This is the Q&A from "Cisco Nexus: Troubleshooting and Common Issues".
Nexus Troubleshooting and Common Issues Related:
Q: will u be discussing EvPC/vPC+ as well? A: We will not be covering them, but to give you a background, EvPC and vPC+ are exactly same as a vPC from the operational point of view. They are different just feature wise.
Q: what is fullform of VDC? A: VDC stands for Virtual Device Context
Q: why we use CFS when VPC peer keep alive is there ? A: Peer keepalive is jst a layer 3 link which will will be used for sending/rceiving periodic keepalive messages so that the peer will come to know the existence of the other device inteh vpc domain CFS is for state exchange between vPC peers. Keepalive is just a hello to make sure the other peer is alive
Q: How is the loadsharing done among VPC portchannel members? A: loadsharing is based on a normal port-channel load balance hashing,,this is userconfigurable
Q: what's the command to see effective bandwidth of the port channel? A: show interface Po<> should be able to show you the combined b/w.. eg; Core-1# sh int po45 | in BW MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec
Q: is this mandatory to have VPC peer link on different VRF? A: its the peer keepalive link which needs to be on a different vrf; Peer link is not layer3; by default, if you do not specify any VRF for keepalive, then it will be taking management vrf by default.
Q: how to configure vpc between VSS switch pair and nexus 5596 up pair switches. A: It is advised that each chassis on a VSS pair is dual homed to each of the N5K peer.
Q: Could be establish VPC between Nexus and VSS switch A: Nexus 7000 can be configured in vPC and you can connect any switch downstream via vPC port channel; it can be VSS or any other platforms To clarify further; when you configure vPC; it should be established first b/w two nexus 7000 switches; Once they are in vpc, we can connect any downstream switches via special port channel(vpc port channel) and those downstream switches can be any platf
Q: in 3rd case then both n7k will work independtly?? A: in the 3rd case; both teh switches will act as vPC primary(which wil be seen in the show vpc command output). However, this will result in both teh switches sending same LACP ID to teh downstream switches which wil result in inconsistencies;
Q: ARP is not syncronized through primary?? A: apart from the bulk sync when a secondary comes up,, vPC peers also maintain a differential periodic sync over CFS
Q: wha is the command to check adjency..? A: you can use the command- show vpc wherein you will see teh Adjacency status b/w both teh switches. this wil sohw the current switch's role(whether it is primary or secondary)
Q: Can this vpc update will be same in 5k? A: do you mean arp synchronize on N5K?? Yes, it will update.
Q: when primary goes down sec will be operational primary . What will happen when switch A will come up again ? I heard that it will not work as primary automatically A: when Sw-A comes back u, it iwll join as secondary. no Pre-emption is present and so, we might need to flap peer link or reload the other switch in order to make the Sw-A as active
Q: What is reload restore? A: suppose we have a situaiton wherein there is a complete outage of power and both the switches in vpc went down; and after the recovery, say only sw-A came up and sw-B is still down; for vpc to come up, we should hav the adjacency to be up.but since the SW-B is still down, the adjacency wont come up and this woudl result in SW-A NOT bringin up its vpc's(connection towards teh downstream switches ). to overcome this problem, we have the reload restore which will bring up the vpc's. the reload restore command is now deprecated and we shoudl be using "auto recovery" which serves the smae purpose
Q: what is the commnd to check VPC is working as expected A: show vpc is the best comand to check; it gives the details- a) whether peer is reachable via keepalive link, b) is the vpc peer adjacent or not, c) status of the downstream vpc's, d) vlans allowed, e) status of other features like auto reocvery
Q: what is Graceful-Consistency Check? A: We have a few parameters that have to match between the vPC peers for the vPCs to come up. This check does this job.If an inconsistency is detected, links on seconday vPC are suspended
Q: Is there any restriction in the number of VPC domains which can be created? A: On nexus 7000, we confiugre one single domain and only one is suported; However, for downstream switches, a max of 256 vpc's is supported. To explain further, we establish one single vpc domain(with two nexus boxes) and then create port channels for downstream switches which will be confiugred as vpc's
Q: with kickstart.5.2.7 , is vpc works fine A: Yes vPC is supported from 4.x onwards. so, it should work with 5.2(7) as well. are you looking for a specific issue related with vPC?
Q: We were chcking for an option to connect the data centre nexus architecture of 7k and 2k (is already VPC enabled)to connect a VSS switch pair with VPC. So just want to check this model would not have issues as we are establishing VPC between3 VPC domains A: Coudl you clarify on the 3 vpc domains please, are you going to connect the VSS onto the Nexus 7k or Nexus 2k?
Q: we would be connecting the VSS to N7K A: so, I believe, the connection would be VSS having links towards N7k-1 and N7k-2 resp which are in vPC, right
Q: yes A: so, in that case, you jst need to establish links towards N7k-1 and N7k-2; for redundancy purpose, you can hav links from both the Active & standby of VSS toards the N7k-1 and N7k-2; you can also hav multiple links . ythat wil make sure that we dont hav any single point of failure. configure the links to be part of same port channel on N7k-1 and N7k-2 and under the interface Po<>, you hav to give the vpc <vpc no> and the above confiugration, has to be done on both the N7k-1 and N7k-2; once done, you can verify the status of the port channel using the show vpc <vpc no>
Q: other production VLANs where production traffic is flowing. should we manually block those VLAns flowing through peer link (we have peer link as trunk) A: do you mean non-vPC vlans?? If yes, then we will need another link to carry non-vpc vlans, this is not the same for N5k, there we would use peer-link to carry both vpc and non-vpc vlans
In L3OUT we can use OSPF, EIGRP, Or BGP when choosing routing protocols. In case of Multi-tenancy , We need to use multiple instances of the routing protocol (OSPF/EIGRP). one instance for each tenant since each one is in a different VRF. This makes sense...
Hello,I have ACI fabric (APIC v5.1) and legacy backbone routers (NX-OS 9.3). ACI config is trivial: one user tenant, one VRF and one L3Out with static routing to the backbone using L3 routed interface.Now, I have to extend second VRF from NX-OS backbone t...
Hi Our security team is asking if it's possible to deploy a NDR solution in our datacenter fabric to ingest "all traffic" for analysis. All they're asking is to SPAN all traffic on each Leaf switch into the NDR device. I've made it clear that th...
Hi All We have a pair of N7Ks waiting to be upgraded. The N7Ks currently have single SUPs. We have ordered a pair of new SUPs . Not sure what the version of the IOS is in the new SUPs. What is the best way to get the new SUPs installe...