Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
90
Views
0
Helpful
0
Replies

vPC in VxLAN leaf nodes - error "nve type-1 check failed" -

GIANRICO FICHERA
Level 1
Level 1

‎06-12-2024 07:09 AM - edited ‎06-18-2024 03:47 AM

 

  Hello, I changed my network topology so I had to change configuration of two working leaf nodes by adding the vPC feature. During the configuration I had some problems which I report below. I hope someone wants to comment on them.

1) If you don't use a secondary IP address in the loopback interface (that one used as source-interface of the nve interface) two nodes you can have this type of inconsistency:


C3132Q-V# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
vPC domain id                     : 2
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : failed
Per-vlan consistency status       : success
Configuration inconsistency reason: nve type-1 check failed
Type-2 inconsistency reason       : Consistency Check Not Performed
vPC role                          : primary
Number of vPCs configured         : 0
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)

   If there is a misconfiguration in the loopback interfaces it is important to note that these will enter in the state of "administrative down" state without giving the possibility of recovery (useless to try with "no shut"). Only when I configured a secondary IP address that was the same in the loopback interfaces of both nodes (as indicated by the Cisco guidelines) the loopback went up.

   It's probably a mistake to use the same loopback interface for both nve and routing because when I started to enable the vPC in the first node the loopback interface went down and also the NVE interface but also the OSPF and BGP effectively isolating the node.

    I recover the system configuring a secondary IP in the loopback interfaces that resolve the inconsistency at the end of the vPC configuration.  So the nve interface is a trigger for a vPC inconsistency that could lock the loopback in an "administrative down" state.

     Depending on the platform and the software release, it may be problematic to restore the initial conditions when the configuration has been corrected. There is something related in the bug CSCuw55005 "Loopback interface stuck in admin down".
This could happen with platform Cisco Nexus 3132Q-V NXOS 7.0(3)I4(1)

  In the nexus 9000 series I can confirm that the loopback interface automatically goes up when configured correctly. I tried with release NX-OS 9.3(1)

Here is other inconsistency that you can see when configure vPC and VXLAN:

Nexus9000_itesys1# show vpc

Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 2
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : failed
Per-vlan consistency status       : success
Configuration inconsistency reason: NVE is only configured on remote vpc
Type-2 consistency status         : success
vPC role                          : secondary
Number of vPCs configured         : 0
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled, timer is off.(timeout = 240s)
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Delay-restore Orphan-port status  : Timer is off.(timeout = 0s)
Operational Layer3 Peer-router    : Disabled
Virtual-peerlink mode             : Disabled

In the case above I don't have an "interface nve" in the remote node (here the loopback is forced down by the system)

 

Nexus9000_itesys1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 2
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : failed
Per-vlan consistency status : success
Configuration inconsistency reason: Secondary IP address does not match
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Delay-restore Orphan-port status : Timer is off.(timeout = 0s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po2 up 1,253
Nexus2_BDS02# sh run int nve1

In the case above I don't have the secondary IP address configured in the loopback interface used as source from the nve interface. It must be the same in the loopback interfaces of both vpc nodes (here the loopback is forced down by the system)


thank you

 

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents