We use a special VLAN for the

patoberli · ‎07-18-2017

Hi All

We have two 5548UP which are in a vpc. Both of them have two connected FEX, single homed.

ISSU check failed on the secondary switch, while it worked on the primary. The failure is caused by the keepalive port?!?

Any ideas?

First primary then secondary switch.

5548-8067-3# show spanning-tree issu-impact

For ISSU to Proceed, Check the Following Criteria :
1. No Topology change must be active in any STP instance
2. Bridge assurance(BA) should not be active on any port (except MCT)
3. There should not be any Non Edge Designated Forwarding port (except MCT)
4. ISSU criteria must be met on the VPC Peer Switch as well

Following are the statistics on this switch

No Active Topology change Found!
Criteria 1 PASSED !!

No Ports with BA Enabled Found!
Criteria 2 PASSED!!

No Non-Edge Designated Forwarding Ports Found!
Criteria 3 PASSED !!

ISSU Can Proceed! Check Peer Switch.

5548-8067-3# sho run int e1/24

!Command: show running-config interface Ethernet1/24
!Time: Tue Jul 18 14:41:33 2017

version 7.0(8)N1(1)

interface Ethernet1/24
  description keepalive peer link
  switchport mode trunk
  switchport trunk allowed vlan 862
  spanning-tree port type edge trunk
  speed 1000

5548-8067-3#

5548-8067-4# show spanning-tree issu-impact
For ISSU to Proceed, Check the Following Criteria :
1. No Topology change must be active in any STP instance
2. Bridge assurance(BA) should not be active on any port (except MCT)
3. There should not be any Non Edge Designated Forwarding port (except MCT)
4. ISSU criteria must be met on the VPC Peer Switch as well

Following are the statistics on this switch

No Active Topology change Found!
Criteria 1 PASSED !!

No Ports with BA Enabled Found!
Criteria 2 PASSED!!

List of all the Non-Edge Ports

Port             VLAN Role Sts Tree Type Instance
---------------- ---- ---- --- --------- ---------
Ethernet1/24      862 Desg FWD  PVRST       862

Criteria 3 FAILED !!

ISSU Cannot Proceed! Change the above Config

5548-8067-4# sh ru int e1/24

!Command: show running-config interface Ethernet1/24
!Time: Tue Jul 18 14:29:56 2017

version 7.0(8)N1(1)

interface Ethernet1/24
  description keepalive peer link
  switchport mode trunk
  switchport trunk allowed vlan 862
  spanning-tree port type edge trunk
  speed 1000
5548-8067-4#

Reza Sharifi · ‎07-18-2017

Hi,

Maybe not related to your issue, but why is the keep-alive link configured as trunk? It should be an access port.

Can you post "sh vpc det" from both switches?

HTH

patoberli · ‎07-18-2017

We use a special VLAN for the keepalive link, running in the default vrf. We were advised to use a trunk when we did the setup some ~5 years ago, maybe the guidelines have changed since ;)

5548-8067-3# sh vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
vPC domain id                     : 40  
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : primary                       
Number of vPCs configured         : 9   
Peer Gateway                      : Enabled
Peer gateway excluded VLANs     : -
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)
vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po100  up     1-2,12,14-18,20-21,23-24,28,32,40,44,60,90-91,100-        
                   104,111-112,114,116-117,140-141,144-145,192,200,20        
                   4,208,210,212,214,216,218,224,228-229,231-232,240,        
                   400,612-613,861,864-869,871,873,900,997-999              
vPC status
----------------------------------------------------------------------------
id     Port        Status Consistency Reason                     Active vlans
------ ----------- ------ ----------- -------------------------- -----------
40     Po40        up     success     success                    1-2,12,14-1 
                                                                 8,20-21,23- 
                                                                 24,28,32,40 
                                                                 ,44,60,90-9 
                                                                 1,100-10....
201    Po201       down*  success     success                    -           
202    Po202       down*  success     success                    -           
203    Po203       down*  success     success                    -           
206    Po206       up     success     success                    12,90-91    
207    Po207       up     success     success                    12,90-91    
208    Po208       up     success     success                    12,20,90-91 
209    Po209       up     success     success                    12,20,90-91 
210    Po210       up     success     success                    14-18,116-1 
                                                                 17,141,200, 
                                                                 204,208,210 
                                                                 ,212,214,21 
                                                                 6,218,23....

5548-8067-4# sh vpc 
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 40  
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : secondary                     
Number of vPCs configured         : 9   
Peer Gateway                      : Enabled
Peer gateway excluded VLANs     : -
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled (timeout = 240 seconds)

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po100  up     1-2,12,14-18,20-21,23-24,28,32,40,44,60,90-91,100-        
                   104,111-112,114,116-117,140-141,144-145,192,200,20        
                   4,208,210,212,214,216,218,224,228-229,231-232,240,        
                   400,612-613,861,864-869,871,873,900,997-999

vPC status
----------------------------------------------------------------------------
id     Port        Status Consistency Reason                     Active vlans
------ ----------- ------ ----------- -------------------------- -----------
40     Po40        up     success     success                    1-2,12,14-1 
                                                                 8,20-21,23- 
                                                                 24,28,32,40 
                                                                 ,44,60,90-9 
                                                                 1,100-10....
201    Po201       down*  success     success                    -           
202    Po202       down*  success     success                    -           
203    Po203       down*  success     success                    -           
206    Po206       up     success     success                    12,90-91    
207    Po207       up     success     success                    12,90-91    
208    Po208       up     success     success                    12,20,90-91 
209    Po209       up     success     success                    12,20,90-91 
210    Po210       up     success     success                    14-18,116-1 
                                                                 17,141,200, 
                                                                 204,208,210 
                                                                 ,212,214,21 
                                                                 6,218,23....

I also found an error message in the logfile about the peer-link, which I think is the reason for this issue:

2016 Jul 29 14:15:23 5548-8067-3 %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 862 on Interface port-channel40 are being suspended. (Reason: Vlan is not allowed on Peer-link)

Predrag Jovic · ‎07-18-2017

If that link is intended to be keepalive link both ports missing
interface Ethernet1/24
vpc peer-link

patoberli · ‎07-18-2017

It's not the peer-link, it's the keepalive-link (which doesn't need a special commando based on guidelines).

Nexus 5500 ISSU failed because of keepalive link