Agenda

§ VDC Overview
§ Q&A

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Virtual Device Context (VDC) Overview
What are Virtual Device Contexts (VDCs)?
§ What is a switch?
– Control plane, Data plane and Management plane
§ VDCs enable the virtualization of these planes and hardware resources
§ Enables collapsing of multiple logical networks into single physical
infrastructure
§ Helps scale physical resources of device
§ Appropriate for typical silo designs such as: VDC
Prod
–Production, Dev, Test VDC VDC
Extranet DMZ
–Intranet, DMZ, Extranet
–Organization A, B C
–Application A, B, C
–Customer A, B, C
Different network islands virtualized
onto common data center networking
infrastructure

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
 Virtual Device Contexts (VDCs)
VDC A VDC B

Layer-2 Protocols Layer-3 Protocols Layer-2 Protocols Layer-3 Protocols

VLAN mgr UDLD OSPF GLBP VDC A VLAN mgr UDLD OSPF GLBP

STP CDP BGP HSRP STP CDP BGP HSRP

VDC B
IGMP sn. 802.1X EIGRP VRRP IGMP sn. 802.1X EIGRP VRRP

LACP CTS PIM SNMP LACP CTS PIM SNMP

RIB RIB RIB RIB

VDC n
Protocol Stack (IPv4 / IPv6 / L2) Protocol Stack (IPv4 / IPv6 / L2)

Infrastructure
Kernel
§ VDC—Virtual Device Context
– Flexible separation/distribution of Software Components
§ VDCs are not…
– The ability to run different OS levels on the same box
– Flexible separation/distribution of Hardware Resources at the same time
– Securely delineated
– based on a hypervisor model; there is a single
Administrative Contexts
‘infrastructure’ layer that handles H/W programming…

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Virtualization Hierarchy
Where do VDCs reside in the “Big Picture”

Nexus
VDC1 VLAN VLAN VLAN VRF VRF VRF
7000
VLAN VLAN VLAN VRF VRF VRF

VDC2 VLAN VLAN VLAN VRF VRF VRF

VLAN VLAN VLAN VRF VRF VRF

VDC3 VLAN VLAN VLAN VRF VRF VRF

VLAN VLAN VLAN VRF VRF VRF

VDCX VLAN VLAN VLAN VRF VRF VRF

VLAN VLAN VLAN VRF VRF VRF
BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Virtual Device Contexts
VDC Resources

When creating VDCs, certain resources are shared across

VDCs while others must be dedicated to a VDC

Global Resources that can only be allocated, set, or configured

globally for all VDCs from the master VDC are referred to
Resources as Global Resources – i.e.: boot image configuration,
Ethanalyzer session, CoPP
Resources that are allocated to a particular VDC are
Dedicated referred to as dedicated resources - examples include
Resources Layer 2 and Layer 3 ports, VLANs, IP address space,
etc…

Shared Some resources are shared between VDCs – for

example the OOB Ethernet management port.
Resources

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
How Many VDCs Can I have?
§ Supervisor 1 – Four VDCs + 1 Admin VDC*
§ Requires 8GB of RAM
§ Supervisor 2 – Four VDCs + 1 Admin VDC
(4+1)
VDC-1

§ Supervisor 2E – Eight VDCs + 1 Admin VDC-2

VDC-3
VDC (8+1)

Admin VDC
..
VDC-4

§ VDCs beyond 4 require additional

license .
VDC-8

§ N7K-VDC1K9 (increments VDCs +4)

*Admin VDC on SUP1 Requires NX-OS 6.2

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
VDC Details
The Default VDC

§ Fully functional VDC with all capabilities

§ Some tasks can only be performed in the default VDC 1
VDC
– VDC creation/deletion/suspend Layer 2 Protocols Layer 3 Protocols
– Resource allocation – interfaces, memory VLAN UDLD OSPF GLBP
– NX-OS Upgrade across all VDCs VDC 1
PVLAN CDP BGP HSRP

– EPLD Upgrade – As directed by TAC or to enable new features STP 802.1X EIGRP IGMP
LACP CTS PIM SNMP
– Ethanalyzer captures – control plane traffic … …
– Feature-set installation for Nexus 2000, FabricPath and FCoE
– Control Plane Policing (CoPP)
– Port Channel load balancing Infrastructure
– Hardware IDS checks control Kernel
– ACL Capture feature enable
§ Default VDC can be used for production traffic with
no issues
– Some customers may choose to reserve it for
administrative functions

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
VDC Details
Non-Default VDC

§ Fully functional VDC with all capabilities VDC 2 - 8

§ Changes in non-default VDC only affect Layer 2 Protocols Layer 3 Protocols

that particular VDC VLAN UDLD OSPF GLBP

§ Independent processes started for each

PVLAN CDP BGP HSRP
STP 802.1X EIGRP IGMP
VDC 2
protocol in each VDC VDC 3
LACP

…
CTS PIM

…
SNMP

§ Discrete configuration file per VDC VDC 4

§ Discrete checkpoints per VDC Infrastructure

§ Discrete RBAC, TACACS, SNMP, etc. Kernel

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
VDC Details
Admin VDC

Available on Supervisor 2/2E and SUP1*

Admin
Provides pure administrative context
–CoPP configuration
Management Functions
–ISSU and EPLD CoPP GOLD
Admin
–VDC creation, suspension and deletion, interface allocation ISSU Licensing
VDC EPLD
–Show tech-support, tac-pac, debugs, GOLD Diagnostics …

–System-wide QoS, Port Channel load-balancing

Infrastructure
Simplify configuration for data plane VDCs
Kernel
–No boot statements, CoPP policies, etc in non-Admin VDCs

Doesn’t require Advanced or VDC License

–Can use 1 Admin VDC + 1 Data VDC (1+1)

Admin VDC on SUP1 requires NX-OS 6.2

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
VDC Types
Storage VDC

§ Enables separation of job functions Fibre

Channel
for LAN and SAN Admin
§ Creates a “virtual” MDS within the
Nexus 7000
‒ Participates as a full Fibre Channel
Forwarder (FCF) in the network
‒ Zoning, FC alias, fcdomains, IVR, Fabric
Binding, etc.

§ FCoE Target Support Ethernet Storage

VDC VDC
§ FCoE ISLs to other switches –
Nexus 7000, 5000, MDS
§ Only one storage VDC per chassis FCoE on F2 and F2e requires Supervisor 2/2E
F1 and F2/F2e cannot intermix in Storage VDC
‒ Does not require Advanced License (VDCs)
F3 does not support FCoE at this time
‒ Does count towards total VDC

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
 VDC Types
“Module-Type” Modes

M1-F1 Mixed
“Module-Type” Modes
VDC
§ In release 5.1, “module-type” parameter defines
the behavior for each VDC
§ Different I/O module types can be specified:
– m1 – specifies VDC can contain M1 modules M2-XL
– m1-xl – specifies VDC can contain M1-XL modules Only
– m2-xl - specifies VDC can contain M2-XL modules
VDC
– f1 – specifies VDC can contain F1 modules
– f2 – specifies VDC can contain F2 modules
– f2e – specifies VDC can contain F2e modules (NX-OS 6.2)
– f3 – specifies VDC can contain F3 modules (NX-OS 6.2(6))
§ limit-resource module-type m1 m1-xl m2-xl f2e*
(default) – Allows mix of M1, M1-XL, M2 and F3 Only VDC
F2e modules in the VDC
*Default in NX-OS 6.2
BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Interface Allocation
Interface Allocation N77-F348XP-25

VDC Ports are assigned on a per VDC basis and VDC

A cannot be shared across VDCs C

48 port
10GE
F3 module
Once a port has been assigned to a VDC, all
subsequent configuration is done from within
VDC that VDC VDC
B D
N77-F348XP-25 Requires allocation in port
groups of eight to align ASIC resources.
BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface Allocation
Interface Allocation N7K-F312FQ-25

VDC Ports are assigned on a per VDC basis and VDC

A cannot be shared across VDCs C

12 port
40GE
F3 module
Once a port has been assigned to a VDC, all
subsequent configuration is done from within
VDC that VDC VDC
B D
N7K-F312FQ-25 Requires allocation in port
groups of two to align ASIC resources.
BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public
Interface Allocation
VDC and Interface Allocation

§ Ports are allocated in VDC config mode

N7K1-VDC1# config t

Enter configuration commands, one per line. End with CNTL/Z.

