vPC between 2 redundant sets of nexus 5020

Unanswered Question
Sep 20th, 2011

Hi out there

we are running a a redundant set of nexus 5020 nxos 4.2.1 and another set running 5.0.3. They are inter-connected with 2 10GB fiberlinks with 50km's between given a latency of approximately ½ mSec - is there anything special to be aware of in this setup?

Can some help me with a sample setup - the setup should looke like this:

nx5k1-1 <----------------50km fiber link 1----------------------> nx5k2-1

I                                                                                                 I

I vpc domain 10                                                                       I vpc domain 11

I                       vPC connection  between sites                     I

I                                                                                                 I

I peerlink for   vPC dom 10                                                    I peerlink for vPC dom 11

I                                                                                                 I

nx5k1-2 <-------------------50km fiber link 2---------------> nx5k2-2

best regards

thomas iwang

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Jerry Ye Tue, 09/20/2011 - 10:59

Is the 2 50KM fibers in a vPC?

I think this is fine if the fibers are in vPC.

Regards,

jerry

tiwang Tue, 09/20/2011 - 11:10

hi again

I would like to have them in a vpc - until now I have only the first link active - the other is a manual standby - but I expect that I could create a fine solution by holding both links into a single vPC which hereby would give less problems with spanning tree and automatic failover in the event of failure of a link

Anyone with a sample config? All I have been able to find are with the nx2k's or nx7k which might be a bit different..

Jerry Ye Tue, 09/20/2011 - 11:41

I would suggested you to upgrade the N5K running 4.2.1 to 5.x to take advantage of the peer-switch feature. This case. both N5K at vPC domain 10 will look at vPC domain 11 as 1 switch and wise versa.

Here is some sample config:

### vPC Domain 10 SW1

vpc domain 10

  peer-keepalive destination x.x.x.x source x.x.x.x vrf management

  peer-switch

interface Ex/x <- fiber 1

switchport

udud aggressive

channel-group 10 mode active

interface port-channel 10

switchport

switchport trunk ...

vpc 10

### vPC Domain 10 SW2

vpc domain 10

  peer-keepalive destination x.x.x.x source x.x.x.x vrf management

  peer-switch

interface Ex/x <- fiber 2

switchport

udud aggressive

channel-group 10 mode active

interface port-channel 10

switchport

switchport trunk ...

vpc 10

### At Remote vPC Domain 11 SW1

vpc domain 11

  peer-keepalive destination y.y.y.y source y.y.y.y vrf management

  peer-switch

interface Ex/x <- fiber 1

switchport

udud aggressive

channel-group 11 mode active

interface port-channel 11

switchport

switchport trunk ...

vpc 11

### At Remote vPC Domain 11 SW2

vpc domain 11

  peer-keepalive destination y.y.y.y source y.y.y.y vrf management

  peer-switch

interface Ex/x <- fiber 1

switchport

udud aggressive

channel-group 11 mode active

interface port-channel 11

switchport

switchport trunk ...

vpc 11

HTH,

jerry

tiwang Tue, 09/20/2011 - 12:50

hi again

are the udud keywords necessary? (should probably be udld in nxos) do I get some benefits when the vpc is established?

best regards /ti

Jerry Ye Tue, 09/20/2011 - 13:18

UDLD is just additional layer of protection. I've recommended all my customer to do that.

To tune on UDLD on NXOS:

feature udld

interface ex/x

udld aggressive

HTH,

jerry

tiwang Wed, 09/21/2011 - 02:24

ok - I have newer been using this feature so I was a little in doubt about but looks as a good extra feature.

btw - the previous vpc peers I have been working with have only involved a single vpc domain - the vpc domain number reflects the channel-group to which an interface is assigned - I do not want to try it but since we define the peer's when we define the domain I could use the same vpc domain number in both ends even if it is to separate endpoints - or? this would do any harm on the endpoints since we define the peers separetly

best regards /ti

Jerry Ye Wed, 09/21/2011 - 06:22

I hope you are talking about the peers at the same site. If this is the case, your design is fine.

You can't have the same vPC domain on your remote site since it would cause conflict and confusion.

HTH,

jerry

tiwang Wed, 09/21/2011 - 12:53

hi again

no I can see that it is a bit blurry what I tried to explan - suppose I for some reason have configured the vpc domain as "1" on all boxes - even though it looks ugly it should still work because we define the domains by the peers - or?

what I mean is that I could use vpc domain 1 in both ends because what matters is whereto I define the peers - the number itself isn't important as long as it is correct defined within the peers - or?

best regards /ti

Jerry Ye Wed, 09/21/2011 - 13:19

Having duplicate domain IDs in the same L2 domain can cause layer 2 instabilities and here is the reason:

1. In order to provide the illusion of a single switch, the system-id must be unique across the switches that are part of the same "vpc domain".

2. The system-id in a vPC setup is derived algorithmically from the "domain-id" as follows:

    The mac-address is derived from a reserved pool of addresses with the domain ID.

    This MAC is also used to generate BPDUs.

HTH,

jerry

tiwang Wed, 09/21/2011 - 14:13

ok - newer try this - but - hmm - have this pair of nexus 5020 runnin the new nxos where I have configure the peer-link - but the peer keepalives cannot reach each other

skan5020-01# sh vpc role

vPC Role status
----------------------------------------------------
vPC role                        : none established             
Dual Active Detection Status    : 0
vPC system-mac                  : 00:00:00:00:00:00            
vPC system-priority             : 32667
vPC local system-mac            : 00:05:73:e1:02:bc            
vPC local role-priority         : 0  
skan5020-01# sh vpc peer-keepalive

vPC keep-alive status           : Suspended (Destination IP not reachable)
--Send status                   : Success
--Last send at                  : 2011.09.21 21:10:01 74 ms
--Sent on interface             : mgmt0
--Receive status                : Failed
--Last update from peer         : (4269606) seconds, (190) msec

vPC Keep-alive parameters
--Destination                   : 172.21.246.53
--Keepalive interval            : 1000 msec
--Keepalive timeout             : 5 seconds
--Keepalive hold timeout        : 3 seconds
--Keepalive vrf                 : management
--Keepalive udp port            : 3200

then config is just this:

rsion 5.0(3)N2(1)
feature vpc

vpc domain 2
  peer-keepalive destination 172.21.246.53 source 172.21.246.52

any suggestion?

Jerry Ye Wed, 09/21/2011 - 14:35

Make sure you can ping your management interfaces. It looks like to me is a connectivity issue.

Regards,

jerry

tiwang Wed, 09/21/2011 - 23:52

yes no problem with that - stupid error - only half of the boxes had the vpc feature enabled...

hresch Thu, 10/13/2011 - 14:54

Hi, with 5.0.3 on N5K I cannot find the peer-switch feature/command, does it not exist any longer , how to achive the same behaviour ?

Thx

Hubert

Jerry Ye Thu, 10/13/2011 - 15:43

Just realized that there was a mistake in my previous post. peer-switch command is not available on the N5Ks yet.

In you case, without the peer-switch command will still work but if the N5Ks are STP primary and secondary, and when the primary bounced, it will cause STP to re-converge. peer-switch is there to avoid re-converge but it is not available on the N5Ks yet. And you have to set the STP root to vPC primary and secondary root to vPC secondary.

Regards,

jerry

hresch Thu, 10/13/2011 - 22:07

Ok its not available yet , thx, I already saw some sample-config with peer-switch command for Nexus5000 (probable a copy paste error from a N7K config)

so I assume the system priority and the system mac under the vpc config is only used for LACP , correct ?

Thx

Hubert

Jerry Ye Fri, 10/14/2011 - 04:33

You are correct for both system-priority and system-mac usage.

HTH,

jerry

Actions

Login or Register to take actions

This Discussion

Posted September 20, 2011 at 10:55 AM
Stats:
Replies:16 Avg. Rating:
Views:1255 Votes:0
Shares:0
Tags: 2, nexus, layer, vpc, 5k
+
Categories: Switches
+

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
69
65
55