Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2092
Views
15
Helpful
2
Replies

Nexus 9300 vPC Peer-Keepalive - Why mgmt0 instead of port-to-port in a VRF?

Go to solution
KELLEYD
Level 1
Level 1

‎03-22-2021 06:38 AM - edited ‎03-22-2021 08:32 AM

I have a 93180YC-FX2 vPC pair that is soon to go into production.  I configured the vPC peer-keepalive via the management VRF, as per best practices on this single-module device.  I was then asked to move OOB to what is essentially a one-off, "kinda supported" network.  I pointed to the vPC peer-keepalive as my justification for keeping OOB on a supported production management network.  I was told that the only reason this is the recommendation is to save front panel ports, but in this case we have a lot more than we actually need.

 

Is this true?  Are there other reasons for this general recommendation?

 

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎03-22-2021 07:47 AM

Hi @KELLEYD 

First, I think you have a typo in the pst, when you say " I configured the vPC peer-link via the management VRF,", which I believe you mean the peer keepalive, right?

Second, the general recommendation is to use the mgmt0 interface for PKA because: 

  • this interface is not subjective to CoPP action, meaning regardless if there is a loop, broadcast storm or anything else hitting hard the CPU from the front ports, the PKA messages will reach the CPU, making the vPC peer visible and "present" in the network
  • ASIC failures will not affect the PKA, which could potentially lead to split-brain scenario (when both vpc peers become operational primary)
  • after a reload, the mgmt0 interface comes up faster then the front port

With this in mind, is better to have the PKA over the mgmt0 (regardless if you connect the management interface to a OOB mgmt switch, or directly between the vPC peer switches).

 

Hope it helps,

Sergiu

View solution in original post

2 Replies 2

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎03-22-2021 07:47 AM

Hi @KELLEYD 

First, I think you have a typo in the pst, when you say " I configured the vPC peer-link via the management VRF,", which I believe you mean the peer keepalive, right?

Second, the general recommendation is to use the mgmt0 interface for PKA because: 

  • this interface is not subjective to CoPP action, meaning regardless if there is a loop, broadcast storm or anything else hitting hard the CPU from the front ports, the PKA messages will reach the CPU, making the vPC peer visible and "present" in the network
  • ASIC failures will not affect the PKA, which could potentially lead to split-brain scenario (when both vpc peers become operational primary)
  • after a reload, the mgmt0 interface comes up faster then the front port

With this in mind, is better to have the PKA over the mgmt0 (regardless if you connect the management interface to a OOB mgmt switch, or directly between the vPC peer switches).

 

Hope it helps,

Sergiu

Go to solution
KELLEYD
Level 1
Level 1

‎03-22-2021 08:32 AM

Thank you!  I really appreciate the insight.  All of the above make perfect sense, actually.

 

And yes, I meant peer-keepalive.  I will correct this.

0 Helpful
Customers Also Viewed These Support Documents