N7K question about vPC

danilodicesare · ‎04-04-2010

Hi all,

few questions about vPC:

1 L3 devices attached vPC 7K, is NOT a recommended topology...so what do i have to do if i have to migrate some 6K to 7K with attached a lots of L3 multilayer switch? Just connect them in a non-vPC way? Could be a big mess.....

2 HSRP with vPC and L3 backup routing, how can i configure it? VLAN_XXX on vPC peer-link and enable ospf for that VLAN + redistribute static route to the core in ospf protocol?

3 HSRP group within vPC domain but not active member on group (Active and standby are on another site, on vPC site listen-listen 7K), traffic will pass trought 7K for going to Active HSRP router or is handled by the 7K?

tnx

Das

allan.thomas · ‎04-04-2010

Hi,

To simply clarify the position regarding L3 interfaces that you should be aware of when you attach a Layer 3 device to a vPC domain and that is the peering of routing protocols using a VLAN also carried on the vPC peer-link is not supported. If routing protocol adjacencies are needed between vPC peer devices and a generic Layer 3 device, you must use physical routed interfaces for the interconnection.

You can configure VLAN Interfaces for Layer 3 connectivity on the vPC peer devices to link to Layer 3 of the network for such applications as HSRP and PIM. However, Cisco recommend that you configure a separate Layer 3 link for routing from the vPC peer devices, rather than using a VLAN network interface for this purpose.

If you are extending your vlan boundaries for example from a 6K to 7K, ensure that your bridge priorities and hsrp master or primary gateway for the VLAN should still be the 6K. It is generally not acceptible for traffic to be routed off a vPC unless destined for another VLAN which is also off another vPC.

In such circumstances where for example you trunk a set of VLANs 2-10 from the 6K to the 7K, the STP root and HSRP primary should remain on the 6K unless of course you migrate these VLANs completely. This will ensure that traffic sourced from a host on VLAN2 which is destined for another VLAN not off a vPC but out to the Internet or AS then packet will be routed by the 6K, this guarantees that traffic is not routed across the peer-link. Remember vPC is purely L2 and a seperate L3 link should be used in order to form L3 adjacencies.

Here is an example of a L3 SVI for a local VLAN within a vPC:-

Switch1

interface Vlan160
no shutdown
ip address 10.x.x.253/24
ip router eigrp 200
ip passive-interface eigrp 200
hsrp version 2
hsrp 160
    preempt
    priority 105
    timers msec 250 msec 750
    ip 10.x.x.1
ip dhcp relay address 10.x.x.x
ip dhcp relay address 10.x.x.x.

Switch2

interface Vlan160
no shutdown
ip address 10.x.x.254/24
ip router eigrp 200
ip passive-interface eigrp 200
hsrp version 2
hsrp 160
    preempt
    timers msec 250 msec 750
    ip 10.x.x.1
ip dhcp relay address 10.x.x.x
ip dhcp relay address 10.x.x.x

Regards

Allan.

Hope this helps, pls rate help posts.

allan.thomas · ‎04-04-2010

Hi,

To simply clarify the position regarding L3 interfaces that you should be aware of when you attach a Layer 3 device to a vPC domain and that is the peering of routing protocols using a VLAN also carried on the vPC peer-link is not supported. If routing protocol adjacencies are needed between vPC peer devices and a generic Layer 3 device, you must use physical routed interfaces for the interconnection.

You can configure VLAN Interfaces for Layer 3 connectivity on the vPC peer devices to link to Layer 3 of the network for such applications as HSRP and PIM. However, Cisco recommend that you configure a separate Layer 3 link for routing from the vPC peer devices, rather than using a VLAN network interface for this purpose.

If you are extending your vlan boundaries for example from a 6K to 7K, ensure that your bridge priorities and hsrp master or primary gateway for the VLAN should still be the 6K. It is generally not acceptible for traffic to be routed off a vPC unless destined for another VLAN which is also off another vPC.

In such circumstances where for example you trunk a set of VLANs 2-10 from the 6K to the 7K, the STP root and HSRP primary should remain on the 6K unless of course you migrate these VLANs completely. This will ensure that traffic sourced from a host on VLAN2 which is destined for another VLAN not off a vPC but out to the Internet or AS then packet will be routed by the 6K, this guarantees that traffic is not routed across the peer-link. Remember vPC is purely L2 and a seperate L3 link should be used in order to form L3 adjacencies.

Here is an example of a L3 SVI for a local VLAN within a vPC:-

Switch1

interface Vlan160
no shutdown
ip address 10.x.x.253/24
ip router eigrp 200
ip passive-interface eigrp 200
hsrp version 2
hsrp 160
    preempt
    priority 105
    timers msec 250 msec 750
    ip 10.x.x.1
ip dhcp relay address 10.x.x.x
ip dhcp relay address 10.x.x.x.

Switch2

interface Vlan160
no shutdown
ip address 10.x.x.254/24
ip router eigrp 200
ip passive-interface eigrp 200
hsrp version 2
hsrp 160
    preempt
    timers msec 250 msec 750
    ip 10.x.x.1
ip dhcp relay address 10.x.x.x
ip dhcp relay address 10.x.x.x

Regards

Allan.

Hope this helps, pls rate help posts.

betacomsvc · ‎07-29-2010

hi Allan,

I have a few questions related to the method of L3 peering between N7k and a generic L3 device (let's say it is a router) - the idea is to connect N7k to the core network. The current design is based on Cat6k switches (they are the core of my network) which have many Vlans and SVI interfaces for them.

EIGRP is also used currently on Cat6k and other L3 devices in my network.

The goal is to extend Vlans from the current Cat6k to a pair of N7k configured for vPC. To do that I would have to configure L2 trunks (and NOT to use vPC links) between Cat6k and a pair of N7k and use them to pass all the current Vlans to N7k. How to establish EIGRP adjajency between Cat6k and N7k and at the same time pass all the vlans? Should I add any new Vlan on N7k/Cat6k, create SVI for it and use it to establish EIGRP peering?

Is the above the correct thinking? if not how to do that?

- One of the design docs say that we MUST use L3 routed interfaces to connect these two devices (N7k and a core network).

- Other ones mention that the _recommended_ way is to use L3 routed interfaces to connect these two devices ('recommended' means what? that any other options are available? what are they?)

- And other ones say that can use Vlan peering (through SVI interfaces) if only we make sure not to use vPC vlans (peering of routing protocols using a VLAN also carried on the vPC peer-link is not supported). Does it mean that if I configure any new/additional Vlan between the core and the vPC domain + I would exclude that vlan from vPC peer-link that I can configure EIGRP/OSPF peering between a generic vPC device and vPC domain???

what about STP root and HSRP? During the migration can they stay on the 6K till I move all my servers from 6k to N7k?

Will the communication be ok? or I can came across the situation that the traffic would be filtered by the peer-link of N7k?

regards,

m.w

aamercado · ‎08-14-2010

HSRP Version 2 and DHCP doesn't work well with ARPing.

I have my N7K and setup the following per what I believe is recommend design:

Core1-N7k is Primary as VPC peer, HSRP Version2 Active, STP root. My OSPF is set to Point to Point so no need to worry about DR and BDR. I have also setup a separate LACP for VPC VLAN versus another LACP for non-VPC vlans.

I have a VPC to a 3750 switch set to "spanning-tree port type normal" where all my HSRP/VLAN 2XXX is going through. Host sometimes can get DHCP or not, when they cannot I find there is an arp issue so need to bounce the vlan interface on the N7k to get it working but this is a bandaid.

I heard if I enable "Peer Gateway" on both N7K cores, this may solve the problem but create additional problems. I will probably try this but wondered if anyone had the same problem or a solution.