N7K1-VDC1(config)# vdc N7K1-VDC2

Ports being
N7K1-VDC1(config-vdc)# allocate interface e8/1-4
allocated
Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes] yes

N7K1-VDC1(config-vdc)# show vdc membership

Disruptive
warning!
vdc_id: 4 vdc_name: N7K1-VDC2 interfaces:
Easier allocation
Ethernet8/1 Ethernet8/2 Ethernet8/3 Ethernet8/4
in NX-OS 5.2
N7K1-VDC1(config-vdc)# allocate interface ethernet 4/1

Entire port-group is not present in the command. Missing ports will be included automatically

Moving ports will cause all config associated to them in source vdc to be removed. Are you sure you want to move the ports (y/n)? [yes]

§ Note that FEX ports only exist in the VDC where their parent interfaces reside

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
FEX and VDCs
§ FEX feature-set needs to be installed in default or admin VDC once
§ Feature-set fex can then be abled as needed per VDC
§ FEX IDs must be unique across a chassis
§ FEX Host Interfaces (HIFs) belong to the VDC where their parent Network
Interface (NIFs) reside

HIFs NIFs

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
VDC Types
VDC Creation - Ethernet

N7K1-VDC1# conf t Name of New

N7K1-VDC1(config)# vdc N7K1-VDC4
Note: Creating VDC, one moment please … VDC
N7K1-VDC1(config-vdc)# show vdc
vdc_id vdc_name state mac type lc
------ -------- ----- ---------- --------- ------
1 N7K1-VDC1 active 00:26:51:c7:34:41 Ethernet m1 f1 m1xl
2 N7K1-VDC2 active 00:26:51:c7:34:42 Ethernet m1 f1 m1xl
3 N7K1-VDC3 active 00:26:51:c7:34:43 Ethernet m1 f1 m1xl
4 N7K1-VDC4 active 00:26:51:c7:34:44 Ethernet m1 f1 m1xl

N7K1-VDC1(config-vdc)# show vdc N7K1-VDC4 detail

vdc id: 4
vdc name: N7K1-VDC4
vdc state: active
vdc mac address: 00:26:51:c7:34:44
vdc ha policy: RESTART
vdc dual-sup ha policy: SWITCHOVER
vdc boot Order: 1
vdc create time: Mon May 16 00:12:38 2011
VDC Details
vdc reload count: 0
vdc restart count: 0
vdc type: Ethernet
vdc supported linecards: m1 f1 m1xl

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
VDC Types
VDC Creation – Ethernet – F2 Module

N7K1-VDC1# conf t
N7K1-VDC1(config)# vdc N7K1-VDC4 limit-resource module-type f2
Note: Creating VDC, one moment please ...
Limiting
N7K1-VDC1(config-vdc)# show vdc
Resources
vdc_id vdc_name state mac type lc
------ -------- ----- ---------- --------- ------
1 N7K1-VDC1 active 00:26:51:c7:34:41 Ethernet m1 f1 m1xl
2 N7K1-VDC2 active 00:26:51:c7:34:42 Ethernet m1 f1 m1xl
3 N7K1-VDC3 active 00:26:51:c7:34:43 Ethernet m1 f1 m1xl
4 N7K1-VDC4 active 00:26:51:c7:34:44 Ethernet f2

N7K1-VDC1(config-vdc)# show vdc N7K1-VDC4 detail

vdc id: 4
vdc name: N7K1-VDC4
vdc state: active
vdc mac address: 00:26:51:c7:34:44
vdc ha policy: RESTART
vdc dual-sup ha policy: SWITCHOVER
vdc boot Order: 1
vdc
vdc
create time: Mon May 7 00:12:38 2012
reload count: 0
VDC Details
vdc restart count: 0
vdc type: Ethernet
vdc supported linecards: f2

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
VDC Types
Admin VDC

§ Admin VDC Creation – Two Options

§ During boot of a supervisor with no configuration

---- System Admin Account Setup ----

Do you want to enforce secure password standard (yes/no) [y]:

<snip>

Boot up system with default vdc (yes/no) [y]:y

• Admin VDC is not the default – user must choose to do Admin VDC
§ Manual creation
– Two options for manual creation:
§ Customer already using default VDC as an admin VDC without LAN interfaces and
configurations to preserve other than Mgmt0
§ Customer already using default VDC a data plane VDC with LAN interfaces and
configurations to preserve

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
VDC Types
VDC Creation – Admin – Manual Option 1

Default VDC in pre-6.1

Prior to Conversion “Admin” configuration
N7K-1# show vdc

vdc_id vdc_name state mac type lc

------ -------- ----- ---------- --------- ------
1 N7K-1 active 00:26:98:0f:d9:c1 Ethernet m1 f1 m1xl m2xl
2 Agg1 active 00:26:98:0f:d9:c2 Ethernet m1 f1 m1xl m2xl
3 OTV1 active 00:26:98:0f:d9:c3 Ethernet m1 f1 m1xl m2xl
4 Access1 active 00:26:98:0f:d9:c4 Ethernet f2

Conversion
N7K-1# config
Enter configuration commands, one per line.
N7K-1(config)# system admin-vdc
End with CNTL/Z.
Admin VDC with no line
N7K-1(config)#
card support
Post Conversion
N7K-1(config)# show vdc

vdc_id vdc_name state mac type lc

------ -------- ----- ---------- --------- ------
1 N7K-1 active 00:26:98:0f:d9:c1 Admin None
2 Agg1 active 00:26:98:0f:d9:c2 Ethernet m1 f1 m1xl m2xl
3 OTV1 active 00:26:98:0f:d9:c3 Ethernet m1 f1 m1xl m2xl
4 Access1 active 00:26:98:0f:d9:c4 Ethernet f2

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
VDC Types
VDC Creation – Admin – Manual Option 2 - Migration
Prior to conversion
N7K1# show vdc
vdc_id vdc_name state mac type lc
------ -------- ----- ---------- --------- ------
1 N7K1 active 00:26:98:0f:d9:c1 Ethernet m1 f1 m1xl m2xl
2 Agg1 active 00:26:98:0f:d9:c2 Ethernet m1 f1 m1xl m2xl
N7K1# show ip ospf ne
OSPF Process ID 100 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
192.168.100.1 1 FULL/ - 00:02:08 192.168.1.1 Eth4/3

Migration
N7K1# config
Enter configuration commands, one per line. End with CNTL/Z.
N7K1(config)# system admin-vdc migrate core1
2012 Apr 23 14:28:53 N7K1 %$ VDC-1 %$ %VDC_MGR-2-VDC_ONLINE: vdc 3 has come online

Post Conversion
N7K1# show vdc

vdc_id vdc_name state mac type lc

------ -------- ----- ---------- --------- ------
1 N7K1 active 00:26:98:0f:d9:c1 Admin None
2 Agg1 active 00:26:98:0f:d9:c2 Ethernet m1 f1 m1xl m2xl
3 core1 active 00:26:98:0f:d9:c3 Ethernet m1 f1 m1xl m2xl

N7K1-core1# show ip ospf ne

OSPF Process ID 100 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
192.168.100.1 1 FULL/ - 00:21:29 192.168.1.1 Eth4/3
BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Navigating Between VDCs

§ From the default VDC, use the switchto vdc <name>

command
N7K1-VDC1# switchto vdc N7K1-VDC2

N7K1-VDC2#

§ To return to the default VDC use the switchback

N7K1-VDC2# switchback

N7K1-VDC1#

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Reload and Suspend VDCs

§ Only non-default VDCs can be suspended, resumed, reloaded or

restarted

§ Reload is just like reloading a box – clean boot for that VDC
N7K1-VDC1# reload vdc N7K1-VDC4
§ Suspend performs config save and graceful cleanup before
suspending
N7K1-VDC1# (config-vdc)# vdc N7K1-VDC4 suspend

BRKDCT-2121 © 2014 Cisco and/or its affiliates. All rights reserved. Cisco Public 24