(*) - local vPC is down, forwarding via vPC peer-link

Hello 
Local VPC status down what is the issue-----
status - 
 show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
vPC domain id                     : 1
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : secondary
Number of vPCs configured         : 2
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)
vPC Peer-link status
id   Port   Status Active vlans
1    Po1    up     1,150
vPC status
id     Port        Status Consistency Reason                     Active vlans
10     Po10        down*  success     success                    -
20     Po20        down*  success     success                    -
# show port-channel summary
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        S - Switched    R - Routed
        U - Up (port-channel)
        M - Not in use. Min-links not met
Group Port-       Type     Protocol  Member Ports
      Channel
1     Po1(SU)     Eth      LACP      Eth1/1(P)    Eth1/2(P)
10    Po10(SD)    Eth      LACP      Eth1/47(I)
20    Po20(SD)    Eth      LACP      Eth1/48(I)

Hi,
What is Portchannel 10 and 20 for?  They are both down.
Can you post the config from both switches?
HTH

Similar Messages

  • Vpc peer-link forwarding behavior

    Hey,
    In this cisco doc (http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf ) I come across this statement:
    One of the most important forwarding rules of vPC is the fact that a frame that entered the vPC peer switch from the peer link cannot exit the switch out of a vPC member port (except if this is coming from an orphaned port).
    This makes perfect sense up to the "except if this is coming from an orphaned port". I can't seem to figure out why traffic sourced from an orphaned port (ie, "from" an orphaned port) and ulimately destined to a vPC member port is allowed -- since it should be sent out the local vPC member port and not across the peer link.
    Would make more sense to me if it said "destined to an orphaned port", so of course it would have to cross the peer-link.
    Can anyone shed some light on this exception to the rule?
    Thanks!

    Thanks Chad!
    Kept racking my brain on that one, and the only time it would make any sense (ie, I was trying to fit a square peg in a round hole), is if you have IGP peering to each 7K from an orphan port (ex, FW), the IGP ECMP hashes a packet to the far-end 7K, and then the traffic sent to the directly attached 7K must be sent across the vpc-peerlink -- and in theory shouldn't be dropped. This is, of course, until you add peer-gateway command, which confuses matters a bit -- especially from an IGP control-plane perspective, but also in this loop-prevention rule, since the local 7K will handle the packets destined to the other's 7K MAC.
    To complicate matters worse, the latest 5K release notes say to exclude-vlan for peer-gateway for your backup router vlan... still have to dive into that one.

  • Vpc bind-vrf on Nexus 7000/N7k to ensure forwarding of multicast traffic over peer-link?

    In previous vPC setups with N5k (or also N6k), I had to use the 'vpc bind-vrf' command to ensure the forwarding of multicast over the vpc peer-link, especially for receivers in in non-vPC VLANs and the receivers connected to Layer 3 interfaces.
    I am wondering why this command isn't available on N7k? Isn't this necessary on this platform or is it just not yet implemented?
    Any hint is welcome!
    Stephan Strack

    Hey Stephan,
    The 'vpc bind-vrf' command allocates a special internal VLAN for routing traffic over the vPC peer-link to ensure L3 connections on the vPC peer or orphan ports successfully receive multicast traffic on N5k/N6k platforms.  This workaround is not needed on the N7K because that platform implements the vPC loop prevention rule differently in hardware.
    In short, 'vpc bind-vrf' is not required on N7K.
    -Andy

  • Can some explain vpc peer-link vlan issues for me?

                       I remove vlan from vpn peer-link , the vpc is gonna down.
                      I know this is design ,but why.
    thank you!
    Tom

    Thanks Chad!
    Kept racking my brain on that one, and the only time it would make any sense (ie, I was trying to fit a square peg in a round hole), is if you have IGP peering to each 7K from an orphan port (ex, FW), the IGP ECMP hashes a packet to the far-end 7K, and then the traffic sent to the directly attached 7K must be sent across the vpc-peerlink -- and in theory shouldn't be dropped. This is, of course, until you add peer-gateway command, which confuses matters a bit -- especially from an IGP control-plane perspective, but also in this loop-prevention rule, since the local 7K will handle the packets destined to the other's 7K MAC.
    To complicate matters worse, the latest 5K release notes say to exclude-vlan for peer-gateway for your backup router vlan... still have to dive into that one.

  • VPC Peer-Link Failure

    Hello,
    In the case I have two N5k acting as a vPC peers and I lose the vPC peer-link between two of them, but I do not lose the vPC peer-keepalive link, what would happen when the vPC peer-link comes back again?
    As I understand in the case of vPC peer-link failure all vPC member ports on the secondary N5k will be shut down. When the vPC peer-link comes back again what would happen?
    I have read that in that case the vPC member ports will not come back automatically, but they will remain disabled until you do manual recovery. Is that really so?
    Is there some way that we can automate the process upon recovery?
    Thanks

    The reload restore command has been removed/replaced and the new feature is
    now called auto recovery. Auto recovery covers the use case that reload
    restore addressed, plus more.
    If both switches reload, and only one switch boots up, auto-recovery allows
    that switch to assume the role of the primary switch. The vPC links come up
    after a configurable period of time if the vPC peer-link and the
    peer-keepalive fail to become operational within that time. If the peer-link
    comes up but the peer-keepalive does not come up, both peer switches keep
    the vPC links down. This feature is similar to the reload restore feature in
    Cisco NX-OS Release 5.0(2)N1(1) and earlier releases. The reload delay
    period can range from 240 to 3600 seconds.
    When you disable vPCs on a secondary vPC switch because of a peer-link
    failure and then the primary vPC switch fails, the secondary switch
    reenables the vPCs. In this scenario, the vPC waits for three consecutive
    keepalive failures before recovering the vPC links.
    The vPC consistency check cannot be performed when the peer link is lost.
    When the vPC peer link is lost, the operational secondary switch suspends
    all of its vPC member ports while the vPC member ports remain on the
    operational primary switch. If the vPC member ports on the primary switch
    flaps afterwards (for example, when the switch or server that connects to
    the vPC primary switch is reloaded), the ports remain down due to the vPC
    consistency check and you cannot add or bring up more vPCs.
    For more information, please refer to the Operations Guide: As a best practice,
    auto-recovery should be enabled in vPC.
    HTH,
    Alex

  • VPC Peer Link

    What is the function of the VPC peer-link? Should be the composite of all VPC links that are dual homed between switches?
    In this diagram, is it necessary to have 8 x 10G links as shown above. The links conecting the 7Ks to the 5Ks are VPC links.

    ok, so as I read your reply I would like to confirm the following:
    Hosts which are not connected to the FEX via normally trunk or vPC which need to communicate to Hosts which are on a vPC these VLANs need to be trunked on the vPC peer link.
    VLANs which communicate between devices which are not on the vPC is recommended to have a seperate link. 
    I now have an issue, where I have a Nexus 1000v deployed in vmware which we are using L3. The control (same requirements for vMotion VLAN) VLANs requires to be L2 and is trunked via the physical uplinks which also carry VLANs which have HSRP on the 5Ks. 
    As a port-channel from each hosts will terminate on each fex as part of a vPC, each will be carrying VLANs which only require L2 communication and some which have a gateway (HSRP).
    For VLANs which carry only L2 information i.e. Control VLAN or vMotion VLAN, they are required to communicate with other hosts at this point if source packet arrives one Fex 1 which is connected to N5K1 and required to communicate to destination on Fex 2 which is linked to N5K2 it would need to transit via the two Nexus 5Ks, could this be achieved by the peer link or would I need a separate link carrying these VLANs in addition to them being carried over the vPC peer link?

  • Nexus 7K Core Layer VDC, does it require a VPC Peer Link

    We are going to be using a pair of Cisco Nexus 7010s to act as both our data center aggregation layer and the core layer. We will accomplish this via two VDCs, one for the core layer and one for the aggregation layer.
    I know that if we are doing VPCs between the access and aggregation layers that we need a VPC Per Link (and peer keep alive link) between the two aggregation layer contexts, but if the connection between the aggregation and the core is purely layer 3 (OSPF), then I don't think we need a VPC peer link between the two core VDCs, Am I correct?

    You are on the right track
    You will use VPC if you’re designing include L2 trunk infrastructure. Since your aggregating with L3 core there is no need to add vpc I think.
    http://www.cisco.ws/en/US/docs/solutions/Enterprise/Data_Center/DC_3_0/DC-3_0_IPInfra.html
    Thx,
    Eric

  • Duplicate address across VPC peer-link on Nexus 7010

    Just set up a VPC peer-link between two 7010 switches.  The peer-link is a port-channel of two 10Gb connections.  On both sides I'm seeing this in the log:
    2010 Jan  5 04:27:34 CRMCN7K-1 %ARP-2-DUP_SRC_IP:  arp [3069]  Source address of packet received from 0024.f716.b341 on Vlan401(port-channel10) is duplicate of local, 10.180.0.17
    and on the other
    2010 Jan  5 04:23:39 CRMCN7K-2 %ARP-2-DUP_SRC_IP:  arp [3052]  Source address of packet received from 0024.f71f.a7c1 on Vlan401(port-channel10) is duplicate of local, 10.180.0.18
    VLAN 401 is the only VLAN on them right now with a Layer 3 address.  What am I missing?  Everything looks correct.  Port-Channel10 is up and running fine..or so it seems.

    Hey Nashwj,
    What version of NX-OS are you running?
    Are the 7K in a stand alone environment (lab or similar) or connected to other production network devices?
    Are both of the VLANs carried across the vPC peer link port-channel?
    Are both of the VLANs carried across any vPC port-channel?
    Do you have HSRP setup on the VLAN 401 interfaces on each of the 7Ks?  If so, what are the real and vip IP addresses?
    If you can either provide answers to the above or configuration snapshots of the vPC and SVI interfaces for your VLANs on each of the 7Ks a solution should be reachable.

  • Using 40GE ports for VPC Peer Link

    Hi,
    Is it possible to use the native 40GE ports on the N7K-M206FQ-23L module for the VPC Peer Link, or do you have to break these ports out into 10GE ? I have read that 10GE ports must be used for the VPC peer link.
    Thanks in advance.

    You can use 40GE ports for VPC peer-link. No need to break those to 10G.

  • VPC, VPC Peer-links and VDC

    I have 2 7Ks and will run VPC and multiple VDCs.
    Should it be a separete VPC Peer-link and keep-alive link per VDC?
    I am not sure but I guess yes since a physical interface should be allocated to a VDC.
    I just need confirmation.
    thanks

    Yes, if you are having 4 VDCs with vPC, you will need 4 separate vPC peer-links. VDC is a physical separation (even though it is the same box) and it cannot communicate across VDC.
    HTH,
    jerry

  • VPC Peer-Link In Different VPC/Portchannel

    Hi all,
    Can we make 2 different port-channel as vpc peer-link.
    Example:
    interface port-channel 10
    vpc peer-link
    interface port-channel 20
    vpc peer-link
    Is this working as vpc peer-link

    I have an issue with mac-table full in F1 linecard..Just got idea to do like the title, situation as below:
    Vlan : 1 until 4000
    interface : 4 x 10G
    I want to separate the Vlan into 2 group:
    1) 1-2000
    2) 2001-4000
    This link is for VPC peer-link.
    I will create 2 VPC group and combine it as 1 peer-link.
    Can be done?

  • VPC peer-link on N7k's 1Gig link?

    We are in process of setting up vPC peer between 2 N7ks over a 1Gig link, has anybody done this before? Couldn't find any documents in cisco site which talks about this. All of the documents points to setting up using 10G links.
    Cheers
    Raja

    Hello Raja,
    The vPC peer link must be 10Gb Ethernet otherwise it will not form. It is also mentioned here. 
    http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/interfaces/configuration/guide/if_nxos/if_vPC.html
    https://books.google.co.uk/books?id=o3jeY1SwOYcC&pg=PA114&lpg=PA114&dq=peer+link+must+be+10&source=bl&ots=cZSAvLRMto&sig=YviMepi0thKtqUA2P2n3r2JkWnc&hl=en&sa=X&ei=-GauVNXwIs_waMzcgvAG&ved=0CFQQ6AEwCQ#v=onepage&q=peer%20link%20must%20be%2010&f=false
    The vPC peer keep alive link by all means can be 1Gb.
    HTH
    Bilal

  • Using SNMP is it possible to find the vPC peer link of a Nexus 5K?

    I'm trying to use SNMP to get the Peer Link pair...

    hi,
    You can include 0calyear characteristic before the structure in the column and set it to no display and show result row.
    regards,
    Arvind.

  • If I add a vlan to a vpc peer link does this cause an outage?

    We have 2 Nexus 5548's. We have a trunked peer link between with only certain vlan's between them. My understanding is that if we change that and add a vlan to the peer link trunk it will cause a brief outage. Am I wrong in my understanding?

    We have 2 Nexus 5548's. We have a trunked peer link between with only certain vlan's between them. My understanding is that if we change that and add a vlan to the peer link trunk it will cause a brief outage. Am I wrong in my understanding?

  • Bug between JRockit and X11 forwarding via ssh

    I have encountered what appears to be a bug in the interaction of JRockit with X11 ssh forwarding.
    When running any Java GUI application on a remote machine using X11 forwarding via ssh, a variety of problems occur. For example:
    --- cut here ---
    % mitrion-ide
    The program '' received an X Window System error.
    This probably reflects a bug in the program.
    The error was 'BadAtom (invalid Atom parameter)'.
      (Details: serial 189 error_code 5 request_code 20 minor_code 0)
      (Note to programmers: normally, X errors are reported asynchronously;
       that is, you will receive the error a while after causing it.
       To debug your program, run it with the --sync command line
       option to change this behavior. You can then get a meaningful
       backtrace from your debugger if you break on the gdk_x_error() function.)
    --- cut here ---That's the good case. When running the rmmlite application (available at https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 ), I experience what appears to be a near-lockup of my local workstation.
    Neither of these problems occur if I set my DISPLAY to not use ssh X11 forwarding. Likewise, non-Java applications work just fine with ssh X11 forwarding. Therefore the problem seems to be limited to the Java + ssh X11 forwarding combination.
    I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh X11 forwarding), but I thought this was worth bringing to BEA's attention. I'd also be curious to know if others have run into similar difficulties.
    Here are the configuration details:
    Remote X11 client (where applications are hosted)
    =================================================
    % java -version
    java version "1.4.2_12"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
    BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32, compiled mode)
    % uname -a
    Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686 athlon i386 GNU/Linux
    % rpm -qa | grep openssh-server
    openssh-server-3.9p1-8.RHEL4.12
    This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other versions of Java removed.
    Local workstation (i.e. X11 server)
    ===================================
    % uname -a
    FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15 08:41:01 CST 2007 [email protected]:/usr/obj/usr/src/sys/somewhere i386
    % ssh -v
    OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
    % pkg_info -Ix xorg-server
    xorg-server-6.9.0_3 X.Org X server and related programs
    Thank you,
    Brent Casavant

    Brent,
    it would be nice to know if this problem is specific to the JRockit JDK or
    if you also can reproduce it using the corresponding Sun JDK 1.4.2. Please
    do also try with a later version such as latest JRockit JDK 5.0.
    Thanks
    /Robert
    <Brent Casavant> wrote in message news:[email protected]...
    I have encountered what appears to be a bug in the interaction of JRockit
    with X11 ssh forwarding.
    When running any Java GUI application on a remote machine using X11
    forwarding via ssh, a variety of problems occur. For example:
    --- cut here ---
    % mitrion-ide
    The program '' received an X Window System error.
    This probably reflects a bug in the program.
    The error was 'BadAtom (invalid Atom parameter)'.
      (Details: serial 189 error_code 5 request_code 20 minor_code 0)
      (Note to programmers: normally, X errors are reported asynchronously;
       that is, you will receive the error a while after causing it.
       To debug your program, run it with the --sync command line
       option to change this behavior. You can then get a meaningful
       backtrace from your debugger if you break on the gdk_x_error() function.)
    --- cut here ---That's the good case. When running the rmmlite application (available at
    https://rmml.dev.java.net/servlets/ProjectDocumentList?folderID=437&expandFolder=437&folderID=438 )
    , I experience what appears to be a near-lockup of my local workstation.
    Neither of these problems occur if I set my DISPLAY to not use ssh X11
    forwarding. Likewise, non-Java applications work just fine with ssh X11
    forwarding. Therefore the problem seems to be limited to the Java + ssh X11
    forwarding combination.
    I have a suitable workaround (i.e. setting the DISPLAY variable to avoid ssh
    X11 forwarding), but I thought this was worth bringing to BEA's attention.
    I'd also be curious to know if others have run into similar difficulties.
    Here are the configuration details:
    Remote X11 client (where applications are hosted)
    =================================================
    % java -version
    java version "1.4.2_12"
    Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03)
    BEA JRockit(R) (build R27.1.0-109-73164-1.4.2_12-20061129-1418-linux-ia32,
    compiled mode)
    % uname -a
    Linux earthling 2.6.9-34.ELsmp #1 SMP Fri Feb 24 16:54:53 EST 2006 i686
    athlon i386 GNU/Linux
    % rpm -qa | grep openssh-server
    openssh-server-3.9p1-8.RHEL4.12
    This is a vanilla RedHat Linux RHEL 4 Update 3 system, with all other
    versions of Java removed.
    Local workstation (i.e. X11 server)
    ===================================
    % uname -a
    FreeBSD somewhere.sgi.com 6.2-RELEASE FreeBSD 6.2-RELEASE #5: Mon Jan 15
    08:41:01 CST 2007
    [email protected]:/usr/obj/usr/src/sys/somewhere i386
    % ssh -v
    OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 25 Oct 2004
    % pkg_info -Ix xorg-server
    xorg-server-6.9.0_3 X.Org X server and related programs
    Thank you,
    Brent Casavant

Maybe you are looking for

  • Error during creation of Local Vendors in SRM

    Hi I am trying to create a Local Vendor in SRM using "Manage Business Partner" option through browser. After giving in all the details when I save the vendor the system creates a Business Partner ID (BPXXXXXXXXXXXX) but doesn't create a Business Part

  • What do I need to do to make a our website currently running on a WINDOWS based server to a Linux Se

    Will dreamweaver convert my site to work on LINUX servers..? All my pages are .asp.

  • Field symbols - casting error

    Hi,    I created a table dynamically and assigned it to field symbol. Now i want to write the contents of the internal table to a flat file in app server. Here is what i am doing. parameters: p_table(30) type c default 'PA0008',             p_file LI

  • Non nte5 issue

    I have a non nte5 at my warehouse my router (HH4) is connected in one office(a) with a filter and a phone and in another office(b) i have a another phone connected to the other socket via filter. whenever i remove the adsl filter from the socket in o

  • Old Software, New Computer

    I'm thinking of buying the new iMac 27" quad core. Can I use my AppleWorks software with the new machine? I use the AW drawing program a lot! I have two external HDs and back up with Retrospect onto one, put photos on the other. Will Retrospect work