Solved: vPC Operational Layer3 Peer-router

zekebashi · ‎01-04-2019

Hello,

I've configured vPC between two NX93180 and everything is working as expected. I enabled the peer-gateway feature as recommended by Cisco's documentation. The code on both switches is 7.0(3)I7(5a). When I issue the "show vpc" command, I see this parameter "Operational Layer3 Peer-Router" ---- "Disabled". Can someone tell me why and should it show "Enabled"? If so, what command(s) do I need to get it enabled?

Thanks in advance,

~zK

Reza Sharifi · ‎01-04-2019

Hi,

Actually, I've configured a separate L3 link between the two vPC switches in the vPC domain for routing and avoid using the vPC Peer-Link for routing.

That is fine.

I am not clear on when to enable Peer-Gateway and or Layer-3 peer-router if I am using a separate L3 link for routing between the two vPC switches with the domain. Can you please clarify?

You don't need "Layer-3 peer-router" command. That applies to 7k with F2 and F3 cards. see link:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/interfaces/command/cisco_nexus7000_interfaces_command_ref/l_commands.html

HTH

View solution in original post

Felipe A. Amaya · ‎01-04-2019

Layer 3 routing over vPC is configured under the vPC domain with that command, the peer-gateway is enabled when using this feature.

NX-#(config)#vpc domain 101

NX-#(config-vpc-domain)#layer3 peer-router

In our case we are using HSRP of an extended VLAN tied to HA'd firewalls, we have stablished OSPF between the Nexus peers and the Firewalls. The VLAN is part of the Peer-links.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/nx-os/interfaces/configuration/guide/b-Cisco-Nexus-7000-Series-NX-OS-Interfaces-Configuration-Guide-Book/configuring-vpcs.html#concept_09E6B311898E444CA27CD73CCC2E5BED

I hope this helps....

Reza Sharifi · ‎01-04-2019

Hi,

Operational Layer3 Peer-Router is a different command and has nothing to do with peer-gateway command.

As long as under "sh vpc" you see that the peer-gateway is "enabled" you are good to go.

HTH

zekebashi · ‎01-04-2019

Hello,

Actually, I've configured a separate L3 link between the two vPC switches in the vPC domain for routing and avoid using the vPC Peer-Link for routing.

I am not clear on when to enable Peer-Gateway and or Layer-3 peer-router if I am using a separate L3 link for routing between the two vPC switches with the domain. Can you please clarify?

Thanks in advance,

~zK

Reza Sharifi · ‎01-04-2019

Hi,

Actually, I've configured a separate L3 link between the two vPC switches in the vPC domain for routing and avoid using the vPC Peer-Link for routing.

That is fine.

I am not clear on when to enable Peer-Gateway and or Layer-3 peer-router if I am using a separate L3 link for routing between the two vPC switches with the domain. Can you please clarify?

You don't need "Layer-3 peer-router" command. That applies to 7k with F2 and F3 cards. see link:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/interfaces/command/cisco_nexus7000_interfaces_command_ref/l_commands.html

HTH

zekebashi · ‎01-04-2019

I see. So, I'll only need to enable the "layer3 peer-router" feature if I intend to use the vPC Peer-Link to support L3 routing. However, in my case, since I am using a separate L3 physical link for that purpose, then I don't need to enable this feature.

Thanks much, Reza!

Best, ~sK

layer3 peer-router

To enable support for layer 3 routing protocols over virtual port channels (vPCs), use the layer3 peer-router command. To disable support for layer 3 routing protocols, use the no form of this command.

layer3 peer-router

no layer3 peer-router

Felipe A. Amaya · ‎01-04-2019

Thanks Reza, you are right I did not catch peer-gateway on the first comment. Just to add to it, the way that I understand the vPC peer-gateway, the capability allows a vPC device to route packets that are addressed to the router MAC address of the vPC peer.

Thank you,