MST / vPC / peer-switch
Hello,
There are two N7Ks connected with peer-link (Po1). There will be some other L2 switches connected to those N7Ks with vPC. Also, there is a separate, dedicated L2 link (Po9) between N7Ks to carry VLANs for orphan ports connected on both N7Ks. Here is configuration:
N7K-1:
spanning-tree mst configuration
name test
revision 3
instance 1 vlan 1-9,12-14,16-1005
instance 2 vlan 10,11,15
spanning-tree mode mst
spanning-tree mst 0-2 priority 4096
spanning-tree pseudo-information
mst 0-2 designated priority 4096
mst 0-2 root priority 4096
vpc domain 1
peer-keepalive destination 1.1.1.2 source 1.1.1.1 vrf peer-keepalive
system-priority 1000
role priority 1
auto-recovery reload-delay 240
peer-gateway
peer-switch
graceful consistency-check
ip arp synchronize
delay restore 30
delay restore interface-vlan 40
interface port-channel 1
vpc peer-link
switchport trunk allowed vlan remove 10,11,15
interface port-channel 9
switchport trunk allowed vlan 10,11,15
spanning-tree mst 2 cost 100
N7K-2:
spanning-tree mst configuration
name test
revision 3
instance 1 vlan 1-9,12-14,16-1005
instance 2 vlan 10,11,15
spanning-tree mode mst
spanning-tree mst 0-2 priority 4096
spanning-tree pseudo-information
mst 0-2 designated priority 8192
mst 0-2 root priority 8192
vpc domain 1
peer-keepalive destination 1.1.1.1 source 1.1.1.2 vrf peer-keepalive
system-priority 1000
role priority 1
auto-recovery reload-delay 240
peer-gateway
peer-switch
graceful consistency-check
ip arp synchronize
delay restore 30
delay restore interface-vlan 40
interface port-channel 1
vpc peer-link
switchport trunk allowed vlan remove 10,11,15
interface port-channel 9
switchport trunk allowed vlan 10,11,15
spanning-tree mst 2 cost 100
In theory, for vPC VLANs, that is those carried over peer-link, global STP configuration should be used. And, because peer-switch is used, both N7Ks will generate the same BPDU (the same Bridge ID with priority 4096), both becomming root. And, for other VLANs, carried over dedicated L2 link, the pseudo-information should be used. That is, N7K-1 should become root, and Po9 should be Designated. The N7K-2 should be backup root and Po9 should be Root port.
Unfortunately, it's not how it works. Maybe I am missing something, but BPDUs sent over dedicated L2 Po9 are exactly the same as for VPC VLANs. N7K-1 becomes root and its Po9 becomes Designated. But, N7K-2 is also a root, and since it sees the same BPDU as it generates by itself, it treats Po9 as an alternate way to itself and places that port in Alternate/Blocking state.
So, am I doing something wrong, or dedicated L2 link cannot co-exist with peer-link? I had no chance to test it, but it may work if I remove peer-switch feature (although it is recommended to have it)
Best regards,
Krzysztof
We have filed
CSCuc41076
vPC Peer Switch Hybrid Topology MST blocking in non vPC Peer Link
Similar Messages
-
Difference between vpc peer-switch and vpc+
Hi, I would like to understand the difference between vpc peer-switch when used in vpc and vpc+ when used in fabricapath when both are delivered to achieve the same thing i.e making the 2 nexus switches look like a 1 logical switch to an other device connected to it.
Hi,
vPC+ overcomes a problem we would have when connecting non FabricPath devices to the FabricPath cloud in a resilient way using port-channels.
If you look at the first diagram below, when Host A sends traffic to Host B, it can be sent over either link of the port-channel and so can take the path via either S100 or S200. The problem with this is that from the perspective of the MAC address table on S300, the MAC address of Host A would be constantly flap between being sourced from S100 and S200.
What happens with vPC+ is that S100 and S200 create an emulated switch that effectively becomes the point of connection of the port-channel interface. This is seen in the second diagram as S1000. Now when traffic is sent from Host A it is always seen as originating from S1000 so there's no longer any MAC flapping.
Hope that helps.
Regards -
Vpc peer-link forwarding behavior
Hey,
In this cisco doc (http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf ) I come across this statement:
One of the most important forwarding rules of vPC is the fact that a frame that entered the vPC peer switch from the peer link cannot exit the switch out of a vPC member port (except if this is coming from an orphaned port).
This makes perfect sense up to the "except if this is coming from an orphaned port". I can't seem to figure out why traffic sourced from an orphaned port (ie, "from" an orphaned port) and ulimately destined to a vPC member port is allowed -- since it should be sent out the local vPC member port and not across the peer link.
Would make more sense to me if it said "destined to an orphaned port", so of course it would have to cross the peer-link.
Can anyone shed some light on this exception to the rule?
Thanks!Thanks Chad!
Kept racking my brain on that one, and the only time it would make any sense (ie, I was trying to fit a square peg in a round hole), is if you have IGP peering to each 7K from an orphan port (ex, FW), the IGP ECMP hashes a packet to the far-end 7K, and then the traffic sent to the directly attached 7K must be sent across the vpc-peerlink -- and in theory shouldn't be dropped. This is, of course, until you add peer-gateway command, which confuses matters a bit -- especially from an IGP control-plane perspective, but also in this loop-prevention rule, since the local 7K will handle the packets destined to the other's 7K MAC.
To complicate matters worse, the latest 5K release notes say to exclude-vlan for peer-gateway for your backup router vlan... still have to dive into that one. -
Peer-Switch with vPC and non-vPC Vlan Port-Channels
Hi,
in a design guide i have noticed that it is best practice to split vPC and non-vPC vlans on different inter-switch port-channels. Now, if i want to use the Peer-Switch function, but the port-channel interface of the non-vPC-vlan channel moves into blocking state. The option spanning-tree pseudo-information has no influence. Is peer-switch possible in my kind of topology?
Greeting,
StephanI believe absolutly possible. specifically coz peer-switch and spt pseudo-info are specific and local to cisco fabric services running as part of vpc technology. Personally me has lab with vpc-domain compounded of 2 N5Ks. They are peer-switches with spt-pseudoinfo and they have MST running on non VPC links independantly from vpc.
-
"Peer-switch" command on vPC domain and spanning-tree priority interaction
Hi guy,
We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
>>sh spanning-tree vlan 10 detail
Port 65 (Port-channel1) of VLAN10 is root forwarding
Port path cost 3, Port priority 128, Port Identifier 128.65.
Designated root has priority 4106, address 0013.05ee.bac8
Designated bridge has priority 4106, address 0013.05ee.bac8
Designated port id is 144.2999, designated path cost 0
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 5, received 603
one sec later.
>>sh spanning-tree vlan 10 detail
Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
Configuration:
N7KA
spanning-tree vlan 1-10 priority 4096
vpc domain 200
peer-switch
N7KB
spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
vpc domain 200
peer-switchWe have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something? -
VPC - peer gateway and peer switch
I understand that we need to use peer gateway on a vPC pair when HSRP is running, but why do we use peer switch if the vPC pair is not the root or seconday root of the network? Does it matter they send out different BIDs? What would be the worst case scenario when not using peer switch?
If you read the vPC Best Practices Design Guide the peer-switch feature reduces convergence time as a result of a spanning-tree failure from 3 seconds to sub-second.
-
Trunking off a switch that is connected as a vPC peer
Hello,
Yesterday I ran into an issue in someones environment where they wanted to trunk a 2960 switch (Lets call it SwitchA) off of another 2960 (SwitchB) switch which was a vPC peer to a set of Nexus 5k's. When he did this, he noticed his phones were unable to communicate with the voice gateway. The same VLANs were allowed across the trunk from SwitchA to SwitchB and to the Nexus5K
When I moved SwitchA to its own port channel and vPC the voice traffic was able to communicate just fine. I am more concerned about this issue for learning/experience purposes. Has anyone run into a similar issue or know of a vPC rule that is preventing SwitchA from hanging off SwitchB? I have never seen a setup where someone wanted to do that when using vPC's but am still curious about that setup incase I run into it again in the future.
Thanks,Hey Madhu,
Thanks for your reply.
Yes, I was allowing the same VLAN over the peer-link also. If I wasnt then all the other IDF switches would of had downed phones. The odd thing also is when SwitchA was trunked to SwitchB desktops had connectivity but phones didnt. I then SSH'd into SwitchA and tried pinging the gateway for VLAN 120 (Voice VLAN) and was able to hit the gateway and the phone system, showing I had connectivity. For some reason though, the handsets just werent finding the router. -
Hi I have a question regarding peer-switch konfiguration on a vPC/vPC+ pair of N7K with vPC and non vPC attached switches
If I understood correctly with following configuration
for vPC attached switches (assuming the have default STP-prio) the vPC-bundle acts as one Switch with the priority of 4096
for STP non-VPC attached switches for VLAN1-1960 the N7K-A is the root-bridge and for VLAN 1961-3920 the N7K-B is the root-bridge,
N7K-A
vpc domain 20
peer-switch
role priority 1
spanning-tree pseudo-information
vlan 1-3920 root priority 4096
vlan 1-1960 designated priority 4096
vlan 1961-3920 designated priority 8192
N7K-B
vpc domain 20
peer-switch
role priority 2
spanning-tree pseudo-information
vlan 1-3920 root priority 4096
vlan 1-1960 designated priority 8192
vlan 1961-3920 designated priority 4096
Is that coorect so far ?
If yes then I have one outstandig question.
Do we need the global configuration for spanning-tree priority in this case?
spanning-tree vlan 1-3920 priority 4096
as we configure it in a pure vPC environment
N7K-A
spanning-tree vlan 1-3920 priority 4096
vpc domain 20
peer-switch
role priority 1
N7K-B
spanning-tree vlan 1-3920 priority 4096
vpc domain 20
peer-switch
role priority 2
Thanks
HubertHere is a description of the use of the Spanning-tree Pseudo-information and the Peer switch command on the Nexus 7000. Maybe this will help clarify some misunderstanding:
SETUP:
7K1 and 7K2 are vPC peers and have a higher priority than 7K3. So 7K1 and 7K2s ports to 7K3 will all be DESIGNATED.
7K3 is connected to both 7K1 and 7K2 using individual STP links.
7K4 is connected to both 7K1 and 7K2 in a vPC.
Common Points for all Scenarios:
If vPC fails for whatever reason; all links will revert to regular spanning-tree.
The root priority on 7K1 and 7K2 will be the vPC System-MAC (same on both) and the Designated priority will use the respective non-vPC System-MACs of 7k1 and 7K2
Even if the STP Priority is configured globally and lower, the Pseudo Root Priority and Designated Priorities are still used for STP calculations.
The STP Pseudo-information HACK:
Allows you to set a different root priority and different designated priority. To satisfy the requirement for the Peer switch command and still be able to perform VLAN load balancing for non-vPC dual connected links.
Root Priority: Used in Root Bridge Election
Designated Priority: Used in Designated Bridge Election
SCENARIO 1: Same STP Priority configured Globally with the Peer switch Enabled (Individual STP links)
The Root priority and Designated priority on 7K1 and 7K2 will be the same as the globally configured or default STP priority
One of the links to 7K1 and 7K2 becomes the "Root Port" and the other becomes "ALTN BLK"
Since they have the same Root Priority and the same vPC system MAC, the lower port will be selected as the root port.
SCENARIO 2: BOTH STP Pseudo-information Root and Designated Priorities Configured with Peer Switch Enabled (Individual STP links)
The Root priority may be different from the Designated Priority based on the STP Pseudo-information configuration.
VLAN traffic from 7K3 is load balanced between 7K1 and 7K2 based on the configured Pseudo-Designated Priority. So the Root port for a VLAN from 7K3 will be to the device with a lower Pseudo-Designated priority.
SCENARIO 3: ONLY STP Pseudo-information Root Priority Configured with Peer Switch Enabled (Individual STP links)
The Root priority and Designated Priority are the same as the Pseudo Root Priority.
No VLAN load balancing occurs
The Root port is the link to the vPC primary switch. The Link to the vPC Secondary is “ALTN BLK”.
SCENARIO 4: ONLY STP Pseudo-information Designated Priority Configured with Peer Switch Enabled (Individual STP links)
The Root priority will be the Globally configured or default STP Priority
The Designated priority will still be the Pseudo-Designated priority
VLAN load balancing will still occur.
SCENARIO 5: Same STP Priority configured Globally with the Peer switch Enabled (vPC links on 7K4)
The Root priority and Designated priority on 7K1 and 7K2 will be the same as the globally configured or default STP priority.
If the vPC Peer-link fails, the interface going to the secondary vPC device (7K2) will be shut DOWN.
SCENARIO 6: BOTH STP Pseudo-information Root and Designated Priorities Configured with Peer Switch Enabled (vPC links on 7K4)
The Root priority and Designated Priority are the same as the configured Pseudo-Root Priority.
If the vPC Peer-link fails, the interface going to the secondary vPC device (7K2) will be shut DOWN.
SCENARIO 7: ONLY STP Pseudo-information Root Priority Configured with Peer Switch Enabled (vPC links on 7K4)
The Root priority and Designated Priority are the same as the configured Pseudo-Root Priority.
If the vPC Peer-link fails, the interface going to the secondary vPC device (7K2) will be shut DOWN.
SCENARIO 8: ONLY STP Pseudo-information Designated Priority Configured with Peer Switch Enabled (vPC links on 7K4)
The Root priority and Designated priority on 7K1 and 7K2 will be the same as the globally configured or default STP priority.
If the vPC Peer-link fails, the interface going to the secondary vPC device (7K2) will be shut DOWN -
Timers on vPC peer-keepalive link
Hello,
I am confused about what 2 timer parameters (Keepalive Hold Timeout and Keepalive Timeout) are used for.
Below are the quotes, which are truely quite confusing, from Cisco official docs ( Design and Configuration Guide:
Best Practices for Virtual Port Channels (vPC) on Cisco Nexus 7000 Series Switches)
Keepalive Hold Timeout
This timer gets started once the vPC peer-link goes to down state. During this time period, the secondary vPC peer
device will ignore any peer-keepalive hello messages (or the lack of). This is to assure that network convergence
can happen before any action is taken.
Q1: Why vPC secenary device ignores ongoing keepalive message? As far as I know, secondary device does needs
these keepalive messages to determine subsequent actions (shut down all its vPC memeber port or enter split-brain scenario).
Q2: What kind of network convergence will happen here?
Keepalive Timeout
During this time period, the secondary vPC peer device will look for vPC peer-keepalive hello messages from the
primary vPC peer device. If a single hello is received, the secondary vPC peer concludes that there must be a dual
active scenario and therefore will disable all its vPC member ports (that is, all port-channels that carry the keyword
vpc).
Q1: When will this timer be triggered?
Q2: If a single Hello is received, why dual active scenario (also termed split-brain scenario) is determined?
Q3: Why all vPC member ports on secondary switch will be all disabled when dual active scenario is determined?
Thanks in advance for your help.Q1:keepalive holdtimeout
The difference between the hold-timeout and the timeout parameters is as follows:
During the hold-timeout, the vPC secondary device does not take any action based on any keepalive messages received, which prevents the system taking action when the keepalive might be received just temporarily, such as if a supervisor fails a few seconds after the peer link goes down
During the timeout, the vPC secondary device takes action to become the vPC primary device if no keepalive message is received by the end of the configured interval. -
VPC N5k Switch Failure causes connectivity disruption
Hello,
I have configured enhanced vPC on 2 n5k and B22 FEXs (vPC from 5k to B22, and vPC from B22 to blade servers).
Everything is running smoothly, except when I power off one of the 5k, the connectivity to the blade servers is lost, comes back up for a short while, loses connectivity again, and after a few minutes comes back up for good.
From the logs I can see that all the port-channels (peer-link, to the FEXs and port-channels to other switches in network) get in down state, then fizical interfaces start coming backup in fabric mode, then port-channels, see FEXs starting to get online then all the port-channels go down again and then whole thing starts again.(all of this is hapenig with one of the 5k powerd off, same thing hapens with promary and secondary vpc).
Connectivity is lost in the same way when the 5k is started again, but just once.
I am running NX OS version 5.2.1N1.3.
I have no idea what could cause this behavior.
Any help would be appreciated.
Regards,
BogdanHi Reza,
Below you can find my run-config.
version 5.2(1)N1(3)
feature fcoe
install feature-set virtualization
feature-set virtualization
logging level feature-mgr 0
hostname N5k_1
feature npiv
feature telnet
cfs eth distribute
feature udld
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp
feature fex
fex 107
pinning max-links 1
description "FEX0107"
fcoe
fex 108
pinning max-links 1
description "FEX0108"
slot 1
port 31-32 type fc
vpc domain 1
role priority 1000
peer-keepalive destination 1.1.1.2
auto-recovery
vsan database
vsan 50 name "VSAN_A"
fcdomain fcid database
interface port-channel100
description Po Synch N5k
switchport mode trunk
spanning-tree port type network
logging event port link-status
logging event port trunk-status
speed 10000
vpc peer-link
interface port-channel107
switchport mode fex-fabric
fex associate 107
vpc 107
interface port-channel108
switchport mode fex-fabric
fex associate 108
vpc 108
interface port-channel111
switchport mode trunk
interface vfc111
bind interface Ethernet107/1/1
no shutdown
vsan database
vsan 50 interface vfc111
vsan 50 interface fc1/31
vsan 50 interface fc1/32
interface fc1/31
no shutdown
interface fc1/32
no shutdown
interface Ethernet1/1
description Synch N5k
switchport mode trunk
logging event port link-status
logging event port trunk-status
udld aggressive
channel-group 100 mode active
interface Ethernet1/2
description Synch N5k
switchport mode trunk
logging event port link-status
logging event port trunk-status
udld aggressive
channel-group 100 mode active
interface Ethernet1/3
description Synch N5k
switchport mode trunk
logging event port link-status
logging event port trunk-status
udld aggressive
channel-group 100 mode active
interface Ethernet1/4
description Synch N5k
switchport mode trunk
logging event port link-status
logging event port trunk-status
udld aggressive
channel-group 100 mode active
interface Ethernet1/5
switchport mode fex-fabric
fex associate 107
channel-group 107
interface Ethernet1/6
switchport mode fex-fabric
fex associate 107
channel-group 107
interface Ethernet1/7
switchport mode fex-fabric
fex associate 108
channel-group 108
interface Ethernet1/8
switchport mode fex-fabric
fex associate 108
channel-group 108
interface Ethernet107/1/1
switchport mode trunk
channel-group 111 mode active
interface Ethernet108/1/1
switchport mode trunk
channel-group 111 mode active
version 5.2(1)N1(3)
feature fcoe
install feature-set virtualization
feature-set virtualization
logging level feature-mgr 0
hostname N5k_2
feature npiv
feature telnet
cfs eth distribute
feature udld
feature interface-vlan
feature lacp
feature vpc
feature lldp
feature vtp
feature fex
fex 107
pinning max-links 1
description "FEX0107"
fex 108
pinning max-links 1
description "FEX0108"
fcoe
slot 1
port 31-32 type fc
vpc domain 1
role priority 1000
peer-keepalive destination 1.1.1.1
auto-recovery
vsan database
vsan 51 name "VSAN_B"
fcdomain fcid database
interface port-channel100
description Po Synch N5k
switchport mode trunk
spanning-tree port type network
logging event port link-status
logging event port trunk-status
speed 10000
vpc peer-link
interface port-channel107
switchport mode fex-fabric
fex associate 107
vpc 107
interface port-channel108
switchport mode fex-fabric
fex associate 108
vpc 108
interface port-channel111
switchport mode trunk
interface vfc111
bind interface Ethernet108/1/1
no shutdown
vsan database
vsan 51 interface vfc111
vsan 51 interface fc1/31
vsan 51 interface fc1/32
interface fc1/31
no shutdown
interface fc1/32
no shutdown
interface Ethernet1/1
description Synch N5k
switchport mode trunk
logging event port link-status
logging event port trunk-status
udld aggressive
channel-group 100 mode active
interface Ethernet1/2
description Synch N5k
switchport mode trunk
logging event port link-status
logging event port trunk-status
udld aggressive
channel-group 100 mode active
interface Ethernet1/3
description Synch N5k
switchport mode trunk
logging event port link-status
logging event port trunk-status
udld aggressive
channel-group 100 mode active
interface Ethernet1/4
description Synch N5k
switchport mode trunk
logging event port link-status
logging event port trunk-status
udld aggressive
channel-group 100 mode active
interface Ethernet1/5
switchport mode fex-fabric
fex associate 107
channel-group 107
interface Ethernet1/6
switchport mode fex-fabric
fex associate 107
channel-group 107
interface Ethernet1/7
switchport mode fex-fabric
fex associate 108
channel-group 108
interface Ethernet1/8
switchport mode fex-fabric
fex associate 108
channel-group 108
interface Ethernet107/1/1
switchport mode trunk
channel-group 111 mode active
interface Ethernet108/1/1
switchport mode trunk
channel-group 111 mode active -
Hello,
In the case I have two N5k acting as a vPC peers and I lose the vPC peer-link between two of them, but I do not lose the vPC peer-keepalive link, what would happen when the vPC peer-link comes back again?
As I understand in the case of vPC peer-link failure all vPC member ports on the secondary N5k will be shut down. When the vPC peer-link comes back again what would happen?
I have read that in that case the vPC member ports will not come back automatically, but they will remain disabled until you do manual recovery. Is that really so?
Is there some way that we can automate the process upon recovery?
ThanksThe reload restore command has been removed/replaced and the new feature is
now called auto recovery. Auto recovery covers the use case that reload
restore addressed, plus more.
If both switches reload, and only one switch boots up, auto-recovery allows
that switch to assume the role of the primary switch. The vPC links come up
after a configurable period of time if the vPC peer-link and the
peer-keepalive fail to become operational within that time. If the peer-link
comes up but the peer-keepalive does not come up, both peer switches keep
the vPC links down. This feature is similar to the reload restore feature in
Cisco NX-OS Release 5.0(2)N1(1) and earlier releases. The reload delay
period can range from 240 to 3600 seconds.
When you disable vPCs on a secondary vPC switch because of a peer-link
failure and then the primary vPC switch fails, the secondary switch
reenables the vPCs. In this scenario, the vPC waits for three consecutive
keepalive failures before recovering the vPC links.
The vPC consistency check cannot be performed when the peer link is lost.
When the vPC peer link is lost, the operational secondary switch suspends
all of its vPC member ports while the vPC member ports remain on the
operational primary switch. If the vPC member ports on the primary switch
flaps afterwards (for example, when the switch or server that connects to
the vPC primary switch is reloaded), the ports remain down due to the vPC
consistency check and you cannot add or bring up more vPCs.
For more information, please refer to the Operations Guide: As a best practice,
auto-recovery should be enabled in vPC.
HTH,
Alex -
What is the function of the VPC peer-link? Should be the composite of all VPC links that are dual homed between switches?
In this diagram, is it necessary to have 8 x 10G links as shown above. The links conecting the 7Ks to the 5Ks are VPC links.ok, so as I read your reply I would like to confirm the following:
Hosts which are not connected to the FEX via normally trunk or vPC which need to communicate to Hosts which are on a vPC these VLANs need to be trunked on the vPC peer link.
VLANs which communicate between devices which are not on the vPC is recommended to have a seperate link.
I now have an issue, where I have a Nexus 1000v deployed in vmware which we are using L3. The control (same requirements for vMotion VLAN) VLANs requires to be L2 and is trunked via the physical uplinks which also carry VLANs which have HSRP on the 5Ks.
As a port-channel from each hosts will terminate on each fex as part of a vPC, each will be carrying VLANs which only require L2 communication and some which have a gateway (HSRP).
For VLANs which carry only L2 information i.e. Control VLAN or vMotion VLAN, they are required to communicate with other hosts at this point if source packet arrives one Fex 1 which is connected to N5K1 and required to communicate to destination on Fex 2 which is linked to N5K2 it would need to transit via the two Nexus 5Ks, could this be achieved by the peer link or would I need a separate link carrying these VLANs in addition to them being carried over the vPC peer link? -
VPC peer-link on N7k's 1Gig link?
We are in process of setting up vPC peer between 2 N7ks over a 1Gig link, has anybody done this before? Couldn't find any documents in cisco site which talks about this. All of the documents points to setting up using 10G links.
Cheers
RajaHello Raja,
The vPC peer link must be 10Gb Ethernet otherwise it will not form. It is also mentioned here.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/interfaces/configuration/guide/if_nxos/if_vPC.html
https://books.google.co.uk/books?id=o3jeY1SwOYcC&pg=PA114&lpg=PA114&dq=peer+link+must+be+10&source=bl&ots=cZSAvLRMto&sig=YviMepi0thKtqUA2P2n3r2JkWnc&hl=en&sa=X&ei=-GauVNXwIs_waMzcgvAG&ved=0CFQQ6AEwCQ#v=onepage&q=peer%20link%20must%20be%2010&f=false
The vPC peer keep alive link by all means can be 1Gb.
HTH
Bilal -
Peer switch feature for L2 legacy switch
Hi,
Please i'm looking for the practical usage of peer-switch feature enable on both NX5K parent switch specialy when we have a mixed access layer build with FEXs and L2 LAN switch uplinked with LACP etherchannel.
Is there any recommendation when we use the peer-switch and peer-gateway on the both NX5K parent switch performing L3/FRHP with HSRP and L2 root bridge role for the Legacy LAN.
Thanks.Greets,
That is a really well thought out question, took me a couple of reads to realise what you were asking.
Both switches generate BPDUs with the same Priority/MAC for vPC interfaces, however the behaviour is not the same on non-vPC interfaces. The reason is pretty simple, the edge switch WILL block one of the two links, if it has to come down to Port ID as the descriminator it will happily do so. So if both switches send identical BPDUs, the one with the lowest port ID will always end up being the root, while the second port is blocking. If this behaviour is replicated for all VLANs, you have one link taking all traffic from the edge switch.
To avoid this we have a concept of "psuedo information" that means on vPC interfaces we advertise the same priority, however on non-vPC interfaces we can advertise two different priorities (on a per instance/VLAN basis). So you can have the link to SW1 being the root for VLAN X, while SW2 the root for VLAN Y. So while peer-switch provides additional flexibility to load balance per STP instance over the two links, it will not really help you in this failure scenario.
The problem with having your host dual homed but using standalone links, is from a logical perspective it is still an orphan port (as we will always block on one of the two ports). Although I can't see any situation where you would have a dual homed host, but it not be in a vPC, so it is kind of a corner case.
HTH
Chris -
(*) - local vPC is down, forwarding via vPC peer-link
Hello
Local VPC status down what is the issue-----
status -
show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
vPC Peer-link status
id Port Status Active vlans
1 Po1 up 1,150
vPC status
id Port Status Consistency Reason Active vlans
10 Po10 down* success success -
20 Po20 down* success success -
# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
Group Port- Type Protocol Member Ports
Channel
1 Po1(SU) Eth LACP Eth1/1(P) Eth1/2(P)
10 Po10(SD) Eth LACP Eth1/47(I)
20 Po20(SD) Eth LACP Eth1/48(I)Hi,
What is Portchannel 10 and 20 for? They are both down.
Can you post the config from both switches?
HTH
Maybe you are looking for
-
Severe battery drain with iOS 8.1.2
I am having severe battery drain issues with iOS 8.1.2 with all my iOS devices (iPhone 6, iPhone 5s, iPad Mini Retina, iPad Air). I can have my device in DND mode overnight with 100% battery, then the following morning I will wake up to find my devic
-
Sony Handycam DCR-HC26 not recognized by iMovie'08
System: iMac PPC G5, 2GB DDR SRAM, running 10.5.8 iMovie: '80 7.1.4 (585) Camera: Sony Handycam DCR-HC2, plugged in (battery in too), in Play/Edit mode (not record mode) Firewire: 4-6pin, tried 2 cables. Alert message: "No camera connected. To import
-
Problem description: Load times for programs and websites is significantly slowed after Yosemite install. EtreCheck version: 2.0.11 (98) Report generated November 18, 2014 at 12:47:02 PM CST Hardware Information: ℹ️ MacBook Pro (Retina, 13-inch, Ea
-
Why does error 200279 occur at high speeds only?
I am using a VI very much like the one attached here, and as my motor speeds up and the period value decreases, the vi fails, and error 200279 shows up as displayed in the attached 2 jpg images. This VI is reading the period value of an encoder by ri
-
Hi All, I wanted to know if i have marked a vendor for deletion and all the post has been blocked then will i be able to do the payment? I am technical consultant so not much knowledge on FI module. Can anybody tell me the tcode also related to this.