Solved: Re: VPC Routing vs VSS

terje · ‎04-11-2025

So we built a new Windows 2025 Hyper-V failover cluster and replaced VSS with a pair of Nexus 91380 switches.

Soon we realized that vPC was a whole different beast

Is it at all possible to terminate L2 VPC's from hosts in multiple vrf svi's (vlan interfaces) configured identical on the nexus peers and route (static or dynamic) to the wan router (e.g asr920) ?

Thanks !

Pavel Tarakanov · ‎04-11-2025

In short - yes

If I understand correctly, you need to migrate from VSS to pair of Nexus switches in VPC domain.

In such case, links toward servers indeed will be virtual port-channels (from configuration point of view - same port-channels with "vpc XXX" line).

Then you need to configure SVI for VLANs in question. As VPC pair, instead of VSS, have separated control planes, you need to have unique IP address per switch. Then configure HSRP or VRRP with virtual IP to be shared between two peers - this VIP will be default gateway for servers/VMs. To make it work smoothly, configure peer-gateway enhancement under vpc domain.

Beside that, put SVI in corresponding VRFs (vrf member XXX).

Regarding routing toward ASR - it's up to you, to build virtual port-channel between ASR and Nexuses and build neighborship/routing on SVIs, or configure physical ports/subinterfaces as L3 and make routing on physical interfaces.

Below you can find the links which can be useful:

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/unicast/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Unicast_Routing_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Unicast_Routing_Configuration_Guide_7x_chapt...

View solution in original post

Pavel Tarakanov · ‎04-11-2025

In short - yes

If I understand correctly, you need to migrate from VSS to pair of Nexus switches in VPC domain.

In such case, links toward servers indeed will be virtual port-channels (from configuration point of view - same port-channels with "vpc XXX" line).

Then you need to configure SVI for VLANs in question. As VPC pair, instead of VSS, have separated control planes, you need to have unique IP address per switch. Then configure HSRP or VRRP with virtual IP to be shared between two peers - this VIP will be default gateway for servers/VMs. To make it work smoothly, configure peer-gateway enhancement under vpc domain.

Beside that, put SVI in corresponding VRFs (vrf member XXX).

Regarding routing toward ASR - it's up to you, to build virtual port-channel between ASR and Nexuses and build neighborship/routing on SVIs, or configure physical ports/subinterfaces as L3 and make routing on physical interfaces.

Below you can find the links which can be useful:

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/unicast/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Unicast_Routing_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Unicast_Routing_Configuration_Guide_7x_chapt...

terje · ‎04-14-2025

Your insights have provided clarity - thank you for sharing your expertise !!

Do hsrp/vsrp provide load balancing ? If I understand it correctly we have to allocate 3 IP's for each customer/vrf ?

Thanks,

-Terje

Pavel Tarakanov · ‎04-14-2025

>Do hsrp/vsrp provide load balancing ?

From control plane perspective VPC is still active-standby, in data-plane both peers can forward traffic with peer-gateway enhancement. Also HSRP/VRRP priority can be configured differently for different VLANs - it's how balancing was done in classical (non-VPC) networks.

>If I understand it correctly we have to allocate 3 IP's for each customer/vrf ?

Yes, 2 configured under SVI on Nexus switches and one shared for HSRP/VRRP.