Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
839
Views
0
Helpful
4
Replies

VPC reaction to failure scenarios

smart5
Level 1
Level 1

‎10-30-2013 06:54 AM

Hi,

I am some questions in relation to (https://supportforums.cisco.com/thread/2230776)

I have a pair of n5K (A & B) running vpc with VPC Portchannel (e.g 10) uplink to core switches running VSS. my downstream VPC Portchannels (e.g 20) to servers/enclosures. and a VPC peer link Po30 between both. And lastly peer keepalive link over the mgmt0 interface.

A is vpc role primary and B is secondary.

i wanna ask, in the event of all port channels fail on n5k-A, the 32 ports module on the n5k fail, meaning the uplink to core and downstream links to ensclosure are down.. BUT the mgmt0 link is UP and Running because it is not a same module... What will/should happen?

Base on my testing, B will not take over because peer keepalive link is up, it will suspend all its vpc ports assuming A will be Active... but in reality, A ports all fail and VPC will not work.

How should i protect against this?

I also tried use object tracking on A only, track on all uplink port-channel and downstream portchannel, it does failover to B OK with above simulation, but when i manual no shut the Port channels on A -- Simulating the ports recovered, the continuous ping-test to the enclosure Failed.. Only after a reboot of B, it will normalize everything.

Before normalize, the B is showing vpc role secondary, opration primary. vice-versa for A showing operation secondary

hope someone can share some insight on this

Labels:
0 Helpful
4 Replies 4

richbarb
Cisco Employee
Cisco Employee

‎10-30-2013 10:26 PM

Hello there,

I really don't believe if your fixed 32(5548) or 48(5596) port module fail, you switch will be still running. But talking hypothetically, let's go.

When you say that all port-channels in N5k-A goes down, if include the po30 (peer-link) the N5k-B will put all your vpc member ports as suspended, assuming the keep-alive messages is working.

How could you protect against this?

Protect the peer-link as much you can, separate modules, more interfaces, protected cables, etc.

You can use track as well, this is a conflicting subject in the documentation. I guess the best that you can do is use hsrp with object track (if using L3) or just flap the peer-link after recovery (I didn't say that).

There are some references that can help.

https://supportforums.cisco.com/docs/DOC-29729#vPC_Layer_3_Connectivity_Recommendations

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/design_guide_c07-625857.pdf

0 Helpful

smart5
Level 1
Level 1
In response to richbarb

‎10-30-2013 11:27 PM

Actually it did happen to our DC in early january that N5K-A has all the 32 ports down and we rebooted that unit to restore it.

The peer keepalive link is working because it is using the mgmt interface. therefore N5K-B will shut down all its PO ports assuming N5K-A will function as the brain, but as all the ports are down.. none of the traffic are being forwarded.

0 Helpful

richbarb
Cisco Employee
Cisco Employee
In response to smart5

‎10-31-2013 05:30 AM

You can also create a dedicated vrf with one isolated interface for peer-keepalive in the module ports.

0 Helpful

AJ Cruz
Level 3
Level 3

‎11-02-2013 08:00 PM

2nd what Richard said. This is a good idea anyways if you ever plan on running DCNM as it will ONLY connect via mgmt0.


Sent from Cisco Technical Support Android App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents