Solved: behavior in ACI when one vpc link goes down

Jayashanker warrier · ‎07-28-2022

Greetings,

I understand that there is one VTEP per pair of Leaf Switches and so there might be many VPC's hanging on that Leaf. So for example VPC1 and VPC2 is connected to both Leaf1 and Leaf2 and there will be one VTEP representing the VPC domain (please correct me if i am wrong). endpoint in Leaf3 is sending traffic to those nodes behind vpc's

When VPC1 has its connection down towards Leaf2, the Leaf3 will still send it to the VTEP and it might land in Leaf2 right?.. is there a Bounce bit in Leaf2 and if so will it be there until the link is down? OR is it that the next hop to the EP behind VPC1 will change to PTEP?

thanks

J

Sergiu.Daniluk · ‎07-28-2022

Hi @Jayashanker warrier,

When both vPC ports are up (from both vPC peers), EP routes point to the VIP (Anycast TEP).

When one of them is down, routes point to PTEP of the other leaf.

Edit: there is also an enhancement for Endpoint Announce starting with 4.2:

When a vPC port is operational only on one of the leaf switches in the vPC pair, the remote endpoints for endpoints on the vPC port will point to the physical TEP (PTEP) of the operational leaf. When the vPC port on the other leaf also becomes operational, those remote endpoints should now point to the virtual TEP (VTEP) representing both of the leaf switches. Endpoint announce messages flush remote endpoints that are still pointing to the PTEP.

Ref: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html

Stay safe,

Sergiu

View solution in original post

RedNectar · ‎07-31-2022

Hi @Jayashanker warrier ,

If a picture tells a thousand words, and a video is a series of pictures ...

(view in My Videos)

Anyway - I hope it tells you all you ever wanted to know about VPCs and even how th EP announce @Sergiu.Daniluk referred to in his answer (which I had to research).

EDIT: And I've just realised that I did not cover the SPECIFIC question you asked - which in my example is "How do the switches handle MAC address C?" - and for that I hope you observer that the failed link ONLY affected MAC D, there was no need to adjust for MAC C when the link failed, so traffic to/from MAC C was NOT affected. In other words, if leaf 1.201 (in my example) sends a frame to MAC C and it goes to Switch 1.204, the switch will NOT bounce it.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

Sergiu.Daniluk · ‎07-28-2022

Hi @Jayashanker warrier,

When both vPC ports are up (from both vPC peers), EP routes point to the VIP (Anycast TEP).

When one of them is down, routes point to PTEP of the other leaf.

Edit: there is also an enhancement for Endpoint Announce starting with 4.2:

When a vPC port is operational only on one of the leaf switches in the vPC pair, the remote endpoints for endpoints on the vPC port will point to the physical TEP (PTEP) of the operational leaf. When the vPC port on the other leaf also becomes operational, those remote endpoints should now point to the virtual TEP (VTEP) representing both of the leaf switches. Endpoint announce messages flush remote endpoints that are still pointing to the PTEP.

Ref: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html

Stay safe,

Sergiu

RedNectar · ‎07-31-2022

Hi @Jayashanker warrier ,

If a picture tells a thousand words, and a video is a series of pictures ...

(view in My Videos)

Anyway - I hope it tells you all you ever wanted to know about VPCs and even how th EP announce @Sergiu.Daniluk referred to in his answer (which I had to research).

EDIT: And I've just realised that I did not cover the SPECIFIC question you asked - which in my example is "How do the switches handle MAC address C?" - and for that I hope you observer that the failed link ONLY affected MAC D, there was no need to adjust for MAC C when the link failed, so traffic to/from MAC C was NOT affected. In other words, if leaf 1.201 (in my example) sends a frame to MAC C and it goes to Switch 1.204, the switch will NOT bounce it.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Jayashanker warrier · ‎07-31-2022

thanks Chris.. thanks for the detailed explanation

thanks

J

kabuasal · ‎12-20-2023

Hi RedNectar,

Thanks for the video, i have a question regarding the aging of bounce entries. as far as I know bounce entries have age time of 630 seconds by default which is more than the age time of the remote endpoints 300 seconds, and if the remote entries on the remote switches gets refreshed, it means that they have received packets sourced from the new switch TEP address and will update their end point table accordingly. so there is no way that bounce entries will expire before any stale remote entries in remote leaf switches that still point to old TEP address right? one more thing, what is the mechanism that these announce messages are sent to all leaf switches? are they sent only to all leaf switches using a special GIPo address?

Regards