cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2218
Views
0
Helpful
16
Replies

vPC between 2 redundant sets of nexus 5020

tiwang
Level 3
Level 3

Hi out there

we are running a a redundant set of nexus 5020 nxos 4.2.1 and another set running 5.0.3. They are inter-connected with 2 10GB fiberlinks with 50km's between given a latency of approximately ½ mSec - is there anything special to be aware of in this setup?

Can some help me with a sample setup - the setup should looke like this:

nx5k1-1 <----------------50km fiber link 1----------------------> nx5k2-1

I                                                                                                 I

I vpc domain 10                                                                       I vpc domain 11

I                       vPC connection  between sites                     I

I                                                                                                 I

I peerlink for   vPC dom 10                                                    I peerlink for vPC dom 11

I                                                                                                 I

nx5k1-2 <-------------------50km fiber link 2---------------> nx5k2-2

best regards

thomas iwang

16 Replies 16

Jerry Ye
Cisco Employee
Cisco Employee

Is the 2 50KM fibers in a vPC?

I think this is fine if the fibers are in vPC.

Regards,

jerry

hi again

I would like to have them in a vpc - until now I have only the first link active - the other is a manual standby - but I expect that I could create a fine solution by holding both links into a single vPC which hereby would give less problems with spanning tree and automatic failover in the event of failure of a link

Anyone with a sample config? All I have been able to find are with the nx2k's or nx7k which might be a bit different..

I would suggested you to upgrade the N5K running 4.2.1 to 5.x to take advantage of the peer-switch feature. This case. both N5K at vPC domain 10 will look at vPC domain 11 as 1 switch and wise versa.

Here is some sample config:

### vPC Domain 10 SW1

vpc domain 10

  peer-keepalive destination x.x.x.x source x.x.x.x vrf management

  peer-switch

interface Ex/x <- fiber 1

switchport

udud aggressive

channel-group 10 mode active

interface port-channel 10

switchport

switchport trunk ...

vpc 10

### vPC Domain 10 SW2

vpc domain 10

  peer-keepalive destination x.x.x.x source x.x.x.x vrf management

  peer-switch

interface Ex/x <- fiber 2

switchport

udud aggressive

channel-group 10 mode active

interface port-channel 10

switchport

switchport trunk ...

vpc 10

### At Remote vPC Domain 11 SW1

vpc domain 11

  peer-keepalive destination y.y.y.y source y.y.y.y vrf management

  peer-switch

interface Ex/x <- fiber 1

switchport

udud aggressive

channel-group 11 mode active

interface port-channel 11

switchport

switchport trunk ...

vpc 11

### At Remote vPC Domain 11 SW2

vpc domain 11

  peer-keepalive destination y.y.y.y source y.y.y.y vrf management

  peer-switch

interface Ex/x <- fiber 1

switchport

udud aggressive

channel-group 11 mode active

interface port-channel 11

switchport

switchport trunk ...

vpc 11

HTH,

jerry

hi again

are the udud keywords necessary? (should probably be udld in nxos) do I get some benefits when the vpc is established?

best regards /ti

UDLD is just additional layer of protection. I've recommended all my customer to do that.

To tune on UDLD on NXOS:

feature udld

interface ex/x

udld aggressive

HTH,

jerry

ok - I have newer been using this feature so I was a little in doubt about but looks as a good extra feature.

btw - the previous vpc peers I have been working with have only involved a single vpc domain - the vpc domain number reflects the channel-group to which an interface is assigned - I do not want to try it but since we define the peer's when we define the domain I could use the same vpc domain number in both ends even if it is to separate endpoints - or? this would do any harm on the endpoints since we define the peers separetly

best regards /ti

I hope you are talking about the peers at the same site. If this is the case, your design is fine.

You can't have the same vPC domain on your remote site since it would cause conflict and confusion.

HTH,

jerry

hi again

no I can see that it is a bit blurry what I tried to explan - suppose I for some reason have configured the vpc domain as "1" on all boxes - even though it looks ugly it should still work because we define the domains by the peers - or?

what I mean is that I could use vpc domain 1 in both ends because what matters is whereto I define the peers - the number itself isn't important as long as it is correct defined within the peers - or?

best regards /ti

Having duplicate domain IDs in the same L2 domain can cause layer 2 instabilities and here is the reason:

1. In order to provide the illusion of a single switch, the system-id must be unique across the switches that are part of the same "vpc domain".

2. The system-id in a vPC setup is derived algorithmically from the "domain-id" as follows:

    The mac-address is derived from a reserved pool of addresses with the domain ID.

    This MAC is also used to generate BPDUs.

HTH,

jerry

ok - newer try this - but - hmm - have this pair of nexus 5020 runnin the new nxos where I have configure the peer-link - but the peer keepalives cannot reach each other

skan5020-01# sh vpc role

vPC Role status
----------------------------------------------------
vPC role                        : none established             
Dual Active Detection Status    : 0
vPC system-mac                  : 00:00:00:00:00:00            
vPC system-priority             : 32667
vPC local system-mac            : 00:05:73:e1:02:bc            
vPC local role-priority         : 0  
skan5020-01# sh vpc peer-keepalive

vPC keep-alive status           : Suspended (Destination IP not reachable)
--Send status                   : Success
--Last send at                  : 2011.09.21 21:10:01 74 ms
--Sent on interface             : mgmt0
--Receive status                : Failed
--Last update from peer         : (4269606) seconds, (190) msec

vPC Keep-alive parameters
--Destination                   : 172.21.246.53
--Keepalive interval            : 1000 msec
--Keepalive timeout             : 5 seconds
--Keepalive hold timeout        : 3 seconds
--Keepalive vrf                 : management
--Keepalive udp port            : 3200

then config is just this:

rsion 5.0(3)N2(1)
feature vpc

vpc domain 2
  peer-keepalive destination 172.21.246.53 source 172.21.246.52

any suggestion?

Make sure you can ping your management interfaces. It looks like to me is a connectivity issue.

Regards,

jerry

yes no problem with that - stupid error - only half of the boxes had the vpc feature enabled...

Hi, with 5.0.3 on N5K I cannot find the peer-switch feature/command, does it not exist any longer , how to achive the same behaviour ?

Thx

Hubert

Just realized that there was a mistake in my previous post. peer-switch command is not available on the N5Ks yet.

In you case, without the peer-switch command will still work but if the N5Ks are STP primary and secondary, and when the primary bounced, it will cause STP to re-converge. peer-switch is there to avoid re-converge but it is not available on the N5Ks yet. And you have to set the STP root to vPC primary and secondary root to vPC secondary.

Regards,

jerry

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: