Re: vPC topology dropping packet - Page 3

YFZH · ‎08-30-2024

Hello,

I have a topology as below. Switch101 and switch102 are vPC peer, and switch201 and switch202 are another vPC peer. All the switches are Nexus 93180-EX
HostA is connecting to swtich101 with a orphan port (port-channel)
HostB is connecting to switch201/switch202 with vPC link.
HostA and HostB are put in the same vPC vlan and well trunked between switches.
I'm seeing some strange connection issues.
HostA and HostB can't ping each other on ipv6 but OK on ipv4
When I changed the subneting ipv4 (/29 -> /31), ipv6 (/125 -> 127), Ping over ipv6 start working which ping over ipv4 stops.
Capture packet showing the ICMP request didn't reach to the other host when pinging which makes me thinking it could be the switch dropping packets somewhere.
Any ideas are appreciated!
Thank you!

YFZH · ‎09-06-2024

Hey, sorry for the late. Tried that, it is all pinging from HostB to the SVI on 4 switches.
I changed the HostA to vPC and then HostB starts pinging HostA without any problem. It seems we have problem only when HostA is connect to an orphan port.

MHM Cisco World · ‎09-09-2024

Friend I think I found issue here

In SW101 are you use vpc xx under the PO of orphan?

If yes remove it and try ping again

MHM

vishalbhandari · ‎09-04-2024

It seems you're experiencing an issue that could be related to the Nexus switches handling of IPv6 traffic, especially in a mixed environment with both vPC and orphan ports involved. This type of issue might be caused by various factors such as incorrect configurations, vPC consistency problems, or even bugs in the switch software.

Here are some steps to troubleshoot and possibly resolve the issue:

1. Check vPC Consistency

Ensure that the vPC configurations between the peer switches (Switch101/Switch102 and Switch201/Switch202) are consistent. Use the command show vpc consistency-parameters to verify this. Inconsistent parameters can cause traffic to drop.

2. Review the ACLs/Policies

Check if there are any Access Control Lists (ACLs) or policies applied on the switches that might be affecting IPv6 traffic. Even if IPv4 traffic is unaffected, an ACL specifically filtering IPv6 traffic could be the issue.

3. vPC and Orphan Port Handling

Since HostA is connected via an orphan port and HostB via a vPC, ensure that the orphan port handling is configured correctly. Orphan ports can sometimes have issues with certain traffic flows, especially with multicast or IPv6.
You might want to check the configuration with the command show run interface port-channel x and compare with best practices for orphan ports in vPC environments.

4. MTU Mismatch

Ensure that there is no MTU mismatch between the interfaces involved. MTU issues can cause certain types of traffic to drop, especially with larger packets.

5. Software Bug

Check if there are any known software bugs related to vPC, IPv6, or orphan ports on your specific Nexus switch model and software version. You can check the Cisco Bug Search Tool or the release notes for your NX-OS version.

6. Capture Traffic on the Switches

Perform packet captures on the Nexus switches to trace where the ICMPv6 packets are being dropped. You can use the command monitor session to create a SPAN session and capture traffic.

7. Check for Route Advertisement and ND Issues

Ensure that the IPv6 Neighbor Discovery (ND) is working correctly. Issues with ND can sometimes cause IPv6 traffic to fail.
Verify the routing tables for any anomalies or missing routes.

8. Analyze Logs

Look at the switch logs for any errors or warnings related to vPC, interfaces, or IPv6 traffic. The command show logging log might provide insights.

If after these steps the issue persists, consider engaging Cisco TAC for more detailed troubleshooting, especially if it might involve a deeper bug in the NX-OS software.

MHM Cisco World · ‎09-11-2024

any update

MHM

YFZH · ‎09-11-2024

Hey, checked that, there isn't a vpc xx under the orphan PO. Otherwise it won't be showing in the "show vpc orphan-ports".
Still have no idea of the reason.....

interface port-channel25
  description [HOSTA]
  switchport
  switchport mode trunk
  switchport trunk allowed vlan 982,984
  spanning-tree port type edge trunk
  spanning-tree bpdufilter enable

switch101# show vpc orphan-ports
Note:
--------::Going through port database. Please be patient.::--------

VLAN           Orphan Ports
-------        -------------------------
984            Po25
switch101#

MHM Cisco World · ‎09-14-2024

The ping from R4 to R6 success if the R3-PO-NSKs is healthy up
when I down e1/3 in NSK-1 the ping start failed

Lab I use is single not double sided vPC and face same issue'

The traffic since pass peer-link os not allow to pass to orphan port' and that opposite of what cisco mention for NSK.

So I search and I dont find any link about you can use PO as orphan' and that I think the issue here.

To check

Can you only use single link access port first and ping from host to host.

Thanks for waiting

MHM

YFZH · ‎09-16-2024

Hello, thanks for testing this.
Tried it, it worked at the beginning, and it started dropping packets after a while. Keep monitoring the status.
I made it mostly like what you did, but as you know our topology has another peer of vPC switches.
Cheers

MHM Cisco World · ‎09-16-2024

""I made it mostly like what you did""

Can I know how you config orphan?

Also keep monitoring traffic I hope it will work.

MHM

YFZH · ‎09-17-2024

Hey, the orphan port config is pretty simple, seems still dropping packet from time to time.

switch101# show run interface eth 1/25
interface Ethernet1/25
description [HostA-ens3f1np1]
switchport
switchport access vlan 984
spanning-tree port type edge
fec off
no shutdown

switch101# show vpc orphan-ports
Note:
--------::Going through port database. Please be patient.::--------

VLAN Orphan Ports
------- -------------------------
984 Eth1/25
switch101#

The only difference is our topology has another peer of vPC switches (201 and 202) for the connection to HostB

MHM Cisco World · ‎09-17-2024

The orphan is good and if you see some drops, then last thing remove link between hostB and NSK-202 and check ping from hostA to HostB with repeat 100 and share result.

In your design there are two issue

1-orphan use PO

2-there is no cross between two NSK pairs

MHM

YFZH · ‎09-21-2024

Hello, some update for this.
I tried following and the result so far:
1. Use standalone physical orphan port for Host A uplink, issue exist
2. Use PO orphan port for Host A uplink, issue exist
3. Use vPC connection on switch101 and switch102 for Host A uplink, issue still exist
-------------------
I set up another two hosts, Host C and Host D.
Host C using the same connection type as Host A
Host D using the same connection type as Host B
Tried above 3 connection types, not observing the same issue as we had on HostA-HostB connection.
The connection between HostA and HostD is also healthy.
This made me thinking it could be something wrong with HostB itself, but not the network, although I'm still not 100% confidence on this.

MHM Cisco World · ‎09-22-2024

For hostA and hostB

Did you try below when HostA is use single access link

"" then last thing remove link between hostB and NSK-202 and check ping from hostA to HostB with repeat 100 and share result.""??

MHM

YFZH · ‎09-22-2024

Yes, should have mentioned it.
Tried removing link hostB--NSK-202, same result.
Also tried removing link hostB--NSK-201 to eliminate link issue, nothing changed.

MHM Cisco World · ‎09-30-2024