cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

8448
Views
0
Helpful
6
Replies
Highlighted
Beginner

Nexus 7000 VPC Bow Tie Configuration

Hello,

I have four Nexus 7010s setup in a Bow Tie configuration with VPCs, A1 and A1 are in a VPC talking to B1 and B2 in a VPC talking back to the As,

A1 -------  B1

       \   /

        / \

     /      \

A2 -------- B2

Sorry for the poor ASCII Art, but I think you can get the picture. I have been in duscussions with Cisco TAC and some of our other contacts, and no one can produce a document on what HSRP configurations and VPC which are supported and which ones are not supported.

What I'm really after is we were running NXOS 4.2.x on all four boxes, and all four were a member of an HSRP group - things worked fine for IPv4. We upgraded to 5.2(3a) and now are seeing a number of  the following messages -

2012 Apr  7 09:05:00 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac65 on Vlan101(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr  7 10:50:55 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.acc8 on Vlan200(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr  7 14:05:30 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac69 on Vlan105(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr  9 15:18:09 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac65 on Vlan101(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr 11 12:42:05 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac69 on Vlan105(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr 17 09:16:00 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac65 on Vlan101(port-channel1) is duplicate of local virtual ip, x.x.x.x

We have been up and down with TAC and they have been talking with the Develepers, and there are two opinions we have recieved

1. it is supported and is broken

2. it is not supported and good luck

I've been trying to get a solid answer to this, and would like one simple answer, and if the answer is it isn't supported, where is it clearly documented? thought I would also reach out to the community to see if anyone else has seen this or not.

Everyone's tags (2)
6 REPLIES 6
Beginner

Re: Nexus 7000 VPC Bow Tie Configuration

Very interesting setup.

It looks like A1 and A2 switch complain about same MAC address for HSRP group being seen from B1 and B2 and vise versa.

One possible solution I can think of is to manually configure the HSRP MAC address on vPC peers.

So for A1 and A2 vpc peers choose xxxx.xxxx.aaaa

and for B1 and B2 vpc peers choose xxxx.xxxx.bbbb

As command reference only requires you to configure same mac address on vpc peers only.... not all participating switches in same HSRP group.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html#wp1073084

Then configure manually priority to all switches with different value this will make sure for HSRP group IP there is only one active switch responds with MAC address in ARP response. This is just an idea I can think of I am not sure it will work without looking in to more details of your network.

Beginner

Re: Nexus 7000 VPC Bow Tie Configuration

The errors suggest the HSRP group is split between the two sites. Is that correct? If so is that on purpose?

If it is on purpose they added a suppression knob I believe is for this scenario. The command is "no ip arp gratuitous hsrp duplicate."

Sent from Cisco Technical Support iPad App

Beginner

Nexus 7000 VPC Bow Tie Configuration

Just had this both interfaces were active active  (sh hsrp).  Set one sides priority and force it to stanby.  This worked for me.

Beginner

Nexus 7000 VPC Bow Tie Configuration

Hi,

just want to share our case.

We recently have similar issue when connecting catalyst 3750X to N7K, after some verification I thought nothing wrong with the HSRP.

2013 Nov 10 16:33:07 CORE-xxxxx-70xx %ARP-3-DUP_VADDR_SRC_IP_PROBE:  arp [8587]

  Duplicate address Detected. Probe  packet received from e4d3.f1xx.xxx on Vlan

2xx(port-channel2xx) with destination set to our local Virtual ip, 172.x.x.x

I end up by changing the IOS on cat3750X into Version 15.0(2)SE2 to solve the irritating log messages.

N7K software is version 6.1(1).

Nexus 7000 VPC Bow Tie Configuration

Thanks for the post, I jsut see the same loggs on my switch. I was wondering how this is learning the MAC from the portchannel

"2014 Jan 22 05:28:16 XXX %ARP-3-DUP_VADDR_SRC_IP_PROBE:  arp [5516]  Duplicate address Detected. Probe  packet received from 7446. XXXX.XXXX.XXX on Vlan46(port-channelXXXX) with destination set to our local

Virtual ip, X.X.X.X"

Cisco Employee

Nexus 7000 VPC Bow Tie Configuration

I remember designing the same for one of my customer. We ended up running HSRP only on A1 and A2 as per your toplogy. We are still running back to back VPC and HSRP gateways on A1 and A2. We have not seen much issues, they are on NX-OS 6.1.3 though. My customer is looking for a sub-ms fail-over and they are looking at FabricPath to remove some of the complexities as you pointed out here.

Cheers,

-amit singh

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here