取消
显示结果 
搜索替代 
您的意思是: 
cancel
19683
查看次数
6
有帮助
20
回复

咨询VPC问题:VPC对等体(备)故障被移除,后想再上线,这时候keelive和peer哪个先接

shanghaiyunji
Level 1
Level 1
因为之前备交换机故障、所以就直接关机下线了,之后清了配置,现在打算重配重新上线,想问下怎么顺序比较好、不会对正在运行的网络造成影响?(之前遇到过先接peerlink再接keeplive导致全网中断的问题)

我考虑了几种,不知道是否有问题,请各位大哥帮忙看看。
第一种:
配好所有配置下联链路接好,直接keeplive、peerlink都先接上然后再上电(这样两台交换机通过keeplive,可以保证原交换机还是主、新上线的是备)
第二种:
配好配置下联链路接好,先上电、先接keeplive,确认好主备,再接peerlink
1 个已接受解答

已接受的解答

Lei Zhang
Cisco Employee
Cisco Employee
vpc建立时,必须先配keepalive,然后是peer-link。换言之,keepalive down,peer-link不能up。
另外,vpc role (primary,secondary) 是有配置的role决定,role 值越低越优;如果role值相同,比较system mac,越低越优。
文档原文:
Building a vPC Domain
A vPC domain defines the grouping of switches participating in the vPC. As of today, only two Cisco NEXUS 7000 Series Switches can form a vPC domain.
From a configuration standpoint, vPC domain provides context to define global vPC system parameters.
User enters into vPC domain sub-commands to configure vPC options and features like peer-gateway, peer-swtich and so on.
The process of building a vPC domain involves multiple steps that should be completed in the following order:
1. Globally configure a vPC domain identifier on both vPC devices. The domain ID must be the same on both peer devices.
2. Configure vPC peer-keepalive link on both peer devices and ensure that the vPC peer-keepalive link is operational. If not, vPC domain cannot successfully be formed.
3. Configure or reuse an ISL (Inter Switch Link) L2 trunk port-channel between the vPC peer devices. Configure the port-channel as a vPC peer-link on both peer devices and ensure that the port-channel is operational.
4. Configure or reuse port-channels from the access devices to Cisco Nexus 7000 Series forming vPC domain. Then configure a unique logical vPC and join the port-channels across different vPC peer devices.
vPC Role
There are two defined vPC roles: primary and secondary.
vPC role defines which of the two vPC peer devices processes Bridge Protocol Data Units (BPDUs) and responds to Address Resolution Protocol (ARP).
Use role priority command (under vPC domain configuration context) to force vPC role to primary for a dedicated peer device.
ranges from 1 to 65535 and the lowest value will dictate the primary peer device.
In case of tie (same role priority value defined on both peer devices), lowest system mac will dictate the primary peer device.
另外,所有关于vpc的问题都可以在这个文档找到答案。
http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

在原帖中查看解决方案

20 条回复20

Lei Zhang
Cisco Employee
Cisco Employee
vpc建立时,必须先配keepalive,然后是peer-link。换言之,keepalive down,peer-link不能up。
另外,vpc role (primary,secondary) 是有配置的role决定,role 值越低越优;如果role值相同,比较system mac,越低越优。
文档原文:
Building a vPC Domain
A vPC domain defines the grouping of switches participating in the vPC. As of today, only two Cisco NEXUS 7000 Series Switches can form a vPC domain.
From a configuration standpoint, vPC domain provides context to define global vPC system parameters.
User enters into vPC domain sub-commands to configure vPC options and features like peer-gateway, peer-swtich and so on.
The process of building a vPC domain involves multiple steps that should be completed in the following order:
1. Globally configure a vPC domain identifier on both vPC devices. The domain ID must be the same on both peer devices.
2. Configure vPC peer-keepalive link on both peer devices and ensure that the vPC peer-keepalive link is operational. If not, vPC domain cannot successfully be formed.
3. Configure or reuse an ISL (Inter Switch Link) L2 trunk port-channel between the vPC peer devices. Configure the port-channel as a vPC peer-link on both peer devices and ensure that the port-channel is operational.
4. Configure or reuse port-channels from the access devices to Cisco Nexus 7000 Series forming vPC domain. Then configure a unique logical vPC and join the port-channels across different vPC peer devices.
vPC Role
There are two defined vPC roles: primary and secondary.
vPC role defines which of the two vPC peer devices processes Bridge Protocol Data Units (BPDUs) and responds to Address Resolution Protocol (ARP).
Use role priority command (under vPC domain configuration context) to force vPC role to primary for a dedicated peer device.
ranges from 1 to 65535 and the lowest value will dictate the primary peer device.
In case of tie (same role priority value defined on both peer devices), lowest system mac will dictate the primary peer device.
另外,所有关于vpc的问题都可以在这个文档找到答案。
http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

one-time
Level 13
Level 13
感谢您的提问,会有小伙伴为您解答的!:):handshake

liuzhi001
Level 1
Level 1
个人看法:先把全部配置配好,不连线,上电,连接keepalive,连接peer-link,连接access。
没有这样online做过恢复,但是分析觉得应该是这样。应该先让vpc起来,然后再连接access,这样port channel就可以起来了

shanghaiyunji
Level 1
Level 1
liuzhi001 发表于 2016-10-17 10:28 back.gif
个人看法:先把全部配置配好,不连线,上电,连接keepalive,连接peer-link,连接access。
没有这样onlin ...

这里我有个问题,VPC operation role是由keeplive去同步信息决定,还是peerlink?
另外决定VPC operation role是随机的还是有依据的,如果是根据keeplive决定主备又是随机的,那如果先接keeplive有一定概率导致正在运行的这台交换机会down自己的vpc端口

liuzhi001
Level 1
Level 1
shanghaiyunji 发表于 2016-10-17 10:39 back.gif
这里我有个问题,VPC operation role是由keeplive去同步信息决定,还是peerlink?
另外决定VPC operatio ...

VPC是双活不是主备。
在keepalive up的过程,有可能会导致已经在运行的交换机down掉原有的vpc端口,但是风险应该小于其它方式

shanghaiyunji
Level 1
Level 1
liuzhi001 发表于 2016-10-17 12:02 back.gif
VPC是双活不是主备。
在keepalive up的过程,有可能会导致已经在运行的交换机down掉原有的vpc端口,但是 ...

vpc role是有主和备的吧,当peerlink出现问题时,备的会down掉自己的VPC端口
请问,这个主和备是怎么选举出来的

liuzhi001
Level 1
Level 1
shanghaiyunji 发表于 2016-10-17 12:47 back.gif
vpc role是有主和备的吧,当peerlink出现问题时,备的会down掉自己的VPC端口
请问,这个主和备是怎么选举 ...

vpc role是给STP选root bridge用的,如果peer-link down,vpc的2台switch各自都会变成primary,认为自己是STP root

liuzhi001
Level 1
Level 1
shanghaiyunji 发表于 2016-10-17 12:47 back.gif
vpc role是有主和备的吧,当peerlink出现问题时,备的会down掉自己的VPC端口
请问,这个主和备是怎么选举 ...

我觉得你现在的主要考虑是 在第2台switch加入vpc时尽量不影响第1台的工作

pebao
Cisco Employee
Cisco Employee
你可以参照下面链接了解一下vPC
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/design_guide_c07-625857.html
通常是先配置keeplive link,然后是peer link,然后是下联链路。不过最好先配置好下联链路,然后同时no shutdown所有下联链路。

shanghaiyunji
Level 1
Level 1
pebao 发表于 2016-10-18 14:59 back.gif
你可以参照下面链接了解一下vPC
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000- ...

您好,请问:
VPC对等体建立是通过peerlink建立时协商的吧,那不是应该先配置peerlink建立VPC,再配置keeplive link么?

aisike
Spotlight
Spotlight
感恩无私的分享与奉献 :)

shanghaiyunji
Level 1
Level 1
leiz2 发表于 2016-10-17 08:25 back.gif
vpc建立时,必须先配keepalive,然后是peer-link。换言之,keepalive down,peer-link不能up。
另外,vpc ...

非常感谢,这个文档非常好,内容很多,需要慢慢研究和学习了

one-time
Level 13
Level 13
leiz2 发表于 2016-10-17 08:25 back.gif
vpc建立时,必须先配keepalive,然后是peer-link。换言之,keepalive down,peer-link不能up。
另外,vpc ...

感谢您积极解答小伙伴的问题,您的回复已被采纳为最佳答案,特奖励您20积分,希望更多地解答其他小伙伴的问题哈!:):handshake

suzhouxiaoniu
Spotlight
Spotlight
找到第二个;P
找了15分钟,一个没找到,想想不至于藏得这么深吧,突然觉得是浏览器问题,果然!:L
提醒小伙伴,如果一直没找到南瓜灯,可以是浏览器问题。
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接