VDC Management

VDC Management

Posted on Jan 23, 2020 (0)

VDC Management

VDC management is important concepts which helps in proper Management of VDC. Here we will learn about various topics which will make us understand how VDC can be managed.

Role Based Access Control

Role based access control helps in managing the VDC based on roles allocated to particular user. There are four types of pre-defined roles which can be allocated to User for VDC management.

Network-Admin: As soon as first user account is created in default VDC, it is admin. This user is automatically assigned Network-admin role.

  • It can full control over default VDC of switch
  • It has power to create, delete ,, change non-default VDC

Network-Operator: It is the second default role on nexus 7000 series switches, it provide users to read-only right in default VDC. If any user get allocated to this role, he can issue switch-to commands to traverse across non-VDC and can be able to see the configuration or read the configuration file of particular VDC. By default no users are assigned to this role.

VDC-Admin: When a Non-Default VDC is created, first user account on that VDC is user admin. And this admin user gets VDC-Admin role automatically. The user having this role has full control over that particular VDC but have no right in any other VDC and cannot access them by switch-to commands.

VDC-Operator: This is to provide read only right to user to read configuration of only that particular VDC on which he has been allocated this to.

When a network administrator or network-operator switches to a Non-Default VDC, it inherits the role of VDC-Admin or VDC-Operator.

VDC Management Access

VDC management can be done via virtualizing the management port so that, each VDC will get logical instance of management port and where we have to provide the separate IP address to each Virtual management Port present in VDC from same subnet. Each VDC in Nexus 7000 Chassis share same supervisor out-of-band management interface. You can understand this by following diagram:

  • The OOB Ethernet management interface on the active supervisor of the Cisco Nexus 7000 Series switch is shared among the various VDCs.
  • Cisco NX-OS Software provides a virtual management interface-mgmt 0-for OOB management for each VDC.
  • You can configure this interface with a separate IP address that is accessed through the physical mgmt 0 interface on the supervisor.

VDC High Availability

Nexus 7000 VDC feature also provides the HA feature in order to provide safeguards if any event causes failure of any running process. This HA feature determines what action will nexus Box takes if any process crashes repeatedly.

These action can be taken and is dependent on presence of single or dual supervisor. Let have a look how behavior of Nexus changes if it has single or dual supervisor.

Single supervisor module configuration:-

  • Bring down: Puts the VDC in the failed state. To recover from the failed state, you must reload the VDC or the physical device.
  • Reload: Reloads the supervisor module.
  • Restart: Deletes the VDC and recreates it by using the startup configuration.

Dual supervisor module configuration

  • Bring down: Puts the VDC in the failed state. To recover from the failed state, you must reload the VDC or the physical device.
  • Restart: Deletes the VDC and recreates it by using the startup configuration.
  • Switchover: Initiates a supervisor module switchover.

The default high-availability policy for a non-default VDC that you create is restart for single­ supervisor mode and switchover for dual-supervisor mode.

The default high-availability policy for the default VDC is reloaded for a single-supervisor module configuration and switchover for a dual-supervisor module configuration. The policies for the default VDC cannot be changed.

Communication between VDC

Communication between VDC is done as same way, like two separate switch communicates.

For Layer 2 Communication between VDC we have to connect cables between VDC and configure for access or Trunk port.

For Layer 3 Communication we have to provide IP reachability between two VDC over same Physical Link which is used to connect the VDC externally even though they are in same physical switch.

Booting VDC

Booting VDC depends on how we have defined the boot order of the VDC. VDC with lowest Boot Order will boot first and multiple VDC can have same boot order. VDC with same boot order will boot parallel.

All VDCs will start booting at the same time, but there is no guarantee which one will start actual operations first since boot time may be different for different VDCs.

The boot order feature has the following characteristics:

  • More than one VDC can have the same boot order value. By default, all VDCs have the boot-order value of 1.
  • The Cisco NX-OS Software starts all VDCs with the same boot order value, followed by the VDCs with the next boot order value.
  • You cannot change the boot order for the default VDC; you can change the boot order only for nondefault VDCs.

VDC Configuration File

Each VDC has its own configuration file stored in NVRAM which contain VDC specific Configuration. Because of this separation of VDC Configuration file, VDC provide Fault Isolation which is discussed in previous sections.

Separate VDC configuration file also provides the configuration isolation as it may be that two or more VDC may contain the same VRF Number, Port-channel ID, VLAN Number etc.

Compatibility Matrix of Nexus 7000 Modules on VDC

Here first we will discuss how F cards are compatible and placed inside VDC based on Supervisor Modules.

Restrictions and Conditions of Allowed Module Type Mix on Ethernet VDCs

F2e Proxy mode

If We are using F2e and M card on same VDC and as we know that both supports L3 , so whenever L3 packet arrived in to VDC , F2e module works in Proxy mode and all traffic will be sent to M cards in same VDC. For F2e proxy mode, having routing adjacencies connected through F2e interfaces with an M1 Series module is not supported. However, routing adjacencies connected through F2e interfaces with an M2 Series module is supported.

If F2e module are in proxy mode then we can use F2e port as shared port in storage VDC.


    You are will be the first.


Please login here to comment.