Configuring the Domain

This chapter contains the following sections:

Information About Domains

You must create a domain for the Cisco Nexus 1000V and then add control and packet VLANs for communication and management. This process is part of the initial setup of the Cisco Nexus 1000V when you install the software. If you need to create a domain later, you can do so by using the setup command or the procedures described in this chapter.

Layer 3 Control

Layer 3 control, or IP connectivity, is supported between the Virtual Supervisor Module (VSM) and the Virtual Ethernet Module (VEM) for control and packet traffic. With Layer 3 control, a VSM can be Layer 3 accessible and can control hosts that reside in a separate Layer 2 network. In the Layer 3 mode, all the VEMs hosts that are managed by VSM and the VSM can be in different networks.

To implement Layer 3 control, you must configure the VSM in Layer 3 mode.

Figure 1. Example of Layer 3 Control IP Connectivity . In this figure, VSM 1 controls VEMs in Layer 2 Network A and VSM 2 controls VEMs in Layer 2 Network B.



Guidelines and Limitations

  • UDP port 4785 is required for Layer 3 communication between the VSM and VEM. If you have a firewall in your network and are configuring Layer 3 control, make sure that UDP port 4785 is open on your upstream switch or firewall device. For more information, see the documentation for your upstream switch or firewall device.

  • In a Layer 2 network, you can switch between the Layer 2 and Layer 3 transport modes, but when you do so, the modules might be out of service briefly.

  • The capability attribute (Layer 3 control) cannot be inherited from the port profile.

  • Different hosts can use different VLANs for Layer 3 control.

  • A port profile used for Layer 3 control must be an access port profile. It cannot be a trunk port profile. The port profile created for Layer 3 control, can only be used for vmknic ports and not for VM ports, specifically VSM ports if VSM is hosted on the DVS.

  • You must configure Layer 3 (L3) capability control only for a vmk interface. If you add L3 capability control on a virtual ethernet (veth) interface, the system VLAN becomes ineffective for that veth.

  • We recommend that if you are using the VMware kernel NIC for Layer 3 Control, you do not use it for any other purpose. For example, do not also use the Layer 3 Control VMware kernel NIC for VMotion or network file system (NFS) mount.

  • You must configure control VLANs, packet VLANs, and management VLANs as regular VLANs and not as private VLANs.

Default Settings

Parameter

Default

VMware port group name (port-profile)

The name of the port profile

SVS mode (svs-domain)

Layer 3

Switchport mode (port-profile)

Access

State (port-profile)

Disabled

State (VLAN)

Active

Shut state (VLAN)

No shutdown

Configuring the Domain

This section includes the following procedures:

  • Creating a Domain

  • Changing to Layer 3 Transport

  • Changing to Layer 2 Transport

  • Creating a Port Profile for Layer 3 Control

  • Creating a Control VLAN

  • Creating a Packet VLAN

Creating a Domain

You can create a domain for the Cisco Nexus 1000V that identifies the VSM and VEMs and then add control and packet VLANs for communication and management. This process is part of the initial setup of the Cisco Nexus 1000V when installing the software. If you need to create a domain after initial setup, you can do so by using this procedure.


Note

We recommend the following:

  • Use one VLAN for control traffic and a different VLAN for packet traffic.

  • Use a distinct VLAN for each instances of Cisco Nexus 1000V (different domains)

Before You Begin

Before beginning this procedure, you must be logged in to the CLI in EXEC mode.

You must know the following information:

  • If two or more VSMs share the same control and/or packet VLAN, the domain helps identify the VEMs managed by each VSM.

  • A unique domain ID for this Cisco Nexus 1000V instance.

  • Identity of the VLANs to be used for control and packet traffic.

  • The svs mode command in the SVS Domain Configuration mode is not used and has no effect on a configuration.

Procedure
     Command or ActionPurpose
    Step 1switch# config terminal  

    Places you in global configuration mode.

     
    Step 2switch(config)# svs-domain 

    Places you in SVS domain configuration mode.

