cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9554
Views
0
Helpful
6
Replies

Nexus 7000 VPC Bow Tie Configuration

CARL LINDAHL
Level 1
Level 1

Hello,

I have four Nexus 7010s setup in a Bow Tie configuration with VPCs, A1 and A1 are in a VPC talking to B1 and B2 in a VPC talking back to the As,

A1 -------  B1

       \   /

        / \

     /      \

A2 -------- B2

Sorry for the poor ASCII Art, but I think you can get the picture. I have been in duscussions with Cisco TAC and some of our other contacts, and no one can produce a document on what HSRP configurations and VPC which are supported and which ones are not supported.

What I'm really after is we were running NXOS 4.2.x on all four boxes, and all four were a member of an HSRP group - things worked fine for IPv4. We upgraded to 5.2(3a) and now are seeing a number of  the following messages -

2012 Apr  7 09:05:00 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac65 on Vlan101(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr  7 10:50:55 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.acc8 on Vlan200(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr  7 14:05:30 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac69 on Vlan105(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr  9 15:18:09 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac65 on Vlan101(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr 11 12:42:05 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac69 on Vlan105(port-channel1) is duplicate of local virtual ip, x.x.x.x

2012 Apr 17 09:16:00 DMZ-7K02 %ARP-3-DUP_VADDR_SRC_IP:  arp [5619]  Source address of packet received from 0000.0c07.ac65 on Vlan101(port-channel1) is duplicate of local virtual ip, x.x.x.x

We have been up and down with TAC and they have been talking with the Develepers, and there are two opinions we have recieved

1. it is supported and is broken

2. it is not supported and good luck

I've been trying to get a solid answer to this, and would like one simple answer, and if the answer is it isn't supported, where is it clearly documented? thought I would also reach out to the community to see if anyone else has seen this or not.

6 Replies 6

krun_shah
Level 1
Level 1

Very interesting setup.

It looks like A1 and A2 switch complain about same MAC address for HSRP group being seen from B1 and B2 and vise versa.

One possible solution I can think of is to manually configure the HSRP MAC address on vPC peers.

So for A1 and A2 vpc peers choose xxxx.xxxx.aaaa

and for B1 and B2 vpc peers choose xxxx.xxxx.bbbb

As command reference only requires you to configure same mac address on vpc peers only.... not all participating switches in same HSRP group.

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html#wp1073084

Then configure manually priority to all switches with different value this will make sure for HSRP group IP there is only one active switch responds with MAC address in ARP response. This is just an idea I can think of I am not sure it will work without looking in to more details of your network.

AJ Cruz
Level 3
Level 3

The errors suggest the HSRP group is split between the two sites. Is that correct? If so is that on purpose?

If it is on purpose they added a suppression knob I believe is for this scenario. The command is "no ip arp gratuitous hsrp duplicate."

Sent from Cisco Technical Support iPad App

skristiansen
Level 1
Level 1

Just had this both interfaces were active active  (sh hsrp).  Set one sides priority and force it to stanby.  This worked for me.

c4rbiner01
Level 1
Level 1

Hi,

just want to share our case.

We recently have similar issue when connecting catalyst 3750X to N7K, after some verification I thought nothing wrong with the HSRP.

2013 Nov 10 16:33:07 CORE-xxxxx-70xx %ARP-3-DUP_VADDR_SRC_IP_PROBE:  arp [8587]

  Duplicate address Detected. Probe  packet received from e4d3.f1xx.xxx on Vlan

2xx(port-channel2xx) with destination set to our local Virtual ip, 172.x.x.x

I end up by changing the IOS on cat3750X into Version 15.0(2)SE2 to solve the irritating log messages.

N7K software is version 6.1(1).

Parmanand Patil
Level 1
Level 1

Thanks for the post, I jsut see the same loggs on my switch. I was wondering how this is learning the MAC from the portchannel

"2014 Jan 22 05:28:16 XXX %ARP-3-DUP_VADDR_SRC_IP_PROBE:  arp [5516]  Duplicate address Detected. Probe  packet received from 7446. XXXX.XXXX.XXX on Vlan46(port-channelXXXX) with destination set to our local

Virtual ip, X.X.X.X"

Amit Singh
Cisco Employee
Cisco Employee

I remember designing the same for one of my customer. We ended up running HSRP only on A1 and A2 as per your toplogy. We are still running back to back VPC and HSRP gateways on A1 and A2. We have not seen much issues, they are on NX-OS 6.1.3 though. My customer is looking for a sub-ms fail-over and they are looking at FabricPath to remove some of the complexities as you pointed out here.

Cheers,

-amit singh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: