Cisco nexus 7009 overview

© 2006 Cisco Systems, Inc. All rights reserved.Presentation_ID 1

Cisco Nexus 7009 switch

Eng.Hamza Al-Qudah

9-10-2012


Agenda

Day 1 :

Introducing Cisco Nexus Family

The Nexus switches family range

Nexus VS 65XX

The Cisco Nexus 7000 Series

Nexus 7000 Hw specifications

Nexus 7009 specifications

Day 2 :

XOS vs IOS


Introducing Cisco Nexus Family:

Nexus is a modular network switch introduced on January 28, 2008

Designed for the data center (optimized for high-density 10 Gigabit Ethernet.)

Its throughput is beyond 15 Tbps.

It has a modular NX-OS firmware/operating system


The Nexus switches family range:

- Nexus 1000v virtual switch

- Nexus 2000 fabric extender

- Nexus 3000 series

- Nexus 4000 IBM Blade Center switch

- Nexus 5000 series

- Nexus 7000 series modular datacenter switches


The Cisco Nexus 7000 Series

The Cisco Nexus 7000 Series was designed around three principles:

1- Infrastructure scalability: Virtualization, efficient power and cooling, high density, and performance all support efficient data center infrastructure growth.

2-Operational continuity: The Cisco Nexus design integrates hardware, NX-OS software features, and management to support zero-downtime environments.


3-Transport flexibility: You can incrementally and cost-effectively adopt new networking innovations and technologies, such as:

Cisco Overlay Transport Virtualization (OTV)

Cisco FabricPath

Fibrer Channel over Ethernet (FCoE)

Cisco IOS Multiprotocol Label Switching (MPLS)


Over 1513 Patents Pending/Issued on Data

Center Technologies

Over $1B in Overall Data Center Researchand Development

Cisco Nexus Consists of Multiple Products with a Data Center Class OS

Cisco Nexus

Infrastructure Scalability

OperationalContinuity

TransportFlexibility

Cisco® Nexus Delivers a Unified Fabric and I/O for

the DC


Nexus VS 65XX :

- Virtual port channel (VPC) : VPC is similar to VSS of the 65K's.

- Virtual device context (VDC) :With VDC you virtually divide your switch up to 4 different virtual switches and allocate hardware resources to them

- 65K's can perform all the functions... Nexus still doesn't support service modules like FWSM, load balancers etc...


Cisco Overlay Transport Virtualization (OTV):

- It makes multiple DC as one Dc.- The NX7k switch has MAC add table for each NX7k switch- The MAC add tables are automatically shared- It stops spanning tree protocol- In multicast : Just one copy sent to the core

Cisco FabricPath :- Combines the simplicity of L2 domain with scalability of L3 domain , Creates (L2 routing tables)- No blocking , send through all links, down link will be excluded.- Shortest path will be used

- Add fabricpath Switch destination header- Add server any where in the dc


Fiber Channel over Ethernet (FCoE) :

- Allow the server to connect to the San and the LAN through one link

Hitless software upgrade by :

- In Service Software Upgrade (ISSU)

Cisco Data Center Network Manager:

- Management tool


Nexus 7000 Hw specifications :

- Delivers high-density 10, 40, and 100 Gigabit Ethernet

- provide parallel fabric channels to each I/O and supervisor module slot

- Up to five simultaneously active fabric modules work together delivering up to 230 Gbps per slot46 Gbps per slot per fabric ( 46*5 fabric = 230 Gbps per slot ) - 46 is for fabric 1 , in fabric 2 its 110 per slot- With 550G per slot, scales to more than 17 Tbps switching capacity


Catalyst and Nexus: Complementary Focus for Broad Deployments

Cisco® Nexus 7000

Cisco Catalyst® 65002 Terabit ScalabilityUnified Network Access

15 Terabit ScalabilityUnified Fabric

100GbE

40GbE

Transport Flexibility

Operational Continuity

10GbE

1GbE


New Nexus 7000 Supervisor Engines :

- Cisco Nexus 7000 Series Supervisor 2 and 2E Modules deliver increased control plane performance and system scalability

- Cisco Nexus 7000 Series Supervisor 2 has twice the CPU performance of the Supervisor 1 Module

- Cisco Nexus 7000 Series Supervisor 2E performance is Four times the CPU performance of the Supervisor 1 Module


Nexus 7000 series :

Nexus 7000 chassis now includes 9, 10 and 18 slot chassis

New Innovation Cisco Nexus 7004 Chassis

As with the Nexus 5000 series the Nexus 2000 Fabric Extenders can act as a remote line card on the 7000 series.


Extending the Cisco Nexus FamilyData Center Class Switches

Simpler More Stable Layer 2 Network Highly Available Platform Preserves operational best practices

FCoE based Unified Fabric Virtualization Optimized Networking Support for GE, FCoE, DCE, and FC

Reduces power, cooling, cabling Up to 52 non-blocking 10GbE Up to 1.2 Tbps capacity

Infrastru

cture

Scalab

ilityT

ransp

ort

Flexib

ilityO

peratio

nal

Co

ntin

uity


Nexus 7009 :

9 slots: 3-9 are line card slots, 1-2 are supervisor slots

Supports 336 10Gbit/s and/or 1Gbit/s

Air flow is side to side (right to left)

Up to 5 Crossbar Fabric Modules

Up to 2 power supplies


Day 2:

IOS VS XOS


NX-OS :

- NX-OS two images kickstart image and system image.

- Not all the features are enabled by default... for example if you want to use OSPF... you firstly have to enable the feature. ... (feature ospf)

- All the features are licensed... This is not very bad... considering that an enterprise licenses gets almost all of your features running.


You don't have to prefix "do" in front of your "privilege level show commands" if you are in configuration mode

The routing protocol configuration is more on the interface level like in IPV6... ipv6 enable

NX-OS CANNOT NAT"; no NAT command on NX-OS... unusual as it is one of the common L3 feature on any cisco device.

No F and GE in the commands … all are Ethernet

There aren't any speed designations in the interface name.


no "write" command you have to use the big old "copy run start“

The " sh tech-support" gives you never ending data... its HUGE MB's of data

Supports VTP only in transparent mode

- Doesn't support PAGP supports only LACP

- It doesn't support EIGRP unicast neighborship...

The "sh run" has a lot of minor components which makes it easier to look at the configuration... like "sh run rpm"(route processor module) : gives you all the route policy config like route-maps and prefix lists


sh module :N7K-ABCDEF-GH

A : F (forwarding engine) or M (Multi purpose forwarding engine )

B : Model of forwarding engine : 1 or 2

C & D : Number of ports

E : Speed : X (10 gig ) or G (1 gig)

F : Connector Type : P (sfp+) or T ( RJ )

G : Generation of fabric : 1 ( 1’st ) or 2 (2nd)

H : Number of channels of 40 gig : 1 (40 gig) or 2 (80 gig)

show module xbar : to show switch fabric


Day 3:

Continue IOS VS XOS


Base services: The default license that ships with NX-OS covers Layer 2 protocols including such features such as Spanning Tree, virtual LANs (VLAN), Private VLANS, and Unidirectional Link Detection (UDLD).

Enterprise Services Package: Provides Layer 3 protocols such as Open Shortest Path First (OSPF), Border Gateway Protocol (BGP), Intermediate System-to-Intermediate System (ISIS), Enhanced Interior Gateway Routing Protocol (EIGRP), Policy-Based Routing (PBR), Protocol Independent Multicast (PIM), and Generic Routing Encapsulation (GRE).

Advanced Services Package: Provides Virtual Device Contexts (VDC)


license file is obtained from Cisco.com and copied to flash, install it on the chassis.

Show license host-id :host-id for License File Creation on Cisco.com (serial number)

Install license bootflash:license_file.lic

NX-OS offers feature testing for a 120-day grace period ...fully operate a feature without the need for a license to be purchased

The last 6 days it will start send notifications

#()license grace-period


NX-OS has a setup utility that enables a user to specify the system defaults, perform basic configuration, and apply a predefined Control Plane Policing (CoPP) security policy.

Two preconfigured instances of VPN Routing Forwarding (VRF) by default (management, default).

By default, all Layer 3 interfaces and routing protocols exist in the default VRF.

The mgmt0 interface exists in the management VRF and is accessible from any VDC.

Each VDC has a unique IP address for the mgmt0 interface.


Default login administrator user is admin; a password has to be specified when the system is first powered up.

you cannot disable the username and password login.

The default Spanning Tree mode in NX-OS is Rapid-PVST+.

When u disable a feature all relevant commands are removed from the running configuration.


Show environment power :

power requested in the max appear cisco power calc

Telnet is disabled by def , ssh is enabled

Sh vrf :

vrf managment : def route

vrf context managment ip route 0.0.0.0 /0 gw

int mgmt 0 ip add /24 def in mgmt vrf dedicated for it

Sh vrf managment int

Int ethe x/x :

vrf member managmenet ...refused


ping gw ..no u have to determine vrf

sh run | grep -a 3 –n mgmt 0 :

rollbased access control : rback

sh role : admin : read write operator : read

sh role feature-group

feature group ...ex pre def l3 feature group


role name ...

rule 1 permit read

rule 2 permit read-write feature cdp

rule 3 permit command ping *

rule 4 permit command config t : interface *

interface policy deny

permit interface eth 2/1

sh role name ....

user ... pass ... role ....


? the available commands will be limited

debug ? only cdp ( write allowd for cdp only)

? In config mode :cdp or interface ( interface only eth 2/1 )


rollback :

checkpoint .... ( up to 10)

sh checkpoint summary

sh checkpoint ... : the config of checkpoint

rollback running-config checkpoint ...

config s (session) : till now just for acl

To check the resource availability for a certain feature

config s ...

verify

show config session

Commit , abort


-if : ip ospf hello-interval 2

ip ospf network point-to-point

ip router ospf 1 area 0 : activate osfp in interface

statefull process restart : l2 process and ospf : safe the processes

int .. : sh no sh

load bootflash:dd.plgin

(linux) kill 6255 sh process | inc ospf

int e2/1, 2/2-4


netflow :

feature nerflow

flow record ....

match ipv4 dest add

matc ipv4 souse add

match ip protocol

collect transport tcp flags ( collect is the info need to be exported)

collect routing forwarding-status

flow exporter ....

description ....

destination x.x.x.x vrf


source loobback 0

transport udp port 12345

version 5

Now apply netflow for interface by config flow monitor with connect exporter with recored

flow monitor ...

record ....

exporter ... up to 2 diff export per monitor

sh run config netflow

int .. : ip flow monitor ... input (igress)

sh sys internal flow


Ethenizer for wire shark

Ethanalyzer local interface (mgmt or input ) brief limit-captured-frame 5 write bootflash:cap1

Its for control plane traffic

Data plane traffic captured by netflow or span


vdc :

sh vdc

n7k : def

sh vdc membership :( interfaces )

vdc ... create vdc

allocate interface x : config will be lost

ha-policy (dual-sup (bring-down or restart or switchover)

single sup) bring-down or restart or reload : reload : the sup restart : restart the vdc


limit resources vrf min x max y

limit resources vlan min x max y

limit resources port-channel min0 max 0

sh vdc ... detail

sh vdc ... membership

sh vdc ...resources

switch to vdc ...

password : create one


The End

Hamza Al-Qudah

Technology

Cisco nexus 7009 overview