cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1118
Views
0
Helpful
6
Replies

Routing issues Nexus 3K VPC without FHRP and SVI secondary ip

jth
Level 1
Level 1

We have a configuration with 2 N3k as a VPC pair. Many servers have a small /30 subnet, so we cannot build any fhrp between the 2 VPC peers and the SVI must manually move from one N3k to the other. The second problem is, that all subnets are on the same vlan so the gateways are all at the same svi as secondary ips.

 

N3K-1 --- VPC ----  N3K-2

      SVI10                  SVI10 (shutdown)

       |                            |

       |                            |

  L2 port-channel      L2 port-channel

      |                             |

      |_____3750______|

 

N3k-1

vpc domain 1
  peer-switch
  role priority 1000
  system-priority 4000
  peer-keepalive destination 10.0.0.2 source 10.0.0.1 interval 1000 timeout 3
  delay restore 10
  auto-recovery
  ip arp synchronize

int vl10

no ip redirects

ip address 10.10.10.1/30

ip address 10.10.10.17/30 secondary

ip address 10.10.11.1/30 secondary

ip address 10.10.12.1/30 secondary

 

N3k-2

vpc domain 1
  peer-switch
  system-priority 4000
  peer-keepalive destination 10.0.0.1 source 10.0.0.2 interval 1000 timeout 3
  delay restore 10
  auto-recovery
  ip arp synchronize

int vl10

shutdown

 

If the portchannel from 3750 to both N3K is online, one server (IP 10.10.10.2) cannot sent any traffic to another server on another subnet (10.10.11.2). If we put the link from 3750 to N3k-1 shutdown, the issue is the same. The traffic only flows from one server on subnet 10.10.10.0/30 to another server on subnet 10.10.11.0/30 if only the link between 3750 and N3K-1 is active and the SVI is up on N3K-1, all other combinations there`s no traffic between servers on different subnets.

 

 Thanks,

Jens

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

Suggest to Create a Port-channel between 3K and 3750, and create a HSRP configuration for VLAN 10.

 

If you are not considering vPC and HSRP, why please explain the reason.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

You`re funny...

How should i build HSRP with /30 Subnets???

Looks like you have limitation on that IP, is that a Private range cant you extend subnet mask ?

 

why only /30 ? what is the reason, ( with out you explain your requirement we can only suggest here).

 

another question, Did VLAN 10 allowed in peer link ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I`ve mask the external IPs with private IPs...

We aktually migrate the subnets from another single router without any redundancy.

These are old Subnets by single customer servers in a Server-Housing environment.

 

Jens

Yes vlan 10 is allowed in peer link

 

rsw1a# sh vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : failed
Type-2 inconsistency reason       : SVI type-2 configuration incompatible
vPC role                          : primary
Number of vPCs configured         : 8
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled, timer is off.(timeout = 240s)
Delay-restore status              : Timer is off.(timeout = 10s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router    : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id    Port   Status Active vlans
--    ----   ------ -------------------------------------------------
1     Po1    up     1-4,10,99-201,301-302,500-506,508-510,999-1002,10
                    06-1007,1999,2999

 

The only solution I found is to put the secondary subnets to own SVIs on different vlans...

But why I cannot send any packet between two servers in different subnets if the portchannel to both N3K is up and the SVI with secondary IPs is only active on N3K-1... What`s the problem????

Review Cisco Networking for a $25 gift card