cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1146
Views
0
Helpful
4
Replies

Cisco N5K - VPC Link Question!!!

@cn85
Level 1
Level 1

I have this topology in a client network

 

Prueba1 (1).png

 

In the Nexus 5k I have a port-channel configured in layer 3 and it ends in the nexus 7k in layer 2 on vlan 10. This configuration is replicated the same in the other n5k.

 

The nexus 7k has a port-channel in vpc towards 5nk as seen in the diagram. The problem I am having is that I have the hsrp configured with 10.1.1.4 on the n5k on the left side and 10.1.1.5 on the right side and the vip is 10.1.1.1 and when I ping from .4 to .5 I do not arrive.

 

Using the etheranalyzer command on the controller of the n5k I see that the packet arrives and responds but I do not see it at the ping level, it is lost within the vpc.

 

My question is .. in this topology is this traffic allowed? I have a design error or could it be a bug?

4 Replies 4

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hi @cn85 

So just to confirm:

You have a L3 interface 10.1.1.0/24 between N5K1 (L3 PO) and N7K1 (SVI10), and at the same time, 10.1.1.0/24 between N5K2 (L3 PO) and N7K2 (SVI10). The Vlan10 is also allowed over the VPCs and PeerLink (configured L2 on Nexus).

Is my understanding correct?

 

If yes, then I must admit this is a very strange and uncommon topology. Is it supported? Technically I do not see a problem, but definitely is on the borderline. Why not simply configuring SVI10 on Nexus, allow the vlan over PL and you have a fully supported topology.

And what is with HSRP? What are the nodes which participates in the HSRP group?

 

Cheers,

Sergiu

 

 

NicolasCostoya
Level 1
Level 1

If you understood correctly

I have configured this way:

 

N5K1:
interface port-channel1
no switchport
speed 1000
ip address 10.1.1.4/24
hsrp version 2
hsrp 10
preempt
priority 110
ip 10.4.1.1

 

N7K1:
interface port-channel4
switchport
switchport access vlan 10
spanning-tree port type edge
spanning-tree bpduguard enable

 

On the other side it is the same configuration but only change the ip to 10.1.1.5

HSRP lifts perfectly and one remains as active and the other as stanby, until today I never comute them manually but you can see the mac addresses on both sides.

The only problem is that it does not arrive with ping from .4 to .5 and in Cisco I can't find anything that says that this is not supported.

Ah ok, so there is no SVI on N7K. just the vlan. Got it.

Well, even in this scenario, the topology looks very strange. I still do not understand why would you want this behavior.

And let me give you an example where this scenario is not supported:

- if the peer-link goes down, and PKA is up, then VPC secondary (let's say N5K2) will bring down all vpc enabled interfaces and also all vpc vlans, BUT since the PO4 is a L3 interface, it will keep it up. Since it has HSRP on it, the HSRP will become active on it.

- at this stage you have both N5k with HSRP active, and connectivity to N7K is UP since the interface is not affected by the PeerLink failure. This is when the connectivity within vlan10 will be affected. 

 

In other words, this is NOT a supported scenario. My suggestion is to stick with recommended design: SVI 10 on both N5k, vlan 10 allowed ever vpc peer link and HSRP configured on the SVI.

 

Stay safe,

Sergiu

follow

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: