Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1326
Views
0
Helpful
4
Replies

Nexus 7K VPC-HSRP

swelsch
Level 1
Level 1

‎04-12-2016 07:22 AM

Hello,

i need a solution. The design of the network is shown in the attachment.

I have two Nexus 7K as "core" with about 50 interface vlans ( ipv4 and some ipv6 ) and HSRP up and running. All internal traffis is routed by the 7K's without problems. All clients attached to the 5K gets ip adresses by DHCP and work fine by internal vlan-routing. VPC's are up and running without any problems, Internet connectivity is realised by a ASR router, but yet only single attached to the 7K-1. 

If i attach a host to 5K-1 and do a traceroute to the internet, i get as first hop the physical address of the active HSRP router, then the ASR router and then the whole way to the internet and internet browsing works.

If i attach a host to 5K-2 and do a traceroute to the internet, i get as first hop the physical address of the second HSRP router, then the ASR router and after the ASR, the traceroute gets no answer any more, so the internet browsing doesn't work.

Result:

- all clients can access the whole internal network

- client attached to the N5K-1 can access the internet, clients attached to the N5K-2 can't access the internet.

Workaround for now: the 5K's are only connected to the 7K-1, and all clients can work

i have configured peer-gateway, but no change in behaviour.

Can anybody help me ?, Where is the faulty configuration ?

Thanks

Labels:
Preview file
294 KB
0 Helpful
4 Replies 4

dukenuk96
Level 3
Level 3

‎04-12-2016 11:36 PM

Hi

we have similar design and everything works fine, seems you misconfigured some vPC, can you add port numbers in your network diagram and share full configs of all Nexuses?

0 Helpful

swelsch
Level 1
Level 1
In response to dukenuk96

‎04-13-2016 01:52 AM

Hello,

attached the config of the Nexus, the vpc failure are because the 5K are yet only connected to the 7K1.

in addition: the ASR is physical connected to the 5K-1, but routed by the 7K-1

thanks

Preview file
5 KB
Preview file
5 KB
Preview file
5 KB
Preview file
4 KB
0 Helpful

dukenuk96
Level 3
Level 3
In response to swelsch

‎04-13-2016 02:10 AM

On N7ks, add this:

vpc domain 2
 peer-switch
 ip arp synchronize

On N5ks, add this:

vpc domain 1
 peer-switch
 ip arp synchronize

Then show traceroutes.

Read this article http://www.ccierants.com/2012/03/vpc-gotchas-you-need-to-know.html and search for words 'routing over vpc yes and no' - it will clear for you some design considerations.

Also - on peer-links - do not configure these port-channels just as trunks, define what exact VLANs will be allowed. This will help if you will want some time to use FC/FCoE or will want different VLANs/SVIs or Nexus heads.

0 Helpful

swelsch
Level 1
Level 1
In response to dukenuk96

‎05-31-2016 06:47 AM

Sorry about the late answer,

 

the customer has to plan an outage to test the new configuration, but still has no time to realize it. Now there is another issue.

The provider ASR can deliver a second connection to the customer 7K-VPC to get redunancy. How whould you implement the second connection ?

1. transfer network ( vlan )  with HSRP on 7K-1 ans 7K-2

2. dedicated L3 links on 7K-1 and 7K-2 with OSPF

3. L2 oder L3 Port-channel on ASR

 

thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card