Solved: Re: Hello,

keen4.net · ‎03-14-2016

Dear All,

We have Nexus 93128 switches running on vPC.

Recently , we have done a network up grataion activity , during that time Nexus-9K-1 switch was powered Off.

After completion of activity. VPC role is showing like below. What exactly should be done to change the functional role of nexus switches or what need to be done to bring back these nexus switches as they were initially. for eg ,..

Nexus-9K-1 was at primary role.

Nexus-9K-2 was at secondary role.

Nexus-9K-1# sh vpc role

vPC Role status
----------------------------------------------------
vPC role                        : primary, operational secondary
Dual Active Detection Status    : 0
vPC system-mac                  : 00:21:02:de:c3:5f
vPC system-priority             : 4096
vPC local system-mac            : ef:78:24:e7:b7:78
vPC local role-priority         : 1
Nexus-9K-1#

Nexus-9K-2# sh vpc role

vPC Role status
----------------------------------------------------
vPC role                        : secondary, operational primary
Dual Active Detection Status    : 0
vPC system-mac                  : 00:21:02:de:c3:5f
vPC system-priority             : 4096
vPC local system-mac            : e1:2e:2a:5c:4d:3b
vPC local role-priority         : 2
Nexus-9K-2#

Rgds

JN

Mark Malone · ‎03-15-2016

Hi

in the running config there should be something like below , change the priority like hsrp higher wins to flip over the roles , both switches should be identical as there vpc paired so there's no real need to flip them back I would have though unless for consistency

switch A

vpc domain 200
role priority 150
system-priority 150
peer-keepalive destination 10.x.x.x source 10.x.x.x vrf heartbeat
delay restore 90

switch B

vpc domain 200
role priority 200
system-priority 150
peer-keepalive destination 10.x.x.x source 10.x.x.x vrf heartbeat
delay restore 90

View solution in original post

keen4.net · ‎03-14-2016

please reply

Mark Malone · ‎03-15-2016

Hi

in the running config there should be something like below , change the priority like hsrp higher wins to flip over the roles , both switches should be identical as there vpc paired so there's no real need to flip them back I would have though unless for consistency

switch A

vpc domain 200
role priority 150
system-priority 150
peer-keepalive destination 10.x.x.x source 10.x.x.x vrf heartbeat
delay restore 90

switch B

vpc domain 200
role priority 200
system-priority 150
peer-keepalive destination 10.x.x.x source 10.x.x.x vrf heartbeat
delay restore 90

Jevgeni Rõžov · ‎06-16-2016

Hello,

You still have not answered the initial question - how to force operational secondary Nexus device to become operational primary one? Reloading operational primary is out of the question.

Daniel ElHani · ‎02-01-2017

From all the readings I've done, it looks there're only 2 -ugly- ways to achieve this:

1- reload the secondary switch (operational as primary) or

2- flap (shut/unshut) the peer link on the secondary switch (operational as primary) -I'm assuming role priorities are configured in the right manner

And yep, a short disruption is expected

Hope someone out there is aware of a third less harsh approach

Cheers

Ps: it even looks the 2nd method is not an option (NOS5.x)! http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/design_guide_c07-625857.html#_Toc271759447, mentions that if the keepalive link doesn't go down, the role won't change! But bringing keep alive along with the peer link will cause a split brain condition, so it looks option 1 is the only safe option

Billm · ‎10-25-2017

If you are running ver 7 code there is this:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/interfaces/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Interfaces_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Interfaces_Configuration_Guide_7x_chapter_0100...

Configuring Hitless vPC Role Change

Complete these steps to enable hitless vPC role change.

Before You Begin

• Ensure that the vPC feature is enabled.
• Ensure that the vPC peer link is up
• Verify the role priority of devices

Procedure

	Command or Action	Purpose
Step 1	vpc role preempt Example: switch# `vpc role preempt` switch(config)#	Enable hitless vPC role change.
Step 2	show vpc role Example: switch(config)# `show vpc role`	(Optional) Verify hitless vPC role change feature.

This example on how to configure hitless vPC role change:

switch# show vpc rolevPC Role status
----------------------------------------------------
vPC role                        : secondary
vPC system-mac                  : 00:23:04:ee:be:01
vPC system-priority             : 32667
vPC local system-mac            : 8c:60:4f:03:84:41
vPC local role-priority         : 32668
vPC peer system-mac             : 8c:60:4f:03:84:43
vPC peer role-priority          : 32667

! Configure vPC hitless role change on the device! 

switch(config)# vpc role preempt
! The following is an output from the show vpc role command after the
vPC hitless feature is configured 
switch(config)# show vpc role
vPC Role status
----------------------------------------------------
vPC role                        : primary
vPC system-mac                  : 00:00:00:00:00:00
vPC system-priority             : 32667
vPC local system-mac            : 8c:60:4f:03:84:41
vPC local role-priority         : 32666
vPC peer system-mac             : 8c:60:4f:03:84:43
vPC peer role-priority          : 32667

switch(config)#

Use Case Scenario for vPC Role Change

The hitless vPC role change feature can be used in the following scenarios:

Role change request—When you want to change the roles of the peer devices in a vPC domain.
Primary switch reload—When the devices comes up after a reload and roles are defined, you can use the hitless vPC role change feature to restore the roles. For example, after a reload if the primary device takes the role of operational secondary and the secondary device takes the role of primary operational, you can change the vPC peer roles to their original defined roles using the vpc role preempt command.

Note

Always check the existing device role priority before switching vPC role.
Dual-active recovery—In a dual-active recovery scenario, the vPC primary switch continues to be (operational) primary, but the vPC secondary switch becomes the targeted primary switch and keeps its vPC member ports up. You can use the vPC hitless feature and restore the device roles. After the Dual-active recovery, if one side is operational primary and the other side operational secondary, then you can use the vpc role preempt command to restore the device roles to be primary and secondary

Abhi_d_koenig · ‎11-21-2019

Simply execute the following command

AGPRI# vpc role preempt
Please ensure peer-switch is enabled and operational('show spanning-tree summary'). Continue (yes/no)? [no] yes
AGPRI#

Stuff · ‎07-13-2020

Tried this in config mode on 5596s and get a "service not responding" message. I am disappointed they don't support the command.

Stephan Grohmann · ‎07-04-2019

Dear @ll,

I think the statement about higher role priority winning is wrong.
Cisco clearly states that the LOWER role priority will win the election.

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/212589-understanding-vpc-election-process.html#anc7

vPC Role Priority
You can also use "role priority" in vPC domain mode command to influence vPC Election process. The range of values is from 1 to 65636, and the default value is 32667. A lower value means that this switch has a better chance of being the primary vPC.

Greetings Stephan

tudor bucenica · ‎11-06-2017

Hi,
Cisco's recommendation is to match the vPC (operational) primary role with the root of STP & HSRP active.
If you want to change the operational role from one box to the other change the vpc domain role priority (lower wins the election). This is not preemptive.
!!During a maintenance window!! the steps should be (you want to make A primary operational; B is currently primary operational):
1. change role priority on the A box;
vpc domain 1
role priority lower_value_than_B_priority

2. Check the sticky bit on both boxes
"show sys internal vpcm info all | i i stick"

Example output:
N7K# show system internal vpcm info all | i i sticky
Sticky Master: FALSE

The B switch should have the value FALSE and A should be TRUE.

3. If B still has the TRUE value re-apply on it the current configured value - This means to reapply the original configuration for the role priority. If the role priority is default, then reapply the default. This operation will re-initiate the Sticky bit.
vpc domain 1
role priority same_priority_as_before

4. Check the output of "show sys internal vpcm info all | i i stick" again. Now the value should be FALSE on B and TRUE on A

5. shut vPC peer link (NOT the keep-alive link).

6. Check to see if role has changed with show vpc brief

7. Bring back up the vPC peer link.

Reference
- check Sticky bit Check paragraph 'option 1. phased approach' in this doc https://www.cisco.com/c/en/us/support/docs/interfaces-modules/nexus-7000-series-supervisor-1-module/119033-technote-nexus-00.html#anc7
- "You can also configure which of the vPC devices is the primary device. Changing the priority of the vPC peer devices can cause the interfaces in your network to go up and down. If you want to configure the role priority again to make one vPC device the primary device, configure the role priority on both the primary vPC device with a lower priority value and the secondary vPC device with the higher value. Then, shut down the port channel that is the vPC peer link on both devices by entering the shutdown command, and finally reenable the port channel on both devices by entering the no shutdown command." taken from here
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/interfaces/configuration/guide/b-Cisco-Nexus-7000-Series-NX-OS-Interfaces-Configuration-Guide-Book/configuring-vpcs.html

mohammadnouman86 · ‎11-12-2020

this post seems to be too old and hope you have found a solution, if not, according my experience ( we had the same issue ) you have to follow what Jevgeni Rõžov mentioned,

1. either reload the secondary switch

2. or shut/no shut the peer links.

in our case, we were doing sofware updates, both switches had to reboot.

robert.lorrison · ‎10-18-2021

Stumbled across this thread in a google search. The OP was experiencing the issue of having the configured secondary switch (Nexus-9K-2, vPC role-priority 2) operating as primary despite clearly having a HIGHER priority number than Nexus-9K-1 (vPC role-riority 1). This usually happens during software upgrades when the secondary switch is rebooted first, takes over when the primary reboots, and stays that way once the primary comes back up. The reason for this is because (unlike with HSRP or VRRP) Nexus vPC roles DO NOT preempt automatically.

Thankfully there's an easy fix (as mentioned by Abhi_d_koenig ), you simply enter the command "vpc role preempt" in Privileged EXEC mode on the configured primary switch. It will query the configured vPC role-priorities on both switches and confirm that it can preempt. You should see a warning about spanning-tree summary and confirming that peer-switch is enabled and operational, if so you're good to go. This is also part of the graceful (hitless) vPC role change procedures.

vPC role change, how to revert to actual role

Configuring Hitless vPC Role Change

Use Case Scenario for vPC Role Change