Multi-Mobility Domain Auto-Configuration

Multi-Mobility Domain


Note
This chapter is applicable only for multi-tenancy lite version as multi-tenancy full version already supports multi-mobility.

The multi-mobility domain chapter describes the characteristics of DFA multi-mobility domain, mobility domain and detectable range, auto-configuration flow on a switch, per-port VLAN auto-configuration, VPC+ and per-port VLAN translation, and per-port VLAN translation and FEX.

Information About Multi-Mobility Domain

A mobility domain defines a unique Layer-2 name space (for example, the VLAN domain and range), which can be represented by a virtual machine manager or data center definition.

A mobility domain is configured using the fabric database mobility-domain name command in a leaf switch.

This global mobility domain is used as a key to retrieve the DFA auto-configuration profile for a dot1q based host/tenant from the remote repository (LDAP). The lookup is dot1q VLAN ID and mobility domain. This is a switch global configuration, hence a leaf switch can only belong to a single mobility domain.

A given dot1q VLAN ID can be associated only to a single mobility domain that is the same dot1q VLAN ID cannot be used for different hosts/tenants belonging to different customer on a leaf switch. To overcome this situation, DFA multi-mobility domain feature introduces the flexibility to have the following:

  • Reuse of a same dot1q VLAN ID on different hosts (VMs) on a leaf switch, which might belong to different customers while segregating the traffic for these VLAN IDs using the VLAN translation feature.


Note
This feature is only applicable to dot1q packet-instantiated auto-configuration, but not applicable to VDP control plane-instantiated auto-configuration.

This feature is supported only on Cisco Nexus 5600 Platform Switches and Cisco Nexus 6000 Series Switches.

Understanding Multi-Mobility Domain

  • The multi-mobility domain feature allows configurations of multiple mobility domains on a leaf switch and ports are made members of one of the mobility domain. A port can belong to one mobility domain (MD) at any time.

  • A set of dot1q VLAN IDs is also defined in a leaf switch, which can be reused and are subject to the VLAN translation for the mobility domains. This set of VLAN ID is referred to as the translation VLAN range. The other VLAN IDs have global significance (no translation) across the mobility domains.

  • The VLAN IDs, which are not part of translation VLAN range, have global significance (no translation) across the mobility domains.

  • DFA auto-configuration with VLAN translation is triggered for VLAN ID in the translation range using the following lookup key: incoming dot1q VLAN ID + interface mobility domain. Hence, if required, there has to be a unique DFA auto-configuration remote DB (LDAP) entry for each VLAN ID in the translation range per mobility domain.

  • A VLAN translation involves a pair of VLANs: the incoming dot1q tag on the wire, which we will refer to as the from VLAN, and the translated VLAN, which we will refer to as the to VLAN.

  • The to VLAN is picked from the DFA Dynamic Server VLAN Pool during the auto-configuration.

  • The VLAN translation is unique to a mobility domain and will be applied to all ports belonging to the mobility domain during the auto-configuration. The appropriate switchport VLAN mapping <from> <to> CLIs will be generated on the ports.

  • A special mobility domain, called the global mobility domain, has to be provisioned on the switch before other mobility domain can be provisioned and is mandatory in case other mobility domain has to be provisioned. This mobility domain has these characteristics:

    • Equivalent of the global mobility domain from previous release

    • All switch Layer-2 CE access/trunk interfaces belong to this mobility domain by default

    • Does not support any VLAN translations, that is VLAN IDs defined under this range will not be translated

  • VLAN IDs, which are not in the translation range, can be auto-configured from any interface/port regardless of the mobility domain the interface/port belongs to. There is a single DFA auto-configuration entry for the global VLAN ID in the remote database (LDAP). This entry is looked up using global VLAN ID + global mobility domain.

  • The maximum number of mobility domains that can be supported is 96 per switch.

Mobility Domain Detectable Range

  • You must specify the set of detectable VLANs during mobility domain configuration and it must be a subset of the (4K - DFA Dynamic System VLAN range).

    • The global mobility domain does not support VLAN translation, hence its detectable range cannot cover the translate range.

  • The figure below shows the relationships of the new configurations and the mobility domain detectable ranges.


Note
VLAN IDs used are only for illustration. MD0 is the global mobility domain.
Figure 1. Mobility Domain Detectable Range

The DFA auto-configuration flow summary on switch is shown below.

Figure 2. Auto-Configuration Flow Summary



DFA Per-Port VLAN Auto-Configuration

Figure 3. DFA Per-Port VLAN Auto-Configuration



  1. Packet arrives on interface.

  2. Lookup VLAN 10 + MD1 in remote DB.

  3. Determine the "to" VLAN to use for translation. Pick free VLAN from system dynamic VLAN range.

  4. Program VLAN translation (switchport VLAN mapping 10-100) on all interfaces of the mobility domain.

  5. Similar process as above for VLAN 10 packet arriving on MD2 interface. Note that the "to" VLAN is different, to provide the traffic segregation.

  6. Auto-configuration of a global VLAN 20. VLAN is available on all interfaces, except on MD1, where it is not a part of the detectable range.

Stitching of Multi-Mobility Domain (Special Case)

Figure 4. Stitching of Multi-Mobility Domain



  1. For VLAN 10 packet arriving on MD1 interface similar process as in previous example and "to" VLAN is 100 for MD1.

  2. Packet arrives on interface.

  3. Lookup VLAN 11 + MD2 in remote database (DB).

  4. The "to" VLAN already exist in the local database (DB) for the retrieved Cisco Virtual Network Identifier (VNI).

  5. Program VLAN translation (switchport vlan mapping 11 100) on all interfaces of the mobility domain.

VPC and Per-Port VLAN Translation

Figure 5. VPC+ and Per-Port VLAN Translation



  • The mobility domain configuration needs to be consistent on the VPC+ switches to avoid auto-configuration issues.

  • New per-interface VPC+ inconsistency rules introduced that suspend the interfaces on an inconsistency.

Per-Port VLAN Translation and FEX

  • Fabric Extender (FEX) HW/SW design requires the same VLAN translations for all Host Interfaces (HIF) belonging to the FEX module.

    • The obvious conclusion is that entire FEX module can only belong to one mobility domain.

    • The mobility domain can be configured on HIF (and HIF PO) interfaces only. The last successful HIF mobility domain configuration determines the mobility domain for the entire FEX module.

      • All HIFs that are not configured with the same mobility domain as the FEX module mobility domain are error-disabled with status/reason = Mobility-DomainMismatch

      • The HIFs are automatically recovered from the error-disabling when the mobility domain configuration is made consistent with the FEX module

  • The VLAN translation CLIs are not generated for the HIF interfaces after the auto-configuration, but instead are programmed for the FEX NIF interfaces/PO.

Configuring Multi-Mobility Domain Auto-Configuration

Configuring Translate Eligible VLANs

Before You Begin

  • Feature Fabric Forwarding should be enabled.

  • System fabric dynamic VLANs should be configured.

Guidelines

  • Ensure translate eligible range does not overlap system fabric dynamic VLAN ranges.

  • Ensure translate eligible range does not include any VLANs in the switch that have already been created.

SUMMARY STEPS

    1.    configure terminal

    2.    [no] system fabric translate-vlans vlan-range

    3.    copy running-config startup-config

    4.    show running-config all


DETAILED STEPS
     Command or ActionPurpose
    Step 1configure terminal


    Example: 
    switch# configure terminal
     

    Enters global configuration mode.

     
    Step 2[no] system fabric translate-vlans vlan-range


    Example: 
    switch(config)# system fabric translate-vlans 100-110,1001-1499,3501-3502
     

    Configures system eligible translate VLAN range for a leaf switch.

     
    Step 3copy running-config startup-config


    Example: 
    switch(config)# copy running-config startup-config
     

    (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

     
    Step 4 show running-config all


    Example: 
    switch# show running-config all
     

    Displays the running configuration for the switch, which also includes translate eligible VLAN range configuration.

     

    Configuring Mobility Domain

    Before You Begin

    • Global mobility domain must be configured before other mobility domains

    Guidelines

    • All Layer-2 CE access/trunk ports become part of this mobility domain automatically

    • Detectable VLAN rules:

      • Must include the native VLANs of the trunks (including VLAN 1) for proper Layer-2 protocol operations

      • Cannot overlap the system dynamic VLAN range

      • For the global mobility domain, it cannot overlap the translate range

    • The "default" keyword will set the detectable range as follows:

      • Global mobility domain: 4K – system dynamic VLAN range – translate range

      • Mobility domain: 4K – system dynamic VLAN range

    SUMMARY STEPS

      1.    configure terminal

      2.    [no] system fabric global-mobility-domain detectable-vlans {<vlan-id-or-range> | default}

      3.    [no] system fabric mobility-domain md-name detectable-vlans{<vlan-id-or-range> | default}

      4.    show global-mobility-domain

      5.    show mobility-domain <md-name>

      6.    copy running-config startup-config


    DETAILED STEPS
       Command or ActionPurpose
      Step 1configure terminal


      Example: 
      switch# configure terminal
       

      Enters global configuration mode.

       
      Step 2[no] system fabric global-mobility-domain detectable-vlans {<vlan-id-or-range> | default}


      Example: 
      switch(config)# system fabric global-mobility-domain detectable-vlans 1, 200-998
       
      Configures global mobility domain and detectable VLANs for this global mobility domain.
      Note   

      Interface native VLAN should be included in the detectable range of mobility domain.

       
      Step 3[no] system fabric mobility-domain md-name detectable-vlans{<vlan-id-or-range> | default}


      Example: 
      switch(config)# system fabric mobility-domain md2 detectable-vlans 1, 100-110, 500, 1000-1008
       

      Configures other mobility domains in the switch.

       
      Step 4show global-mobility-domain


      Example: 
      switch# show global-mobility-domain
       

      (Optional) Displays detectable VLANs configured under global mobility domain and all interfaces which are part of global mobility domain.

       
      Step 5show mobility-domain <md-name>


      Example: 
      switch# show mobility-domain md2
       

      (Optional) Displays detectable VLANs and translate eligible VLANs configured under the input mobility domain and interfaces which are part of this mobility domain.

       
      Step 6copy running-config startup-config


      Example: 
      switch(config)# copy running-config startup-config
       

      (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

       

      This example shows how to display the global mobility domain information: 

      switch# show global-mobility-domain

Detectable VLANs: 200-998,3503
Translate VLANs: 
Interfaces: Eth1/9 Eth1/10 Eth1/11 Eth1/12 Eth1/14 Eth1/15 Eth1/16 Eth1/17 Eth1/18 Eth1/19 Eth1/20 Eth1/21 Eth1/22 Eth1/23 Eth1/24 Eth1/25 
Eth1/26 Eth1/27 Eth1/28 Eth1/29 Eth1/30 Eth1/31 Eth1/32 Eth1/33 Eth1/34 Eth1/35 Eth1/36 Eth1/37 Eth1/38 Eth1/41 Eth1/42 Eth1/43 Eth1/44 
Eth1/45 Eth1/46 Eth1/48

      This example shows how to display the other mobility domain information: 

      switch# show mobility-domain md2

Detectable VLANVLANs: 1,100-110,500,1000-1008
Translate VLANVLANs: 100-110,1001-1008
Interfaces: Po5 Po11 Po12 Po13 Po14 Po15 Po20 Po21 Eth1/1 Eth1/2 Eth1/3 Eth1/4 Eth1/5 Eth1/6 Eth1/7 Eth1/8 Eth1/13 Eth101/1/2 Eth101/1/10

      Configuring Per Port Mobility Domain

      Before You Begin

      • Ensure translate VLAN ranges and mobility domains are configured

      Guidelines

      • CLI configuration is supported only for Layer-2 CE trunk interfaces

      • Only Layer-2 CE trunk interfaces can be made members of non-global mobility domain

      • Issuing the 'no' CLI moves the interface to the global mobility domain automatically

      SUMMARY STEPS

        1.    configure terminal

        2.    interface ethernet slot/chassis

        3.    switchport mode trunk

        4.    [no] switchport mobility-domain <md-name>

        5.    copy running-config startup-config


      DETAILED STEPS
         Command or ActionPurpose
        Step 1configure terminal


        Example: 
        switch# configure terminal
         

        Enters global configuration mode.

         
        Step 2interface ethernet slot/chassis


        Example: 
        switch(config)# interface ethernet 1/1
         

        Enters interface configuration mode.

         
        Step 3switchport mode trunk


        Example: 
        switch(config-if)# switchport mode trunk
         

        Configures interface in switchport trunk mode.

         
        Step 4[no] switchport mobility-domain <md-name>


        Example: 
        switch(config)# switchport mobility-domain md2
         

        Configures mobility domain on an interface.

         
        Step 5copy running-config startup-config


        Example: 
        switch(config)# copy running-config startup-config
         

        (Optional) Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

         

        Verifying Per Port VLAN Mapping

        SUMMARY STEPS

          1.    show running-config interface ethernet slot/chassis.


        DETAILED STEPS
           Command or ActionPurpose
          Step 1show running-config interface ethernet slot/chassis.

          Example: 
          switch# show running-config interface ethernet 1/1
           

          Displays the running configuration of an input interface.

           
          Show Commands - vpc + related

          This example shows the port-channel configuration: 

          switch# show running-config interface po5

!Command: show running-config interface port-channel5
!Time: Mon Dec  8 02:34:01 2014

version 7.1(0)N1(1)

interface port-channel5
  switchport mode trunk
  switchport vlan mapping 101 3000 
  switchport mobility-domain md1
  vpc 5

          This example shows how to check the interface MD and its corresponding detectable range: 

          switch# show vpc consistency-parameters int port-channel 5

Legend:
        Type 1 : vPC will be suspended in case of mismatch
Name                        Type  Local Value            Peer Value             
-------------               ----  ---------------------- -----------------------
Shut Lan                    1     No                     No                    
STP Port Type               1     Default                Default               
STP Port Guard              1     None                   None                  
STP MST Simulate PVST       1     Default                Default               
mode                        1     on                     on                    
Speed                       1     1000 Mb/s              1000 Mb/s             
Duplex                      1     full                   full                  
Port Mode                   1     trunk                  trunk                 
Native VLAN                 1     1                      1                     
MTU                         1     1500                   1500                  
Admin port mode             1     trunk                  trunk                 
Detectable VLANs            1     20-100                 20-100                
Mobility Domain             1     MD1                    MD1                   
vPC+ Switch-id              1     50                     50                    
vPC card type               1     Empty                  Empty                 
Allowed VLANs               -     1                      1                     
Local suspended VLANs       -     -                      -

          This example shows how to check the interface mobility domain configuration related consistency for VPC interface: 

          switch# show vpc brief

[snip]
Per-VLAN consistency status   : failed                        
Type-2 consistency status     : success 
vPC role                      : secondary                     
Number of vPCs configured     : 4   
[snip]
vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active VLANs    
--   ----   ------ --------------------------------------------------
1    Po24   up     1,2130                                                    
vPC status
---------------------------------------------------------------------------
id     Port        Status Consistency Reason       Active VLANs vPC+ Attrib
--     ----------  ------ ----------- ------       ------------ -----------
[snip]
5    Po5           down*  failed      Mobility     -            DF: No, FP   
                                      domain                    MAC: 50.0.0  
                                      related                                
                                      inconsistency