DcucI| Implementing Cisco Data Center Unified Computing Student Guide Version 6.1 Part Number: 97-3787-01stfectfee cisco ‘Americas Headquarters ‘Asia Pacific Headquarters Europe Headquarters Cisco Systems, nc, Gisco Systems (USA) Pte. Lt. Cisco Systems Intemational BV San Jose, CA Singapore Amsterdam, The Netheriands Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are isted on the Cisco Website at vwavu.cisco.comigoiotices. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco andlor its afiliates in the U.S. and other countries, To ew alist of Cisco trademarks, goto this URL: hitp:/wwa.cisco.comiclenfuslaboutlegalrademarks him. Third party trademarks ‘mentioned are the property of thei respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) DISCLAIMER WARRANTY: THIS CONTENT IS BEING PROVIDED “AS |S" AND AS SUCH MAY INCLUDE TYPOGRAPHICAL, GRAPHICS, OR FORMATTING ERRORS, CISCO MAKES AND YOU RECEIVE NO WARRANTIES IN CONNECTION WITH THE CONTENT PROVIDED HEREUNDER, EXPRESS, IMPLIED, STATUTORY OR IN ANY OTHER PROVISION OF THIS, CONTENT OR COMMUNICATION BETWEEN CISCO AND YOU. CISCO SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY, NON4NFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE. This leaming product may contain early release content, and while Cisco believes it to be accurate, it falls subject to the disclaimer above, Implementing Cisco Data Center Unified Computing (OCUCI)| (©2017 Cisco Systems, Inc.Course Welcome Thank you for choosing Cisco as your technical learning provider. We recognize that you have many options to choose from when working towards achieving your technical and professional goals. Our objective is to help you meet those goals by providing high-quality, collaborative learning experiences. Before you begin, take a moment to review the key components in this course, how to access online support, and opportunities to provide feedback on the course. Course Outline—If you are attending a live, instructor-led training session, your instructor may customize the course to meet the specific needs of the class. However, you will find a basic outline of the material in the Course Introduction section. Course Content—You will find detailed information and instructions along with supporting illustrations, self= check challenges to give you exam practice, and lab activities to give you a real-world experience. Glossary of Terms—If you need to review or learn unfamiliar terms used in this course, refer to the Glossary of Terms section. In the digital version, you can click on a highlighted term in the content to view the definition in a popup window. Online support—Join the Cisco Learning Network community to participate in study group discussions and get answers to questions as you prepare for your exam. Your Feedback—We encourage you to submit feedback so that we can continue to improve course quality and offer the best learning products possible. Your input is valuable to us, and we want to know how the course has helped with your job and exam performance. There are two ways to submit feedback: 1. Course evaluation survey—if you attend a live, instructor-led training session, then your instructor will provide a survey on the last day of class. After completing the survey, you'll receive a course completion certificate. Once you've had a chance to practice what you've learned, you'll receive a follow-up survey approximately two months after completing the course. 2. Digital kit feedback—Use the Feedback button in the digital version of the course materials to submit your comments. We make regular updates to our content in response to your feedback so please share it with us. ‘Special thanks to our Cisco Authorized Learning Partners in making these materials available. Thank you again for choosing Cisco, Drew Rosen Sr. Director, Technical Support Learning@Cisco (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DUC!)Table of Contents Course Introduction. OVvErVIEW one Course Goal and Objectives Course Flow Your Training Curriculum Learner Introductions. Module 1: Cisco Unified Computing System Implementatio Lesson 1: Describing Cisco UCS Server Form Factors Cisco UCS B-Series Blade Servers ... Cisco UCS G-Series Rack Servers... Cisco UCS M-Series Modular Servers, Challenge Answer Key . 2 Lesson 2: Describing Cisco Unified Computing System Connectivit Cisco UCS Fabric Interconnect... Cisco UCS B-Series Connectivity... . Comparing Ethernet End-Host Mode and Switching Mode .. Automatic Uplink Pinning .....cvesnssnrntnsnsnnnsnese Cisco UCS C-Series Integration... Cisco UCS M-Series Connectivity. Challenge .. sent Answer Key . Lesson 3: Configuring Identity Abstraction. Portability Issue with Non-Abstracted Identities Cisco UCS Service Profile . Identity Pools... Server Pools IP Pools. Challenge .. Answer Key . . Lesson 4: Configuring Service Profile Templates. Service Profile Templates Challenge Answer Key . Lesson 1: Implementing iSCSI. ‘Comparing iSCSI Addressing iSCSI Multipathing Evolution of SCSI from DAS to SAN... Challenge ..... Answer Key Lesson 2: Implementing Fibre Channel Port Channels... VSAN Functionality... : Fibre Channel Port Channel Functional... (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUCI) 1Purpose of Zoning 75 Challenge 78 Answer Key... 80 Lesson 3: Implementing FCOE 3 uzrninerusinsne! OL FCoE Topologies. 81 FCoE Initialization Protocol ; ; sus 86 Data Center Bridging sHaRe ENTREE OT SAN Boot Requirements 96 Challenge ‘Answer Key .. Module 3: Securit RBAC in the Cisco UCS B-Series Users, Roles, and Privileges... Functions of Organizations and Locales... Determining Effective Rights of a User Challenge Answer Key... Lesson 2: Implementing External Authentication Providers . Options for External Authentication Providers. Challenge Answer Key .. Lesson 3: Implementing Ko Management. Public Key Infrastructure. Challenge ‘Answer Key Modul erations and Maintenance for Cisco Unified Computing System, 25 Implementing Cisco UCS Firmware Updates Updating Cisco UCS C-Series Server Firmware... Download Tasks for Cisco UCS B-Series Firmware Packages... Best Practices to Update Firmware in Cisco UCS Manager. Capability Catalog Updates Driver Updates for Operating Systems and Hypervisors. Host Firmware Packages. 8 a Challenge Answer Key... Lesson 2: Implementing Cisco UCS Backups... Comparing Backup Options in Cisco UCS Manager Comparing Two Import Types Policy Backup... Challenge Answer Key Lesson 3: Implementing Monitoring 2... Logging Sources in Cisco UCS Manager Port Monitoring Capabilities of Cisco UCS Manager. SNMP Security Ramifications ssi Cisco UCS Call Home Challenge Answer Key Implementing Cisco Data Center Unified Computing (OCUCI) (©2017 Cisco Systems, Inc.Key Features of Cisco UCS Central Implementing a Preinstallation Checklist. Implementing a Postinstallation Checklist Challenge AMSWEF KeY ocvvernrnsennententeste Lesson 2: Implementing Cisco UCS Director... Key Features of Cisco UCS Director. Implementing a Preinstallation Checklist. Implementing a Postinstallation Checklist Challenge .... Answer Key Lesson 3: Comparing Soripting Options for Cisco UCS Manager eXtensible Markup Language Cisco UCS Management Information Tree .... Managed Objects Browser. Cisco UCS PowerToo! Cisco UCS Python SDK. Challenge : Answer Key Glossary ... (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUCI) wuCourse Introduction Overview Implementing Cisco Data Center Unified Computing (DCUCD v6.1 teaches how to deploy, configure, and manage Cisco UCS servers with consolidated I/O networking for LAN and SAN connectivity Course Introduction Learner Skills and Knowledge * Students considered for this training should have attended the following classes or obtained equivalent level of knowledge: Introducing Cisco Data Center Networking (DCICN) v6.0 Introducing Cisco Data Center Technologies (DCICT) v6.0 ‘The knowledge and skills that a learner should have before attending this course: Describe data center networking concepts Describe data center storage concepts, (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUCI)+ Describe data center virtualization + Describe Cis co Unified Computing System + Describe data center automation and orchestration with the focus on Cisco ACI and UCS Director 2 Implementing Cisco Data Center Unified Computing (OCUCI) (©2017 Cisco Systems, Inc.Course Goal and Objectives To enable learners to deploy, Course configure, and manage Cisco UCS servers with consolidated /O Goal networking for LAN and SAN connectivity. Upon completing this course, you will be able to meet these objectives: + Install the UCS B-Series system out of the box and deploy service profiles using pooled identities and service profile templates + Configure the UCS B-Series system for deployments using iSCSI and configure B- and C-Series systems for deployments using Fibre Channel for regular data access and booting, + Configure and implement security mechanisms such as RBAC with Organizations and Locales, LDAP integration, trusted points, and key rings, + Configure and implement monitoring with syslog and Call Home + Manage UCS Manager domains with UCS Central, manage multiple C-Series servers with Cisco IMC Supervisor, and interact with the UCS Manager XML API (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUCI) 3Course Flow Day 1 Day2 Day3. Day 4 Day 5 Course Flow oo ‘Course Intro Cisco Unified Computing System Implementation (M1) ‘SAN Storage Implementation for Cisco Unified Computing System (M2) ‘Security implementation for Cisco Unified ‘Computing System (M3) (Operations and Maintenance for Cisco Unified Computing System (Ma) Cisco Unified Computing System ‘Automation (M5) PM Cisco Unified Computing System Implementation (M1) ‘SAN Storage Implementation for Cisco Unified Computing System (M2) ‘Security Implementation for Cisco Unified Computing System (M3) Operations and Maintenance for Cisco Unified Computing System (M4) Cisco Unified Computing System ‘Automation (MS) ‘The schedule reflects the recommended structure for this course. This structure allows enough time for the instructor to present the course information and for you to work through the lab activities. The exact timing of the subject materials and labs depends on the pace of your specific clas Implementing Cisco Data Center Unified Computing (OCUCI) (©2017 Cisco Systems, Inc.Your Training Curriculum ‘You are encouraged to join the Cisco Learning Network, a dynamic learning community for Cisco-certified professionals and those secking certification, where you can share questions, suggestions, and information about the Cisco Career Certifications program and other certification-related topies. To register, visit hitps://learningnetwork.cisco.com, Cisco Career Certifications ‘The Cisco Career Certifications program provides a hierarchy of certification levels through which IT fessionals can progress, including: + Entry-level certification: Cisco Certified Entry Network Technician, or CCENT® + Associate-level certification: Cisco Certified Network Associate, or CCNA® + Professional-level certification: Cisco Certified Network Professional, or CCNP® 2: Cis + Expert-level cert icati .co Certified Internetwork Expert, or CCIE® + Architeet-level certification: Cisco Certified Architect, or CCAr® Certtification-seekers can progress through a multitude of IT subject matter tracks, including Cloud, Collaboration, Cybersecurity Operations, Data Center, Design, Industrial/loT, Routing and Switching, Security, Service Provider, and Wireless. For example, a certification holder might possess a Routing and Switching certification, a CCNP Data Center certification, or a CCIE Security certifi Cisco also provides individual specialist certifications in fe Network Programmability. used areas such as the Internet of Things or For a complete overview of the certification options available to you at Cisco, and a list of their requirements, visit the Certifications page of the Cisco Learning Network at hitps://learningnetwork.cisco.comvcommunity/certif Training Resources The Cisco Learning Network also offers various resources for learning and interaction with members of the Cisco certification community, including: n study groups + IT training videos and seminars + Certi + Study material pages + Career toolkit and webinars (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUCI) 6Learner Introductions Learner Introductions Your name + Your company + Job responsibilities Skills and knowledge Brief history Objective 6 Implementing Cisco Data Center Unified Computing (OCUCI) (©2017 Cisco Systems, Inc.Module 1: Cisco Unified Computing System Implementation Introduction ‘The Cisco Unified Computing System (Cisco UCS) provides the infrastructure for applications that are used in the data center. The Cisco UCS combines computing, networking, and storage infrastructure with management and virtualization to offer exceptional speed, simplicity, and scalability. The core part of the network is the fabric interconnect, which provides network connectivity and management. Cisco UCS is also designed with flexibility in mind. It uses technologies that allow you to respond to workload fluctuations, support new applications, scale existing software and business services. You can achieve abstraction with the service profiles and service profile templates. ind abstractions of the server This module covers Cisco UCS server form factors, connectivity for server properties by using service profiles and service profile templat (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUC!) 7ae Implementing Cisco Data Center Unified Computing (OCUCI)| (©2017 Cisco Systems, Inc.Lesson 1: Describing Cisco UCS Server Form Factors Introduction ‘The Cisco Unified Computing System (Cisco UCS) is a computing architecture that is designed for IT innovation and business acceleration. The Cisco UCS combines computing, networking, and storage infrastructure with management and virtualization to offer exceptional speed, simplicity, and scalability. ‘The goal of this lesson is for you to familiarize yourself with different Cisco UCS product families. You will find out more information about Cisco UCS B-Series Blade Servers, UCS C-Series Rack Servers, and UCS M-Series Modular Servers. In the lab section, you will find out how to connect to the lab environment and how to use it, Cisco UCS B-Series Blade Servers ‘The Cisco Unified Computing System (Cisco UCS) represents a radical simplification of the traditional blade server deployment model. This solution offers simplified stateless blades and a blade server chassis that is centrally provisioned, configured, and managed. (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUC!) 