Nexus 5548UP VPC and/or VRRP problem

Guido Arturo Catalano · ‎10-26-2012

Hi, I have two 5548UP + L3 card with LAN_ENTERPRISE_SERVICES_PKG and FC license.

This two Nexus are the core of my network.

Eight stacks of 2960S are connected to both NX with an etherchannel formed by two SX-1G or two SR-10G.

I've checked the conf and maked a lot of test and everything works fine. BUT, two days after the people start working on the new building, about half of the PC don't even reach the default gateway. (Nexus VRRP)

I've turned off VRRP and it works for minutes.

The problem disappear if I shutdown one of the links to NX01 or NX02.

I followed the destination MAC of one PC with the problem and the ARP table looks OK but I guest the problem is related with a corruption in the ARP table anyway.

system image file is: bootflash:///n5000-uk9.5.2.1.N1.1a.bin

Thanks in advance!

Guido./

interface Vlanxx
no shutdown
ip address 10.xx.xx.1/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip dhcp relay address xxxxx
vrrp 80
address 10.xx.xx.1
! Actualy is in shutdown

interface port-channel55
switchport mode trunk
switchport trunk allowed vlan 1-300,303-4094
ip dhcp snooping trust
speed 10000
vpc 55

interface port-channel111
switchport mode trunk
switchport trunk allowed vlan 1-224
ip dhcp snooping trust
spanning-tree port type network
speed 10000
vpc peer-link

Reza Sharifi · ‎10-26-2012

Hi,

What is the output of "sh vpc"?

and sh vpc con global?

Marcel Zehnder · ‎10-26-2012

Hi Guido

First your VRRP configuration looks a bit strange. Could you please post the config of your interface vlan10 from both core Nexus Switches?

Second thing: It look's like you don't allow all vPC Vlans on your peer link - That may be not related to your problem, but maybe there's a vPC issue.

Please post SVI 10 and vPC configuration.

/Marcel

Guido Arturo Catalano · ‎10-26-2012

Hi, in the attached file I've pasted the sh vpc commands and the full conf of int vl80.

vPC peer link has filtered vlans 225,301 and 302 because they are used for VSAN and my VSANs are local on each Nexus.

Guido./

ajay chauhan · ‎10-26-2012

Looks like you have configured same IP on physical and for standby. is this typo or configured on device ?

!----------- NX01 ----------------------------------------------

interface Vlan80
no shutdown
ip address 10.xx.80.1/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip dhcp relay address xxxxx
vrrp 80
address 10.xx.80.1
! Actualy is in shutdown

!----------- NX02 ----------------------------------------------

!NX02
interface Vlan80
no shutdown
ip address 10.xx.80.2/24
ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
ip dhcp relay address x
vrrp 80
address 10.x.80.1

Also -Peer Gateway : Disabled

Optional but can be turnon to make both in forwarding mode.

Thanks

Ajay

Guido Arturo Catalano · ‎10-30-2012

Hi, in VRRP you can use the same ip for virtual and phisical. The router with the IP of the VRRP, is alwals the primary (obviously!).

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/unicast/configuration/guide/l3_vrrp.html#wp1074713

And I followed this note

"Note

You should configure VRRP on the primary vPC peer device as active and VRRP on the vPC secondary device as standby."

Thanks

Guido

Reza Sharifi · ‎10-30-2012

Can you change the physical interface on NX01 to a different IP and not the same as the virtual IP and test again?

ezy · ‎11-27-2013

Hi Guido,

did you solve that problem? And how did you do it? I have a simliar problem with arp entrys.

Thanks in advance

Erich

Guido Arturo Catalano · ‎11-27-2013

Hi Eric,

yes I solved this problem and another one which was related to Windows 2003 DHCP server and option 82.

The ARP/VRRP problem was solved using peer-gateway and ip arp synchronize.

This is my final config:

vpc domain 11

role priority 1

peer-keepalive destination y.x.x.6 source y.x.x.5

delay restore 150

peer-gateway

auto-recovery reload-delay 300

ip arp synchronize

please drop a line if this help you!

Guido.