cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3563
Views
4
Helpful
43
Replies

vPC topology dropping packet

YFZH
Level 1
Level 1

Hello,

I have a topology as below. Switch101 and switch102 are vPC peer, and switch201 and switch202 are another vPC peer. All the switches are Nexus 93180-EX
HostA is connecting to swtich101 with a orphan port (port-channel)
HostB is connecting to switch201/switch202 with vPC link.
HostA and HostB are put in the same vPC vlan and well trunked between switches.
I'm seeing some strange connection issues.
HostA and HostB can't ping each other on ipv6 but OK on ipv4
When I changed the subneting ipv4 (/29 -> /31), ipv6 (/125 -> 127), Ping over ipv6 start working which ping over ipv4 stops.
Capture packet showing the ICMP request didn't reach to the other host when pinging which makes me thinking it could be the switch dropping packets somewhere.
Any ideas are appreciated!
Thank you!

Image 1.png

43 Replies 43

YFZH
Level 1
Level 1

I did another test:
Disconnected HostB from network.
Configured a SVI on switch102 using HostB's ip address.
Observed same issue when ping to HostA. 

YFZH
Level 1
Level 1

Made another test, trying to narrow down the scope of the problem.
This time, I limited the test to only between HOSTA, switch101, and switch102.
I configured an SVI on switch102 for VLAN 984, using the same /31 subnet for IPv4. VLAN 984 is allowed through the peer-link between switch101 and switch102.

YFZH_0-1725069569139.png

When pinging from switch102's interface VLAN 984 to HOSTA, the ping failed, and no packets arrived at HOSTA. Spanning tree appears correct on both switch101 and switch102.
Switch102

switch102# ping 192.168.11.18 source 192.168.11.19
PING 192.168.11.18 (192.168.11.18) from 192.168.11.19: 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out

--- 192.168.11.18 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
switch102# show ip arp 192.168.11.18

Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface

IP ARP Table
Total number of entries: 1
Address Age MAC Address Interface Flags
192.168.11.18 00:00:20 INCOMPLETE Vlan984
switch102# sh spanning-tree vlan 984

VLAN0984
Spanning tree enabled protocol rstp
Root ID Priority 37848
Address 0023.04ee.be64
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 37848 (priority 36864 sys-id-ext 984)
Address 0023.04ee.be64
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po5 Desg FWD 1 128.4100 (vPC) Network P2p
Po21 Desg FWD 1 128.4116 (vPC) Network P2p
Po1024 Desg FWD 1 128.5119 (vPC peer-link) Network P2p

 

Switch101

switch101# show spanning-tree vlan 984

VLAN0984
Spanning tree enabled protocol rstp
Root ID Priority 37848
Address 0023.04ee.be64
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 37848 (priority 36864 sys-id-ext 984)
Address 0023.04ee.be64
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po5 Desg FWD 1 128.4100 (vPC) Network P2p
Po21 Desg FWD 1 128.4116 (vPC) Network P2p
Po25 Desg FWD 1 128.4120 P2p
Po1024 Root FWD 1 128.5119 (vPC peer-link) Network P2p

switch101# show vpc orphan-ports
Note:
--------::Going through port database. Please be patient.::--------

VLAN Orphan Ports
------- -------------------------
984 Po25

switch101# show run interface po 25

!Command: show running-config interface port-channel25
!Running configuration last done at: Sat Aug 31 01:18:58 2024
!Time: Sat Aug 31 01:45:37 2024

version 9.3(10) Bios:version 05.47

interface port-channel25
description [HOSTA]
switchport
switchport mode trunk
switchport trunk allowed vlan 984
spanning-tree bpdufilter enable

switch101#

The vPC loop avoidance drops frames from the peer-link to a vPC member port. However, in this case, the port on switch101 connected to HOSTA is an orphan port, so it should not be affected by the vPC loop prevention mechanism in my understanding.

Hi friend, 

First can you share config of four NSK and orphan hostA  and vpc PO hostB and show vpc brief

Also why you config orphan and vpc interface with spanning tree port type network? It must edge not network

Network port use bridge assurance and that issue

MHM

Still waiting your sharing 

Thanks 

MHM

Hello
you have a vpc cluster which looks like an orphan SVI 984 Sw102  and orphan host on sw101 that are using a /31 address range correct?, if so the question is why?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

@YFZH you do test using /29 or /31?

MHM

Tested it with both /29 and /31 subnet, same result.

Our target is to setup a point to point connection between the two hosts, that's why we used /31.
Also tested it with /29 with the same result.

YFZH
Level 1
Level 1

Hello, attached are the configuration files and the output of show vpc brief for the four switches. I've removed some irrelevant parts, like SNMP settings, for security reasons. 

Really appreciate for your help.

friend your vPC is not complete correct some SW have none VLAN in Peer-link and other have additional VLAN 
additional VLAN effect the STP, what STP mode you run ?

MHM

Image 1.png

Thank you for checking this. 
For some reason the file for switch202 isn't correct, attached it in here and it only has vlan 1-6,984 over the vPC peerlink and Po 19.
Regarding the vpc Peer-link on switch102. It is looking good on vlans. Probably a display issue, so it was not copied over properly. Repost it below

 

switch102# sh vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 100 
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : secondary                     
Number of vPCs configured         : 6   
Peer Gateway                      : Enabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Enabled, timer is off.(timeout = 240s)
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router    : Enabled
Virtual-peerlink mode             : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id    Port   Status Active vlans    
--    ----   ------ -------------------------------------------------
1     Po1024 up     1-6,984                                                            

vPC status
----------------------------------------------------------------------------
Id    Port          Status Consistency Reason                Active vlans
--    ------------  ------ ----------- ------                ---------------             
5     Po5           up     success     success               1-6,984           

Please check "show vpc consistency-parameters vpc <vpc-num>" for the 
consistency reason of down vpc and for type-2 consistency reasons for 
any vpc.

 




Can yoh share output for all SW together'

Thanks 

MHM

Sure, here are the files for 4 switches.
Thank you.

vpc.png

Any update friend 

MHM

Review Cisco Networking for a $25 gift card