwasfasterthanEthernetuntilrecently.Therefore,theideaofrunningthetwonetworksasasinglecombinedsystemwasnotpractical.EthernetwasnotfastenoughandcouldnotmeetFibreChannel’slosslessrequirements.Thecreationof10GigabitEthernetprovidedenoughbandwidthforFibreChannel’sstoragetrafficrequirements,buttherewerestillmoreproblemstosolve.

UnifiedFabricTheideaofUnifiedFabriciscrazysimple:Taketwoseparatenetworkingtechnologiesandturnthemintoone.TheconceptistoallowEthernettrafficandFibreChanneltraffictoflowoverasinglenetworkconnection,asshowninFigure6.2.ThesystemusedtodothisisknownasFibreChanneloverEthernet(FCoE).

FIGURE6.2Unifiednetwork

Thissystembringsustwobigbenefits:lesscablingandSANandLANonasingletransport.Anotheradvantageisthereductionofthenumberofserveradaptersinstalledforconnectivity.Hostbusadapters(HBAs)andnetworkinterfacecards(NICs)canbeconsolidatedintoasingleadapterknownasaconvergednetworkadapter(CNA).TheserverdriversorsoftwareontheCNAtakethestoragerequestattheinitiatorforbothreadandwriterequestsandstuffitinsideanEthernetpacket.WhatwewindupwithisSCSIinsideFibreChannelinsideEthernet.ConvergednetworkadaptersaremadebycompaniessuchasEmulex,QLogic,Brocade,andCisco.Onthestoragecontroller,targetendmanufacturerssuchasEMCandNetworkApplianceoffernativeFCoEadapterstoconnecttotheconvergednetwork.

FCoEcanalsotakeadvantageofsomeEthernetmultipathprotocolslikeVPC,TRILL,DataCenterBridging,andFabricPath.Thisconsolidatednetworkreducesthecapitalandoperatingcoststoprovideasubstantiallylowertotalcostofownership.Thisculminatesinacentralizedarchitecturethatiseasiertomanage.

InFigure6.2,youseeasinglecablerunningbetweentheserverandtheswitch.ThiscableiscarryingbothregularEthernettrafficandFibreChanneltraffic.Afterithitstheswitch,thetrafficcanbebrokenoutintonativeFibreChannelandEthernet.Thisisknownassingle-hopFCoE,sincethetrafficisunifiedforonlyasinglesegment.Single-hopFCoEiseasytoconfigure,anditmeetstheimportantobjectiveofreducingrackcablingtotheservers.

MultihopFCoEcarriestheunifiedtrafficovermorethanonesegment,asshowninFigure6.3.NewerstorageareanetworkscansupportFCoEonthestoragearraysthemselves.ThismeansthatitispossibletohavetheFibreChanneltrafficgoovertheentirenetworkusingjustEthernetasthephysicalmedium.

FIGURE6.3MultihopFCoEnetwork

Ethernetspeedscontinuetoincreasefrom10to40to100Gb/sandbeyond.SomepeoplebelievethatphysicalFibreChannelmayfadeawayandeverything

willbecome100percentFCoE.

Thereisamorerecentpushfor25GbpsEthernetsupportedby

companiessuchasMicrosoft,Google,Arista,andBroadcom.Ciscohasfocusedon40Gbpsasthenextstepafter10Gbps,butyoumightwanttokeepaneyeonthistopic.

FCoESowhatisFibreChanneloverEthernet?Well,uh...itissendingFibreChanneltrafficoveranEthernetnetwork.Seriously,therealquestioniswhyisthisabigdeal?Wehavebeensendingtrafficofonetypeoveranetworkofanothertypeforyears.Themostcommonprocessfordoingsoisencapsulation.ApacketofprotocolXisencapsulatedinsideapacketofprotocolY,transportedacrossY’snetwork,and,atthedestination,itisdecapsulatedandtheprotocolXpacketisreleased,asshowninFigure6.4.

FIGURE6.4Protocolencapsulation

Fundamentally,thisseemssimple,butthechallengeliesinthedissimilaritiesbetweenEthernetandFibreChannel.Figure6.5showsaFCoEframewiththeFCframeencapsulatedinsideanEthernetnameframeasexpected.

FIGURE6.5FCoEframe

TheproblemliesinthefactthatthenatureofEthernetislossy(framescanbedropped)andFibreChannelislossless(framescannotbedropped).EthernetflowcontroltraditionallyusesCSMA/CD(carriersensemultipleaccesswithcollisiondetection),inwhichdatacanbetransmittedanytimethesegmentisavailable,asshowninFigure6.6.Intheeventthatapacketislost,anupperlayercanretransmitit.

FIGURE6.6Ethernetflowcontrol

SCSIwasdesignedtorunoveran18-inchcabledirectlytotheharddisks,sotherewasnoallowancemadeforpacketsbeinglostortheabilitytoretransmitthelostinformation.FibreChannelwasdevelopedtosupportthistypeoflosslesstransport.FibreChannelcannottransmituntilthedestinationindicatesthatithasbufferspaceavailableandthatitisreadytoreceiveaframe,asshowninFigure6.7.

FIGURE6.7FibreChannelflowcontrol

InordertoachieveFibreChannel’slosslessrequirementsandreliablytransmitFCframesoverEthernet,newprotocolsneededtobedeveloped.Ethernet’straditionalmethodofmanagingcongestionbyallowingpacketsdropscannotworkoverFibreChannel.AnotherissueisthatFibreChannelframesareupto2112bytes,whichislargerthanthe1500-bytemaximumimposedbyEthernet.Ethernetmustbeconfiguredforjumboframesthatallowaframesizeofupto9000bytesofpayload.FibreChannelrequiresarapidrateoftransmission;thereforethespeedoftheEthernetsegmentmustbeatleast10Gbps.Tobeabletocreatealosslessfabric,moderndatacenterswitchesareneededendtoend.ProductssuchastheNexus2000,5000,and7000,whichhavelargeper-portbufferingcapability,advanceddatacenterfeaturesets,andsupportforjumboframes,meetthisrequirement.

ToconfigureFCoEonaNexusswitch,thefeaturemustbeenabledandthentheFCoEprotocolassignedattheinterface:

N5k-1(config)featurefcoe

FClicensecheckedoutsuccessfully

2014Sep1514:56:40N5k-1%LICMGR-2-LOG_LIC_NO_LIC:Nolicense(s)

presentforfeatureFC_FEATURES_PKG.Application(s)shutdownin

119days.

fc_pluginextractedsuccessfully

FCpluginloadedsuccessfully

FCoEmanagerenabledsuccessfully

N5k-1#configureterminal

N5k-1(config)#interfaceethernet101124

N5k-1(config-if)#fcoemodeon

DataCenterBridgingAnumberofIEEEprotocolsenableFCoEbyprovidingenhancementstoclassicalEthernetsupportofalosslessQoSforFibreChanneltraffic.SomeoftheprotocolsarelistedinTable6.1.

TABLE6.1IEEEprotocolsthatenableFCoE

Abbreviation Name IDPFC Priority-basedFlowControl 802.1QbbETS EnhancedTransmissionSelection 802.1QazQCN QuantizedCongestionNotification 802.1QauDCBX DataCenterBridgingExchange 802.1Qab

AlloftheseprotocolsareamendmentstoIEEE802.1Q.

DatacenterbridgingaddsextensionstoEthernettoallowittotransmitpriorityandlosslessframesreliably.

Priority-BasedFlowControlCreatedin2011,Priority-basedFlowControl,orIEEE802.1Qbb,enablesflowcontrolforeachtrafficclassonfull-duplexEthernetlinks,withaVLANtagidentifyingeachclassandpriorityvalue.

InaPFC-enabledinterface,aframeofalossless(orno-drop)priorityisnotavailablefortransmissionifthatpriorityispausedonthatport.Similartothebuffer-to-buffercreditsmechanismofFibreChannel,PFCisdefinedonapairoffull-duplexinterfacesconnectedbyonepoint-to-pointlink.

Priority-basedFlowControlisanenhancementtothecurrentpausemechanismusedbytraditionalEthernet.Traditionalpausemeanstotransmitallornothing;thatis,youcanstopalltrafficorallowitalltoflow.Priority-basedFlowControlmakeseightseparatequeuesfortraffic,andindividualqueuescanbepaused.Allthreebitsofthe802.1pClassofService(CoS)fieldareusedtomaptrafficintoPFC.EightvirtuallanesassignedbythethreebitsintheCoSfieldsarefoundinthe802.1Qheader.Thesenderusestransmitqueuestobufferoutgoingtrafficin

eachoftheeightqueuesandthereceiverhaseightmatchingreceivebuffers.

Theprocessofdefiningtrafficandassigningitintoindividualclassesofservicevalues,andthendefininghowitwillactduringcongestion,canbequitecomplexandisbeyondthescopeoftheCCNADataCenterexam.Whenthelinkiscongested,CoSisassignedto“nodrop,”whichinadatacenterwillusuallybeFCoE,video,orvoice,andthesewillbepaused.AdditionaltrafficassignedtotheotherCoSvalueswillcontinuetotransmitandrelyonupper-layerprotocolsforretransmissionshouldtheirframesbedroppedonthefloor.

Howdoesthiswork?Whenthereceivingswitchstartstorunoutofbuffer,itsendsoutapausemessagefortraffictaggedwiththeFCoEpriority.ThisensuresthatnoFCoEtrafficwillbelost,asshowninFigure6.8.Whenbufferspaceisavailable,theswitchwillindicatethatitcanreceivetrafficagain.

FIGURE6.8Per-priorityflowcontrol

PFCdoesvarysomewhatfromthetraditionalFibreChannelflowcontrol,becausetheremaybepacketsonthewirewhenPAUSEissent.Toavoidissues,PFCwillsendapausejustbeforeallofthebuffersarefull.

ToenablePFConaninterface,usethefollowingcommands:

N5k-1#configureterminal

N5k-1(config)#interfaceethernet1/2

N5k-1(config-if)#priority-flow-controlmodeon

EnhancedTransmissionSelection(ETS),alsocreatedin2011,orIEEE802.1Qaz,controlshowbandwidthisallocatedtothedifferentclassesofserviceinordertopreventasingleclassoftrafficfrommonopolizingallofthebandwidthonthislinkandstarvingothertrafficflows.Whenaclassoftrafficisnotutilizingallofthebandwidthassignedtoit,thebandwidthisavailabletoothertrafficflows.EnhancedTransmissionSelectionaddsincreasedabilityforbandwidthmanagementandpriorityselection.ETSallowsforprioritizationbasedonbesteffort,lowlatency,andbandwidthallocation.ThisallowsETStomanagetrafficassignedtothesamePFCqueuedifferently,anditissometimes

calledprioritygrouping.

InanETS-enabledconnection,whenatrafficclassisnotusingitsallocatedbandwidth,ETSwillallowothertrafficclassestousetheavailablebandwidth.ETSswitchesmustallowatleastthreetrafficclasses:onewithPFC,onewithoutPFC,andonewithstrictpriority.

ETSandPFCaretwoofthemajorprotocolsthatenableFCoE,butotherthingsneedtobeconfiguredfortwoswitchestocommunicate,includingcongestionnotification,logicallink-down,networkinterfacevirtualization,andmore.CiscodoesnotimplementQCN.

TheconfigurationofETSisbeyondthescopeoftheCCNADataCenterexam.Pleaserefertowww.cisco.comforQoSconfigurationguidesontheNexusproductline.

PFCandETSbothusetheClassofService(CoS)bitsinordertoclassifyamongtraffictypes.ThereareeightCoSvaluesintheIEEE802.1QstandardtrunkingheaderforEthernetframes.TheNexus5000seriesswitchesallowyoutoconfiguresixclassesmanually.Uptofourofthesixareuser-configurableclasses,whichcanbedesignatedasno-dropclassesofservice,sowhenportcongestionoccurs,trafficbelongingtoeachofthefourno-dropclasseswillpausetoprohibitanypacketdropping.

TheNexusseriesfollowstheconventionthattheCoSvalue3isusedforFCoEtraffic.WhenFCoEisenabledonNexus5000switches,CoS3isautomaticallyconfiguredforno-dropservice(PFCsetting)and50percentofthebandwidthavailableonthelinkisguaranteedforFCoEtrafficincaseofcongestion(ETSsetting).ItisbestpracticetoleavethedefaultCoSvalueof3forFCoEtrafficduetotheagreementbetweenvendorstosupportthisasano-dropclass.

DataCenterBridgingExchangeTheDataCenterBridgingExchange(DCBX)protocolallowsswitchestodiscovereachotherandthenexchangecapabilityinformation.Thisallowsautomaticnegotiationofparametersandconfigurationoftheswitchports.AlthoughitisimportanttoknowthatPFCensureslosslesscommunicationandETSallowsbandwidthmanagement,theconfigurationinformationexchangebetweenswitchesfortheseadministrativelyconfiguredparametersandoperationalstateinformationishandledbyDCBX.

DCBXusesLLDP802.1AB-2005anddefinesnewtype-length-values(TLVs)forcapabilityexchangesettings.Fundamentally,DCBXisresponsibleforthree

things.Thefirstisthediscoveryofthecapabilitiesofthepeerswitchthatisdirectlyconnectedoverapoint-to-pointlink.Secondistheabilitytodetectifthepeerismisconfigured.Andfinally,itisresponsibleforpeer-to-peerconfirmationbasedonnegotiatedparameterstodetermineiftheconfigurationisthesame(symmetric)ordifferent(asymmetric).

NexusswitchesareabletousetwodifferentversionsofDCBX.ConvergedEnhancedEthernetDCBX(CEE-DCBX)issupportedonallsecond-generationandlaterCNAs.Cisco,Intel,NuovaDCBX(CIN-DCBX)issupportedonthefirstgenerationofconvergednetworkadapters.

FCoEisanewertechnology,andithasnotbeenembracedbyeveryone.However,itisbelievedthatas40Gbpsand100GbpsEthernetbecomemorepopular,FCoEwillgrowinpopularityaswell.

FCoETopologyInthepreviouschapter,youlearnedaboutFibreChanneltopologyandporttypes.FCoEisFibreChannel,soalmostalloftheterminologythatyoulearnedaboutforFibreChannelappliestoFCoE.TheentireFibreChannelframeiscarried,includingalloftheWWPNandWWNNinformation.TheFCoELogicalEndpoint,orFCoE_LEP,isresponsiblefortheencapsulationanddecapsulationoftheFibreChannelframe.

RegularFibreChannelwillhaveanENodeonahostthathasaphysicalEthernetport.TheENodewillcreateatleastonevirtualNport(VNport).TheMACaddressoftheENodemapstotheVNport,whichallowsFCoE_LEPtoencapsulateanddecapsulateproperly.

Figure6.9showsthenewtypeofportsintroducedbyFCoE.TheVEportisusedtoconnectoneFCoEswitchtoanotherFCoEswitch.AswitchthathasbothFCoEandnativeFibreChannelinterfacesinknownasaFibreChannelForwarder.

FIGURE6.9FCoEporttypes

Normally,weuseE-portsbetweentwoFibreChannelswitchesinordertoconnectthem.SinceweareencapsulatingthetrafficintoEthernet,wecreateavirtualinterface,oravirtualE-port,tosendthetraffic.Otherthanthat,FCoEbehavesjustlikenativeFibreChannel.

FCoEInitializationProtocol(FIP)isusedtocreatethevirtuallinksbetweenthedevices.Oncecreated,FIPrunsinthebackgroundandmaintainsthevirtuallink.

FCoEiscurrentlysupportedontheNexus2232PP,Nexus5000,Nexus7000,andMDS9500seriesofdatacenterswitches.

ConnectivityHardwareInthissection,wewilllookatsomeofthedifferentmechanismsavailableforconnectingaconvergednetworkadapter(CNA)toaNexus5000orNexus5500switch.

Thesmallform-factorpluggable(SFP)interfaceconverterisanindustry-standarddevicethatplugsintoaslotorport,linkingtheportwiththenetwork.DifferentSFPscanbeselectedtoprovideamyriadofconnectivityoptions.Numerousoptionsareavailabledependingonthetypeofmediatowhichyou’regoingtoconnectandthedistancethatneedstobetraveled.Table6.2listssomeofthecommonGigabitEthernetSFPchoices.

TABLE6.2GigabitSFPinterfaces

Type Medium Called Distance1000BASE-T Cat5copper Twistedpair 100m1000BASE-SX Multimodefibre Shorthaul 550m/220m1000BASE-LX/LH Single-&multi-modefibre Longhaul 10km/550m1000BASE-EX Single-modefibre Longreach 40km1000BASE-ZX Single-modefibre Longreach 70km

The1000BASE-BX10-Dand1000BASE-BX10-USFPscanoperateoverasinglestrandofsingle-modefiber.OneendoftheconnectiongetsaUSFPandtheotherendgetsaDSFP.Wavedivisionmultiplexingisusedtoallowthisbidirectionalcommunication.Simplyput,thisusestwodifferentcolorsoflight,onecolorgoinginonedirectionandtheothergoingintheoppositedirection.Table6.3listssomeofthe10GbpsEthernetcablingoptions.

TABLE6.3Some10GbpsEthernetcablingoptions

Type Cable DistanceSFP+CCopper Twinax 5mpassive10mactiveSFP+SRShortreach MMOM1MMOM3 30m300m10GBASE-T Cat6Cat6a/7 55m100m

Twinaxhasbecomedominantinsidethedatacenterforshortrunsbecauseitiseasytouseandconsiderablylessexpensivethanfiber-opticcables.TwinaxinterfacesoftenshipwithNexusbundlespurchasedfromCisco.

40Gigabitand100GigabitEthernetareoutsidethescopeoftheCCNA/DCobjectives,butyoushouldbeawarethatCiscoisstartingtopush40Gbpsprettyhard.The40GbpsBiDi(Bidirectional)allowsyoutouseregularOM3fiber,whichisoftenusedwith10Gbps.BiDiusestwocolorsoflighttotransmitandreceiveoverthesamefiber.

ConnectingtheVirtualInterfaceCardtoNexus5500UPTheCiscofabricextendertechnologyprovidesmanyadvantagesbyallowingyoutoplaceportsclosertoserverswithoutaddingextrapointsofmanagement.TheFEXarchitecturesupportsthe802.1Qbhstandard.Wehavetalkedabout2000seriesoffabricextenders,whicharestand-alonelinecardsthataremanagedbyaparentNexus5500orNexus7000switchtocreateavirtualizedmodularchassisswitch.TheCiscoVirtualInterfaceCard(VIC)allowsyoutouseAdapterFEXandVirtualMachineFEX,whichletyouextendthatfabricintotheserveritself(seeFigure6.10).

FIGURE6.10FEXcomparison

TheVICadapterprovideshostinterfacesthatappearaslogicalinterfacesontheparentswitch.Thehostinterfacecanbecreatedaheadoftimeordynamicallybasedondemand.

AsinglephysicaladaptercanpresentmultiplelogicaladaptersasvNICsandvHBAstothehostoperatingsystem.EachofthesecorrespondstoavirtualEthernetinterfaceorvirtualFibreChannelinterfaceontheparentswitch.

AdapterFEXcancreateaninterfaceforeachvirtualmachine,andtheparentswitchcanmanagetheseinterfaces.Thisallowsper-VMcontrolofpolicies,QoS,andsecurity.

VN-TagAsingleconnectionfromtheparentswitchtotheFEXmaycarrytrafficforalargenumberofports.ThisissimilartoVLANtrunkingwhenwecarryanumberofVLANsoverasinglelink.Withtrunking,weaddaVLANtagtotheframeinordertoindicatewhichVLANthetrafficisdestinedfor.VN-TagdoesthesamethingforFEXinterfaces(seeFigure6.11).

FIGURE6.11VN-Tag

WhenaframeleavestheparentswitchandisheadedforaparticularportontheFEX,aVN-Tagisaddedtoindicatetowhichportitisheadedandfromwhichportitiscoming.WhenareplycomesbackfromtheFEX,aVN-Tagisaddedinthatdirection.TheVN-Tagprocessrunsinthebackground,anditisnotconfiguredintheNX-OScommand-lineinterface.

VN-TagsareasimplebutimportantconceptofFEX.Ontheparentswitch,eachphysicalinterfaceontheFEXrepresentsalogicalinterfacecalledVIF,orvirtualinterface.

FEXConfigurationSettingupanFEXiseasy.ConsidertheFEXconnectedtoaNexus5000inFigure6.12.

FIGURE6.12Nexusfabricextension

First,youshouldverifythatNexus5500isrunningNX-OSversion5.1(1)orlater.(AddinganFEXwasnotpossibleinpriorversions.)

N5K-1#showversion

CiscoNexusOperatingSystem(NX-OS)Software

Copyright(c)2002–2012,CiscoSystems,Inc.Allrightsreserved.

Thecopyrightstocertainworkscontainedhereinareownedby

otherthirdpartiesandareusedanddistributedunderlicense.

SomepartsofthissoftwarearecoveredundertheGNUPublic

License.Acopyofthelicenseisavailableat

Software

BIOS:version3.6.0

loader:versionN/A

kickstart:version5.2(1)N1(1b)

system:version5.2(1)N1(1b)

power-seq:Module1:versionv5.0

uC:versionv1.0.0.2

SFPuC:Module1:v1.0.0.0

BIOScompiletime:05/09/2012

kickstartimagefileis:bootflash:///n5000-uk9-

kickstart.5.2.1.N1.1b.bin

kickstartcompiletime:9/17/201211:00:00[09/17/201218:38:53]

systemimagefileis:bootflash:///n5000-uk9.5.2.1.N1.1b.bin

systemcompiletime:9/17/201211:00:00[09/17/201220:38:22]

Hardware

ciscoNexus5596Chassis("O248X10GE/ModularSupervisor")

Intel(R)Xeon(R)CPUwith8263848kBofmemory.

ProcessorBoardIDFOC1652XXXX

Devicename:N5K-1bootflash:2007040kB

Kerneluptimeis2day(s),8hour(s),48minute(s),45second(s)

LastresetReason:UnknownSystemversion:5.2(1)N1(1b)Service:

pluginCorePlugin,EthernetPlugin

Thenfollowthesesteps:

1. EnabletheFEXfeature.

N5K-1(config)#featurefex

N5K-1#showfeature|includefex

N5K-1#fex1enabled

2. CreateanFEXinstance.

ItisuptoyoutochoosetheFEXnumber;100isusedinthe

example.FEXnumberscanrangefrom100to199.

N5k-1(config)#fex100

3. Configuretheinterface(s)ontheNexus5500thatwillbeusedforconnectingtheFEX:

N5K-1(config)#intethernet1/1,ethernet1/21N5k-1(config-

if)#switchportN5k-1(config-if)#switchportmodefex-fabricN5k-

1(config-if)#channel-group100

4. Createtheport-channel,andassociatetheFEXwithit.(It’salwaysnicetokeeptheport-channelandtheFEXnumberthesameifpossible.ItjustmakesiteasiertoknowthatFEX100isonport-channel100,FEX101isonport-channel101,andsoon.Obviously,ifthoseport-channelsarealreadyinuseyouwon’tbeabletodothis.)

N5k-1(config)#interfaceport-channel100N5k-1(config-if)#fex

associate100

N5k-1#showruninterfaceport-channel100

interfaceport-channel100

switchportmodefex-fabric

fexassociate100

N5k-1#showruninterfaceeth1/1

interfaceEthernet1/1

switchportmodefex-fabric

fexassociate100

channel-group100

N5k-1#showruninterfaceeth1/21

interfaceEthernet1/21

switchportmodefex-fabric

fexassociate100

channel-group100

5. ChecktoseeifyourFEXisonline.Itmaytakeaminuteforittoshowup.

N5K-1#showfex

FEXFEXFEXFEX

NumberDescriptionStateModelSerial

————————————————————————————————————

100FEX0100OnlineN2K-C2232PP-10GESSIXXXXXXXX

IftheFEXisrunningadifferentversionofNX-OSthantheNexus5505,itwilldownloadthematchingimagefromtheNexus5505.Thisprocesscantakeafewminutes.Whenyoudoashowfex,itwillshow“ImageDownload”underFEXState.

6. Youcanalsochecktoseeifthesoftwareimagesmatchbydoingashowfexdetail:

YoucancheckthehardwarestatusoftheFEXadapterbydoingashowinventoryfexcommand:

N5k-1#showinventoryfex100

NAME:"FEX100CHASSIS",DESCR:"N2K-C2232PP-10GECHASSIS"

PID:N2K-C2232PP-10GE,VID:V01,SN:SSxxxxxxxxx

NAME:"FEX100Module1",DESCR:"FabricExtenderModule:

32x10GE,8x10GESupervisor"

PID:N2K-C2232PP-10GE,VID:V01,SN:JAxxxxxxxxx

NAME:"FEX100Fan1",DESCR:"FabricExtenderFanmodule"

PID:N2K-C2232-FAN,VID:N/A,SN:N/A

NAME:"FEX100PowerSupply1",DESCR:"FabricExtenderACpower

supply"

PID:N2200-PAC-400W,VID:V02,SN:LITxxxxxxxx

NAME:"FEX100PowerSupply2",DESCR:"FabricExtenderACpower

supply"

PID:N2200-PAC-400W,VID:V02,SN:LITxxxxxxxxj

7. Verifythefex-fabricinterfaces:

N5K-1#showinterfacefex-fabric

FabricFabricFexFEX

FexPortPortStateUplinkModelSerial

————————————————————————————————————

100Eth1/1,1/21Active1N2K-C2232PP-10GESSIXXXXXXXX

8. VerifythediagnosticsoftheFEXadapterbydoingashowdiagnosticresultfex100command:

N5k-1#showdiagnosticresultfex100

FEX-100:FabricExtender32x10GE+8x10GModuleSerialNo:

SSxxxxxxxxx

OverallDiagnosticResultforFEX-100:OK

Testresults:(.=Pass,F=Fail,U=Untested)

TestPlatform:

0)SPROM:———————->.

1)Inbandinterface:———————->.

2)Fan:———————->.

3)PowerSupply:———————->.

4)TemperatureSensor:———————->.

Eth12345678910111213141516

Port————————————————————————-

................

Eth17181920212223242526272829303132

Port————————————————————————-

................

TestFabricPorts:

Fabric12345678

Port————————————-

........

TheFEXshouldnowbeattachedtothe5500andreadytobeconfigured.

Theremotefabricextenderactsasifitwerealocallyattachedlinecardinachassisswitch.Nexus5000,Nexus7000,andNexus9000switchesactasthemothershipandthemanagementprocessorstotheremoteNexus2000serieslinecards.

TheaddressingusedtoconfigureaportisEthernet<FEXID/slot/portindex.Forexample,toconfigureport8onFEX100,allconfigurationswouldusetheEthernet100118formatandbeconfiguredasalocallyattachedinterfaceasifitwereachassis-basedEthernetswitch:

N5K-1#showruninterfaceeth100118

!Command:showrunning-configinterfaceEthernet100118

interfaceEthernet100118

descriptionVMHost_48

switchportmodeaccess

switchportaccessvlan121

spanning-treeporttypeedge

Allshowcommandsworkasiftheyportswerelocallyconnectedto

theNexus5konourexample:N5k-1#showinterfaceeth100113

Ethernet100113isup

Hardware:1000/10000Ethernet,address:d0d0.fdaa.1e0e(bia

d0d0.fdaa.1e0e)

MTU1500bytes,BW1000000Kbit,DLY10usec

reliability255/255,txload1/255,rxload1/255

EncapsulationARPA

Portmodeisaccess

full-duplex,1000Mb/s,mediatypeis1G

Beaconisturnedoff

Inputflow-controlisoff,outputflow-controlison

Ratemodeisdedicated

Switchportmonitorisoff

EtherTypeis0x8100

Lastlinkflapped2week(s)3day(s)

Lastclearingof"showinterface"countersnever

30secondsinputrate0bits/sec,0packets/sec

30secondsoutputrate3400bits/sec,5packets/sec

Load-Interval#2:5minute(300seconds)

inputrate8bps,0pps;outputrate3.24Kbps,5pps

RX

82352unicastpackets20579multicastpackets4395broadcast

packets

107326inputpackets15902148bytes

0jumbopackets0stormsuppressionpackets

0runts0giants0CRC0nobuffer

0inputerror0shortframe0overrun0underrun0ignored

0watchdog0badetypedrop0badprotodrop0ifdowndrop

0inputwithdribble0inputdiscard

0Rxpause

TX

123314unicastpackets6063150multicastpackets2120168

broadcastpackets

8306632outputpackets679515799bytes

0jumbopackets

0outputerrors0collision0deferred0latecollision

0lostcarrier0nocarrier0babble0outputdiscard

0Txpause

2interfaceresets

WhenconnectingaNexus2000fabricextendertoanupstreamswitch,suchasaNexus5500,severalredundancyissuesneedtobeconsidered.Whentheupstreamlinksarenotbundledintoaportchannelforbackup,theFEXinterfacesuseaprocesscalledpinningtoassignNexus2000portsstaticallytotheupstreamlinks.Thisisimplementedautomatically.Thepurposeofpinningisthatincaseofanuplinkfailure,theremaininglinkswillnotbecomeoversubscribedandsaturate.Thelinksthatarepinnedtothefailedinterfacearedownbydefault.Usingthepinningmax-linksconfigurationcommandwilldividetheuplinkinterfacesbetweentheportinterfaces.Forexample,ona32-port2232switchifthecommandpinningmax-links4wasused,theneightportswouldgoovereachofthefouruplinksandthesephysicalportswouldgodownforeachuplinkportfailure.

ThecommandfexpinningredistributeallowsfortheredistributionoftheFEXportsovertheremainingactiveuplinksshouldtherebeanuplinkfailure.Thepinningisassignedinthenumericalorderofthehostports.Theadvantageofusingaportchannel,asshownintheexamples,isthattheportchannelappearsasoneconnectiontotheFEXtotheupstreamNexus5000.Ifoneoftheindividualinterfacesintheportchannelfails,theportchannelwillrebalance,andtotheFEXthereisnoneedtoaffectthepinningassignmentsbecauseitstillseesoneconnection.

SincetheNexus5500serieshasonlyonesupervisormodule,thereisasinglepointoffailureshouldtheNexus5500fail.ItispossibletoconnecttheNexus2000totwoupstreamNexus5500switchestopreventthistypeofsinglepointoffailure.

ThefirstapproachistoconfiguretheNexus2000FEXtouseaportchannelandthencreateavirtualportchannelbetweenthetwoupstreamNexusswitches.ThisfoolstheNexus2000intothinkingitistalkingtoasingleswitchwhenitisactuallytalkingtotwoswitches.VPCconfigurationisbeyondthescopeoftheCCNADataCenterexamandwillnotbecoveredfurtherinthisbook.

Thesecondoptionistocreateanactivestandbyconfigurationbetweenthetwoupstreamswitches.Shouldtheactiveonefail,thestandbyconfigurationtakesover.ThestandbyNexus5500willshowupas“Online”fortheFEXmodulebutdoesnotprogressto“Connected”statusbecauseitisalreadyregisteredwiththeprimaryswitch.Whenthefailureoccurs,thestandbyswitchregisterstheFEXandtakescontrol.Itremainsincontroleveniftheoriginalmastercomesbackonline.

Thisbringsupaninterestingquestion.Howcanthestandbyswitchhaveany

Thisbringsupaninterestingquestion.HowcanthestandbyswitchhaveanyconfigurationforportsontheFEXthatdonotexistsinceitisnotregistered?

N5k-02#(config)interfaceEthernet10011

^

Invalidrangeat'^'marker

Thesolutionistouseaprocesscalledpre-provisioning,whichallowstheconfigurationofportsthatarecurrentlynotpresentinaNexusswitch.Thisprocessmustbeconsistent,andtheremustbeamatchbetweenthetwoparentswitches.

N5K-02#(config)slot100

N5K-02#(config-slot)provisionmodelN2K-C2232P

Nowyoucanconfiguretheportparametersasiftheswitchwas

connected:

N5K-02#(config)interfaceEthernet10011

N5K-02#(config-if)<addportconfigurationsasneeded>

Thereareseveraldrawbackstousingthepre-provisioningapproachofincludingportsonthestandbyswitchthatwillnotbeusedmostofthetime.Also,thefailovertimeisaround45secondsorhigher,whichisatleastthreeeternitiesindatacentertime.ThevirtualPortChannel,orvPC,approachispreferred,becauseitovercomesbothoftheseissues.

SummaryUnifiedFabricisthewaveofthefuturefordatacenternetworking.ThebenefitsofUnifiedFabricarenumerous,includingreducedcabling,reducednumberofrequiredports,andreducedpowerconsumption.

TheonlyreasontorunadditionalcablesinaUnifiedFabricenvironmentistoincreasebandwidth.Maintainingmultiplecableinfrastructuresinvolvestoomuchadditionaladministrationandmaintenance.

SeveralIEEEstandardsareusedtoimplementFCoE.PriorityFlowControlallowsmultipleclassesofservicesonasinglewiretoensurealosslessconnection.EnhancedTransmissionSelectionprovidesamechanismtomanagebandwidth.DataCenterBridgeExchangeallowsautomaticdiscoveryandnegotiationoffeaturesinaUnifiedFabric.

ExamEssentials

DescribeFCoE.

ToaccommodateFibreChannelovertheEthernetbackbone,thestorageprotocolFibreChanneloverEthernet,orFCoE,wasdevelopedalongwiththeswitchingplatformsdesignedspecificallyforthenewcombineddataandstoragenetworking.

FCoEtakestheFibreChannelframethatalreadyencapsulatestheSCSIprotocolandwrapsitinanEthernetheadertoconnectintothestandarddatacenterEthernetnetwork.FCoEconnectstheserverstorageadaptertothetargetstoragearrayoftheEthernetnetwork.

Ethernetnetworkinghasalwaysbeenabest-effortscenario.ThefundamentalnatureofEthernetisthatitislossyandcontainscollisions,packetdrops,andretransmissions.SCSIwasoriginallyusedtotalktoaharddriveoverashortcable.Thatmeantnolostdataandnoretransmission.FibreChannelwasbuiltonthesameprinciple,whichmeansthatFibreChannelislossless.

Thecreationof10GigabitEthernetprovidedenoughbandwidthforFibreChannel’sstoragetrafficrequirementstorunovertraditionalEthernetnetworkswithnewenhancementsfortheguaranteeofbandwidthcalledEnhancedTransmissionSelectionandtheabilitytostopflowsifpacketlossisimminentcalledPriorityFlowControl.

DescribeFCoEmultihop.

MultihopFCoEcarriestheunifiedtrafficovermorethanonesegment.NewerstorageareanetworkscansupportFCoEonthestoragearraysthemselves.ThismeansthatitispossibletohavetheFibreChanneltrafficovertheentirenetworkusingjustEthernetasthephysicalmedium.TheprocessofcrossingmultipleEthernetswitchesfromthestorageinitiatortothetargetisreferredtoasFCoEmultihop.TheNexus5000,Nexus7000,andMDS9500allsupportmultihopFCoE.

DescribeVIFs.

Asinglephysicaladaptercanpresentmultiplelogicaladapters,knownasvNICsandvHBAs,tothehostoperatingsystem.EachofthesecorrespondstoavirtualEthernetinterfaceorvirtualFibreChannelinterfaceontheparentswitch.

AdapterFEXcancreateaninterfaceforeachvirtualmachine,andtheparentswitchcanmanagetheseinterfaces.Thisallowsper-VMcontrolofpolicies,QoS,andsecurity.

DescribeFEXproducts.

FabricextenderproductsareremotelinecardsintheNexus2000familyofproducts.TheFEXmodulesconnecttoeitheraNexus7000orNexus5000seriesswitchthatcontainsthemanagementprocessor.Thecombinationactsasadistributedvirtualchassisswitch,whichplacestheFEXmodulesinsidetheserverracksinadatacenterand,atthesametime,hasasinglepointofmanagementandconfiguration.CiscoVICcardsextendadapterFEXtechnologyintotheserveritself.

Performinitialsetup.

EnsurethattheNexusNX-OSoperatingsystemhastheFEXfeaturesetloadedbyusingthefeaturefexcommand.DefinetheremoteFEXadapterinthe100to199range,thenconfiguretheuplinkportsbetweentheNexus2000andtheNexus5000toswitchportmodefex-fabric,andaddaportchannelforredundancyandadditionalbandwidth.

WrittenLab6:ConfiguringaFabricExtensiononaNexus5000SwitchYoucanfindtheanswersinAppendixA.

WithanFEXconnectedtoaNexus5000,configuretheportsEthernet1/1andEthernet1/2forFEX100,andputtheminportchannel100.UseSHOWcommandstoverifythatyouhavedoneaproperconfiguration.Performthefollowingsteps:

1. EnabletheFEXfeature.

2. VerifythattheFEXfeatureisenabled.

3. CreateanFEXinstance.

4. Configuretheinterface(s)ontheNexus5500thatwillbeusedforconnectingtheFEX.

5. Createtheportchannel,andassociateitwiththeFEX.

6. Showinterfaceconfigurationstoverifythechangesthatweremade.

ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter’s

Thefollowingquestionsaredesignedtotestyourunderstandingofthischapter’smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook’sintroduction.YoucanfindtheanswersinAppendixB.

1. WhichIEEEprotocolenablesEthernettooperateasalosslessfabric?

A. 802.1Qaz—ETS

B. 802.1Qbb—PFC

C. 802.1Qab—DCBX

D. 802.1Qos—DQoS

2. WhichIEEEprotocolenablesbandwidthmanagementandpriorityselection?

A. 802.1Qaz—ETS

B. 802.1Qbb—PFC

C. 802.1Qab—DCBX

D. 802.1Qos—DQoS

3. WhenconnectingtwoFCoEswitchestogetherinmultihopFCoE,whatbestdescribestheporttypepair?

A. NtoF

B. EtoE

C. NtoE

D. VEtoVE

4. WhichprotocolsareencapsulatedinFCoE?(Choosetwo.)

A. iSCSI

B. FibreChannel

C. SCSI

D. ISIS

5. WhichdevicecannotparticipateinmultihopFCoE?

A. Nexus5000

B. MDS9500

C. Nexus1000

D. Nexus7000

6. InFCoE,howmanybitsoftheIEEE802.1pCoSfieldareusedtomaptrafficclasses?

A. Two

B. Three

C. Four

D. Eight

7. WhichofthefollowingarebenefitsofUnifiedFabric?(Choosetwo.)

A. Lesscabling

B. FewerIPaddresses

C. SANandLANonasingletransport

D. Automaticencryption

8. WhatdoesPriority-basedFlowControlenable?

A. NativeFibreChannel

B. NativeEthernet

C. Bandwidthmanagementandpriorityselection

D. LosslessEthernet

9. WhatdoesEnhancedTransmissionSelectionenable?

A. NativeFibreChannel

B. NativeEthernet

C. Bandwidthmanagementandpriorityselection

D. LosslessEthernet

10. WhereisaVEportused?

A. FCoEswitchtoFCoEswitch

B. 1000VtoHBA

C. Portedgetovirtualportedge

D. Virtualenterpriseconnections

11. WhichofthefollowingarerequiredtotransportFibreChanneloveradatafabric?(Choosetwo.)

A. Ethernetheaders

B. Enhancedtransmissionselection

C. ALayer3routingprotocol

D. 10gigabitinterfaces

12. Aunifiedfabricconsolidateswhichofthefollowing?(Choosetwo.)

A. Controlplane

B. LANtraffic

C. Dataplane

D. Storagetraffic

13. AremoteFEXportisidentifiedbytheparentswitchusingwhichofthefollowing?

A. VLANS

B. SourceMACaddresses

C. VN-Tag

D. Trunking

14. Afabricextenderisusedforwhichofthefollowing?(Choosetwo.)

A. InterconnectingvirtualmachineNICstotheNexusswitchingfabric

B. Extendingthedistanceofaconvergedfabric

C. AllowingtheremoteNexus2000toconnecttotheparentswitch

D. InterconnectingSANcontrollerstohostbusadapters

15. ToconfigurearemoteNexus2000onaNexus5000,whichcommandsenabletheportstocommunicate?(Choosethree.)

A. FeatureFEX

B. channel-group100

C. fexassociate

D. Switchportmodefex-fabric

16. DataCenterBridgingExchange(DCBX)doeswhichofthefollowing?(Choosetwo.)

A. AllowsLayer2connectionsbetweendatacentersoveraroutednetwork

B. Automatesthenegotiationofparametersandconfigurationofinterconnectedswitchports

C. AllowsFCoEontotheconvergedfabric

D. Determinesiftheconnectedportisconfiguredcorrectly

17. SFP10GigabitsupportswhichPhysicallayermediatypes?(Choosetwo.)

A. Twinax

B. Coax

C. Multimodefiber

D. Cat3Ethernetcabling

18. Server-to-servertrafficonthesameNexus2248useswhichofthefollowing?

A. LocalswitchingintheNexus2000

B. SwitchesontheupstreamNexusswitch

C. Switchesacrosstheconvergedcontrolplane

D. FEXlocalswitching

19. FCoEmultihopallowswhichofthefollowing?(Choosetwo.)

A. DirectSCSIinterconnectiontotheconvergedfabric

B. StoragecontrollerstousenativeFibreChannelfabricconnections

C. FibreChanneltrafficovertheentirenetworkusingEthernet

D. Morethanoneswitchbetweenthestorageinitiatorandthestoragetarget

20. Avirtualinterfaceallowswhichofthefollowing?(Choosethree.)

A. Aconvergednetworkadaptertopresentmultiplelogicaladapterstoaserveroperatingsystem

B. FEXaddressingtoattachtoremoteports

C. ThevirtualizationofaNICcard

D. PervirtualmachinecontrolofQOS,policies,andsecurity

Chapter7CiscoUCSPrinciples

THEFOLLOWINGDCICTEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:

5.0UnifiedComputing

5.2Describe,configure,andverifyconnectivity

5.4DescribethekeyfeaturesofUCSM

THEFOLLOWINGTOPICSARECOVEREDINTHISCHAPTER:

DescribingtheCiscoUCSB-Seriesproductfamily

CiscoUCS6100and6200SeriesFabricInterconnects

CiscoUCS5108BladeServerChassis

CiscoUCSB200M3BladeServer

CiscoUCSB230M2BladeServer

CiscoUCSB250M2ExtendedMemoryBladeServer

CiscoUCSB440M2High-PerformanceBladeServer

MezzanineCardOptionsforCiscoUCSB-SeriesBladeServers

DescribingtheCiscoUCSC-Seriesproductfamily

CiscoUCSC-Seriesproductfamily

CiscoUCSC22M3High-DensityRackServer

CiscoUCSC24M3General-PurposeRackServer

CiscoUCSC220M3RackServer

CiscoUCSC240M3RackServer

CiscoUCSC260M2RackServer

CiscoUCSC460M2High-PerformanceRackServer

ConnectingCiscoUCSB-SeriesBladeServers

Chassis-to-fabricinterconnectphysicalconnectivity

I/Omodulearchitectures

CiscoIntegratedManagementControllerchiponCiscoUCSB-Seriesbladeservers

Threebasicportpersonalitiesinthefabricinterconnect

Discoveryprocess

TheCiscoUnifiedComputingSystem(UCS)isoneofthemostcomprehensiveandexcitingprojectslaunchedinCisco’shistory.Duringitsdevelopment,UCSwasgiventhecodename“theCaliforniaProject,”andmanyofitscomponentswerenamedafterareasinthatstate.Thismassiveventurewassoarcanethatitwascompletelymisunderstoodbymanybothfromwithinandoutsidetheindustry!

NewsaboutUCSwasoftenburiedsomewheredeepinsidetechmagazineswithheaderslike“CiscoEnteringBladeServerMarket.”Whilethiswastechnicallytrue,thosepronouncementsdidn’taccuratelyconveytheessenceofCiscoUCS.BythetimeCiscoUCSwasactuallyindevelopment,itbecameclearthatthefutureofthedatacenterwasvirtualization.VMwareandothershadsuccessfullydemonstratedwhattheycoulddorunningonstandardhardware.

Datacentershaveundergonetremendouschangesinordertooptimizethemselvesspecificallyforrunninginacutting-edge,virtualizedenvironment.Theamazing,newvirtualmachinescouldrunontopofanyhardwarethathadESXinstalled!

YouprobablyrememberthatthevirtualmachineoperatingsystemisreferredtoastheguestOS,andtheunderlyinghypervisoroperatingsystemiscalledthehostOS.BecausethehardwareattributesofthephysicalserverareirrelevanttotheVMs,wecanmoveavirtualmachinefromanHPserverrunningESXtoanIBMserverrunningESXwithoutneedingtomakeanychangestotheguestOS

atall.

VMwareESXandotherhypervisorsprovedtobetheidealenvironmentinwhichvirtualmachinescouldthriveand,evenbetter,theycouldallbecentrallymanagedusingVMware’svCenterorsimilartool.VirtualmachinesbecamemagicalthingsthatmadeanITpro’slifeadayatthebeach!

OK,maybeitwasarockybeachstrewnwithseaweedandbitingflies!Afterall,theunderlyinghostoperatingsystem,suchasESX,stillhadtobeinstalledonthephysicalserver.Furthermore,eachphysicalserverhaditsownuniquesettings,includingitsMACaddress,WorldWideNames,BIOSsettings,andmore.Thismeantthatyoucouldn’tsimplytakeaharddrivewithESXinstalledoutofanIBMserver,putitintoanHPserver,andexpectittobeanexactreplacement.Ifyoutriedthat,you’dendupwithdriverissuesandhardwaresettingsliketheMACaddressandsuchthatwouldchange.Soyes,youcouldmakeitwork,butgettingthattohappenwouldrequiresomeseriouseffort!

Ontopofallofthat,thejobofmanagingavastnumberofphysicalhostsisachallengeinitself.Saythatyouhaveahundredservers.Doeshavingtologintoeachoneseparatelyformanagementsoundlikeadayatthebeachtoyou?Makingachangecouldtakehours,orevendays,toimplementproperlyacrossyourlegionofservers!Nottomentionbeingfacedwiththetaskofcablingyourgangof100servers.Thinkaboutit.Ifeachdevicerequires3Ethernetcablesand2FibreChannelcables,youwouldneed500cablestomakethingswork.Moreover,becauseeachcablehastwoends,youwouldneedtouseawhopping1000ports—thatisthestuffofnightmares!

Fearnot.CiscoUCSwascreatedtoaddresstheseterrorsandmore.AsweexplorethedesignofUCSandtheassociatedhardware,you’llgaininsightintoanundeniablyelegantsolutionthatwillsimultaneouslyamazeyouandtakeyourITskillsettoanew,loftylevel.

DataCenterComputingEvolutionX86servershavegonethrougharemarkableevolutionaryprocess.Atfirst,theyweresimplyindividualtowermachinesthatweputonshelves.Wecouldconnectandmanagethemindividually,buttheytookupalotofroom,asshowninFigure7.1.

FIGURE7.1Agroupoftowerservers

Thingsgotmoreefficientwiththegenesisofrackmountservers.Thisinnovationnowallowedustopurchaseserversthatlookedlikepizzaboxesandmounttheminthesamerack.Figure7.2illustrateshowmuchthisreducedtheamountofspacethatweneeded!

FIGURE7.2Rackmountserversconnectedtoaswitch

OK,sorackmountserversdefinitelysimplifiedthings,buteachserverstillrequireditsownpowersupplyandnetworkconnections,anditstilltookupatleastoneunitofrackspace.Thenextiterationwastotaketheindividualserversandputthemintoasingleboxcalledachassis,whereinserverscouldsharesomeresourcessuchaspowersupply.Thisisknownasbladecomputing,anditisdepictedinFigure7.3.

FIGURE7.3Chassiswith16blades

Still,bladeserverswentthroughtheirownevolutionbecausetheearliestversionssharedfewresources,andeachbladehadtobemanagedseparately.Thissystemhasnowdevelopedsothat,atleastformostvendors,wecansomewhatmanageallofthebladesinasinglechassisfromasingleinterface.Asofthiswriting,mostvendorsarestillatthislevelandevolving.Thefocusofthemajorityofthemissimplyonmakingthecurrentsolutionevermoreefficient.

Network-CentricComputingTheexception,ofcourse,isCisco,whichintroducedtheUnifiedComputingSystem(UCS)in2009,about45yearsafterIBMfirstintroducedtheIBMSystem/360.Thereisasayingthat“hindsightis20/20.”Inthiscase,Icouldn’tagreemorebecauseCiscowasintheenviableanduniquepositiontobeabletocreateacompletelynewsystemfromscratchbylearningfromthemistakesofothers!

Ciscoscrutinizedanumberofissuesconfrontingthedatacenter,includingthesethreeveryimportantones:

threeveryimportantones:

SeparateEthernetandFibreChannelnetworking

Difficultymanagingavastnumberofservers

Issuesencounteredwhenreplacingorupgradingaserver

InthechapteronUnifiedFabric,wetalkedaboutthebenefitsofmergingEthernetandFibreChannelnetworks.CiscomadeUnifiedFabricanintegralpartoftheUCSsysteminordertoreducecablingandtakeadvantageoftheotherbenefitsgainedviaUnifiedFabric.Wewillcovertheissuesandintricaciessurroundingreplacingorupgradingaserverabitlaterinthebook.

Managingalargenumberofservershasalwaysbeenachallenge,rangingfromthetedioustothedownrightpainful.Having,say,64servers,whichcouldbeequalto64separatepointsofmanagement,requiredloggingintoeachpointtomakechanges.AsIsaid,somebladeserversallowedustomanageallofthebladeswithinasinglechassis,whichhelpedbyreducingthenumberofmanagementpoints,butthatdidn’treallysolvetheproblem.

Thinkingbig,Ciscowantedtheretobeonlyasinglepointofmanagementforanentirehordeofserversandchassis.Toaccomplishtheirgoal,theymovedthemanagementawayfromtheserverandchassistointelligentnetworkdevicesinstead,creatingsomethingcalledfabricinterconnects(FI),asillustratedinFigure7.4.

FIGURE7.4CiscoUCSfabricinterconnectmodel6248UP

True,fabricinterconnectslookalotlikeaNexus5000switchinadifferentcolor,butthisdevice’sbeautyisn’tjustskindeep.ThisdeviceoffersfarmoreintelligencethanaregularNexusswitch!ThefabricinterconnectsaretheheartandsouloftheUCSsystem.Allmanagementisdoneviathesesavvyfabricinterconnects.Althoughthesebeautiesworkinpairsforhighavailability,fromamanagementperspectivetheyoperateasasingleunit.

managementperspectivetheyoperateasasingleunit.

InFigure7.5,youcanseethatfourchassisareconnectedtotwofabricinterconnects.Eachchassiscancontainupto8separatebladeserversyieldingamaximumof32serversintheconfiguration.Thismaynotlookallthatspecial,buttheawesomethingaboutthissolutionisthatthere’sonlyonemanagementpoint!

FIGURE7.5UCSsystemwithtwofabricinterconnectsandfourchassis

Imaginebeingabletomakechangesthataffectall32serversfromasingleinterface.Notonlyisthisefficient,butit’salsoscalable,whichmeansthatifyouwanttogrowyoursystemfrom32serversto96servers,youdon’thavetoaddmorefabricinterconnects!Figure7.6showsapairoffabricinterconnectswith

12chassisthatcouldholdupto96servers.Keepinmindthatthisscenariostillsrepresentsasinglepointofmanagementforallofthechassisandservers.Infact,youcouldscaleupto40chassiswith320bladesandstillwindupwithjusttwofabricinterconnectsandonemanagementpoint!

FIGURE7.6UCSsystemwithtwofabricinterconnectsand12chassis

Sowiththat,let’szoominandthoroughlyinvestigatethehardwaresideofthesolution.

FabricInterconnectsAsofthiswriting,Ciscohashadthreegenerationsoffabricinterconnectdevices:the6100Series,6200Series,and6300Series.Here’saquick

devices:the6100Series,6200Series,and6300Series.Here’saquickbreakdownofthefeaturesandsomekeydifferencesbetweenthedevicesofferedinthisproductline:

TheCisco6120XPhastwenty10GigabitEthernetinterfacesandasingleexpansionslot.

The6140XPiskindoflikehavingtwo6120XPsmashedtogether.The6140XPhasforty10GigabitEthernetinterfacesandtwoexpansionslots.

Thetwofirst-generationfabricinterconnectsarepicturedinFigure7.7.

FIGURE7.76100Seriesfabricinterconnects

The6120XPhasathroughputof520Gb/s,anditcansupportup20chassis,or160servers.

The6140Xhasathroughputof1.04Tb/s,anditcansupportupto40chassis,or320servers—that’ssomeseriouscapacity!

What’smoresignificant,the6100SeriesexpansionmodulescanbeusedtoaddFibreChannelconnectivityoradditionalEthernetportstothesystem.ThefourtypesofexpansionmodulesaredisplayedinFigure7.8.ExpansionmoduleswithsixFibreChannelportscansupportspeedsupto8Gb/scomparedtootherFibreChannelcardsthatsupportonlyupto4Gb/s.

FIGURE7.86100Seriesexpansionmodules

Ineedtopointoutsomethingveryimportanthere—althoughtheexpansionmodulesthemselvesarefullylicensed,notallportsarelicensedbydefault.Thosethatarelicensedincludethefirst8portsonthe6120XPandthefirst16onthe6140XP.Thismeansthatifyouwanttousetheadditionalports,youhavetobuyalicensefirst.Thefirst8portsonthe6120XPandthefirst16portsonthe6140XPgiveyoutheoptionofgoingwith10Gb/sor1Gb/s,whichcomesinreallyhandywhenyou’redealingwithanetworkinfrastructurethatdoesn’tyetsupport10Gb/s.

Thesecondgenerationoffabricinterconnectsfeaturedhigherportdensityaswellasunifiedports(UP).Basically,wherethefirstgenerationmergedFibreChannelandEthernetintoasingledevice,thesecondgenerationallowedFibreChannelorEthernettorunonasingleport.Yes!SoitwasverycooltohavetheoptionofconfiguringasingleporttosupporteitherFibreChannelorEthernet.Nowthatthe6200Seriesoffabricinterconnectsisonthemarket,the6100hasbeendiscontinuedandisnolongeravailableforpurchase.

TheCiscoUCS6248UPhas32fixedportsandanexpansionmoduleslotoffering960Gb/sthroughput.The6296UPhas48fixedportsandthreeexpansionmoduleslots,anditservesupathroughputof1920Gb/s.BothofthesedevicesareshowninFigure7.9.

FIGURE7.96248UPand6296UPfabricinterconnects

The6200Seriesexpansionmodulehas16unifiedportsthatallowforEthernetorFibreChannelconnectivity,asshowninFigure7.10.MakeamentalnotethatthefabricinterconnectsandtheexpansionmodulescombinetoforgethebackboneofaUCScluster.

FIGURE7.106200unifiedportexpansionmodule

Thenewestmemberofthefabricinterconnectfamilyisthe6324,alsocalledtheUCSMini.Designedforsmallerdeployments,Minisarecardsthatinsertintothe

5108bladechassisinsteadofexternaldeviceslikethe6100andthe6200fabricinterconnects.TheL1andL2interconnectsgoacrossthebackplanesonoexternalcablingisrequired.TheycontaintheUCSmanager,andtheysupportVM-FEXcards,FibreChannel,andboth1Gand10GEthernetinterfaces.Figure7.11illustratesthe6300formfactor.

FIGURE7.116324fabricinterconnect

Next,let’scheckoutthechassisthatholdstheactualserverblades.

ServerChassisTheCiscoUCS5108bladeserverchassislookslikeatypicalchassis.Physically,it’ssixrackunits(RUs)high,anditmountsintoastandard19″rack.AsshowninFigure7.12,thechassiscanhandleuptoeighthalf-widthbladesorfourfull-widthblades,oranycombinationthatyoucanmanagetocramcreativelyintherewithoutresortingtoextrememeasures.Eighthot-swappablebladesin6RUisaprettyefficientuseofspace!

FIGURE7.12UCS5108chassiswithamixtureoffullandhalf-slotblades

Seethoseslotsacrossthebottom?Theycanhouseuptofour2,500-wattpowersuppliesthatrequire220VAC,somakesureyouusetherightoutlets,unlessyouwanttoendupwithscrapmetal!It’sgoodtoknowthatthesehot-pluggablepowersupplies’ACconnectionsareisolatedfromeachother—soifonefails,itwon’taffecttheothers.Internally,thepowerismatrixedandaccessibletoanyserverblade.It’sagoodideatohaveatleastthreepowersupplies,whichisknownasN+1,andbasicallythismeansthatifonefails,yougettokeepthingsrunning.Theidealsolutioniscalledgridconfigurationandusesallfourpowersupplies,withtwoconnectedtoonepowersourceandtwoconnectedtoanothersource.

I/OModulesClearly,theCiscochassiscontainingthebladeserversmustbeconnectedtothefabricinterconnects.OnthebackofthechassisaretwoslotswheretheI/Omodulesareinstalled,asshowninFigure7.13.Availabletypesincludethe2104XP,2204XP,and2208XP.Theseconddigitindicatesthegeneration,andthefourthdigitindicatesthenumberofports.Remember,thekeypurposeofCiscoUCSI/Omodulesistoactasfabricextenders(FEXs).

FIGURE7.135108with2104XPI/Omodules(rearview)

Essentially,fabricextendersexisttogetportsclosetotheservers,andyoucan’tgetthemanyclosertogetherthanstickingtheminsidethesamechassis!TheI/Omodules(IOMs)connecttothefabricinterconnectandprovideconnectivityinsidethechassisfortheserverblades,aspicturedinthefigure.

UCSServersThismightsurpriseyou,butUCSserversactuallyhavealotincommonwithmostmodern-dayservers.They’rebasedonIntelchips,haveRAM,andprovideLANandSANconnectivity.Predictably,however,therearesomekeydifferencestoo.We’llnowturnourfocustothose,aswellasthevariousmodelsofUCSbladeserversoutthererightnow.

ExtendedMemoryThevirtualizationofthedatacenterhasincreasedtheneedformemorytremendously.AlthoughCPUpowercontinuestoimprovebyleapsandbounds,theamountofmemoryaservercansupportjustisn’tkeepingupwiththedemandsresultingfromthisexponentialincrease.

Thisisclearlyaproblem,soCiscoworkedwithInteltocomeupwithasolution.BecausetheIntelarchitecturelimitedthemaximumnumberofDIMMchipsthateachCPUcouldsupport,Ciscocreatedaspecialchipthatgrantsmorethandoubletheamountofmemory.ThenewerCPUscanhandlemorememorydirectly.Moreover,yougetoveraterabyteofRAMonasingleserverliketheUCSB420!Anotherbenefitthatextendedmemoryprovidesisthatit’spossibletousesmallerandless-expensivememorychipswhenconfiguringyourserver.

B-SeriesBladeServerModelsSinceCiscoofferssuchawidevarietyofUCSservers,it’sreallyhelpfultobeabletobreakdownthenameofparticularserverandinterpretwhatitactuallymeans.I’mgoingtousetheB200-M3andC420-M3asexamples.IfthefirstletterisaB,thisindicatesthatit’sabladeserver.ACstandsforchassis,whichtellsusthatit’sarackmountserver.ThefirstnumberaftertheletterspecifiesthenumberofCPUsocketsintheserver,sotheB200hastwosocketsandtheC420hasfour.Finally,theM3attheendtagstheseasthird-generationUCSservers.

Itisalsoimportanttorememberthatbladeserverscomeinfull-andhalf-widthsizes.Thefull-widthversionnotonlyallowsmorespaceforCPUsandmemory,butitalsocontainsasecondmezzaninecard.I’lldescribethesecardsmoreinaminute,butfornowlookasFigure7.14toseethedifferentbladesavailableandwhatsomeofthefeaturesareoneachofthem.

FIGURE7.14B-Seriesservercomparison

It’salwaysgreattohaveanicearrayofoptionsfromwhichyoucanchoose,andthewidevarietyofserverbladesavailablegivesyouthepowertohaveyour

thewidevarietyofserverbladesavailablegivesyouthepowertohaveyourspecificneedsmetbychoosingthetypeofbladethatwillservethembest.ThemostpopularbladesaretheB200andB22,whichalsohappentobetheleastexpensive.Ifyouhaveahigh-performanceOracleserver,however,itwouldbewisetooptforaB420orB440.

C-SeriesRackServersTheC-Seriesrackmountserversarereallypopularfortheirrobustcapabilitiesandalsobecausethey’recompetitivelypriced.TheC-seriescansupporttonsofmemoryandcanalsobeconnectedtothefabricinterconnect,somethingwe’llcoverthoroughlyinthenextchapter.TheC22istheentry-levelserver,anditgivesyoutwoXeonCPUs,uptoeightdrives,andupto192GBofRAM.Theserversscaleupinpowerandcapacity,asshowninFigure7.15.

FIGURE7.15C-Seriesservercomparison

AlthoughtheC460isabeastofamachine,whentheseserversarecombinedwithotherCiscotechnology,it’sonemonstersolutionthat’shardtobeat!

InterfaceCardsBothserverbladesandrackmountserversrequireconnectivitytoEthernetandFibreChannel.Tomakethishappenforbladeservers,youinstallamezzaninecardontotheserverbladetoachieveeitherEthernetonlyorEthernetandFibreChannelcommunication.Forrackmountservers,youcanchoosetousethebuilt-

Channelcommunication.Forrackmountservers,youcanchoosetousethebuilt-ininterfacesorinstallinterfacecardsinstead.Let’scheckoutsomeofthedifferentmediaavailabletohookthesedevicesup.

Non-virtualizedAdaptersNon-virtualizedadaptershaveafixedconfigurationofEthernetandFibreChannelports,andsomeofthespecificationsareshowninFigure7.16.TheEthernet-onlyadaptersfromIntel,Broadcom,andCiscoprovidetwointerfaces,andtheyworkreallywellinenvironmentswithoutFibreChannel.Theconvergednetworkadapters(CNAs)fromEmulexandQLogicoffertwoEthernetandtwoFibreChannels.TheyaregreatforSANenvironments.TheC-SeriessupportsavarietyofPCIeadapters,andithasbuilt-inEthernetaswell.Keepinmindthatintherealworld,mostcompaniesnolongerusenon-virtualizedadaptersonB-Seriesservers.

FIGURE7.16Non-virtualizedinterfacecards

VirtualizedAdaptersVirtualizedinterfacecards(VICs)allowustodefinethenumberofEthernetandFibreChannelinterfacesonthecard—really!IfyouconfigurethecardwithsixEthernetinterfacesandfourFibreChannelinterfaces,that’sexactlywhatwillbe

presentedtotheoperatingsystem.Alsointerestingisthatthenumberofinterfacesdoesn’tchangethespeedofthecard,whichwillremain20,40,or80Gb/s,asshowninFigure7.17.Thus,theVICclearlyservesupsomeseriousflexibilitywhenconfiguringaUCSbladeserver,whichisabigreasonwhyit’sthemostcommontypeofinterfacecardusedtodayonB-Seriesservers.

FIGURE7.17Virtualinterfacecards

Rememberwhenwetoldyouthatduringitsdevelopment,the

UCSsystemwascalled“theCaliforniaProject?”Becauseofthat,theinterfacecardswerecode-namedaftercitiesinthatstate:TheVICcardwasdubbed“Palo,”theCNAwasknownas“Menlo,”andtheEthernet-onlyadapterwascalled“Oplin.”ThisisgoodtoknowincaseyouencountersomeUCSgurutossingthesetermsaroundtosoundsmart.Nowyoucansoundjustassmart.

Predictably,thevirtualinterfacecardsfortheC-Serieshavebeenadoptedataslowerpaceduetocost,butOplinsfortheB-serieswillsetyoubackaboutthesameamountastheothercards.Thus,ifyouhavetheoption,choosingVICcardsforyourserverisn’tjustsmartsounding;it’sthesmartthingtodo!

UCSConnectivityDon’tforgetthis—understandinghowtocableaUCScluster,aswellashowthecommunicationsactuallyhappeninthecluster,iscriticaltomasteringUCS!Solet’sexplorethesevitalsubjectsindepthnowbysurveyingthevariouscomponentsinvolvedandhowtheyallworktogether.

FabricInterconnectConnectivityThefabricinterconnectsarethemostimportantcomponentsintheUCScluster,andtheymustbeabletocommunicatewitheachother.TheL1andL2portsarededicatedtocarryingmanagementtrafficandheartbeatinformationbetweenthefabricinterconnects.ThefabricinterconnectL1andL2portsaredisplayedinFigure7.18.TheL1fromthefirstfabricinterconnectconnectstotheL1ofthesecondfabricinterconnect,andtheL2fromthefirstfabricinterconnectconnectstotheL2ofthesecondfabricinterconnect,anddatatrafficfromserversnevercrossestheselinks.Thefirst-generationfabricinterconnectshavetheL1andL2portslocatedonthefront,andthesecondgenerationhastheL1andL2portslocatedontherear.

FIGURE7.18FabricinterconnectL1/L2ports

JustasitisonIOSdevices,theconsoleportisusedforout-of-bandmanagement.TheMgmt0portisanout-of-bandEthernetmanagementportandtheMgmt1interfaceisn’tusedatall.Duringinitialsetup,youwouldconnectto

theMgmt1interfaceisn’tusedatall.Duringinitialsetup,youwouldconnecttotheconsoleportfirst,createtheinitialconfiguration,andthenmanagetheclusterthroughtheMgmt0interface.Buthowwouldyouconnectthechassistothefabricinterconnects?

Whenyouinitiallyconfigurethefabricinterconnects,onewillbedesignatedfabricAandtheotherlabeledfabricB.OnthebackofeachchassiswillbetwoIOMswitheitherfouroreightavailableports.Youcanuseone,two,four,oreightlinksfromtheIOMtoafabricinterconnect,butnotethatallthelinksfromIOMsmustgotoonefabricinterconnect,andallofthelinksfromthesecondIOMmustgototheotherfabricinterconnect,asdemonstratedinFigure7.19.

FIGURE7.19FabricinterconnecttoI/Omoduleconnectivity

Let’szoominonthe2104XP,thefirst-generationIOM.Eachofthelinksisrunningat10Gb/sandprovidingbandwidthforuptoeightservers.Aservercangenerate10Gb/strafficonafabricwithatypicalmezzaninecard,andafullyloadedchassiscouldgenerate80Gb/s.Thatsoundsimpressive,right?Nevertheless,whenit’spossibletohavemorebandwidththanyoucansupport,yourunintoasnagknownasoversubscription.Withasinglelink,theoversubscriptionratewouldbe8:1;withfourlinksitwouldbe2:1.Regardlessofthenumberoflinks,eachindividualserverusesonlyasinglelinkperfabric.

The2204XPand2208XParesecond-generationIOMs,andtheyoffermoreoptionsandflexibility.OneofthebiggestimprovementsistheabilitytocreateportchannelsbetweentheIOMandthefabricinterconnect.Portchannelingallowsasingleservertohaveamaximumbandwidthinexcessof10Gb/s,supportsloadbalancing,andprovidessupportforthe40GUCSVIC1280

supportsloadbalancing,andprovidessupportforthe40GUCSVIC1280adapter.KeepinmindthatportchannelingisavailableonlyifthefabricinterconnectsandtheIOMsarebothsecondgeneration.Itisagreatadvantagebecauseitgivesushigherbandwidth,redundancy,andloadbalancing.

TheIOMismorethanjustafabricextender;itprovidesthreeadditionalfunctions:chassismanagementcontroller(CMC),chassismanagementswitch(CMS),andI/Omultiplexer(mux).TheCMCaidsinthediscoveryofchassisandcomponentsandalsomonitorschassissensors.TheCMShandlesmanagementtrafficbeingsenttotheCiscoIntegratedManagementController.Themuxmultiplexesthedatabetweenthefabricinterconnectandthehostports.

ThetwoIOMcardsinthe5108chassisconnecttothefabricinterconnectcardswithmultiple10GEthernetinterfaces.EachIOMAconnectstofabricinterconnectAandIOMBconnectstofabricinterconnectBonly.TheIOMlinkscanbeconnectedtoonlyasinglefabricinterconnect.

Thedownlink10GinterfacesontheI/Omodulesarestaticallyconnectedtotheuplinkportsofthefabricinterconnect;thisprocessiscalledpinning.

CiscoIntegratedManagementControllerOK,sonowthatwe’veachievedconnectivitybetweenourblades,theIOM,andthefabricinterconnects,wecanstartcommunicating,right?Yes,butit’svitaltounderstandhow!TheCiscoIntegratedManagementController(CIMC)chipisonthemotherboardofC-SeriesandB-SeriesUCSservers.TheCIMC,previouslyknownastheBaseboardManagementController,providessomethingcalled“lights-outmanagement,”whichsimplymeansthatyouremotelycontrolmanyoftheserver’sfunctions.ThisworksalotlikeDellRemoteAccessConsole(DRAC)orHPIntegratedLights-OutManagement(ILO).CIMCprovideskeyboard,video,andmouse(KVM)overIP,enablingyoutoconnecttotheserverevenwithoutanoperatingsysteminstalled.ViatheIntelligentPlatformManagementInterface(IPMI)ontheCiscoIntegratedManagementController,youcanremotelymonitorandmanagesomeserverfunctions,butIPMIisusuallyusedforremotepowermanagement.TheCIMCalsoprovidesSerialOverLAN(SOL),whichallowstheinputandoutputoftheserialporttoberedirectedoverIP.

EthernetInterfacePortPersonalityTheportsonthefabricinterconnectneedtobeconfiguredcorrectlybysettingtheirportpersonality.Thethreebasicstatesareunconfigured,server,anduplink.

Thedefaultsettingisunconfigured,anditwon’tpermittrafficflow.Theportshouldbeconfiguredasaserverifit’sconnectingtothechassis,andifaportconnectstoaswitchoutsidetheUCScluster,itwouldneedtobeconfiguredasanuplinkport.Theotherporttypesareusedforspecificstoragescenariosbeyondthescopeofthisbook.Figure7.20illustratesalloftheoptionsforconfiguringanEthernetport.

FIGURE7.20Configuringportpersonalityonfabricinterconnect

UCSDiscoveryProcessThediscoveryprocesshappensautomaticallywhenachassisisconnectedtoafabricinterconnectandtheportsarecorrectlyconfigured.Thefabricinterconnectestablishesaconnectiontothechassismanagementcontroller,and

interconnectestablishesaconnectiontothechassismanagementcontroller,anditgathersalloftheinformationaboutthecomponentswithinthechassis,suchasthefans,IOM,powersupplies,partnumbers,andserialnumbers.ThebladeserversinthechassisarealsoscannedforBIOSinformation,CPUtypesandnumbers,memory,serialnumbers,harddrives,andDIMMinformation.

Thediscoveryprocesscanalsobemanuallyinitiatedbyre-acknowledgingthechassis,asdemonstratedinFigure7.21.YoucanmonitortheprogressofthediscoveryontheFiniteStateMachine(FSM)taboftheIOM.Afterdiscovery,yoursystemshouldbeupandrunning.Thecollectedinformationisthenstoredinthedatamanagementengine,whichispartoftheUCSmanager.

FIGURE7.21Re-acknowledgingachassis

Animportantfacttokeepinmindisthatthediscoveryprocessactuallytearsdownthefabricforagivencontrollerandrebuildsit,soit’savoidedonsystemsthatareinproduction.Still,it’sisoftenusedwheninstallingnewequipmenttoensurethatalltheconnectivityisproperlydiscovered!

SeeingyourdevicesshowupintheUCSmanagerinterfaceverifiesthatthey’vebeensuccessfullydiscovered.TheUCSsystemshouldnowbeinstalled,cabled,andreadytorun!

SummaryInthischapter,youwereintroducedtotheCiscoUnifiedComputingSystem(UCS)andhowitfitsintothedatacenter.YoualsolearnedthatfabricinterconnectsareakeycomponentofUCS-providedconnectivityandcentralizedmanagement.YoustudiedthedifferentkindsoffabricinterconnectsandtheexpansionmodulesthatcanbeplacedintothemtobuildthecoreofyourUCSsystem.

Afterthat,youlearnedaboutthebladeserverchassisandtheI/Omodulesthatprovideitwithconnectivitytothefabricinterconnects.Youlearnedthatthechassisallowsuptoeightbladesandthatitcanprovidetremendousnetwork

chassisallowsuptoeightbladesandthatitcanprovidetremendousnetworkthroughput!

YounowknowthatB-SeriesbladeserversandC-Seriesrackmountserverscomeinlotsofvarietiesandthatmostofthemweredesignedassolutionstoproblems,providinggreatbenefitslikelargememory,highCPU,orlowcost.Alloftheavailableoptionsgiveyoutheflexibilitythatyouneedtoselectaserverthatmeetsyourparticularneeds.

AfterthatwemovedontoexaminetheconnectivitybetweenthecomponentsinaUCSsystem.Youlearnedthattherearemanywaystocableitbasedonhowmuchbandwidthyouneed,andyoualsofoundoutthattheCiscoIntegratedManagementControllerprovidesgreatremotemanagementcapabilitiesforyourservers.YounowknowthattheinterfacesonyourserverscanhandleEthernet,FibreChannel,orboth,whilethevirtualinterfacecardtrulycreatessomenewwaystothinkabouthowtodefineinterfaces.

Towrapthingsup,wecoveredthediscoveryprocess,whichallowsthesecomponentstofindandidentifyeachdeviceandsetupcommunications.ThischapterfocusedheavilyonUCShardwarecomponentsandhowtheyinteract,becausehavingasolidunderstandingofeachtypeofdeviceanditsspecificjobisanabsolutemustforyoutoattainyourCCNADataCentercertification!

ExamEssentialsDescribethefabricinterconnects.

FabricinterconnectsprovidephysicalconnectivityandasinglepointofmanagementforaUCSsystem.TheL1andL2portsareusedformanagementoftrafficbetweenthetwofabricinterconnects.Therearethreegenerationsoffabricinterconnectsandsixmodelsthatprovidedifferentfunctionality.

DescribeanI/Omodule.

TheIOMsorFEXsactasfabricextenderstoconnectthechassistothefabricinterconnects.TheyalsoprovidethefunctionsofCMS,CMC,andmux.Thesecond-generationIOMsupportsportchannels.TheIOMscomeinfour-andeight-portuplinkoptions.

DescribeEthernetportstates.

Thethreebasicportstatesareunconfigured,server,anduplink.TheserverportstateisusedtoconnecttoaUCSchassis,andtheuplinkportstateconnectstoadatacenterswitch.

datacenterswitch.

Describeinterfacecards.

Non-virtualizedadapterscanbeconfiguredforEthernetorFiberChannelbutnotbothatthesametime.ConvergednetworkadaptershavebothEthernetandFibreChannelinterfacesonthesamecard.VirtualizednetworkadaptersallowtheconfigurationofmanyEthernetandFibreChannelinterfacestobepresentedtotheoperationsystem.Itisimportanttoknowwhatfeatureseachcardsupports.

WrittenLabs7YoucanfindtheanswersinAppendixA.

1. NamethepurposeofeachoftheseportsonaUCSfabricinterconnect.

A. Consoleport

B. Managementport

C. L1/L2port

2. Foreachofthefollowinginterfacecards,identifywhetheritisavirtualizedornon-virtualizedadapter.

A. M72KR-E

B. VIC1280

C. M61KR-I

D. M81KR

3. AcustomerneedsaserverbladewithfourCPUsand1TBofRAM.Whichserversmeetthesecriteria,andwhatadditionalinformationwouldhelpthecustomertomakeagooddecision?

4. Acustomerneeds32half-widthbladesandwouldlikearecommendationfromyouonaUCSsolution.Listthecharacteristicsofasolutionthatwouldmeetthesecriteria.

A. Numberoffabricinterconnects

B. Numberofchassis

C. Typesofhalf-widthbladesavailable

5. AcustomerasksyouaboutthedifferencebetweenCMCandCIMC.Please

explainhowtheyaredifferentandwhytheymightusethem.

ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter’smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook’sIntroduction.YoucanfindtheanswersinAppendixB.

1. WhichisanexampleofanFEX?

A. UCSM81KR

B. UCS6248UP

C. UCS2104XP

D. B200M3

E. B22M3

F. C460

2. Whichofthefollowingarevirtualinterfacecards?(Choosefour.)

A. P81E

B. M71-KR

C. M81-KR

D. VIC-1280

E. VIC-1240

F. P71-KR

3. ThroughwhichdeviceismanagementofaUCSsystemnormallyaccomplished?

A. Fabricinterconnect

B. MultilayerDirectorSwitch

C. C5108chassis

D. 2104XPI/Omodule

4. WhatisthemaximumnumberofbladesthatcanfitintoaUCS5108chassis?

A. 4

B. 8

C. 12

D. 16

5. Howmanyfabricinterconnectsshouldyouhavetosupportasingleclusterwith16chassiswith128blades?

A. 2

B. 4

C. 8

D. 16

6. Whichofthefollowingcanaunifiedporthandle?

A. OnlyEthernet

B. OnlyFibreChannel

C. SimultaneouslyEthernetandFibreChannel

D. EthernetorFibreChannel

7. Basedonthenameoftheserver,whatdoyouknowaboutaB420M3server?(Choosethree.)

A. Second-generationserver

B. Third-generationserver

C. Rackmountserver

D. Bladeserver

E. TwoCPUsockets

F. FourCPUsockets

8. OntheUCSfabricinterconnect,whatdotheL1andL2portsprovide?(Chooseallthatapply.)

A. Managementtraffic

B. Heartbeats

C. Redundantdatapathforservers

D. Additionalbandwidthforservers

E. Consolemanagement

F. Webmanagement

9. WhenconfiguringaNexusdevicethathasa10GigabitEthernetinterfacelocatedinthefirstportofslot3,howwouldyoureferenceit?

A. 10G3/1

B. Gigabit3/1

C. Ethernet3/1

D. GBE3/1

10. Whichportprovidesout-of-bandEthernetmanagement?

A. L1

B. E0/0

C. Mgmt0

D. Console

11. WhichisnotavalidnumberoflinksbetweenafabricinterconnectandanIOM?

A. One

B. Six

C. Four

D. Two

12. Whatprovideskeyboard,video,andmouseoverIPonaUCSserver?

A. IPMI

B. SOL

C. CMC

D. CIMC

13. Whichofthefollowingisnottrueofaunifiedport?

A. ItcansupportEthernetSFPs.

B. ItcansupportFibreChannelSFPs.

C. AportcanbeconfiguredasEthernetorFibreChannel.

D. AportcanbeconfiguredasEthernetandFibreChannel.

14. TheUCS6120XPhas20built-inports.Whichportscanoperateat1Gb/sor10Gb/s?

A. Ports1–16

B. All

C. None

D. Ports1–8

15. WhichofthefollowingarecomponentsoftheUCS2104XPI/Omodule?(Choosethree.)

A. Chassismanagementcontroller

B. Consolemanager

C. Switchmanager

D. Multiplexer

E. Chassismanagementswitch

16. Non-virtualizedadapterssupportwhichofthefollowing?(Choosetwo.)

A. FibreChannel

B. FEX

C. Ethernet

D. OTV

E. DCB

17. InitialconfigurationoftheUCSfabricinterconnectofferswhichofthefollowingoptions?(Choosetwo.)

A. Initialize

B. Restore

C. SyncwithMaster

D. Setup

18. IOMserverdownlinksareinterconnectedtotheuplinksusingwhichofthe

following?

A. OTV

B. DCB

C. Pinning

D. VPC

19. WhatchassiscomponentsdoestheUCSdiscover?(Choosetwo.)

A. BIOS

B. IOM

C. Serialnumbers

D. Harddrives

20. WhatservercomponentsdoestheUCSdiscover?(Choosethree.)

A. IOM

B. BIOS

C. Harddrives

D. DIMMs

CHAPTER8CiscoUCSConfiguration

THEFOLLOWINGCCNAEXAMOBJECTIVESARECOVEREDINTHISCHAPTER:

5.0UnifiedComputing

5.1Describeandverifydiscoveryoperation

5.2Describe,configure,andverifyconnectivity

5.3Performinitialsetup

5.4DescribethekeyfeaturesofUCSM

HERE’SAPREVIEWOFTHETOPICSWE’LLEXPLOREINTHISCHAPTER:

SettingupaninitialCiscoUCSBseriescluster

CablingaCiscoUCSfabricinterconnectcluster

Initialsetupscriptfortheprimarypeer

Initialsetupscriptforthesecondarypeer

Verifyingafabricinterconnectcluster

DescribingCiscoUCSManageroperations

CiscoUCSManager

LayoutoftheCiscoUCSManagerGUI

Navigationwindowtabs

DevicediscoveryinCiscoUCSManager

VerifyingdevicediscoveryinUCSManager

DescribingCiscoUCSManagerpools,policies,templates,andserviceprofiles

Benefitsofstatelesscomputing

Usingidentitypoolsinserviceprofiles

Usingserviceprofiletemplatestoenablerapidprovisioningandconsistentapplicationofpolicy

Creationofpoliciesforserviceprofilesandserviceprofiletemplates

Chassisandbladepowercapping

Nowthatwe’veexhaustedthemyriadofhardwareoptionsavailableinCisco’sUnifiedComputingSystem(UCS),it’shightimeforustoexplorethefunstuff!Inthischapter,we’llshowyouhowtosetupaUCSsystem,cableittogether,configureit,andmanagethisremarkabledevice.

Theunifiedsystem’sapproachtomanagingcopiousnumbersofcomputingdevicesfollowsauniqueandinnovativepath.Havenoworries;we’llhelpyoutogainasolidgraspofthistechnologyalongtheway!

UCSClusterSetupFinally,theUCSsystemyou’vebeenwaitingforarrivesatyourdatacenter.Thefirstchallengethatyouarepresentedwithisareminderthatyoushoulddefinitelyworkoutmore—thesebeautiescanbeheavy!Afterstrugglingtogetitunboxedandinstalledintoyourdatacenter’scabinets,youwiselybeginbyconnectingthechassiswiththerequired220vcapacitypowercables.Awesome!Nowwhat?Yournexttaskistocablethetwofabricinterconnectstogetherproperlyandthenconnectthemtothechassis.We’llguideyouthroughthatnow.

CablingtheFabricInterconnectsFirst,youshouldknowthatfabricinterconnectsarealmostalwaysinstalledaspairs,becausedoingthisensuresaredundanttopology.Youcaninstalloneasastandalone,butwerecommenddoingthatonlyfortestinginthelabenvironment

—neverinaproductionenvironment!Also,theUCSisdesignedtorundualfabricsforredundancy.Ifonlyonefabricinterconnectisused,therewillbenofabricredundancy.Inthepreviouschapter,wetalkedabouttheveryspecialL1andL2portsusedforcommunicationbetweenthetwofabricinterconnects,andthesetwoportsaretypicallythefirsttoconnect.ExamineFigure8.1.

FIGURE8.1Fabricinterconnectcabling

YouconnectfabricinterconnectsviatwostandardEthernetcablesthatlinktheL1portofthefirstswitchtotheL1portofthesecondswitchandthentheL2portofthefirstswitchtotheL2portofthesecondswitch.

Yourtwofabricinterconnectsshouldbethesamemodel;for

example,youshouldconnecta6120XPtoa6120XP.Theexceptiontothisruleoccursonlywhenupgradingyourhardwarebecauseyoucantemporarilyconnectthenewerfabricinterconnecttotheoldonetoallowthenewswitchtolearntheconfigurationofthecluster—nice!Thislittletrickhelpsyoutoavoidanydowntimeduringahardwareupgrade.Nonetheless,onceeverythingissynchronized,youstillneedtoremovetheolderswitchandreplaceitwiththenew,matchingone.

Afteryou’vesuccessfullycabledportsL1andL2,yournextstepistoconnect

Afteryou’vesuccessfullycabledportsL1andL2,yournextstepistoconnecttheEthernetcablethatrunsfromthemanagement0portofeachfabricinterconnecttoyourmanagementnetwork.Moreover,bothofthosemanagementportsmustbeinthesameVLAN!Finally,you’regoingtorunrolledcabletotheconsoleport,andfromtheretoyourmanagementcomputer,whereyou’llopenaterminalprogram,turnonyourfabricinterconnects,andletthefunbegin.

SetupDialogfortheFabricInterconnectsWhileyourfabricinterconnectsarebootingupisagreattimetocollectsomekeyinformationthatyou’llneedtoconfigureyoursystem.Firstonthatlististhesystemnameandadministratorpasswordthatwillbesharedbythefabricinterconnect.Next,you’llneedthreeIPaddressesonthesamesubnet—oneaddresstouseasthephysicaladdressforeachfabricinterconnect,thesecondasavirtualIPaddressforthecluster,andthethirdforthesubnetmaskanddefaultgateway.AddingaDNSserveranddomainnameisoptional.

Thefollowingisadisplayofanentiresetupdialogthatweachievedafterweconfiguredthefirstfabricinterconnectinaclusterknownastheprimarypeer.Don’tpanic—we’llbreakthismonsterdownpiecebypiecewithyou!

Entertheinstallationmethod(console/gui)?console

Enterthesetupmode(restorefrombackuporinitialsetup)

[restore/setup]?setup

Youhavechosentosetupanewswitch.Continue?(y/n):y

Enterthepasswordfor"admin":Todd!John123

Confirmthepasswordfor"admin":Todd!John123

Doyouwanttocreateanewclusteronthisswitch(select'no'for

standalonesetuporifyouwantthisswitchtobeaddedtoan

existingcluster)?(yes/no)[n]:yes

Entertheswitchfabric(A/B):A

Enterthesystemname:UCS

Mgmt0IPv4address:10.10.10.101

Mgmt0IPv4netmask:255.255.255.0

IPv4addressofthedefaultgateway:10.10.10.1

VirtualIPv4address:10.10.10.100

ConfiguretheDNSServerIPv4address?(yes/no)[n]:yes

DNSIPv4address:8.8.8.8

Configurethedefaultdomainname?(yes/no)[n]:yes

Defaultdomainname:lammle.com

Followingconfigurationswillbeapplied:

SwitchFabric=A

SystemName=UCS

ManagementIPAddress=10.10.10.101

ManagementIPNetmask=255.255.255.0

DefaultGateway=10.10.10.1

ClusterEnabled=yes

VirtualIpAddress=10.10.10.100

DNSServer=8.8.8.8

DomainName=lammle.com

Applyandsavetheconfiguration(select'no'ifyouwanttore-

enter)?(yes/no):yes

Thescriptbeginswithachoicetoconfigurethedevicefromtheconsole,thecurrentcommand-lineprompt,orfromaGUI,awebinterfacethataskstheexactsamequestions.Asyoucansee,wewentwiththeconsolemethod.Wedidsobecauseit’sbyfarthebestwaytoconfigurethisdevice.Plus,itjustmakesuslookreallysmart:

Entertheinstallationmethod(console/gui)?console

Next,wearriveatsetupmode,whichcanbeusedtoconfigureaswitchinitiallyorrestoretheswitchfromasavedbackup.Wechosesetupsincethisisanewswitch.Knowthatyouhavetocomeupwithagood,solid,complexpasswordcomposedofupper-andlowercaseletters,numbers,andsymbols,ortheNexuswillrejectitandmakeyoutryagain:

Enterthesetupmode(restorefrombackuporinitialsetup)

[restore/setup]?setup

Youhavechosentosetupanewswitch.Continue?(y/n):y

Enterthepasswordfor"admin":Todd!John123

Confirmthepasswordfor"admin":Todd!John123

Justbecausewe’llbesettingupbothfabricinterconnects,doesn’tmeanthatthey’llbesetupexactlythesameway.We’regoingtocreateanewclusteronthefirstone,butwe’llhavethesecondonejointheexistingcluster.Asmentioned,standalonemodeisjustfortestinginalabenvironment.Wechoseyestoindicatethatwewanttocreateanewclusteronthefirstswitch:

Doyouwanttocreateanewclusteronthisswitch(select'no'for

standalonesetuporifyouwantthisswitchtobeaddedtoan

existingcluster)?(yes/no)[n]:yes

EachfabricinterconnectisidentifiedbyanAoraBindicatingafabricidentifier.Itreallydoesn’tmatter,butmostpeoplesetupthefirstswitchonAandthesecondoneonB:

Entertheswitchfabric(A/B):A

Sometimespeoplegetconfusedwhenfacedwithenteringthesystemnamebecauseit’saskingforthenameoftheclusterandnotthenameofthefabricinterconnect.Theactualfabricinterconnectnameistheclusternamefollowedbytheswitchfabric.BecausewechosetheclusternameUCSandaswitchfabricofA,thefabricinterconnect’snamebecomesUCS-A:

Enterthesystemname:UCS

Thisbringsustothenetworkinformationinthefinalstretchofthesetup.We’regoingtoassigntheMgmt0addresstothisfabricinterconnect’sphysicalport,andwe’llusethevirtualIPaddresstoconnecttoandmanagetheUCS.Thefirst,primaryfabricinterconnectwillhandlethemanagementtraffic.We’lltellyoumoreaboutthereasonforthatinabit.Therestoftheinformationinthischunkofoutputisjusttypicalnetworkconfiguration:

Mgmt0IPv4address:10.10.10.101

Mgmt0IPv4netmask:255.255.255.0

IPv4addressofthedefaultgateway:10.10.10.1

VirtualIPv4address:10.10.10.100

ConfiguretheDNSServerIPv4address?(yes/no)[n]:yes

DNSIPv4address:8.8.8.8

Configurethedefaultdomainname?(yes/no)[n]:yes

Defaultdomainname:lammle.com

Theverylastpartofthedialogdisplaysasummaryoftheconfigurationthatwillbeappliedtothefabricinterconnect,anditasksifyouwanttouseit.Ifyouseeanythingwrongwithit,justenternotorunthroughthesetupconfigurationagain:

Followingconfigurationswillbeapplied:

SwitchFabric=A

SystemName=UCS

ManagementIPAddress=10.10.10.101

ManagementIPNetmask=255.255.255.0

DefaultGateway=10.10.10.1

ClusterEnabled=yes

VirtualIpAddress=10.10.10.100

DNSServer=8.8.8.8

DomainName=lammle.com

Applyandsavetheconfiguration(select'no'ifyouwanttore-

enter)?(yes/no):yes

Atthispoint,thefirstfabricinterconnectisconfiguredandoperational,andweonlyhadtoansweradozenquestionstogetitupandrunning!Dealingwiththe

secondfabricinterconnect,knownasthesecondarypeer,iseveneasier,anditrequiresansweringonlyfivemorequestions.Thefollowingexamplesetsupthesecondfabricinterconnectforaclusterconfigurationusingtheconsole:

Entertheinstallationmethod(console/gui)?console

Installerhasdetectedthepresenceofapeerswitch.Thisswitch

willbeaddedtothecluster.Continue?[y/n]y

Entertheadminpasswordofthepeerswitch:Todd!John123

Mgmt0IPv4address:10.10.10.102

ManagementIpAddress=10.10.10.100

Applyandsavetheconfiguration(select'no'ifyouwanttore-

enter)?(yes/no):yes

OK.ThesecondlinetellsusthatthesecondfabricinterconnecthasdetectedthepresenceofanotherfabricinterconnectovertheL1andL2links,anditpromptsustojointhecluster.Wejustsayyestobeaddedtoit,andthenweenterthepasswordtoauthenticatetotheprimaryfabricinterconnect.Theconfigurationinformation,includingtheclusterIPaddress,DNS,andsystemname,arelearnedfromtheprimaryfabricinterconnect.TheonlyinformationlefttoenterisanIPaddressforthisspecificfabricinterconnect.Prettyeasysofar,no?

Atthispoint,weshouldhaveafunctioningUCScluster,buthowcanwereallytellifwedoornot?

ClusterVerificationPredictably,thetwofabricinterconnectsintheUCSclustersynchronizedatawitheachother.Changesarefirstimplementedontheprimaryandreplicatedtothesecondary.Notethatit’sreallyimportantthatthesetwodevicesoperatelogicallyasone.Thecommandshowclusterextended-stateisthetoolthatwe’llusetotellusallaboutthestatusofthecluster.Here’stheoutputfromtheprimaryswitch:

UCS-A#showclusterextended-state

ClusterId:0xe5bd11685a7211e2–0xb39f000573cd7a44

Starttime:MonMay2717:37:432013

Lastelectiontime:MonMay2717:38:112013

A:UP,PRIMARY

B:UP,SUBORDINATE

A:membstateUP,leadstatePRIMARY,mgmtservicesstate:UP

B:membstateUP,leadstateSUBORDINATE,mgmtservicesstate:UP

heartbeatstatePRIMARY_OK

INTERNALNETWORKINTERFACES:

eth1,UP

eth2,UP

HAREADY

DetailedstateofthedeviceselectedforHAstorage:

Chassis1,serial:FOX1442GZZQ,state:active

ThisoutputconfirmsthatAistheprimaryandthatBisthesubordinate.Wecanalsodeterminethatthememberstate,managementservices,andnetworkinterfaces(L1andL2)areup.ThemostimportantthingtolookforisthelineHAREADY(highavailability).Thisonelinewilltellyouifyourclusterisfunctioningproperlyornot.

Ifyouhaveeverythingcabledproperlyandpoweredonbutthingsstillaren’tworking,youprobablyhaveaconfigurationerrorsomewhere.ThemostcommoninitialconfigurationissuestemsfromincorrectIPinformation.Tosolvethistypeofproblem,youreallyneedtobecomefamiliarwiththeUCScommand-lineinterface(CLI).

Nottoscareyou,butthisisnottheCiscoIOSorNexusOS!MostUCSadministratorsrarelyusethecommand-lineinterface,butwe’rebetterthanthatsoinwego!Thecommandswithwhichwewillarmourselvesarescope,up,set,andcommit.ThescopecommandchangeswhichpartoftheUCSconfigurationyou’remodifying.UsingtheupcommandinUCSisbasicallylikeexecutingtheexitcommandinIOS,becausebothcommandsmoveyoubackonelevel.Althoughyoucanusetheexitcommand,youneedtoknowtheupcommandtoo.Thesetcommandmodifiesaproperty,butitdoesn’tworkthesamewaythatitdoesinotherCiscooperatingsystemsbecauseanychangesmadeusingsetinUCSwon’ttakeeffectuntilyouenterthecommitcommandaswell.

ThisoutputgivesusasnapshotofwhathappenswhenwechangethevirtualIPaddressofthecluster:

UCS-A#scopesystem

UCS-A/system#setvirtual-ip10.10.100.10

UCS-A/system*#commit

UCS-A/system#

Sowhatdoesthistellus?Well,wecanseethatthescopecommandgotusintosystemconfigurationmodewherethevirtualIPaddresswaschanged.Doyou

seethatasteriskonthethirdline?Itindicatesthattherearemorechangesthathaven’tbeencommitted.Oncethecommitcommandhasbeenexecuted,theasteriskdisappears,indicatingthechangehasbeenimplementedandsaved.

ButwhatifwehadincorrectIPaddressesononeofthemanagementinterfacesofafabricinterconnect?Again,wecouldcorrectitfromthecommandlineinasimilarway:

UCS-A/system#up

UCS-A#scopefabric-interconnecta

UCS-A/fabric-interconnect#setout-of-bandip10.10.100.11

Warning:Whencommitted,thischangemaydisconnectthecurrentCLI

session

UCS-A/fabric-interconnect*#setout-of-bandnetmask255.255.0.0

Warning:Whencommitted,thischangemaydisconnectthecurrentCLI

session

UCS-A/fabric-interconnect*#setout-of-bandgw10.10.1.1

Warning:Whencommitted,thischangemaydisconnectthecurrentCLI

session

UCS-A/fabric-interconnect*#commit

UCS-A/fabric-interconnect#

OK.Youcanseethatbyusingtheupcommand,we’vechangedtheconfigurationmodefromsystembacktotheroot.TherestofthecommandsbringustofabricinterconnectaandthenconfigureandapplytheIPsettings.Wecanverifythesesettingsviatheshowconfigurationcommandlikethis:

UCS-A/fabric-interconnect#showconfiguration

scopefabric-interconnecta

activatefirmwarekernel-version5.0(3)N2(2.11a)

activatefirmwaresystem-version5.0(3)N2(2.11a)

setout-of-bandip10.10.100.101netmask255.255.0.0gw

10.10.1.1

exit

NowwerealizethattheUCScommandlineisinaweirdplace,butdon’tworryaboutthatbecause,onceyou’veinitiallyconfiguredyourUCSsystem,it’slikelythatyouwon’thavetovisittheUCSCLIeveragain!TheUCSCLIisusefulfordisplayinglogginganddebugginginformationthatisnotavailablewiththeGUI.

Next,we’llshowyouhowtomanagethesystem,aswellasitsbrilliantinterface,theCiscoUCSManagerGUI.

UCSManagerUCSManageristhesinglepointofmanagementforaUCSsystem.Thissingletoolwillopenthedoorsforyoutomanagethefabricinterconnects,bladeserverchassis,bladeserversandtheircomponents,rackservers,andsubsystems,plusanythingconnectedtothem,fromfull-widthserverbladestofanmodulesandpowersupplies.Seriously,evenwhenfacingahugeUCSwith16chassisand128servers,youwouldmanageallofitviathissingleinterface!

Inrecentyears,Ciscohasstandardizedthemethodusedtostoreinformationacrossdevices.ExtensibleMarkupLanguage(XML)providesarobustwaytostorethatdata,whichisstillreadablebyhumaneyesandtoseasonedorbs.XMLfileseerilyresemblewhatyoumightendupwithifanoldINIconfigurationfileandanHTMLfilehadbabies.Butnoworries—youwon’tbeeditingXMLfiles!Instead,you’llrelyoncooltoolsliketheUCSManagerGUIortheCLIfordaycarebecausetheyworkinthebackgroundtomakethosechangesforyoupainlessly.Anotherwonderfulbenefitofthisstandardizedformatisthatitsconsistencymakesitsupereasyforthird-partyproviderstodevelopapplicationsandtoolsforUCS.

Nevertheless,theXMLinterfaceisn’ttheonlywaytocommunicatetotheUCSsystem.KeyprotocolslikeSNMPandIPMI(IntelligentPlatformManagementInterface),aswellasrelativelyobscurestandardslikeCIM-XML(CommonInformationModel)andSMASHCLP(ServerManagementCommandLineProtocol)arealsosupported.KeepinmindthatCIM-XMLisread-only,anditcannotbeusedtoconfigureUCS.

YouwillgrowtoloveKVM(keyboardvideomouse)overIP.Thisawesomefeatureactuallyletsyouremotelymanagetheserver,evenifthere’snoOSinstalledonit!Withallthisinmind,it’stimetodiverightintoactualconfiguration.

WelcometotheGUIYou’verecentlybeenintroducedtotheinitialconfigurationofaUCScluster,aswellashowtogivethesystemavirtualIPaddress.WhenyouopenawebbrowsertotheclusterIPaddress,you’llseeascreensimilartotheonedepictedinFigure8.2.

FIGURE8.2UCSinitialwebinterface

TheLaunchUCSManageroptionwillstartuptheGUI,whereastheKVMManagerallowsyoutoconnecttoyourserverswithoutlaunchingtheUCSManageratall.Ohandbytheway,thisisacross-platformapplicationwritteninJava,somakesurethatyouhaveJavainstalledbeforelaunching.Keepinmindthatbecauseyou’rerunninganapplicationfromawebbrowser,you’llprobablyseeawarningliketheoneshowninFigure8.3.

FIGURE8.3Javaapplicationwarning

ChoosingRunwillbringupaprompttologintotheUCS,asshowninFigure8.4,usingthecredentialsconfiguredduringtheinitialsetup:

FIGURE8.4UCSManagerLogin

UCSGUINavigationExamineFigure8.5foraclearpictureoftheprimaryUCSManagerGUI.Theleftsidehousesthenavigationpane,whiletherightsideshowsyouthecontent.Atthetopisthenavigationtrailthatshowswhereyouareintheconfigurationtree.Youcanmoveforwardandbackwardbyselectingtheareaonthistrail.Afaultsummaryareaabovethenavigationtabsshowscritical,major,minor,andwarningfaults.SeethosesixtabsjustabovethenavigationpaneforLAN,SAN,VM,Admin,Equipment,andServers?Thosetabsaretheprimarywaymovearoundtheinterface.

FIGURE8.5UCSManagerlayout

TheEquipmenttabdisplaysallofthephysicalcomponentsfortheUCS—ifit’ssomethingthatyoucanactuallytouch,it’sundertheEquipmenttab.ThethreeareasoftheEquipmenttabarethebladechassis,therackmountservers,andthefabricinterconnects.UnderstandthattheServerstabdoesn’tcontainthephysicalservers,onlythelogicalservercomponentsandsettings,andtheLANandSANtabscontaintheirrelevantnetworkandstorageitems.KeepinmindthatifyouhaveyourUCSlinkedintoaVMwarevSphereenvironment,thoseelementswillshowupundertheVMtab.TheAdmintabpredictablycontainsanabundanceofitemsassociatedwiththegeneraladministrationoftheUCS.AcollageofallofthetabsisshowninFigure8.6.

FIGURE8.6UCSManagertabs

FiniteStateMachineLet’sfocusonthatEquipmenttab,whichhostslotsofvitaldetailsaboutthesystem’sservers,FEXs,andchassis.Atthispoint,agoodquestionwouldbe,“HowdidUCSlearnaboutallofthisphysicalgear?”ThediscoveryprocessinUCSManagerisalwaysrunningsothatitcandeterminewheneverhardwarehasbeenadded,changed,orremoved.Cool—buthow?

Thesystemmonitorsanyportsconfiguredasserverportstodetermineifsomethingnewhasbeenpluggedin.Whenalinkisdetected,acommunicationchannelisopenedtotheFEXlocatedinthechassis.ThesystemverifiesthetypeofFEX,andthenitdeterminesthatchassisinformationandaddsittotheUCSdatabase.Sensorsthroughoutthesystemmonitorvoltageandpresence,sothatifanythingchanges,thefinitestatemachinewilldiscoverandrecordthechange.TheFSMtabinUCSManagerletsyoumonitortheprocesses.

Oncethechassisisdiscovered,thediscoveryprocesswillquerytheCMCtoseeiftherearebladesintheslots.Ifoneisdetected,thesystemqueriestheCIMContheserverandbeginsanin-depthdiscoveryprocessofservercomponents,likeBIOS,drives,NICs,andHBAs,asshowninFigure8.7.

FIGURE8.7Finitestatemachinediscoveryprocess

Thefinitestatemachine(FSM)monitorsthediscoveryprocess,displayingeachstepthatoccursandwhetheritwassuccessfulornot.Ifyouwanttoobservethisprocesspersonallyonanon-productionsystem,youcanchooseanIOM,resetit,andthenselecttheFSMtabandwatchallofthestepsinrealtime.

Let’smoveontocoversomeoftheotheractivitiesmonitoredbytheFSM.

ServiceProfilesBeforewejumpintostatelesscomputingandservicesprofiles,itisworthnotingsomecurrentchallengesinherenttomanagingserversinthedatacenter.ThisisimportantbecauseunderstandingtheseissueswillbringhomejusthowelegantCisco’ssolutionsreallyare!

TraditionalComputingFirst,askyourselfthis:“Whatexactlyisitthatmakesacomputerdeployedinthedatacenterunique?”IfyouhavetwoACME100VXswiththesamememory,CPU,NICs,hostbusadapters,andsoon,doesthatmeanthey’reexactlythesame?

Ifthere’snoonenearby,scream,“No!”Why?Therearelotsofreasons,andwe’llwalkyouthroughthemonebyone.Tobegin,statefulcomputingmeansthatindividualservershaveuniquecharacteristics,sothesetwomachinesaren’teveninthesamestate.Andthenetworkenvironmentbetweenthesetwomachinesmaybeverydifferent.Thinkaboutit—we’redealingwithmachinesthathavedifferentMACaddressesburnedintotheNICsandcabledtodifferentports,whichmaybelongtodifferentVLANsthathavedifferentsecuritypolicies—there’salottoconsiderhere!Furthermore,there’sthewholestoragesideofthings.ThehostbusadapterswillhavedifferentWWPNsandWWNNs,andtheSANbootsettingwillbedifferenttoo.TheMDSswitchthey’repluggedintowillhaveaVSANconfigurationandzoningspecifictotheirparticularWWPN,andthestoragearraywillhavemaskingconfiguredfortheirindividualWWPN.

That’snotall—theUUID(universallyuniqueidentifier),whichisburnedintothemotherboard,isuniquetoeachserver,andtheBIOSsettingsmaybedifferentaswell.Thus,it’sdefinitelysafetosaythattheseseeminglyidenticalserversareactuallyverydifferent,indeed!Butwhydowecare?

UpgradingorReplacingaServerConsiderthatit’snotuncommonforpeopletowanttoupgradeorreplaceaserverinadatacenter.Let’ssaythatoneofthoseserverswejustreferredtoexperiencesacatastrophicfailureanddies.Noproblem,right?We’lljustrunoutandbuyanotherACME100VXwiththeexactsamehardwareastherecentlydeceased,plugitintotheexactsameports,andcrossourfingers!

Holdingourbreath,wewatchnervouslyasournewserverstartstoboot.Itstopsbecauseitcan’tfindthedisk.Inahuff,wethinkaboutthisforawhileuntilwerememberthatwehavetoconfiguretheHBABIOSwiththecorrecttargetforourSAN.Yet,afteraquickrebootoftheserverandreconfigurationoftheHBABIOSwiththecorrectSANsettingresults,it’sstillnotworking!Oneahamomentlater,werealizethatourWWPNhaschanged,sowedecidethatithastobethezoningontheMDSswitchthat’sstoppingus.WecalltheMDSadministratortoreconfigurethezoningwithournewWWPN,butwe’restilldeadinthewater.

Sowecallthestoragearrayadministratortodiscussthesituation.TheadministratorremindsusthatwehavetoremaskthestoragearraytoallowtheserverwiththenewWWPNtoconnecttothecorrectLUNs.Finally,ourserverbootsupandtheoperatingsystemloads—sweetsuccess!

Toverifythings,wetrytopingsomething,butwefindthatwecannotping

Toverifythings,wetrytopingsomething,butwefindthatwecannotpinganythinganywhereonthenetwork—rats!WeaskthenetworkadministratortochangeportsecuritysothatournewMACaddresswillbeallowedontothenetwork.Nowouroperatingsystemisbooted,andwe’regoodtoaccessthenetwork….

Ornot!Hittingyetanothersnag,theOStellsusthatthisserverisn’tlicensedandneedstobeactivated.AlittleresearchtellsusthattheUUIDisusedforsoftwareactivation,andsinceourshaschanged,wehavetoreactivateit.Sowefixthatandnowwereallyandtrulyareupandrunning—lifeisgood!Intoday’svirtualizedenvironmentwithasmanyas100virtualmachinesormoreonaphysicalserver,replacingthehardwarecanbeveryexpensiveandtimeconsuming.

Meanwhile,acrosstown,anotheradministratorisreplacingaCiscoUCSserverwithanewone.Theadministratorsimplyplugsinthenewserver,clicksacoupleofthingsintheGUI,andeverythingworkswonderfully.Howcanthisbe?What’sdifferent?

StatelessComputingWhatifwetoldyouthatCiscomakesanetworkcardthatdoesnothaveaMACaddress?Iknowitseemsodd,butit’scompletelytrue—thesecardsdonothaveauniqueidentityuntiloneisactuallyassignedbyanadministrator!Thismakesreplacingoneofthesecardsreallyeasy.Justremovetheoldcard,putinthenewcard,andgiveitthesameaddressthatthepreviouscardhad.Thiswholeconceptofhardwarenothavingaburnedorfixedidentityisthefundamentalideabehindstatelesscomputing.

Statelesscomputingallowsidentificationinformationtraditionallythoughtofasbeingpartofthehardwareinsteadtobeabstractedand,therefore,changeable.Thethingsthatmakeaserverunique—theMACaddress,WWNN,WWPN,UUID,VSAN,VLAN,vHBA,vNICs,andsoon—arenolongerdependentonthephysicalserver;they’redependentonthesettingsappliedtothatphysicalserverinstead!Thisisanimportantinnovation,solet’stakeadeeperlookintohowitworks.

ServiceProfilesAserviceprofileiscreatedinsoftwareontheUCSManager,anditiscomposedofallofthecharacteristicsthatuniquelydefineaserver.That’sright—everybitofidentityinformationlikeMAC,WWPN,WWNN,UUID,vHBA,andvNICs

isneatlystoredwithintheserviceprofile,includingconnectivityinformation.ThepoliciesthatgovernthebehavioroftheservermakeupthefinalpartofaUCSserviceprofile.

Thus,justbecauseyouhaveagorgeousnewCiscoUCSbladeserverwithcoolvirtualinterfacecardsinstalledinthechassis,itdoesn’tmeanthatyou’regoodtogo.Nope—yousimplywon’tgetittoworkuntilaserviceprofileiscreatedandassignedtoit.AssigningaserviceprofiletoaUCSserverisknownasassociation,ortheprocessthatcollectsallofthesettingsdefinedintheserviceprofileandappliesthemtothephysicalbladeitself.

Asyoucanimagine,serviceprofilesgiveyousomeamazingbenefits.Yougettopreconfigureserviceprofilesbeforethebladesevenarriveorbuildserviceprofilestoallowforfutureexpansion.Ifabladefails,simplydisassociatetheserviceprofilefromthefailedblade,associateitwithafunctioningblade,andpresto!Thenewbladebecomesanexactreplacementfortheoldone.Ifyouwanttoupgradeaserver,yousimplyinstallthenewbladeintothechassis,disassociatetheserviceprofilefromtheoldblade,andassociateitwithyournew,morepowerfulserver—prettyslick!

Evenso,therearestillacoupleofimportantthingsthatyouneedknowaboutthisprocess.First,whileyou’redisassociatingandassociatingtheserver,itwillpredictablybedown.Second,therelationshipbetweenbladesandserviceprofilesisonetoone.Serviceprofilesactuallyturnserversintoeasilyreplaceablecommodities!

AssigningAddressesSoasyoucansee,serviceprofilesareagreatinnovationthatmakesmanaginginfrastructureabundantlyeasier!Butbeforeweshowyouhowtocreatethem,youneedtounderstandhowserviceprofilesacquireaddresseslikeWWPN,WWNN,UUID,vHBA,vNICs,andMAC.Thisprocesshappensviaoneofthreebasicways:derived,manual,andpools,withderivedbeingthedefault.

Understandthattheunderlyinghardware’sMACaddresswillbesourcediftheserviceprofileisconfiguredtouseaderivedaddress.Thisisbadbecausevirtualinterfacecardsdon’thaveaburned-inMAC,WWPN,orWWPN,meaningaserviceprofileconfiguredwithaderivedaddresswon’tbeabletoassociatetoabladewithavirtualinterfacecardatall.Plus,ifyoumoveserviceprofilesfromonebladetoanother,theaddresseswillchangebecausetheunderlyinghardwareaddresseshavechanged,totallyblowingupthewholeideaofstatelessprofilesbeingindependentofunderlyinghardware!Nowyou’vebeenwarned—justdon’tgowiththedefaultderivedaddresssettingwhenyoucreateaservice

don’tgowiththedefaultderivedaddresssettingwhenyoucreateaserviceprofile—ever.

Predictably,manualaddressesareenteredintoaserviceprofilebyadministrators,andit’scommonpracticetousetheminasmallenvironment,especiallyforSANaddresses.Justbecausemostofusdon’tcarewhichMACaddressorUUIDaddressagivenserverhas,astorageadministratordefinitelydoescareabouttheWWPNandWWNNbeingused!

Evenso,CiscoreallydesignedtheUCSsystemtoscaleuptohugedeployments,andmanuallyassigningaddressesinbigplacesisunmitigatedtorture.ThisiswhereCiscoUCSidentitypoolscomeintoplay.

CreatingIdentityPoolsIdentitypoolsallowyoutocreatearangeofaddressesandprovidethemtoserviceprofilesasneeded.Thiscapabilitystreamlinesaddressdeployment,whilepermittingserviceprofilestomaintaintheiridentitywhenbeingmovedfromonephysicalbladetoanother.ThefourtypesofidentitypoolsusedmostoftenareMAC,UUID,WWPN,andWWNN.AserviceprofilecantellanetworkinterfacecardtopointtoaMACpoolandacquireanavailableaddressfromit,whichprettymuchensuresthateachaddress’sgivenidentityisunique.

UUIDsare128-bitnumbers,whichuniquelyidentifyaserverandareusuallystoredintheBIOS.They’reoftenusedbydigitalrightsmanagementsoftwaretopreventpiracyandtoensureproperlicensing.TheUCSsystemallowsforeithermanualconfigurationorusingpoolsthatallowdynamicassignmentofUUIDs.Toenablethemovementbetweenservers,theprofilesdecoupletheUUIDfromthehardwareandmoveitfromthefailedservertothereplacementserver.CheckoutthepoolofUUIDaddressesthatwe’vecreatedinFigure8.8,beingsuretonotethatweallowedforatleastoneaddressperserver.

FIGURE8.8CreatingaUUIDpool

MACaddresspoolscansupplyaddressestotheservers’networkinterfacecard.Whenformingthesepools,makesurethatyoucreateenoughtosupplyeveryoneofyourNICs.InthepoolshowninFigure8.9,youcanseethattheOUIpartoftheMACaddressis00:25:B5,whichidentifiestheadapterasbeingpartofCiscoUCS.

FIGURE8.9CreatingaMACaddresspool

YoucreateWWPNandWWNNpoolsinexactlythesameway,evendowntousingthesamedialogboxes,asshowninFigure8.10.ThesepoolsareusedtosupplyappropriateSANaddressingtotheserverHBAandHBAports.InnewerversionsofUCS,youcanactuallycreateaconsolidatedpoolcalledaWWxNpool,whichcansupplyeithertypeofaddress—nice!

FIGURE8.10CreatingaWWNNpool

Nowthatwehavethesefourpoolssetup,we’realmostreadytostartcreatingserviceprofiles.Rememberthatserviceprofilesarelogicaldefinitionsofservercharacteristicsandthattheymustbeappliedtoanactualbladetofunction.Therearefourwaystoassociateaserviceprofilewithaphysicalcomputernode,asshowninFigure8.11.

FIGURE8.11Serviceprofileassociationmethods

ThedefaultwayofassigningaserverisAssignLater,whichisself-explanatory.Thesecondwayistopre-provisionaslottouseinthefuturesothatwhenyouwanttoputaserverbladeintoservice,theslotandwillautomaticallybeassociatedwithyourready-madeserviceprofile.Thethirdoptionistoselectanexistingservertobringupacompletelistofalloftheavailableserverspopulatingthesystemandtopickoneofthem.Butthelast,andCiscopreferred,wayofdoingthisistouseserverpools.

Aserverpoolisacollectionofserversthatyoucaneitherplacemanuallyintothepool,asshowninFigure8.12,orhaveassignedautomaticallybasedonpolicies.It’simportanttorememberthatasinglebladeservercanbeamemberofmultiplepoolsatthesametime.Whenaserviceprofileisassociatedwithaserverpool,anavailablebladeisselectedfromthepool,thereuponbecomingunavailabletootherserviceprofiles.

FIGURE8.12Manuallyassigningserverstoaserverpool

Afterallofthetimethatwe’vespentontalkingaboutpoolsandwhatserviceprofilescando,we’refinallygettingtothefunpart,thatis,creatingserviceprofiles!

CreatingServiceProfilesAtfirstglance,itlookslikeyoucanjustright-clickServiceProfilestocreateoneinUCSManager.However,whenyoudothat,yougetpromptedwiththefouroptionsshowninFigure8.13.Theseoptionsgiveyoutheopportunitytocreateaserviceprofilemanuallyinexpertorsimplemode,aswellasofferyoutheoptiontocreateasingleprofileorawholebunchofthembasedonatemplate.

FIGURE8.13Serviceprofilecreationoptions

Ifyouchoosetogowithcreatingaserviceprofileviasimplemode,asinglewindowwillappearforyoutofillintheinformation,asshowninFigure8.14.Whilesimplemodeiscertainlyjustthat,itdoesn’tletyouplaywithalloftheavailableoptions.ThisisOK,becauseyoucanalwaysgobackintotheprofilelaterandtightenthingsupnicely.

FIGURE8.14Simpleprofilecreation

Ifyouwanttodiverightintoexpertmode,however,you’llgetatotalofninedifferentscreens,whichthewizardwillwalkyouthrough.AsshowninFigure8.15,thesescreenspavethewayforadetailed,preciseconfigurationofLAN,SAN,policies,boot,andeverythingelsethatyoucandreamof.Expertmodeisthemostcommonwaypeoplecreateserviceprofiles.Onceyou’veconfiguredandoptimizedtheprofile,you’rereadyforthenextsection.

FIGURE8.15Expertprofilecreation

CreatingServiceProfileTemplatesWithalloftheglow,polish,andshinethatexpertmodeprovides,managingyourprofileswouldbecomequiteachoreifyouhad,say,64serverblades,right?Thisisexactlywhyyouwillloveserviceprofiletemplates!Thesebeautiesletyoueasilycreateanentireswarmofserviceprofiles,andyoucanbringthemintobeingtwodifferentways:fromscratch,whichessentiallymirrorstheprocessofcreatingaserviceprofile,orbytakinganexistingserviceprofileandcreatingatemplatefromit,asshowninFigure8.16.Makeamentalnotethatagoodserviceprofiletemplateshouldalwaysbeconfiguredtouseidentitypools,sothattheserviceprofilecreatedfromitcanhaveuniqueaddresses!

FIGURE8.16Creatingaserviceprofiletemplate

Byfarthebiggestdecisionyou’llmakewhenyoucreateatemplateiswhethertomakeitanupdatingtemplateoraninitialtemplate.GoingwiththeUpdatingTemplateoptionmeansthatitwillmaintainarelationshipwiththeserviceprofilescreatedfromit,sothatifitischangedlateron,anyprofilescreatedfromitwillalsobechanged.Anongoingrelationshiplikethiswillnotbemaintainedfromaninitialtemplatetotheserviceprofilescreatedfromit.

Oncethetemplateiscreated,justright-clickittocreatemultipleserviceprofiles.Youmustprovidethebasenamefortheserviceprofileandthenumberthatyouwantcreated,asdemonstratedinFigure8.17.

FIGURE8.17Creatingserviceprofilesfromatemplate

UCSwillcreatealloftheserviceprofilesbasedonthistemplate.Presumingthatwe’redealingwithpools,thisiswherethemagicreallykicksin.Viapools,eachnewserviceprofilegrabsavailableMAC,UUID,WWPN,andWWNNaddressesfromthepools.Theserviceprofilethenfindsanavailablebladeintheserverpoolwithwhichitisassociatedandpoof—you’reupandrunning!Figure8.18listssomeserviceprofilescreatedfromaserviceprofiletemplate.

FIGURE8.18Serviceprofilescreatedfromatemplate

StudyWhyBotherwithTemplates?

Notallthatlongago,Iwasworkingwithacompanythatmanufactureslunchmeat.ThesefolkshaddecidedtogowithCiscoUCSbecausetheyhadasmallITdepartmentandwantedasystemtheycould“setandforget.”TheinitialdeploymentwasaNexus5108chassiswithfourB200blades.TheoperatingsystemwasESX.

Afterthesystemwasdeliveredandrackmounted,Ivisitedthecompanytodotheconfiguration.ThestaffknewVMwareaswellasVMwaredoes,buttheywerenewbiestoUCS,sowebuiltaserviceprofileforthefirstbladetogetherandspentlotsoftimemakingsurethatitwasconfiguredcorrectly.Webootedthefirstserver,installedESXontheNetAppstoragearray,andpresto—wehadonebladeupandrunning.

ThestoragearrayadministratorduplicatedtheLUNwithESXinstalledonitsevenmoretimes.Wethencreatedatemplatebasedonthatserviceprofileandmadesevenserviceprofiles.Weassociatedthreeoftheserviceprofileswiththeexistingblades.ThebladesbootedESX,andweconnectedwithKVMandsetthecorrectIPaddressforeach.TheneachserverwasaddedtothevCenterserver.

Eventhougheverythingcameupandallfourbladeswererunning,weweren’tfinishedyetbecausetheITstaffplannedonaddingfourmoreB200bladesthenextyear.Sowetooktheremainingserviceprofilesandassociatedthemwithemptyslots,readytoreceiveabladewheneverthetimecame.Thiswasagoodthing,becausebarelysixmonthslatertheyhadtwomoreB200bladesdeliveredandwantedtoinstallthem.Theyreallydidn’treallyneedanyfurtherhelpbecausetheycouldsimplyslidethebladesintothechassis.ThebladesbooteduptoESX,andtheychangedtheIPaddressesandaddedthemintovCenterwithoutevenloggingintoUCSManager!

So,asyoucansee,youcansaveaboatloadoftimeandtroubleviaserviceprofiletemplatesandpredeployment,somakesureyoubillbytheproject,notbythehour!

Well,finally,hereweare,theproudcreatorsofahealthyUCScluster,configuredandreadyforoperation.KeepinmindthatthiswasmoreofanoverviewofUCS,sincethesystemcandosomuchmore.We’vecoveredenoughforyoutogetasystemupandrunning,andwe’vegivenyoutheinformationthatyouneedtomeettheCiscoobjectives.Nevertheless,we’rereallyjustgettingstarted!

SummaryYoulearnedthenutsandboltsofdeployingaUCSsysteminthischapter.Wediscussedcablingthesystemandtheinitialconfigurationdialog.YounowknowthatUCSCLIisverydifferentfromtheIOSworld,andyoulearnedhowtoverifythattheclusterisoperationalandhowtoperformsomebasicconfigurationinthisnewrealm.

TheUCSManagermadeeverythingseemsoeasy!Thefinitestatemachinemonitoredtheprocessesastheyoccurred.YoudiscoveredhowtocreateUUID,MAC,WWPN,WWNN,andthevitalserverpools.Youobservedhowserviceprofilesabstractedthehardware-basedidentificationintoalogicalsoftware-basedidentification,andyoufoundouthowserviceprofiletemplatessupportanefficientwaytodeployalargenumberofserviceprofiles.

ExamEssentialsDescribetheCiscoUCSproductfamily.

FabricinterconnectsarethekeytotheUCScluster.ThesedevicesmaintainthedatabasefortheclusterandhandleEthernetandFibreChanneltraffic.TheUCSManagerishostedonthefabricinterconnects.

DescribetheCiscoUCSManager.

UCSManagerisanXMLinterfacethatcanbeaccessedviatheCLIorGUI.TheentiresystemandallconnectedUCSdevicescanbecontrolledfromthissingleinterface.

Describe,configure,andverifyclusterconfiguration.

Theinitialsetupscriptconfigurestheadministratorpasswordandenoughbasicoptionstoputthefabricinterconnectonthenetwork.FromtheCLI,youcanverifyclusteroperation.

Describeandverifydiscoveryoperation.

UCSautomaticallydetectswhennewhardwarehasbeenaddedtothesystem.Thediscoveryprocessismanagedbythefinitestatemachine,interrogatesthenewhardware,andplacestheresultsintotheUCSManagerdatabase.

Performinitialsetup.

Theinitialsetupisstartedfromtheconsoleportofoneofthefabricinterconnects.Passwords,IPaddresses,andotherbasicsettingsareconfigured.

interconnects.Passwords,IPaddresses,andotherbasicsettingsareconfigured.Aftersetup,theconfigurationissavedandthefabricinterconnectisoperational.

DescribethekeyfeaturesoftheCiscoUCSManager.

UCSManagerisaJavaapplicationthatprovideseasyconfigurationandmanagementofequipment,serviceprofiles,LAN,SAN,andadministrativesettings.

WrittenLab81. YoucanfindtheanswersinAppendixA.1.Writeoutthecommandor

commandsforthefollowingquestions:

A. IntheUCSCLI,whatcommandmovesyoutotherootofthehierarchy?

B. IntheUCSCLI,whatcommandverifiestheclusterstate?

C. IntheUCSCLI,whatcommandsaveschangesmadewiththesetcommand?

D. IntheUCSCLI,whatcommandsetsthefabricinterconnect’sphysicalIPaddress?

E. IntheUCSCLI,whatcommandallowsyoutoviewthecurrentconfiguration?

Chapter8:Hands-OnLabsInthefollowingHands-OnLabs,youwillusetheCiscoUCSemulatortocompletevariousexercises.

Hands-OnLab8.1:InstallingtheUCSEmulatorInthislab,youwillinstalltheUCSemulatoronyourlaptop/desktop:

1. TheCiscoUCSemulatorislocatedathttp://developer.cisco.com.Youmayneedtocreateanaccounttodownloadtheemulator.Ifyousearchfor“CiscoUCSemulator,”yoursearchenginewilltakeyoutotherightplace.Atthetimeofthiswriting,thedirectlinkishttp://developer.cisco.com/web/unifiedcomputing/ucsemulatordownload.

2. Locatethedocumentationonthissite,andopenthePDF.Theemulatorrunsasavirtualmachine,anditrequiresvirtualizationsoftware.Ifyoudonothaveany,locateanddownloadtheVMwareWorkstationPlayer,whichisfree.

3. InstallandlaunchtheemulatorasinstructedinthePDF.Thissoftwareisupdatedfrequently,soitisbesttofollowtheonlineinstructions.Beaware,however,thatitdoestakequiteawhiletobootthefirsttime.

4. OpenyourwebbrowsertotheIPaddressshowninthevirtualmachine.

5. LaunchtheUCSGUIandloginwithusernameAdminandpasswordAdmin.

Hands-OnLab8.2:CreatingaUUIDAddressPoolInthislab,youwillcreateaUUIDaddresspoolthatwilllaterbeassignedtoaserviceprofile:

1. IntheleftpaneoftheUCSManager,clicktheServerstab.

2. ChangetheFilterdrop-downmenutoPools,sothatonlyPoolsareshown.

3. Right-clickUUIDSuffixPools,andselectCreateUUIDSuffixPools.

4. NamethepoolMy_UUID_Pool,andclickNext.

5. ClicktheAddbuttontocreateablockofUUIDsuffixes.

6. Changethesizeto20toallowplentyofaddresses.ClickOKandthenFinish.Adialogboxwillappearindicatingthatyouhavecreatedapool.

ClickOK.

7. YoushouldnowseeyourUUIDaddresspool.

Hands-OnLab8.3:CreatingaMACAddressPoolInthislab,youwillcreateaMACaddresspoolthatwilllaterbeassignedtoaserviceprofile:

1. IntheleftpaneoftheUCSManager,clicktheLANtab.

2. ChangetheFilterdrop-downmenutoPools,sothatonlyPoolsareshown.

3. Right-clickMACPools,andselectCreateMACPools.

4. NamethepoolMy_MAC_Pool,andclickNext.

5. ClicktheAddbuttontocreateablockofMACaddresses.

6. Changethesizeto20toallowplentyofaddresses.ClickOKandthenFinish.Adialogboxwillappearindicatingthatyouhavecreatedapool.ClickOK.

7. YoushouldnowseeyourMACaddresspool.

Hands-OnLab8.4:CreatingaSimpleServiceProfileInthislab,youwillcreateasimpleprofile.

1. IntheleftpaneoftheUCSManager,clicktheServerstab.ChangetheFilterdrop-downmenutoServiceProfiles,sothatonlyserviceprofilesareshown.

2. Right-clickCreateServiceProfile,andselectCreateServiceProfile(theonewithouttheexpertafterit).

3. NametheserviceprofileMy_Service_Profile.

4. UndervHBAs,uncheckPrimaryvHBAandSecondaryvHBA.

5. InthePrimaryBootDevicearea,selectCD-ROM.FortheSecondaryBootDeviceselectlocal-disk.

6. ClickOK,andyouwillreceiveamessagethataserviceprofilehasbeencreated.ClickOKagain.

7. Right-clickyourserviceprofile,andselectChangeUUID.FromtheUUIDAssignmentoptionsdrop-down,selecttheUUIDpoolthatyoucreated.ClickOK.

8. Clickyourserviceprofile,andthenselecttheNetworktabintherightwindow.

9. SelectvNICeth0,andclickModify.IntheMACaddressAssignmentdrop-down,selectthepoolthatyoucreated.ClickOK,andrepeattheprocessforvNICeth1.ClicktheSaveChangesbutton.YoushouldseetheMACaddresseschange.

10. Right-clickyourserviceprofile,andselectSetDesiredPowerState.SelectDown,andclickOK.

Hands-OnLab8.5:CreatinganAssociateServiceProfileInthislab,youwillassociateyourserviceprofilewithablade.Afterassociation,inarealenvironment,youwouldhaveafullyfunctioningserver.

1. IntheleftpaneoftheUCSManager,clicktheServerstab.ChangetheFilterdrop-downmenutoServiceProfiles,sothatonlyserviceprofilesareshown.

2. Right-clickServiceProfile,andselectChangeServiceProfileAssociation.

3. FromtheServerAssignmentdrop-down,selectExistingServer.

4. UnderAvailableServers,selectChassis1Slot1,andclickOK.ThenclickOKagain.

5. IntheleftpaneoftheUCSManager,clicktheEquipmenttab.

6. NavigatetoandselectServer1.

7. Intherightpane,selecttheFSMtableandnotethestepsthatoccurduringassociationuntilitis100percentcomplete.

ReviewQuestionsThefollowingquestionsaredesignedtotestyourunderstandingofthischapter’smaterial.Formoreinformationonhowtoobtainadditionalquestions,pleaseseethisbook’sIntroduction.YoucanfindtheanswersinAppendixB.

1. WhichofthefollowingarebasicstatesofanEthernetinterfaceonaUCSfabricinterconnect?(Choosethree.)

A. Enabled

B. Disabled

C. Uplink

D. Server

E. Unconfigured

2. WhatcanyouuseonaUCSsystemtomonitorthestatetransitionsofcomponentsandprocesses?

A. Servicesmonitor

B. Processmonitor

C. Finitestatemachine

D. Servicemanager

3. Comparedtoserviceprofiles,whatisuniquetoserviceprofiletemplatesforthemtofunctioncorrectly?

A. Identitypools

B. vNIC

C. VSAN

D. Dynamicallocation

4. HowmanypeersdoesaUCSfabricinterconnectclustersupport?

A. Upto2

B. Upto4

C. Upto8

D. Upto32

5. WhatarethreeoftheconfigurationtabsinthenavigationpaneintheUCSManagerGUI?

A. VLAN

B. LAN

C. VSAN

D. Equipment

E. Admin

6. WhichmethodcannotbeusedtoconfigureaUCSsystem?

A. XMLAPI

B. CIM-XML

C. UCSManagerGUI

D. UCSManagerCLI

7. WhatisthecorrectmethodforcablingtheL1andL2portsonthefabricinterconnectsonaUCSclusters?

A. Category5crossovercables

B. L1toL1andL2toL2

C. L1toL2andL1toL2

D. L1stooneswitch,L2stoanotherswitch

8. Duringtheinitialsetupscript,whatarethetwoinstallationmethodsavailable?

A. CLI

B. Console

C. SNMP

D. SMTP

E. GUI

9. WhichofthefollowingdoestheFSMmonitor?(Choosethree.)

A. Logins

B. Serverdiscovery

C. Backupjobs

D. Firmwaredownloads

E. Heartbeats

10. WhensettingupaUCSfabricinterconnect,whattwomodesareoffered?

A. FileorCLI

B. Restoreorsetup

C. Recoveryorboot

D. Automaticormanual

11. WhatcommandwouldtellyouiftheUCSclusterisfunctioning?

A. showhastate

B. showclusterextended-state

C. showfistate

D. showstatecluster

12. WhatcommanddoyouusebeforesettingthevirtualIPaddressonthefabricinterconnect?

A. scopesystem

B. cdsystem

C. cd.\system

D. commitsystem

13. WhatcommandsaveschangesmadewithinthefabricinterconnectUCSManagerCLI?

A. save

B. write

C. copyrunstart

D. commit

14. WhatuniquelyidentifiestheserverinUCS?

A. BIOSID

B. UUID

C. SID

D. MAC

15. Whattypeoftemplatemaintainsarelationshiptoallserviceprofilescreatedfromit?

A. Permanent

B. Initial

C. Updating

D. Parent

16. Allbladeserverconfigurationsaredonewhere?

A. OntheBseriesservers

B. BIOS

C. Serviceprofiles

D. Policies

17. Whichofthefollowingallowsforremotecontrolofaserver?

A. XML

B. KVM

C. SMASHCLP

D. UCS

18. Identitypoolscontainwhichofthefollowing?

A. Rangesofaddresses

B. Servergroupings

C. UUIDandMAC

D. Finitestatemachinestatus

19. Instatelesscomputing,hardwareidentifiersareappliedwhere?

A. Serverpools

B. XMP

C. WWPN

D. Serviceprofiles

20. Storagepoolscontainwhichofthefollowing?(Choosetwo.)

A. WWPN

B. UUID

C. LUN

D. WWNN

AppendixAAnswerstoWrittenLabs

Chapter1:DataCenterNetworkingPrinciples1.

A. vPCpeerkeepalive

B. vPCpeerlink

C. vPCportchannel

Chapter2:NetworkingProducts1. A,C

2. D,F

3. A,F

4. B,E

Chapter3:StorageNetworkingPrinciples1.

A. N_Port

B. F_Port

C. E_Port

D. N_Port

2.

A. Initiator

B. Target

3.

A. FCoE

B. FibreChannel

C. Ethernet

Chapter4:DataCenterNetworkServices1. AloadbalancerallowsasingleIPaddresstobeadvertisedbyDNSservers

totheInternetandmultipleserverssittingbehindit.Forexample,asinglewebsitecanbeservicedbymanyrealserversconnectedtoaloadbalancerforscalabilityandfaulttolerance.

2. Round-robin,leaseloaded,andhashing.Round-robinassignsincomingconnectionstorealserversinasequentialmanner;leastloadedchecksthenumberofconnectionseachrealserverisservicingandassignsincomingconnectionrequeststotheserverwiththeleastnumberofconnections.Hashingallowsanincomingusertoalwaysconnecttothesameserverbyapplyingahashingalgorithmtoensurethattheclientrequestsareconnectedtothesamerealserver.Responsetimeteststherealserverstoseewhichhasthefastestresponsetime,anditassignsincomingconnectionstothatserver.

3. SincealoadbalancerisplacedbetweenincomingInternettraffic,ACEloadbalancerscanbedeployedinpairsforredundancyandloadsharingusingaprocesscalledhighavailability.

4. CiscoDeviceManagerisagraphicaluserinterfacethatallowsconfigurationandmonitoringoftheACEloadbalancerwithoutusingthecommand-lineinterface.

5. GSLBallowsdatacenterfaulttolerance,anditcanredirectInternettraffictoasecondarydatacentershouldtheprimaryonebecomeunavailable.Italsomaintainsgeographicalproximitybydirectingincomingconnectionrequeststothenearestdatacenter,whichsavesWANbandwidthandimprovesresponsetimes.

6. WAASmaximizesWANbandwidthtoremotebranchofficesbyoptimizingtrafficoverthenetworkusingcaching,compression,andTCPheadermanipulation.

Chapter5:Nexus1000V1. Standard

2. showsvsconnections

3. showmodules

4. VSM

5. stateenabled

6. Control

7. True

8. VEM

9. vMotionfails

10. VirtualNIC

Chapter6:UnifiedFabric1. N5K-1(config)#featurefex

2. N5K-1#showfeature|includefexN5K-1#fex1enabled

3. N5k-1(config)#fex100

4. N5K-1(config)#intethernet1/1,ethernet1/21

N5k-1(config-if)#switchportN5k-1(config-if)#switchportmodefex-fabricN5k-1(config-if)#channel-group100

5. N5k-1(config)#interfaceport-channel100

N5k-1(config-if)#fexassociate100

N5k-1#showruninterfaceport-channel100

interfaceport-channel100

switchportmodefex-fabricfexassociate100

6. N5k-1#showruninterfaceeth1/1

interfaceEthernet1/1

switchportmodefex-fabricfexassociate100

channel-group100

Verifytheconfiguration:N5k-1#showruninterfaceeth1/21

interfaceEthernet1/21

switchportmodefex-fabricfexassociate100

channel-group100

Chapter7:CiscoUCSPrinciples1.

A. Theconsoleportisaserialportusedforout-of-bandconfiguration.

B. ThemanagementportisadedicatedEthernetportthatallowsforremoteout-of-bandconfiguration.

C. TheL1/L2portsareusedformanagementtrafficandheartbeats.

2.

A. Non-virtualized

B. Virtualized

C. Non-virtualized

D. Virtualized

3.

TheB420M3ortheB440M2wouldmeettherequirements.Thetwoadditionalpointsthatwouldhelpdeterminewhichisbettersuitedtotheproblemarebandwidthneedsandfuturememoryexpansion.

4.

Apairoffabricinterconnectscanmanageupto40chassis,sotwofabricinterconnectswouldbeneededinthisscenario.Sinceachassishaseighthalf-widthslots,aminimumoffour8-slotchassiswouldberequiredfor32servers.Anyavailablehalf-widthservercanbeused,includingtheB22,B200,andB230.

5.

TheCMCaidsinthediscoveryofchassisandcomponentsandalsomonitorschassissensors.TheCiscoIntegratedManagementController(CIMC)providesKVM,IPMI,andSOL.

Chapter8:CiscoUCSConfiguration1. top

2. showclusterextended-state

3. commit

4. setout-of-bandip

5. showconfiguration

AppendixBAnswerstoReviewQuestions

Chapter1:DataCenterNetworkingPrinciples

1. B.TheAggregationlayerhostsmanynetworkservicessuchasaccesscontrollists,monitoringandsecuritydevices,aswellastroubleshootingtools,networkacceleration,andload-balancingservicemodules.TheAggregationlayerissometimesreferredtoastheServiceslayer.

2. C,D.VirtualPortChannelsallowportchannelstospanmultipleswitchesforadditionalredundancyandareanNX-OSfeatureoftheNexus5000and7000seriesswitches.

3. B.ThevPCpeerlinkinterconnectstwoNexusswitchesconfiguredwithvirtualPortChannelsinasingledomain.DataplanetrafficthattraversesthesetwoswitchesusesthevPCpeerlink.

4. A.FabricmodulesinsertedintotheNexus7000chassistoallowincrementalbandwidthperslotforeachlivecardareneededtoscalethedataplanebandwidthonaNexus7000.

5. E.TheDistributionlayersitsbetweentheAccessLayer,wheretheserverfarmsconnect,andthehigh-speedCore.Servicessuchasmonitoring,routing,andsecurityandloadbalancingareconnectedattheAggregationlayer.

6. C.TheAccesslayeriswheretheendpointisderived,suchasserversconnectedtothenetwork,anditiswherethequalityofservicemarkingsareappliedtotheincomingdataframes.

7. D.WhenconfiguringtheinitialsetupdialogontheNexus7000thedefaultinterfacestateoflayer2switchingorlayer3routingmustbespecified.

8. D.Virtualdevicecontextsareusedtocreateoneormorelogicalswitchesfromasinglephysicalswitch.

9. C,D.TheAggregationlayerprovidesservicessuchasfirewalls,intrusiondetection,andloadbalancing,aswellasaccesscontrol.QoSmarkingisfoundontheAccesslayerofthenetworkandhigh-speedswitchingisatthe

Core.

