Solved: VPC + SVI problem - Page 4

magedis0383 · ‎03-04-2015

Hello,

We have the topology in Attachement. and we have problem with SVI and VPC

The configuration:

N5K1:

vpc domain 100
peer-switch
role priority 100
system-priority 1024
peer-keepalive destination 192.168.21.1
peer-config-check-bypass
delay restore 150
peer-gateway
auto-recovery
ip arp synchronize

vlan 801
name DEV_WAN

interface Vlan801
description IP DEV
no shutdown
no ip redirects

interface Vlan1000
no shutdown
no ip redirects
ip address 192.168.22.5/30

interface port-channel1000
switchport mode trunk
spanning-tree port type network
spanning-tree guard loop
vpc peer-link

interface port-channel401
description LACP-SRV1

switchport mode trunk
speed 1000
duplex full
vpc 401

interface Ethernet1/1
description "TRUNK VPC"
no cdp enable
switchport mode trunk
spanning-tree port type network
spanning-tree bpdufilter enable
channel-group 1000 mode active

interface Ethernet1/2
description "TRUNK VPC"
switchport mode trunk
spanning-tree port type network
channel-group 1000 mode active

interface Ethernet1/5
description SRV1_GB2
switchport mode trunk
speed 1000
duplex full
channel-group 401 mode active

interface Ethernet1/29
description Uplink N5K3
switchport mode trunk

N5K2:

vpc domain 100
peer-switch
role priority 110
system-priority 1024
peer-keepalive destination 192.168.21.2
peer-config-check-bypass
delay restore 150
peer-gateway
auto-recovery
ip arp synchronize

vlan 801
name DEV_WAN

interface Vlan801
no shutdown
ip address 202.168.72.1/29

interface Vlan1000
description VPC-N5K
no shutdown
no ip redirects
ip address 192.168.22.6/30

interface port-channel1000
switchport mode trunk
spanning-tree port type network
spanning-tree guard loop
vpc peer-link

interface port-channel401
description LACP-SRV1
switchport mode trunk
speed 1000
duplex full
vpc 401

interface Ethernet1/1
description "TRUNK VPC"
switchport mode trunk
spanning-tree port type network
channel-group 1000 mode active

interface Ethernet1/2
description "TRUNK VPC"
switchport mode trunk
spanning-tree port type network

channel-group 1000 mode active

interface Ethernet1/5
description SRV1_GB4
switchport mode trunk
speed 1000
duplex full
channel-group 401 mode active

SRV1 IP: 202.168.72.2/29

When i plug the cable from SRV1 to N5K1 and N5K2 i can't ping SRV1 from ADM

when i unplug the cable from SRV1 to N5K2 i can't ping SRV1 from ADM

when i unplug the cable from SRV1 to N5K1 i CAN ping SRV1 from ADM

between N5K1, N5K2 and N5K3 we have OSPF

Thks !

Jon Marshall · ‎03-06-2015

No you can't because N5K3 would form OSPF peerings across the vPC peer link as well which could lead to dropped packets because of what Bilal described.

See diagram 2 in the link I posted because that is the exact scenario you are asking about.

Jon

magedis0383 · ‎03-06-2015

So what is the best scenario in my case ?

Jon Marshall · ‎03-06-2015

It depends on what vlans are on N5K3. ?

If the vlans are not anywhere else ie. they are only on N5K3 then you can connect N5K3 to both N5K1 and N5K2 using L3 P2P links. This would mean N5K3 had peerings with both switches but no other indirect peerings.

Using a vPC to connect them up means you have allow the vlan across the vPC peer link and so indirect neighborships are formed.

I know you can define static neighborships in OSPF as opposed to using multicast so that may be a solution but I can't say as I have never done it.

Jon

magedis0383 · ‎03-06-2015

I need vlan between N5K3 and N5K1/N5K2 so i can't do direct peering.