Re: Some doubts with vpc

blaton · ‎06-26-2024

I have come across a vpc domain that has created some doubts in me. Is the use of the peer switch and peer gateway commands compatible in the same domain?
And I would like to know if there is any debug that can help me see the vpc message exchange in real time without capturing traffic.

MHM Cisco World · ‎07-03-2024

I have come across a vpc domain that has created some doubts in me. Is the use of the peer switch and peer gateway commands compatible in the same domain? Yes you can use both peer-switch and peer-gateway under same domain

And I would like to know if there is any debug that can help me see the vpc message exchange in real time without capturing traffic. you can use ethanalyzer instead of capture
MHM

Pavel Tarakanov · ‎07-04-2024

Yes, peer-switch and peer-gateway can be used together:

The vPC Peer-Switch feature allows a pair of vPC peer devices to appear as a single Spanning Tree
Protocol root in the Layer 2 topology (they have the same bridge ID). vPC peer-switch must be configured on both
vPC peer devices to become operational.

vPC PeerGateway allows a vPC peer device to act as the active gateway for packets addressed to the other peer
device router MAC. It keeps the forwarding of traffic local to the vPC peer device and avoids use of the peer-link
(by not bridging the traffic to the other vPC peer device). There is no impact on traffic and existing functionality
when activating the Peer-Gateway capability.

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

What kind of CFS (VPC) messages you want to capture?

blaton · ‎07-04-2024

The problem is that it has happened to me twice that when trying to change the operating mode from secondary to primary the communications have been cut off, on one occasion I shut down the peer-link and another time using the vpc-role preempt command, which is why it repeats itself. To test, I would like to have some debug that allows me to see the information in real time. I don't understand why it happened because there is a cut while switching, but it doesn't work. The second time, since we were already warned, we did a shut/no shut through the console of the peer-link port-channel and the communications were recovered and the role was changed. But I don't know what could have happened so that using vpc-role preempt would cut off the network

MHM Cisco World · ‎07-04-2024

it Lab or production network ?

MHM

blaton · ‎07-04-2024

production network

MHM Cisco World · ‎07-05-2024

I shut down the peer-link <<- this lead to make secondary NSK shut all it SVI and suspend the vpc port member, and hence the connectivity loss, this normal no issue

Screenshot (152).png

why you need change role?

blaton · ‎07-05-2024

I did it to change the operational mode, maybe anyway, but when I did I discovered that it does not switch correctly.

MHM Cisco World · ‎07-05-2024

I will run lab change the oper mode and share result here

MHM

Pavel Tarakanov · ‎07-04-2024

Is this VPC pair functioning as an STP root? Is the peer-switch configuration set up?

Additionally, tech-support details can be collected immediately after the issue occurs from both switches. This will most likely provide logs from the time of the issue and offer clues about what is happening.

blaton · ‎07-05-2024

It's not set to root, but I don't see any documentation that says it needs to be root.
The peer-switch is configured.

Pavel Tarakanov · ‎07-05-2024

The vPC peer switch feature was added to Cisco NX-OS to address performance concerns around STP convergence. This feature allows a pair of Cisco Nexus 9000 Series devices to appear as a single STP root in the Layer 2 topology.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/interfaces/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Interfaces_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Interfaces_Configuration_Guide_chapter_0111.html

It's better to understand traffic flow (which ports involved, etc) and check what happening with them during the issue. Does they change STP state, may be change state based on timers, but not proposal-agreement and restoration of connectivity takes time and so on.

History of states of the port can be seen by:

sh spanning-tree internal event-history tree <vlan> interface <interface>

blaton · ‎07-05-2024

We recommend that you configure Rapid per VLAN Spanning Tree plus (PVST+) so that the primary device is the root for all VLANs and configure Multiple Spanning Tree (MST) so that the primary device is the root for all instances. It doesn't say that it has to have the same priority in all vlans, to look like a single root bridge.

ericnich · ‎07-09-2024

Pavel is correct.

Note: The vPC Peer Switch enhancement is only supported on a vPC domain which contains the root for all VLANs.

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/217274-understand-virtual-port-channel-vpc-en.html#toc-hId-770794586

blaton · ‎07-11-2024

So if I have the vpc peer swtich configured with the same priority on both nexus, but they are not root, what would be the problem?