Solved: Query on Nexus vPC failure scenario

govind346 · ‎01-19-2012

I need to understand the difference on below commands-

Peer-config-check-bypass

Reload restore or Auto recovery

Also I have below doubts-

•- I have 2 Nexus boxes(connected using peer links and keep alive link) running on production. If I put ‘auto-recovery’ command in primary box, what will be the overall impact as the same command is not put on second box.
•- To function ‘auto-recobvery’ command is it necessary to have ‘peer-config-check-bypass’ command as well?

I have one more scenario-

•- Lets say I have 2 nexus connected via peer-link and keepalive link and I have configured ‘auto-recovery’ command on both boxes under vPC domain. Peer link goes down first but keepalive link is still active, In this case secondary nexus will put its vPC and interfaces down. After sometime keep-alive link alos goes down. After failing to receive 3 continous keepalive packets, seconday box makes all its vPCs up due to ‘auto recovery’ command. What will happen the moments second box starts receiving keepalive packets and peer link is also up.

rsimoni · ‎01-19-2012

Hi Govind,

Peer-config-check-bypass

Reload restore or Auto recovery

the features even though they seem similar are different.

Peer-config-check-bypass allows to perform 2 things when vPC peer-link is down :

1/ create new vPC on primary

2/ enables a VPC leg on primary to flap (up -> down -> up state) [in other words, if a VPC leg on primary goes down while the peer-link is down, it is impossible to bring it back up until the VPC secondary is up again]

The peer-config-check-bypass works only when there was a role election previously established.

Auto-recovery is the feature which replaces reload restore (adding a new functionality).

The basic funtion is to have the VPCs up if BOTH switches reload (i.e. after a power outage) and only one actually boots up. Without this command the VPCs will stay down undefintely as the switch will wait for the peer before doing the role election and brings the links up.

As I wrote above Peer-config-check-bypass does not cover this scenario as it assumes that the VPC roles are already resolved and a reload will reset this (no previous role the feature can rely on).

The second funtion occurs 'when you disable vPCs on a secondary vPC switch because of a peer-link failure and then the primary vPC switch fails, the secondary switch reenables the vPCs. In this scenario, the vPC waits for three consecutive keepalive failures before recovering the vPC links.'

  I have 2 Nexus boxes(connected using peer links and keep alive link) running on production. If I put ‘auto-recovery’ command in primary box, what will be the overall impact as the same command is not put on second box.

not a wise idea as if after a power outage only the secondary box boots up it will not bring the vPCs up.

To function ‘auto-recobvery’ command is it necessary to have ‘peer-config-check-bypass’ command as well?

no, as they are 2 slightly features which can be configured independently.

Lets say I have 2 nexus connected via peer-link and keepalive link and I have configured ‘auto-recovery’ command on both boxes under vPC domain. Peer link goes down first but keepalive link is still active, In this case secondary nexus will put its vPC and interfaces down. After sometime keep-alive link alos goes down. After failing to receive 3 continous keepalive packets, seconday box makes all its vPCs up due to ‘auto recovery’ command. What will happen the moments second box starts receiving keepalive packets and peer link is also up.

In this case you are already in trouble as you will be in the split-brain or dual active condition during which both nexus will send BPDU's. Etherchannel guard will disable vPC port-channel on connected switch if you have this feature enabled...

If only the keepalive link comes back nothing changes, they will stay in dual active mode until also the peer link is brought back.

View solution in original post

rsimoni · ‎01-19-2012

Hi Govind,

what i mean is i can not put this command on both the boxes at the same time(will have to put command one by one on both the boxes (first in primary and then secondary box) so the moment i put this command on one box, will it really affect the seconnd box or production?

If you enter the commands while both peer-link and keepalive link are up there is no impact as you will not be in the condition for the feature to kick in.

If peer link is brought back, will it break the dual active condition? if yes, whcih box will become the primary?

Old primary will be secondary and new primary will remain primary.

please rate and close the thread if helpful

Riccardo.

View solution in original post

rsimoni · ‎01-19-2012

Hi Govind,

Peer-config-check-bypass

Reload restore or Auto recovery

the features even though they seem similar are different.

