Nexus 7000 Series VDC Concepts and Configuration: Notes on

Virtual Device Context

 Virtual Device Context (VDC) partitions a single physical device into multiple logical devices that provide fault isolation, management isolation, address allocation isolation, service differentiation domains, and adaptive resource management. VDC also virtualizes the control plane, which includes all those software functions that are processed by the CPU on the active supervisor module.


VDCs Naming Space

VDC administrators working in Ethernet VDCs can use virtual routing and forwarding (VRF) instance names and VLAN IDs independent of those used in other VDCs. Each VDC administrator essentially interacts with a separate set of processes, VRFs, and VLANs.



VDC feature require appropriate licences. Without a license, the following restrictions will prevent you from creating additional VDCs:

  • Only the default VDC can exist and no other VDC can be created.
  • On all supported Supervisor modules, if you enable the default VDC as an admin VDC, you can only enable one non-default VDC.


Default VDC/ Admin VDC

The physical device always has at least one VDC, the default VDC (VDC 1). You must be in the default VDC or admin VDC to create, change attributes for, or delete a non-default VDC.

Admin VDC has the following configuration guidelines and limitations:

  • No features or feature sets can be enabled in an admin VDC except the following:
    • Control Plane Policing (CoPP)
    • Fabric Extender
    • FabricPath
    • FCoE
    • Multiprotocol Label Switching (MPLS)
  • No interfaces from any line card module can be allocated to an admin VDC. Only mgmt0 can be allocated to an admin VDC which means that for an admin VDC, only out-of-band management is possible through the mgmt0 interface and console port.
  • When an admin VDC is enabled at bootup, it replaces the default VDC. Once an admin VDC is created, it cannot be deleted and it cannot be changed back to the default VDC. To change it back to the default VDC, erase the configuration and perform a fresh boot up.


Storage VDC

The storage VDC is one of the non-default VDCs and it does need a license. However, a storage VDC does not need a VDC license because it relies on the FCoE license installed to enable the FCoE function on the modules.

You must configure one and only one dedicated storage VDC to run FCoE on the Cisco Nexus 7000 Series devices and you cannot configure the default VDC as a storage VDC.

Caution: The numbers must be unique between FCoE and Ethernet VLANs. That is, the numbers used on the FCoE VLANs in the storage VDCs must be different than any of the VLAN numbers used in the Ethernet VDCs.


Allocating Interfaces to VDC

If you have the network-admin user role, you can allocate physical device resources exclusively for the use of a VDC. The only physical resources that you can allocate to a VDC are the Ethernet interfaces. For the Ethernet VDCs, each physical Ethernet interface can belong to only one VDC, including the default VDC, at any given time.

When you allocate an interface to a VDC, all configurations for that interface is erased. You, or the VDC
administrator, must configure the interface from within the VDC.

Interfaces that belong to the same port group must belong to the same VDC. Beginning with Cisco NX-OS Release 5.2(1) for Nexus 7000 Series devices, all members of a port group are automatically allocated to the VDC when you allocate an interface.


VDC and Role-Based Access Control (RBAC)

The Cisco NX-OS software provides default user roles with different levels of authority for VDC administration
as follows:

  • network-admin—The network-admin role exists only in the default VDC and allows access to all the
    global configuration commands (such as reload and install) and all the features on the physical device.
  • network-operator—The network-operator role exists only in the default VDC and allows users to display
    information for all VDCs on the physical device.
  • vdc-admin—Users who have the vdc-admin role can configure all features within a VDC. Users with
    either the network-admin or vdc-admin role can create, modify, or remove user accounts within the
  • vdc-operator—Users assigned with the vdc-operator role can display information only for the VDC.
    Users with either the network-admin or vdc-admin role can assign the vdc-operator role to user accounts
    within the VDC.


Limiting Shared Resources in VDCs

VDC resource templates set the minimum and maximum limits for shared physical device resources when you create the VDC. The Cisco NX-OS software reserves the minimum limit for the resource to the VDC. Any resources allocated to the VDC beyond the minimum are based on the maximum limit and availability on the device.


High-Availability Policies

The high-availability (HA) policies for a VDC define the action that the Cisco NX-OS software takes when an unrecoverable VDC fault occurs. These policies can be:

  • Bringdown—Puts the VDC in the failed state.
  • Reload— Reloads the supervisor module.
  • Restart—Takes down the VDC processes and interfaces and restarts them using the startup configuration.
  • Switchover— Initiates a supervisor module switchover.


VDCs Boot Order

You can specify the boot order for the VDCs on the Cisco NX-OS device. By default, all VDCs start in parallel
with no guarantee as to which VDC completes starting first. VDCs with the lowest boot order value boot first.



Admin VDC Configuration:

switch# configure terminal

switch(config)# system admin-vdc [migrate new-vdc]

switch(config)# show vdc


VDC Configuration:

switch# configure terminal
switch(config)# vdc vdc-name [id vdc-number] [type storage]switch(config-vdc)# template template-name

switch(config-vdc)# ha-policy {dual-sup {bringdown | restart | switchover} | single-sup {bringdown | reload | restart}}

switch(config-vdc)# boot-order number

switch(config-vdc)# [no] allocate interface Ethernet slot/port - last-port


VDC Resource Templates Configuration:

switch(config)# vdc resource template vdc-template-name switch(config-vdc)# limit-resource m4route-mem [minimum min-value] maximum max-value

switch(config-vdc)# limit-resource m6route-mem [minimum min-value] maximum max-value

switch(config-vdc)# limit-resource monitor-session minimum min-value maximum {max-value | equal-to-min}

switch(config-vdc)# limit-resource monitor-session-erspan-dst minimum min-value maximum {max-value | equal-to-min}

switch(config-vdc)# limit-resource port-channel minimum min-value maximum {max-value | equal-to-min}

switch(config-vdc)# limit-resource u4route-mem [minimum min-value] maximum max-value

switch(config-vdc)# limit-resource u6route-mem [minimum min-value] maximum max-value

switch(config-vdc)# limit-resource vlan minimum min-value maximum {max-value | equal-to-min}

switch(config-vdc)# limit-resource vrfminimum min-valuemaximum {max-value | equal-to-min}

switch(config-vdc)# limit-resource module-type module type

switch(config-vdc)# cpu-shares shares


Suspending/ Resuming a VDC:

switch# copy running-config startup-config vdc-all
switch# configure terminal
switch(config)# [no] vdc vdc-name suspend


Verifying the VDC Configuration:

show running-config {vdc | vdc-all}
show vdc [vdc-name]
show vdc detail
show vdc current-vdc
show vdc membership [status]
show vdc resource template
show resource
show vdc [vdc-name] resource [resource-name]
show mac vdc {vdc-id}




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.