Hi Reza

Yes, both are primaries of their respective roles: See below:

NYOCORESW01# show vpc br
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 21
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : primary
Number of vPCs configured         : 698
Peer Gateway                      : Enabled
Peer gateway excluded VLANs     : -
Dual-active excluded VLANs        : 901
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)

NYOCORESW01# show hsrp br

                     P indicates configured to preempt.

                     |

Interface   Grp Prio P State    Active addr      Standby addr     Group addr

Vlan20      1   105  P Active   local            10.96.20.251     10.96.20.254    (conf)

Vlan30      1   105  P Active   local            10.96.31.251     10.96.31.254    (conf)

Vlan40      1   105  P Active   local            10.96.40.251     10.96.40.254    (conf)

Vlan50      1   105  P Active   local            10.96.51.251     10.96.51.254    (conf)

Vlan90      1   105  P Active   local            10.96.90.251     10.96.90.254    (conf)

Vlan219     1   105  P Active   local            10.96.219.251    10.96.219.254   (conf)

Vlan901     1   105  P Active   local            10.96.254.123    10.96.254.126   (conf)

Both outputs are from the primary switch

Thanks

Anthony

Hi

If I shut it down, it goes via the primary and the device I had pinging constantly dropped 1 packet. Once I brought the interface back up it started responding for this device again. It's almost as if it is in a split brain scenario, but not causing issues other than sub-optimal routing.

I've attached the VPC config as well, just in case that is of use.

Thanks for looking

CORESW01# show run int vlan 30

version 5.2(1)N1(4)

interface Vlan30
  no shutdown
  mtu 9216
  description DESKTOP_30
  no ip redirects
  ip address 10.96.31.252/23
  ip router ospf 1 area 0.0.0.96
  ip pim sparse-mode
  hsrp 1
    preempt delay minimum 300
    priority 105
    ip 10.96.31.254
  ip dhcp relay address 10.100.110.4

CORESW02(config)# show run int vlan 30

version 5.2(1)N1(4)

interface Vlan30
  no shutdown
  mtu 9216
  description DESKTOP_30
  no ip redirects
  ip address 10.96.31.251/23
  ip router ospf 1 area 0.0.0.96
  ip pim sparse-mode
  hsrp 1
    priority 95
    ip 10.96.31.254
  ip dhcp relay address 10.100.110.4

CORESW01#show run vpc

version 5.2(1)N1(4)
feature vpc

vpc domain 21
  role priority 4000
  system-priority 4000
  peer-keepalive destination 10.96.255.129 source 10.96.255.130 vrf default
  delay restore 120
  dual-active exclude interface-vlan 901
  peer-gateway
  auto-recovery

CORESW02# show run vpc

version 5.2(1)N1(4)
feature vpc

vpc domain 21
  role priority 8000
  system-priority 4000
  peer-keepalive destination 10.96.255.130 source 10.96.255.129 vrf default
  delay restore 120
  dual-active exclude interface-vlan 901
  peer-gateway
  auto-recovery

Hi,

your config looks good and the vPC domain config also looks good.

Can you post "sh hsrp vlan 30" from both switches?

Also, just a hint, if you use HSRP ver 2, the group number can go up to 4094 versus the HSRP ver 1 is only 255.

So, for example: if you have a vlan id of 395, you can match the HSRP group with your vlan id.

see example:

interface Vlan395

  no ip redirects

  ip address 192.168.46.131/27

  no ipv6 redirects

  hsrp version 2

  hsrp 395

    priority 110

    ip 192.168.46.129

    no shutdown

HTH

Thanks Reza

See below. Aware of that with the HSRP standby groups. Just wasnt aware there was any real benefit?

Given that these are dual homed fex, and that the peer link will not be forwarding requests to vlan 30 .254 address over itself, is it just by nature that it has to be responded by the secondary switch if the fex is forwarding the traffic to the second switch at L2 rather than the first?

CORESW01# show hsrp interf vlan 30

Vlan30 - Group 1 (HSRP-V1) (IPv4)

  Local state is Active, priority 105 (Cfged 105), may preempt

    Forwarding threshold(for vPC), lower: 1 upper: 105

  Preemption Delay (Seconds) Minimum:300

  Hellotime 3 sec, holdtime 10 sec

  Next hello sent in 2.577000 sec(s)

  Virtual IP address is 10.96.31.254 (Cfged)

  Active router is local

  Standby router is 10.96.31.251 , priority 95 expires in 8.810000 sec(s)

  Authentication text "cisco"

  Virtual mac address is 0000.0c07.ac01 (Default MAC)

  5 state changes, last state change 01:40:38

  IP redundancy name is hsrp-Vlan30-1 (default)

CORESW02#  show hsrp interf vlan 30

Vlan30 - Group 1 (HSRP-V1) (IPv4)

  Local state is Standby, priority 95 (Cfged 95)

    Forwarding threshold(for vPC), lower: 1 upper: 95

  Hellotime 3 sec, holdtime 10 sec

  Next hello sent in 0.241000 sec(s)

  Virtual IP address is 10.96.31.254 (Cfged)

  Active router is 10.96.31.252, priority 105 expires in 7.410000 sec(s)

  Standby router is local

  Authentication text "cisco"

  Virtual mac address is 0000.0c07.ac01 (Default MAC)

  11 state changes, last state change 01:15:34

  IP redundancy name is hsrp-Vlan30-1 (default)

So, the FEXs are connected to 2 different 5ks using a vPC and the PC is connected to the host.

Now, when the PC sends a packet, the FEX run its hash algorithm to choose one uplink to carry the flow, and so in this case since there is only one PC, it will always take the same path and if that patch is towards the secondary 5k, than that is why you always see it going through that switch.  You can test this by disconnecting the uplink that connects the FEX to the secondary switch. Or if you put 2 PCs on the same FEX, you should see that one PC is hitting the primary and the other PC is hitting the secondary.

HTH