Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1142
Views
4
Helpful
5
Replies

vPC - Peer-switch feature use case

Go to solution
Jay47110
Level 1
Level 1

‎07-10-2025 02:54 PM

Hi,

I've got a question around the use "peer-switch" feature in vPC.

I understand that "peer-switch" feature allows the vPC switches within a vPC domain to appear as a single switch to the remote devices for STP by using the vPC logical system-MAC as the Bridge ID in the BPDU. Both vPC switches are then configured with the exact same STP priority, and both switches send out BPDUs with the same bridge ID therefore appearing as a single unit. Sounds good, as it avoid unnecessary STP reconvergences in the network in case 1 of the vPC switches is ever unavailable.

For this above reason, It seems like a no-brainer to enable this feature across any vPC peered switches.

In our network we have several back-to-back or double-sides vPCs, where we have 2 vPC switch pairs connected to each other either directly or via ACI (which acts as hub for STP). And both switch pairs are configured with "vPC peer-switch" command. And we also have STP root for VLANs split between the 2 domains, i.e. some VLANs are active on 1 pair and some active on the other pair.

However, recently over an interaction with Cisco TAC, we were referred to a Cisco Nexus 9000 configuration document Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 9.3(x) - Configuring vPCs [Cisco Nexus 9000 Series Switches] - Cisco
that has the following statement:

"Peer-switch can only be configured if both VPC peers share the same priority, and are root for all VLANs or MST instances. Peer-switch cannot be configured if at least one VLAN or MST instance is not root."

Based on this statement, "peer-switch" command can only be configured in a vPC domain if both switches are STP root for all VLANs. I don't quite understand this logic. By this logic, we need to make the same vPC peers root for all VLANs and remove "peer-switch" feature from the other vPC peers that is connected using back to back vPC.

Anyone able to help me understand the logic of this? How is it an issue if one pair of vPC switches appears as a single switch to another pair of vPC switches and the VLANs STP root is split between the 2? There are other cisco docs that show double sides vPCs but show "peer-switch" feature configured on both vPC domain switches. e.g. Understand and Configure Nexus 9000 vPC with Best Practices - Cisco

 

Kind regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Christopher Hart
Cisco Employee
Cisco Employee

‎07-10-2025 06:08 PM

Hi Jay!

This is a good question and deserves some clarification.

"How is it an issue if one pair of vPC switches appears as a single switch to another pair of vPC switches and the VLANs STP root is split between the 2?"

In a stable network that never encounters a failure scenario, it is unlikely you will encounter an issue with this setup. However, because it is an unsupported configuration (since it's going against a documented limitation), there are some scenarios - especially failure scenarios - that can cause problems with this setup. Put in simpler terms, it works right up until it doesn't.

One example of such a scenario is documented through CSCwa83042. In this scenario, the root bridge for a VLAN changed from one bridge to another due to a failure elsewhere in the network. A downstream pair of Nexus 9000 switches in a vPC domain had the vPC Peer Switch enhancement enabled, but they were not the root bridge for the VLAN in question. When the root bridge changed for the VLAN, the northbound vPC interface carrying this VLAN that was facing the new root bridge went into a BLK -> LRN -> BLK loop repeatedly for an extended amount of time, thus causing an outage for hosts connected to the vPC domain.

Note that although CSCwa83042 appears to be a software defect, it has no fixed release. The status of this defect is "Terminated", indicating that no fix is planned for this defect. This is because the root cause of this issue is expected behavior stemming from a documented limitation.

"There are other cisco docs that show double sides vPCs but show "peer-switch" feature configured on both vPC domain switches. e.g. Understand and Configure Nexus 9000 vPC with Best Practices - Cisco"

I will work with the original authors of the cited document to correct this error and prevent further misconceptions about where the vPC Peer Switch enhancement should and should not be used.

I hope this helps - thank you!

-Christopher

View solution in original post

5 Replies 5

Go to solution
Christopher Hart
Cisco Employee
Cisco Employee

‎07-10-2025 06:08 PM

Hi Jay!

This is a good question and deserves some clarification.

"How is it an issue if one pair of vPC switches appears as a single switch to another pair of vPC switches and the VLANs STP root is split between the 2?"

In a stable network that never encounters a failure scenario, it is unlikely you will encounter an issue with this setup. However, because it is an unsupported configuration (since it's going against a documented limitation), there are some scenarios - especially failure scenarios - that can cause problems with this setup. Put in simpler terms, it works right up until it doesn't.

One example of such a scenario is documented through CSCwa83042. In this scenario, the root bridge for a VLAN changed from one bridge to another due to a failure elsewhere in the network. A downstream pair of Nexus 9000 switches in a vPC domain had the vPC Peer Switch enhancement enabled, but they were not the root bridge for the VLAN in question. When the root bridge changed for the VLAN, the northbound vPC interface carrying this VLAN that was facing the new root bridge went into a BLK -> LRN -> BLK loop repeatedly for an extended amount of time, thus causing an outage for hosts connected to the vPC domain.

Note that although CSCwa83042 appears to be a software defect, it has no fixed release. The status of this defect is "Terminated", indicating that no fix is planned for this defect. This is because the root cause of this issue is expected behavior stemming from a documented limitation.

"There are other cisco docs that show double sides vPCs but show "peer-switch" feature configured on both vPC domain switches. e.g. Understand and Configure Nexus 9000 vPC with Best Practices - Cisco"

I will work with the original authors of the cited document to correct this error and prevent further misconceptions about where the vPC Peer Switch enhancement should and should not be used.

I hope this helps - thank you!

-Christopher

Go to solution
Jay47110
Level 1
Level 1
In response to Christopher Hart

‎07-11-2025 03:17 AM

Thanks for the response, Christopher.
Do we know if this has been a known limitation of "peer-switch" feature since the inception, or has this been a later addition to the books? Hence, why some cisco docs don't follow it.

0 Helpful

Go to solution
Christopher Hart
Cisco Employee
Cisco Employee
In response to Jay47110

‎07-11-2025 06:31 AM

Hi Jay!

I can't authoritatively say this has been a documented limitation since the inception of the feature, but I can say that it has been documented in some form or fashion for at least eight years, potentially longer. I do know that it was documented for the Nexus 7000 platform initially, and that limitation was copied over to the Nexus 9000 documentation. However, the limitation in the Nexus 7000 configuration guide reads as follows:

"When the peer-switch feature is enabled under a vPC domain, ensure that the vPC pair is configured as spanning-tree root for all the vPC VLANs."

This same verbiage was likely copied over to the Nexus 9000 configuration guide. In my opinion, that statement is nebulous and leaves the door open for misinterpretation compared to the new verbiage for this limitation in the Nexus 9000 configuration guide, which has a much stronger statement:

"Peer-switch can only be configured if both VPC peers share the same priority, and are root for all VLANs or MST instances. Peer-switch cannot be configured if at least one VLAN or MST instance is not root."

The weaker verbiage in the Nexus 7000 documentation is likely why you see some Cisco documentation incorrectly deviate from this limitation. Even though the Nexus 7000 is on its way out, I'll open up a documentation defect today to ensure the same strong verbiage in the Nexus 9000 configuration guides is replicated over to the Nexus 7000 documentation. I'll double-check the Nexus 5000 and 6000 documentation as well.

I hope this helps - thank you!

-Christopher

Go to solution
Christopher Hart
Cisco Employee
Cisco Employee
In response to Christopher Hart

‎07-16-2025 07:41 AM

Just a follow-up to this post - I have filed a new documentation defect CSCwq32879 to track the unification of this vPC Peer Switch limitation between different platform's documentation. Note that since this was just filed, it may take some time for the external-facing view of this documentation defect to appear visible to the public.

Thank you!

-Christopher

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎07-11-2025 03:17 AM - edited ‎07-11-2025 03:19 AM

Peer-Switch use only if you connect nexus vPC pairs to other SW using non vpc vlan.

These link is so so helpful 

https://www.cisco.com/c/en/us/support/docs/routers/7000-series-routers/116140-config-nexus-peer-00.html

Notice different between bridge ID (mac of SW) and mac use as source of bpdu' it keep factor here

MHM

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card