Virtualize Absolutely Everything! Deploying F5 Viprion 2400 with FlexPod Validated Data Center Architectures

I recently traveled to the Toronto metro offices of Avnet Canada to work on the setup and deployment of an Exchange 2010 demonstration environment with F5 Viprion 2400.  This was an initiative between Scalar decisions, F5 and Avnet to document the integration between F5 and a FlexPod validated data center design.  My fellow engineers Sam Bilko (Cisco Advanced Services Architect) and Robin Mordasiewicz (Scalar Solutions Architect) completed a lot of work in a very short amount of time.  The goals of this initiative were as follows:

-  To document and demonstrate the integration between an F5 BIG-IP and the Cisco Nexus Switches

-  To demonstrate the power and ease of configuration in deploying VCMP on a Viprion 2400

-  To provide a complete solution that incorporates NetApp storage controllers, Cisco UCS blade compute, Nexus Layer 2 Switches and F5 LTM and APM running on Viprion

In the next series of posts I will provide some details on the configuration of the Cisco Nexus Virtual Port Channels (VPCs) and the setup of the F5 Trunk on the Viprion.  We will show the integration between these two components to provide our joint customers with a detailed ‘run book’ on the setup and deployment of the F5 ADC with a FlexPod.  For specific guidance on your enterprise consolidation projects I strongly encourage you to consult with your F5 and NetApp trusted advisors. For those of you in the great north, consulting with Scalar decisions would be a good start.

Part I Setup and Configuration Networking Components

Configure the F5 BIG-IP Trunk on a VIPRION Chassis

In this first section we will show the simultaneous setup of the F5 BIG-IP VIPRION chassis running BIG-IP LTM and the Cisco Nexus switches. We will start by configuring the trunk on the F5 BIG-IP LTM VIPRION chassis, and then configure the Cisco Nexus switches. In the below section there will be validation ‘check points’ demonstrating the interaction between the Cisco Nexus switches and BIG-IP LTM. At the conclusion we will see that the BIG-IP Trunk will be in an ‘up’ or active state.

We will start by creating the network Trunk on the Viprion we will log on to the Viprion CLI via SSH and execute the following commands as root:

root @(viprion)# create /net trunk trusted_internal_vlans_lacp_trunk interfaces add { 1/1.1 1/1.2 2/1.1 2/1.2 } lacp enabled

Show Status of Trunk (Trunk will be ‘down’ until configuration is performed on the Cisco Nexus Switch)

root@(virprion)# show net trunk trusted_internal_vlans_lacp_trunk

------------------------------------------------------------------------------------------------

Net::Trunk

Name Status Bandw Bits Bits Errs Errs Drops Drops Collisions

Mbps In Out In Out In Out

------------------------------------------------------------------------------------------------

trusted_internal_vlans_lacp_trunk down 0 259.2K 23.5K 0 0 339 0 0  

-------------------------------------------------------------

| Net::LACP Status (trunk: trusted_internal_vlans_lacp_trunk)

-------------------------------------------------------------

| SysID Key Priority

| Actor 0:23:e9:3:f:c0 1 4032

| Partner none 0 0

Configure Virtual Port Channels (VPCs) on the Cisco Nexus Switches

We will now connect the F5 BIG-IP VIPRION chassis by wiring cables into the Cisco Nexus Switches on Ports 7 and 8. The port channel will be configured as a trunk port. Two VLANs have been created which we will allow on the trunk port.

View Status of interfaces before configuration:

Avnet-Nexus-A# sh int brief

--------------------------------------------------------------------------------

Ethernet VLAN Type Mode Status Reason Speed Port

Interface Ch #

--------------------------------------------------------------------------------

Eth1/7 1 eth access up none 10G(D) --

Eth1/8 1 eth access up none 10G(D) --

The next step is to configure and build the Virtual Port Channel on the Cisco Nexus switch.

Avnet-Nexus-A(config)# int ethernet 1/7-8

Avnet-Nexus-A(config-if-range)# description viprion trusted_internal_vlans_lacp_trunk

Avnet-Nexus-A(config-if-range)# channel-group 7 mode active

Avnet-Nexus-A(config-if-range)# int port-channel 7

Avnet-Nexus-A(config-if)# vpc 7

Avnet-Nexus-A(config-if)# switchport mode trunk

Avnet-Nexus-A(config-if)# spanning-tree port type edge trunk

Warning: Edge port type (portfast) should only be enabled on ports connected to a single

 host. Connecting hubs, concentrators, switches, bridges, etc... to this

 interface when edge port type (portfast) is enabled, can cause temporary bridging loops.

 Use with CAUTION

Avnet-Nexus-A(config-if)# switchport trunk allowed vlan 1010, 172

Avnet-Nexus-A(config-if)# no shut

On the BIG-IP LTM VIPRION chassis, notice that the F5 reports the partners SysID, although the status is ‘down’. In order to bring the trunk to an ‘up’ state we will need to repeat the configuration on the peer Cisco Nexus switch.

root@(virprion)# show net trunk trusted_internal_vlans_lacp_trunk

 ---------------------------------------------------------------------------------------------

Net::Trunk                      

Name                               Status  Bandw    Bits   Bits  Errs  Errs  Drops  Drops  Colli

                                            Mbps      In    Out    In   Out     In    Out  sions

------------------------------------------------------------------------------------------------

trusted_internal_vlans_lacp_trunk    down      0  676.7K  79.8K     0     0    705      0      0

   -------------------------------------------------------------

  | Net::LACP Status (trunk: trusted_internal_vlans_lacp_trunk)

  -------------------------------------------------------------

  |                   SysID    Key  Priority

  | Actor    0:23:e9:3:f:c0      1      4032

  | Partner  0:23:4:ee:be:a  32775     32667

After configuration of the peer switch verify VPC  is now active

Avnet-Nexus-A(config-if)# sh vpc 7

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

7      Po7         up     success     success                    172,1010S