09-20-2011 10:55 AM - edited 03-07-2019 02:19 AM
Hi out there
we are running a a redundant set of nexus 5020 nxos 4.2.1 and another set running 5.0.3. They are inter-connected with 2 10GB fiberlinks with 50km's between given a latency of approximately ½ mSec - is there anything special to be aware of in this setup?
Can some help me with a sample setup - the setup should looke like this:
nx5k1-1 <----------------50km fiber link 1----------------------> nx5k2-1
I I
I vpc domain 10 I vpc domain 11
I vPC connection between sites I
I I
I peerlink for vPC dom 10 I peerlink for vPC dom 11
I I
nx5k1-2 <-------------------50km fiber link 2---------------> nx5k2-2
best regards
thomas iwang
09-20-2011 10:59 AM
Is the 2 50KM fibers in a vPC?
I think this is fine if the fibers are in vPC.
Regards,
jerry
09-20-2011 11:10 AM
hi again
I would like to have them in a vpc - until now I have only the first link active - the other is a manual standby - but I expect that I could create a fine solution by holding both links into a single vPC which hereby would give less problems with spanning tree and automatic failover in the event of failure of a link
Anyone with a sample config? All I have been able to find are with the nx2k's or nx7k which might be a bit different..
09-20-2011 11:41 AM
I would suggested you to upgrade the N5K running 4.2.1 to 5.x to take advantage of the peer-switch feature. This case. both N5K at vPC domain 10 will look at vPC domain 11 as 1 switch and wise versa.
Here is some sample config:
### vPC Domain 10 SW1
vpc domain 10
peer-keepalive destination x.x.x.x source x.x.x.x vrf management
peer-switch
interface Ex/x <- fiber 1
switchport
udud aggressive
channel-group 10 mode active
interface port-channel 10
switchport
switchport trunk ...
vpc 10
### vPC Domain 10 SW2
vpc domain 10
peer-keepalive destination x.x.x.x source x.x.x.x vrf management
peer-switch
interface Ex/x <- fiber 2
switchport
udud aggressive
channel-group 10 mode active
interface port-channel 10
switchport
switchport trunk ...
vpc 10
### At Remote vPC Domain 11 SW1
vpc domain 11
peer-keepalive destination y.y.y.y source y.y.y.y vrf management
peer-switch
interface Ex/x <- fiber 1
switchport
udud aggressive
channel-group 11 mode active
interface port-channel 11
switchport
switchport trunk ...
vpc 11
### At Remote vPC Domain 11 SW2
vpc domain 11
peer-keepalive destination y.y.y.y source y.y.y.y vrf management
peer-switch
interface Ex/x <- fiber 1
switchport
udud aggressive
channel-group 11 mode active
interface port-channel 11
switchport
switchport trunk ...
vpc 11
HTH,
jerry
09-20-2011 12:50 PM
hi again
are the udud keywords necessary? (should probably be udld in nxos) do I get some benefits when the vpc is established?
best regards /ti
09-20-2011 01:18 PM
UDLD is just additional layer of protection. I've recommended all my customer to do that.
To tune on UDLD on NXOS:
feature udld
interface ex/x
udld aggressive
HTH,
jerry
09-21-2011 02:24 AM
ok - I have newer been using this feature so I was a little in doubt about but looks as a good extra feature.
btw - the previous vpc peers I have been working with have only involved a single vpc domain - the vpc domain number reflects the channel-group to which an interface is assigned - I do not want to try it but since we define the peer's when we define the domain I could use the same vpc domain number in both ends even if it is to separate endpoints - or? this would do any harm on the endpoints since we define the peers separetly
best regards /ti
09-21-2011 06:22 AM
I hope you are talking about the peers at the same site. If this is the case, your design is fine.
You can't have the same vPC domain on your remote site since it would cause conflict and confusion.
HTH,
jerry
09-21-2011 12:53 PM
hi again
no I can see that it is a bit blurry what I tried to explan - suppose I for some reason have configured the vpc domain as "1" on all boxes - even though it looks ugly it should still work because we define the domains by the peers - or?
what I mean is that I could use vpc domain 1 in both ends because what matters is whereto I define the peers - the number itself isn't important as long as it is correct defined within the peers - or?
best regards /ti
09-21-2011 01:19 PM
Having duplicate domain IDs in the same L2 domain can cause layer 2 instabilities and here is the reason:
1. In order to provide the illusion of a single switch, the system-id must be unique across the switches that are part of the same "vpc domain".
2. The system-id in a vPC setup is derived algorithmically from the "domain-id" as follows:
The mac-address is derived from a reserved pool of addresses with the domain ID.
This MAC is also used to generate BPDUs.
HTH,
jerry
09-21-2011 02:13 PM
ok - newer try this - but - hmm - have this pair of nexus 5020 runnin the new nxos where I have configure the peer-link - but the peer keepalives cannot reach each other
skan5020-01# sh vpc role
vPC Role status
----------------------------------------------------
vPC role : none established
Dual Active Detection Status : 0
vPC system-mac : 00:00:00:00:00:00
vPC system-priority : 32667
vPC local system-mac : 00:05:73:e1:02:bc
vPC local role-priority : 0
skan5020-01# sh vpc peer-keepalive
vPC keep-alive status : Suspended (Destination IP not reachable)
--Send status : Success
--Last send at : 2011.09.21 21:10:01 74 ms
--Sent on interface : mgmt0
--Receive status : Failed
--Last update from peer : (4269606) seconds, (190) msec
vPC Keep-alive parameters
--Destination : 172.21.246.53
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : management
--Keepalive udp port : 3200
then config is just this:
rsion 5.0(3)N2(1)
feature vpc
vpc domain 2
peer-keepalive destination 172.21.246.53 source 172.21.246.52
any suggestion?
09-21-2011 02:35 PM
Make sure you can ping your management interfaces. It looks like to me is a connectivity issue.
Regards,
jerry
09-21-2011 11:52 PM
yes no problem with that - stupid error - only half of the boxes had the vpc feature enabled...
10-13-2011 02:54 PM
Hi, with 5.0.3 on N5K I cannot find the peer-switch feature/command, does it not exist any longer , how to achive the same behaviour ?
Thx
Hubert
10-13-2011 03:43 PM
Just realized that there was a mistake in my previous post. peer-switch command is not available on the N5Ks yet.
In you case, without the peer-switch command will still work but if the N5Ks are STP primary and secondary, and when the primary bounced, it will cause STP to re-converge. peer-switch is there to avoid re-converge but it is not available on the N5Ks yet. And you have to set the STP root to vPC primary and secondary root to vPC secondary.
Regards,
jerry
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide