Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1037
Views
10
Helpful
3
Replies

Extended L2 with black fiber, vpc and avoinding loops

Go to solution
ANAKIN_TN
Level 1
Level 1

‎04-20-2020 05:14 AM

Hello everyone,

 

Im plannig to deploy a stack of cisco catalyst on my client site, those switches will be connected with 2 black fiber.

i created a vlan fot interconnection the firewall on my datacenter and the firewall on the client side, my questions are:

image.png

 

 

It's possible de do it over black fiber  like on the picture ? if yes how vpc is ok ?

the interconnection vlan can be trunked to the cisco stack or i can create the vlan on on the nexus switches and configure the ports on access mode for connection the catalyst? 

How can i avoid spanning tree loops to impact my cisco nexus 5K ?

If a loop happend on the cisco catalyst stack it can impact my nexus ? 

can configure it to fail over instead of load balancing ?

 

Thank you in advance for your help

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to ANAKIN_TN

‎04-20-2020 09:10 AM

  • No my cisco nexus switch are not the STP root, but how can avoid the nexus to be root and trigger the calculate of the spanning tree table ?

That's ok. If your Nexus switches are not root, do not enable peer-switch. The STP will function normally. Check this article on how the vPC peer switches will function in respect to STP with and without peer-switch: https://www.cisco.com/c/en/us/support/docs/routers/7000-series-routers/116140-config-nexus-peer-00.html 

  • Should i configure those options on the nexus too 

I strongly recommend you to enable mac move notification. This will help you in RCAs in case something happens in the network. Regarding storm control.. well. This feature requires some network analysis before enabling it. More specifically you need to know the expected percentage of unicast/broadcast/multicast traffic in your network. If you do not know that, I would not recommend to enable it.

 

  • Can you give me please an configuration exemple, suppose that i create the port channel on each 5K switch and then on my 5k-1/port 1 i configure channel group xx mode active, but on my 5k-2/port 1 i dont configure any channel group just a switch port mode trunk with allowed vlans this is an orphan port ? and it will be fail overing ?  

Yes. Orphan port means a non-vpc configured interface. Basically, if you do not configure vpc, you will have 2 different interfaces/port-channels between N5K and catalyst stack.

 

  • Example with vPC:
N5K1:
interface po10
  switchport mode trunk
  vpc 10

interface e1/1
  channel-group 10

N5K2:
interface po10
  switchport mode trunk
  vpc 10

interface e1/1
  channel-group 10

 

  • Non-vpc example
N5K1:
interface e1/1
  switchport mode trunk

N5K2:
interface e1/1
  switchport mode trunk

Note: in non-vpc example, if you configure port-channel, make sure you have different port-channel number on the two N5K switches. But again, there is literally no advantage of having this config. Quite the opposite.

 

Cheers,

Sergiu

 

View solution in original post

3 Replies 3

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎04-20-2020 05:57 AM - edited ‎04-20-2020 05:59 AM

Hi,

  • It's possible de do it over black fiber like on the picture ? if yes how vpc is ok ?

Yes, you can configure vPC over dark fiber.  vPC is just a Layer 2 virtualization technology, so it will work normally as it should.

  • the interconnection vlan can be trunked to the cisco stack or i can create the vlan on on the nexus switches and configure the ports on access mode for connection the catalyst?

Better go with the trunk between the Catalyst and Nexus.

  • How can i avoid spanning tree loops to impact my cisco nexus 5K ?

vPC has built-in loop prevention mechanisms, so you do not have to worry about this. You can however improve the convergence in the network through the use of vPC peer-switch features (in case your Nexus switch is the STP root).

  • If a loop happend on the cisco catalyst stack it can impact my nexus ?

If there is a layer2 loop in the network, there are a couple of features which can minimize the impact:

-  disable mac learning if mac is flapping on high rate between different ports:

https://www.cisco.com/c/en/us/support/docs/switches/nexus-5000-series-switches/116200-qanda-nexus5000-00.html 

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/213906-nexus-9000-mac-move-troubleshooting-and.html 

-  storm control:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/traffstorm.html 

  • can configure it to fail over instead of load balancing ?

You can leave the ports configured as normal orphan ports, and STP will take care of the loop/fail over, BUT there is NO reason nor advantage to do this. vPC is one of the most mature and stable feature on Nexus switches. You should go for it.

 

Cheers,

Sergiu

Go to solution
ANAKIN_TN
Level 1
Level 1
In response to Sergiu.Daniluk

‎04-20-2020 07:16 AM

Hello  msdaniluk,

 

Im happpy and honored that you reply so fast and effectively to my question thank you man  so :

 

 

Re: Extended L2 with black fiber, vpc and avoinding loops

 

Hi,

  • It's possible de do it over black fiber like on the picture ? if yes how vpc is ok ?

Yes, you can configure vPC over dark fiber.  vPC is just a Layer 2 virtualization technology, so it will work normally as it should.

  • the interconnection vlan can be trunked to the cisco stack or i can create the vlan on on the nexus switches and configure the ports on access mode for connection the catalyst?

Better go with the trunk between the Catalyst and Nexus.

  • How can i avoid spanning tree loops to impact my cisco nexus 5K ?

vPC has built-in loop prevention mechanisms, so you do not have to worry about this. You can however improve the convergence in the network through the use of vPC peer-switch features (in case your Nexus switch is the STP root).

  • No my cisco nexus switch are not the STP root, but how can avoid the nexus to be root and trigger the calculate of the spanning tree table ?

 

  • If a loop happend on the cisco catalyst stack it can impact my nexus ?

If there is a layer2 loop in the network, there are a couple of features which can minimize the impact:

-  disable mac learning if mac is flapping on high rate between different ports:

https://www.cisco.com/c/en/us/support/docs/switches/nexus-5000-series-switches/116200-qanda-nexus5000-00.html 

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/213906-nexus-9000-mac-move-troubleshooting-and.html 

-  storm control:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/traffstorm.html 

  • Should i configure those options on the nexus too 

 

  • can configure it to fail over instead of load balancing ?

You can leave the ports configured as normal orphan ports, and STP will take care of the loop/fail over, BUT there is NO reason nor advantage to do this. vPC is one of the most mature and stable feature on Nexus switches. You should go for it.

  • Can you give me please an configuration exemple, suppose that i create the port channel on each 5K switch and then on my 5k-1/port 1 i configure channel group xx mode active, but on my 5k-2/port 1 i dont configure any channel group just a switch port mode trunk with allowed vlans this is an orphan port ? and it will be fail overing ?  

Cheers,

Cheers

0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to ANAKIN_TN

‎04-20-2020 09:10 AM

  • No my cisco nexus switch are not the STP root, but how can avoid the nexus to be root and trigger the calculate of the spanning tree table ?

That's ok. If your Nexus switches are not root, do not enable peer-switch. The STP will function normally. Check this article on how the vPC peer switches will function in respect to STP with and without peer-switch: https://www.cisco.com/c/en/us/support/docs/routers/7000-series-routers/116140-config-nexus-peer-00.html 

  • Should i configure those options on the nexus too 

I strongly recommend you to enable mac move notification. This will help you in RCAs in case something happens in the network. Regarding storm control.. well. This feature requires some network analysis before enabling it. More specifically you need to know the expected percentage of unicast/broadcast/multicast traffic in your network. If you do not know that, I would not recommend to enable it.

 

  • Can you give me please an configuration exemple, suppose that i create the port channel on each 5K switch and then on my 5k-1/port 1 i configure channel group xx mode active, but on my 5k-2/port 1 i dont configure any channel group just a switch port mode trunk with allowed vlans this is an orphan port ? and it will be fail overing ?  

Yes. Orphan port means a non-vpc configured interface. Basically, if you do not configure vpc, you will have 2 different interfaces/port-channels between N5K and catalyst stack.

 

  • Example with vPC:
N5K1:
interface po10
  switchport mode trunk
  vpc 10

interface e1/1
  channel-group 10

N5K2:
interface po10
  switchport mode trunk
  vpc 10

interface e1/1
  channel-group 10

 

  • Non-vpc example
N5K1:
interface e1/1
  switchport mode trunk

N5K2:
interface e1/1
  switchport mode trunk

Note: in non-vpc example, if you configure port-channel, make sure you have different port-channel number on the two N5K switches. But again, there is literally no advantage of having this config. Quite the opposite.

 

Cheers,

Sergiu

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card