08-30-2024 03:47 PM
Hello,
I have a topology as below. Switch101 and switch102 are vPC peer, and switch201 and switch202 are another vPC peer. All the switches are Nexus 93180-EX
HostA is connecting to swtich101 with a orphan port (port-channel)
HostB is connecting to switch201/switch202 with vPC link.
HostA and HostB are put in the same vPC vlan and well trunked between switches.
I'm seeing some strange connection issues.
HostA and HostB can't ping each other on ipv6 but OK on ipv4
When I changed the subneting ipv4 (/29 -> /31), ipv6 (/125 -> 127), Ping over ipv6 start working which ping over ipv4 stops.
Capture packet showing the ICMP request didn't reach to the other host when pinging which makes me thinking it could be the switch dropping packets somewhere.
Any ideas are appreciated!
Thank you!
08-30-2024 04:20 PM
I did another test:
Disconnected HostB from network.
Configured a SVI on switch102 using HostB's ip address.
Observed same issue when ping to HostA.
08-30-2024 07:05 PM
Made another test, trying to narrow down the scope of the problem.
This time, I limited the test to only between HOSTA, switch101, and switch102.
I configured an SVI on switch102 for VLAN 984, using the same /31 subnet for IPv4. VLAN 984 is allowed through the peer-link between switch101 and switch102.
When pinging from switch102's interface VLAN 984 to HOSTA, the ping failed, and no packets arrived at HOSTA. Spanning tree appears correct on both switch101 and switch102.
Switch102
switch102# ping 192.168.11.18 source 192.168.11.19
PING 192.168.11.18 (192.168.11.18) from 192.168.11.19: 56 data bytes
Request 0 timed out
Request 1 timed out
Request 2 timed out
Request 3 timed out
Request 4 timed out
--- 192.168.11.18 ping statistics ---
5 packets transmitted, 0 packets received, 100.00% packet loss
switch102# show ip arp 192.168.11.18
Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface
IP ARP Table
Total number of entries: 1
Address Age MAC Address Interface Flags
192.168.11.18 00:00:20 INCOMPLETE Vlan984
switch102# sh spanning-tree vlan 984
VLAN0984
Spanning tree enabled protocol rstp
Root ID Priority 37848
Address 0023.04ee.be64
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 37848 (priority 36864 sys-id-ext 984)
Address 0023.04ee.be64
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po5 Desg FWD 1 128.4100 (vPC) Network P2p
Po21 Desg FWD 1 128.4116 (vPC) Network P2p
Po1024 Desg FWD 1 128.5119 (vPC peer-link) Network P2p
Switch101
switch101# show spanning-tree vlan 984
VLAN0984
Spanning tree enabled protocol rstp
Root ID Priority 37848
Address 0023.04ee.be64
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 37848 (priority 36864 sys-id-ext 984)
Address 0023.04ee.be64
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po5 Desg FWD 1 128.4100 (vPC) Network P2p
Po21 Desg FWD 1 128.4116 (vPC) Network P2p
Po25 Desg FWD 1 128.4120 P2p
Po1024 Root FWD 1 128.5119 (vPC peer-link) Network P2p
switch101# show vpc orphan-ports
Note:
--------::Going through port database. Please be patient.::--------
VLAN Orphan Ports
------- -------------------------
984 Po25
switch101# show run interface po 25
!Command: show running-config interface port-channel25
!Running configuration last done at: Sat Aug 31 01:18:58 2024
!Time: Sat Aug 31 01:45:37 2024
version 9.3(10) Bios:version 05.47
interface port-channel25
description [HOSTA]
switchport
switchport mode trunk
switchport trunk allowed vlan 984
spanning-tree bpdufilter enable
switch101#
The vPC loop avoidance drops frames from the peer-link to a vPC member port. However, in this case, the port on switch101 connected to HOSTA is an orphan port, so it should not be affected by the vPC loop prevention mechanism in my understanding.
08-31-2024 01:46 AM
Hi friend,
First can you share config of four NSK and orphan hostA and vpc PO hostB and show vpc brief
Also why you config orphan and vpc interface with spanning tree port type network? It must edge not network
Network port use bridge assurance and that issue
MHM
08-31-2024 01:58 PM
Still waiting your sharing
Thanks
MHM
08-31-2024 02:10 AM
Hello
you have a vpc cluster which looks like an orphan SVI 984 Sw102 and orphan host on sw101 that are using a /31 address range correct?, if so the question is why?
08-31-2024 02:17 AM
@YFZH you do test using /29 or /31?
MHM
08-31-2024 01:43 PM
Tested it with both /29 and /31 subnet, same result.
08-31-2024 01:42 PM
Our target is to setup a point to point connection between the two hosts, that's why we used /31.
Also tested it with /29 with the same result.
08-31-2024 02:28 PM - edited 08-31-2024 02:32 PM
09-01-2024 12:32 AM
friend your vPC is not complete correct some SW have none VLAN in Peer-link and other have additional VLAN
additional VLAN effect the STP, what STP mode you run ?
MHM
09-01-2024 02:21 PM - edited 09-01-2024 02:22 PM
Thank you for checking this.
For some reason the file for switch202 isn't correct, attached it in here and it only has vlan 1-6,984 over the vPC peerlink and Po 19.
Regarding the vpc Peer-link on switch102. It is looking good on vlans. Probably a display issue, so it was not copied over properly. Repost it below
switch102# sh vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 100
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 6
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Enabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po1024 up 1-6,984
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
5 Po5 up success success 1-6,984
Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.
09-02-2024 11:48 PM
Can yoh share output for all SW together'
Thanks
MHM
09-03-2024 02:38 PM
09-04-2024 12:04 AM
09-06-2024 06:20 AM
Any update friend
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide