Re: vPC keepalive over multiple physical paths

rootswitch · ‎02-09-2025

Hi!

I need to configure 2 Nexus 9K with vPC at aggregation layer. These two switches are distant (500 m) and I need to provide high availability (no single point of failure) to the peer-keepalive link. As recommended by Cisco I create a dedicated VRF for the keepalive. I am thinking about two possibilities:

1. Using two ports/cables/interfaces in LAG on each peer on the same vlan attached to the VRF and then let the two cables follow different physical paths from one peer to the other. In this way the LAG gives me the required redundancy.

2. use a single port/cable/interface on a dedicated vlan but then configure the VRF in such a way that it can route the messages on at least another alternative path if the dedicated path is down. This alternative path is over another dedicated vlan that goes through several switches in the L2 access layer, for which I’m sure the cabling reaches the other vPC peer and follows different physical path compared to the keepalive dedicated cable. I guess I can achieve that by creating a dedicated routing table in the VRFs with static priorities.

Are these two methods feasible/valid? Is there any other alternative?

Thanks in advance.

M02@rt37 · ‎02-09-2025

Hello @rootswitch

Instead of using LAG or relying on an L2 backup path, Cisco generally recommends deploying two completely independent peer-keepalive links, each in its own dedicated VLAN, with separate physical paths. These links should be assigned to the dedicated peer-keepalive VRF but should not use port channels.

By configuring two separate links with independent routing within the VRF, you ensure that peer-keepalive messages always have an alternative path without relying on the access layer. If one link fails, the other remains operational, providing true high availability.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

rootswitch · ‎02-09-2025

Ok thanks. What you suggest is alternative to solution 1). But if I do not have distinct paths available, is the second solution feasible and with no negative consequences?

M02@rt37 · ‎02-13-2025

Hello @rootswitch

From my poit of view, the second solution is feasible ; provided you ensure stability in the access layer and optimize failover mechanisms. The key risk is that L2 issues in the access switches could impact keepalive reachability, so monitoring and redundancy in the access network become critical. If your access layer is highly reliable and well-maintained, this approach can provide effective redundancy without major drawbacks.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

MHM Cisco World · ‎02-13-2025

Two keepalive ??

I dont think it possible in vPC.

@rootswitch for keepalive ypu can use L3 PO.

MHM

rootswitch · ‎02-13-2025

@MHM Cisco World sorry if I ask basic questions, I have general network experience but not specifically with Cisco switches/features. When creating the L3 PO, can I also create virtual interfaces? In this way I can use one dedicated port and another port that connects downlink access switches and carry traffic over several vlans?

paul driver · ‎02-09-2025

Hello
I would suggest use a L3 portchannel, its also ciscos recomendation is to use one here this way if either failed within that port channel connectivity will still be established without any requirement for convergence as aposed to if these links were two individual separate links.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul