I have 3 scenarios that I know the result but the explanation escapes me.
We have a L2 switch that is Port-channel to 2 Nexus that in turn have a peer-link. I know that if I have an orphan port on one of the nexus, I am allowed to communicate over the Peer-Link because I have no other path (Assuming 50% of my traffic will hit the Nexus with the orphan and 50% won't) So in my head the reason this doesn't get dropped is because the target is an orphan and not a vPC Member.
Same physical layout but we are now doing OSPF to SVI on all three devices. I know that this scenario doesn't work because of building adj over the peer-link is a no-no. What I am try to grasp is what exactly is killing the scenario. Is the issue the broadcast? What is causing peer-link to drop the packets in this scenario and not the the first? Both are traveling over Port-channel and then Peer-link yet one gets dropped (I don't know if it is dropped immediately crossing the Peer-Link or is the return traffic dropped?
Same Layout as Scenario one, if a PC is plugged into the L2 Switch and it tries to telnet or SSH to either Nexus. At some point the packets will make a crossing of the peer-link. I know this works but why isn't the traffic that is going across the peer-link in this case dropped? (I am assuming I have HSRP on)
1. Correct. Only recomendation is to have all orphan ports only on one nexus - since if type-1 inconsistency wil occur- peer-link will be shutted down so connectivity between orphan ports will be lost.
2. Peering between SVI's on VPC peers is possible but not recommended. For that separate L3 link is recommended.
No-No solution is peering through VPC between nexuses and the switch. Topology may work but behavior may be unpredictable. Here is the link for configuring connection between N7K and VSS cluster
Allowed solution is either configure ECMP links from nexuses to switch or connect a router behind the switch and do the peering with it, not with the switch
3. VPC Loop avoidance condition is NOT forward traffic received from VPC peer-link over VPC conection.
In 3rd case connection via SSH to nexus2 (for example) goes to nexus1, passes VPC-peer-link and reached nexus2 - so nexus2 doesn't send traffic further via VPC link - and doesn't hit Loop condition avoidance.
Game on! As a part of Cisco Live US auxiliary programs, we invite you to learn new technologies and obtain hands-on experience in a fun way by playing Capture the Flag (CTF).
Your mission: solve interesting challenges based on use-cases, technologies and ...
Hi,I'm trying to setup a cellular connection on my Cisco 1111 router.The interface is UP and it gets a private IPv4 and a public IPv6 address.If I try to send something on IPv4 through the cellular interface it works fine.But there seems to be an issue wi...
For an offline or printed copy of this document, simply choose ⋮ Options > Printer Friendly Page. You may then Print, Print to PDF or copy and paste to any other document format you like.
Is your WAN ready for a multicloud transformation?
Network Insider Live Webinar
Tuesday, July 21, 2020 10:00 am Pacific Time (San Francisco, GMT-08:00)
This webinar will show how convergence between SD-WAN and Security is emerging as important new SASE a...