8Cisco UCS B-Series Blade Servers Cisco UCS B-Series Blade Servers overvie + Deliver unified computing in blade form factor + Enable integration of LAN, SAN, and management + Enable central management with Cisco UCS Manager LEGER Cisco UCS B-Series Blade Servers incorporate industry-standard server technologies, delivering a unified architecture-driven solution for data centers. The Cisco UCS design reduces complexity, both at hardware and management levels, across a distributed compute environment, consolidating management across blade and rack servers within a single tool. All Cisco UCS Blade Servers come with Cisco UCS Manager and optional Cisco UCS Central capability. Cisco UCS with Cisco UCS Manager and Cisco UCS Central provides the following: + Embedded integration of LAN JN, and management + Autodiscovery, with automatic recognition and configuration of blades Local (and optionally global) server profiles and templates for policy-driven server prov 10 Implementing Cisco Data Center Unified Computing (OCUC!) (© 2017 Cisco Systems, Inc.Cisco UCS B-Series Blade Servers (Cont.) The UCS B-Series Blade Servers configuration options: CPU capacity 210.4 CPUs Intel Xeon ES or E7 product family Memory Maximum installed memory range from 384 GB to 3 TB. Storage Maximum of 2 or 4 SASISATAISSD disks ‘Maximum supported internal storage range from 2 TB to 4.8 TB ‘You can choose from different Cisco UCS B-Series Blade Server configuration options, which can cover various demands in data centers. The following are the configuration options that are based on main components: + CPU capacity: All Cisco UCS B-Series Blade Server models support 2-processor configuration. Some of them can be shipped with 4 processors. You can have either the Intel Xeon ES or Intel Xeon E7 processor family. + Memory: The maximum installed memory can range from 384 GB to 3 TB. Blade servers have either 12, 24, or 48 DIMM slots for memory installation, Storage: You can install up to two or up to four SAS/SATA/SSD disks into the blade servers. The ‘maximum supported internal storage can range from 2 TB 10 4.8 TB, © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCU!) 11Cisco UCS C-Se' Cisco Unified Computing System (Ci mount form factor. The Cisco UCS C-Series Rack Server family offers an entry point into uri s Rack Servers 0 UCS) C-Series Rack Servers deliver unified computing in a rack- computing. Cisco UCS C-Series Rack Servers Cisco UCS C-Series Rack Servers overview: * Delivers unified computing in a rack-mount form factor + Allows standalone or UCS-integrated management + Can address various workload challenges 2 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Cisco UCS C-Series Rack Servers offer the flexibility of standalone management or integrated as part of Cisco UCS. The UCS C-Series offers various models that can address different workload challenges through a balance of processing, memory, I/O, and internal storage resources, Cisco UCS C-Series Rack Servers (Cont.) UCS C-Series Rack Servers configuration options: CPU capacity From 1 to 4 CPUs Intel Xeon E5 or E7 product family Memory ‘Maximum supported memory ranges from 384 GB to 6 TB Storage “Maximum supported internal storage ranges from 8 TB to 48 TB PCle slots From 2 to 10 You can choose from different Cisco UCS C-Series Rack Servers models, which can cover various demands in data centers. The following are the configuration options that are based on main components + CPU capacity: The UCS C-Series entry level servers can have 1 or 2 CPUs, while high-end servers can have 2 or 4 CPUs. You can have either the Intel Xeon ES or Intel Xeon E7 processor family. + Memory: The maximum installed memory can range from 384 GB for entry level serve high-end servers. You can have from 12 10 96 DIMM slots per server. t0 6 TB for + Storage: The UCS C-Series Rack Servers support small (also known as SFF) or large (also known as LEE) form factor disks. The high-end servers support only SFF disks. The maximum number of SFF disks that you can install in your server varies from 8 to 26. Alternatively, you can install LFF disks. ‘The maximum number of LFF disks that you can install ranges from 4 to 12. The maximum supported internal storage can range from 8 TB to 48 TB. + PCle slots: Each model from the UCS C-Series Rack Servers product family supports PCIe expansion slots, The number of PCle slots varies from 2 to 10, © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DUC 13Cisco UCS M-Series Modular Servers Cisco Unified Computing System (Cisco UCS) M-Series Modular Servers are designed to meet the high- performance demands of massively parallelized, predominantly single-threaded applications Cisco UCS M-Series Modular Servers Cisco UCS M-Series Modular Servers overview: + Designed to meet high-performance demands ~ Targeted for applications, such as cloud-scale computing, HPC, online gaming, etc. + Disaggregating computing from other components (power, cooling, 1/0, hard drives, management) The unique design of the Cisco UCS M-Series combines Cisco Virtual Interface Card (Cisco VIC) technology and server fabric management with x86 computing elements in a dense, modular architecture. This dense and modular architecture delivers uncompromising application performance. Cisco UCS M- Series servers are cost-effective, scalable, and easy to manage. Unlike conventional x86 rack and blade servers, the Cisco UCS M-Series is a specialized platform that is targeted at applications that perform optimally across many smaller computing elements. The examples of such applications are cloud-scale computing, high-performance computing, online gaming, engineering design automation, data analytics, and risk modeling. This unique, new design eliminates the complexity of traditional servers by disaggregating the underlying component parts. The component parts are aggregated and shared across multiple compute nodes. ‘These sub-components include the following: + Power + Cooling + 10 + Hard drives + Management Cisco pulled the legacy sub-systems that still exist in other solutions fully into the infrastructure and completely off the compute nodes. This separation of components by the M-Series server platform decouples the lifecycles of the component sub-systems. It is no longer necessary to replace an entire system because the processors, hard drives, or 1/O need to be updated or refreshed. 14 Implementing Cisco Data Center Unified Computing (OCUC!) (© 2017 Cisco Systems, Inc.Cisco UCS M-Series Modular Servers (Cont.) The features of Cisco UCS M-Series Modular Servers: * Combine multiple servers in a single chassis and multiple chassis into a single domain + Enable unified embedded management by the Cisco UCS Manager + Enable policy-based provisioning and management enabled by Cisco UCS. service profiles + Include modular chassis with hot-pluggable components + Reduce power consumption per server Cisco UCS M-Series Modular Servers are built around Cisco next-generation VIC technology and the policy-based management that Cisco UCS Manager provides. The unique technology of the Cisco UCS M- Series enables exceptional centralization of components across multiple servers. These components are typically captive and redundant in every server. The Cisco UCS M-Series consists of two elements: the chassis and the cartridge. The chassis houses compute cartridges and the central components that the cartridges share. ‘The features and benefits of the Cisco UCS M-Series Modular Servers are the following: . Chassis can be combined to enable + You can install multiple compute cartridges into a single cha ‘many servers in a single domain + The Cisco UCS M-Series enables you to use unified embedded management that is provided by Cisco UCS Manager for servers, network, and storage. Single console allows you fo manage all component the rack without needing to switch from one console to another. + Cisco UCS service profiles enable policy-based provisioning and management. These service profiles enable dynamic slicing of centralized resources to ensure Quality of Service for the deployed workloads, + Modular chassis with hot-pluggable components enables easy replacement options to minimize or eliminate downtime. + The Cisco UCS M-Seri per watt uses the lates low-power-consuming CPUs to deliver optimized performance © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DUC) 15Challenge I. Match the UCS Series with their best descriptions. Cisco UCS B-Series Blade Servers Cisco UCS C-Series Rack Servers Cisco UCS M-Series Modular Servers 2. Which UCS Series offers disaggregation of computing from other component A. Cisco UCSB B. Cisco UCS C-Sei C. Cisco UCS M-Series D. Cisco standalone server series 3. Which three applications are UCS M-Series targeted at? (Choose three.) A. storage-intense applications B. _cloud-scale computing Cc. HPC D. VDI applications E. _network-intense applications F. online gaming 4. Which components are not shared across multiple compute nodes in Cisco UCS M-Series? memory hard drives power CPUs management moOR> Which statement is not correct about Cisco UCS B-Series servers? A. Cisco UCS B-Series servers deliver unified computing in blade form factor. B. Cisco UCS B-Series servers offer disaggregation of computing from the other components (cooling, hard disks, and so on), CC. Cisco UCS B-Series servers enable integration of LAN, SAN, and management, co UCS B-Series servers can be centrally managed with Cisco UCS Manager. 6. Which two Intel processor product families are available in Cisco UCS C-Series servers? (Choose two.) Intel Xeon D product family Intel Xeon £7 product family Intel Xeon E3 product family Intel Xeon ES product family Intel Xeon Phi product family roOp> 7. Which UCS Series supports the largest internal storage? A. Cisco UCS B-Series Blade Servers. B. Cisco UCS C-Series Rack Servers C. Cisco UCS M-Series Modular Servei D. Cisco UCS S-Series Storage Servers 16 Implementing Cisco Data Center Unified Computing (OCUC!) (© 2017 Cisco Systems, Inc.Answer Key Challenge 1 Cisco UCS B-Series, Blade Servers Cisco UCS C-Series Rack Servers Cisco UCS M-Series Modular Servers 2C © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCUC) «1718 Implementing Cisco Data Center Unified Computing (OCUC!) (© 2017 Cisco Systems, Inc.Lesson 2: Describing Cisco Unified Computing System Connectivity Introduction ‘The Cisco Unified Computing System (Cisco UCS) Fabric Interconnect is a core part of the Cisco UCS. ‘The fabric interconnect provides both network connectivity and management capabilities. You primarily use it to connect Cisco UCS B-Series Blade Servers, but you can also use it to connect and manage standalone Cisco UCS C-Series Rack-mount servers. Since all ch: ind servers that are connected to fabri interconnects become part of single and highly available management domain, it can reduce cos ‘operational burden. nd ‘Throughout the lesson, you will learn how fabric interconnect provides the management and communication backbone for the Cisco UCS B-Series servers. You will learn the key operational mode of the fabric interconnect, such as end-host and switching mode. You can integrate fabric interconnects with Cisco UCS C-Series servers also. Therefore, you will find out what the key points are when integrating Cisco UCS C- Series with fabric interconnect. The fabric interconnect is key element in Cisco UCS M-Series modular servers, which will be discussed in the lesson. In the lesson, you will also configure some basic UCS settings. You will learn how to provision a Cisco UCS fabric interconnect cluster and how to configure ports and Vians. Cisco UCS Fabric Interconnect ‘The Cisco Fabric Interconnect is a core part of the Cisco Unified Computing System (Cisco UCS). The Fabric Interconnect provides network connectivity and management capabilities for the Cisco UCS servers. (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Uniied Computing (DCUC!) 19,Cisco UCS Fabric Interconnect Cisco UCS Fabric Interconnect overview: + Provides the management and communication backbone + Supports unified fabric: ~ Provides LAN and SAN connectivity forall servers within domain Includes unified ports with support for Ethernet, FCoE, and Fibre Channel + Comprises a fixed number of unified ports with optional expansion modules ‘The Cisco Fabric Interconnect provides the management and communication backbone for the Cisco UCS B-Series Blade Servers and Chassis. When you connect servers to the Fabric Interconnect, all servers become part of a single and highly available management domain. Fabric Interconnect supports unified fabric, which means that you can provide LAN and SAN connectivity for all servers within the domain. This solution reduces the need for multiple parallel networks, different types of adapter cards, switching infrastructure, and cabling within racks. You connect servers and chassi configure them as Ethernet, FCo! to the unified fabric through the unified ports. Unified ports allow you to or native Fibre Channel interf Fabric Interconnect comes with a fixed number of ports. You can optionally install expansion modules, which allows you to have a greater number of unified ports. 20 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.The Ci 0 UCS Fabric Interconnect host Cisco UCS Fabric Interconnect (Cont.) The management role of Fabric Interconnect in Cisco UCS servers: + Cisco UCS Fabric Interconnect hosts Cisco UCS Manager — Its used to manage all Cisco UCS elements, ~Itprovides operational functions, such as provisioning, diagnostic, monitoring, and others, and runs Ci 0 UCS Manager. A single instance of C co UCS Manager can run on a single fabric interconnect or as a member of a redundant cluster. Cisco UCS Manager enables the fabric interconnects to fully manage all Cisco UCS elements. Cisco UCS Manager participates in server pro auditing, and statistics collection. ovisioning, device discovery, inventory, configuration, diagnostics, monitor Cisco UCS Fabric Interconnect (Cont.) The fabric interconnect cluster overview: * Apair of fabric interconnects is used for cluster configuration. + Connect fabric interconnect directly by using Ethernet cables between high-availability ports. + Acluster configuration actively enhances failover recovery time for redundant VIF connections. + Initial setup process: ~ Enable clustering on first fabric interconnect. Enable clustering on second fabric interconnect to detect first fabric interconnect. fault detection, © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Computing (DCUCI) atYou can configure a Cisco UCS domain to use a single fabric interconnect in a standalone configuration or to use a redundant pair of fabric interconnects in a cluster configuration. A cluster configuration provides high availability. If one fabric interconnect becomes unavailable, the other takes over. In addition, a cluster configuration actively enhances failover recovery time for redundant virtual interface connections. When an adapter has an active VIF connection to one fabric interconnect and a standby VIF connection to the second, the learned MAC addresses of the active VIF are replicated but not installed on the second fabric interconnect. If the active VIF fails, the second fabric interconnect installs the replicated MAC addresses and broadcasts them to the network through gratuitous ARP messages, shortening the switchover time. The cluster configuration provides redundancy only for the management plane. Data redundancy depends on the user configuration and might require a third-party tool to support data redundancy. To use the cluster configuration, you must directly connect the two fabrics interconnects using Ethernet cables between the L1 (L1-to-L1) and L2 (L2-to-L2) high-availability ports, with no other fabric interconnects in between. Also, you can connect the fabric interconnects directly through a patch panel to allow the two fabric interconnects to continuously monitor the status of each other and quickly know when one has failed. Both fabric interconnects in a cluster configuration must go through the initial setup process. You must enable the first fabric interconnect that you set up for a cluster configuration. When you set up the second fabric interconnect, it detects the first fabric interconnect as a peer fabric interconnect in the cluster. 22 Implementing Cisco Data Center Untied Computing (OCUCI) (© 2017 Cisco Systems, Inc.Cisco UCS B-Series Connectivity ‘The port mode determines whether a unified port on the fabric interconnect is configured to carry Ethe: or Fibre Channel traffic. The fabric interconnect doesn't automatically discover the port mode. Itis 0 UCS) Manager. configured in Cisco Unified Computing System (Cis Cisco UCS B-Series Connectivity Fabric interconnect port modes and types: + Unified ports modes: ~Ethemet port mode — Fibre Channel port mode + Ethernet port types: ~ Server ports — Uplink ports — Monitoring ports + Default Ethernet port mode type is Uplink ‘The port type defines the type of traffic that is carried over a unified port connection. When you set the port mode to the Ethernet, you can basically configure the following port types: + Server ports + Uplink Ports + Monitoring ports Server ports handle data traffic between the fabric interconnect and the adapter cards on the servers. ‘The uplink ports handle Ethernet traffic between the fabric interconnect and the next layer of the network, For example, when you connect a fabric interconnect port to the Ethernet switch, it should be configured as uplink port. ‘You can configure uplink ports to function in the following ways: + Uplink: It is used to connect fabric interconnect to the Ethernet switch, + FCoE: It is used to carry FCoE trate + Appliance: It is used fo connect fabric interconnects to directly attached iSCSI or NAS storage. You can configure fabric interconnect ports to be used as SPAN ports, You can use these ports as source or destination SPAN ports. © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCUCH 23By default, when you change unified ports to Ethernet port mode, ports are set to the uplink Ethernet port type. 24 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Comparing Ethernet End-Host Mode and Switching Mode The Ethernet switching mode determines how the fabric interconnect behaves as a switching device between the servers and the network Comparing Ethernet End-Host Mode and Switching Mode Fabric interconnect switching modes: + End-host mode ~ Allows multiple active Layer 2 forwarding links + Switching mode ~ Acts as Ethernet switch ~ Runing STP a a al cw Tamer esr (BaP errno S ae cotton cate ‘The fabric interconnect operates in either of the following Ethernet switching modes: + End-host mode + Switching mode When you configure end-host mode, fabric interconnect acts as an end host to the network. This mode allows multiple active forwarding uplinks to the rest of the network. On the other hand, when you configure fabric interconnect in the switching mode, the fabric interconnect acts as a network switch. It must run an STP to maintain a loop-free topology. STP will place all but one redundant uplink into blocking mode. ‘The end-host mode is the default switching mode, and also the preferred mode of operation, because all uplinks are actively forwarding traffic. You should use the switching mode, for example, when fabric interconnect is directly connected to a router. Note When you change the operating mode, you must reboot the fabric interconnect to effect the change. © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCUCH) 25Comparing Ethernet End-Host Mode and Switching Mode (Cont.) End-host mode allows multiple active Layer 2 forwarding links in a loop-free topology. = | FEY acveenz1a | —_— Uplink Ports — Active Links Inactive Links In end-host mode, fabric interconnect presents an end host to an external Ethernet network. The external switch sees the fabric interconnect as an end host with multiple adapters. Because it is a host port, itis not subject to spanning-tree blocking on the port. Server links (vNICs on the blades) are associated with a single uplink port. This association process is called pinning, and the selected external interface is called a pinned uplink port. You can configure a static or dynamic pinning process when you configure vNIC. Comparing Ethernet End-Host Mode and Switching Mode (Cont.) Unicast traffic loop prevention ve oe + Server link is pinned to one uplink Upiex ad port ce cect + Locally switched Layer 2 traffic + RPF and deja-vu check Sener Pons inde Blade? lade? i Deja Check Broadcast and multicast loop shen } prevention pink ner + Per-VLAN pinning for broadcast LJ o + IGMP snooping-based pinning for multicast + Locally switched Layer 2 traffic + _RPF and deja-vu check = ‘kde Bde? Sines Bice 7 28 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.In the absence of STP in end-host mode, the fabric interconnect uses various mechanisms for loop prevention, while preserving an active-active topology. To prevent loops, the fabric interconnect uses the following rules for unicast traffic: + Bach server link is pinned to exactly one uplink port. + Server-to-server Layer 2 traffic is locally switched + Traffic from the server to the network goes out on its pinned uplink port + The fabric interconnect forwards traffic from the network to the server only, if it arrives on a pinned uplink port. This rule is called RPF check. + Server traffic that is received on any uplink port, except its pinned uplink port, is dropped. This rule is, called deja-vu check, sam the server MAC address before traffic can be forwarded. +The fabric interconnect must To prevent loops, the fabric interconnect uses the following rules for multicast and broadcast traffic: + The incoming broadcast traffic is pinned on a per-VI. ‘membership, + IGMP multi uplink port AN basis, depending on uplink port VLAN s are pinned based on IGMP snooping. Each group is pinned to exactly one 1 grou + Server-to-server multicast traffic is locally switched. + Fabric interconnect applies RPF and deja-vu checks to multicast traffic as well, © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCUC 27Automatic Uplink Pinning In end-host switching mode, a loop-free topology i ssured by pinning server MAC addresses to uplink ports, Automatic Uplink Pinning Automatic uplink pinning overview: — Aetive Links | Inactive Links You can configure the pinning process either automatic or statically. By default, server MAC addresses are pinned to uplink in an automatic round-robin process. Automatic Uplink Pinning (Cont.) Repinning the servers on the new uplink on link failure: Server Ports Inactive Links — Aetive Links Ss 28 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.With automatic uplink pinning, a link failure will cause all servers to be repinned to remaining uplinks. In the example, there are two uplinks on fabric interconnect A. When one of the links goes down, the servers are si iply repinned to the remaining uplink. The fabric interconnect will send a ARP to the northbound switch on behalf of the servers to announce them on the new port. The switch will update its MAC forwarding table to reflect the new inter Automatic Uplink Pinning (Cont.) Repinning the servers to the fabric interconnect B on failure 100% Uplink Ports Server Ports Failed Uplink Beef Active 202.10, 2 ook — Aetive Links | Inactive Links Ifall uplink ports on the fabri toward the server. The affected servers will use either NIC teami connectivity on the fabric B. ic interconnect lose connectivity, the fabric interconnect shuts down all ports or hardware failover to re-establish h availability in the operating system or If the servers are not configured for hi service profile, then the servers will be down until at least one uplink is restored on fabric A. © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DUC 29Cisco UCS C-Series Integration Cisco Unified Computing System (Cisco UCS) C-Series Rack Servers are standalone servers that the built in standalone software manages. Cisco UCS allows you to integrate UCS C- Manager. servers with Cisco UCS Cisco UCS C-Series Integration Cisco UCS C-Series integration overview: + Cisco UCS C-Series Rack Server management options: — Cisco Integrated Management Controller (Cisco IMC) — Cisco UCS Manager + Two server integration options: ~The cluster setup — The non-cluster setup * Connection modes for server and Cisco UCS Manager integration: ~ Duakwire Management ~ SingleConnect ~ Direct Connect Mode To manage s C-Series Rack Servers, you can use built-in standalone software which is alled Cisco Integrated Management Controller (Cisco IMC, also referred to as CIMC). To gain advantages of the Cisco UCS system, you can also integrate Cisco UCS C-Series with Cisco UCS Manager. When you integrate a server with Cisco UCS Manager, you will not use Cisco IMC to manage the server anymore. Instead, you will use UCS Manager software. You can use GUI or CLI You can integrate the server in the following two setups: + The cluster setup: You are connecting the server to fabric interconnect cluster, + The non-cluster setup: You will connect the server to standalone fabric interconnect. You have the following options to connect the server to Cisco UCS Manager: + Dual-wire Management (Shared LOM): In this mode, you use shared LOM ports on the rack server to connect the server to the EEX. This connection is used exclusively for carrying management traffic. You use a separate cable to connect one of the ports on the PCle card to FEX for data traffic. + SingleConnect interconnect. The n this mode, you use a single cable to connect the server to the FEX and fabric ver uses this connection for management and data traffic + Direct Connect Mode: From Cisco UCS Manager Release 2.2, you can connect the server directly to the fabric interconnect without using FEX. This connection is used for management and data traffic. 30 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Cisco UCS C-Series Integration (Cont.) Cisco UCS C-Series integration overview: * Connection policies: ~ Auto-acknowledged ~_ User-acknowledged + Reverting from Cisco UCS mode to standalone mode: ~ _ Disassociate the UCS Manager service profile from the server. ~ Decommission the server. When establishing the physical connection for the Cisco UCS C-Series Rack-Mount Server in the Cisco UCS Domain, you must specify the connection and management policy in Cisco UCS Manager. The ‘management policy is global to all connected C-Series Rack-Mount Servers. The connection policy determines the rack server discovery in Cisco UCS Manager. ‘You can specify either of the following connection policies for the rack servers: + Auto-acknowledged: This mode is the recommended and default connection mode for the Ciseo UCS C-Series Rack-Mount Server. Ifthe connection mode is auto-acknowledged, immediately afer you establish the physical connection, Cisco UCS Manager discovers the rack server and starts managing, the server that is based on the specified management policy. + User-acknowledged: If the connection mode is user-acknowledged, afier you establish the physical connection, you must manually acknowledge the connection and specify the connection mode in Cisco UCS Manager to begin the discovery. Cisco UCS Manager does not begin the C-Series Rack-Mount Server discovery until you specify the connection mode, Note If you want to change the connection policy after Cisco UCS Manager discovers and manages rack servers, you have to decommission the server, re-commission it, and specify a new connection mode. After the integration, you perform all server management tasks only through the service profiles in Cisco UCS Manager. Cisco IMC is not accessible anymore. Cisco UCS Manager provides information, errors, and. faults for each rack-mount server that it has discovered. If you want to revert the server from Cisco UCS mode to standalone mode, you first have to disassociate Cisco UCS Manager service profile from the server. Then you can decommission the server. © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCU)Cisco UCS C-Series Integration (Cont.) Physical connectivity for SingleConnect cluster and non-cluster setups: Connecting the C-Series Server with Connecting the C-Series Server with Cisco UGS in Cluster Setup ‘Cisco UCS in Non-Cluster Setup Cisco Fabric Cisco Fabric Interconnect Interconnect cieco FEX (2 cisco Fex wi isco UCS C-Seres Cisco UCS C-Seres SingleConnect option enables Cisco UCS Manager to manage the Cisco UCS C-Series Rack-Mount Servers us ig a sing le cable for both management traffic and data traffic. When you use the SingleConn nect mode, one host-facing port on the FEX is sufficient to manage one rack-mount server, instead of the two ports that you would use in the Shared-LOM mode. Therefore, you can connect more rack-mount servers UCS Manager for integrated server management. with Cisco Cisco UCS C-Series Integration (Cont.) Physical connectivity for Direct Connect cluster and non-cluster setups: Connecting the C-Series Server with Connecting the C-Series Server with Cisco UCS in Cluster Setup ‘Cisco UCS in Non-Cluster Setup Cisco Fabric == isco Fabric one = Intrenet = =a isco UCS C-Seres Cisco US C-Seres Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.With Cisco UCS Manager Release 2.2, you can connect the Cisco UCS C-Serie the fabric interconnects. You do not need the fabric extenders. With this option, you can use Manager to manage the C-Series Rack Servers using a single cable for both management and data traffic. Rack Servers directly to co UCS © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCUCH 33Cisco UCS M-Series Connectivity Cisco Unified Computing System (Cisco UCS) M-Series chassis is managed by C software, There is no standalone mode. sco UCS Manager Cisco UCS M-Series Connectivity Cisco UCS M-Series Connectivity overview: + UCS M-Series chassis is directly connected to a pair of fabric interconnects Fabric interconnect with Cisco UCS Manager provides management and communication backbone: — Upto 20 chassis and the associated cartridges + Server network connectivity: — NIC is created for server — NIC is mapped to the appropriate fabric with service profile — Upto four VNICs per server — NIC is 802.10-capable —_Allforwarding is provided by fabric interconnects The two main components of the Cisco UCS M-Series are ch: connectivity, you physically connect chassis to a pair of fabric interconnects. You must use port channel mode to connect M-Series chassis to the fabric interconnects. Fabric interconnects provide management and ‘communication backbone for the chassis and the installed compute cartridges. You can manage up to 20 chassis and the associated cartridges. and compute cartridges. To provide ‘The system and domain discovery of all cartridges and the subsequent management is provided entirely by Cisco UCS Manager Fabric interconnect uses the System Link Technology to provide network interface connectivity for all servers. To provide connectivity through shared network resources, vNIC is created for each server. This VNIC is mapped to the appropriate fabric through the service profile on the UCS manager. Each server can have up to 4 vNICs. The operating system on the servers sees each vNIC as an Ethernet interface with the speed that is provided by the chassis. You can rate limit and provide QoS marking on those vNICs Interfaces are 802.1.Q-capable. Fabric interconnects provide forwarding, and there is no forwarding locally on the chassis. 34 Implementing Cisco Data Center Untied Computing (OCUCI) (© 2017 Cisco Systems, Inc.Challenge 1. Which statement is the best description for ports on fabric interconnect? A. All ports on a fabrie interconnect are unified ports B. Fabric interconnect supports only Ethernet traffic C. Only the last eight ports are unified ports, other ports are Ethernet only. D. Fabric interconnect supports only Fibre Channel traffic. 2. Match the port type on the fabric interconnect with its description. monitoring port Itis used to handle data traffie from the servers. uplink port Itis used as a SPAN port server port Itis used to connect fabric interconnect to the Ethemet switch appliance port Itis used to connect directly attached NFS storage. 3. What are the two features of the end-host switching mode? (Choose two.) ‘A. The fabric interconnect acts as network switch for end hosts. B, The fabric interconnect acts as an end host for the network switch. CC. End-host mode relies on STP to maintain a loop-free topology. D. Fabric interconnect pin server links to uplink ports. E. Unicast traffic between two servers is switched on the network switch, 4. What is the best description of the deja-vu check in end-host switching mode? A. The fabric interconnect forwards traffic from the network to the server only if it arrives on a pinned uplink port B. The fabric interconnect must learn the server MAC address before traffic can be forwarded, C. Server traffic that is received on any uplink port, except its pinned uplink port, is dropped. D. IGMP multicast groups are pinned based on IGMP snooping. Each group is pinned to exactly one uplink port. 5. Which method is used to announce a new port to the network switch in the event of repinning? A. IGMP join B. ICMP echo request C. gratuitous ARP D. forwarding of few unicast packets, E, Fabric interconnect does not announce a new port. 6. Which method is used to manage a Cisco UCS C; interconnect? A. Cisco UCS Manager B. Cisco Integrated Management Controller (Cisco IMC) C. Cisco UCS Performance Manager D. Cisco UCS C-Series Manager 7. Match the conn ries server when you integrate the server with fabric jon mode with the correet description on the right. A separate cable for management and data to connect the SingleConnect server to the FEX dual-wire management A single cable to connect the server to the FEX direct connect mode A single cable to connect the server to the fabric interconnect © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCU) 35Answer Key Challenge LA 2 server port ‘monitoring port uplink port appliance port a dual-wire management SingleConnect, direct connect mode Itis used to handle data traffic from the servers. Itis used as a SPAN port. It is used to connect fabric interconnect to the Ethernet ‘switch, Itis used to connect directly attached NFS storage, A separate cable for management and data to connect the server to the FEX A single cable to connect the server to the FEX single cable to connect the server to the fabric interconnect 36 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Lesson 3: Configuring Identity Abstraction Introduction ‘The Cisco Unified Computing System (Cisco UCS) is designed with flexibility in mind. It uses technologies that allow you to respond to workload fluctuations, support new applications, scale existing software and business services. To leverage the flexibility, Cisco UCS uses the abstraction of the server properties. These abstracted server properties allow you to move operating systems or hypervisors from server to server with minimal downtime and no need for additional configuration. The portability would be hard to achieve without server properties abstraction. During the lesson, you will learn about the building blocks which you can use to configure abstraction, You will also learn how to configure and use these elements in the Cisco UCS. Portability Issue with Non-Abstracted Identities in eventually fail. Therefore, you should have the option to provide mobility and portability in the case of failure. Every server of the servei (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUC!) 37Portability Issue with Non-Abstracted Identities Overview of issues with non-abstracted identities: + Each server has unique identities that are burned into the server by manufacturer — MAC address — vuID — WWNN + OS or hypervisor use unique identities for different processes — It may be difficult to move OS or hypervisor from one server to another * Cisco UCS offers abstraction layer to virtualize identities — Implemented with service profiles — Same hardware presentation to the operating system or hypervisor Every server has some unique identities that the manufacturer bums into the server. The example of such identities is the MAC address, UUID, and WWNN. The operating system, hypervisor, and applications can leverage these identities for different processes. For example, the UUID is designed as globally unique identifier for each server. The operating system can use this UULD for processes like activation, internal disk labels, and so on. Every hardware can eventually fail. Therefore, you want to have the option to move the operating system or hypervisor to the new server in the event of hardware failure. Since identities are unique to the server, you can have some problems in the process of moving an operating system or hypervisor to the new server. The reason for that is that the new server has different identities than the old server. To overcome these issues, Cisco Unified Computing System (Cisco UCS) uses the abstraction layer, which virtualizes the identities to the operating system or hypervisor. The main benefit of the virtualization is that if the underlying server fails, you can simply move the operating system or hypervisor to the new server When the operating system boots on the new server, the identities are unchanged. The operating system or hypervisor believes that itis running on the same hardware. The abstraction layer is implemented with service profiles. 38 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Cisco UCS Service Profile Cisco Unified Computing System (Cisco UCS) uses an abstraction layer to virtualize the unique identities of the server. This abstraction layer is implemented with service profile. Cisco UCS Service Profile Service profile overview: + The service profile typically includes the following information: — Server definition — Identity information — Connectivity definition ~ Firmware package policies — Boot order policies * Every server requires service profile. + Service profiles facilitate server mobility. * Service profile creation methods: — Manually — From the service profile template — Cloning existing service profile ‘The service profile represents a logical view of a server without any ties to a specific physical device. The service profile typically includes the following information: + Server definition ~The pool of servers that are applied to the service profile + Identity information Pools of MAC. addresses, W. + Connectivity det WIN addresses, and UIDs tion Ethernet and Fibre Channel adapter profile policies, parent interconnects + Firmware package policies + Boot order policies At any given time, each server can be associated with only one service profile. Similarly, each service profile can be associated with only one server at a time. server Service profiles facilitate server mobility. Mobility is the ability to transf identities seamlessly between compute nodes so that the underlying operating system or hypervisor does not detect any changes in server hardware, In environments where blades are managed as traditional individual servers, you still need service profiles. Service profiles provide LAN and SAN connectivity configuration. Configuring service profiles in this way is similar to the need to configure individual LAN and SAN ports for traditional rack servers. © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCUCH 39You can create a service profile in the following ways: + Manually + From the service profile template + By cloning the existing service profile Cisco UCS Service Profile (Cont.) Service profile types: + Service profiles that inherit server identities ~ Use burned: values for identities — Tied to a specific server ~ Cannot be moved to another server + Service profiles that override server identities ~ Override the bumed:in values for identities ~ Uses the resource pools and policies ~ Allows migration to another server ‘There are two types of service profiles in UCS system: + Service profiles that inherit server identities, + Service profiles that override server identities ‘The services profiles that inherit server identities are the simplest to use and create. This type of profile uses the burned-in values for identities. Since these service profiles are tied to a specific server, they cannot be moved or migrated to another server The service profiles that override server identities provide the maximum amount of flexibility and control This profile type allows you to override the burned-in identity values and use the resource pools and policies. You can disassociate this service profile from one server and then associate it with another server. You can do this re-association either manually or through an automated server pool policy. The burned-in settings on the new server, sich as UUID and MAC address, are overwritten with the configuration in the service profile. As a result, the change in server is transparent to your network. You do not need to reconfigure any component or application on your network to begin using the new server. Unless the service profile contains power management policies, a server pool qualification policy, or another policy that requires a specific hardware configuration, you can use the profile for any type of server in the Cisco UCS domain, 40 Implementing Cisco Data Center Untied Computing (OCUCI) (© 2017 Cisco Systems, Inc.Identity Pools Stateless computing requires unique identity resources for UUIDs, MAC addresses, and W\WNs for Fibre Channel Identity Pools Identity pools overview: * Unique identity resources are required + Logical resource pools can be used to provide uniqueness. + Logical resource pools are the following: MAC pools UUID pools: WW pools. WWN UUID MAC Pools Pool Pool To provide uniqueness of the server identities, you can use logical resource pools. Logical resource pools are collections of identities that are available in the system. Logical resource pools increase the flexibility of service profiles and allow you to centrally manage your system resources. Logical resources pools are: + MAC pools + UUID pools + WWN pools Logical resource pools are tied to service profiles. When you assign a logical resource pool to the service profile, the service profile takes the identity from the pool and assigns that identity to the server. For example, if you assign a UID pool to the service profile, the service profile will take unique UUID from the pool and assign that UUID to the server. Therefore, if you use pooled resources, you will have the unique identities on your servers. © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCU) 41Identity Pools (Cont.) Overview of MAC and UID pools: + MAC pool: ~ Acollection of network identities ~ Remove the need to manually configure the MAC addresses ~ MAC poolis assigned in vNIC policy, which is included in the service profile + UUID poo! ~ Acollection of SMBIOS UUIDs ~ Fixed prefix ~ Variable suffix is provided from the pool ~ Remove the need to manually configure the UUID of the server A MAC pool is a collection of MAC addresses. These MAC addresses are unique in their Layer 2 environment and are available to be assigned to vNICs on a server. If you use MAC pools in service profiles, you do not have to manually configure the MAC addresses to be used by the server that is associated with the service profile. In multitenancy environment, you can use an organizational hierarchy to ensure that only specific applications or business services can use MAC pools. Cisco UCS uses the name resolution policy to assign MAC addresses from the pool To assign a MAC address to a server, you must include the MAC pool in a vNIC policy. The VNIC policy is, then included in the service profile that is assigned to that server. You can specify your own MAC addresses or use a group of MAC addresses that Cisco provides. A UUID suffix pool is a collection of SMBIOS UUIDs that are available to be assigned to servers. The