N5K vPC Keepalive link and management concerns

Unanswered Question
Apr 8th, 2010

I need help with the concept of the vPC keepalive link.  I am trying to get my head round some configs before the kit turns up which is on order...

I have seen a Cisco doc that says you can use an SVI for the keepalive link on the N5K, but how do you do that as I though the N5K was a L2 switch and the command references I have searched through dont show a the command: interface vlan x

Basically I am trying to work out how to manage this switch remotely and and get the Keepalive operational, but I dont have a separate dedicated management LAN to use (who does these days?).  So if I have to use an SVI, that means it runs on a VLAN, which will have to cross the vPC PeerLink, and this I thought was a fundamental no-no of the vPC design rules: dont send the keepalive across the peerlink.

On the N7K I will use a dedicated L3 point-to-point fibre interface for the Keepalive as a I dont have a management LAN, so that seems easy enough, yes/no?

Thanks for any explanation attempts in advance...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
ganeshh.iyer Mon, 04/12/2010 - 05:12

I need help with the concept of the vPC keepalive link.  I am trying to get my head round some configs before the kit turns up which is on order...

I have seen a Cisco doc that says you can use an SVI for the keepalive link on the N5K, but how do you do that as I though the N5K was a L2 switch and the command references I have searched through dont show a the command: interface vlan x

Basically I am trying to work out how to manage this switch remotely and and get the Keepalive operational, but I dont have a separate dedicated management LAN to use (who does these days?).  So if I have to use an SVI, that means it runs on a VLAN, which will have to cross the vPC PeerLink, and this I thought was a fundamental no-no of the vPC design rules: dont send the keepalive across the peerlink.

On the N7K I will use a dedicated L3 point-to-point fibre interface for the Keepalive as a I dont have a management LAN, so that seems easy enough, yes/no?

Thanks for any explanation attempts in advance...

Hi,

Check out the below link for vpc configuration on nexus 5k hope that helps.

http://jasonnash.wordpress.com/2009/08/10/vpc-virtual-port-channel-and-the-nexus-platform/

Ganesh.H

If helpful do rate the post

Nicholas Poole Tue, 04/13/2010 - 01:52

Thanks for posting but your blog doesnt answer my concern.  Your post shows using the mgmt0 port, which I know is what you can do, but without a seperate dedicated management LAN infrastructure how can I use it?  If I just put a xover cable between them then I cant remotely connect to the switch as the IP addresses are on a private wire only.  Im looking for an example of how to use an SVI instead of the mgmt0 interface, thanks.

selhassbaoui Wed, 05/19/2010 - 04:07

Hi,


I worked on the same thing last Week, and to separate The peer Link and the keepalive link:

Commun Config
feature interface-vlan
feature lacp
feature vpc
feature fex

  - I used one link 10Gig as trunk  with a dedicated Intervace VLAN  for a KeepAlive.

keepAlive Config

------------------config for 1st N5K--------------------------------

vlan 900

name VLAN-KeepAlive
exit
!
interface Vlan900
  ip address 192.168.250.5/30

  no shutdown

!

vpc domain 10
peer-keepalive destination 192.168.250.6 source 192.168.250.5 vrf default
exit

!

interface Ethernet1/33
description To-5020-RDC-132-Eth1/33-KeepAlive
switchport mode trunk
switchport trunk allowed vlan 900
no shut
exit
!

------------------config for 2nd N5K--------------------------------

vlan 900

name VLAN-KeepAlive
  exit
!
interface Vlan900
   ip address 192.168.250.6/30

  no shutdown

!

vpc domain 10
  peer-keepalive destination 192.168.250.5 source 192.168.250.6 vrf default
  exit

!

interface Ethernet1/33
  description To-5020-RDC-131-Eth1/33-KeepAlive
  switchport mode trunk
  switchport trunk allowed vlan 900
  no shut
  exit
!

  - Two links 10Gig bundled in a portchannel on each N5K for pee link

Peer Link Config

------------------config for 1st N5K--------------------------------

interface port-channel10
  description To-5020-RDC-132-vPCpeer
  switchport mode trunk
  switchport trunk allowed vlan 1
  vpc peer-link
  spanning-tree port type network
  no shut
!
interface Ethernet1/35
  description To-5020-RDC-132-Eth1/35
  switchport mode trunk
  switchport trunk allowed vlan 1
  channel-group 10 mode active
  no shut
  exit
!
interface Ethernet1/36
  description To-5020-RDC-132-Eth1/36
  switchport mode trunk
  switchport trunk allowed vlan 1
  channel-group 10 mode active
  no shut
  exit
!

------------------config for 2nd N5K--------------------------------

interface port-channel10
   description To-5020-RDC-131-vPCpeer
   switchport mode trunk
   switchport trunk allowed vlan 1
   vpc peer-link
   spanning-tree port type network
   no shut
!
interface Ethernet1/35
   description To-5020-RDC-131-Eth1/35
   switchport mode trunk
   switchport trunk allowed vlan 1
   channel-group 10 mode active
   no shut
   exit
!
interface Ethernet1/36
   description To-5020-RDC-131-Eth1/36
   switchport mode trunk
   switchport trunk allowed vlan 1
   channel-group 10 mode active
   no shut
   exit
  !

I used the interface VLAN 1 for management.

BR;

ppflaum12 Fri, 07/23/2010 - 18:34

Do you have to use a seperate svi? Or could you use vlan 1 in your configuration?

CSCO11961300 Mon, 04/30/2012 - 01:27

Dear,

There is also some additionnal considerations to set up VPC peer keep-alive with a SVI:

Please find below recommandations from CISCO :

In  an emulated switch setup, inband keepalive does not work. The following  steps are recommended for peer keepalive over SVI when a switch is in  FabricPath mode:

Use a dedicated front panel port as a vPC+ keepalive. The port should be in CE mode.

Use a dedicated VLAN to carry the keepalive interface. The VLAN should be CE VLAN.

Add  the management keyword to the corresponding SVI so that the failure of a  Layer 3 module will not bring down the SVI interface.

Enter the dual-active exclude interface-vlan keepalive-vlan command to prevent the SVI from going down on the secondary when a peer-link goes down

The "management" keyword have to be applied on the vlan interface (with dedicated VLAN), and  "dual-active" command....

Because else interface VLAN is considered as a common forwarding interface.

Please find below the related link :

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/release/notes/Rel_5_1_3_N2_1/Nexus5000_Release_Notes_5_1_3_N2.html

I hope it will be helpfull,

Best Regards,

Actions

Login or Register to take actions

This Discussion

Posted April 8, 2010 at 9:37 AM
Stats:
Replies:7 Avg. Rating:
Views:9798 Votes:0
Shares:0

Related Content

Discussions Leaderboard