cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2157
Views
0
Helpful
6
Replies
tommy182
Beginner

Inter VRF connection to the same VPC Switch pair

Hello Friends!

Please give me some advice.

Is it possible to implement Transparent Failover cluster(FTD) between two VRFs on the same VPC pair(Nexus 7706)?

In general I need to do inter-VRF routing on the same pair of switches participating in VPC.

I use two VLANs(outside\inside) that connected to Transparent firewall.

I assign SVI in both VLANs to both VPC peers and put this SVI to appropriate VRFs.

Also I bound to each SVI a unique mac address.

It looks like a loop for me, each switch connects to himself(through Firewall BVI) and it looks scary for me.

But in the end all works.

There is no loop as I can see, ping between SVI in different VRFs pass through Firewall.

Maybe I need to do another tweaks for this topology?

There is strange output from spanning tree where not all BPDU sent and received accordingly, and Topology change comment I see

Looks like I missed something...

 

Logical TopologyLogical Topology

 

Physical TopologyPhysical Topology

 

There is output from one VPC member

 

nx7-1_DC2-EDGE_CORE# sh spanning-tree vlan 1031 detail
VLAN1031 is executing the rstp compatible Spanning Tree protocol
Bridge Identifier has priority 32768, sysid 1031, address 0023.04ee.beaf
Configured hello time 2, max age 20, forward delay 15
Current root has priority 33798, address 0023.04ee.beaf
Root port is 5126 (port-channel1031), cost of root path is 1
Topology change flag not set, detected flag not set
Number of topology changes 3 last change occurred 1:31:45 ago
from port-channel1031
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15 
Timers: hello 0, topology change 0, notification 0

Port 4096 (port-channel1, vPC Peer-link) of VLAN1031 is designated forwarding 
Port path cost 1, Port priority 128, Port Identifier 128.4096
Designated root has priority 33798, address 0023.04ee.beaf
Designated bridge has priority 0, address 00de.fb1e.9743
Designated port id is 128.4096, designated path cost 1
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port type is network
Link type is point-to-point by default
BPDU: sent 12294, received 12294

Port 5126 (port-channel1031, vPC) of VLAN1031 is root forwarding 
Port path cost 1, Port priority 128, Port Identifier 128.5126
Designated root has priority 33798, address 0023.04ee.beaf
Designated bridge has priority 33798, address 0023.04ee.beaf
Designated port id is 128.5126, designated path cost 0, Topology change is set
Timers: message age 15, forward delay 0, hold 0
Number of transitions to forwarding state: 2
Link type is point-to-point by default
BPDU: sent 4, received 5131

nx7-1_DC2-EDGE_CORE# sh spanning-tree vlan 1031

VLAN1031
Spanning tree enabled protocol rstp
Root ID Priority 33798
Address 0023.04ee.beaf
Cost 1
Port 5126 (port-channel1031)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 33799 (priority 32768 sys-id-ext 1031)
Address 0023.04ee.beaf
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 1 128.4096 (vPC peer-link) Network P2p
Po1031 Root FWD 1 128.5126 (vPC) P2p

nx7-1_DC2-EDGE_CORE# sh spanning-tree vlan 1030 detail VLAN1030 is executing the rstp compatible Spanning Tree protocol Bridge Identifier has priority 32768, sysid 1030, address 0023.04ee.beaf Configured hello time 2, max age 20, forward delay 15 We are the root of the spanning tree Topology change flag not set, detected flag not set Number of topology changes 4 last change occurred 1:19:20 ago from port-channel1031 Times: hold 1, topology change 35, notification 2 hello 2, max age 20, forward delay 15 Timers: hello 0, topology change 0, notification 0 Port 4096 (port-channel1, vPC Peer-link) of VLAN1030 is designated forwarding Port path cost 1, Port priority 128, Port Identifier 128.4096 Designated root has priority 33798, address 0023.04ee.beaf Designated bridge has priority 0, address 00de.fb1e.9743 Designated port id is 128.4096, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 1 The port type is network Link type is point-to-point by default BPDU: sent 10262, received 10263 Port 5126 (port-channel1031, vPC) of VLAN1030 is designated forwarding Port path cost 1, Port priority 128, Port Identifier 128.5126 Designated root has priority 33798, address 0023.04ee.beaf Designated bridge has priority 33798, address 00de.fb1e.9743 Designated port id is 128.5126, designated path cost 0 Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state: 2 Link type is point-to-point by default BPDU: sent 2382, received 4

nx7-1_DC2-EDGE_CORE# sh spanning-tree vlan 1030
VLAN1030
Spanning tree enabled protocol rstp
Root ID Priority 33798
Address 0023.04ee.beaf
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 33798 (priority 32768 sys-id-ext 1030)
Address 0023.04ee.beaf
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 1 128.4096 (vPC peer-link) Network P2p
Po1031 Desg FWD 1 128.5126 (vPC) P2p

 

Thanks,

Tom

 

6 REPLIES 6
Georg Pauwen
VIP Master

Hello,

 

post the output of:

 

show spanning-tree vlan 1030

show spanning-tree vlan 1031

 

from both VPC members. Make sure the STP priority is the same for both VLANs on both VPC members...