Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
940
Views
2
Helpful
5
Replies

Nexus 9000:vPC domain ID

Go to solution
YEH
Level 1
Level 1

‎06-18-2023 03:38 AM

If the vpc domain ID is the same between different pairs of leaf switches in the following configuration, is there any impact?
We are aware that the vpc domain ID affects the LACP system ID, so it should not be a problem unless LACP is configured between different pairs.
We actually configured it and found no abnormality in the vpc status.

vpc domain id.PNG 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
r.heitmann
Level 1
Level 1

‎06-22-2023 11:42 AM

I think, you're absolutely right:

  • Domain-ID is used to calculate the vPC 
    system-mac = 00:23:04:ee:be:<domain-id>​

If you don't want to

  • connect two VPC domains "back-to-back" reusing the same domain-id for both domains
  • connect an non-VPC device (your firewall) spanned over both VPC domains using LACP

you should be fine.

Cisco itself state at Best Practices for Virtual Port Channels (vPC) that you can re-use the same Domain-ID even in back-to-back scenarios if you manually modify the system-mac to make it unique:

"If user absolutely wants to use the same domain-id on both vPC domains, then knob system-mac (under vPC
domain configuration context) must be used to force different vPC system-mac values."

...

"However, vPC system-mac is used only with vPC attached access devices while vPC local system-mac is used
with single attached devices (orphan port or active/standby with or without STP) Figure 10 illustrates how vPC
system-mac and vPC local system-mac are used. 

 

 

 

View solution in original post

Go to solution
ericnich
Cisco Employee
Cisco Employee

‎09-28-2023 10:16 AM

It's strongly recommended to keep vPC domain IDs unique across a broadcast domain (continuous layer 2 network). LACP is one reason, but it's not the only one. For example, two vPC pairs with peer-switch enabled* and the same vPC domain will have the same MAC address for STP purposes. This causes unexpected blocking or loops in some cases.

* It's unsupported to configure a non-root vPC pair with peer-switch, but some deployments have this regardless.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
r.heitmann
Level 1
Level 1

‎06-22-2023 11:42 AM

I think, you're absolutely right:

  • Domain-ID is used to calculate the vPC 
    system-mac = 00:23:04:ee:be:<domain-id>​

If you don't want to

  • connect two VPC domains "back-to-back" reusing the same domain-id for both domains
  • connect an non-VPC device (your firewall) spanned over both VPC domains using LACP

you should be fine.

Cisco itself state at Best Practices for Virtual Port Channels (vPC) that you can re-use the same Domain-ID even in back-to-back scenarios if you manually modify the system-mac to make it unique:

"If user absolutely wants to use the same domain-id on both vPC domains, then knob system-mac (under vPC
domain configuration context) must be used to force different vPC system-mac values."

...

"However, vPC system-mac is used only with vPC attached access devices while vPC local system-mac is used
with single attached devices (orphan port or active/standby with or without STP) Figure 10 illustrates how vPC
system-mac and vPC local system-mac are used. 

 

 

 

Go to solution
YEH
Level 1
Level 1
In response to r.heitmann

‎06-23-2023 05:55 AM

Thank you for your response.
I now understand that in the case of double-sided vPC where LACP is used between vPC domains, both domains need to be recognized as separate devices, so the vPC system-MAC needs to be different (different vPC domain id).
I am relieved to know that in the above configuration, there is no problem to build with the same vPC domain Id.

0 Helpful

Go to solution
Darian O'Dirling - TCE
Cisco Employee
Cisco Employee

‎06-29-2023 08:14 AM

Hi @YEH ,

@r.heitmann gave an excellet answer. I would like to share this video made by one of my peers that discusses Layer 3 routing over vPC and the vPC enhancements needed to successfully create a routing adjacency over a vPC enabled vlan.

https://www.youtube.com/watch?v=q_xAZJpqRiM

 

Routing/Layer3 over vPC
Routing/Layer3 over vPC
youtube.com/watch?v=q_xAZJpqRiM
This video is going to discuss Layer 3 routing over vPC and the vPC enhancements needed to successfully create a routing adjacency over a vPC enabled vlan. Tags: vpc,layer3,routing
0 Helpful

Go to solution
YEH
Level 1
Level 1
In response to Darian O'Dirling - TCE

‎06-30-2023 11:48 PM

Hi @Darian O'Dirling - TCE 

Thanks for sharing the great video. I will watch and study this.

Go to solution
ericnich
Cisco Employee
Cisco Employee

‎09-28-2023 10:16 AM

It's strongly recommended to keep vPC domain IDs unique across a broadcast domain (continuous layer 2 network). LACP is one reason, but it's not the only one. For example, two vPC pairs with peer-switch enabled* and the same vPC domain will have the same MAC address for STP purposes. This causes unexpected blocking or loops in some cases.

* It's unsupported to configure a non-root vPC pair with peer-switch, but some deployments have this regardless.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card