@Reza Sharifi,

When you say 'layer 2' does that mean STP will making blocking or change the path that frames can take? I thinking I am confusing myself, because the figures show traffic going up and down the leaf/spine but not the cross-link between the two switches. So is there ever a case that traffic user/production traffic will take the peer link that is connected between the two switches?

Thank you

@Sergiu.Daniluk 

"

• user traffic. This will include:
  • traffic destined to servers connected on orphan port on the vPC peer
  • BUM traffic - this is mandatory to be sent over vPC peer-link in case there are orphan ports on vPC peer. This traffic will not be sent out of vPC enabled port-channels (this is where loop avoidance mechanism kicks i

Does this link only get used during an orphaned situation? I am still trying to understand if traditional STP methods keeps this link in block state, and only the leaf/spin links are used, and only opens the link when the vPC is in a bad health state.

Reading all I can since got moved to Nexus switches due to low man power and resources.

Hi @romanroma 

The unicast traffic destined to servers connected on orphan ports and all BUM (Broadcast, Unknown unicast and Multicast) traffic is being sent over Peer-Link.

The vPC Peer-link interface is always* in STP forwarding state.

*Note: the vpc peer-link is by default configured as STP port type network, meaning if one of the peers is not sending STP BPDUs to the other one, the port goes into BA_inc (bridge assurance inconsistency).

Regards,

Sergiu

@Sergiu.Daniluk 

Another confusion,

I am reading the following docs:

https://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/configuration_guide_c07-543563.html

And is says:

"• vPC peer link: The vPC peer link is the link used to synchronize states between the vPC peer devices. The vPC peer link carries control traffic between two vPC switches and also multicast, broadcast data traffic. In some link failure scenarios, it also carries unicast traffic. You should have at least two 10 Gigabit Ethernet interfaces for peer links. "

So how do you know or when are the "some link failures" when the peer link will allow unicast traffic? I am just not getting the concept when the vPC link, which usually carries: keep alive, multicast, broadcast and control traffic.

Hi @romanroma 

The failure scenario where unicast traffic is being forwarded over the peer-link, is when one link from the vPC port-channel goes down, and unicast traffic is received on the peer where the link is down. Here is a graphical view of the scenario:

left - working scenario ; right - failure scenario

Cheers,

Sergiu

Hello,

The FP will load-balance the unicast traffic over equal cost routes.

You can try the following to find the egress interface:

show fabricpath load-balance unicast forwarding-path ftag ftag-id switchid switch-id flow-type {l2 {{dst-mac dst-mac | source-mac src-mac} ether-type ether-type}} | {l3 {dst-ip dst-ip | src-ip src-ip | dst-ipv6 dst-ipv6 | srcipv6 src-ipv6}} | {l4 {l4-src-port l4-src-port | l4-dst-port l4-dst-port | dst-ip dst-ip | src-ip src-ip | dst-ipv6 dst-ipv6 | srcipv6 src-ipv6}}} {vlan vlan-id} {module mod-no}

Example:

switch# show fabricpath load-balance unicast forwarding-path ftag 1 switchid 200 src-mac 
00:10:20:30:40:50 dst-mac 00:30:40:50:60:70 vlan 200
Missing params will be substituted by 0's.
crc8_hash: 229
This flow selects interface Po400

Cheers,

Sergiu

@Sergiu.Daniluk 

Do you recommend using src-mac as one of the local interfaces of the switch or possibly use the mac address of a network device?

source and destination of the user traffic