     
    Step 3switch(config-svs-domain)# domain id number 

    Creates the domain ID for this Cisco Nexus 1000V instance.

     
    Step 4switch(config-svs-domain)# control vlan number 

    Assigns the control VLAN for this domain.

     
    Step 5switch(config-svs-domain)# packet vlan number 

    Assigns the packet VLAN for this domain.

     
    Step 6switch(config--svs-domain)# show svs domain  (Optional)

    Displays the domain configuration.

     
    Step 7switch(config-svs-domain)# exit 

    Returns you to global configuration mode.

     
    Step 8switch(config)# copy running-config startup-config  (Optional)

    Copies the running configuration to the startup configuration.

      
    switch# config terminal 
switch(config)# svs-domain
switch(config-svs-domain)# domain id 100
switch(config-svs-domain)# control vlan 190
switch(config-svs-domain)# packet vlan 191
switch(config-vlan)# exit

switch(config)# show svs domain
SVS domain config:
Domain id: 317
Control vlan: 317
Packet vlan: 317
L2/L3 Control mode: L2
L3 control interface: NA
Status: Config push to VC successful.

Note: Control VLAN and Packet VLAN are not used in L3 mode.

switch(config)#
switch(config)# copy run start
[########################################] 100%
switch(config)#

    Changing to Layer 3 Transport

    This procedure requires you to disable the control and packet VLANs. You cannot change to Layer 3 Control before disabling the control and packet VLANs.

    Before You Begin

    Before beginning this procedure, you must be logged in to the CLI in EXEC mode.

    You have already configured the Layer 3 interface (mgmt 0 or control 0) and assigned an IP address.

    When control 0 is used for Layer 3 transport, proxy-arp must be enabled on the control 0 VLAN gateway router.

    Procedure
       Command or ActionPurpose
      Step 1switch(config)# show svs domain 

      Displays the existing domain configuration, including control and packet VLAN IDs.

       
      Step 2switch# config t  

      Places you in global configuration mode.

       
      Step 3switch(config)# svs-domain 

      Places you in SVS domain configuration mode.

       
      Step 4switch(config-svs-domain)# no packet vlan  

      Removes the packet VLAN configuration.

       
      Step 5switch(config-svs-domain)# no control vlan  

      Removes the control VLAN configuration.

       
      Step 6switch(config-svs-domain)# show svs domain  (Optional)

      Displays the domain configuration.

       
      Step 7switch(config-svs-domain)# svs mode L3 interface { mgmt0 | control0 } 

      Configures Layer 3 transport mode for the VSM domain.

      If configuring Layer 3 transport, then you must designate which interface to use; and the interface must already have an IP address configured.

       
      Step 8switch(config--svs-domain)# show svs domain  (Optional)

      Displays the new Layer 3 control mode configuration for this VSM domain.

       
      Step 9switch(config-svs-domain)# [no] control type multicast  

      Configures the control type multicast in Layer 3 mode on the VSM.

       
      Step 10switch(config--svs-domain)# show svs domain  (Optional)

      Displays the control type multicast status in Layer 3 mode on the VSM.

       
      Step 11switch(config)# copy running-config startup-config  (Optional)

      Copies the running configuration to the startup configuration.

        
      switch(config)# show svs domain
SVS domain config: 
  Domain id:    100 
  Control vlan: 100
  Packet vlan:  101
  L2/L3 Control mode: L2 
  L3 control interface:  NA
  Status: Config push to VC successful.
switch# config t
switch(config)# svs-domain
switch(config-svs-domain)# no packet vlan
switch(config-svs-domain)# no control vlan
switch(config)# show svs domain
SVS domain config: 
  Domain id:    100 
  Control vlan: 1  
  Packet vlan:  1  
  L2/L3 Control mode: L2 
  L2/L3 Control interface: NA
  Status: Config push to VC successful.
switch(config-svs-domain)# svs mode l3 interface mgmt0
SVS domain config: 
  Domain id:    100 
  Control vlan: NA  
  Packet vlan:  NA
  L2/L3 Control mode: L3 
  L3 control interface: mgmt0
  Status: Config push to VC successful.
switch(config-svs-domain)# show svs domain

switch(config-svs-domain)# control type multicast
switch(config)# show svs domain
SVS domain config:
  Domain id:    343
  Control vlan:  NA
  Packet vlan:   NA
  L2/L3 Control mode: L3
  L3 control interface: mgmt0
  Status: Config push to VC successful.
  Control type multicast: Yes

switch(config-svs-domain)# no control type multicast
switch(config)# show svs domain
SVS domain config:
  Domain id:    343
  Control vlan:  NA
  Packet vlan:   NA
  L2/L3 Control mode: L3
  L3 control interface: mgmt0
  Status: Config push to VC in progress.
  Control type multicast: No
  Limitation : Control type multicast is configured. It is not applicable in svs L2 mode.

switch(config-svs-domain)# copy running-config startup-config
[########################################] 100%
switch(config-svs-domain)#

      Changing to Layer 2 Transport

      You can change the transport mode to Layer 2 for the VSM domain control and packet traffic. The transport mode is Layer 3 by default, but if it is changed, you can use this procedure to configure it again as Layer 2.

      This procedure requires you to configure a control VLAN and a packet VLAN. You cannot configure these VLANs if the VSM domain capability is Layer 3 Control. You will first change the svs domain mode to Layer 2 and then configure the control VLAN and packet VLAN.

      Before You Begin

      Before beginning this procedure, you must be logged in to the CLI in EXEC mode.

      Procedure
         Command or ActionPurpose
        Step 1switch(config)# show svs domain 

        Displays the existing domain configuration, including control and packet VLAN IDs and the Layer 3 interface configuration.

         
        Step 2switch# config t  

        Places you in global configuration mode.

         
        Step 3switch(config)# svs-domain 

        Places you in SVS domain configuration mode.

         
        Step 4switch(config-svs-domain)# svs mode L2  

        Configures Layer 2 transport mode for the VSM domain.

         
        Step 5switch(config-svs-domain)# control vlan vlanID  

        Configures the specified VLAN ID as the control VLAN for the VSM domain.

         
        Step 6switch(config-svs-domain)# packet vlanvlanID  

        Configures the specified VLAN ID as the packet VLAN for the VSM domain.

         
        Step 7switch(config-svs-domain)# show svs domain  (Optional)

        Displays the new Layer 2 control mode configuration for this VSM domain.

         
        Step 8switch(config)# copy running-config startup-config  (Optional)

        Copies the running configuration to the startup configuration.

          
        switch# show svs domain
SVS domain config:
Domain id: 317
Control vlan: NA
Packet vlan: NA
L2/L3 Control mode: L3
L3 control interface: mgmt0
Status: Config push to VC successful.
Control type multicast: No 
switch# config t
switch(config)# svs-domain
switch(config-svs-domain)# svs mode l2
switch(config-svs-domain)# control vlan 100
switch(config-svs-domain)# packet vlan 101
switch(config-svs-domain)# show svs domain
SVS domain config: 
  Domain id:    100 
  Control vlan: 100
  Packet vlan:  101 
  L2/L3 Control mode: L2 
  L3 control interface: NA
  Status: Config push to VC successful.
switch(config-svs-domain)# copy running-config startup-config
[########################################] 100%

        Creating a Port Profile for Layer 3 Control

        You can allow the VSM and VEM to communicate over IP for control and packet traffic.

        Before You Begin

        Before beginning this procedure, you must be logged in to the CLI in EXEC mode.

        You must know the following information:

        • The transport mode for the VSM domain has already been configured as Layer 3.

        • All VEMs belong to the same Layer 2 domain.

        • The VEM VM kernel NIC connects to this Layer 3 control port profile when you add the host to the Cisco Nexus 1000V DVS.

