Solved: Re: ACI dual-sided vPC with IBM vLAG - Benefits?

tuanquangnguyen · ‎08-24-2019

Hi all,

We recently migrate our core network from plain old Catalyst and Nexus switches to ACI, and stumbled upon one case.

An IBM integrated system (PureApp) was connected to the network via 2 port-channel (non-vPC) stemming from its ToR switches. As we migrated, unbeknownst to us there's also a feature which is somewhat identical to vPC on the IBM ToR switches (called vLAG), hence we configured the ACI downlink towards the PureApp system as two separate vPCs (left of the diagram).

Apparently, on the IBM's side, they suggest moving towards the recommended dual-sided MCLAG design (on the right). However, having looked up on the Internet, we haven't found out the real benefits of such design over the existing, separate vPCs.

Can someone point out to me on whichever benefits should I consider for the dual-sided MCLAG design?

Remi Astruc · ‎08-26-2019

Hi @tuanquangnguyen @RedNectar ,

I would have a different answer.

On the left hand design, you need to create 2 VPC instead of 1 on the right.

Also if these IBM Tor are L2 switches, you will have to manage a loop on the left design, meaning spanning-tree and bpdu to handle in ACI, ensure Endpoint move learning, ... The right case is loop free, what you should love! (no STP, all links used, high availability, fast convergence inside the VPC, straight forward EP learning, ...).

Remi Astruc

View solution in original post

RedNectar · ‎08-24-2019

Hi @tuanquangnguyen ,

So long as all your hosts are dual attached to the PireApp ToR switches, I believe your left-hand side option is the better choice simply becuase it is easier to configure and easier to troubleshoot. Especiually when you are mixing vendors.

The main argument for double-sided-mclag (or double-sided-vpc) is to provide redundancy for single attached hosts should say DC-INT-LEAF07 and PureAppTor02 (or DC-INT-LEAF08 and PureAppTor01) fail at the same time.

Remember the KISS principle.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Remi Astruc · ‎08-26-2019

Hi @tuanquangnguyen @RedNectar ,

I would have a different answer.

On the left hand design, you need to create 2 VPC instead of 1 on the right.

Also if these IBM Tor are L2 switches, you will have to manage a loop on the left design, meaning spanning-tree and bpdu to handle in ACI, ensure Endpoint move learning, ... The right case is loop free, what you should love! (no STP, all links used, high availability, fast convergence inside the VPC, straight forward EP learning, ...).

Remi Astruc

tuanquangnguyen · ‎08-27-2019

Hi @RedNectar and @Remi Astruc

Thanks for both of your responses earlier.

I have double checked with the system team (which manage the IBM ToR) and apparently they're using PVRST to prevent L2 loop on their side. ACI would just forward the BPDUs without participating in STP. So one of the uplink is Alternate port and being actively blocked (logically, per VLAN).

I think this is also why MCP has yet kicked in (it has no reason to - STP has already done the job). Guess I'm just gonna plan for a quick migration towards the right case.

Also, is it necessary to configure the uplink MC-LAG (on the PureApp ToR) with link-type shared on the right case, as per best practice?

Sincerely thank you both.

Remi Astruc · ‎08-27-2019

Hi @tuanquangnguyen ,

On the right topology, you don't need STP at all. But as a protection, yes you can let it with shared type (while ACI would act as a hub for BPDUs).

Remi Astruc