MST / vPC / peer-switch

Similar Messages

• Difference between vpc peer-switch and vpc+

  Hi, I would like to understand the difference between vpc peer-switch when used in vpc and vpc+ when used in fabricapath when both are delivered to achieve the same thing i.e making the 2 nexus switches look like a 1 logical switch to an other device connected to it.

  Hi,
  vPC+ overcomes a problem we would have when connecting non FabricPath devices to the FabricPath cloud in a resilient way using port-channels.
  If you look at the first diagram below, when Host A sends traffic to Host B, it can be sent over either link of the port-channel and so can take the path via either S100 or S200. The problem with this is that from the perspective of the MAC address table on S300, the MAC address of Host A would be constantly flap between being sourced from S100 and S200.
  What happens with vPC+ is that S100 and S200 create an emulated switch that effectively becomes the point of connection of the port-channel interface. This is seen in the second diagram as S1000. Now when traffic is sent from Host A it is always seen as originating from S1000 so there's no longer any MAC flapping.
  Hope that helps.
  Regards

• Vpc peer-link forwarding behavior

  Hey,
  In this cisco doc (http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/C07-572835-00_NX-OS_vPC_DG.pdf ) I come across this statement:
  One of the most important forwarding rules of vPC is the fact that a frame that entered the vPC peer switch from the peer link cannot exit the switch out of a vPC member port (except if this is coming from an orphaned port).
  This makes perfect sense up to the "except if this is coming from an orphaned port". I can't seem to figure out why traffic sourced from an orphaned port (ie, "from" an orphaned port) and ulimately destined to a vPC member port is allowed -- since it should be sent out the local vPC member port and not across the peer link.
  Would make more sense to me if it said "destined to an orphaned port", so of course it would have to cross the peer-link.
  Can anyone shed some light on this exception to the rule?
  Thanks!

  Thanks Chad!
  Kept racking my brain on that one, and the only time it would make any sense (ie, I was trying to fit a square peg in a round hole), is if you have IGP peering to each 7K from an orphan port (ex, FW), the IGP ECMP hashes a packet to the far-end 7K, and then the traffic sent to the directly attached 7K must be sent across the vpc-peerlink -- and in theory shouldn't be dropped. This is, of course, until you add peer-gateway command, which confuses matters a bit -- especially from an IGP control-plane perspective, but also in this loop-prevention rule, since the local 7K will handle the packets destined to the other's 7K MAC.
  To complicate matters worse, the latest 5K release notes say to exclude-vlan for peer-gateway for your backup router vlan... still have to dive into that one.

• Peer-Switch with vPC and non-vPC Vlan Port-Channels

  Hi,                 
  in a design guide i have noticed that it is best practice to split vPC and non-vPC vlans on different inter-switch port-channels. Now, if i want to use the Peer-Switch function, but the port-channel interface of the non-vPC-vlan channel moves into blocking state. The option spanning-tree pseudo-information has no influence. Is peer-switch possible in my kind of topology?
  Greeting,
  Stephan

  I believe absolutly possible. specifically coz peer-switch and spt pseudo-info are specific and local to cisco fabric services running as part of  vpc technology. Personally me has lab with vpc-domain compounded of 2 N5Ks. They are peer-switches with spt-pseudoinfo and they have MST running on non VPC links independantly from vpc.

• "Peer-switch" command on vPC domain and spanning-tree priority interaction

  Hi guy,
  We have 2 N7K (N7KA and N7KB) which will be running vPC in hybird and pure vPC environment.
  I have a question about the Hybird and pure vPC environment. With the "peer-switch" command enable, should i tune the spanning-tree priority to be the same for all the vlan running on vPC on both N7KA and N7KB? This way, when i enter the "sh spanning-tree vlan X(vPC vlan) detail" command on N7K, it will list both N7K announc itself as "We are the root of the spanning tree".Also the switch running spanning-tree with N7K vPC vlan (Hybird), will see both N7K has the same priority (4096), and it is not desirable for a spanning-tree environment. Therefore, i used the "spanning-tree pseudo-information" on N7KB to tune the spanning-tree priority to "8192" and the switch running spanning-tree with N7K will list N7KB has a priority of 8192(perfect).
  However, I notice some strange "show" output on the switch running Port-channel with the N7KA and N7KB. The "Designated bridge" priority is flapping as show on the switch. It is constantly changing between "4096 and 8192" with the same vPC system wide mac address.
  Entering the "sh spanning-tree vlan X detail" command repeatly on switch with port-channel toward N7KA and N7KB.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding
  Port path cost 3, Port priority 128, Port Identifier 128.65.
  Designated root has priority 4106, address 0013.05ee.bac8
  Designated bridge has priority 4106, address 0013.05ee.bac8
  Designated port id is 144.2999, designated path cost 0
  Timers: message age 15, forward delay 0, hold 0
  Number of transitions to forwarding state: 1
  Link type is point-to-point by default
  BPDU: sent 5, received 603
  one sec later.
  >>sh spanning-tree vlan 10 detail
  Port 65 (Port-channel1) of VLAN10 is root forwarding Port path cost 3, Port priority 128, Port Identifier 128.65. Designated root has priority 4106, address 0013.05ee.bac8 Designated bridge has priority 8202, address 0013.05ee.bac8 Designated port id is 144.2999, designated path cost 0 Timers: message age 15, forward delay 0, hold 0 Number of transitions to forwarding state: 1 Link type is point-to-point by default BPDU: sent 5, received 603
  Configuration:
  N7KA
  spanning-tree vlan 1-10 priority 4096
  vpc domain 200
  peer-switch
  N7KB
  spanning-tree vlan 1-10 priority 4096spanning-tree pseudo-information vlan 1-10 designated priority 8192
  vpc domain 200
  peer-switch

  We have a issue similar to this in our environment. I am trying to upgrade the existing 3750 stack router with 2 Nexus 5596 running VPC between them. For the transition I have planned to create a channel between 3750 stack and 5596's. Once this environment is set, my plan is to migrate all the access switches to N5k.
  The issue is when I connect the 3750 port channel to both N5Ks, all the Vlans on 3750 started to flap. If I connect the port channel to only one N5K everything is normal; but when I connect the port channel to both N5K running VPC, vlans are flapping. Any idea what is going wrong here? Am I missing something?

• VPC - peer gateway and peer switch

  I understand that we need to use peer gateway on a vPC pair when HSRP is running, but why do we use peer switch if the vPC pair is not the root or seconday root of the network? Does it matter they send out different BIDs? What would be the worst case scenario when not using peer switch?

  If you read the vPC Best Practices Design Guide the peer-switch feature reduces convergence time as a result of a spanning-tree failure from 3 seconds to sub-second.

• Trunking off a switch that is connected as a vPC peer

  Hello,
  Yesterday I ran into an issue in someones environment where they wanted to trunk a 2960 switch (Lets call it SwitchA) off of another 2960 (SwitchB) switch which was a vPC peer to a set of Nexus 5k's. When he did this, he noticed his phones were unable to communicate with the voice gateway. The same VLANs were allowed across the trunk from SwitchA to SwitchB and to the Nexus5K
  When I moved SwitchA to its own port channel and vPC the voice traffic was able to communicate just fine. I am more concerned about this issue for learning/experience purposes. Has anyone run into a similar issue or know of a vPC rule that is preventing SwitchA from hanging off SwitchB? I have never seen a setup where someone wanted to do that when using vPC's but am still curious about that setup incase I run into it again in the future.
  Thanks,

  Hey Madhu,
  Thanks for your reply. 
  Yes, I was allowing the same VLAN over the peer-link also. If I wasnt then all the other IDF switches would of had downed phones. The odd thing also is when SwitchA was trunked to SwitchB desktops had connectivity but phones didnt. I then SSH'd into SwitchA and tried pinging the gateway for VLAN 120 (Voice VLAN) and was able to hit the gateway and the phone system, showing I had connectivity. For some reason though, the handsets just werent finding the router.

• N7K Peer-switch Konfiguration

  Hi I have a question regarding peer-switch konfiguration on a vPC/vPC+ pair of N7K with vPC and non vPC attached switches
  If I understood correctly with following configuration
  for vPC attached switches (assuming the have default STP-prio) the vPC-bundle acts as one Switch with the priority of 4096
  for STP non-VPC attached switches for VLAN1-1960 the N7K-A is the root-bridge and for VLAN 1961-3920 the N7K-B is the root-bridge,
  N7K-A
  vpc domain 20
    peer-switch
    role priority 1
  spanning-tree pseudo-information
  vlan 1-3920 root priority 4096                 
    vlan 1-1960 designated priority 4096
    vlan 1961-3920 designated priority 8192
  N7K-B
  vpc domain 20
  peer-switch
  role priority 2
  spanning-tree pseudo-information
    vlan 1-3920 root priority 4096
    vlan 1-1960 designated priority 8192
    vlan 1961-3920 designated priority 4096
  Is that coorect so far ?
  If yes then I have one outstandig question.
  Do we need the global configuration for spanning-tree priority in this case?
  spanning-tree vlan 1-3920 priority 4096
  as we configure it in a pure vPC environment
  N7K-A
  spanning-tree vlan 1-3920 priority 4096
  vpc domain 20
  peer-switch
  role priority 1
  N7K-B
  spanning-tree vlan 1-3920 priority 4096
  vpc domain 20
  peer-switch
  role priority 2
  Thanks
  Hubert

  Here is a description of the use of the Spanning-tree Pseudo-information and the Peer switch command on the Nexus 7000. Maybe this will help clarify some misunderstanding:
  SETUP:
  7K1 and 7K2 are vPC peers and have a higher priority      than 7K3. So 7K1 and 7K2s ports to 7K3 will all be DESIGNATED.
  7K3 is connected to both 7K1 and 7K2 using individual      STP links.
  7K4 is connected to both 7K1 and 7K2 in a vPC.
  Common Points for all Scenarios:
  If vPC fails for whatever reason; all links will revert      to regular spanning-tree.
  The root priority on 7K1 and 7K2 will be the vPC System-MAC (same on both) and the Designated priority will use the respective non-vPC System-MACs of 7k1 and 7K2
  Even if the STP Priority is configured globally and lower, the Pseudo Root Priority and Designated Priorities are still used for STP calculations.
  The STP Pseudo-information HACK:
  Allows you to set a different root priority and different designated priority. To satisfy the requirement for the Peer switch command and still be able to perform VLAN load balancing for non-vPC dual connected links.
  Root Priority: Used in Root Bridge Election
  Designated Priority: Used in Designated Bridge Election
  SCENARIO 1: Same STP Priority configured Globally with the Peer switch Enabled (Individual STP links)
  The Root priority and Designated priority on 7K1 and 7K2 will be the same as the globally configured or default STP priority
  One of the links to 7K1 and 7K2 becomes the "Root Port" and the other becomes "ALTN BLK"
  Since they have the same Root Priority and the same vPC system MAC, the lower port will be selected as the root port.
  SCENARIO 2: BOTH STP Pseudo-information Root and Designated Priorities Configured with Peer Switch Enabled (Individual STP links)
  The Root priority may be different from the Designated Priority based on the STP Pseudo-information configuration.
  VLAN traffic from 7K3 is load balanced between 7K1 and 7K2 based on the configured Pseudo-Designated Priority. So the Root port for a VLAN from 7K3 will be to the device with a lower Pseudo-Designated priority.
  SCENARIO 3: ONLY STP Pseudo-information Root Priority Configured with Peer Switch Enabled (Individual STP links)
  The Root priority and Designated Priority are the same as the Pseudo Root Priority.
  No VLAN load balancing occurs
  The Root port is the link to the vPC primary switch. The Link to the vPC Secondary is “ALTN BLK”.
  SCENARIO 4: ONLY STP Pseudo-information Designated Priority Configured with Peer Switch Enabled (Individual STP links)
  The Root priority will be the Globally configured or default STP Priority
  The Designated priority will still be the Pseudo-Designated priority
  VLAN load balancing will still occur.
  SCENARIO 5: Same STP Priority configured Globally with the Peer switch Enabled (vPC links on 7K4)
  The Root priority and Designated priority on 7K1 and 7K2 will be the same as the globally configured or default STP priority.
  If the vPC Peer-link fails, the interface going to the secondary vPC device (7K2) will be shut DOWN.
  SCENARIO 6: BOTH STP Pseudo-information Root and Designated Priorities Configured with Peer Switch Enabled (vPC links on 7K4)
  The Root priority and Designated Priority are the same as the configured Pseudo-Root Priority.
  If the vPC Peer-link fails, the interface going to the secondary vPC device (7K2) will be shut DOWN.
  SCENARIO 7: ONLY STP Pseudo-information Root Priority Configured with Peer Switch Enabled (vPC links on 7K4)
  The Root priority and Designated Priority are the same as the configured Pseudo-Root Priority.
  If the vPC Peer-link fails, the interface going to the secondary vPC device (7K2) will be shut DOWN.
  SCENARIO 8: ONLY STP Pseudo-information Designated Priority Configured with Peer Switch Enabled (vPC links on 7K4)
  The Root priority and Designated priority on 7K1 and 7K2 will be the same as the globally configured or default STP priority.
  If the vPC Peer-link fails, the interface going to the secondary vPC device (7K2) will be shut DOWN

