cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4101
Views
20
Helpful
8
Replies

Nexus Switch VPC Behaviour - Unicast Traffic via peer link ?

SJ K
Level 5
Level 5

Hi all,

 

Read from the doc that the VPC peer link only carry multicast/broadcast traffic under normal circumstances ->

The vPC peer link carries control traffic between two vPC switches and also multicast, broadcast data traffic. 

In such scenario below, which path will be taken for the workstation to reach the Primary F5 Firewall ?

 

 vpc2.gif

Red path -> via Peer2 -> vpc peer link -> Peer1 -> Primary FW or

Blue path -> via Peer2 -> then through the vpc port channel -> 2960 switch -> Peer1

 

My take would be via the Red path as it make no sense for the 2960 switch to send the traffic via its port-channel up (and what if it take the 2nd physical link? wouldn't it send the traffic right back to Peer2 ?)

 

But how does a Nexus switch decides when it would send traffic via its peer link vs vpc port-channel ? and again, the doc says earlier the peer link does not carry unicast traffic ... so will it still take the red path and send the traffic via its peer link up to the FW ?

 

Hope some gurus can shed some light here and point me to the right place in the documentation that states such scenario.

 

Confused

Noob

3 Accepted Solutions

Accepted Solutions

Mark Malone
VIP Alumni
VIP Alumni
Hi
Looking at the picture its directly connected to the right nexus so It will go across the vpc peer-link , that rule is to prevent looping in the domain but when a pc is single linked that and it has no option it wont take a path down through an access switch and back up through the other nexus it will just be shifted across the vpc peerlink

why not track the mac through the network to be sure as it moves
http://packetpushers.net/tracing-a-layer-2-path-on-cisco-nexus-switches/

View solution in original post

if the end destination is a VPC leg, then it can switch from Nexus where packet lands.

Richard: what i mean is, if the packet arrives on a switch B which is a VPC Peer to switch A.

1. If the DMAC of the packet is learnt via VPC peer-link then that DMAC is either residing on a Orphan port or if its a L3 packet, the NH is learnt via the PL.

2. if the Same DMAC of the packet is learnt via a VPC Legs or a VPC port-channel (Meaning: a switch connected to the Nexus switch A and B with a VPC port-channel) then the packet will get routed or switched by the same Nexus box where the packet arrives and will not take VPC peer-link.

 

Good read:

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

 

- Richard

View solution in original post

8 Replies 8

Mark Malone
VIP Alumni
VIP Alumni
Hi
Looking at the picture its directly connected to the right nexus so It will go across the vpc peer-link , that rule is to prevent looping in the domain but when a pc is single linked that and it has no option it wont take a path down through an access switch and back up through the other nexus it will just be shifted across the vpc peerlink

why not track the mac through the network to be sure as it moves
http://packetpushers.net/tracing-a-layer-2-path-on-cisco-nexus-switches/

Hi Mark,

 

Good to see you.

"that rule is to prevent looping in the domain " -> which rule ?

 

I am just thinking along this line..

-> when the workstation send a arp request broadcast for the firewall, it will travel to Peer2 and Peer2 will broadcast through both the peer link and vpc port-channel to the 2960 switch ? then when the 2960 switch broadcast the arp request upwards to Peer1 , how will the Peer 1 mac address table look like ? (since it received the arp request broadcast from both the peer link and via vpc port-channel ?

 

In short, how do we determine when does a traffic go through the peer link and when it will go through a vpc port-channel ?

 

Regards,

Noob

Richard Michael
Cisco Employee
Cisco Employee

Traffic should take the peer-link only when its an Orphan link, If its a VPC leg it always hashes and goes to the Nexus directly, if its Orphan like Workstation case it always takes VPC PL provided the end destination MAC is learnt via PL. if the end destination is a VPC leg, then it can switch from Nexus where packet lands.

 

- Richard

Hi Richard,

Thanks for your reply.

 

I am actually very new to this.  What do you actually mean by a "VPC leg"  ?

"if the end destination is a VPC leg, then it can switch from Nexus where packet lands." -> Are you able to elaborate this further ?

 

Like my post to Mark above, I am wondering how does the CAM table look like with regards to ARP request/response for the Primary since the ARP request from the workstation can go via the Peer Link as well as the port channel

 

Regards,

Noob

if the end destination is a VPC leg, then it can switch from Nexus where packet lands.

Richard: what i mean is, if the packet arrives on a switch B which is a VPC Peer to switch A.

1. If the DMAC of the packet is learnt via VPC peer-link then that DMAC is either residing on a Orphan port or if its a L3 packet, the NH is learnt via the PL.

2. if the Same DMAC of the packet is learnt via a VPC Legs or a VPC port-channel (Meaning: a switch connected to the Nexus switch A and B with a VPC port-channel) then the packet will get routed or switched by the same Nexus box where the packet arrives and will not take VPC peer-link.

 

Good read:

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

 

- Richard

Hi Richard,

 

Appreciate your prompt response.

"the NH is learnt via the PL."  Forgive me for the acronyms,  what is "NH" ?

 

When the workstation send an arp request for the firewall,  how will Nexus switch/peer2 forward the broadcast ? through the peerlink or port-channel or both ?

 

VPC legs = VPC port-channel ?

Hi Yachay,

To be honest, read through all the links, still can't find the documentation that illustrate on the rules/topology of how/when does a nexus switch decides whether to forward a traffic through a peer link vs VPC member link .

 

Everyone is telling me it will go through the peer link, but what are the exact circumstances that a nexus switch will forward traffic via its peer link ?

Regards,
Noob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: