Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1436
Views
0
Helpful
1
Replies

peer gateway feature and shutdown one l3 interface

fly
Level 2
Level 2

‎09-07-2017 06:12 AM - edited ‎03-08-2019 11:57 AM

Hi, our customer enable peer gateway feature on vpc and running one double side vpc topology like this vdc3----VDC4 | | vdc1----vdc2 / server actually double side vdc between 4 vdc is not complete,I don't know why, server using active backup , active interface connect to vdc2, backup interface conntect to vdc1 vdc3 and vdc 4 has layer3 interface vlan 100 for server and running hsrp, active on vdc3 one day ,customer shutdown server vlan interface vlan100 on VDC4 for some reason, I found I can't ping server ip from vdc3 by using interface vlan 100 hsrp physical IP address, and i can ping server ip address by using interface vlan 100 hsrp virtual IP address as source ip address. I found ping traffic went down vdc3---vdc1 (vpc 10) and server response traffic upforward from vdc2--to--VDC4(because server active interface connect to VDC4,also running in vpc 10), my question is : why I shutdown layer 3 interface on vdc4 can drop ping traffic by using physical hsrp ip address as source IP address from vdc3. Does this cause by peer gateway feature? because server response traffic destination mac address is hsrp physical mac on vdc3, I know actually shutdown interface vlan 100 on vdc4 is not a normal failure . thank you 'Jeremy
1 person had this problem
Labels:
0 Helpful
1 Reply 1

Peter Paluch
Cisco Employee
Cisco Employee

‎09-07-2017 08:12 AM

Hi,

Seeing a proper topology diagram would be very helpful in this case because there are minute details that can be of strong consequence in vPC.

However, in general, shutting down an SVI on one vPC peer while keeping it up on the other vPC peer is an invalid state - in fact, it generates a Type-2 inconsistency. Different platforms may behave differently, but what I have seen happening is that even though the vPC peers continue mutually borrowing their gateway MAC addresses due to peer-gateway, the switch with the disabled SVI will not handle frames for the borrowed MAC address locally, rather, it will have them forwarded through the peer link to the other switch. The other switch might perform routing, but if the packet needs to be sent out another vPC, it will be dropped due to vPC loop prevention mechanism.

Simply put: On vPC peer switches, avoid shutting down a SVI for a vPC VLAN just on one vPC peer. SVI states must match on both vPC peers - either both are up, or both are down, or both do not exist at all. Any other combination will cause trouble.

Best regards,
Peter

0 Helpful
Customers Also Viewed These Support Documents