5K/2K vPC design question

d-fillmore · ‎03-18-2013

With reference to the vPC loop prevention mechanism that was discussed in this post

http://www.ccierants.com/2012/03/vpc...d-to-know.html

- if a Nexus 5K receives a packet on the vPC peer link that is in a VLAN that is in a vPC, that packet will not be forwarded out a vPC link, it'll be dropped.

In the environment I'm working in, we have servers dual connected to a pair of 2Ks connecting to a pair of 5Ks. Some of these are standalone servers running portchannels to the 2K/5Ks, and we also have some ESX servers which carry the same VLANs as the standalone servers, which are also connected to both 2Ks but are not running in a portchannel but are using VMWare's method of load balancing which I think is to send packets out on the link they were first received on.

Based on my understanding of the loop prevention mechanism, I think that this setup could have problems - if a host on the ESX server sends a packet to a vPC connected host and it comes into 5K #1, but the vPC hashing algorithm determines that it should be sent to the vPC connected host through 5K #2, the 5K #2 will drop it.

This leads me to believe that you shouldn't mix and match vPC and VMWares default load balancing when dual connecting hosts into a 5K/2K setup.

Am I right here or am I missing something?

What commands can I use to determine which 5K a host is using for a certain conversation in a vPC setup

Many Thanks in advance

Dom

David Lucas · ‎03-18-2013

Hello Dom,

So, first all the recommendation is to dual connect everything to a vPC and not have single attached servers. If you can't do that then you've created what we refer to as orphan ports. I don't believe this will be an issue in your topology, but the best way to know would be test it! With that said, take a look at this document and see if it answers some questions:

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/design_guide_c07-625857.pdf

If the server connects directly to the N5K then you may want to look at orphan-port suspend feature.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_N2_1/b_Cisco_n5k_layer2_config_gd_rel_513_N2_1_chapter_01001.html#task_35CE3B4AEE75485AB7A22C3A085D2F99

Depending on your hardware something you may want to look at is the Enhanced vPC feature. This will allow dual connected FEXs to also contain servers in a port-channel to each FEX, or you can you can have single attached servers to the same FEXs.

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/513_N2_1/b_Cisco_n5k_layer2_config_gd_rel_513_N2_1_chapter_01010.html

Hope this helps,

Dave

d-fillmore · ‎03-19-2013

Hi Dave - Thanks for your reply and thanks for the links. I thought I'd read the first one already but obviously not thoroughly enough. So I guess in my case, the ports which connect the ESX servers to the 2Ks are considered orphaned ports.

Each ESX server is connected to both 2Ks as is each standalone server.

This network is already in service so EvPC isn't an option for us at the moment

I can't see how orphan-port suspend feature would be a benefit me in this instance - the docs don't specifiy why this would be beneficial

The ports connected to the ESX servers are each configured as individual trunks. Without portchanneling, this is referred to by VMWare as NIC teaming and the load balancing algorithm it uses is

"Choose an uplink based on the virtual port where the traffic entered the virtual switch" whereas when using portchanelling, the load balancing algorithm is defined as "Choose an uplink based on a hash of the source and destination IP addresses of each packet"

What I'm trying to work out is, if we are using a mixture of portchanelling and "NIC teaming", does that have the potential to impact connectivity between VMs on the ESX hosts and the standalone servers as a result of the "

Duplicate Frames Prevention in vPC" feature discussed on page 19 in the Etherchannel design guide document.

Cheers, Dom