I have two nexus 5K switches in a vPC config. A FEX is uplinked to the two N5Ks vis Port-Channel 1, vPC1.

We have VRRP configured on a particular VLAN that is isolated via VRF. Nexus 1 is the primary (10.6.5.5), Nexus 2 is the backup (10.6.5.6

I am trying to understand why I am seeing ICMP redirects, and I think it may have to do with the fact that the Nexus will randomly select which vPC member link will pass traffic to the core. But am not sure.

We have a host 10.6.5.100, that is configured with the VRRP virtual interface as it's default GW (10.6.5.2). The host is attempting to leave the network. I am seeing ICMP redirects that Nexus 2 (10.6.5.6) is telling host 10.6.5.100 to use Nexus 1 (10.6.5.5).

The question is, why is the host using Nexus 2?

Is it due to the random selection of vPC member port?

Is there a way to prevent the redirects?

Nexus1 Config

version 7.0(8)N1(1)
feature vpc

vpc domain 31
  peer-keepalive destination 10.8.5.2 source 10.8.5.1
  delay restore 150

interface port-channel1
  description FEX 1
  switchport mode fex-fabric
  fex associate 101
  vpc 1

interface Vlan11
  no shutdown
  vrf member HQ
  ip address 10.6.5.5/24
  ip router ospf 11 area 0.0.0.0
  vrrp 199
    address 10.6.5.2
    no shutdown

Nexus2 Config

version 7.0(8)N1(1)
feature vpc

vpc domain 31
  peer-keepalive destination 10.8.5.1 source 10.8.5.2
  delay restore 150

interface port-channel1
  description CABINET#2//FEX 1
  switchport mode fex-fabric
  fex associate 101
  vpc 1

interface Vlan11
  no shutdown
  vrf member HQ
  ip address 10.6.5.6/24
  ip router ospf 11 area 0.0.0.0
  vrrp 199
    priority 95
    address 10.6.5.2
    no shutdown