Solved: Routing over VPC

Amirmahdi.M · ‎11-28-2023

Hi everyone

We have 2 TenG links with a datacenter and they were configured as L3 interfaces.

we decided to port-channel them so we can have on Logical Interface.

Our side is a cisco 7600 and the other side is 2 nexus 3064 switches with vPC configured on them.

the second nexus switch is for redundancy.

This is our config:

interface Port-channel10
description DC.PO
switchport
switchport access vlan 900
switchport mode access
load-interval 30
mls qos vlan-based
spanning-tree portfast
spanning-tree bpdufilter enable
end


interface TenGigabitEthernet4/7
description DC1
switchport
switchport access vlan 900
switchport mode access
load-interval 30
mls qos vlan-based
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
channel-group 10 mode active
end

interface TenGigabitEthernet4/8
description DC2
switchport
switchport access vlan 900
switchport mode access
load-interval 30
mls qos vlan-based
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
channel-group 10 mode active
end

!

interface Vlan900
description DC.L3
ip address 172.16.1.1 255.255.255.248
no ip unreachables
no ip proxy-arp
ip verify unicast source reachable-via any
load-interval 30

end

!

router bgp 10

neighbor 172.16.1.2 remote-as 200

neighbor 172.16.1.3 remote-as 200

!

BGP peer is configured on both nexus switched so thay can be redundant.

the problem is that some src-dst-ips become unreachble and we have to shut on of the interfaces.

I know there is layer 2 connectivy between the switches because even though one interface is down, both bgp nieghbors are still up.

looks like the frame is passing the primary switch to reach the other one and by the way the datacenter used Interface Vlan.

unfortunately i dont have the configuration the datacenter used.

I'd be glad if anyone can help me figure out why some of the traffic is being dropped and offer a solution.

Thanks

Amir

MHM Cisco World · ‎11-28-2023

Sure yes

According to topology you share and info there is something wrong,

Collect all config and checks and share if you need help with

MHM

View solution in original post

Amirmahdi.M · ‎11-28-2023

Also they tried running HSRP and the ip addresses were pingable but the tcp connection couldnt be established so we rolled it back.

M02@rt37 · ‎11-28-2023

hello @Amirmahdi.M

Interface Po 10 is not in a vPC configuration ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Amirmahdi.M · ‎11-28-2023

Hi M02@rt37

We configured a normal port-channel on our side.

The datacenter used vPC because they had 2 different switched.

MHM Cisco World · ‎11-28-2023

Can you share topolgy

MHM

Amirmahdi.M · ‎11-28-2023

This is the topology.

CSR4 is our C7600. it's Gi1 and Gi2 are port-channeled.

MHM Cisco World · ‎11-28-2023

I will start troubleshooting

Now form two nsk to dc is ok since it l3

From two nsk to csr issue,

the port channel must config as vpc

Interface port channel x
Vpc x

The vlan 900 since we config it as vpc po to two nsk must be vpc vlan i. E. It must allow in peer link trunk

Do above then we check the issues of next hop.

MHM

Amirmahdi.M · ‎11-28-2023

As far as i know csr(c7600) side doesnt support vpc. (i dont think we need it on our side)

I think the peer link is trunk and passing the vlan because despite one of the interfaces is shutdown right now, i have layer 2 connectivty with it and its pingable.

I edited the post and inserted the complete config on the interfaces.

MHM Cisco World · ‎11-28-2023

The csr config as port channel with ldap active or mode ON,

This PO have two legs one for each nexus (these nexus must run vpc).

Amirmahdi.M · ‎11-28-2023

As far as i know the nexus devices are running vpc.

is it possible that there is a misconfiguration on the nexus devices which causes the traffic going to one of the switches be dropped?

and if so what could it be?

MHM Cisco World · ‎11-28-2023

Sure yes

According to topology you share and info there is something wrong,

Collect all config and checks and share if you need help with

MHM

Amirmahdi.M · ‎11-28-2023

I will recheck the configuration with the datacenter.

This is my idea of what is happening:

------------- NX1(MAC2)

C7600(MAC1) | |

-------------NX2(MAC3)

Maybe in the forwarding proccess im sending a frame with source MAC1 and destionation MAC3 to NX1 and viceversa (port-channel balancing) and for some reason the traffic is being dropped.

Thanks for your help

Amir

Amirmahdi.M · ‎11-30-2023

Hi @MHM Cisco World

After a few hours of troubleshooting, looks like the problem was with the routing table of on of the switches .

Thanks for your help

Amir