Solved: Nexus SVI config using vPC

mpellegrino12 · ‎08-08-2015

I am upgrading our core switches from Cat 6506E to Nexus 56128P. The current setup is 2 6506E using VSS. So both switches are managed from 1 IP and all SVI created are on both switches. For example the host at the bottom of the picture I attached has an IP address of 172.29.1.15 with a default gateway that is 172.29.1.1 which is attached to a layer2 switch that is connected using 1 link to each core in an etherchannel. Either core can route the traffic depending which direction the traffic goes

So now im upgrading the two 6506E to the 56128P. The nexus series does not share the same control plane and are managed from separate IP addresses. So in the same scenario the host still has a default gateway of 172.29.1.1. traffic is sent to the layer 2 switch then using vPC back to the 2 cores, The problem is the SVI that is created for vlan 50 on core 1 has the IP address of 172.29.1.1 so I don't think core 2 can share that IP. I want both cores to be able to route the traffic just as VSS would do. Cant both nexus series have the same SVI ip address? Would I need to setup HSRP ? What is the best way to set this up. Please take a look at the attached file for a better idea what I'm talking about. Thanks

Jon Marshall · ‎08-08-2015

Yes you use HSRP and both switches are active for the HSRP VIP address ie. it doesn't matter which switch the packet is sent to, that switch will forward the packet on to the destination.

See this configuration guide for details -

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/unicast/7x/unicast_n5600_config/l3_hsrp.html

Also note the section in the above link about the "vpc peer-gateway" command. It might be neeeded because some storage vendors actually use the physical interface mac address rather than the HSRP VIP mac address to forward traffic and that would mean traffic having to go across the vPC to the active HSRP router which wouldn't work properly so you may or may not need it.

Jon

View solution in original post

Jon Marshall · ‎08-08-2015

Yes you use HSRP and both switches are active for the HSRP VIP address ie. it doesn't matter which switch the packet is sent to, that switch will forward the packet on to the destination.

See this configuration guide for details -

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/unicast/7x/unicast_n5600_config/l3_hsrp.html

Also note the section in the above link about the "vpc peer-gateway" command. It might be neeeded because some storage vendors actually use the physical interface mac address rather than the HSRP VIP mac address to forward traffic and that would mean traffic having to go across the vPC to the active HSRP router which wouldn't work properly so you may or may not need it.

Jon

mpellegrino12 · ‎08-09-2015

Thanks Jon that's what I thought just wanted to make sure. Great info about the vpc peer-gateway, didn't know about that. Thanks

CiscoBrownBelt · ‎04-24-2018

So I have similar situation. Right now I just have 2 redundant Nexus 3k series doing layer 3 switching with SVI and Im trying to join them in box domain. Im am getting overlapping error because all svi have same ip. Right now vpc is getting a type 2 consistency failure. Once vpc is fixed will I be allowed to give all svi same ip or must I config hsrp for every svi?