Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2435
Views
10
Helpful
5
Replies

vPC domain bypass module-check

Go to solution
Mordziok
Level 1
Level 1

‎01-01-2021 10:31 AM

Hi, I am looking for information about usage scenarios of a vpc domain "bypass module-check" command. Limited info I found, does not really explain much.

I need to replace M2, F1, M1 modules that are part of a VDC, with F3 - basically rebuilding the VDC- and need to gain some more information on the usage of "bypass module-check".
(Only F1 module have all interfaces allocated to VDC mentioned, M2 and M1 have interfaces in two additional VDCs).

BTW Does anyone have experience in this type of LC replacement and can guide me to a plan?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎01-04-2021 05:12 AM

Hi @Mordziok 

Yes, I am positive that "bypass module-check" will allow vpc peering even if you have F3 on one side and M2 on the other side of the Peer link.

 

Cheers,

Sergiu

 

 

View solution in original post

5 Replies 5

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎01-03-2021 11:23 PM

Hi @Mordziok 

As you probably already know, having mixed line card between vPC peers, for vPC enabled interfaces (example interface on a F2 module on one peer and interface from a F3 on the other peer) is not supported. However, the command "bypass module-check" disable the module type consistency checker for vPC. This will basically allow you to have a vPC port-channel with F2 interface on one peer and F3 on the second peer. Ofc, this is only a good practice during a hardware upgrade.

The action plan for the hw upgrade can be straight forward:

0/ Enable the commands "bypass module-check" on both the switches, one at a time.

1/ On the secondary switch (Switch B), shut down the vPC legs, followed by uplink and peer-link. Perform this action in batches and wait until all the traffic is converged. All traffic is now on the primary switch (Switch A). 

2/ Save config

3/ On the secondary switch (Switch B), replace the old line card with the new line card module.

4/ Reconnect the cables and bring the ports up, in the revers order you shut down (peer-link, uplink, vpc legs).

5/ Once the traffic is stabilized and flowing through both switches, perform the same actions for Switch A (vpc primary). Note: make sure the vpc role priority is the same on both switches.

 

The steps are just a summary of what is described in detail here> https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/interfaces/config/cisco_nexus7000_interfaces_config_guide_8x/config-vpcs.html

 

Stay safe,

Sergiu

Go to solution
Mordziok
Level 1
Level 1
In response to Sergiu.Daniluk

‎01-04-2021 04:39 AM

Thanks @Sergiu.Daniluk
In my scenario the only module that is going to be removed is F1, M1 and M2 they are going to remain as they have interfaces allocated to other VDCc (I have 7 in total).

Although I can get away with M2 (keep-alive uses mgmt interface, vpc-peer link interfaces are on this module) and F3 (modules already installed and have some interfaces allocated to other VDC) being in the same VDC (do not want to do as I would like to have VDC with only F3), the approach mentioned in the link is for "like-for-like" replacement (take out old LC from slot 3, insert new one).

In the case of my VDC I have M2, M1, F1, I cannot add F3 and allocate interfaces.
I would have to:
- de-allocate interfaces from M2, M1, F1
- remove M2, M1, F1 from module-type on admin VDC
- add F3 to module-type
- allocate interfaces from F3
- reconfigure them.
And this is where the question about "bypass module-check" appears - in this state I will have vpc-peer link interfaces on SwitchB on F3 module and on SwitchA on M2. Will "bypass module-check" allow vpc-peering to establish?

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎01-04-2021 05:12 AM

Hi @Mordziok 

Yes, I am positive that "bypass module-check" will allow vpc peering even if you have F3 on one side and M2 on the other side of the Peer link.

 

Cheers,

Sergiu

 

 

Go to solution
Mordziok
Level 1
Level 1
In response to Sergiu.Daniluk

‎01-04-2021 05:40 AM

Fantastic!

OK, I think that config modification is mistakes prone, what about below:
- create new 8th VDC that is the copy (configuration vise - all interfaces shutdown) of the problem VDC, based only on F3 module interfaces - on both SwitchA and SwitchB;
- enable the commands "bypass module-check" on 4 VDCs (old and copy), one at a time
- on the secondary switch (Switch B) old VDC, shut down the vPC legs, followed by uplink and peer-link. Perform this action in batches and wait until all the traffic is converged. All traffic is now on the primary switch (Switch A)
- re-patch cabling from old VDC to copy one (from M2, M1, F1 to F3)
- bring the ports up on copy VDC, in the reverse order you shut down (peer-link, uplink, vpc legs)
- once the traffic is stabilized and flowing through both switches, perform the same actions for Switch A (vpc primary)

It would give me a "safe" place to revert to if there are any issues. Would that work?

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Mordziok

‎01-04-2021 06:12 AM

Sounds good. And having the old VDC untouched is definitely a solid and safe fallback mechanism. Yep. Good luck with the migration.

Stay safe,

Sergiu

 

P.S. Although you probably already done that, I just want to remind you that before any big migration or software/hardware upgrade, as a best practice, it is always good to read the release notes for the version you run and the linecard data sheet (F3 in your case), to avoid any potential problems with the forwarding, routing, exotic features (NLB, MACSec etc).

 

 

0 Helpful
Customers Also Viewed These Support Documents