Re: Network Failure when vPC primary switch restarts

atemple · ‎04-14-2020

Hi all,

I experienced a network outage the other day which i don't fully understand and am hoping the community might be able to help me.

Our infrastructure (which i have inherited) has a number of Hyper V servers connected via 2 Cisco Nexus 3048TP switches. To provide redundancy the switches are setup with vPCs to the Hyper V servers (each server has 4 NICs, 2 to each switch). My understanding is that in the event of a switch failure everything will keep working just with reduced bandwidth however, this is not what happened.

The issue came about when one of the switch (which is the primary switch in the vPC domain) restarted unexpectedly and all of the servers lost all connectivity. Looking at the logs of the switch that stayed up all the interfaces connected to the servers dropped and didn't come back up until the primary switch restarted.

Again my understanding is that the secondary switch should have detected the failure of the primary, promoted itself to the primary and took over the forwarding of traffic. Is this not the case?

Any help/pointers would be appreciated.

Thanks,

atemple

Reza Sharifi · ‎04-14-2020

Hi,

A few questions:

Are all the vlans part of the vPC link between the 2 switches?

Is the primary switch STP root?

Is the primary switch VRRP or HSRP active?

Are the connections from the servers in Portchannels or just individual trunk ports?

HTH

atemple · ‎04-15-2020

Hi,

Thanks for your help on this. The answers to your questions are as follows:

It looks like the vPC link between the switches only has it's native VLAN configured and not the other VLANs
The primary vPC switch is the root bridge for STP
The primary switch does not have VRRP or HSRP configured
All connections to the servers are port channels

Hope this make sense.

Thanks,

ATemple

Reza Sharifi · ‎04-15-2020

Hi,

It looks like the vPC link between the switches only has it's native VLAN configured and not the other VLANs

Defiantly an issue here as all vlans needed to be included in the link that connects the 2 switches together, if not fail-over will not work correctly.

The primary switch does not have VRRP or HSRP configured

If theses switches are the gateways for the vlans, there needs to be VRRP or HSRP configured on both switches to provide redundancy for end devices.

HTH

atemple · ‎04-15-2020

Hi,

Thanks for this information.

I can amend the config to add all the VLANs to the vPC peer link. Would you be able to elaborate as to why this is required in relation to getting the fail-over to work? Sorry for my ignorance i just want to make sure i fully understand what is required here.

The switches do not act as the gateway for the VLANs so would i be correct in saying HSRP is not required?

Thanks,

ATemple

Reza Sharifi · ‎04-15-2020

Have a look at this document. Also, see page 2 regarding the need for a trunk link for the vPC peer link.

The switches do not act as the gateway for the VLANs so would i be correct in saying HSRP is not required?

That is correct.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/interfaces/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Interfaces_Configuration_Guide/configuring_vpcs.pdf

HTH