Re: Nexus 7K configuration Issues

ALIAOF_ · ‎08-10-2018

Hi all here is my scenario that I'm looking to get some feedback on and in my opinion this might be part of some issues:

- 2 NX 7K's.

- Peer Keep alive links, vPC peer link

- port channel trunking all VLANs. (Is this even needed)?

Switch 1 = VRRP Master [VPC Role = Secondary]
Switch 2 = VRRP Backup [VPC Role = Primary]

So my confusion here is that this setup looks wrong, shouldn't the VRRP Master also have the VPC Role as primary otherwise the results can be un predictable?

Reading this:

"HSRP active—If you want to use Hot Standby Router Protocol (HSRP) and VLAN interfaces on the vPC peer devices, configure the primary vPC peer device with the HSRP active highest priority. Configure the secondary device to be the HSRP standby and ensure that you have VLAN interfaces on each vPC device that are in the same administrative and operational mode. (See the “vPC Peer Links and Routing” section for more information on vPC and HSRP.) "

So looks like the VRRP config is wrong as well because VRRP Master should be VPC Primary also.

Secondly upstream routers are doing BGP but they have HSRP between them which I believe should really be running iBGP between the two.

Thank you for the feedback and help in advance.

Wes Austin · ‎08-10-2018

VRRP master/backup and vPC roles do not need to match. The config you have looks fine.

The section you quoted earlier is just outlining you need to configure HSRP manually and providing configuration instructions.

ALIAOF_ · ‎08-10-2018

Thank you but it is talking about configuring VPC primary switch with HSRP Active role and VPC secondary as HSRP standby role. So isn't that a best practice?

Shouldn't there be iBGP between the two 7K's or having a completely separate port channel from the keep alive and peer links allowing all VLAN's will work as well?

NOTE: Looks like L2 trunks can work as well

ou can configure the inter-switch link for a backup routing path in the following ways:

Create a Layer 3 link between the two vPC peer devices.
Use the non-VPC VLAN trunk with a dedicated VLAN interface.
Use a vPC peer link with a dedicated VLAN interface.

ALIAOF_ · ‎08-10-2018

vPC role defines which of the two vPC peer devices processes Bridge Protocol Data Units (BPDUs) and responds to Address Resolution Protocol (ARP) requests. vPC role also defines a set of actions to be taken by vPC primary and vPC secondary in response to vPC peer-link down situation.

So based on the above statement if I have a Switch with VPC role of secondary but VRRP as Master, wouldn't that be an issue?

Wes Austin · ‎08-12-2018

Yes, it would be best practice, but this is only so you know "my master is my primary". If you are asking if you would expect issues, I would not expect any problems.

If you are having a problem, you could open a TAC case for further assistance.

ALIAOF_ · ‎08-13-2018

Thank you for the clarification.

nazimkha · ‎08-13-2018

What are the Line Cards on the Nexus 7K ? You may need to check if Dynamic routing over vPC is supported on your version and line cards if you are planning to do BGP peering between vPC VLANs.

I did not see a network topology, else could have given an appropriate answer