Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
35028
Views
0
Helpful
7
Replies

NX-OS 5.0(3)N2(1) vpc orphan-port suspend

Bill CARTER
Level 5
Level 5

‎07-22-2011 12:41 PM

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/layer2/503_n2_1/Cisco_n5k_layer2_config_gd_rel_503_N2_1_chapter8.html#task_35CE3B4AEE75485AB7A22C3A085D2F99

Suspending Orphan Ports on a Secondary Switch in a vPC Topology

You can suspend a non-virtual port channel (vPC) port when a vPC secondary peer link goes down. A non-vPC port, also known as an orphaned port, is a port that is not part of a vPC.

interface ethernet slot/port

vpc orphan-port suspend  - "Suspends the specified port if the secondary switch goes down."

Do I apply this command only to orphan-ports on the vPC Secondary N5K? Or, since a vPC Primary could become a vPC Secondary, should I apply the command to all ports, on either N5K that are orphan ports?

-bill

http://billyc5022.blogspot.com/

Labels:
0 Helpful
7 Replies 7

Jerry Ye
Cisco Employee
Cisco Employee

‎07-22-2011 07:13 PM 

Do I apply this command only to orphan-ports on the vPC Secondary N5K? Or, since a vPC Primary could become a vPC Secondary, should I apply the command to all ports, on either N5K that are orphan ports?

Apply it on all the orphan ports on both vPC primary and secondary N5Ks.

You do not need this on the vPCs since the default behavior will take down the secondary switch's downstream port if the peer link failed.

HTH,

jerry

0 Helpful

gnijs
Level 4
Level 4
In response to Jerry Ye

‎08-18-2011 06:35 AM

Can i apply this command also on a portchannel connecting a FEX ?

(ie. a single connected FEX)

int po100

switchport mode fex-fabric

fex associate 100

vpc orphan-port suspend

regards,

Geert

0 Helpful

Jerry Ye
Cisco Employee
Cisco Employee
In response to gnijs

‎08-18-2011 07:03 AM

I don't believe this will work, because you can have vPC on your host to the N5Ks.

Regards,

jerry

0 Helpful

gnijs
Level 4
Level 4
In response to Jerry Ye

‎08-18-2011 08:50 AM

I just tested this in the lab and indeed , you can't configure it on the FEX ports. But -as you mention indeed- you can have a VPC on the FEX ports that will follow the default vpc behaviour.

So the correct workaround is then to apply it on all host ports of the FEX :-) (except the VPC ones)

Lets see if that works:

NEXUSB# sh run int eth100/1/1

!Command: show running-config interface Ethernet100/1/1

!Time: Thu Aug 18 15:41:55 2011

version 5.0(3)N2(1)

interface Ethernet100/1/1

  vpc orphan-port suspend

  switchport access vlan 100

  spanning-tree port type edge

yes , that works !

when peer link fails:

NEXUSB# sh int status

--------------------------------------------------------------------------------

Port          Name               Status    Vlan      Duplex  Speed   Type

--------------------------------------------------------------------------------

Eth1/1        --                 vpcPeerLn trunk     full    1000    10g  <-- this is a vpc, down on secundary, peer link failure     

Eth1/2        --                 sfpAbsent 1         full    10G     10g       

Eth1/3        --                 connected 1         full    10G     10g     <--- this is my single connected FEX fabric port, stays up  

Eth1/4        --                 sfpAbsent 1         full    10G     10g       

Eth1/5        --                 sfpAbsent 1         full    10G     10g       

Eth1/6        --                 sfpAbsent 1         full    10G     10g       

Eth1/7        --                 vpcPeerLn trunk     full    1000    10g <--- this is a single connected blade switch, goes down, as "orphan port suspend"

Eth1/8        --                 sfpAbsent 1         full    10G     10g       

Eth1/9        --                 sfpAbsent 1         full    10G     10g       

Eth1/10       --                 sfpAbsent 1         full    10G     10g       

Eth1/11       --                 sfpAbsent 1         full    10G     10g       

Eth1/12       --                 sfpAbsent 1         full    10G     10g       

Eth1/13       --                 sfpAbsent 1         full    10G     10g       

Eth1/14       --                 sfpAbsent 1         full    10G     10g       

Eth1/15       --                 sfpAbsent 1         full    10G     10g       

Eth1/16       --                 sfpAbsent 1         full    10G     10g       

Eth1/17       --                 notconnec trunk     full    10G     10g       

Eth1/18       --                 sfpAbsent 1         full    10G     10g       

Eth1/19       --                 sfpAbsent 1         full    10G     10g       

Eth1/20       --                 sfpAbsent 1         full    10G     10g       

Po10          --                 noOperMem trunk     full    10G     --        

Po30          --                 noOperMem trunk     full    1000    --        

Po100         --                 connected 1         full    10G     --        

mgmt0         --                 connected routed    full    100     --        

Eth100/1/1    --                 vpcPeerLn 100       full    auto    --         <- this is my fex server interface, also going down as orphaned port suspend :-)

Eth100/1/2    --                 notconnec 1         auto    auto    --        

If you put this in a port profile, it can be added automatically:

NEXUSB# sh port-profile

port-profile FEX-SERVER-PORT-DEFAULT

type: Ethernet

description: SRV FEX-DEFAULT

status: enabled

max-ports: 512

inherit:

config attributes:

  duplex auto

  no cdp enable

  vpc orphan-port suspend

regards,

Geert

0 Helpful

gnijs
Level 4
Level 4
In response to gnijs

‎08-19-2011 08:06 AM

I just discovered that during a Type-1 inconsistency, vpc ports on secundary go down, but ports marked with "orphan suspend" do not go down (peer link is up):

NEXUSB#     sh vpc

Legend:

                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                   : 11 

Peer status                     : peer adjacency formed ok     

vPC keep-alive status           : peer is alive                

Configuration consistency status: failed 

Per-vlan consistency status     : success                      

Configuration consistency reason: vPC type-1 configuration incompatible - STP global loop guard inconsistent

Type-2 consistency status       : success

vPC role                        : secondary                    

Number of vPCs configured       : 2  

Peer Gateway                    : Disabled

Dual-active excluded VLANs      : -

Graceful Consistency Check      : Enabled

NEXUSB# sh int eth1/1

Ethernet1/1 is down (suspended by vpc)

Eth1/1 = vpc port

Eth1/7 is orphan port with "suspend" command:

interface Ethernet1/7

  vpc orphan-port suspend

  switchport mode trunk

  switchport trunk allowed vlan 100

stays up:

NEXUSB# sh int eth1/7

Ethernet1/7 is up

so orphan port suspend only works for peer-link failure, not Type-1 inconsistency

0 Helpful

krunal_shah
Level 1
Level 1

‎08-18-2011 11:05 AM

I have come across a similar issue where 5548P switch1 (secondary, operational primary) in vpc mode did not learn some MAC addresses on its orphan-port connected to 6500. Note that some MAC addresses are being learned but some are not. Those hosts were not able to communicate to the other host in same subnet.

This orphan port was in spanning tree FWD and ROOT port. When I looked into the other peer switch2 (primary, operation secondary) I found missing MAC address from switch1 is being learned on vpc peer-link. This peer-link was spanning ROOT and FWD. When I put a static mac address table entry pointing to orphan port on switch1 everything works fine.

NX-OS code is 5.0(3)N1(1c). I could not find any bug documented regarding such issue.

0 Helpful

gnijs
Level 4
Level 4
In response to krunal_shah

‎08-18-2011 02:59 PM

mmm.interesting problem, especially the "some macs are learned and others not" is disturbing . are you sure you don't have any TCAM resource problems?

(note it is normal that the peerlink is stp root and forwarding, this is always the case)

0 Helpful

Review Cisco Networking for a $25 gift card

Top