A short Story on vPC- Virtual Port Channel in Cisco Datacenter Environment

Today I am going to talk about vPC and vPC+. These two technologies are used in the datacenter environment over the Cisco Nexus Switches where you bundled the links.

vPC stands for Virtual Port Channel and is a virtualized technology, So it allows links that are physically connected to two different Cisco Nexus 7000 Series devices to appear as a single port channel to a third device. The third device can be a switch, server, or any other networking device that supports link aggregation technology. 

There are lot of benefits of vPC which can allow to work better in your datacenter environment

  • It actually eliminates Spanning Tree Protocol blocked ports
  • with the help of vPC, you can use all the uplink available bandwidths
  • Allows dual homed servers to operate in active-active mode
  • Providing Fast convergence on link failures
  • Providing dual active default gateways for servers
  • Simplify your network design and build high resilient and robust Layer 2 Network.
  • Excellent Scalability and seamless virtual machine mobility.
So now I will talk about the various components used in the vPC environment. I hope datacenter guys already heard and know about these components. I will just put the component and the meaning of that component in the datacenter vPC environment

Fig 1.1- Cisco vPC components
  • vPC peer Device: vPC works in peer ( two switches in a peer, every switch named as vPC peer device)
  • vPC Domain: Two peer devices makes a vPC domain.
  • vPC Member PortOne of a set of ports (that is, port-channels) that form a vPC (or port-channel member of a vPC) 
  • vPC Peer-Link : Link used to synchronise the state between vPC peer devices. It must be a 10-Gigabit Ethernet link. vPC peer-link is a L2 trunk carrying vPC VLAN. 
  • vPC peer-link Keepalive : keepalive link between vPC peer devices; this link is used to monitor the liveness of the peer device. 
  • Orphan Port: A port that belongs to single attached device
We have two kinds of deployments of vPC in the datacenter environment, where we defined single and double sided vPC. The deployments are based on the need of the enterprise network and how customer wants the traffic to be routed to the WAN side or vice versa. We will discuss the single-sided and double-sided vPC in another article with details where i can also show you the how to configure these technologies.

Building a vPC Guidelines
  • It is must enable feature vPC (conf t; feature vpc) before you can start configuring a vPC domain and also must configure peer-keepalive link before peer-link in order for vPC system to come up. 
  • Always configure both vPC peer devices; the configuration is not sent from one device to the other. 
  • To configure double-sided vPC topology, you must assign a unique vPC domain ID for each respective vPC layer. We will discuss the same in another article in details.
  • To use vPC in a DCI topology, you must assign a unique vPC domain ID for each respective data center. 
  • Check that the necessary configuration parameters are consistent on both sides of the vPC peer-link. 
  • We recommend that you activate the LACP feature and configure vPC member ports with LACP mode set to ACTIVE. 
  • All ports for a given vPC peer must be in the same VDC. 
  • Only Layer 2 port channels (switchport mode trunk or switchport mode access) can be configured on vPC member ports. 
  • PIM SM (Sparse Mode) is fully interoperable with vPC. The software does not support PIM BiDIR or PIM SSM (Source Specific Multicast) with vPC. 
  • The software does not support DAI (Dynamic ARP Inspection) or IPSG (IP Source Guard) in a vPC environment. 
  • DHCP relay and DHCP snooping are supported with vPC. 
  • The software does not support Cisco Fabric Services regions with vPC. 
  • Port security is not supported on vPC member ports. 
  • Configure a separate Layer 3 link for routing from the vPC peer device (backup routing path), rather than using vPC peer-link and SVI for this purpose. 
  • We recommend that you create an additional Layer 2 trunk port-channel as an interswitch link to transport non-vPC VLAN traffic.