Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2436
Views
0
Helpful
6
Replies

Inter VRF connection to the same VPC Switch pair

tommy182
Beginner
Beginner

‎09-27-2018 11:47 AM - edited ‎03-08-2019 04:15 PM

Hello Friends!

Please give me some advice.

Is it possible to implement Transparent Failover cluster(FTD) between two VRFs on the same VPC pair(Nexus 7706)?

In general I need to do inter-VRF routing on the same pair of switches participating in VPC.

I use two VLANs(outside\inside) that connected to Transparent firewall.

I assign SVI in both VLANs to both VPC peers and put this SVI to appropriate VRFs.

Also I bound to each SVI a unique mac address.

It looks like a loop for me, each switch connects to himself(through Firewall BVI) and it looks scary for me.

But in the end all works.

There is no loop as I can see, ping between SVI in different VRFs pass through Firewall.

Maybe I need to do another tweaks for this topology?

There is strange output from spanning tree where not all BPDU sent and received accordingly, and Topology change comment I see

Looks like I missed something...

 

Logical TopologyLogical Topology

 

Physical TopologyPhysical Topology

 

There is output from one VPC member

 

nx7-1_DC2-EDGE_CORE# sh spanning-tree vlan 1031 detail
VLAN1031 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 1031, address 0023.04ee.beaf
Configured hello time 2, max age 20, forward delay 15
Current root has priority 33798, address 0023.04ee.beaf
Root port is 5126 (port-channel1031), cost of root path is 1
Topology change flag not set, detected flag not set
Number of topology changes 3 last change occurred 1:31:45 ago
from port-channel1031
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15 
Timers: hello 0, topology change 0, notification 0

Port 4096 (port-channel1, vPC Peer-link) of VLAN1031 is designated forwarding 
Port path cost 1, Port priority 128, Port Identifier 128.4096
Designated root has priority 33798, address 0023.04ee.beaf
Designated bridge has priority 0, address 00de.fb1e.9743
Designated port id is 128.4096, designated path cost 1
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port type is network
Link type is point-to-point by default
BPDU: sent 12294, received 12294

Port 5126 (port-channel1031, vPC) of VLAN1031 is root forwarding 
Port path cost 1, Port priority 128, Port Identifier 128.5126
Designated root has priority 33798, address 0023.04ee.beaf
Designated bridge has priority 33798, address 0023.04ee.beaf
Designated port id is 128.5126, designated path cost 0, Topology change is set
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 4, received 5131

nx7-1_DC2-EDGE_CORE# sh spanning-tree vlan 1031

VLAN1031
 Spanning tree enabled protocol rstp
 Root ID Priority 33798
 Address 0023.04ee.beaf
 Cost 1
 Port 5126 (port-channel1031)
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

 Bridge ID Priority 33799 (priority 32768 sys-id-ext 1031)
 Address 0023.04ee.beaf
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1    Desg FWD 1 128.4096 (vPC peer-link) Network P2p 
Po1031 Root FWD 1 128.5126 (vPC) P2p 




nx7-1_DC2-EDGE_CORE# sh spanning-tree vlan 1030 detail
VLAN1030 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 1030, address 0023.04ee.beaf
Configured hello time 2, max age 20, forward delay 15
We are the root of the spanning tree
Topology change flag not set, detected flag not set
Number of topology changes 4 last change occurred 1:19:20 ago
from port-channel1031
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15 
Timers: hello 0, topology change 0, notification 0

Port 4096 (port-channel1, vPC Peer-link) of VLAN1030 is designated forwarding 
Port path cost 1, Port priority 128, Port Identifier 128.4096
Designated root has priority 33798, address 0023.04ee.beaf
Designated bridge has priority 0, address 00de.fb1e.9743
Designated port id is 128.4096, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port type is network
Link type is point-to-point by default
BPDU: sent 10262, received 10263

Port 5126 (port-channel1031, vPC) of VLAN1030 is designated forwarding 
Port path cost 1, Port priority 128, Port Identifier 128.5126
Designated root has priority 33798, address 0023.04ee.beaf
Designated bridge has priority 33798, address 00de.fb1e.9743
Designated port id is 128.5126, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 2382, received 4

nx7-1_DC2-EDGE_CORE# sh spanning-tree vlan 1030
VLAN1030
 Spanning tree enabled protocol rstp
 Root ID Priority 33798
 Address 0023.04ee.beaf
 This bridge is the root
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Bridge ID Priority 33798 (priority 32768 sys-id-ext 1030)
 Address 0023.04ee.beaf
 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1    Desg FWD 1 128.4096 (vPC peer-link) Network P2p 
Po1031 Desg FWD 1 128.5126 (vPC) P2p

 

Thanks,

Tom

 

Labels: