Need some help with Nexus VPC Switching

andy-cisco · ‎08-21-2024

Hi,

I'm having a strange issue an I'm not the best with understanding VPC so I was hoping someone might be able to help me out here.

I have two SDWAN devices that are connected to their respective core device (sdwan-a to core a and sdwan-b to core-b) but I would like each sdwan to talk BGP to both core-a and core-b. The issue I'm having is I don't have enough ports on the sdwan to make a physical connection to both so I tried to create a trunk form each sdwan and run two vlan's over the trunk. I'm able to get the sdwan-b unit working as expected but sdwan-a will not pass traffic though the core-a to core-b.

Does anyone have any idea why sdwan-b can talk to both core-a and core-b but sdwan-a can only talk to core-a?

Additional information:

All 4 vlans are /30 ranges

All 4 vlans are create on both core-a and core-b

VPC peer link has all vlans

sdwan trunk ports are just normal trunk ports

core-a has no mac addresses for local svi

core-b has no mac addresses for local svi

core-a has mac address for both remote sdwan IP's

core-b has mac address for sdwan-b but no mac address for sdwan-a

At this point I'm thinking for some reason that the mac address for sdwan-a on vlan 20 is not getting passed through core-a but I do not know why.

Any help would be great.

Andy

MHM Cisco World · ‎08-21-2024

Show vpc breif <<- you will see svi type-2 inconsistent check failed.

What you try here is orphan connect and disable SVI in or not config vpc vlan in both NSK

That so wrong.

MHM

andy-cisco · ‎08-21-2024

HI MHM,

You miss typed in your statement, you put vpn, I take it to mean you were going for vpc.

If that is the case, yes I am getting

Type-2 inconsistency reason : SVI type-2 configuration incompatible

Where I'm running in problem is understanding "orphan connect and disable SVI in or not config vpc vlan in both NSK".

Are you suggesting that I take the svi's out of the VPC peer link? Would I then need to create another trunk between the cores that would allow the 4 vlans I'm talking about here?

Andy

MHM Cisco World · ‎08-21-2024

Why you need vlan connect to each SDWAN to pass over link interconnect two NSK?

MHM

andy-cisco · ‎08-21-2024

I would normally connect both sdway to both cores via a independent link for each connection but in the case I had to allow for a VRF connection off the sdwan. That stole a port I would normally have free to make a direct connection. Until I can upgrade the sdwan model to one with more ports I'm stuck with this method.

In this design I normally have all traffic go through the primary sdwan box but without bgp to the second core the traffic from the second core is being forwarded over the secondary/backup sdwan - this is creating an asymmetric routing. I know this would be fixed by running bgp between the cores but that was not setup.

It's also very interesting to me why sdwan-b can create the bgp peer to both core-a and core-b but sdwan-a is having an issue.

Can you explain more on how to solve the current failure of sdwan-a not talking to core-b? I did not follow the "orphan connect and disable SVI in or not config vpc vlan in both NSK".

Thanks,

Andy

MHM Cisco World · ‎08-21-2024

Let me do lab check one think update you tonight.

So the goal here is connect both sdwan to both cores?

MHM

MHM Cisco World · ‎08-22-2024

under vpc domain I run
peer-gateway
layer3 peer-router

and I advertise VLAN 110 IP and you can see both router can see the VLAN110 from both NSK

MHM

andy-cisco · ‎08-23-2024

I appreciate your help here but I guess my issue is a bit different. I'm running a trunk between the SDWAN device and the core. Each SDWAN device has two IP's, both /30 ranges.

In your example it looks like you used one vlan and each sdwan has only one IP.

In doing it the way I'm doing it is it possible to get it to work. In normal switching it would work but something about this Nexus VPC is screwing up the layer 2 traffic crossing the core on only one of the SDWANs. If both SDWANs did not work I would say its not possible but for SDWAN-b to have both neighbors and SDWAN-a to only have one neighbor is make me wonder why.

I'm now thinking what if I created a trunk between the two cores that allowed only vlan 20 and 30 and removed those vlans from the VPC link - would normal layer 2 spanning tree work there?

Andy

MHM Cisco World · ‎08-23-2024

Why you need to run trunk? The ebgp need one IP' and Yes you are correct I use one vlan connect all four devices 2xnsk and 2xrouters

MHM

andy-cisco · ‎08-23-2024

Its just the way its currently configured and I'm trying to figure out why its not working this way.

Andy

MHM Cisco World · ‎08-24-2024

this for trunk

Case2

MHM Cisco World · ‎08-25-2024

if you need also I can run lab to use dedicate trunk between two NSK allow non-vpc vlan
and use this non-vpc vlan for bgp ?
just confirm

Thanks

MHM

MHM Cisco World · ‎08-26-2024

friend dont add other trunk before you check the STP mode use in NSK
MHM

andy-cisco · ‎08-26-2024

Sorry not getting back to you quicker. I'm been a long weekend.

Regarding the testing of the additional trunk between the two Nexus device I would be great if you have the time to test that.

When you say check the STP mode. Is there a way to set the STP mode on a trunk that is not participating in the VPC settings?

Andy

MHM Cisco World · ‎08-26-2024

Take your time I will try help you as much as I can.

Regarding stp' if you run mst not pvst the there will be two link between two NSK and one will be stp blk and NSK prevent peer-link to be blk so your additional trunk will be blk and that break ebgp

So when you do show spanning tree

What mode you see

Rapid pvst or mst ?

Sure I will run lab for you friend don't worry

MHM