Spanning tree root ports in back to back VPC

mcg-tulsa · ‎09-14-2012

Ok so I have a question about back to back VPC configuration.

I have a back to back VPC from core to agg layer so that I have 2 logical switches in my path.

However I am seeing an issue on the agg layer. Traffic is traversing the VPC peerlink instead of being sent up to the core which is where the spanning-tree root is configured.

Po1 is my uplink from the agg

Po4 is my vpc peerlink on the Agg

Po1 Root FWD 200 128.4096 (vPC) P2p

Po2 Desg FWD 200 128.4097 (vPC) P2p

Po4 Root FWD 330 128.4099 (vPC peer-link) Network P2p

Eth2/6 Altn BLK 2000 128.262 P2p

mcg-tulsa · ‎09-14-2012

a little more info.

Po1 is my uplink to the core

Po4 is my agg vpc peer.

I see 2 paths to root on one swith. it is choosing Po4 (vpc peerlink) instead of Po1 (uplink to core)

MST0000

Spanning tree enabled protocol mstp

Root ID Priority 4096

Address 0023.04ee.be01

Cost 0

Port 4099 (port-channel4)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8192 (priority 8192 sys-id-ext 0)

Address 547f.eea6.d2c1

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po1 Root FWD 200 128.4096 (vPC) P2p

Po2 Desg FWD 200 128.4097 (vPC) P2p

Po4 Root FWD 330 128.4099 (vPC peer-link) Network P2p

MST0000

Spanning tree enabled protocol mstp

Root ID Priority 4096

Address 0023.04ee.be01

Cost 0

Port 4096 (port-channel1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 8192 (priority 8192 sys-id-ext 0)

Address 547f.eea6.ce41

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Po1 Root FWD 200 128.4096 (vPC) P2p

Po2 Desg FWD 200 128.4097 (vPC) P2p

Po3 Desg FWD 200 128.4098 (vPC) P2p

Po4 Desg FWD 330 128.4099 (vPC peer-link) Network P2p

Kyle McKay · ‎09-14-2012

Hello,

What makes you so certain that traffic is actually traversing the peer link?

If so, this is common in the case of orphaned ports. Orphaned in this case meaning end devices.with only a connection to 1 of the nexus switches. In this case, return traffic will arrive on both of your aggregation switches but since one of them doesnt have a connection to the end device it must forward over the peer link to reach it.

mcg-tulsa · ‎09-25-2012

show vpc orphan-ports = no ports listed.

but traffic is clearly going across the peer link (po4) and it looks like return traffic is coming back through the uplink (po1)

port-channel4 is up

Hardware: Port-Channel, address: 547f.eea8.e7fa (bia 547f.eea8.e7fa)

MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec

reliability 63425/255, txload 1/255, rxload 1/255

Encapsulation ARPA

Port mode is trunk

full-duplex, 10 Gb/s

Input flow-control is off, output flow-control is off

Switchport monitor is off

EtherType is 0x8100

Members in this channel: Eth2/7, Eth2/8, Eth2/9, Eth2/10, Eth2/11, Eth2/12

Last clearing of "show interface" counters never

30 seconds input rate 616 bits/sec, 0 packets/sec

30 seconds output rate 4359616 bits/sec, 54 packets/sec

port-channel1 is up

vPC Status: Up, vPC number: 1

Hardware: Port-Channel, address: 547f.eea8.e7f0 (bia 547f.eea8.e7f0)

Description: UPLINK VPC

MTU 1500 bytes, BW 40000000 Kbit, DLY 10 usec

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA

Port mode is trunk

full-duplex, 10 Gb/s

Input flow-control is off, output flow-control is off

Switchport monitor is off

EtherType is 0x8100

Members in this channel: Eth2/1, Eth2/2, Eth2/3, Eth2/4, Eth2/5, Eth2/6

Last clearing of "show interface" counters never

30 seconds input rate 5272680 bits/sec, 72 packets/sec

30 seconds output rate 400 bits/sec, 0 packets/sec

MCG-TUL-DIST02# sho vpc orphan-ports

Note:

--------::Going through port database. Please be patient.::--------

MCG-TUL-DIST02#

Kyle McKay · ‎09-25-2012

What about on the peer switch? Are there any orphaned ports? I would expect output on the local switch if there were oprhaned ports on the peer switch.

This is because both switches will receive inbound traffic from their upstream neighbor (core) but one switch will only be able to reach the end-device by using the peer link. (Orphan)

rwilletts · ‎02-14-2014

I have same - Did this get resolved ?

Carlo Schmidt · ‎03-06-2014

The vPC seconday will show the Peer-link as the root port and the vPC facing the root switch. The vPC Primary will only show the vPC faving the STP root as the root port. This is expected for vPC.