• Timers on vPC peer-keepalive link

  Hello,
  I am confused about what 2 timer parameters (Keepalive Hold Timeout and Keepalive Timeout) are used for.
  Below are the quotes, which are truely quite confusing, from Cisco official docs ( Design and Configuration Guide:
  Best Practices for Virtual Port Channels (vPC) on Cisco Nexus 7000 Series Switches)
  Keepalive Hold Timeout
  This timer gets started once the vPC peer-link goes to down state. During this time period, the secondary vPC peer
  device will ignore any peer-keepalive hello messages (or the lack of). This is to assure that network convergence
  can happen before any action is taken.
  Q1: Why vPC secenary device ignores ongoing keepalive message? As far as I know, secondary device does needs
  these keepalive messages to determine subsequent actions (shut down all its vPC memeber port or enter split-brain scenario).
  Q2: What kind of network convergence will happen here?
  Keepalive Timeout
  During this time period, the secondary vPC peer device will look for vPC peer-keepalive hello messages from the
  primary vPC peer device. If a single hello is received, the secondary vPC peer concludes that there must be a dual
  active scenario and therefore will disable all its vPC member ports (that is, all port-channels that carry the keyword
  vpc).
  Q1: When will this timer be triggered?
  Q2: If a single Hello is received, why dual active scenario (also termed split-brain scenario) is determined?
  Q3: Why all vPC member ports on secondary switch will be all disabled when dual active scenario is determined?
  Thanks in advance for your help.

  Q1:keepalive holdtimeout
  The difference between the hold-timeout and the timeout parameters is as follows:
  During the hold-timeout, the vPC secondary device does not take any action based on any keepalive messages received, which prevents the system taking action when the keepalive might be received just temporarily, such as if a supervisor fails a few seconds after the peer link goes down
  During the timeout, the vPC secondary device takes action to become the vPC primary device if no keepalive message is received by the end of the configured interval. 

• VPC N5k Switch Failure causes connectivity disruption

  Hello,
  I have configured enhanced vPC on 2 n5k and B22 FEXs (vPC from 5k to B22, and vPC from B22 to blade servers).
  Everything is running smoothly, except when I power off one of the 5k, the connectivity to the blade servers is lost, comes back up for a short while, loses connectivity again, and after a few minutes comes back up for good.
  From the logs I can see that all the port-channels (peer-link, to the FEXs and port-channels to other switches in network) get in down state, then fizical interfaces start coming backup in fabric mode, then port-channels, see FEXs starting to get online then all the port-channels go down again and then whole thing starts again.(all of this is hapenig with one of the 5k powerd off, same thing hapens with promary and secondary vpc).
  Connectivity is lost in the same way when the 5k is started again, but just once.
  I am running NX OS version 5.2.1N1.3.
  I have no idea what could cause this behavior.
  Any help would be appreciated.
  Regards,
  Bogdan