        • Only one VM kernel NIC can be assigned to this Layer 3 control port profile per host.

        • The VLAN ID for the VLAN you are adding to this Layer 3 control port profile:

          • The VLAN must already be created on the Cisco Nexus 1000V.

          • The VLAN assigned to this Layer 3 control port profile must be a system VLAN.

          • One of the uplink ports must already have this VLAN in its system VLAN range.

        • The port profile must be an access port profile. It cannot be a trunk port profile. This procedure includes steps to configure the port profile as an access port profile.

        • More than one port profile can be configured with the capability L3 control command. These can only be used for vmknic ports and not for VM ports, specifically VSM ports if VSM is hosted on the DVS.

        • Different hosts can use different VLANs for Layer 3 control.

        • VEM modules will not register to the VSM before a vmkernel interface (vmk) is migrated to a Layer 3 control capable port profile.

        Procedure
           Command or ActionPurpose
          Step 1switch# config terminal  

          Places you in global configuration mode.

           
          Step 2switch(config)# port-profile name  

          Creates a port profile and places you into Port Profile Configuration mode for the named port profile.

          The name argument can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

           
          Step 3switch(config-port-prof)# capability l3control 

          Allows the port to be used for IP connectivity.

           
          Step 4switch(config-port-prof)# vmware port-group [name] 

          Designates the port profile as a VMware port group.

          The port profile is mapped to a VMware port group of the same name. When a vCenter Server connection is established, the port group created in Cisco Nexus 1000V is then distributed to the virtual switch on the vCenter Server.

          If you do not specify a name, then the port group name will be the same as the port profile name. If you want to map the port profile to a different port group name, use the alternate name.

           
          Step 5switch(config-port-prof)# switchport mode access  

          Designates that the interfaces are switch access ports (the default).

           
          Step 6switch(config-port-prof)# switchport access vlan vlanID  

          Assigns the system VLAN ID to the access port for this Layer 3 control port profile.

           
          Step 7switch(config-port-prof)# no shutdown  

          Administratively enables all ports in the profile.

           
          Step 8switch(config-port-prof)# system vlan vlanID 

          Adds the system VLAN to this Layer 3 control port profile.

          This command ensures that, when the host is added for the first time or rebooted later, the VEM can reach the VSM. One of the uplink ports must have this VLAN in its system VLAN range.

           
          Step 9switch(config-port-prof)# state enabled 

          Enables the Layer 3 control port profile.

          The configuration for this port profile is applied to the assigned ports, and the port group is created in the VMware vSwitch on vCenter Server.

           
          Step 10switch(config-port-prof)# show port-profile name name  (Optional)

          Displays the current configuration for the port profile.

           
          Step 11switch(config)# copy running-config startup-config  (Optional)

          Copies the running configuration to the startup configuration.

            
          switch# config terminal
switch(config)# port-profile l3control-150
switch(config-port-prof)# capability l3control
switch(config-port-prof)# vmware port-group 
switch(config-port-prof)# switchport mode access
switch(config-port-prof)# switchport access vlan 150
switch(config-port-prof)# no shutdown
switch(config-port-prof)# system vlan 150
switch(config-port-prof)# state enabled
switch(config-port-prof)# show port-profile name l3control-150
port-profile l3control-150
  description: 
  type: vethernet
  status: enabled
  capability l3control: yes
  pinning control-vlan: 8
  pinning packet-vlan: 8
  system vlans: 150
  port-group: l3control-150
  max ports: 32
  inherit: 
  config attributes:
    switchport mode access
    switchport access vlan 150
    no shutdown
  evaluated config attributes:
    switchport mode access
    switchport access vlan 150
    no shutdown
  assigned interfaces:
switch(config-port-prof)# copy running-config startup-config

          Creating a Control VLAN

          Before You Begin

          Before beginning this procedure, you must be logged in to the CLI in EXEC mode.

