03-11-2014 08:09 AM - edited 03-07-2019 06:38 PM
Hello -
I am building out Nexus5548 access layer PODs in my DC. Moving the entire environment to a consolidated/converged infrastructure.
As part of this process I need to make available a separate backup network vlan within the Nexus5k infrastructure so hosts can migrate
over. There is a single Nexus7k as the core separate backup network switch. Right now each n5k has a L2 connection into the same
n7k backup switch. I DO NOT have this vlan on the vPC peer link between the n5ks because I didn't want to introduce a loop. Initially
I thought this would meet our needs. But our 1GB dual-homed FEX ports require duplicate configurations on both n5ks. That backup
vlan is not working now and I beleive this is because it's not on the peer link. So I am looking at my options and have a few questions
for those who have come across this already.
1 - If I put the backup vlan on the peer link won't that create a loop between the two n5ks and the n7k? Topology is below.
______
[n5k-a] ------------L2---------------| |
peer link --> | | n7k |
[n5k-b]-------------L2---------------| |
------------
2 - My goal is to keep STP from actively engaging in blocking ports. So other than STP what would protect us from a network loop here?
Bridge Assurance? Etc....
3 - Would it make sense to shutdown one of the L2 links to the 7k and then extend to other N5ks using the peer-link?
4 - Or maybe I should single-home the 1GB FEXs eliminating the need to add vlan599 to the vPC peer-link. That backup vlan works fine
on our single-homed 10GB fexes (which do not require duplicate port configs on each n5k)....
Any thoughts are appreciated.
Thanks
Chucky
03-11-2014 11:55 AM
Putting the VLAN on the peer link does not create a loop. It's pretty much designed to be done that way.
Recall that "vPC modifies the way in which spanning tree works on the switch to help ensure that the vPC peers in a vPC domain appear as a single spanning-tree entity on vPC ports."
(Source)
03-11-2014 12:05 PM
Thank you Marvin. I was wondering that, but where the n5ks are not connecting to FEXs or a vPC'd connection to another switch (i.e distribution vPC N7k pair) I was hesitant to just add it on before triple checking.
I wonder what STP would report for that vlan on each N5k if I added it to vPC peer link? Would it show the vPC port as FWDing along with the port to the N7k backup switch (aka STP ROOT for the backup vlan).
In any event thanks for the input. I'll look deeper into it and report back here on how I proceed and what the results are.
Chucky
03-12-2014 01:11 PM
So thinking this through further I have two comments.
1 - This vlan is a non-VPC vlan. So wouldn't that disqualify it from the MEC benefits of vPC?
2 - Even if both n5ks are seen as one STP entity, we still have two connections between this
one STP entity (n5ks vPC peers) and a second STP entity Nexus7k (backup switch). So this is still introducing a loop that I am not sure the vPC will help with. Seems like adding that non-VPC
backup vlan to that vPC Peer-link will indeed create a loop.'
I am going to continue to investigate this before making any changes.
03-17-2014 08:47 AM
So just as a follow-up. When the backup vlan is added to the vPC link there is indeed a L2 Loop created. STP blocks one of the
links going to the n7k on one of the n5ks.
My goal is to eliminate all L2 loops (whether physically or by using vPCs). I do not want STP to be actively blocking/unblocking any
ports due to possible link-flapping and the resulting STP convergence scenario.
So I will bring only one connection from the n7k pod into the n5k pod.
Chucky
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide