Cisco’s Virtual Port Channel (VPC) feature is a nice way to build multiple link redundancy between two switches without the limitations of spanning tree (notably having one link unused in “blocking” mode). VPC is an extension of traditional Ether Channel bundles, but across two separate switches, and is a feature on the Cisco Nexus 5000 and 7000 switches.
A challenge when using VPC is that it requires duplicate and identical configuration of ports on both switches that have member ports. Cisco introduced “configuration sync” in NX-OS 5.0(2)N1(1) for the Nexus 5000s to help with this issue.
The initial configuration to enable configuration sync is simple. You do have to have the mgmt0 interface configured on both Nexus switches so that they can communicate with each other over IP.
The initial configuration involves the following steps:
! Enable CFS distribution over IP
configuration terminal
cfs ipv4 distribute
! Configure a switch profile and the sync-peer
config sync
switch-profile [name]
sync-peers destination [peer-IP-address]
The switch profile needs to be identically configured on both Nexus switches that are sync-peers. You will need to enter the switch-profile name everytime you want to add a synced configuration, so keep it short and simple - e.g. “switch-profile vpc”.
Once you have the initial configuration entered you can verify that things are working:
N5K01# sh switch-profile vpc status
switch-profile : vpc
----------------------------------------------------------
Start-time: 67539 usecs after Wed Apr 25 10:18:18 2012
End-time: 422813 usecs after Wed Apr 25 10:18:20 2012
Profile-Revision: 18
Session-type: Commit
Session-subtype: -
Peer-triggered: No
Profile-status: Sync Success
Local information:
----------------
Status: Commit Success
Error(s):
Peer information:
----------------
IP-address: 10.10.1.4
Sync-status: In sync
Status: Commit Success
Error(s):
That’s pretty much it to get it setup.
Configuration sync is most useful when configuring Virtual PortChannels (VPC) since it requires an exact replica of the interface and port-channel configuration on two Nexus 5000 switches.
Entering configuration commands using config sync requires two additional steps beyond entering standard config mode.
Enter normal configuration mode
config t
Enter Configuration Sync mode
config sync
Enter the switch profile name
switch-profile [name]
Now you can enter configuration commands just as you would in normal configuration mode.
There is one important additional difference over normal configuration - commands do not take effect, and are not synced, until you type the “commit” command. You can type any number of commands before committing them.
The “commit” process includes a mutual exclusion check (verify) step that validates that no existing commands are unintentionally overwritten. (You can also check this along the way with the “verify” command before you “commit” a large number of commands.) Commands that are entered in configuration sync mode cannot already be configured through regular command mode, and once configuration sync is used, subsequent changes to that configuration also need to be made in configuration sync mode (with the exception of some interface commands, shut/no-shuts, and system qos).
If commands in the commit buffer fail verification you can delete or edit them and then try the commit process again.
See which commands are sitting in the commit buffer:
show switch-profile buffer
Commands can be moved in the commit buffer:
buffer-move [current-seqID] [new-seqID]
Commands can also be deleted:
buffer-delete [seqID]
To clear the entire commit buffer:
buffer-delete all
Once a configuration is completed it can be hard to remember which interfaces and features were configured with config sync, and once you use config sync you need to modify those elements in the future with config sync.
To view the running or startup configuration commands that have been entered with config sync:
show running-configuration switch-profile
show startup-configuration switch-profile
If you already have a switch configuration that you want to migrate to a synced switch profile, there is an import process.
For details on importing and additional commands, features, and caveats check the Nexus 5000 NX-OS System Management Configuration Guide - Configuring Switch Profiles
The configuration sync is a useful option for setting up a large number of virtual port channels between two Nexus 5000 switches. It can also be used to configure physical interfaces for VPCs as long as identically numbered ports are used on both switches (which I consider a recommended practice anyway). Some may prefer to continue to copy-and-paste manually given the extra number of steps involved in the config-sync.
I find that remembering the switch-profile name is the item that trips me up the most when trying to use config sync. An easy way around this of course is to define an alias command for the switch profile:
cli alias name swpr switch-profile PROFILE_NAME
This way, anytime I want to add config via the config sync feature I just type the following from Enable mode:
nexus# config sync
nexus(config-sync)# swpr
nexus(config-sync-sp)# <enter commands>
nexus(config-sync-sp)# commit
Done.