          Be sure you have already configured and enabled the required switched virtual interface (SVI) using the document, Cisco Nexus 1000V Interface Configuration Guide. The SVI is also called the VLAN interface and provides communication between VLANs.

          You must know the following:

          • If Layer 3 Control is configured on your VSM, you cannot create a control VLAN. You must first disable Layer 3 Control.

          • How VLANs are numbered.

          • That newly created VLANs remain unused until Layer 2 ports are assigned to them.

          Procedure
             Command or ActionPurpose
            Step 1switch# config t  

            Places you in global configuration mode.

             
            Step 2switch(config)# vlan 30 

            Creates VLAN ID 30 for control traffic and places you in VLAN configuration mode.

            Note   

            If you enter a VLAN ID that is assigned to an internally allocated VLAN, the CLI returns an error message.

             
            Step 3switch(config-vlan)# name cp_control 

            Adds the descriptive name, cp_control, to this VLAN.

             
            Step 4switch(config-vlan)# state active 

            Changes the operational state of the VLAN to active.

             
            Step 5switch(config-vlan)# show vlan id 30  (Optional)

            Displays the configuration for VLAN ID 30.

             
            Step 6switch(config)# copy running-config startup-config  (Optional)

            Copies the running configuration to the startup configuration.

              
            switch# config t
switch(config)# vlan 30
switch(config-vlan)# name cp_control
switch(config-vlan)# state active
switch(config-vlan)# show vlan id 30
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
30   cp_control                       active    

VLAN Type MTU
---- -----
5    enet 1500

Remote SPAN VLAN
----------------
Disabled 

Primary  Secondary  Type             Ports
-------  ---------  ---------------  -------------------------------------------
switch(config-vlan)# copy running-config startup-config

            Creating a Packet VLAN

            Before You Begin

            Before beginning this procedure, be sure you have done the following:

            • Logged in to the CLI in EXEC mode

            • Configured and enabled the required switched virtual interface (SVI)

            • Familiarized yourself with how VLANs are numbered.


            Note

            Newly created VLANs remain unused until Layer 2 ports are assigned to them.

            Procedure
               Command or ActionPurpose
              Step 1switch# config t  

              Places you in global configuration mode.

               
              Step 2switch(config)# vlan vlan-id 

              Creates VLAN ID for packet traffic and places you in VLAN configuration mode.

              Note   

              If you enter a VLAN ID that is assigned to an internally allocated VLAN, the CLI returns an error message.

               
              Step 3switch(config-vlan)# name vlan-name 

              Adds the descriptive name to this VLAN.

               
              Step 4switch(config-vlan)# state vlan-state 

              Changes the operational state of the VLAN to active or suspend.

               
              Step 5switch(config-vlan)# show vlan id vlan-id  (Optional)

              Displays the configuration for the VLAN ID.

               
              Step 6switch(config-vlan)# exit  

              Returns you to global configuration mode.

               
              Step 7switch(config)# copy running-config startup-config  (Optional)

              Copies the running configuration to the startup configuration.

                
              switch# config t 
switch(config)# vlan 31
switch(config-vlan)# name cp_packet
switch(config-vlan)# state active
switch(config-vlan)# exit
switch(config)# show vlan id 31

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
31   cp_packet                        active    

VLAN Type MTU
---- -----
5    enet 1500

Remote SPAN VLAN
----------------
Disabled 

Primary  Secondary  Type             Ports
-------  ---------  ---------------  -------------------------------------------

switch(config)# copy run start
[########################################] 100%
switch(config)#

              Feature History for the VSM Domain

              This table only includes updates for those releases that have resulted in additions to the feature.

              Feature Name

              Releases

              Feature Information

              Layer 3 Control

              4.0(4)SV1(2)

              Added the following information:

              • About Layer 3 Control

              • Guidelines and Limitations

              • Changing to Layer 2 Transport

              • Changing to Layer 3 Transport

              • Creating a Port Profile for Layer 3 Control

              VSM Domain

              4.0(4)SV1(1)

              This feature was introduced.