first number of digits that constitute the prefix of the UID are fixed. The remaining digits, the UID suffix, are variable. A UUID suffix pool ensures that these variable values are unique for the server that is associated with a service profile and uses that particular pool to avoid conflicts. If you use UUID suffix pools in service profiles, you do not have to manually configure the UUID of the server that is associated with the service profile, 42 Implementing Cisco Data Center Untied Computing (OCUCI) (© 2017 Cisco Systems, Inc.Server Pools To apply the service profile to a server, Cisco Unified Computing System (Cisco UCS) uses the concept of server pools. Server Pools Server pools overview: * Contain the set of servers that typically share the same characteristics. * Assignment methods of the server to the server pool Manually ~ Using server pool policies + Server pool is associated with the service profile. A server pool contains a set of servers. These servers typically share the same characteristics. These characteristics can be their location in the chassis, or an attribute such as server type, amount of memory, local storage, type of CPU, or local drive configuration, You can manually assign a server to a server pool, or use server pool policies and server pool policy qualifications to automate the assignment, A server can be in multiple pools at the same time. The service profile that is associated with a spi server owns the server, regardless of the number of pools in which the blade server resides. To use a server pool, associate the service profile with the pool. Cisco UCS Manager automatically selects an available server from the pool. An available server is the one that is currently discovered but not associated with any service profile and not in the process of being associated or disassociated. In multitenancy environment, you can designate one or more server pools to be used by specific organization. For example, a poo! that includes all servers with 2 CPUs could be assigned to a marketing organization, while all servers with 64 GB of memory could be assigned to a ial organization © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCU 43IP Pools You may need an IP on the Cisco Unified Computing System (Cisco UCS) for different purposes. You can configure the IP address statically or you can use the pool to allocate the IP address IP Pools Overview of IP pools: * The IP pool does not have a default purpose. * Use IP poo! to do the following ~ Replace the default iSCSI boot IP pool ~ Replace the default management IP pool ~ Replace the management IP address and iSCSI boot IP address IP pools are collections of IP addresses that do not have a default purpose. You can create IPv4 or IPVv6 address pools in Cisco UCS Manager to do the following: + Replace the default iSCSI boot IP pool iscsi-initiator-pool. Ciseo UCS Manager reserves each block of IP addresses in the IP pool that you specif. + Replace the default management IP pool ext-mgmt for servers that have an associated service profile. Cisco UCS Manager reserves each block of IP addresses in the IP pool for external access (KVM console, Serial over LAN, or [PMI tool) that terminates in the CIMC on a server. If there is no associated service profile, you must use the ext-mgmt IP pool for the CIMC to get an IP address. + Replace both the management IP address and iSCSI boot IP addresses. 44 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Challenge 1 6, What are the three unique server identities that the manufacturer burns into the server? (Choose three.) A. IP address B. MAC address. c. UUID D. hostname E. certificate F. WWNN Which information does the Cisco UCS service profile nor contain? server definition identity information connectivity definition switching mode boot order policies Pooe> Which three methods can be used for creation of service profile? (Choose three.) A. manually B. automatic with server discovery C. installing into the server by manufacturer D. from the service profile template E. _bycloning existing service profile F. bycloning existing service template What are the three logical resource pools? (Choose three.) A. UUID pools B. server pools C. user pools D. disk pools E, WWN pools F. MAC pools Which is true for server pools? A. Identity pools are associated with server pools. B.A server cannot be manually assigned to a server pool. C. A server can be in multiple pools at the same time. D. The servers in server pool share the CPU, memory, and local storage. Which two methods can be used to a sign a server to the server pool? (Choose two methods.) A. manually B. server pool policy C.__ server pool template D. server pool discovery How do you assign MAC address from the pool to the server? ‘A. Include MAC pool into VNIC policy and include vNIC policy into the service profile. B. Include MAC pool directly into the service profile. C. Include MAC pool into the vNIC policy only. Service policy automatically selects vNIC policy and selects MAC from the pool. D. You assign MAC pool directly to the server. © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCU) 45Answer Key Challenge B,C, F D A,D,E AEP co AB A 6 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Lesson 4: Configuring Service Profile Templates Introduction Service profile templates build on the idea of manually created service profiles. With the potential for a large population of blade servers in a given Cisco Unified Computing System (Cisco UCS), manual creation of service profiles would be both slow and error-prone. The use of templates provides the Cisco UCS administrator with the ability to create server definitions in a consistent and rapid process. Unlike manually created service profiles, service profile templates must use pools for identity and server assignment. Derived hardware values are never used During the lesson, you will learn more about service profile templates and how to configure them, Service Profile Templates Every active server in Cisco Unified Computing System (Cisco UCS) must be associated with a service profile. You can configure the service profile manually or you can use the service profile template for service profile creation, (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Uniied Computing (DCU!) 47Service Profile Templates Service profile overview: + Enables creation of multiple service profiles with the same parameters —_ Number of vNICs and vHBAs — Identity information from the poots + Service profile template creation methods: — Manually ~ From the existing service profile EE a When you have many servers in the Cisco UCS, you must create many service profiles. Since manual creation of service profile would be slow and error-prone, the Cisco UCS offers the concept of service profile templates. A service profile template allows you to quickly create several service profiles with the same basic parameters. The example of such parameters is the number of vNICs and vHBAs. To apply identity information, you create pools and assign these pools to the server profile templates. The identity values are then applied to the server from the same pool. For example, if you need several service profiles with similar values to configure the server to the host database software, you can create a service profile template, You can create the service profile template with the following methods: + Manually + From the existing service profile ‘The process of creating a service profile template is nearly identical to creating a service profile manually. ‘The principal difference is that you cannot apply the service profile templates directly to a server. You must create a service profile from the service profile template and apply it to the server. 48 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Service Profile Templates (Cont.) ‘Two types of service profile template: + Initial template: = Updates to the templates are not propagated to service profiles that are created using the intial template. + Updating templates: ~ Changes to the templates are propagated to service profile that are created using the updating templates Cisco UCS supports the following types of service profile templates: + Initial template: Service profiles that are created from an initial service profile template are bound to the template and inherit all the properties of the template. However, changes to the initial template do not automatically propagate to the bound service profiles. If you want to propagate changes to bound service profiles, unbind and rebind the service profile to the initial template. + Updating template: Service profiles that are created from an updating template inherit all the properties of the template and remain connected to the template. Any changes to the template automatically update the service profiles that are created from the template. Changes to updating templates are immediately propagated to any service profiles that were generated from that template and bound to it. If none of the generated service profiles are associated to a server, there is no risk to an update. However, if you make certain changes to the updating template, it will eause all linked servers to reboot. Therefore, itis the best practice to perform the update in a scheduled and approved maintenance window. This practice provides for the graceful shutdown of all compute nodes that the change will affect. Note Once you configure a service profile template type, you cannot change it. You will have to create a new service profile. This restriction prevents problems if you accidentally change the template type from initial to updating and apply changes to linked profiles unexpectedly. © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DUC 49Challenge |. What are the two motivating factors for using service profile templates instead of manually creating service profiles? (Choose two.) A. Manual er slow in large environments. B. Manual creation of service profiles is not possible in environments with more than 20 servers. CC. Manual creation of service profiles is error-prone in large environments. D. A service profile template automatically connects to the server and installs the operating system or hypervisor that is specified in the template. E. You can use the same service profile for multiple servers when a profile is created from template. 2. Which three options can be applied to service profile templates? (Choose three.) server pool CPU profile network connectivity ‘operating system or hypervisor memory profile UUID pools Can you change the template type from initial to updating? ™moOm> A. Yes, you can change the template type from initial to updating and vice versa, B. Yes, but you can only change it from initial to updating, C. Yes, but you can only change it from updating to inital D. No, you cannot change the template type. 4. Which answer best describes the initial template type? A. Changes to the initial templates do not automatically propagate to the bound service profiles. B. Only changes to the network and storage connectivity are automatically propagated to the service profiles. C. Only changes to the UUID pools are automatically propagated to the service profiles. D. All changes are automatically propagated to the service profiles. 5. Which answer best describes the updating template type? A. All changes in the updating templates are automatically pushed to the service profiles that are created from the template, B. Changes in the updating templates are not automatically pushed to the service profiles. C. Changes in the updating templates only update the service profile that you specified to update. D. You cannot update service profiles from the service profile template. 6. What happens when you make a change in the updating template? A. The changes are immediately propagated to the linked service profiles. Some changes will cause the reboot of the servers. B, The changes are immediately propagated to the linked service profiles. None of the changes will cause the reboot of the servers, C. You have to push the changes to the linked service profiles. Some changes will cause the reboot of the servers. D. You have to push the changes to the linked service profiles. None of the changes will cause the reboot of the servers. ‘50 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.7. Match the steps when configuring service profile Specify server assignment. Specify boot policy. Specify the networking options. Select the service profile template type. Enter the service profile template name. Specify the storage options. Step 6 Select the UUID assignment. Step 7 Specify operational policies. Step 8 © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCC!) 1Answer Key Challenge 1 A.C 2. ACE 3. D 4A 5. A 6. AN 7 Enter the service profile template name Step 1 Select the service profile template type. Step 2 Select the UUID assignment Step 3 Specify the networking options. Step 4 Specify he storage options. Step 5 Specify boot policy. Step 6 Specily server assignment. step 7 Specify operational polices. Step 8 ‘52 Implementing Cisco Data Center Untied Computing (OCUCI) (© 2017 Cisco Systems, Inc.Module 2: SAN Storage Implementation for Cisco Unified Computing System Introduction .co Unified Computing System (Cisco UCS) supports multiple SAN technologies. You can connect Ci to the storage, by using technologies such as {SCSI, Fibre Channel, FCoE. Every technology has ferent requirements and characteristics. The iSCSI is a transport protocol that operates in addition to the TCP and encapsulates SCSI commands and data into TCP/IP. Therefore, it needs an operational IP network between the server and the storage. The Fibre Channel protocol is the most common storage networking technology that defines the network layers to route storage traffic between the server and the storage. On the other hand, FCoE uses Ethernet as a transport technology for Fibre Channel. It replaces the lower layers of Fibre Channel with Ethernet, The requirements for lossless connectivity forces some modification on the Ethernet. You can use all these technologies in the Cisco UCS implementation, and you can use the one that suits your needs. ‘This module covers the listed technologies and how you can use these technologies in Ciseo UCS. (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Untied Computing (DCUC!) 5354 Implementing Cisco Data Genter Unified Computing (OCUC!) (©2017 Cisco Systems, Inc.Lesson 1: Implementing iSCSI Introduction iSCSI is a transport protocol that operates in addition to TCP and encapsulates SCSI commands and data into TCP/IP. iSCSI provides an interoperable solution that can take advantage of existing IP-based infrastructures and management facilities. iSCSI is one of the protocols that is used in the SAN networks, which is gaining more popularity. You will learn how SCSI migrates from DAS to SAN. iSCSI uses the concept of the initiator and the target. To enable access from the initiator to the target, you need TCP connectivity between the server and the storage. To address a specific LUN on the storage, the iSCSI uses its own iSCSI addressing, During this lesson, you will learn more about iSCSI addressing, The iSCSI protocol is not designed for failures, retransmitting of packets, or data loss. It is very important that you provide resiliency and high availability. iSCSI also allows you to use multipathing to forward traffic over multiple paths between the server and the storage. In this lesson, you will also learn more about the multipathing feature. In the lab part, you will learn how to configure an iSCSI LUN and service profile. Comparing iSCSI Addressing iSCSI is an IP-based storage networking standard, It allows TCP/IP network. nts to send SCSI commands over the (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Untied Computing (DCUC!) 55Comparing iSCSI Addressing Overview of the iSCSI addressing: + iSCSI uses the following information for communication: — Hostname or IP address, TCP port number ~ iscSiname ~ Optional CHAP secret + The iSCSI name follows one of these formats: ~ ION ~ eu — NAA iSCSI hosts communicate between each other over an IP network. Generally, the iSCSI uses the following information to establish connections between iSCSI targets and initiators: + Hostname or IP address + TCP port number (the default is TCP 3260) + iSCSI name + Optional CHAP secret Both iSCSI targets and initiators require names for identification. These names must be unique within the operational domain, To allow the worldwide scope, the iSCSI name format is designed as worldwide unique. ‘The iSCSI name defines the logical entity and should not be tied to an interface or any other hardware. The logical addressing allows you to replace the transport or the hardware. You can still use the same iSCSI name to define targets and initiators, An iSCSI name consists of two parts. The Currently, there are three different types: * iSCSI Qualified Name: |QN + — Extended Unique Identifier: EUL + TIT Network Address Authority: NAA st part is the type designator. It is followed by a unique name. ‘The IQN and EUI formats are the most common types. The NAA format was added later in RFC 3980 to provide compatibility with the naming conventions that are used in Fibre Channel and SAS storage technologies, ‘56 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Comparing iSCSI Addressing (Cont.) IQN overview: + IQN consists of the following components: ~The “ign” string: Distinguisher from the other name types — Date code: The date of the domain registration Naming authority: Usually the reversed domain name Unique name: The unique name of the iSCSI host + The IQN format: “ign” | yyyyemm | Naming-authority | Unique Name ign.2015-09.com.example.storage:hostt ‘The IQN type uses domain name in the name. It can be generally used by any organization that owns a domain name. A domain name does not have to be active, and does not have to resolve to an address. It just needs to be reserved to prevent others from generating the iSCSI names with the same domain, Since ownership of the domain can be changed, IQN also includes the date, which indicates the time of the domain registration. ‘The IQN name can be up to 255 characters long and consists of the following elements: + The “iqn” string: The string is used to distinguish the name from the other name types. + Date code: The date code in the format yyyy-mm, This code is the date when the naming authority was established + Naming authority: It is usually a reversed domain name of the naming authority. For example, the isesi.example.com would be presented as com.example. + Unique name: The name that you can use for the iSCSI hosts. This name must be unique inside the same domain. ‘The name elements are separated with dots, except the naming authority and the unique name, which are separated with a colon. The complete syntax of the IQN name is iqn.yyyy-mm.naming-authority:unique- name (example: iqn.2015-09.com.example.storage:host2). © 2017 Cisco Systems, Inc Implementing Cisco Dala Center Unified Camputing (DCU 87Comparing iSCSI Addressing (Cont.) EUI name overview: + Aglobally unique identifier that the IEEE Registr mechanism provides + Uses the EUI-64 format to generate a unique identifier — 64-bit value ~ _ASCll-encoded in 16 hexadecimal digits ‘Authority “eui” EUI-64 Identifier ‘The IEEE Registration Authority provides a mechanism that can generate a globally unique identifier (EUD. ‘The iSCSI uses the EUI-64 format, which other protocols also use (for example, to generate an autoconfigured IPV6 address from a MAC address). The EUI-64 format is a 64-bit value that is ASCII- are reserved for a unique ID, such as a serial number. st 24 bits fo the company. The following 40 bits ‘The EUL iSCSI name consists of the eui prefix, which is followed by the EUI-64 identifier (for example, eui.0123456789ABCDEF). ‘58 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.iSCSI Multipathing The iSCSI protocol is not designed for failures, retransmitting the packets, or data loss. Therefore, itis very important that you provide resiliency and high availab iSCSI Multipathing iSCSI multipathing overview: » Multiple paths between the server and the storage + Provides high availability and load balancing + Protects against path failures ‘You can achieve iSCSI redundancy using the following methods: + Link aggregation + iSCSI multipathing—active/standby + iSCSI muttipathing—active/active Although link aggregation can provide the redundancy for storage traffic, it does not protect you against path failures. Therefore, itis recommended that you use the iSCSI multipathing feature. ‘The connection from the server to the storage is referred to as the path. When you have multiple paths between the server and the storage unit (ILUN), you can configure iSCSI multipathing, Multipath connectivity provides redundant access to the storage devices. ‘When you are using the active/standby configuration, you will have one active path and a backup path, which will become active in the case of a primary path failure. With the active/standby configuration, you can only achieve high availability With the active/active configuration, you have two active paths from the server to the storage. The advantage of using this configuration is the load balancing between both paths. With load balancing, you can also achieve an increased throughput because you are using both paths. ‘To implement iSCSI multipathing, you will have to install two NICs on the server. You will also have to provide redundant paths between the server and the storage by using a redundant network equipment. © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCUCH 69Note Note that iSCS! multipathing protects only against path failures and not against a storage failure. iSCSI Multipathing (Cont.) iSCSI multipathing resiliency: + Failure on the primary path between the server and the storage If there is a failure of the primary NIC, or the link between the primary NIC and the switch, or a failure on the switch, you will still have connectivity over the secondary path. In this case, you must be aware that the overall throughput is reduced, because only a single path When there is a failure beyond the server link, the network can establish a new path fo the storage. In this case, you can still use both paths to achieve load balancing. There will be no throughput decrease ive. 60 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Evolution of SCSI from DAS to SAN ‘The remote storage has been through several different topologies, from the DAS to the SAN. Evolution of SCSI from DAS to SAN DAS overview: + DAS is connected directly to the host and has limited mobiity + DAS has limited scalability because of limited devices. + DAS does not provide efficient storage sharing. + DASis costly to scale and complex to manage. ‘The DAS is storage that is directly attached to the host. There are no network devices between the host and the storage. It is commonly described as captive storage. Devices in a captive storage topology do not have direct access to the storage network and do not support efficient sharing of the storage. For example, the only way to access the DAS devices is if you use the host CPU. DAS is often implemented within a parallel SCSI implementation. To access data in the DAS, a user must go through some sort of front-end network. DAS devices provide little or no mobility to other servers and little scalability. DAS devices limit file sharing and can be complex. to implement and manage. For example, to support data backups, DAS devices require resources on the host and spare disk systems that other systems cannot use. © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCU 61Evolution of SCSI from DAS to SAN (Cont.) NAS overview: + You access NAS over an IP network. —_ Servers can share storage devices. — Users can share files + You can access storage at a file level via NFS or CIFS. + NAS supports a slower file retrieval than DAS, ‘The NAS device is dedi ted to file sharing. NAS devices have direct IP capabilities that allow access at a file level, using a protocol such as the NFS or the CIFS across an IP network. NAS devices provide data e, access, and the management of these functions. NAS devices support file-serving requests so that storage resources can be freed up on other servers. NAS servers commonly employ SCSI and RAID technologies internally. A NAS device is directly connected to a front-end network. Servers and users can share storage devices. NAS devices respond to requests by providing portions of the file system. To retrieve a file, a NAS device must open a directory, read it, locate the file, check permissions, and then transfer the file. Ifthe file is several directories deep, the NAS device needs to perform repeated operations to retrieve one file. This process can require considerable network traffic, although you can tune TCP to help optimize the file transport 62 Implementing Cisco Data Center Untied Computing (OCUCI) (© 2017 Cisco Systems, Inc.Evolution of SCSI from DAS to SAN (Cont.) = 2 f SAN overview I Gc » Advantages: -_ “. o Fe — Separate storage from the \ J server. ~ High-performance LAN interconnection can provide a high VO throughput. Servers can share storage. " - Disaaverages: om Em = Itmight have limited vendor \ interoperability SAN 7 \ soa fa af SAN is a high-speed network of storage devices. The SAN technology is designed to remotely attach storage devices such as disk drives to host computers. The SAN technology allows a high throughput and therefore high performance. For example, an advantage of the SAN technology is that data access is provided at a block level via the SCSI protocol. ‘The SAN technology supports shared storage that is separated from the server or servers that use it. You can easily move storage resources or allocate them with no interruption of service on the servers. Managing a SAN tends to be more complex than managing a DAS. However, SANs provide a lower TCO because the storage is not captive to one server, so there is a more efficient usage of storage resources. The consolidation of multiple lower-end storage systems into centralized, higher-end systems allows reduced administrative overhead. A backup is easier with the SAN technology because it does not tie up the host capacity or require a dedicated network or bandwidth on the main network. The SAN technology also supports a fast implementation of high availability When you consolidate the storage resources to the same fabric, you can easily make use of many features, ‘These features include data replication, data sharing, and centralized backups. One of the most common technologies that you can use to implement a SAN is Fibre Channel. It uses a dedicated high-speed network to provide connectivity to the server. As an alternative, you can use iSCSI, which uses standard TCP/IP protocols to transport the SCSI protocol. The advantage of using iSCSI is that you can use the same network equipment that you have already implemented to provide server connectivity. ‘The disadvantage of using SAN is that usually there is, limited vendor interoperability. © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCUCH 63Challenge L Which three pieces of information does the initiator need to establish an iSCSI connection to the target? (Choose three.) the targets MAC address the TCP port number the worldwide name the IP address of the target the iSCSI name =mOOR> the iSCSI URL 2. Match the type designator in the iSCSI name with the best description. EUI The uniqueness is provided by using a domain name and date code. NAA ‘The uniqueness is provided by IEEE Registration Authority mechanisms, Provides compatibility with naming conventions that Fibre Channel and SAS IQN storage technologies use. 3. Which iSCSI name format is used in the following iSCSI name: 2015-09.com.example.storage:host1? A. WWN B. BUI Cc. ION D. NAA 4. What is the best description of iSCSI multipathing in the active/active mode? A. The server aggregates two or more links to one virtual link and forwards the iSCSI traffic over that virtual link B. The server uses two separate NICs for the iSCSI traffic, but only one is active at the same time. CC. The server uses two separate NICs for the iSCSI traffic, and both NICs are active at the same time. D. The server uses one NIC for the iSCSI traffic, but the server finds two or more paths to the target 5. Which two technologies are most commonly used in the SAN? (Choose two.) A. CIF B. iSCSI C.NFS D. SATA E. Fibre Channel 6. What are the three benefits of using the SAN instead of the DAS or the NAS? (Choose three.) A. vendor interoperability B. easier backups C. faster data replications and data sharing, D. simpler management than managing DAS E. simple file sharing applications F. more efficient usage of storage resources ‘64 __Implamenting Cisco Dala Cantor Unied Computing (OCUCI) ‘© 2017 Cisco Systems, Ine7. What is the best description of the differences between native Fibre Channel and iSCSI? A. Fibre Channel implements a dedicated network, while the iSCSI can use the existing TCP/IP network, B. Fibre Channel uses the existing TCP/IP network, while the iSCSI implements a dedicated network, C. Fibre Channel is encapsulated directly into the Ethernet segment, while the iSCSI is encapsulated into the IP packet D. Fibre Channel uses IP addresses for traffic forwarding, while the iSCSI uses the WWNs to correctly route the traffic. © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCUCH 65Answer Key Challenge 1 BD. 2 fon The uniqueness is provided by using a domain name and date code. eul ‘The uniqueness is provided by IEEE Registration Authority mechanisms, NAA Provides compatibilty with naming conventions that Fibre Channel and SAS storage technologies use 3. € 4.C 5. BE 6. BLC,F 7A ‘66 Implementing Cisco Dala Cantor Unified Computing (OCUCI) ‘© 2017 Cisco Systems, IneLesson 2: Implementing Fibre Channel Port Channels Introduction Fibre Channel is a standards-based technology that is primarily used for storage networking. The Fibre ‘Channel infrastructure ensures communications between various interface points, which are called Fibre Channel ports. They may be embedded in an I/O adapter, an array or tape controller, or in a fabric switch. Fibre Channel provides port channel technology, which is very similar to the Ethernet port channel, During the lesson, you will learn more about VSANS and how to configure VSANs. You will also learn how you can use and configure the Fibre Channel port channel and trunking on that port channel. To secure devices that are located in the same fabric, you can use the zoning functionality, which will be explained. You will also lean how to configure zoning, VSAN Functionality A SAN is a dedicated network that interconnects hosts and storage devices primarily to exchange SCSI traffic. In SANs, you use the physical links to make these interconnections. (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unied Computing (DCUC!) 67VSAN Functionality VSAN overview: + Multiple VSANs share the same physical topology. + Provides isolation among devices in different VSANs. + Per VSAN fabric-related configuration. + Isolated failure events. SAN fo SAN tor SAN for ‘Aeplcaton Severs FleSeversDalsbare Severs tenes 1 Ee You can achieve higher security and greater stability in the Fibre Channel fabrics by using VSANs. A VSAN is a virtual SAN that provides isolation among devices that are physically connected to the fabric. With VSANs, you can create multiple logical SANs over a common physical infrastructure. With VSANs, you can build a single physical topology that contains switches and links. On top of the physical infrastructure, you can build a logical infrastructure with VSANs. Each VSAN in the topology has the same behavior and property of a SAN. The following are the features of VSANs: + Multiple VSANs can share the same physical topology. + You can assign the same Fibre Channel ID to the host in another VSAN, which increases VSAN scalability. + Every VSAN instance runs all required protocols, such as FSPF, domain manager, and zoning, + Pabric-related configuration in one VSAN does not affect the traffic in other VSANs. + Events that caused traffic disruptions in one VSAN are not propagated to other VSANs. As the figure shows, you can create multiple VSANs. These VSANs share the same physical infrastructure, but are isolated among each other Each VSAN is a logically and functionally separate SAN with its own set of Fibre Channel fabric services. ‘This partitioning of fabric services greatly reduces network instability by containing fabric reconfigurations and error conditions within an individual VSAN. It provides the following fabric services + Name server + Zone server + Domain controller + Alias ver + Login server 68 Implementing Cisco Data Center Untied Computing (OCUCI) (© 2017 Cisco Systems, Inc.FSPF routing Management VSAN Functionality (Cont.) The advantages of using VSAN: * Traffic isolation + Scalability » Per VSAN fabric services » Redundancy + Ease of configuration VSANS offer the following advantages: ‘Traffic isolation: A VSAN contains traffic within its boundaries and devices reside only in one VSAN This feature ensures separation between groups, Scalability: You build VSANs on top of a single physical infrastructure, The ability to create several logical VSANs increases the scalability of the SAN. Per VSAN fabrie servi scalability and availability. : Replication of fabric services on a per VSAN basis provides increased Redundaney: You can configure multiple paths between the hosts and the devices using VSANS. Ifthe primary VSAN fails, a redundant VSAN on the same physical SAN can take over. Ease of configuration: You can add, move, or change devices between VSANs without changing the physical structure of a SAN. Moving a device from one VSAN to another requires configuration only at the port level, not at the physical level © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCUCH 69VSAN Functionality (Cont.) + An example of using VSAN: Production SAN Backup Servers. ‘SAN Backup Production VSAN Back Servers Itis common practice to send backup traffic to an independent and physically isolated backup or tape SAN. With this solution, you can provide the desired level of isolation and performance for the tape traffic. But this solution is complex and expensive. Alternatively, you can use the VSAN technology to isolate the backup traffic. With this solution, you ca in create a dedicated VSAN to carry only the backup traffic. This design reduces the cost of a separate isolated SAN for backup. But on the other hand, you can still achieve the same level of isolation. ‘The figure shows how you can consolidate the production and backup SANs by using the VSAN technology. 70 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Fibre Channel Port Channel Functiona Port Channels refer to the aggregation of multiple physical interfaces into one logical interface to provide a y higher aggregated bandwidth, load balancing, and link redundancy. Fibre Channel Port Channel Functionality Fibre Channel port channel overvie\ «Allows the aggregation of physical links into se the one logical link + Port channel options: L — Between two switches (ISL) ~ Between the switch and the node + Increases the aggregate bandwidth + Provides high availability A Fibre Channel port channel allows you to group several physical Fibre Channel ports (link aggregation) to create one logical Fibre Channel link. This logical Fibre Channel link provides fault tolerance and high speed connectivity. ‘You can forma port channel between two switches on ISL. or between the switch and the node. Both port channel types have the same features When you use a port channel on ISL, you are grouping multiple F, Ports into one logical interface. The port channel provides a point-to-point connection over ISL. It increases the aggregate bandwidth on an ISL by distributing traffic among all functional links in the channel. The advantage of using a port channel is that you also get high availability. If one of the links fails, the port channel switches the traffic to the remaining links. If a link goes down in a SAN port channel, the upper layer protocol is not aware of it. To the upper layer protocol, the link is still there, although the bandwidth is decreased. ‘When you bundle multiple physical links, the reduced database size and frequeney of link updates improve the FSPF efficiency. When you bundle physical links, the failures are not attached to a single link, but to the entire port channel. The failure of a link in a Port Channel does not trigger a route change, therefore reducing the risks of routing loops, traffic loss, or fabric downtime for route reconfiguration. The following parameters and settings must match at both ends of a port channel to establish the port channel + Capability parameters (the type of interface, Fibre Channel at both ends) + Administrative compatibility parameters (speed, mode, port VSAN, allowed VSAN, and port security) + Operational parameters (speed and the WWN of the remote switeh) © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCU) 71Fibre Channel Port Channel Functionality (Cont.) Port channel and trunking Port. Channel Only; overview: E Ports + Port channel without trunking aS NX — Usage of standard E ports Ist ~ Appropriate for connecting non- | s ae Cisco switches : + Port channel with trunking + Usage of TE ports, + Support for multiple VSANs Port Channel and Trunking be ax fe i When you are connecting Cisco and non-Cisco switches, you can use an industry standard E Port. The connection is referred to as ISL. When you enable VSAN trunking to transmit frames in the EISL format for multiple VSAN, the E port becomes a TE Port. You can connect EISL only between Cisco switches. You have the following options when you connect switches together using a port channel: + Create a port channel with members that are E ports. In this configuration, the port channel implements a logical ISL (carrying traffic for one VSAN). + Create a port channel with members that are TE Ports. In this configuration, the port channel implements a logical EISL (carrying traffic for multiple VSANS). 72 Implementing Cisco Data Center Unified Computing (OCUC!) (© 2017 Cisco Systems, Inc.When you create a port channel, the traffic is load-balanced between the links in the port channel. A port Fibre Channel Port Channel Functionality (Cont.) Flow-Based Load Balancing Port channel load balancing ‘overview: + Flow-based: — Allframes between the same source and destination follow the same link. + Exchange-based: — Allframes in the same exchange Exchange-Based Load Balancing follow the same link. Tl s01-001 Hl s02-p102 channel provides the following methods of load balancing: Flow-based: All frames between the source and d is, the link that is selected for the first exchange of the flow is used for all subsequent exchanges. Exchange-based: The first frame in an exchange is assigned to a link. All subsequent frames in the exchange follow the same link. However, subsequent exchanges can use a different link. This method provides finer granularity for load balancing while preserving the order of frames for each exchange. stination follow the same links for a given flow. That © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Computing (DCUCI) 3Fibre Channel Port Channel Functionality (Cont.) Port channel protocol overview: + The port channel creation modes: ~ Manual configuration ~ Automatic creation + The subprotocols that the port channel protocol uses: ~ Bringup protocol ~ Autocreation protocol ‘The switch software provides robust error detection and synchronization capabilities. You can manually configure channel groups, or they can be automatically created. In both cases, the channel groups have the same capabilities and configurational parameters. Any change in the configuration that you apply to the ociated SAN port channel interface is propagated to all members of the channel group. Cisco SAN switches support a protocol to exchange port channel configurations. This protocol simplifies port channel management with incompatible ISLs. An additional autocreation mode enables ISLs with compatible parameters to automatically form channel groups without manual intervention. The port channel protocol uses two protocols + The bringup protocol: Automatically detects misconfigurations so you ean correct them. This protocol synchronizes the SAN port channels at both ends, so that the same link carries all frames for a given flow (as identified by the source FC |, desti ion FC ID, and OXI) in both directions. wutomatically aggregates compatible ports into a SAN port channel, + The autocreation protoc 74 Implementing Cisco Data Center Unified Computing (OCUC!) (© 2017 Cisco Systems, Inc.Purpose of Zoning Fibre Channel offers many security features that you can use. The zoning feature is one of them. It allows you to control access and data traffic between different nodes Purpose of Zoning Fibre Channel zoning overview: + Partitions Fibre Channel fabric into one or more zones, + Limits communication to the devices in the same zone + The main goals of zoning: — Enhances SAN security — Helps prevent data loss or corruption — Reduces performance issues Fibre Channel zoning allows you to partition the Fibre Channel fabric into one or more zones. Each zone defines the set of Fibre Channel initiators and Fibre Channel targets that can communicate with each other in a SAN. Zoning also enables you to set up access control between the hosts and the storage de groups. The a es oF user cess and data trafic control that the zoning provides does the following: + Enhances SAN security + Helps prevent data loss or corruption + Reduces performance issues ‘The zoning provides security between devices that are connected to the same fabric. The primary goal is to prevent certain devices from accessing other devices. Since there are many different types of server and storage devices, you should place special attention on security. For example, if two hosts can access the same disk and the hosts have potentially different operating systems, the data could become corrupted. © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCU 75Purpose of Zoning (Cont.) + An example of zoning: Each zone can consist of multiple zone members. The members of a zone can access each other, while the members of different zones cannot access each other. When you do not activate zoning, all devices are members of the default zone. You can add a device to more than one zone. As you can see from the figure, the hosts HI, H2, and storage SI are members of Zonel. They are able to access each other. The host H3 and storage S2 are members of Zone3. The host H3 and storage S1 are also members of Zone2. Because the host H3 is a member of Zone2 and Zone3, it can access both storages —S1 and S2. But on the other hand, it cannot access the hosts SI and S2. Purpose of Zoning (Cont.) Soft zoning: + Name server query responses enforced soft zoning. + Name server returns the list of zone members. Hard zoning >) ard one + Hardware enforces hard zoning. "| * Comparing the source and destination IDs to permit or deny t the frame. . 76 Implementing Cisco Data Center Unified Computing (OCUC!) (© 2017 Cisco Systems, Inc.Zoning can be enforced in two ways: + Soft zoning + Hard zoning Each end device (N Port) discovers other devices in the fabri by querying the name server. When a device logs in to the name server, the name server returns the list of other devices that the querying device can ac In soft zoning, zoning restrictions are applied only during interactions between the name server and the end device. It means that when the device queries the name server, the name server returns the list of all devices in the same zone. The drawback of such a solution is that if an end device somehow knows the FC ID of a device outside its zone, it can access that device. However, the benefit of using a soft zone is that you can connect to any port of the switch and you will have access to the other nodes in the fabric that you are allowed to access. Hardware enforces hard zoning on each frame that an N port sends. As frames enter the switch, the system compares the source and destination IDs with the permitted combinations to allow the frame at wire speed. In hard zoning, you place the port into the zone. Therefore, any device that is connected to that port is in the zone and can access all other devices that are in the same zone. © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCU) 77Challenge Which three descriptions of VSAN features are correct? (Choose three.) A. You cannot assign the same Fibre Channel ID to the host in another VSAN. B. Multiple VSANs can share the same physical topology. C.__ Every VSAN instance runs all required protocols. D. Required protocols run globally for all instances E. You can assign the same Fibre Channel ID to a host in another VSAN. F. Multiple VSANs cannot share the same physical topology. 2. Match the VSAN advantages with their best descriptions. per VSAN fabric services A node in one VSAN cannot access a node in another VSAN. You build a VSAN on top of a single physical infrastructure, scalability which allows you to create several logical VSANs redundancy Every VSAN runs its own name server. ease of You can configure multiple paths between the hosts and the configuration devices using VSANs. You can add, move, or change a device between VSANs. traffic isolation without changing the physical structure of a SAN. . Which three parameters must match at both ends of a port channel to establish the port channel? (Choose three.) A. the port VSAN B. the switch MAC address CC. the speed D. the physical interface ID E. the port channel interface ID F. the mode Which two load-balancing options do you have when you are using port channel? (Choose two.) A. flow-based B. _frame-based CC. ink-based D. exchange-based E. random What is the best description of flow-based and exchange-t channel? ~ased load balancing in a Fibre Channel port A. In flow-based load balancing, all frames with the same SID and DID flow through the same link, while in exchange-based load balancing, all frames with the same SID, DID, and OX ID flow through the same link. B. In flow-based load balancing all frames with the same SID, DID, and OX ID flow through the same link, while in exchange-based load balancing, all frames with the same SID and DID flow through the same link D. In flow-based load balancing, all frames with the same SID and OX ID flow through the same link, while in exchange-based load balancing, all frames with the same SID flow through the same link, Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.6. What is the best description of the zoning? A B. c. D. Zoning provides a logical separation of the devices between different VSANs Zoning provides a separation of the Ethernet and Fibre Channel traft Zoning provides security between the devices that are connected to the same fabri Zoning is provided by the Fibre Channel firewall to protect resources against attacks from the Internet. 7. What is the best description of soft and hard zoning? A B, ‘The name server query responses enforce both zoning types, but hard zoning also adds an authentication to the queries. ‘The name server query responses enforce soft zoning, while the hardware enforces hard zoning by checking every frame that arrives to the switch. Soft zoning compares the source and destination IDs with the permitted combinations, while hard zoning uses the same comparison and also checks the authentication header in frame The hardware enforces soft zoning by checking every frame that arrives to the switch, while the name server query responses enforce hard zoning. © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCUCH 79Answer Key Challenge L BGE 2 traffic isolation scalability per VSAN fabric services redundancy ease of configuration Anode in one VSAN cannot access a node in another VSAN You build a VSAN on top of a single physical infrastructure, which allows you to create several logical VSANs. Every VSAN runs its own name server. You can configure multiple paths between the hosts and the devices using VSANs. You can add, move, or change a device between VSANS: without changing the physical structure of a SAN. 3. AGF 4. A.D SA 6 Cc 7B 80 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.Lesson 3: Implementing FCoE Introduction FCoE is a technology that allows transferring Fibre Channel frames over the Ethernet. You can implement the FCoE in many different ways. Therefore, you will learn more about FCoE topologies and how different topologies affect the deployment. The LAN and the SAN traffic have many different requirements. To support SAN traffic, Ethemet needs some adaptation. You will learn more about these enhancements and the protocols that are used to implement these enhancements. During the lab part of the lesson, you will learn how to implement the FCoE technology on servers and networks. You will also learn how to implement native Fibre Channel technologies into the FCoE environment. FCoE Topologies ‘The FCoE replaces the FC-0 physical interface and FC-1 encoding layers with the Ethernet. This replacement allows you to forward Fibre Channel through the Ethernet links. (©2017 Cisco Systems, Inc. Implementing Cisco Data Center Unified Computing (DCUCH) BtFCoE Topologies FCoE topologies overview: + FCoE LEP is a logical layer between the native Ethemet and the native Fibre Channel. + FCoE connection between the VN Port on the host and the VF Port on the FSF. + Single-hop topology. ~ FCoE connection between the host and the FCF. ~ Native FC connection between the FCF and the SAN. Node ‘The FCoE introduces the FCoE LEP, which is present between the native Ethernet and the native Fibre Channel layers. The FCoE LEP is responsible for the encapsulation and de-encapsulation of the frames that are necessary to transport Fibre Channel frames over an Ethernet network. You will typically use FCoE, LEPs in the FCF and CNA. The FCF is a switch that is capable of Ethernet and Fibre Channel. The CNA is a server-side connection for the FCoE network. In the classical Fibre Channel, you connect the host to the Fibre Channel switch with the N Port on the host. You use the F Port on the Fibre Channel switch. When you are using FCoE, you connect the host with the VN Port to the VF Port on the switch, The VN Port and the VF Port are defined in the FCoE LEP. Ina single-hop topology, you use the FCoE between CNA and FCE, Then you connect the FCF directly to the native Fibre Channel network. 82 Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.FCoE Topologies (Cont.) + Single-hop topology options: Node =~ For ei c= —_—_§_ az wes CD— + Gz wi | —_—__—¢ ooh =op— qn You have multiple options to deploy a single-hop FCoE topology. The most straightforward option is to connect the node directly to the FCF. It is recommended that you use this option. You can also connect the node and the FCF to the lossless Ethernet switch. With this topology, you implement an Ethernet network between the node and the FCF. The Ethernet is not FCoE aware, which ‘means that no Fibre Channel actions are applied to the traffic between the node and the FCF. The advantage of using such a solution is that you can expand the fabric size without expanding the domain IDs. But on the other hand, there are disadvantages from the security point of view. Because you do not have visibility in the Ethernet segment from the FCoE point of view, your network is susceptible to man-in-the-middle attacks. It means that some rogue server can pretend to be an FCF switch and insert itself into the middle of the traffie flow. With this solution, you also lose the ability to use the Fibre Channel forwarding or the multipathing technology. This solution is not recommended from a storage perspective. You can also insert an FIP snooping bridge between the node and the FCF. The FIP snooping monitors FIP logins, solicitations, and advertisements that pass through. It then dynamically creates ACLs to make sure that the node to the FCF path is secure. The FIP snooping bridge does apply any Fibre Channel protocol services to the traffic, but enhances FCoE security by preventing FCoE MAC spoofing. It creates point-to- point links within the Ethernet network, © 2017 Cisco Systems, Inc Implementing Cisco Data Center Unified Camputing (DCUCH 6SNode E FCoE Topologies (Cont. Amultihop topology with FCoE NPV ‘Amultihop topology with FCoE VE Ports i —> Cai ) FooE NEV FOF fan — Cai Extending the idea of a single-hop FCoE, you multihop FCoE, where the native Fibre Channel in create a multihop FCoE topology. You can create a not strictly needed, and you can use the Ethernet interfaces to forward both bre Channel and Ethernet. ‘The benefit of'a multihop FCoE is to simplify the topology and reduce the number of native Fibre Channel ports that are required in the network. When you are using a multihop FCoE, you can follow the same principles of encapsulating Fibre Channel frames in the Ethernet for switch-to-switch connections (ISL). You have two options for multihop topologies: A multihop topology with NPV switches A multihop topology with VE Ports ‘The NPV switch is an enhanced FCoE pass-through switch that allows the switch to act like a server. The main function of NPV is to perform proxy functions toward the FCF. It allows multiple logins through a single physical link. The advantages of using NPV switches are that they provide load balancing and traffic engineering, while maintaining FCoE security. An FCoE NPV switch is VSAN-aware and capable of assigning VSANs to the hosts. The NPV is connected to the FCF via a VNP Port. On the VNP Port, an FCoE NPV switch emulates an FCoE-capable host with multiple nodes. The servers are connected to the VF Port. ‘The multihop topology with virtual expansion ports uses VE Ports to connect FSF switehes. With this solution, you can design the network in the same way as you design a Fibre Channel network with E Ports The solution gives the most control and visibility into all aspects of the SAN traffic. Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.FCoE Topologies (Cont.) + The dynamic FCoE topology overview: ‘The dynamic FCoE topology allows you to use FCoE: as an overlay on top of the Ethernet. It uses, FabriePath with a leaf-spine architecture. The FabricPath architecture provides a multipath capability with redundancy to handle node failures, Ina dynamic FCoE topology, you will use leafs as FCF switches that forward traffic through transparent spines. FCoE hosts and FCoE storage devices are connected to a FabricPath topology through the leaf switches. Only the leaf switches perform FCoE forwarding. The spine switches just forward MAC-in-MAC encapsulated Ethernet frames that are based on the outer destination ‘The FabricPath realizes the SAN A and SAN B separation in a logical manner across the backbone. The physical separation is maintained from the FCF leaf to the end devices. Beyond the leaf, the FabricPath ECMP links carry the FCoE traffic for SANs A and B across all spines. ‘The FabricPath between leafs and spines allows you to take advantage of autodiscovery and lookup capabilities to dynamically discover and create the links between each of the switches. The following are the features of the dynamic FCoE topology: + Dynamically discovers the paths across each spine to the destination FCF + Dynamically creates the virtual Fibre Channel ports + Dynamically creates the VE Port type + Dynamically initiates the ISL © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCUCH 8Sestablishment, maintenanes is known as FIP. FCoE Ini ‘The protocol that focuses on the FCoE control plane functions and specifically on the virtual link ialization Protocol teardown, and other management funetions between the pairs of FCoE devices FCoE Initialization Protocol The FCoE Initialization Protocol overview: + Aprotocol for establishing and maintaining Fibre Channel virtual inks between a pair of FCoE devices. + Supported links: — The link between VN Ports and VF Ports (ENode to FCF) ~The link between a pair of VE Ports (FCF to FCF) + Features of FIP: ~~ FCoE VLANS and remote virtual FC interfaces discovery ~ Virtual ink initaization functions ~ Virtual ink maintenance functions — Virtual link teardown functions Implementing Cisco Data Center Unified Computing (OCUCI) (© 2017 Cisco Systems, Inc.FIP is the FCoE control protocol that is responsible for establishing and maintaining Fibre Channel virtual links between pair of FCoE devices. FIP can establish virtual Fibre Channel links between VN Ports and VF. Ports (ENode to FCF), and between pairs of VE, Ports (FCF to FCF). During the virtual link establishment phase, FIP first discovers FCoE VLANS and remote virtual Fibre Channel interfaces. Then it performs virtual Link initialization functions (FLOGI and FDISC, or ELP) similar to the native Fibre Channel. After it establishes the virtual link, the FCoE devices can exchange Fibre Channel on the virtual link. The FIP remains in the background to perform virtual link maintenance functions. It continuously verifies the reachability between the two virtual Fibre Channel interfaces on the Ethernet network. The FIP also offers primitives to delete the virtual link in response to the administrative actions to that effect. FCoE Initialization Protocol (Cont.) Atypical FIP exchange between the ENode and the FCF: ENode FCF VLAN VLAN Discovery Discovery FOF FOF FIP: FCoE Discovery Discovery Initialization Protocol FLOGI and FLOGI and FDISC ——_ FDISC Accept FC —— Fe command FCoE Command |_ == Response Protocol The FIP defines two discovery protocols and a protocol to establish virtual links between a pair of FCoE devices, ENodes usually initiate all protocols, although FCFs can generate unsolicited FIP advertisements, FIP frames and FCoE: frames use different EtherTypes and encapsulations. The FIP uses EtherType 0x8914, while FCoE uses EtherType 0x8906. The reason for that is that FCoE frames encapsulate the native Fibre Channel, whereas FIP frames describe a new set of protocols that are not needed in the native Fibre Channel. You should also be aware that the ENode uses different souree MAC addres encapsulation. FIP frames use a globally unique MAC address that the manufacturer assigns (the ENode MAC address). FCoE frames use a locally unique MAC address that the FCF dynamically assigns to the ENode in the FIP virtual link establishment proc: © 2017 Cisco Systems, Inc Imnplementing Cisco Data Center Unified Camputing (DCU 7