cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7333
Views
0
Helpful
4
Replies

Nexus 7000 vPC tracking feature issue

Peter Fiers
Level 1
Level 1

Hi,

we have configured the tracking feature for a vPC domain to have the primary switch deactivate its interfaces in the event of a peer link failure and let the secondary take over. Unfortunately, one morning, both switches deactivated all of their interfaces due to the tracking feature:

Config switch one

=============

track 1 interface port-channel2 line-protocol

vpc domain 1

  peer-switch

  role priority 1

  system-priority 1

  peer-keepalive destination 1.1.1.2 source 1.1.1.1 vrf vpc-keepalive

  peer-gateway

  track 1

  ip arp synchronize

Config switch two

=============

track 1 interface port-channel2 line-protocol

vpc domain 1

  peer-switch

  role priority 2

  system-priority 1

  peer-keepalive destination 1.1.1.1 source 1.1.1.2 vrf vpc-keepalive

  peer-gateway

  track 1

  ip arp synchronize

Logs switch one

============

2012 Feb 15 05:47:30 N7K-RZI %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In domain 1, VPC peer keep-alive receive has failed

2012 Feb 15 05:47:33 N7K-RZI %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 1 of Fex 101 that is connected with Ethernet3/3 changed its status from Connecting to Fabric Up

2012 Feb 15 05:47:33 N7K-RZI %STP-2-DISPUTE_DETECTED: Dispute detected on port port-channel202 on VLAN0003.

2012 Feb 15 05:47:33 N7K-RZI %STP-2-DISPUTE_DETECTED: Dispute detected on port port-channel202 on VLAN0040.

2012 Feb 15 05:47:33 N7K-RZI %STP-2-DISPUTE_DETECTED: Dispute detected on port port-channel202 on VLAN0053.

2012 Feb 15 05:47:34 N7K-RZI %STP-2-DISPUTE_DETECTED: Dispute detected on port port-channel202 on VLAN0137.

2012 Feb 15 05:47:36 N7K-RZI %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 1 of Fex 101 that is connected with Ethernet3/3 changed its status from Fabric Up to Connecting

2012 Feb 15 05:47:58 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0137.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0002.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0003.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0004.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0009.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0040.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0053.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0101.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0102.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0136.

2012 Feb 15 05:47:59 N7K-RZI %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0200.

2012 Feb 15 05:48:09 N7K-RZI %UDLD-4-UDLD_PORT_DISABLED: Interface Ethernet3/1, link error detected: aggressive mode failure.

2012 Feb 15 05:48:09 N7K-RZI %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel2: Ethernet3/1 is down

2012 Feb 15 05:48:10 N7K-RZI %UDLD-4-UDLD_PORT_DISABLED: Interface Ethernet3/2, link error detected: aggressive mode failure.

2012 Feb 15 05:48:12 N7K-RZI %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel2: first operational port changed from Ethernet3/1 to Ethernet3/2

2012 Feb 15 05:48:12 N7K-RZI %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel2: first operational port changed from Ethernet3/2 to none

2012 Feb 15 05:48:12 N7K-RZI %VPC-2-TRACK_INTFS_DOWN: In domain 1, vPC tracked interfaces down, suspending all vPCs and keep-alive

Logs switch two

============

2012 Feb 15 05:47:31 N7K-RZII %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In domain 1, VPC peer keep-alive receive has failed

2012 Feb 15 05:47:39 N7K-RZII %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 1 of Fex 101 that is connected with Ethernet3/3 changed its status from Connecting to Fa

bric Up

2012 Feb 15 05:47:42 N7K-RZII %FEX-5-FEX_PORT_STATUS_NOTI: Uplink-ID 1 of Fex 101 that is connected with Ethernet3/3 changed its status from Fabric Up to Con

necting

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0002.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0003.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0004.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0009.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0040.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0053.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0101.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0102.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0136.

2012 Feb 15 05:47:44 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0200.

2012 Feb 15 05:47:45 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected BPDU receive timeout blocking port-channel2 VLAN0137.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0200.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0002.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0003.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0004.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0009.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0040.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0053.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0101.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0102.

2012 Feb 15 05:47:55 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0136.

2012 Feb 15 05:47:56 N7K-RZII %STP-2-VPC_PEER_LINK_INCONSIST_BLOCK: vPC peer-link detected Bridge Assurance Inconsistency blocking port-channel2 VLAN0137.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0200.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0002.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0003.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0004.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0009.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0040.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0053.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0101.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0102.

2012 Feb 15 05:48:01 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0136.

2012 Feb 15 05:48:02 N7K-RZII %STP-2-BRIDGE_ASSURANCE_BLOCK: Bridge Assurance blocking port port-channel2 VLAN0137.

2012 Feb 15 05:48:10 N7K-RZII %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel2: first operational port changed from Ethernet3/2 to Ethernet3/1

2012 Feb 15 05:48:10 N7K-RZII %ETH_PORT_CHANNEL-5-PORT_DOWN: port-channel2: Ethernet3/2 is down

2012 Feb 15 05:48:10 N7K-RZII %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet3/2 is down (Link failure)

2012 Feb 15 05:48:12 N7K-RZII %ETH_PORT_CHANNEL-5-FOP_CHANGED: port-channel2: first operational port changed from Ethernet3/1 to none

2012 Feb 15 05:48:12 N7K-RZII %VPC-2-TRACK_INTFS_DOWN: In domain 1, vPC tracked interfaces down, suspending all vPCs and keep-alive

How can the tracking feature be used to leave the secondary switch untouched if the primary fails?

Thanks,

Peter

4 Replies 4

Jerry Ye
Cisco Employee
Cisco Employee

You don't need to use the track feature during remote switch failure. By default, without tracking feature, if SW1 failed, which peer-link and peer keepalive both will bed failed. There is a keepalive timeout on the PKL link and once SW2 detected the timeout, it will become vPC primary switch. This is done automatically, no tracking is needed.

There is only one instance that you want to use tracking feature, which is single 10GE line card with L3 described in the below link:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_2/nx-os/interfaces/configuration/guide/if_vPC.html#wp1560758

HTH,

jerry

Jerry, thanks for the reply. I understand that tracking isn't needed if I have at least two line cards. However, in this case, there was only one card in place to configure the peer link, the keepalive link and everything else.

Thanks,

Peter

In that case, you still should not track peer-link. You should only track the L3 northbound connection.

HTH,

jerry

Hi Peter,

If you want to force one peer send all it's traffic to it's vpc peer in case of upstream link failure you can use hsrp tracking.

Here arethe links:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html#wp1509498

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_hsrp.html#wp1213408

HTH,

Alex

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: