Re: Dual Nexus 9K VPC Pair and Port-channel / SPT

paul1202 · ‎06-25-2019

Hi,

I have dual N9K VPC pair of switches at 2 locations.

I am using VPC's, but for the inter-site connectivity, I intend to create 2 port-channels of x4 10Ge between switch 1 and switch 2 at the different sites.

site A Site B

switch 1-----Po101------switch 1

vpc vpc

switch 2-----Po102------switch 2

I will be running 5 different VLANS across each trunked port-channel to enable p2p routed links in separate VRF's.

The issue I am facing is that when configuring the first port-channel, the VLANs being trunked across are being blocked by STP!!

switch# sh spanning-tree blockedports

Name Blocked Interfaces List
-------------------- ------------------------------------
VLAN0950 Po101
VLAN0960 Po101
VLAN0961 Po101
VLAN0962 Po101
VLAN0963 Po101

Even with no other connections on the switches, I still see one end of the trunk blocking all the VLANS.

vpc domain 101
peer-switch
role priority 100
system-priority 8192
peer-keepalive destination 10.250.205.3 source 10.250.205.2
delay restore 150
peer-gateway
layer3 peer-router
ip arp synchronize

interface port-channel101
switchport
switchport mode trunk
switchport trunk allowed vlan 950,960-963
mtu 9216

Even with the VPC peer-link disconnected at each side between the pairs and only a single link between 2 of the switches, SPT is still blocking the VLANs!!

VLAN0960
Spanning tree enabled protocol rstp
Root ID Priority 5056
Address 0023.04ee.be65
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 5056 (priority 4096 sys-id-ext 960)
Address 0023.04ee.be65
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po101 Back BLK 1 128.4196 P2p

Any ideas what could be casuing this behaviour??

Thanks in advance..

paul1202 · ‎06-25-2019

Here also is more STP info for one of the VLANs.

VLAN0960
Spanning tree enabled protocol rstp
Root ID Priority 5056
Address 0023.04ee.be65
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 5056 (priority 4096 sys-id-ext 960)
Address 0023.04ee.be65
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po101 Back BLK 1 128.4196 P2p
Po2000 Desg FWD 1 128.6095 (vPC peer-link) Network P2p

pille1234 · ‎06-30-2019

Hallo,

I assume you use the same vpc domain ID on both sites? That results in the use of the same bridge-ID on both sides and the root bridge believes it is receiving its own BPDU, thus blocking the port. Change the vpc ID on one site and that behavior should go away.

Besides, your planned design is throwing the vpc advantages out of the window. Instead of 2 use only one port-channel as intersite link. Same vPC-portchannel id on all devices and call it a day.

Best regards

paul1202 · ‎07-01-2019

Thanks for the suggestion and yes you are correct that I had forgotten that the same vpc domain-id was being used across the two sites.

Changing one of them resolved the issue.

The customer wants to keep separate port-channels as they are using differnet WAN providers between the sites and it will make troubleshooting easier.

Thanks again.

Hector Gustavo Serrano Gutierrez · ‎07-04-2019

Thanks to @pille1234 to provide the suggestion that solved this post.

Just for future reference, the described scenario and issue related are documented here:

vPC Domain ID Modification on an Active vPC Domain

Cheers.