10. A,D.Inacollapsedbackbonetopology,theAggregationlayeriscollapsedintotheCorelayer.

11. A.TheCorelayerinterconnectstheDistributionlayerswitches,anditisdesignedforhigh-speedpacketswitching.

12. B,C,D.DynamicportchannelnegotiationisperformedbytheLinkAggregationControlProtocol(LACP)andcanalsobestaticallyconfigured.PaGPisaCiscoproprietarylinkaggregationprotocol,anditisnotsupported.VirtualPortChannelsareatypeofcross-chassisportchannel.

13. A,B.ANexus7000seriesswitchcanbevirtualizedintoseveraldistinctvirtualswitchesbyimplementingvirtualdevicecontexts.WhenaNexus7000switchisrunningmultipleVDCs,itcanbeconfiguredtothecollapsedcoremodel.

14. B,D.OTVisusedtooverlayanetworkbyextendingVLANsacrossaroutednetworkandtointerconnectdatacenters.

15. C.ControlPlanePolicing,orCoPP,isabuilt-inprotectionmechanisminNX-OSusedtoprotectthecontrolplanefromdenial-of-serviceattacks.CoPPprovidessecuritybyrate-limitingtrafficfromtheoutsideasitentersthecontrolplane.

16. B,D.FabricPathisaSpanningTreereplacementprotocolthatallowsmultilinkshortest-pathswitchingbetweenNexusswitches.

17. A,C,D.ThestoragestandardforinterconnectingharddrivesandstorageadaptersisSCSI,anditisencapsulatedinFibreChannel,FibreChanneloverEthernet,andiSCSIfortransportacrosstheNexusswitchingfabric.

18. D.AvirtualPortChannelcreatesasingleportchannelbetweentwoNexusswitchesthatappearstotheconnectedswitchorserverasasingledeviceforfastfailoverandredundancy.

19. B,C.Themodularapproachtonetworkingcreatesastructuredenvironmentthateasestroubleshooting,fosterspredictability,andincreasesperformance.Thecommonarchitectureallowsastandarddesignapproachthatcanbereplicatedasthedatacenternetworkexpands.

20. C.ByconvergingtheLANandSANintoasingleswitchingfabric,lessequipmentisneeded,whichsavesoncabling,power,andcoolinginthedatacenter.

Chapter2:NetworkingProducts1. B,C.The2232PPandthe2248TPcanuseaNexus5000oraNexus7000as

aparentswitch.

2. B.FCoEissupportedontheNexus2232TPfabricextender.

3. B,D.TheNexus7000seriesandtheNexus5500seriessupportLayer3switching.

4. D.Theunifiedcrossbarfabricprovidesaredundantscalabledataplane.

5. A.The2148Tdoesnotsupport100Mbaccessspeed.

6. B.The2248Tisasecond-generationcard,anditsupportsboth100Mband1Gbaccessspeeds.

7. B,C,E,F.The2184Tdoesnotsupporthostchannels,andthe2248Edoesnotexist.

8. A,B,F.Typically,the48-portfabricextendershavefour10GEfabricconnections.

9. A,F.Duringsetup,youspecifywhetherinterfacesdefaulttoLayer2orLayer3andwhethertheydefaulttoshutdownorenabledstate.

10. D.Ifyouenableanunlicensedfeature,youcanuseitfor120days.

11. C.ThemanagementinterfaceisinthemanagementVRF.

12. B.Eightappliancescanbepartofahigh-availabilitymesh.

13. A.Asimpleround-robinalgorithmisusedontheACE4710bydefault.

14. D.The5010isstrictlyaLayer2switch.

15. C.Theshowlicensehost-idcommandwillgiveyoutheserialnumber.

16. B,D.UniversalportssupportbothFibreChannelandEthernetSFPs.

17. B,C.End-of-rowarchitectureshaveahigh-densityinterfaceforserverconnectionsintherowandasinglemanagementinterface.

18. D.The9222iisamemberoftheMDSfamilythatisafixedconfigurationSANswitch.

19. C.TheNexus1000Visasoftware-onlyvirtualswitchthatcanbeoperatedwithVMwaretosupportconnectionstovirtualservers.

20. D.TheNexus9000isdesignedtosupportSDN.

Chapter3:StorageNetworkingPrinciples1. C.Thehostbusadapterisinstalledintheserver,anditencapsulatesthe

server’sSCSIrequestinsidetheFibreChannelprotocolandconnectstoaSAN.

2. B,C.TheconvergedfabricinamoderndatacentercombinesboththeEthernetLANtrafficandFibreChannelSANtrafficontoacommonswitchingfabric.

3. D.EachMDSswitchmusthaveitsownuniquedomainIDthatisusuallyanumberbetween1and255.ThedomainIDmustnotbeduplicatedintheSANfabric,anditisusedtoidentifythatparticularMDSswitchinthenetwork.

4. C.iSCSIencapsulatestheSCSIcommandsintoaTCP/IPpacketthatcanberoutedacrossanEthernetnetwork.

5. A,D.WhenyouperformtheinitialsetupoftheMDS9000switches,aseriesofquestionsisaskedandyouareallowedtomakechangestothedefaults.Thedefaultswitchportmodeisrequired,anditisusuallysetupasanNornodeportandthezonesetisapplied.

6. A,B.CIFSandNFSarepopularfile-basedstorageprotocols.

7. C.AnodeloopportconnectstoaFibreChannelhub.

8. A.Theconnectionisfromanodeporttoafabricport.

9. B.TheFLOGIprocessauthenticatestheattachedserverorstoragedevicetotheSANfabricandregisterstheFibreChannelIDandWorldWideNodeNametotheSANport.

10. C.Zoningisafabric-wideservicethatallowsdefinedhoststoseeandconnectonlytotheLUNstowhichtheyareintendedtoconnect.ZoningsecuritymapshoststoLUNs.Membersthatbelongtoazonecanaccesseachotherbutnottheportsonanotherzone.

11. C.Multiplezonescanbegroupedtogetherintoazoneset.Thiszonesetisthenmadeactiveonthefabric.

12. B.AVSANisavirtualstorageareanetwork,anditoperatesinthesamemannerasaVLANintheEthernetworld.VSANisalogicalSANcreatedonaphysicalSANnetwork.

13. A,C.AJBOD,or“justabunchofdrives,”enclosurewillconnecttoaSANswitchonthestorageend.Ontheserver,ahostbusadapter(HBA)isused.TheACEandLANarenotstorage-basedtechnologies.

14. C,D,E.FibreChanel,iSCSI,andFCoEarepopularblock-basedstorageprotocols.

15. C.TheCiscoMDSdefaultVSANIDis1.

16. D.AVSANcreatesalogicalSANonaphysicalFibreChannelfabricforseparationofSANsonthesamenetwork.

17. D.Theshowvsan<VSANid>membershipglobalcommandshowstheinterfacesassignedtothespecifiedVSAN.

18. D.EachhostbusadapterNportmustlogintothefabricandisregisteredintheFLOGIdatabase.Todeterminewhichhostsareregistered,issuetheshowflogidatabaseglobalcommandontheMDSSANswitch.

19. A.TheSCSIprotocolinitiatorrequestsdatafromthetarget.

20. C.OnanySANfabric,therecanbeonlyoneactivezonesetthatdefinesthezonesrunningonthefabric.Youcanconfigureandstoremultiplezonesets,butonlyonecanbeactiveatatime.

Chapter4:DataCenterNetworkServices1. B.ThepredictoristhemethodtheACEapplianceusestoconnecttraffic

fromthevirtualIPtotherealservers.Theround-robinpredictoristhedefaultmethod.

2. B.Globalloadbalancing(GLB)modifiesDNSresponsesinordertoredirectallconnectionrequestsinEuropetoAmericaduringafailure.

3. A,B,C.GloballoadbalancingallowsforlocalizationofdatathatreducesWANutilization,offersfasterresponsetimes,andprovidesdatacenterredundancy.

4. C.TheCiscoDeviceManagerprovidesagraphicaluserinterfacetoconfigureaCiscoACEloadbalancer.

5. A,B,C.Intrusiondetectionandpreventionsystemsandfirewallsarenetworksecurityservices.

6. B.Hashingisusedtomakesurethatanotherconnectionrequestfromthesamesourcewillreachthesamedestinationserver.

7. C.ServicesmodulessuchastheACE4710,ASAfirewalls,WAAS,andIDS/IPSdevicesareconnectedattheAggregationlayerofthedatacenternetworkingdesignmodel.

8. A,B,C.Byusingvirtualdevicecontexts,asinglepieceofhardwarecanbevirtualizedintomanysystems,therebysavingonrackrealestate,cooling,andpower.

9. A,B,D.Centralizednetworkservicesprovideeaseofmaintenancebynothavingtoinstallspecializedsoftwareonmultipleserverswithdifferentoperatingsystems;itiscentralizedandhasacentralcontrolpoint.

10. C.TheWideAreaApplicationServices(WAAS)productoffersthefeatureslistedforremoteofficeoptimization.

11. C.TheACEloadbalancersallowapplicationservers,suchasthoserunningDNSorFTP,toscalebyloadbalancingincomingrequestsacrossmultipleservers.

12. C.ThevirtualIP,orVIP,istheIPaddressadvertisedinDNS.WhentrafficarrivesattheVIP,itisdistributedacrossmultiplerealserversconnectedtotheloadbalancer.

13. B.Loadbalancersuseprobes,sometimescalledhealthchecks,toverifythattherealserversareactiveandcanacceptconnections.

14. D.TheseservicedevicesresideattheAggregationlayerofthedatacenternetwork,andtheyareusuallygroupedtogetherinablockwithhighavailabilityandredundancy.

15. A,B.SomeoftheservicesthatWAASconsolidatesarestoragecache,compression,headermanipulation,printservices,andDHCPservices.

16. B.TheGlobalSiteSelectorhasadistributeddenial-of-service(DDoS)preventionfeature.

17. C.Firewallsarenetworkservicedevicesthatfilterconnectionsforsecurityonthenetwork.

18. A,C,D.RealserversaredefinedbytheIPaddressandTCPportnumberandarepooledtogether.

19. A,C,D.WAASconsolidatesmanyWANaccelerationtechnologiesintooneproductincludingcompression,DHCP,filecache,andTCPwindowmanipulation.

20. B,C.Active-activeandactive-standbyarethetwomodesofhighavailabilityfortheCiscoACEloadbalancer.

Chapter5:Nexus1000V1. D.ThestateenabledcommandtellstheVSMtosendtheportprofileto

vCenter.

2. B.Thecontrolinterfaceisusedforkeepalivemessages.

3. C.VirtualEthernetModulescanbedisplayedwiththeshowmodulescommand.

4. B.TheshowsvsconnectionscommandcanbeusedtoverifycorrectconfigurationbetweentheVSMandvCenter.

5. A,B,E.AVirtualSupervisorModule,aVirtualEthernetModule,andalicensekeyareneededtodeployaNexus1000V.

6. D.Heartbeatmessagesaresentviathecontrolinterface.

7. C.TheportprofileswillbesenttothevCenterafterthestateenabledcommandisexecuted.

8. A.TheconnectedVirtualEthernetModulescanbedisplayedwiththeshowmodulescommand.

9. D.TheshowsvsconnectionscommandshowsthestatusoftheconnectionbetweenvCenterandVSM.

10. A,D,E.The1000VexceedstheDVSbyincludingfeatureslikeQoSmarking,portsecurity,accesscontrollists,SPAN,andERSPAN.

11. D.TheNexusproductfamilyconsistsofthesoftware-based1000Vvirtualswitch.

12. C,E.TheVMWaredistributedvirtualswitchandtheCiscoNexus1000Vhaveacentralcontrolplaneanddistributedforwardingmodules.

13. A,B,E.ThebaseLayer2virtualswitchthatisincludedwithVMWarehasabasicfeatureset.

14. B,C,E.VMWare’ssoftwareswitchwithasinglecontrolleranddistributedinterfacessupportsAPIsandacentralmanagementserverforalldistributedESXservers.

15. B,C,E.The1000VisavirtualizedNexusrunningthesameNX-OSoperatingsystemasthehardwareNexusversion.Thefeaturesetfoundinthe

stand-aloneNexusswitchesisincludedinthevirtualswitchaswell.

16. B,C,E.TheVirtualEthernetModuleperformsforwardingplanefunctions.

17. B,C,E.1000Vinstallationcomponentsincludetheindustry-standardOpenVirtualizationFormatvirtualmachineimageforexpeditedinstallation.

18. A,C.AdditionalNexus1000VVirtualEthernetModulescanbemanuallyaddedorautomatedusingtheVMWareupdatemanager.

19. A.DuringtheinstallationprocessoftheNexus1000V,thereisanoptiontomigrateconnectionstotheNexusswitch.

20. A,C.TheNexus1000VVirtualSupervisorModulecanberedundantwiththemasterinactivemodeandthebackupinha-standbymode.

Chapter6:UnifiedFabric1. B.Priority-basedFlowControlallowsdatacenterEthernettobealossless

fabric.

2. A.EnhancedTransmissionSelectionprovidesbandwidthmanagementandpriorityselection.

3. D.InanFCoEswitch,thevirtualexpansionportisusedtoconnecttoanotherFCoEswitch.

4. B,C.FCoEencapsulatesaFibreChannelframe,whichhasSCSIcommands.

5. C.TheNexus5000,Nexus7000,andMDS9500canallparticipateinmultihopFCoE.

6. B.AllthreeCoSbitsareused.

7. A,C.ReducedcablingandhavingLANandSANtrafficonacommontransportaretwoofthebiggestadvantagestoUnifiedFabric.

8. D.Priority-basedFlowControlallowsdatacenterEthernettobealosslessfabric.

9. C.EnhancedTransmissionSelectionprovidesbandwidthmanagementandpriorityselection.

10. A.InanFCoEswitch,thevirtualexpansionportisusedtoconnecttoanotherFCoEswitch.

11. A,D.FCoErequiresFibreChannelframestobeencapsulatedinEthernetata10-Gigabitlinerate.

12. B,D.AunifiedfabricconsolidatesLANandSANontoacommonswitchingfabric.

13. C.VN-TaggingisusedtoidentifyremoteFEXports.

14. A,C.FEXisusedtoextendthedataplanetoremoteNexus2000switchesandNICs.

15. A,C,D.Enablethefeature,configurethefex-fabricportprotocol,andassociateitwitharemoteNexus2000.Theuseofaportchannelisoptional.

16. B,D.DCBXstandardizesthecapabilitiesandconfigurationexchangebetweenswitches.

17. A,C.Twinax,MMF,andCategory6a/7aresupported.

18. B.AllNexus2000switchingisperformedontheupstreamNexus5000orNexus7000.

19. C,D.FCoEmultihopallowsmultipleconvergedfabricswitchesinthenetworkpathtocarryFCoEtrafficfromtheinitiatorandthetarget.

20. A,C,D.AVIFisthevirtualizationofnetworkinterfacephysicalhardware

Chapter7:CiscoUCSPrinciples1. C.TheCiscoUCS2104XPI/OmodulesareoftenreferredtoasFEXs,which

isshortforfabricextenders.

2. A,C,D,E.TheM81-KR,VIC-1280,andVIC-1240areVICcardsforbladeservers,whiletheP81Eisacardforrackmountservers.

3. A.TheUCSfabricinterconnectprovidesnotonlyconnectivitytothechassisbutalsocentralizedmanagement.

4. B.The5108chassiscanhandlefourfull-widthbladesoreighthalf-widthblades.

5. A.EachUCSclusterusestwofabricinterconnectsthatprovideasinglepointofmanagement.

6. D.Aunifiedport(UP)canbeconfiguredtosupporteitherFibreChannelorEthernetmodules.

7. B,D,F.TheBindicatesthatthisisabladeserver,the4showsthatithasfoursockets,andtheM3indicatesthirdgeneration.

8. A,B.TheL1andL2portsarededicatedtocarryingmanagementtrafficandheartbeatinformationbetweenthefabricinterconnects.

9. C.Ethernetinterfacesarealwaysreferencedas“Ethernet”onaNexusdevice,regardlessofthespeedatwhichtheyareoperating.

10. C.TheMgmt0portisanout-of-bandEthernetmanagementport.

11. B.Youcanuseone,two,four,oreightlinksfromtheIOMtoafabricinterconnect.

12. D.TheCiscoIntegratedManagementController(CIMC)providesKVM,IPMI,andSOL.

13. D.UnifiedportscansupporteitherFibreChannelorEthernetbutnotbothatthesametime.

14. D.Thefirsteightportsona6120XPcanoperateatbothspeeds.

15. A,D,E.TheCMC,CMS,andmultiplexerareallcomponentsofthe2104XP.

16. A,C.Non-virtualizedadapterssupporteitherEthernetorFibreChannelbut

notboth.

17. B,D.InitialconfigurationoftheUCSmanagerallowsforeitherarestoreoptionorasetup.

18. C.PinningisthetermusedtoconnecttheIOMdownlinksstaticallytothefabricinterconnectuplinks.

19. B,C.TheUCSdiscoveryprocessscanstheinventoryofthe5108bladechassisandtheservers.Onthe5108,itdiscoverstheIOMs,partandserialnumbers,fans,andpowersupplies.

20. B,C,D.TheUCSmanagerdiscoversandstoresserver-relatedinformationsuchastheBIOSversion,harddrives,andRAM.

Chapter8:CiscoUCSConfiguration1. C,D,E.Althoughthereareotheroptions,thethreebasicstatesareuplink,

server,andunconfigured.

2. C.TheFSMmonitorsthestatetransitions,anditiskeytotroubleshootingUCSproblems.

3. A.Pooledidentitiesensurethattheserviceprofilescreatedfromatemplatehaveuniqueidentities.

4. A.Afabricinterconnectclustercancontainoneortwofabricinterconnects.

5. B,D,E.TheServertabandtheSANtabarealsofrequentlyused.

6. B.TheXMLAPI,UCSManagerGUI,andCLIcanbeusedforconfiguration.TheCIM-XMLisread-only.

7. B.UsetwostandardEthernetcablestoconnectL1ofthefirstswitchtoL1ofthesecondswitchandthenL2ofthefirstswitchtoL2ofthesecondswitch.

8. B,E.ThescriptbeginsbyaskingwhethertoconfigurethedevicefromtheconsoleorGUI.Theconsoleisthecommand-linepromptyoucurrentlysee,andtheGUIisawebinterfacethataskstheexactsamequestions.

9. B,C,D.Thefinitestatemachinevalidatesmanyprocessesincludingserverdiscovery,firmwaredownloads,andbackupjobs.

10. B.Setupisusedforinitialconfiguration,andrestoreistypicallyusedfordisasterrecovery.

11. B.Thecommandshowclusterextended-stateisusedtodisplaythestatusofthecluster.

12. A.ThescopecommandtakesyouintosystemconfigurationmodewherethevirtualIPaddressischanged.

13. D.ThecommitcommandsavesthechangesmadeintheUCSManagerCLI.

14. B.TheUUIDsare128-bitnumbersthatuniquelyidentifytheserversandareusuallystoredintheBIOS.

15. C.Anupdatingtemplatemaintainsarelationshipwiththeserviceprofilescreatedfromit.

16. C.Allserverconfigurationparametersarecreatedintheserviceprofilesand

thenserversareassignedtotheserviceprofiles.

17. B.Keyboardvideomouse(KVM)allowsremotecontrolofaserveroverIPtomanagetheserver,evenifthereisnooperatingsysteminstalledonit.

18. A,C.Identitypoolscreatearangeofaddressestobeassignedtoserviceprofiles.PoolscanbeusedforMAC,UUID,WWPN,andWWNN.

19. A.Instatelesscomputing,theserverhardwarenolongercontainsanyaddressing.TheaddressesareappliedtothehardwarebyserverprofilesontheUCSManager.

20. A,D.StoragepoolsdynamicallyassignWorldWideNodeNamesandWorldWidePortNamestotheserverhardware.

WILEYENDUSERLICENSEAGREEMENTGotowww.wiley.com/go/eulatoaccessWiley’sebookEULA.