Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1829
Views
15
Helpful
5
Replies

Inter-Vlan Routing in vPC topology

Anuoluwapo Fatokun
Level 1
Level 1

‎07-21-2015 08:17 AM

Hi all, 

i am just laying around with two nexus switches and testing some features. I config vPC between the two switches and also did a member port to a catalyst switch. Everythg works fine. I decided to do inter-vlan routing.

I connected a catalyst switch to the two nexus switches and did vPC with it and make it a trunk port
Everything is fine.
I created vl 10,20 on the three switches.
on N9K1....SVI for int Vl 10 = 10.234.100.1
           SVI for int Vl 20 = 10.234.200.1

on N9K2    SVI for int Vl 10 = 10.234.100.2
           SVI for int Vl 20 = 10.234.200.2 


I created two access port on the catalyst switcht, one to vl 10 and the other to vl 20
I plugged in two systems and want to test inter vlan routing.

PC1: 10.234.100.4
     GW: 10.234.100.1

PC2: 10.234.200.4
  GW:10.234.200.1

To my greastest surprise, they cant ping each other.

After so much trying to figure out what was wrong

i changed PC2 GW to 10.234.200.2

and ping started going.


PLS WHAT EXACTLY IS HAPPENING. IS THERE A KNOWLEDGE GAP AS REGARD NEXUS I AM MISSING.

PLS HELP!!! 


thanks

Labels:
0 Helpful
5 Replies 5

Madhukrishnan Gopinathan Nair
Level 7
Level 7

‎07-21-2015 09:20 AM

Hello ,

 

Are you able to ping 10.234.200.1 while it was not working? 

Also are you allowing these vlan in the Peer-link.

 

Thanks,

Madhu

0 Helpful

Anuoluwapo Fatokun
Level 1
Level 1
In response to Madhukrishnan Gopinathan Nair

‎07-21-2015 11:18 AM

On the PC with this IP addressing 10.234.200.4 & gw of 10.234.200.1, I can ping all the svi but on the PC with this I'll addressing 10.234.100.4 & gw of 10.234.100.1 I can't only 10.234.200.2. I can ping all other svi.
0 Helpful

Madhukrishnan Gopinathan Nair
Level 7
Level 7
In response to Anuoluwapo Fatokun

‎07-21-2015 11:40 AM

I agree with Steve.

+5

Madhu

0 Helpful

Steve Fuller
Level 9
Level 9

‎07-21-2015 10:59 AM

Hi,

This is possibly due to the loop avoidance mechansim built into vPC. Essentially a Nexus device running vPC will not forward trafifc on a vPC member port if the traffic has crossed the peer link.

When the traffic is sent from the PC attached to the Catalyst switch, that switch will make a hashing decision at Layer-2 to decide which physical link of the port-channel to use. If the traffic destined to the IP address 10.234.100.1 takes the physical path to N9K2, it will then have to cross the peer-link to get to N9K1. That's OK, but consider the return traffic.

The MAC address table on N9K1 knows the MAC for the PC via the peer-link and will forward the return traffic on that link. Now, based on the loop avoidance mechansim i.e., a switch will not forward traffic on any vPC member port if that traffic has crossed the peer-link, N9K2 will drop the return traffic.

You may also be able to solve the problem by adding the peer-gateway command within the vpc domain <domain-id> context. For example:

!
vpc domain 1
  [..]
  peer-gateway
  [..]
!

This commands allows a switch to route traffic destined to the MAC address of the peer i.e., N9K1 can route traffic destined to the MAC address of N9K2. This is actually considered a best practice anyway for vPC.

In reality you probably wouldn't have this configuration, but instead use a First Hop Router Procotocol such as HSRP which would be your default gateway IP. In a vPC environment both routers are active from a data plane perspective and so you'd avoid this issue. The use of HSRP with vPC is explained in the HSRP/VRRP active/active with vPC section on page 78 of the Design and Configuration Guide: Best Practices for Virtual Port Channels (vPC) on Cisco Nexus 7000 Series Switches.

The above design guide is a good source of information, but a long read. If you're new to vPC then an excellent starting point is the Quick Start :: Virtual Port Channel (vPC)  guide. This shows typical configurations, but also has a number of recomendations and best practices documented.

Regards

Anuoluwapo Fatokun
Level 1
Level 1
In response to Steve Fuller

‎07-21-2015 11:26 AM

Thanks for your response, quiet elaborate. Pls can you help with a best practice config to achieve this setup. If you don't mind I can share the complete topology of the project. Thanks
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents