Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
2
Replies

Nexus9K cluster doesn´t balance outgoing traffic on shared portchannel

Go to solution
rogelioalvez
Level 1
Level 1

‎08-26-2021 06:16 AM

Hello team:

My Nexus9300 cluster is composed of NX1 and NX2. NX1 and NX2 are linked with a vPC link between them. 

A shared portchannel between NX1 and NX2 links my cluster to a downstream "dual homed" router (one 10GE link in each NX device)

For a specific purpose, I configured a layer3 "vlan interface" in NX1 only. The associated layer 2 vlan was added to the shared portchannel that links NX1 and NX2 to the aforementioned downstream router device.

OSPF is working well between NX1´s vlan interface and the downstream router´s layer3 portchannel subinterface. 

But I noticed that when traffic exits out of NX1´s vlan interface toward the downstream router, the cluster does not "balance" the outgoing traffic between the two links of the portchannel of these Nexus devices. All the traffic to the downstream router exits through NX1´s link to the router. The other available portchannel link located in NX2 is not used.

 

Someone told me that perhaps this is not anything related to Nexus portchannel load balancing algorithms, but more to the fact that the vPC logic would prioritize the shortest physical path between NX1 and the directly connected downstream router. I would have expected the cluster to split the outgoing traffic among the two available downstream links, provided that the vlan belongs to the portchannel.

 

¿ Would someone please comment on this behavior?

Any hints will be greatly appreciated

 

Thanks!!!

 

Rogelio Alvez

Argentina

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rogelioalvez
Level 1
Level 1
In response to Giuseppe Larosa

‎08-26-2021 07:40 AM

Hello Giuseppe!!!

I suspected it once I saw it working that way, and your answer confirms me that this is an expected behavior as I imagined.

 

I would have like to start a parallel layer3 interface in NX2 to circumvent the problem, but the reason why I was not able is basically a budget restriction. The environment is a little bit more complicated with many VRFs passing across the cluster. In order to have layer3 functionality, Nexus needs a license that in this case was not allowed. I was only allowed to buy for one of the two devices :o(

 

Thanks!

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-26-2021 07:27 AM

Hello @rogelioalvez ,

the behaviour is correct because at OSI Layer3 only NX1 has the SVI configured.

To split the traffic over the shared L2 port-channel with vpc enabled the traffic sent via NX2 member link should first be sent over the primary vPC link between the Nexus and one of the design principles in the forwarding algorithms is to minimize traffic between the two Nexus.

In other words you could see the NX1 SVI as a single homed host connected to NX1 only, so using a sort of "proximity principle" all the traffic is sent on the member link between NX1 and the router.

If you want to use both lnks in an effective way you should configure an SVI also on NX2 and to enable OSPF for it.

 

Hope to help

Giuseppe

 

0 Helpful

Go to solution
rogelioalvez
Level 1
Level 1
In response to Giuseppe Larosa

‎08-26-2021 07:40 AM

Hello Giuseppe!!!

I suspected it once I saw it working that way, and your answer confirms me that this is an expected behavior as I imagined.

 

I would have like to start a parallel layer3 interface in NX2 to circumvent the problem, but the reason why I was not able is basically a budget restriction. The environment is a little bit more complicated with many VRFs passing across the cluster. In order to have layer3 functionality, Nexus needs a license that in this case was not allowed. I was only allowed to buy for one of the two devices :o(

 

Thanks!

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card