Peer-config-check-bypass allows to perform 2 things when vPC peer-link is down :

1/ create new vPC on primary

2/ enables a VPC leg on primary to flap (up -> down -> up state) [in other words, if a VPC leg on primary goes down while the peer-link is down, it is impossible to bring it back up until the VPC secondary is up again]

The peer-config-check-bypass works only when there was a role election previously established.

Auto-recovery is the feature which replaces reload restore (adding a new functionality).

The basic funtion is to have the VPCs up if BOTH switches reload (i.e. after a power outage) and only one actually boots up. Without this command the VPCs will stay down undefintely as the switch will wait for the peer before doing the role election and brings the links up.

As I wrote above Peer-config-check-bypass does not cover this scenario as it assumes that the VPC roles are already resolved and a reload will reset this (no previous role the feature can rely on).

The second funtion occurs 'when you disable vPCs on a secondary vPC switch because of a peer-link failure and then the primary vPC switch fails, the secondary switch reenables the vPCs. In this scenario, the vPC waits for three consecutive keepalive failures before recovering the vPC links.'

  I have 2 Nexus boxes(connected using peer links and keep alive link) running on production. If I put ‘auto-recovery’ command in primary box, what will be the overall impact as the same command is not put on second box.

not a wise idea as if after a power outage only the secondary box boots up it will not bring the vPCs up.

To function ‘auto-recobvery’ command is it necessary to have ‘peer-config-check-bypass’ command as well?

no, as they are 2 slightly features which can be configured independently.

Lets say I have 2 nexus connected via peer-link and keepalive link and I have configured ‘auto-recovery’ command on both boxes under vPC domain. Peer link goes down first but keepalive link is still active, In this case secondary nexus will put its vPC and interfaces down. After sometime keep-alive link alos goes down. After failing to receive 3 continous keepalive packets, seconday box makes all its vPCs up due to ‘auto recovery’ command. What will happen the moments second box starts receiving keepalive packets and peer link is also up.

In this case you are already in trouble as you will be in the split-brain or dual active condition during which both nexus will send BPDU's. Etherchannel guard will disable vPC port-channel on connected switch if you have this feature enabled...

If only the keepalive link comes back nothing changes, they will stay in dual active mode until also the peer link is brought back.

govind346 · ‎01-19-2012

Hi Reccardo,

Thank you so much for such good explanation. It would be great if you could elaborate more on my first and last queries-

I have 2 Nexus boxes(connected using peer links and keep alive link) running on production. If I put ‘auto-recovery’ command in primary box, what will be the overall impact as the same command is not put on second box.

what i mean is i can not put this command on both the boxes at the same time(will have to put command one by one on both the boxes (first in primary and then secondary box) so the moment i put this command on one box, will it really affect the seconnd box or production?

my last query-

Lets say I have 2 nexus connected via peer-link and keepalive link and I have configured ‘auto-recovery’ command on both boxes under vPC domain. Peer link goes down first but keepalive link is still active, In this case secondary nexus will put its vPC and interfaces down. After sometime keep-alive link alos goes down. After failing to receive 3 continous keepalive packets, seconday box makes all its vPCs up due to ‘auto recovery’ command. What will happen the moments second box starts receiving keepalive packets and peer link is also up.

If peer link is brought back, will it break the dual active condition? if yes, whcih box will become the primary?

rsimoni · ‎01-19-2012

Hi Govind,

what i mean is i can not put this command on both the boxes at the same time(will have to put command one by one on both the boxes (first in primary and then secondary box) so the moment i put this command on one box, will it really affect the seconnd box or production?

If you enter the commands while both peer-link and keepalive link are up there is no impact as you will not be in the condition for the feature to kick in.

If peer link is brought back, will it break the dual active condition? if yes, whcih box will become the primary?

Old primary will be secondary and new primary will remain primary.

please rate and close the thread if helpful

Riccardo.

govind346 · ‎01-19-2012

Thank you so much Riccardo

rsimoni · ‎01-19-2012

you are welcome