Cisco Nexus vPC unable to Ping port-channel server

Stryderusa · ‎06-27-2023

Non-Cisco network guy here just learning Cisco. I have setup vPC on two Nexus 9300 series switches - configured vpc peer keep-alive link, peer link, etd. i am not doing any special L3 routing except for the peer keep-alive link and inter-VLAN routing. Everything seems to be working with the vPC configuration - status show "up" and "successful". However, when I try to Ping any of my ESXi servers connected to these Nexus 9300 switches via virtual port-channels I get "no route to host" error messages. Note that ESXI vmkernel ports configured as regular access ports are reachable via Ping. This makes me think there must be a problem with the vPC configuration somewhere. Please help.

Reza Sharifi · ‎06-27-2023

Make sure your VPC peer link is a trunk port. Also, make sure you have the SVIs configured correctly for the vlans?

What is the output of " sh vpc det"?

HTH

Stryderusa · ‎06-27-2023

I am away from work and it is an isolated DC. I will post results tomorrow morning. Thanks!!

Stryderusa · ‎06-28-2023

"show vpc det" did not work, but "sho vpc brief" did. Here is the output:

SH_PFSW# sh vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 16
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 360s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans

-- ---- ------ -------------------------------------------------
1 Po29 up 10,100,200,300,400,600,700,800,900,999

vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
1 Po1 down* success success -

3 Po3 down* success success -

5 Po5 down* success success -

7 Po7 down* success success -

9 Po9 down* success success -

11 Po11 down* success success -

13 Po13 down* success success -

15 Po15 down* success success -

21 Po21 down* Not Consistency Check Not -

Applicable Performed

22 Po22 down* success success -

23 Po23 down* Not Consistency Check Not -

Applicable Performed

24 Po24 down* Not Consistency Check Not -

Applicable Performed

25 Po25 down* Not Consistency Check Not -

Applicable Performed

26 Po26 down* Not Consistency Check Not -

Applicable Performed

27 Po27 down* Not Consistency Check Not -

Applicable Performed

28 Po28 down* Not Consistency Check Not Consistency Check Not -

Applicable Performed

Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.

Stryderusa · ‎06-28-2023

Note that PO22 is currently down for maintenance, but it does work and shows "Up" and "Success" along with all the supported VLANs. This is the first and only port-channel connected so far.

MHM Cisco World · ‎06-27-2023

Can see vpc config

Only sure you config peer-gateway in both NSK tomorrow and rechecking again

MHM Cisco World · ‎06-28-2023

Peer Gateway : Disabled <<- this disable enable it

Also one more point why all Port channel except peer link is down ??

Stryderusa · ‎06-28-2023

I am just in process of setting up the port channels. PO22 is the first one and it is currently down for maintenance but was up yesterday.

Stryderusa · ‎06-28-2023

I did not configure peer-gateway. Is this the problem?

MHM Cisco World · ‎06-28-2023

I was first think that issue is peer-gateway but after I see vpc detail and see all PO is down I think you missing something,
did you config vpc under each port-channel (except peer-link)??

Stryderusa · ‎06-28-2023

All Pos are down because I am just in process of setting them up - they haven't been connected yet. PO22 is the first one connected and it worked - showed status "u" and "success" but had to take down for maintenance.
PLEASE EXPLAIN HOW Peer Gateway can resolve issue?

MHM Cisco World · ‎06-28-2023

Oh OK then
there are two SVI for each VLAN, one for each NSK SW,
SVI VLANx NSK-1 ping
the ESXi reply but the L2 hash is point to NSK-2 not to NSK-1
the NSK-2 receive this packet but it drop packet since the destination is SVI VLANx NSK-1
with peer-gateway NSK-2 can reply to any traffic even if it point to SVI VLANx NSK-1

Stryderusa · ‎06-28-2023

I have enabled peer-gateway with same result "host unreachable".

MHM Cisco World · ‎06-28-2023

Can I see show etherchannel summary?

Stryderusa · ‎06-28-2023

SH_BFSW# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
b - BFD Session Wait
S - Switched R - Routed
U - Up (port-channel)
p - Up in delay-lacp mode (member)
M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
--------------------------------------------------------------------------------
1 Po1(SD) Eth LACP Eth1/1(D) Eth1/2(D)
3 Po3(SD) Eth LACP Eth1/3(D) Eth1/4(D)
5 Po5(SD) Eth LACP Eth1/5(D) Eth1/6(D)
7 Po7(SD) Eth NONE --
9 Po9(SD) Eth NONE --
11 Po11(SD) Eth LACP Eth1/7(D) Eth1/8(D)
13 Po13(SD) Eth LACP Eth1/9(D) Eth1/10(D)
15 Po15(SD) Eth LACP Eth1/11(D) Eth1/12(D)
21 Po21(SD) Eth LACP Eth1/21(s)
22 Po22(SU) Eth LACP Eth1/22(P)
23 Po23(SD) Eth LACP Eth1/23(s)
24 Po24(SD) Eth LACP Eth1/24(s)
25 Po25(SD) Eth LACP Eth1/25(s)
26 Po26(SD) Eth LACP Eth1/26(s)
27 Po27(SD) Eth LACP Eth1/27(s)
28 Po28(SD) Eth LACP Eth1/28(s)
29 Po29(SU) Eth LACP Eth1/49(P) Eth1/50(P)