06-26-2024 11:01 AM
I have come across a vpc domain that has created some doubts in me. Is the use of the peer switch and peer gateway commands compatible in the same domain?
And I would like to know if there is any debug that can help me see the vpc message exchange in real time without capturing traffic.
07-03-2024 04:32 PM
I have come across a vpc domain that has created some doubts in me. Is the use of the peer switch and peer gateway commands compatible in the same domain? Yes you can use both peer-switch and peer-gateway under same domain
And I would like to know if there is any debug that can help me see the vpc message exchange in real time without capturing traffic. you can use ethanalyzer instead of capture
MHM
07-04-2024 03:43 AM
Yes, peer-switch and peer-gateway can be used together:
The vPC Peer-Switch feature allows a pair of vPC peer devices to appear as a single Spanning Tree
Protocol root in the Layer 2 topology (they have the same bridge ID). vPC peer-switch must be configured on both
vPC peer devices to become operational.
vPC PeerGateway allows a vPC peer device to act as the active gateway for packets addressed to the other peer
device router MAC. It keeps the forwarding of traffic local to the vPC peer device and avoids use of the peer-link
(by not bridging the traffic to the other vPC peer device). There is no impact on traffic and existing functionality
when activating the Peer-Gateway capability.
What kind of CFS (VPC) messages you want to capture?
07-04-2024 09:37 AM
The problem is that it has happened to me twice that when trying to change the operating mode from secondary to primary the communications have been cut off, on one occasion I shut down the peer-link and another time using the vpc-role preempt command, which is why it repeats itself. To test, I would like to have some debug that allows me to see the information in real time. I don't understand why it happened because there is a cut while switching, but it doesn't work. The second time, since we were already warned, we did a shut/no shut through the console of the peer-link port-channel and the communications were recovered and the role was changed. But I don't know what could have happened so that using vpc-role preempt would cut off the network
07-04-2024 10:00 AM
it Lab or production network ?
MHM
07-04-2024 11:18 AM
production network
07-05-2024 02:53 AM
I shut down the peer-link <<- this lead to make secondary NSK shut all it SVI and suspend the vpc port member, and hence the connectivity loss, this normal no issue
why you need change role?
07-05-2024 10:51 AM
07-05-2024 11:11 AM
I will run lab change the oper mode and share result here
MHM
07-04-2024 11:40 PM - edited 07-04-2024 11:40 PM
Is this VPC pair functioning as an STP root? Is the peer-switch configuration set up?
Additionally, tech-support details can be collected immediately after the issue occurs from both switches. This will most likely provide logs from the time of the issue and offer clues about what is happening.
07-05-2024 12:51 AM
It's not set to root, but I don't see any documentation that says it needs to be root.
The peer-switch is configured.
07-05-2024 06:09 AM
The vPC peer switch feature was added to Cisco NX-OS to address performance concerns around STP convergence. This feature allows a pair of Cisco Nexus 9000 Series devices to appear as a single STP root in the Layer 2 topology.
It's better to understand traffic flow (which ports involved, etc) and check what happening with them during the issue. Does they change STP state, may be change state based on timers, but not proposal-agreement and restoration of connectivity takes time and so on.
History of states of the port can be seen by:
sh spanning-tree internal event-history tree <vlan> interface <interface>
07-05-2024 10:57 AM
We recommend that you configure Rapid per VLAN Spanning Tree plus (PVST+) so that the primary device is the root for all VLANs and configure Multiple Spanning Tree (MST) so that the primary device is the root for all instances. It doesn't say that it has to have the same priority in all vlans, to look like a single root bridge.
07-09-2024 07:46 AM
Pavel is correct.
Note: The vPC Peer Switch enhancement is only supported on a vPC domain which contains the root for all VLANs.
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217274-understand-virtual-port-channel-vpc-en.html#toc-hId-770794586
07-11-2024 05:12 AM
So if I have the vpc peer swtich configured with the same priority on both nexus, but they are not root, what would be the problem?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide