vPC cluster problem to VSS cluster using Port-Channels

Dennis Leon · ‎11-07-2012

We have a vPC cluster of two Nexus 7009 that needs to be connected with a VSS cluster of two Catalyst 6509s. The VSS has been working fine for a while and the vPC cluster is new equipment.

Attached there is a detailed diagram of the connections; the VSS cluster connects the interfaces Ten1/2/8 and Ten 2/2/8 using the PortChannel 28 going to the the vPC cluster to the interfaces Eth 4/18 of each switch.

Both the vPC and the VSS are well configured; last night we tried to brought up the connection between the two clusters but only the first interface comes up within the etherchannel; the secondary one did not come up and shows (not receiving LACP packets).

We know Layer 1 is fine because if we remove the interface from the EtherChannel it does come up; but causes some STP loop and bring the network down; thus the solution is to form a EtherChannel.

At the VSS Clúster we see LACP packets being sent with sh lacp counters but we DO NOT see LACP packets being received in the interface of the secondary Nexus.

Right now, this is not possible to troubleshoot since it is a production enviroment; so I'm looking for problems with the configuration or recommendations to follow in order to apply them tomorrow night during a new maintenance window.

These are the configurations:

#######vPC cluster of Nexus 7009######

--N7K-1--

interface port-channel418

description Uplink 20 GE hacia VSS

switchport

switchport mode trunk

switchport trunk allowed vlan 1,4,10,17,35,37,39,60,63,100,112

switchport trunk allowed vlan add 120,149-152,154-160,163-164,170

switchport trunk allowed vlan add 172,190,200,801,900,905,910,920

switchport trunk allowed vlan add 925,960

spanning-tree port type network

vpc 418

no shut

interface Ethernet4/18

description Uplink 10 GE hacia VSS-1 Ten 1/2/8

switchport

switchport mode trunk

switchport trunk allowed vlan 1,4,10,17,35,37,39,60,63,100,112

switchport trunk allowed vlan add 120,149-152,154-160,163-164,170

switchport trunk allowed vlan add 172,190,200,801,900,905,910,920

switchport trunk allowed vlan add 925,960

rate-mode dedicated force

udld aggressive

channel-group 418 mode active

no shutdown

--N7K-2--

interface port-channel418

description Uplink 20 GE hacia VSS

switchport

switchport mode trunk

switchport trunk allowed vlan 1,4,10,17,35,37,39,60,63,100,112

switchport trunk allowed vlan add 120,149-152,154-160,163-164,170

switchport trunk allowed vlan add 172,190,200,801,900,905,910,920

switchport trunk allowed vlan add 925,960

spanning-tree port type network

vpc 418

interface Ethernet4/18

description Uplink 10 GE hacia VSS-2 Ten 2/2/8

switchport

switchport mode trunk

switchport trunk allowed vlan 1,4,10,17,35,37,39,60,63,100,112

switchport trunk allowed vlan add 120,149-152,154-160,163-164,170

switchport trunk allowed vlan add 172,190,200,801,900,905,910,920

switchport trunk allowed vlan add 925,960

rate-mode dedicated force

udld aggressive

channel-group 418 mode active

no shutdown

#######vPC cluster of Nexus 7009######

interface TenGigabitEthernet1/2/8

description CONEXION HACIA ETHERNET 4/1 NEXUS 7K PRIMARIO CAP

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,4,10,17,35,37,39,60,63,100,112,120,149-152

switchport trunk allowed vlan add 154-160,163,164,170,172,190,200,801,900,905

switchport trunk allowed vlan add 910,920,925,960

switchport mode trunk

no shutdown

udld port aggressive

storm-control broadcast level 1.00

channel-group 28 mode active

interface TenGigabitEthernet2/2/8

description CONEXION HACIA ETHERNET 4/1 NEXUS 7K SECUNDARIO CAP

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,4,10,17,35,37,39,60,63,100,112,120,149-152

switchport trunk allowed vlan add 154-160,163,164,170,172,190,200,801,900,905

switchport trunk allowed vlan add 910,920,925,960

switchport mode trunk

no shutdown

udld port aggressive

storm-control broadcast level 1.00

channel-group 28 mode active

interface Port-channel28

description Trunk hacia Switches NEXUS 7K CAP

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,4,10,17,35,37,39,60,63,100,112,120,149-152

switchport trunk allowed vlan add 154-160,163,164,170,172,190,200,801,900,905

switchport trunk allowed vlan add 910,920,925,960

switchport mode trunk

Derek Zhang · ‎11-07-2012

any logs that you saw when the etherhcnael failed to establish the neighbor?

Looking at your configuration:

" spanning-tree port type network" on N7K indicates you enable the Bridge Assurance feautre but not on VSS side.

Try with type normal if BA is not needed between VSS/N7K.

Dennis Leon · ‎11-07-2012

Thanks for the reply Dazhi; actually we did enable that after some attempts but at the beginnning it was not configured.

I saw that in a config guide, but I'm not really sure what is the effect of that command.

I'm attaching a debug from the N7K that was able to capture.

Jerry Ye · ‎11-07-2012

Spanning-tree port type nework will enable bridge assurance. It is bi-directional BPDU. Since you are using vPC to the VSS, it is not recommended to enable BA over vPC port-channels. You should use Normal like what Derek said.

Secondary, you are using UDLD aggressive, this is also not recommended. UDLD normal should do the job on fiber link. Can you check the interface and post the output?

show interface e4/18 !!! on the Nexus

show interface ten1/2/8 !!! on the C6K

show interface ten2/2/8 !!! on the C6K

Regards,

jerry

Pranav Gade · ‎03-28-2016

Hi Dennis Ariel Leon Murillo,

I am also facing same issue , I am seeing (suspended(no lacp pdus)) on secondary N7K interface. Can you tell us if you able to solve this issue.