Nexus 7000 VPC and secondary addresses

rgarlin00 · ‎01-09-2012

We have a configuration with 2 N7ks are a VPC pair and we are trying to migrate a SVI VLAN from a Cat 6500 to the N7ks. The SVI on the Cat 6500 has two secondary addresses and both times I shut down SVI on the 6500 and enable the SVI on the N7ks there were problems with hosts communicating with other hosts on the same vlan but different layer 3 subnets. Some revelant configurations below:

vlan 100

ip address 122.64.1.4/24

ip address 122.64.2.8/23 secondary

ip address 122.64.14.4/23 secondary

vrrp 2

priority 150

address 122.64.1.1

address 122.64.2.1 secondary

address 122.64.14.1 secondary

The basic physical topology is.

N7K-01 --- VPC ---- N7K-02

vrrp pri vrrp sec

| |

L2 port-channel L2 port-channel

| |

|_____6500_______|

Currently all the layer 2 connectivity is either on the 6500 or a swicth connected to the 6500. My thought was if host 122.64.1.20 try to communicate 122.64.2.20, the packet went over N7K-02 physical link, then N7K-02 needed to send it to the default gateway, N7K-01 (vrrp prinary). From that point N7K-01 would drop the packet, because it would not be able to send the packet back to the 6500 over the port channel. I know the vpc peer gateway command should allow N7K-02 to respond, which we have configured, but does that command function the same with secondary addresses.

Bob

Daniel Laden · ‎01-11-2012

Bob,

If you create a new vlan with a similiar setup (new IP subnets), does it work. It may be that hosts still have the arp entry for the GW ip with the MAC of the 6500 SVI. Flush the ARP addresses on the hosts when you migrate the SVI.

Hope this helps,

Dan Laden