Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1185
Views
0
Helpful
3
Replies

Nexus 7k peer link

jay_7301
Level 1
Level 1

‎02-19-2020 02:22 PM

Hi,

 

I work in a dc environment and have the typical 7k/5k/2k setup. I have noticed we have quite a large amount of traffic traversing our VPC peer link on the 7ks

 

I thought the VPC peer link was only used for control plane traffic & used under failure conditions. 

 

We do use VPC down at the 2k level however this is mainly used in active/standby from the 2k to the server so only 1 link out of the port-channel is being used however this should not cause traffic to up to the 5k then up to 7k and across the peer link?

 

We have have fabricpath enabled on the 7k peer link which when doing some reading up this is essentially VPC+ - would this now make the VPC peer link a valid path in fabricpath?

 

Thanks and i hope the above makes sense.

 

 

 

 

 

 

Labels:
0 Helpful
3 Replies 3

Hector Gustavo Serrano Gutierrez
Cisco Employee
Cisco Employee

‎02-24-2020 02:48 AM

Hi @jay_7301,

The vPC peer-link can be described as a Layer 2 Trunk link that interconnects the Nexus 7000s part of the vPC cluster which also carries Control-Plane traffic needed to synchronize tables like the CAM, IGMP, etc.

As such, normal unicast traffic can cross the vPC peer-link if required, however this is not a best practice.

If Routing (uplinks and Routing Tables feed by Routing protocols) and Switching (vPCs, no orphan ports, etc) is symmetric on both Nexus 7000s, there is no need for the traffic to traverse the vPC peer-link as it will be forwarded by the local Nexus via its own uplinks or downlinks.

Still, local Multicast and Broadcast traffic can traverse the vPC peer-link in all scenarios.

Best Regards.

 

0 Helpful

jay_7301
Level 1
Level 1

‎02-25-2020 06:06 PM

Hi,

 

Is this right that the show fabricpath isis route shows a valid path via the peer link to switch-id 22? This means if this device receives any traffic destined for switch id 22 it will traverse the vpc peer link? see config below

 

interface port-channel1
description VPC-PEER-LINK
switchport
switchport mode fabricpath
spanning-tree port type network
speed 10000
mtu 9216

service-policy type queuing input Custom-8e-4q8q-in
service-policy type queuing output Custom-8e-4q8q-out
vpc peer-link

 

 

DCS-TEST# show fabricpath route
FabricPath Unicast Route Table

1/22/0, number of next-hops: 1
via Po1, [115/40], 483 day/s 01:48:40, isis_fabricpath-default


Thanks

 

0 Helpful

David Castro F.
Spotlight
Spotlight
In response to jay_7301

‎03-01-2020 07:02 AM

Hello Jay,

 

Yes, according to the output you provided thats what is happening, the traffic is no being load balanced through any of interfaces, and it is using the vPC peer-link, which is not optimal at all as per your thoughts. I dont really cant say that what you provided shows a misconfiguration. In order to see what may be going on we will need the network diagram and the configs involved, to see the design and propose a fix to this.

 

I would definitely recommend you to check all the configs, what involves FP and what involves CE? then check the below link to see if the best practices are being followed to avoid this issue:

 

https://itnetworkingpros.files.wordpress.com/2014/04/fabric_path_best_practice.pdf

 

Keep us posted, please rate all helpful posts, 

 

David Castro,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents