Hi All, I've got an issue I am looking to better understand. I've got a pair of 4500-X in VSS as a network core and a pair of N5K-5672 for top of rack. The 5K's are VPCd together and there is a pair links in vPC/Port-channel from each 5K to the 4500-X. I've attached a bit of an image to show the topology.
One of the 5K's has reset a couple of times, I've come to understand the problem is clearly FN-64110, but that is NOT what I am looking to go over. I am asking this because it happened last night again, I saw some weird things and I need to deploy the the new OS load ... but am concerned about the impact. We've got dual homed client systems connected to the 5K's, in some case vPC others just failover. At the restart, all the systems had a brief outage that seemed a little longer than expected. I am concerned that the spanning tree-config is not optimal.
So I have two things, the first is that when 5K #1 did the unexpected reset, UDLD err-disabled the vPC peer-link ports in 5K #2 and the port-channel links from 5K#1 in the 4500-X and I'm not sure that is expected or optimal. The second is a peer-review of the spanning tree configuration. These are the red X's on the diagram.
1) On the 4500-X udld is set aggressive globally. The 5K's peerlinks have UDLD aggressive set, there is no UDLD setting on the interfaces to the 4500-X port channel. Having to manually enable interfaces after an 'unkown' restart isn't optimal. Did this happen because UDLD is set to aggressive? For my environment, would non-aggressive UDLD be ok?
4500-X to 5K port-channel configuration:
interface Port-channel3
description To NEXUS 5672
switchport
switchport trunk allowed vlan 11,19-21,24,26,28,31,34,37,43,1012
switchport mode trunk
mtu 9170
!
interface TenGigabitEthernet1/1/2
description to NEXUS
switchport trunk allowed vlan 11,19-21,24,26,28,31,34,37,43,1012
switchport mode trunk
mtu 9170
channel-group 3 mode active
!
interface TenGigabitEthernet2/1/1
description to NEXUS
switchport trunk allowed vlan 11,19-21,24,26,28,31,34,37,43,1012
switchport mode trunk
mtu 9170
channel-group 3 mode active
!
5K vPC to 4500-X Po config (same in each chassis)
interface port-channel3
description Uplink to PD4500-X Core
switchport mode trunk
switchport trunk allowed vlan 11,19-21,24,26,28,31,34,37,43,1012
vpc 3
!
interface Ethernet1/1
description PO3 member to PD4500-X Core
switchport mode trunk
switchport trunk allowed vlan 11,19-21,24,26,28,31,34,37,43,1012
channel-group 3 mode active
!
interface Ethernet1/2
description PO3 member to PD4500-X Core
switchport mode trunk
switchport trunk allowed vlan 11,19-21,24,26,28,31,34,37,43,1012
channel-group 3 mode active
5K vPC peer link config (same in each chassis)
interface port-channel1
description vPC PEER LINK -- DO NOT MODIFY
switchport mode trunk
switchport trunk allowed vlan 1-3967,4048-4093
spanning-tree port type network
spanning-tree guard loop
vpc peer-link
!
interface Ethernet2/2
description vPC PEER LINK -- DO NOT MODIFY
switchport mode trunk
switchport trunk allowed vlan 1-3967,4048-4093
spanning-tree port type network
udld aggressive
channel-group 1 mode active
!
interface Ethernet2/3
description vPC PEER LINK -- DO NOT MODIFY
switchport mode trunk
switchport trunk allowed vlan 1-3967,4048-4093
spanning-tree port type network
udld aggressive
channel-group 1 mode active
2) Spanning tree is set priority 4096 on the 4500-X for each vlan that appears on both the 5K's and 4500-X's. The 5K's know the root's are on the port-channel link to the 4500's, this seems ok. For Vlans that only live on the 5K's, there is no particular priority set. From the configs above, there are no particular spanning tree options set for the vPC/Po links. Did the reset cause a full spanning tree learning event on the those links? What is the best practice here with the connection from 5K to 4500?
