Virtual port channel (vPC) or Multichassis Etherchannel


Virtual Port Channel
A port channel combines multiple physical link into a single logical link provided that these all physical links must belong to same network switch. However, in this case if our switch goes down we lose connectivity to all the devices connected to it. This is where virtual port channel comes to rescue. A virtual port channel allows you to bundles physical links spread across two separate physical switches. Following figures show simple port channel and virtual port channel topologies. 


In this case Switch L runs simple port channel (LACP) because this switch has no idea that it is connecting to two different switches. But wait a minute how is that possible? With above topology it is not possible. We need little more on switch A and B side so that they can dodge Switch L to appear as single switch. We need to add extra physical links between Switch A and Switch B so that these switches can inform each other that they are both working on to fool Switch L. So our topology will look like this.

Cisco sees a little problem here. If link between Switch A and Switch B fails then how can Switch A and B communicate each other? Remember these switch need to communicate with each other in order to fool Switch L (Fool means present two switches as one switch to Switch L). In case of failures these peers also need to know whether the peer link is failed or peer itself is dead. This is why we connection Switch A and B with an extra physical link (It can be logical Layer 3 connectivity usually via management port for heart beat). Following figure shows full picture of VPC and their naming convention. 


Benefits of Using vPC
vPC provides the following benefits:
·       Allows connectivity from single device to multiple upstream switches
·       Provide loop free topology and no blocking STP ports.
·       Loadbalancing on all links. Optimal use of links.
·       Fault tolerant in case of link failures as long as there is one link up in vPC.

Cisco Fabric Services Protocol
Cisco Fabric Services protocol is reliable management protocols used by peer switches to synchronize control and data plane information via vPC peer link. Any port that is not part of the vPC is called orphan port. vPC ports which loss complete connectivity to one of the vPC peer are also called Orphan ports.

Loop avoidance in vPC:
vPC uses forwarding rules on hardware level to avoid loops. For example if a packet arrive at peer switch from vPC members port and is forwarded to another peer via peer link then this packet is not forwarded to any other vPC members port. It can be forwarded to any orphan port though.

Configuration of vPC

  1. Enable VPC feature on both switches (Switch A and Switch B) using following command.

Feature vpc

2.      Create vPC domain on both switches. It should be same on both switches.

vpc domain <domain_ID>

3.      Provide peer keep alive connectivity. A must do step before configuring Peer link.

peer-keepalive destination <remote peer IP> source <local IP> vrf mgmt.

           You can use any layer 3 connectivity in any vrf.

4.     Create Peer link. Peer link is nothing but regular trunked port channel with vpc peer-link command in it.

Interface port-channel <peer link number>
switchport mode trunk
vpc peer-link

5.     Create vPC. Again its configuration is same as port channel with additional command of vpc vpc_Number in it.
Interface port-channel <vPC number>
vpc <vPC number>
 

                               Configuration Example Topology


Switch A:

feature vpc

vpc domain 10

peer-keepalive destination 10.0.0.1 source 10.0.0.100 vrf default

interface Ethernet1/7

switchport

channel-group 1 mode active

interface Ethernet9/7

switchport

channel-group 1 mode active



interface port-channel1

switchport mode trunk

vpc peer-link



interface Ethernet1/8

switchport

channel-group 2 mode active

interface Ethernet9/8

switchport

channel-group 2 mode active



interface port-channel2

switchport mode trunk

vpc 2



Switch B:

feature vpc

vpc domain 10

peer-keepalive destination 10.0.0.100 source 10.0.0.1 vrf default

interface Ethernet1/7

switchport

channel-group 1 mode active

interface Ethernet9/7

switchport

channel-group 1 mode active



interface port-channel1

switchport mode trunk

vpc peer-link



interface Ethernet1/8

switchport

channel-group 2 mode active

interface Ethernet9/8

switchport

channel-group 2 mode active



interface port-channel2

switchport mode trunk

vpc 2


Comments

Post a Comment

Popular posts from this blog

Cut through vs Store and forward switching

Image
Switching infrastructure has evolved since 4 decades from hub, bridges ASIC based switches, FPGAs based switches etc. Switches operate at layer 2 (Data link Layer) and their purpose is to receive a frame on one port (Ingress port) and forward it to another (Egress port). This decision is based on Destination MAC (DMAC) address. Here we will describe how store and forward switching works and how cut-through switching works. Store and forward switching Following figure shows Layer 2 frame. Bytes are received from left to right. Our main focus would be on Frame header and Checksum field. Checksum field in Layer 2 frame is used to check integrity of the frame (Error control). Integrity means performing some checks to find out whether frame was tempered/corrupted in between or not. Checksum is certain type of hash calculation over whole frame data. This means we need to have all the bytes of frame before checking for integrity.  As soon as we have whole frame and checksum c
Read more

SSH Tunneling or SSH Port forwarding

Image
One of the tricky topic is SSH port forwarding. There are many tutorials about this but they are quite complicated for students or junior level engineers to understand. Here I will try to explain those concepts using scenario so that it can be easily grasped.  Scenario: Your office firewall blocks access to facebook.com URL. Your laptop at home can access facebook.com easily. Your office environment/firewall allows SSH connection to your home laptop. Goal: Make office PC access facebook.com without performing any changes to office firewall. Description: In order to achieve this your home laptop needs to run SSH server. What we need to do in this case is to create a SSH tunnel from Office PC to Home Laptop and do some port forwarding.  In above figure you can see that if we can create tunnel between office and home machines. Just a SSH tunnel won’t allow us to access facebook.com from office PC. We need port forwarding here. In order to achie
Read more