Nexus 7000 Series VDC Concepts and Configuration: Notes on
Table of Contents
Virtual Device Context
Virtual Device Context (VDC) partitions a single physical device into multiple logical devices that provide fault isolation, management isolation, address allocation isolation, service differentiation domains, and adaptive resource management. VDC also virtualizes the control plane, which includes all those software functions that are processed by the CPU on the active supervisor module.
VDCs Naming Space
VDC administrators working in Ethernet VDCs can use virtual routing and forwarding (VRF) instance names and VLAN IDs independent of those used in other VDCs. Each VDC administrator essentially interacts with a separate set of processes, VRFs, and VLANs.
VDC feature require appropriate licences. Without a license, the following restrictions will prevent you from creating additional VDCs:
- Only the default VDC can exist and no other VDC can be created.
- On all supported Supervisor modules, if you enable the default VDC as an admin VDC, you can only enable one non-default VDC.
Default VDC/ Admin VDC
The physical device always has at least one VDC, the default VDC (VDC 1). You must be in the default VDC or admin VDC to create, change attributes for, or delete a non-default VDC.
Admin VDC has the following configuration guidelines and limitations:
- No features or feature sets can be enabled in an admin VDC except the following:
- Control Plane Policing (CoPP)
- Fabric Extender
- Multiprotocol Label Switching (MPLS)
- No interfaces from any line card module can be allocated to an admin VDC. Only mgmt0 can be allocated to an admin VDC which means that for an admin VDC, only out-of-band management is possible through the mgmt0 interface and console port.
- When an admin VDC is enabled at bootup, it replaces the default VDC. Once an admin VDC is created, it cannot be deleted and it cannot be changed back to the default VDC. To change it back to the default VDC, erase the configuration and perform a fresh boot up.
The storage VDC is one of the non-default VDCs and it does need a license. However, a storage VDC does not need a VDC license because it relies on the FCoE license installed to enable the FCoE function on the modules.
You must configure one and only one dedicated storage VDC to run FCoE on the Cisco Nexus 7000 Series devices and you cannot configure the default VDC as a storage VDC.
Caution: The numbers must be unique between FCoE and Ethernet VLANs. That is, the numbers used on the FCoE VLANs in the storage VDCs must be different than any of the VLAN numbers used in the Ethernet VDCs.
Allocating Interfaces to VDC
If you have the network-admin user role, you can allocate physical device resources exclusively for the use of a VDC. The only physical resources that you can allocate to a VDC are the Ethernet interfaces. For the Ethernet VDCs, each physical Ethernet interface can belong to only one VDC, including the default VDC, at any given time.
When you allocate an interface to a VDC, all configurations for that interface is erased. You, or the VDC
administrator, must configure the interface from within the VDC.
Interfaces that belong to the same port group must belong to the same VDC. Beginning with Cisco NX-OS Release 5.2(1) for Nexus 7000 Series devices, all members of a port group are automatically allocated to the VDC when you allocate an interface.
VDC and Role-Based Access Control (RBAC)
The Cisco NX-OS software provides default user roles with different levels of authority for VDC administration
- network-admin—The network-admin role exists only in the default VDC and allows access to all the
global configuration commands (such as reload and install) and all the features on the physical device.
- network-operator—The network-operator role exists only in the default VDC and allows users to display
information for all VDCs on the physical device.
- vdc-admin—Users who have the vdc-admin role can configure all features within a VDC. Users with
either the network-admin or vdc-admin role can create, modify, or remove user accounts within the
- vdc-operator—Users assigned with the vdc-operator role can display information only for the VDC.
Users with either the network-admin or vdc-admin role can assign the vdc-operator role to user accounts
within the VDC.
VDC resource templates set the minimum and maximum limits for shared physical device resources when you create the VDC. The Cisco NX-OS software reserves the minimum limit for the resource to the VDC. Any resources allocated to the VDC beyond the minimum are based on the maximum limit and availability on the device.
The high-availability (HA) policies for a VDC define the action that the Cisco NX-OS software takes when an unrecoverable VDC fault occurs. These policies can be:
- Bringdown—Puts the VDC in the failed state.
- Reload— Reloads the supervisor module.
- Restart—Takes down the VDC processes and interfaces and restarts them using the startup configuration.
- Switchover— Initiates a supervisor module switchover.
VDCs Boot Order
You can specify the boot order for the VDCs on the Cisco NX-OS device. By default, all VDCs start in parallel
with no guarantee as to which VDC completes starting first. VDCs with the lowest boot order value boot first.
Admin VDC Configuration:
VDC Resource Templates Configuration:
Suspending/ Resuming a VDC:
Verifying the VDC Configuration: