CMUG: Designing for VPC, FEX, and Datacenter Virtualization

Peter Welcher
Architect, Operations Technical Advisor
In this CMUG session I primarily discussed datacenter access layer virtualization. The content drew slides from several CiscoLive 2011 presentations, accompanied by some slides of my own. The intent was to try to look at datacenter virtualization from a slightly different perspective.

One goal of the talk was to provide fairly solid coverage of VPC and FEX (Nexus 2000) designs and best practices. Another theme was that the VN-Tags (former Cisco term) and VN-Link technology present in the Nexus 2K FEX are logically present in the Cisco 1000v, and literally present in the Cisco NIC adapter technologies named Adapter-FEX and VM-FEX. These provide per-host and per-VM virtualization of a NIC, allowing the logical interfaces to then be configured on the attached Nexus 5500 switch. In effect the NIC (or “VIC”) behaves somewhat  like a hardware-based version of the Nexus 1000v, with the Nexus 5K doing the switching in hardware.

The talk also briefly touched on somewhat related topics such as OpenFlow and VXLAN, mostly via discussion and whiteboarding not reflected in the slides. Active questions from the audience covered a lot of ground as well. (Great turnout — I’m honored that so many chose to spend their morning listening!)

For a PDF of the presentation, please download Designing for VPC, FEX and Datacenter Virtualization . (14.1 MB BIG download due to all the graphics!)

One response to “CMUG: Designing for VPC, FEX, and Datacenter Virtualization

  1. [b]Here’s a comment received by email:[/b]

    If it does not take to much time for you I have another question.
    I had several reading about e vpc-peerkeepalive, in terms of design.
    Can you tell me what is the best between the 2 possibilities below

    – to use one physical interface as a L3 peer-keepalive link between too N5K ?
    – to install a new specific vlan just for a point to point L3 peer-keepalive that use an SVI

    Personnally I prefer the first scenario since I do not have to configure a new vlan just for that and
    be sure that this vlan is excluded from the vpc peer link.

    PRO/CONS ? I do not see the added value for the second solution and the different forun do not help

    Many thanks

    [b]MY REPLY:

    If you have a separate port channel for non VPC VLANs, I’d use approach #2 since that would be robust. Or such a link for routing between the peers.

    If you dont have that, then I’d use a 1 g routed link dedicated to keepalives.

Leave a Reply


Nick Kelly

Cybersecurity Engineer, Cisco

Nick has over 20 years of experience in Security Operations and Security Sales. He is an avid student of cybersecurity and regularly engages with the Infosec community at events like BSides, RVASec, Derbycon and more. The son of an FBI forensics director, Nick holds a B.S. in Criminal Justice and is one of Cisco’s Fire Jumper Elite members. When he’s not working, he writes cyberpunk and punches aliens on his Playstation.


Virgilio “BONG” dela Cruz Jr.

CCDP, CCNA V, CCNP, Cisco IPS Express Security for AM/EE
Field Solutions Architect, Tech Data

Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.


John Cavanaugh

CCIE #1066, CCDE #20070002, CCAr
Chief Technology Officer, Practice Lead Security Services, NetCraftsmen

John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services.  Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.

He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.