Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1453
Views
0
Helpful
4
Replies

vPC Peer-Link VLANs Question

marioderosa2008
Level 1
Level 1

‎05-21-2015 05:23 AM - edited ‎03-08-2019 12:06 AM

Hi all,

I am confused about the best practices for vPC peer-links. In this document... http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf ... it advises that a vPC peer link can carry vPC AND non-vPC traffic.

Then, a paragraph later, it says that you should split vPC & non-vPC traffic on seperate port-channels.

Which statement is correct, or have i mis-read the document?

I have a connectivity issue, and I want to make sure that we have our vPC domain set up properly.

Currently, I have a non-vPC VLAN where where the root port for that VLAN is the Port-Channel used as the vPC peer-link...

Any guidance on this would be great.

thanks

 

Mario

Labels:
0 Helpful
4 Replies 4

Bilal Nawaz
VIP Alumni
VIP Alumni

‎05-21-2015 05:39 AM

vPC traffic should not really traverse the vPC peer-links, if ever, unless there is a failure or the case of going from or to a non vpc device. Non vpc traffic may use the peer-link just like normal layer 2 trunk. If you could share with us the configurations and explain a little more on the scenario. Which switch is the non-vpc host connected to, where is the connectivity issue, between which devices, if they are in vpc or not.

Thank you

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

marioderosa2008
Level 1
Level 1
In response to Bilal Nawaz

‎05-21-2015 06:51 AM

Hi Bilal, thanks for confirming that it is OK for non-vPC traffic to use the vPC peer-link.

I will do some more investigation on the issue and then come back to you if i get stuck.

thanks

Mario

0 Helpful

marioderosa2008
Level 1
Level 1
In response to marioderosa2008

‎05-21-2015 07:16 AM

OK... we have a switch which cannot access a TACACS server, not even ping it. I believe the traffic is black holed.

The distro switch 2 is connected via a L3 port to core switch 2... Core switch 2 routes the packets destined for the TACACS server to Core switch 1 via an interconnect VLAN on the vPC peer link.

The MAC address of the TACACS server is learned via a vPC.

Core switch 1 & 2 are part of the same vPC domain.

So, I feel that one major issue here is that the core switch 2 is routing the packet to core switch 1 even though core switch 2 is part of the same vPC domain and has vPC member ports in the vPC which the TACACS server sits in.

Looking at Core switch2's config, it does not have a L3 SVI interface for the VLAN that the TACACS server sits in, thats why its routing the packet to core sw 1 instead of switching it to the local vPC...

So thinking about packet flow, i think that when the packet reaches Core 1, maybe it is trying to forward the packet back to core 2's vPC member port???? And for some reason this is not allowed and gets dropped.

Hopefully ive explained it well... let me know your thoughts.

thanks

Mario

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to marioderosa2008

‎05-21-2015 08:01 AM

Yes Mario, explained well and absolutely correct, your access will only work if you have L3 SVI with a FHRP like HSRP, advised to put vpc peer-gateway command under vpc domain config.

Since you have a VPC to the switch, the rule is frames/packets should NOT traverse the vpc peer link because both member ports are UP.

Hope this helps

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful
Customers Also Viewed These Support Documents