  Hi Reza,
  Below you can find my run-config.
  version 5.2(1)N1(3)
  feature fcoe
  install feature-set virtualization
  feature-set virtualization
  logging level feature-mgr 0
  hostname N5k_1
  feature npiv
  feature telnet
  cfs eth distribute
  feature udld
  feature interface-vlan
  feature lacp
  feature vpc
  feature lldp
  feature vtp
  feature fex
  fex 107
    pinning max-links 1
    description "FEX0107"
    fcoe
  fex 108
    pinning max-links 1
    description "FEX0108"
  slot 1
    port 31-32 type fc
  vpc domain 1
    role priority 1000
    peer-keepalive destination 1.1.1.2
    auto-recovery
  vsan database
    vsan 50 name "VSAN_A"
  fcdomain fcid database
  interface port-channel100
    description Po Synch N5k
    switchport mode trunk
    spanning-tree port type network
    logging event port link-status
    logging event port trunk-status
    speed 10000
    vpc peer-link
  interface port-channel107
    switchport mode fex-fabric
    fex associate 107
    vpc 107
  interface port-channel108
    switchport mode fex-fabric
    fex associate 108
    vpc 108
  interface port-channel111
    switchport mode trunk
  interface vfc111
    bind interface Ethernet107/1/1
    no shutdown
  vsan database
    vsan 50 interface vfc111
    vsan 50 interface fc1/31
    vsan 50 interface fc1/32
  interface fc1/31
    no shutdown
  interface fc1/32
    no shutdown
  interface Ethernet1/1
    description Synch N5k
    switchport mode trunk
    logging event port link-status
    logging event port trunk-status
    udld aggressive
    channel-group 100 mode active
  interface Ethernet1/2
    description Synch N5k
    switchport mode trunk
    logging event port link-status
    logging event port trunk-status
    udld aggressive
    channel-group 100 mode active
  interface Ethernet1/3
    description Synch N5k
    switchport mode trunk
    logging event port link-status
    logging event port trunk-status
    udld aggressive
    channel-group 100 mode active
  interface Ethernet1/4
    description Synch N5k
    switchport mode trunk
    logging event port link-status
    logging event port trunk-status
    udld aggressive
    channel-group 100 mode active
  interface Ethernet1/5
    switchport mode fex-fabric
    fex associate 107
    channel-group 107
  interface Ethernet1/6
    switchport mode fex-fabric
    fex associate 107
    channel-group 107
  interface Ethernet1/7
    switchport mode fex-fabric
    fex associate 108
    channel-group 108
  interface Ethernet1/8
    switchport mode fex-fabric
    fex associate 108
    channel-group 108
  interface Ethernet107/1/1
    switchport mode trunk
    channel-group 111 mode active
  interface Ethernet108/1/1
    switchport mode trunk
    channel-group 111 mode active
  version 5.2(1)N1(3)
  feature fcoe
  install feature-set virtualization
  feature-set virtualization
  logging level feature-mgr 0
  hostname N5k_2
  feature npiv
  feature telnet
  cfs eth distribute
  feature udld
  feature interface-vlan
  feature lacp
  feature vpc
  feature lldp
  feature vtp
  feature fex
  fex 107
    pinning max-links 1
    description "FEX0107"
  fex 108
    pinning max-links 1
    description "FEX0108"
    fcoe
  slot 1
    port 31-32 type fc
  vpc domain 1
    role priority 1000
    peer-keepalive destination 1.1.1.1
    auto-recovery
  vsan database
    vsan 51 name "VSAN_B"
  fcdomain fcid database
  interface port-channel100
    description Po Synch N5k
    switchport mode trunk
    spanning-tree port type network
    logging event port link-status
    logging event port trunk-status
    speed 10000
    vpc peer-link
  interface port-channel107
    switchport mode fex-fabric
    fex associate 107
    vpc 107
  interface port-channel108
    switchport mode fex-fabric
    fex associate 108
    vpc 108
  interface port-channel111
    switchport mode trunk
  interface vfc111
    bind interface Ethernet108/1/1
    no shutdown
  vsan database
    vsan 51 interface vfc111
    vsan 51 interface fc1/31
    vsan 51 interface fc1/32
  interface fc1/31
    no shutdown
  interface fc1/32
    no shutdown
  interface Ethernet1/1
    description Synch N5k
    switchport mode trunk
    logging event port link-status
    logging event port trunk-status
    udld aggressive
    channel-group 100 mode active
  interface Ethernet1/2
    description Synch N5k
    switchport mode trunk
    logging event port link-status
    logging event port trunk-status
    udld aggressive
    channel-group 100 mode active
  interface Ethernet1/3
    description Synch N5k
    switchport mode trunk
    logging event port link-status
    logging event port trunk-status
    udld aggressive
    channel-group 100 mode active
  interface Ethernet1/4
    description Synch N5k
    switchport mode trunk
    logging event port link-status
    logging event port trunk-status
    udld aggressive
    channel-group 100 mode active
  interface Ethernet1/5
    switchport mode fex-fabric
    fex associate 107
    channel-group 107
  interface Ethernet1/6
    switchport mode fex-fabric
    fex associate 107
    channel-group 107
  interface Ethernet1/7
    switchport mode fex-fabric
    fex associate 108
    channel-group 108
  interface Ethernet1/8
    switchport mode fex-fabric
    fex associate 108
    channel-group 108
  interface Ethernet107/1/1
    switchport mode trunk
    channel-group 111 mode active
  interface Ethernet108/1/1
    switchport mode trunk
    channel-group 111 mode active

• VPC Peer-Link Failure

  Hello,
  In the case I have two N5k acting as a vPC peers and I lose the vPC peer-link between two of them, but I do not lose the vPC peer-keepalive link, what would happen when the vPC peer-link comes back again?
  As I understand in the case of vPC peer-link failure all vPC member ports on the secondary N5k will be shut down. When the vPC peer-link comes back again what would happen?
  I have read that in that case the vPC member ports will not come back automatically, but they will remain disabled until you do manual recovery. Is that really so?
  Is there some way that we can automate the process upon recovery?
  Thanks

  The reload restore command has been removed/replaced and the new feature is
  now called auto recovery. Auto recovery covers the use case that reload
  restore addressed, plus more.
  If both switches reload, and only one switch boots up, auto-recovery allows
  that switch to assume the role of the primary switch. The vPC links come up
  after a configurable period of time if the vPC peer-link and the
  peer-keepalive fail to become operational within that time. If the peer-link
  comes up but the peer-keepalive does not come up, both peer switches keep
  the vPC links down. This feature is similar to the reload restore feature in
  Cisco NX-OS Release 5.0(2)N1(1) and earlier releases. The reload delay
  period can range from 240 to 3600 seconds.
  When you disable vPCs on a secondary vPC switch because of a peer-link
  failure and then the primary vPC switch fails, the secondary switch
  reenables the vPCs. In this scenario, the vPC waits for three consecutive
  keepalive failures before recovering the vPC links.
  The vPC consistency check cannot be performed when the peer link is lost.
  When the vPC peer link is lost, the operational secondary switch suspends
  all of its vPC member ports while the vPC member ports remain on the
  operational primary switch. If the vPC member ports on the primary switch
  flaps afterwards (for example, when the switch or server that connects to
  the vPC primary switch is reloaded), the ports remain down due to the vPC
  consistency check and you cannot add or bring up more vPCs.
  For more information, please refer to the Operations Guide: As a best practice,
  auto-recovery should be enabled in vPC.
  HTH,
  Alex

• VPC Peer Link

  What is the function of the VPC peer-link? Should be the composite of all VPC links that are dual homed between switches?
  In this diagram, is it necessary to have 8 x 10G links as shown above. The links conecting the 7Ks to the 5Ks are VPC links.

  ok, so as I read your reply I would like to confirm the following:
  Hosts which are not connected to the FEX via normally trunk or vPC which need to communicate to Hosts which are on a vPC these VLANs need to be trunked on the vPC peer link.
  VLANs which communicate between devices which are not on the vPC is recommended to have a seperate link. 
  I now have an issue, where I have a Nexus 1000v deployed in vmware which we are using L3. The control (same requirements for vMotion VLAN) VLANs requires to be L2 and is trunked via the physical uplinks which also carry VLANs which have HSRP on the 5Ks. 
  As a port-channel from each hosts will terminate on each fex as part of a vPC, each will be carrying VLANs which only require L2 communication and some which have a gateway (HSRP).
  For VLANs which carry only L2 information i.e. Control VLAN or vMotion VLAN, they are required to communicate with other hosts at this point if source packet arrives one Fex 1 which is connected to N5K1 and required to communicate to destination on Fex 2 which is linked to N5K2 it would need to transit via the two Nexus 5Ks, could this be achieved by the peer link or would I need a separate link carrying these VLANs in addition to them being carried over the vPC peer link?

• VPC peer-link on N7k's 1Gig link?

  We are in process of setting up vPC peer between 2 N7ks over a 1Gig link, has anybody done this before? Couldn't find any documents in cisco site which talks about this. All of the documents points to setting up using 10G links.
  Cheers
  Raja

  Hello Raja,
  The vPC peer link must be 10Gb Ethernet otherwise it will not form. It is also mentioned here. 
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/interfaces/configuration/guide/if_nxos/if_vPC.html
  https://books.google.co.uk/books?id=o3jeY1SwOYcC&pg=PA114&lpg=PA114&dq=peer+link+must+be+10&source=bl&ots=cZSAvLRMto&sig=YviMepi0thKtqUA2P2n3r2JkWnc&hl=en&sa=X&ei=-GauVNXwIs_waMzcgvAG&ved=0CFQQ6AEwCQ#v=onepage&q=peer%20link%20must%20be%2010&f=false
  The vPC peer keep alive link by all means can be 1Gb.
  HTH
  Bilal

• Peer switch feature for L2 legacy switch

  Hi,
  Please i'm looking for the practical usage of peer-switch feature enable on both NX5K parent switch specialy when we have a mixed access layer build with FEXs and L2 LAN switch uplinked with LACP etherchannel.
  Is there any recommendation when we use the peer-switch and peer-gateway on the both NX5K parent switch performing L3/FRHP with HSRP and L2 root bridge role for the Legacy LAN.
  Thanks. 

  Greets,
  That is a really well thought out question, took me a couple of reads to realise what you were asking.
  Both switches generate BPDUs with the same Priority/MAC for vPC interfaces, however the behaviour is not the same on non-vPC interfaces.  The reason is pretty simple, the edge switch WILL block one of the two links, if it has to come down to Port ID as the descriminator it will happily do so.  So if both switches send identical BPDUs, the one with the lowest port ID will always end up being the root, while the second port is blocking.  If this behaviour is replicated for all VLANs, you have one link taking all traffic from the edge switch.
  To avoid this we have a concept of "psuedo information" that means on vPC interfaces we advertise the same priority, however on non-vPC interfaces we can advertise two different priorities (on a per instance/VLAN basis).  So you can have the link to SW1 being the root for VLAN X, while SW2 the root for VLAN Y.  So while peer-switch provides additional flexibility to load balance per STP instance over the two links, it will not really help you in this failure scenario.
  The problem with having your host dual homed but using standalone links, is from a logical perspective it is still an orphan port (as we will always block on one of the two ports).  Although I can't see any situation where you would have a dual homed host, but it not be in a vPC, so it is kind of a corner case.
  HTH
  Chris

• (*) - local vPC is down, forwarding via vPC peer-link

  Hello 
  Local VPC status down what is the issue-----
  status - 
   show vpc
  Legend:
                  (*) - local vPC is down, forwarding via vPC peer-link
  vPC domain id                     : 1
  Peer status                       : peer adjacency formed ok
  vPC keep-alive status             : peer is alive
  Configuration consistency status  : success
  Per-vlan consistency status       : success
  Type-2 consistency status         : success
  vPC role                          : secondary
  Number of vPCs configured         : 2
  Peer Gateway                      : Disabled
  Dual-active excluded VLANs        : -
  Graceful Consistency Check        : Enabled
  Auto-recovery status              : Enabled (timeout = 240 seconds)
  vPC Peer-link status
  id   Port   Status Active vlans
  1    Po1    up     1,150
  vPC status
  id     Port        Status Consistency Reason                     Active vlans
  10     Po10        down*  success     success                    -
  20     Po20        down*  success     success                    -
  # show port-channel summary
  Flags:  D - Down        P - Up in port-channel (members)
          I - Individual  H - Hot-standby (LACP only)
          s - Suspended   r - Module-removed
          S - Switched    R - Routed
          U - Up (port-channel)
          M - Not in use. Min-links not met
  Group Port-       Type     Protocol  Member Ports
        Channel
  1     Po1(SU)     Eth      LACP      Eth1/1(P)    Eth1/2(P)
  10    Po10(SD)    Eth      LACP      Eth1/47(I)
  20    Po20(SD)    Eth      LACP      Eth1/48(I)

  Hi,
  What is Portchannel 10 and 20 for?  They are both down.
  Can you post the config from both switches?
  HTH