04-15-2019 01:39 AM
I have an issue where I am seeing packet drops and was wondering if anyone can explain to me, what might be happening
I have included a topology
I have two devices, I am doing an NSLOOKUP from one to the other
The traffic path is VLAN A (test device) >> VLAN B (DNS listener)
HSRP master for each VLAN (A and B) is Nexus 1
I see packets leaving test device and never arriving on the other appliance, a packet sent 5 seconds later arrives.
If I go to Nexus 2 and shutdown interface 1/4 = no change
If I then shutdown 1/3 and 1/4 on Nexus 2, the problem goes away
If I restored interface 1/3 or 1/4 the issue comes back
I have my suspicions that traffic is traversing the VPC 103 and the VPC peer link, possibly being dropped by the loop avoidance mechanism
When I switch off the VPC 103 members on Nexus 2, traffic has to traverse 1/3 and 1/4 on Nexus 1 (when going to Fabric B), thus avoiding the peer link.
Is there any way I can prove this, as I’m not able to find a loop avoidance counter of any kind? Or is there something else in the mix? Any help much appreciated
04-15-2019 03:28 AM
Hi Simon,
Can you check the VPC consistency:
show vpc consistency-parameters global
show vpc consistency-parameters vpc 102
show vpc consistency-parameters vpc 103
Are you using the Peer-gateway feature?: (will help to understand the expected path)
show run vpc all | grep peer-gateway
Remi Astruc
04-15-2019 04:03 AM - edited 04-15-2019 04:15 AM
Hi Remi
Thanks for the response,
should I be seeing x2 members? Port 1/4 as well?
I am seeing both 1/3 and 1/4 under the vpc statistics, so Ill assume that this isn't a problem
Are you using the Peer-gateway feature?
No I don't appear to be
show run vpc all | grep peer-gateway
no peer-gateway
04-15-2019 05:09 AM - edited 04-15-2019 05:10 AM
Hello,
Is Vlan 1000 involved in your test traffic "Vlan A" - "Vlan B"? Because it is faulty from VPC perspective. Maybe included in a VPC Po while missing in the VPC Peer-Link, or something similar. If it maps your "VSAN 1000", it should not be present in any VPC, so you need to clear things.
If that has no relation with Vlan A/B, you should do further testing to isolate the point of issue:
Does it work when shuting Nexus1 ports 1, 2, 3, 4? (and ensure HSRPs are still Master on Nexus1)
Does it work when shuting Nexus1 ports 3, 4 and Nexus2 1, 2?
Does it work when moving HSRPs to Nexus2?
More generally, does the problem occur only for your 2 machines test, or on many other traffic?
Remi Astruc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide