Networking, Security & Cloud Knowledge

Sunday, June 26, 2016

Cisco Nexus - NX-OS


NX -OS  next generation operating system Featrue

Chapte 1 : New feature in Nexus

  • Modular
    • Enable particular module in nexus
    • E.g  Feature eigrp  or No feature eighrp to enable or disable eigrp
       

  • High availability à PSS - Persistence storage service: If BGP process crashes , it will not crash underlining operating system and that processes gracefully restart and it will have all state information before the crash.
  • Unified os for lan and san,
    •  prior to this we had iOS  with IP protocol and SAN OS with Fiber channel protocl,
    • Reason for lan and san segregation
      • Security
      • Bandwidth
      • flow control
      • performance
    • Flow control:
      • LAN  - sender keep sending till receiver respond
      • SAN   - Receiver defines how much data transmitter can send
         
    • NX-OS 4.1 or higher run on MDS (multilayer director switch) as well as Nexus 7K as 5K.
    • Unification of lan and san using 10Gbps ethernet using FCoE

 

  • Role based access
    • Privilege levels access – method is in old ios
    • Views      - access based on view  - prior to nx-os
    • In nexus there is role based access
      • Eg:  username admin password Cisco 123 role {  network-admin | network-operaor | priv-0 -15 |vdc-admin | vdc-operator }
      • Vdc-admin or vdc operator option : In N7K we can have virtual Device  context (VDCs) and have separate admin for each context.

 

  • Cisco layered approach
    •  scalability
    • resilient – failover

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Chapter 2 : NEXUS Family:

The nexus 7000 series

  • Models:
    • 7009  -2sup slots , 7 i/o module slots
    • 7010 - 2sup slots, 8 i/o module slots
    • 7018 - 2sup slots, 16 i/o module slots
  • L2/L3, DCP (data center bridging), FCoE
  • ISSu ( in service software upgrade)
  • VDCs (virtual device context)
  • Modularity
  • Separation of CP  (control plan) and DP (Data plan)
  • RBAC (role based Access control)
  • EEM  (Embedded event manager)
  • Call home
  • Dual supervisior
  • Dual CMP (connectivity management processor) with own  memory , power and software. It provide lights out connectivity ( OOB )
  • Dual redundant central Arbiter of particular traffic – multiple path through architecture of devices.
  • Redundant fan module – hot swappable fan tray

 

Sup 1 is Eosale and EoL and replacement is Sup 2E ( dual quad-core cpu with 32GB RAM)

 

 

Licensing of software

1 default base license

2 enterprise lan license - for dynamic routing and multicast

3 advanced enterprise lan license - VDC, Cisco trust sec

4 mpls license  - mpls routing

5 transport service – OTV (Overlay transport virtualization)

6 enhance L2 services - fabric path

 

Command

Download license, store on boot flash and use following command

# install license    <-- font="" install="" license="" to="">

#Show license usage

 

Trial license: 120 day grace period for testing before buying license.

 

Modules: sup card, line card and fabric module

 

Fabric module support virtual output queuing.

 

 

 

Power Redundancy: with respect to  7010 we have similar option in UCS.

  • Combined power mode – no redundancy – all power supply work together.
  • Power supply redundancy  ( n +1)
  • Input source redundancy ( external power failure ) / grid power redundancy
  • Complete redundancy ( Power supply + input source

Nexus 7009 v6

Nexus 7009 v6.0(2) w/ SUP1, 10GE F1, 10GE M1

M1 module support L3 feature

F1 module is L2 feature

    Cisco fabric path similar to TRIL Transparent interconnection of lots of link

 

---------------------------------------------------------------------------

The Nexus 5000 series

5010   - throughput 520 gigbit per secon

5020

5548

5596  -  throughput  1.92 Tbps 

 

Common features in 5500 series

DCB –data center bridging

FCoE – Fiber channel over Ethernet

GEMS – generic expansion module slot – add FCoE

 

55XX L3 routing capability,

 routing can be enabled on

5548  with N55 –D160 L3 card.

5596 with N55-M160 L3

Port density is different in each model e.g in 5596 96 à 96 1 gig Ethernet port density

 

Nexus 5548 v5.1 (3)

Feature : unified port

 

------------------------------------------------------------------------------------------

The Nexus 2000 series

Function at Top or rack ToR, all c-series devices are connected to N2K device on ToR and N2K are managed by N5K device at EoR ( End of Rack)

 

2000 series are called a FEX – fabric extender


 

Redundancy using 2000 ToR and 5000 EoR


 

 

 

Model  nexus 2000 series  ( scalability ,oversubscription,  host port and fabric port )

  • 2148  
    • 4 X 10G fabric port,  1 port channel with max 4 port,  48 host port but no port channel, no FCoE
  • 2224  
    • 2 X 10G fabric port, 1 port channel port,  24 X 1G host port 24 port channel with max 8 port in one of the port channle, no FCoE
  • 2248
    • 4 X 10G fabric port, 1 port channel port,  48 X 1G host port 24 port channel , no FCoE

 

  • 2232
    • 8 X 10G fabric port, 1 port channel ,  32 X fiber optic host port 16port channel , only can supply FCoE on ToR location

 

---------------------------------------------------------------------------------------

Nexus 1000v v4.2   virtualized Ethernet module or supervisior moduel

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Chapter 3: MDS family (multilayer director switch)

9500 series

9124

9148

9222i

 

 

9500

  • TABLE:

Model   --  FC port density

9506  --     192

9509   --    336

9513 --     528

  • nonblocking - virtual output queuing

Requirement  for  SAN - not packet loss and low latency

 

  • high bandwidth  2.2 Tbs internal bandwidh / 160 gbps (16 ISL bundle)

 

  • Low latency – less than 20microsecond per hop

 

  • Mulit protocol  ( FC, FC0E, FICON, FCIP, iSCSI)
     
  • Scalable – VSAN (virtual storage Area network ) Cisco invension

 

  • Secure - port security

 

  • High availability – dual sup, dual clock, dual power

 

 

  • sup2 (no FCoE) and sup2-A (FCoE),  Intercross bar Fabric (traffic cop) in 9506 and 9509 in 9513 will have separate intercross bar fabric module

 

  • Licensing types of MDS – feature based and module based.
     
    • feature based
      • ENt –security
      •  sanover ip – FCIP
      • main frame – FICON
    • -module based

 

 

 

-----------------------------------------------------------------------------------------------------------------

 

Cisco MDS 9124

24 port – 8 default and 16 on-demand port

NPV (n port virtualization)

 

Cisco MDS 9148

  16-32-48 base license

 

Cisco MDS 9222i

Flexible with expansion slot support vide verity of module

18 FC 4gbps Ethernet port used for FCIP / iSCSI

 

-------------------------------------------------------------------------------------------------------------

 

NEXUS switch and NX-OS

NEXUS architecture:

# sh ver

software

  • BIOS    version 2.12.0
  • Kickstart image- contains linux           7K kernel  version 6.2(2), 5K 5.1(3)
  • System – contain software component of NX  multilayer director switch

Hardware

  • Supervisor : intel xenon  ,  12 gb memory

Plug-in

  • Core plugin – contain nx os software component
  • Ethernet – L2 and  L3 software component
  • In future we will see – Storage plugin – for FCoE

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Chapter 4 : Monitoring Nexus Switch

Monitoring the Nexus

  • Rj 45 console is located on sup card.
  • Nexus 7000 with sup 1 engine with cmp (connectivity management processor) with dedicated O.S for OOB management access. Has led for notification and local authentication. Sup 2 don’t have this capability
  • To connect to cmp we use command # attach
    • Attach console | module | cmp
  • Remote acces:
    • Ssh v2 is enabled by default, ssh / telnet clinet & server capability , ip v4 and v6 supported
    • In cmp  use command  # ssh server enable or # telnet server enable
  • Management
    • Support concept of VRF, by default there are two VRF ( default and management vrf) exist in nexus switch.
    • Management interface is in management vrf. To test connectivity for management purpose is  # ping 10.10.10.10 vrf management
  • ISSU (in service software upgrade)
    • Upgrade with no disruption , data plane continue forwarding packet during upgrade proces
    • 4.2.1
    • Kickstart, bios, system, fex (2000 series), i/o module bios and image
    • Started with 7000 series which has dual sup card, first upgrade standby sup engine, then upgrade second sup engine. This feature is also now supported in 5000 series which has single sup engine. Here control plane will be offline during upgrade. If 5500 series with L3 functionality it will not support ISSU.
    • Steps for 5000 series
      • Download appropriate software Cisco.com/go/fn (feature navigator)
      • Copy tftp à boot  flash
      • Show incompatibility  ( show incompatible with new image) ß pre upgrade command
      • Show install all impact ( shows impact of upgrade) ß pre upgrade command
      • Show install all status   ç post upgrade to verify installation status.
  • Control plane policing
    • Data plane
    • Mgmt plane – snmp
    • Control plan – L2 stp, LAcP, L3 ospf , bgp
      • CoPP control plan policing – restrict number of packet entering CP. There is  default CoPP, during installation it ask for strict , moderate, lenient or no default policy.
  • KEY  CLI command
    • Where – shows mode, which VDC
    • Show run ipqos | all   allà show everything including default
    • Sho run interface all
    • Show module
    • Show loggin

 

 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.