So just as a follow-up.

c.fuller · ‎03-11-2014

Hello -

I am building out Nexus5548 access layer PODs in my DC. Moving the entire environment to a consolidated/converged infrastructure.

As part of this process I need to make available a separate backup network vlan within the Nexus5k infrastructure so hosts can migrate

over. There is a single Nexus7k as the core separate backup network switch. Right now each n5k has a L2 connection into the same

n7k backup switch. I DO NOT have this vlan on the vPC peer link between the n5ks because I didn't want to introduce a loop. Initially

I thought this would meet our needs. But our 1GB dual-homed FEX ports require duplicate configurations on both n5ks. That backup

vlan is not working now and I beleive this is because it's not on the peer link. So I am looking at my options and have a few questions

for those who have come across this already.

1 - If I put the backup vlan on the peer link won't that create a loop between the two n5ks and the n7k? Topology is below.

______

[n5k-a] ------------L2---------------| |

peer link --> | | n7k |

[n5k-b]-------------L2---------------| |

------------

2 - My goal is to keep STP from actively engaging in blocking ports. So other than STP what would protect us from a network loop here?

Bridge Assurance? Etc....

3 - Would it make sense to shutdown one of the L2 links to the 7k and then extend to other N5ks using the peer-link?

4 - Or maybe I should single-home the 1GB FEXs eliminating the need to add vlan599 to the vPC peer-link. That backup vlan works fine

on our single-homed 10GB fexes (which do not require duplicate port configs on each n5k)....

Any thoughts are appreciated.

Thanks

Chucky

Marvin Rhoads · ‎03-11-2014

Putting the VLAN on the peer link does not create a loop. It's pretty much designed to be done that way.

Recall that "vPC modifies the way in which spanning tree works on the switch to help ensure that the vPC peers in a vPC domain appear as a single spanning-tree entity on vPC ports."

(Source)

c.fuller · ‎03-11-2014

Thank you Marvin. I was wondering that, but where the n5ks are not connecting to FEXs or a vPC'd connection to another switch (i.e distribution vPC N7k pair) I was hesitant to just add it on before triple checking.

I wonder what STP would report for that vlan on each N5k if I added it to vPC peer link? Would it show the vPC port as FWDing along with the port to the N7k backup switch (aka STP ROOT for the backup vlan).

In any event thanks for the input. I'll look deeper into it and report back here on how I proceed and what the results are.

Chucky

c.fuller · ‎03-12-2014

So thinking this through further I have two comments.

1 - This vlan is a non-VPC vlan. So wouldn't that disqualify it from the MEC benefits of vPC?

2 - Even if both n5ks are seen as one STP entity, we still have two connections between this

one STP entity (n5ks vPC peers) and a second STP entity Nexus7k (backup switch). So this is still introducing a loop that I am not sure the vPC will help with. Seems like adding that non-VPC

backup vlan to that vPC Peer-link will indeed create a loop.'

I am going to continue to investigate this before making any changes.

c.fuller · ‎03-17-2014

So just as a follow-up. When the backup vlan is added to the vPC link there is indeed a L2 Loop created. STP blocks one of the

links going to the n7k on one of the n5ks.

My goal is to eliminate all L2 loops (whether physically or by using vPCs). I do not want STP to be actively blocking/unblocking any

ports due to possible link-flapping and the resulting STP convergence scenario.

So I will bring only one connection from the n7k pod into the n5k pod.

Chucky

Nexus5k Topology