Hi,
What is Portchannel 10 and 20 for? They are both down.
Can you post the config from both switches?
HTH

Similar Messages

Vpc peer-link forwarding behavior

Hey,
In this cisco doc (http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf ) I come across this statement:
One of the most important forwarding rules of vPC is the fact that a frame that entered the vPC peer switch from the peer link cannot exit the switch out of a vPC member port (except if this is coming from an orphaned port).
This makes perfect sense up to the "except if this is coming from an orphaned port". I can't seem to figure out why traffic sourced from an orphaned port (ie, "from" an orphaned port) and ulimately destined to a vPC member port is allowed -- since it should be sent out the local vPC member port and not across the peer link.
Would make more sense to me if it said "destined to an orphaned port", so of course it would have to cross the peer-link.
Can anyone shed some light on this exception to the rule?
Thanks!

Thanks Chad!
Kept racking my brain on that one, and the only time it would make any sense (ie, I was trying to fit a square peg in a round hole), is if you have IGP peering to each 7K from an orphan port (ex, FW), the IGP ECMP hashes a packet to the far-end 7K, and then the traffic sent to the directly attached 7K must be sent across the vpc-peerlink -- and in theory shouldn't be dropped. This is, of course, until you add peer-gateway command, which confuses matters a bit -- especially from an IGP control-plane perspective, but also in this loop-prevention rule, since the local 7K will handle the packets destined to the other's 7K MAC.
To complicate matters worse, the latest 5K release notes say to exclude-vlan for peer-gateway for your backup router vlan... still have to dive into that one.

Vpc bind-vrf on Nexus 7000/N7k to ensure forwarding of multicast traffic over peer-link?

In previous vPC setups with N5k (or also N6k), I had to use the 'vpc bind-vrf' command to ensure the forwarding of multicast over the vpc peer-link, especially for receivers in in non-vPC VLANs and the receivers connected to Layer 3 interfaces.
I am wondering why this command isn't available on N7k? Isn't this necessary on this platform or is it just not yet implemented?
Any hint is welcome!
Stephan Strack

Hey Stephan,
The 'vpc bind-vrf' command allocates a special internal VLAN for routing traffic over the vPC peer-link to ensure L3 connections on the vPC peer or orphan ports successfully receive multicast traffic on N5k/N6k platforms. This workaround is not needed on the N7K because that platform implements the vPC loop prevention rule differently in hardware.
In short, 'vpc bind-vrf' is not required on N7K.
-Andy

Can some explain vpc peer-link vlan issues for me?

I remove vlan from vpn peer-link , the vpc is gonna down.
I know this is design ,but why.
thank you!
Tom

Thanks Chad!
Kept racking my brain on that one, and the only time it would make any sense (ie, I was trying to fit a square peg in a round hole), is if you have IGP peering to each 7K from an orphan port (ex, FW), the IGP ECMP hashes a packet to the far-end 7K, and then the traffic sent to the directly attached 7K must be sent across the vpc-peerlink -- and in theory shouldn't be dropped. This is, of course, until you add peer-gateway command, which confuses matters a bit -- especially from an IGP control-plane perspective, but also in this loop-prevention rule, since the local 7K will handle the packets destined to the other's 7K MAC.
To complicate matters worse, the latest 5K release notes say to exclude-vlan for peer-gateway for your backup router vlan... still have to dive into that one.

VPC Peer-Link Failure

Hello,
In the case I have two N5k acting as a vPC peers and I lose the vPC peer-link between two of them, but I do not lose the vPC peer-keepalive link, what would happen when the vPC peer-link comes back again?
As I understand in the case of vPC peer-link failure all vPC member ports on the secondary N5k will be shut down. When the vPC peer-link comes back again what would happen?
I have read that in that case the vPC member ports will not come back automatically, but they will remain disabled until you do manual recovery. Is that really so?
Is there some way that we can automate the process upon recovery?
Thanks

The reload restore command has been removed/replaced and the new feature is
now called auto recovery. Auto recovery covers the use case that reload
restore addressed, plus more.
If both switches reload, and only one switch boots up, auto-recovery allows
that switch to assume the role of the primary switch. The vPC links come up
after a configurable period of time if the vPC peer-link and the
peer-keepalive fail to become operational within that time. If the peer-link
comes up but the peer-keepalive does not come up, both peer switches keep
the vPC links down. This feature is similar to the reload restore feature in
Cisco NX-OS Release 5.0(2)N1(1) and earlier releases. The reload delay
period can range from 240 to 3600 seconds.
When you disable vPCs on a secondary vPC switch because of a peer-link
failure and then the primary vPC switch fails, the secondary switch
reenables the vPCs. In this scenario, the vPC waits for three consecutive
keepalive failures before recovering the vPC links.
The vPC consistency check cannot be performed when the peer link is lost.
When the vPC peer link is lost, the operational secondary switch suspends
all of its vPC member ports while the vPC member ports remain on the
operational primary switch. If the vPC member ports on the primary switch
flaps afterwards (for example, when the switch or server that connects to
the vPC primary switch is reloaded), the ports remain down due to the vPC
consistency check and you cannot add or bring up more vPCs.
For more information, please refer to the Operations Guide: As a best practice,
auto-recovery should be enabled in vPC.
HTH,
Alex

VPC Peer Link

What is the function of the VPC peer-link? Should be the composite of all VPC links that are dual homed between switches?
In this diagram, is it necessary to have 8 x 10G links as shown above. The links conecting the 7Ks to the 5Ks are VPC links.

ok, so as I read your reply I would like to confirm the following:
Hosts which are not connected to the FEX via normally trunk or vPC which need to communicate to Hosts which are on a vPC these VLANs need to be trunked on the vPC peer link.
VLANs which communicate between devices which are not on the vPC is recommended to have a seperate link.
I now have an issue, where I have a Nexus 1000v deployed in vmware which we are using L3. The control (same requirements for vMotion VLAN) VLANs requires to be L2 and is trunked via the physical uplinks which also carry VLANs which have HSRP on the 5Ks.
As a port-channel from each hosts will terminate on each fex as part of a vPC, each will be carrying VLANs which only require L2 communication and some which have a gateway (HSRP).
For VLANs which carry only L2 information i.e. Control VLAN or vMotion VLAN, they are required to communicate with other hosts at this point if source packet arrives one Fex 1 which is connected to N5K1 and required to communicate to destination on Fex 2 which is linked to N5K2 it would need to transit via the two Nexus 5Ks, could this be achieved by the peer link or would I need a separate link carrying these VLANs in addition to them being carried over the vPC peer link?

Nexus 7K Core Layer VDC, does it require a VPC Peer Link

We are going to be using a pair of Cisco Nexus 7010s to act as both our data center aggregation layer and the core layer. We will accomplish this via two VDCs, one for the core layer and one for the aggregation layer.
I know that if we are doing VPCs between the access and aggregation layers that we need a VPC Per Link (and peer keep alive link) between the two aggregation layer contexts, but if the connection between the aggregation and the core is purely layer 3 (OSPF), then I don't think we need a VPC peer link between the two core VDCs, Am I correct?

You are on the right track
You will use VPC if you’re designing include L2 trunk infrastructure. Since your aggregating with L3 core there is no need to add vpc I think.
http://www.cisco.ws/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/DC-3_0_IPInfra.html
Thx,
Eric

Duplicate address across VPC peer-link on Nexus 7010

Just set up a VPC peer-link between two 7010 switches. The peer-link is a port-channel of two 10Gb connections. On both sides I'm seeing this in the log:
2010 Jan 5 04:27:34 CRMCN7K-1 %ARP-2-DUP_SRC_IP: arp [3069] Source address of packet received from 0024.f716.b341 on Vlan401(port-channel10) is duplicate of local, 10.180.0.17
and on the other
2010 Jan 5 04:23:39 CRMCN7K-2 %ARP-2-DUP_SRC_IP: arp [3052] Source address of packet received from 0024.f71f.a7c1 on Vlan401(port-channel10) is duplicate of local, 10.180.0.18
VLAN 401 is the only VLAN on them right now with a Layer 3 address. What am I missing? Everything looks correct. Port-Channel10 is up and running fine..or so it seems.

Hey Nashwj,
What version of NX-OS are you running?
Are the 7K in a stand alone environment (lab or similar) or connected to other production network devices?
Are both of the VLANs carried across the vPC peer link port-channel?
Are both of the VLANs carried across any vPC port-channel?
Do you have HSRP setup on the VLAN 401 interfaces on each of the 7Ks? If so, what are the real and vip IP addresses?
If you can either provide answers to the above or configuration snapshots of the vPC and SVI interfaces for your VLANs on each of the 7Ks a solution should be reachable.

Using 40GE ports for VPC Peer Link

Hi,
Is it possible to use the native 40GE ports on the N7K-M206FQ-23L module for the VPC Peer Link, or do you have to break these ports out into 10GE ? I have read that 10GE ports must be used for the VPC peer link.
Thanks in advance.

You can use 40GE ports for VPC peer-link. No need to break those to 10G.

VPC, VPC Peer-links and VDC

I have 2 7Ks and will run VPC and multiple VDCs.
Should it be a separete VPC Peer-link and keep-alive link per VDC?
I am not sure but I guess yes since a physical interface should be allocated to a VDC.
I just need confirmation.
thanks

Yes, if you are having 4 VDCs with vPC, you will need 4 separate vPC peer-links. VDC is a physical separation (even though it is the same box) and it cannot communicate across VDC.
HTH,
jerry

VPC Peer-Link In Different VPC/Portchannel

Hi all,
Can we make 2 different port-channel as vpc peer-link.
Example:
interface port-channel 10
vpc peer-link
interface port-channel 20
vpc peer-link
Is this working as vpc peer-link

I have an issue with mac-table full in F1 linecard..Just got idea to do like the title, situation as below:
Vlan : 1 until 4000
interface : 4 x 10G
I want to separate the Vlan into 2 group:
1) 1-2000
2) 2001-4000
This link is for VPC peer-link.
I will create 2 VPC group and combine it as 1 peer-link.
Can be done?

VPC peer-link on N7k's 1Gig link?

We are in process of setting up vPC peer between 2 N7ks over a 1Gig link, has anybody done this before? Couldn't find any documents in cisco site which talks about this. All of the documents points to setting up using 10G links.
Cheers
Raja

Hello Raja,
The vPC peer link must be 10Gb Ethernet otherwise it will not form. It is also mentioned here.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/interfaces/configuration/guide/if_nxos/if_vPC.html
https://books.google.co.uk/books?id=o3jeY1SwOYcC&pg=PA114&lpg=PA114&dq=peer+link+must+be+10&source=bl&ots=cZSAvLRMto&sig=YviMepi0thKtqUA2P2n3r2JkWnc&hl=en&sa=X&ei=-GauVNXwIs_waMzcgvAG&ved=0CFQQ6AEwCQ#v=onepage&q=peer%20link%20must%20be%2010&f=false
The vPC peer keep alive link by all means can be 1Gb.
HTH
Bilal

Using SNMP is it possible to find the vPC peer link of a Nexus 5K?

I'm trying to use SNMP to get the Peer Link pair...

hi,
You can include 0calyear characteristic before the structure in the column and set it to no display and show result row.
regards,
Arvind.

If I add a vlan to a vpc peer link does this cause an outage?

We have 2 Nexus 5548's. We have a trunked peer link between with only certain vlan's between them. My understanding is that if we change that and add a vlan to the peer link trunk it will cause a brief outage. Am I wrong in my understanding?

We have 2 Nexus 5548's. We have a trunked peer link between with only certain vlan's between them. My understanding is that if we change that and add a vlan to the peer link trunk it will cause a brief outage. Am I wrong in my understanding?

Bug between JRockit and X11 forwarding via ssh

I have encountered what appears to be a bug in the interaction of JRockit with X11 ssh forwarding.
When running any Java GUI application on a remote machine using X11 forwarding via ssh, a variety of problems occur. For example:
--- cut here ---
% mitrion-ide
The program '' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAtom (invalid Atom parameter)'.
(Details: serial 189 error_code 5 request_code 20 minor_code 0)
(Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
--- cut here ---That's the good case. When running the rmmlite application (available at https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 ), I experience what appears to be a near-lockup of my local workstation.
Neither of these problems occur if I set my DISPLAY to not use ssh X11 forwarding. Likewise, non-Java applications work just fine with ssh X11 forwarding. Therefore the problem seems to be limited to the Java + ssh X11 forwarding combination.
I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh X11 forwarding), but I thought this was worth bringing to BEA's attention. I'd also be curious to know if others have run into similar difficulties.
Here are the configuration details:
Remote X11 client (where applications are hosted)
=================================================
% java -version
java version "1.4.2_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32, compiled mode)
% uname -a
Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 athlon i386 GNU/Linux
% rpm -qa | grep openssh-server
openssh-server-3.9p1-8.RHEL4.12
This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other versions of Java removed.
Local workstation (i.e. X11 server)
===================================
% uname -a
FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15 08:41:01 CST 2007 [email protected]:/usr/obj/usr/src/sys/somewhere i386
% ssh -v
OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
% pkg_info -Ix xorg-server
xorg-server-6.9.0_3 X.Org X server and related programs
Thank you,
Brent Casavant

Brent,
it would be nice to know if this problem is specific to the JRockit JDK or
if you also can reproduce it using the corresponding Sun JDK 1.4.2. Please
do also try with a later version such as latest JRockit JDK 5.0.
Thanks
/Robert
<Brent Casavant> wrote in message news:[email protected]...
I have encountered what appears to be a bug in the interaction of JRockit
with X11 ssh forwarding.
When running any Java GUI application on a remote machine using X11
forwarding via ssh, a variety of problems occur. For example:
--- cut here ---
% mitrion-ide
The program '' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAtom (invalid Atom parameter)'.
(Details: serial 189 error_code 5 request_code 20 minor_code 0)
(Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)
--- cut here ---That's the good case. When running the rmmlite application (available at
https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 )
, I experience what appears to be a near-lockup of my local workstation.
Neither of these problems occur if I set my DISPLAY to not use ssh X11
forwarding. Likewise, non-Java applications work just fine with ssh X11
forwarding. Therefore the problem seems to be limited to the Java + ssh X11
forwarding combination.
I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh
X11 forwarding), but I thought this was worth bringing to BEA's attention.
I'd also be curious to know if others have run into similar difficulties.
Here are the configuration details:
Remote X11 client (where applications are hosted)
=================================================
% java -version
java version "1.4.2_12"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32,
compiled mode)
% uname -a
Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686
athlon i386 GNU/Linux
% rpm -qa | grep openssh-server
openssh-server-3.9p1-8.RHEL4.12
This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other
versions of Java removed.
Local workstation (i.e. X11 server)
===================================
% uname -a
FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15
08:41:01 CST 2007
[email protected]:/usr/obj/usr/src/sys/somewhere i386
% ssh -v
OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
% pkg_info -Ix xorg-server
xorg-server-6.9.0_3 X.Org X server and related programs
Thank you,
Brent Casavant

(*) - local vPC is down, forwarding via vPC peer-link

Similar Messages

Maybe you are looking for