Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1539
Views
0
Helpful
3
Replies

Nexus 9300 nx-os - VPC Keep Alive Options

TONY SMITH
Spotlight
Spotlight

‎06-26-2020 02:38 AM

Hi,

This is a pair of N9Ks, and at the moment we have three different links between the two switches, VPC Keep Alive is a dedicated L3 link between two of the normal network ports.  In addition there's a VPC Peer Link as a port channel with two members, and a Layer 3 link for routing purposes, currently a single link but planned to be made into a port channel with at least two members.

We would like to have an installation where no single port, cable or transceiver failure will have an adverse impact, so would like to something about the keep alive.

Is there any reason why would shouldn't use the "routing" L3 link for VPC Keep Alive as well as routing?  It seems a shame to blow two 10gig ports for something that's pretty low bandwidth.

Thanks, Tony S

Labels:
0 Helpful
3 Replies 3

Alex.M
Cisco Employee
Cisco Employee

‎06-26-2020 09:37 AM

Hi Tony,

 

Using the layer 3 link is perfectly fine; however, there are a few things to keep in mind:

1. PKA best practices still apply.  You will need to utilize sub-interfaces so that a different VRF can be used to isolate the PKA traffic

2. QoS should be implemented giving priority to PKA traffic.  PKA traffic is marked with a DSCP value of 56.

 

Here is a reference to what Cisco thinks is good, better, and best practices when it comes to PKA mediums utilized:

Screen Shot 2020-06-26 at 9.34.45 AM.png

 

Hth,

Alex

0 Helpful

TONY SMITH
Spotlight
Spotlight
In response to Alex.M

‎07-03-2020 07:52 AM

Thanks.  Out of interest why is a separate VRF mandatory, is it purely to ensure that the specified destination address can only be reached over the designated path?   FYI we're not using the management ports as the whole management network is under review, and I'm not particularly happy about the idea of an external switch in the path creating another single point of failure.  Where I've used the management ports for PKA in the past it's been a direct cable, meaning they can't actually be used for management.  That's why I was looking to see if we could take advantage of an existing resilient link.  The alternative is a dedicated port channel with two direct attach cables, which seems a bit of a waste of two 10gig ports.

0 Helpful

Alex.M
Cisco Employee
Cisco Employee
In response to TONY SMITH

‎07-03-2020 09:14 AM - edited ‎07-03-2020 11:33 AM

Hi Tony,

 

A separate VRF is not mandatory, just a Cisco best practice.  The reason behind having a separate VRF for peer keepalive traffic is for the predictability.  There is more certainty of the path traffic (peer keepalive traffic) will take when only one interface is joined to the VRF.

The mandatory portion when designing the peer keepalive link is that it must not be fate sharing with the peer-link.  In other words, if the peer-link goes down, would the peer keepalive go down as well?  If the answer is no, then that is an option you have.  Again utilizing or not utilizing a separate VRF for peer keepalive traffic isn't a question of if you can or can't but what is best for predictability.

 

Hth,

Alex

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card