In Nexus 7000 series switches, there are four types of VDC.
- Default VDC
- Non-Default VDC
- Admin VDC
- Storage VDC
Default VDC is supported on Nexus 7000 Only, As soon as we boot the Nexus Device, we get login in to Default VDC.
All hardware resources of the switch belong to default VDC and Default VDC has ID 1.
Default VDC has following features:
- VDC 1 is said to be Default VDC
- Default VDC is used to create, Delete, and manages other VDC
- Default VDC cannot be deleted
- Via Default VDC we can allocate the Ports to Non-Default VDC.
- Default VDC can be replaced to Admin VDC from Cisco NX-OS 61.
- Default VDC can interact with other VDC via management Plane.
- System wide parameters like CoPP, NTP , and other configuration can be configured from Default VDC
- Default VDC can also be used to install license.
- Once Default VDC is reloaded, entire Switches gets reloaded.
- Default VDC can be used for EPLD upgrades and also used for Ethanalyzer captures.
Those VDC which are created by default VDC and is used for daily Production traffic is said to be Non-Default VDC.
- This Type of VDC is said to be fully functional and has all capabilities.
- Any changes which is done on any Non-Default VDC is applicable to that VDC only.
- Each Non-Default VDC has its own discrete Configuration File.
- Discrete Checkpoints can also be used per VDC in Non-Default VDC
- Non-Default VDC runs its own set of L2/L3 Protocol per VDC and thus provide Fault isolation.
To use Default VDC for production, we can now have ability to replace Default VDC to Admin VDC or Create Admin VDC at time of first time installation. When Admin VDC is created, one VDC per Sup also gets increases, you can check this in VDC licenses section. Purpose of Admin VDC is for administrative purpose only. As this VDC is used for administrative purpose, only management port will be its member.
Following are the benefits of Admin VDC:
- Admin VDC is purely used for administrative purpose
- Copp Configuration , VDC Creation, Suspension, deletion, interface allocation can be done by Admin VDC
- Port-channel configuration can also be done by Admin VDC
- Admin VDC provides VDC level Security
- Module control is also done by Admin VDC like Poweroff module and Out-Of-Service etc.
- Admin VDC also manage License
- Via Admin VDC you cannot perform L2/L3 features including routing protocols
- Admin VDC has very Limited feature support like ntp, password, privilege, ssh, tacacs+, telnet etc.
- Once Created , it can be deleted or cannot be changed back to Default VDC.
From NX-OS 6.1 admin VDC can be enabled at initial system boot up process on Sup2/Sup2e
From NX-OS 6.2(2) Sup 1 also started supporting admin VDC with same function like Sup2/2e modules. When it is enabled only mgmt0 port is allocated to admin VDC.
Creating Admin VDC:
There are three methods to create Admin VDC.
- On fresh Switch Bootup, on CLI or Console, it will ask to create the admin VDC, if you choose yes than it will create the Admin VDC. This Option is only used in new installation and does not recommends to use when migrating from Sup1 to Sup2/2e.
- If you already have Default VDC created, then use system admin-vdc, Default VDC will become Admin VDC. But doing this all nonglobal configuration in Default VDC will be lost, This option is used only in existing environment where Default VDC is used for admin purpose only and not used for production traffic.
- Use system admin-vdc migrate < new vdc name > command , in this , Default VDC will be changed to Admin VDC and a New VDC will be created on name which you have supplied on command and all nonglobal configuration will be copied in to it. This option is used only when default VDC has been used for production environment.
Module Type VDC is the VDC in which we can define which module ports can only be allocated to that VDC. We can restrict the VDC to allocate certain type of module ports. This can be achieved by “module-type” parameter.
We can specify different module type in the above mentioned command:
- M1: Specifies that VDC can contain only M1 Module port types.
- M1-XL: Specifies that VDC can contain only M1-XL Module port types.
- F1: Specifies that VDC can contain only F1 Module port types.
- F2: Specifies that VDC can contain only F1 Module port types.
With the help of limit-resource module type command we can also restrict or limit the port allocation of some set of module to particular VDC.
Example: limit-resource module-type f1, m1, m1XL
Allow mix of F1, M1, M1XL ports module in particular VDC.
Note: F2 module cannot not coexists in same VDC with other non-F2 Modules. So if you are making VDC which has only F2 module you must use limit-resource module type F2 command.
If you allocated the conflicting Module in any VDC, these Module are placed in to Suspend or OIR state, due to which interface are not available for configuration.
Resource allocation in VDC:
This feature provides the resources as needed and is mostly used in Multi-Tenancy shared infrastructure. By default following resources are already allocated to VDC once it is created however we can increase or decrease its limit based on it configuration via VDC templates.
CPU share can also been allocated under each VDC and shares are defined on scale of 1-10 with default value 5. VDC Priority is defined by 1 to 10, 1 being lowest and 10 being highest.
Here we will also learn that how Resource utilization is done on L2 and L3 level.
Resource Utilization: MAC address table
In this we will see how Resource utilization is done at L2. In general the forwarding engine of each I/O module learns the Layer 2 MAC address and maintain its local copy in L2 Forwarding table.
As soon as I/O Module learns any Mac address, a copy of MAC address is forwarded to all other I/O modules which synchronizes that MAC address on all I/O modules. But when VDC comes in to picture , Mac address will be forwarded to only those Modules which are part of that particular VDC.
Let’s understand this by example:
- On I/O module 1, MAC A is learned on Port 1/1 on VDC 10
- This MAC address is installed on L2 Forwarding table of Module 1
- Now This MAC “A” is forwarded to I/O module 2 and 3
- Now Module 3 does not have any port on VDC 10 so it will not install the MAC A on it forwarding table where as Module 2 has ports allocated to VDC 10 so it will learn the MAC A on it forwarding table.
Layer 3 Resource Utilization:
In General if No VDC is configured, TCAM on all I/O modules contain same set of routing and access entries. Now if we configure VDC and allocates the ports of I/O modules on VDC then we improve the hardware resource utilization.
This can be done in such a way that we should avoid combining ports of Modules which have high numbers of Routes and Access-Lists entries.
Example can be used to understand this:
Avoid combining VDC 10 and VDC 20 and VDC 30 together
You can combine VDC 10 and VDC 30, VDC 20 and VDC 30 or VDC 30 and VDC 40