vPC topology dropping packet

YFZH · ‎08-30-2024

Hello,

I have a topology as below. Switch101 and switch102 are vPC peer, and switch201 and switch202 are another vPC peer. All the switches are Nexus 93180-EX
HostA is connecting to swtich101 with a orphan port (port-channel)
HostB is connecting to switch201/switch202 with vPC link.
HostA and HostB are put in the same vPC vlan and well trunked between switches.
I'm seeing some strange connection issues.
HostA and HostB can't ping each other on ipv6 but OK on ipv4
When I changed the subneting ipv4 (/29 -> /31), ipv6 (/125 -> 127), Ping over ipv6 start working which ping over ipv4 stops.
Capture packet showing the ICMP request didn't reach to the other host when pinging which makes me thinking it could be the switch dropping packets somewhere.
Any ideas are appreciated!
Thank you!

MHM Cisco World · ‎08-30-2024

Hi friend

Host share same ipv4 subnet? If yes did you add vlan in all four NSK?

If different subnet did you config hsrp in each NSK pair (upper pair and lower pair)?

Dis you config static route if each host use different subnet ?

MHM

YFZH · ‎08-30-2024

Same subnet for the two hosts and yes, that vlan is across all four nexus switches.

MHM Cisco World · ‎08-30-2024

If vlan in all NSK then check double-sided

Did you use different domain in both pair ?

Are the vlan is allow in peer-link in both pair ?

I am talking about ipv4' for ipv6 sorry I dont have so acknowledge in this ip family.

MHM

YFZH · ‎08-30-2024

Yes, different vPC domains. Switch101 and switch 102 are using vPC domain 100, Switch201 and switch202 are using vPC domain 101.
The vlan is allowed on peer link and spanning tree are looking good.
It seems just packets were dropped somewhere.
BTW, the switches are on NXOS: version 9.3(10)

MHM Cisco World · ‎08-30-2024

Between host and NSk abd between NSK pairs you use different vpc numbers or same ?

MHM

YFZH · ‎08-30-2024

Different vPC numbers.
The other test I made was setting up a SVI on switch102. So it is just HostA- Switch101-Switch102. It still has the same issue between switch102 SVI and HostA, ipv4 not pinging this time.

MHM Cisco World · ‎08-30-2024

From hostB to NSK202 remove cable and check ping repeat 100 check how much loss ypu get

Then from HostB to NSK201 remove cable and check 100 repeat ping

MHM

YFZH · ‎08-30-2024

Tried that, same result for disconnecting either link to 201 or 202.
Packet captured showing the ARP request/reply between HostA and HostB. But the ICMP request never reach the other side.

MHM Cisco World · ‎08-30-2024

Ok' make cross connect between 202 and 101 and between 201 and 102

MHM

YFZH · ‎08-30-2024

That's a bit hard for us. 101 and 102 are in Rack A, 201 and 202 are in Rack B. We have only two links between this two racks.
Any other way we can make it work?

MHM Cisco World · ‎08-30-2024

Again try

From hostB to NSK202 remove cable and check ping repeat 100 check how much loss you get

This time clear mac in all NSk'

If this work and there is no loss then

The frame pass peer-link in any pair by defualt not forward via any vpc port' this break frame and you need cross if you cant I will check other solution' but let first be sure this is issue here

MHM

YFZH · ‎08-30-2024

Tried disconnecting HOSTB to switch202, still not going.
Also tried disconnecting HOSTB to switch201, not pinging as well.

MHM Cisco World · ‎08-30-2024

Did you clear mac after disconnect?

MHM

YFZH · ‎08-30-2024

Yes, I did that. And mac address table on switches looks good on the switches. Only switch201 has that MAC on the port to HOSTB, switch202 showing it via peerlink.
IPv6 pings well. Just IPv4 not going.
Same result when I enabled HOSTB link to switch202 and disconneced link to 201.