×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

WAN Routing between N5K (L3-vPC) & VSS (MEC) with Link Aggregation

Answered Question
Feb 16th, 2012
User Badges:

Hi All,


We want a solution for routing between N5K and VSS with aggregated WAN links. Here is the scenario.


DC1: It has 2 cisco 6509 with VSS. There are 4 server farm cisco4948 switches connected with VSS with redundant uplink via MEC. Server gateway is the VSS. VSS is running Eigrp routing.


DC2: This is a new datacenter we are going to establish soon. We are planning 2 N5K at core layer with L3 daughter card and 4 N2K as server farm switch. 2 N5K will have vPC peer between them. Each 4 N2K will connect with redundant uplink via vPC with this N5K. N5K will run Eigrp routing and will be the gateway of this new DC server.


WAN between DC1 & DC2: DC1 VSS will connect with DC 2XN5K with 2X10G links. we want to do MEC at VSS side and L3 vPC at DC2 side.


If we have VSS at both end it might not be a problem. Both the link will work together as 20G aggregated link. But as we are using N5K at one end, so it creates a confusion whether it will work properly is this scenerio or not. This is my 1st question.


Also I would like to know,

1) In VSS I have configured 1 VLAN interface for server gateway. But in N5K do I have to configure at 2 switch seperately?

2) In WAN routing VSS shows as 1 device. Does this 2 N5K will show as 2 seperate hops or L3 vPC will allow them to act as a single device while traceroute from one end to another end.


I am not sure if my questiones are so elementary level or not. As I am very new to this technology I would like you all to get me some suggestions or documention or links regarding this design. I am also attaching the diagram.



BR//

Adnan

Correct Answer by Jerry Ye about 5 years 2 weeks ago

You VLAN 77 in the N5K is not configured to be advertised into EIGRP. Add the following commands in both N5K and it should work:


interface vlan 77

  ip router eigrp Test1

  ip passive-interface eigrp Test1


HTH,

jerry

Correct Answer by Jerry Ye about 5 years 6 months ago

You solution in step 1-3 are fine. I will use the same solution based on the following:

1. VSS is a logical switch, in the N5K's perspective, it is 1 switch. You are acutally ECMP upstream, which is good. Just let routing protocol to take care the job.

2. The cross /30 link between N5K-1 and N5K-2 is used only if one uplink failed. Please note that the L3 /30 cross link is not part of vPC peer-link. It is a dedicated interface. Please see the below diagram.



In term of HSRP, you have to understand one thing first. In vPC, HSRP behavior has modified, both switch will forward traffic (different from C6K where only one is active). Please see the below link on how HSRP works under vPC (somehow this link is broken right now, let me see if I can get someone to fix it):


http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-516396.html


To answer your question:

1. When N5K-1 goes down, N5K-2 will forward traffic out, and vise versa.

2. When vPC peer-link goes down. vPC secondary will shut down all vPC related interfaces and SVI. If SVI is down, routing protocol will stop the advertisement.


HTH,

jerry

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jerry Ye Fri, 02/17/2012 - 11:11
User Badges:
  • Cisco Employee,

L3 (routing protocol) over vPC is not supported. You are better off to use L3 ECMP.


HTH,

jerry

AdnanShahid Sat, 02/18/2012 - 00:09
User Badges:

Hi Jerry,


Thanks for your reply. I was actually surfing through this forum to find out any solution related to my problem. Please see that below link. I guess the problem is almost similar to my query and I have seen your reply to that solution too.


https://supportforums.cisco.com/thread/2105463


As per the understanding what I have found that,

1) Between DC1 (VSS) to DC2 (2XN5K) we will implement 2 10G link as per our requirement in the following way.

  • 1st link: DC1 VSS to DC2 N5K SW1
  • 2nd Link: DC1 VSS to DC2 N5K SW2

2) Both this link will have /30 subnet and would be included in EIGRP routing by following way,

  • 1st link: /30 will be included in DC1 VSS & DC2 N5K SW1 EIGRP ROUTING.
  • 2nd link: /30 will be included in DC1 VSS & DC2 N5K SW2 EIGRP ROUTING.

3) There will be another 1 link with /30 subnet between DC2 N5K SW1 and SW2. This subnet will be included in both the ROUTING of DC2 N5K SW1 and SW2.


Now the most challanging part is the DC2 Server IP Subnet HSRP and How to maintain the redundancy. As of my understanding I have to create SVI at N5K SW1 with main GW (x.x.x.254) and another SVI at N5K SW2 with standby GW (x.x.x.253). Now my question is how the redundancy will occure,


  1. When DC2 N5K switch goes down,
  2. When Peer link between N5K goes down.


I am sorry if these question sounds very amature. Actually we are very new the Nexus and hence needs to clarify and go in details as much as possible before choosing this product family.


Waiting for your expert opinion.


BR//

Adnan

Correct Answer
Jerry Ye Sat, 02/18/2012 - 08:50
User Badges:
  • Cisco Employee,

You solution in step 1-3 are fine. I will use the same solution based on the following:

1. VSS is a logical switch, in the N5K's perspective, it is 1 switch. You are acutally ECMP upstream, which is good. Just let routing protocol to take care the job.

2. The cross /30 link between N5K-1 and N5K-2 is used only if one uplink failed. Please note that the L3 /30 cross link is not part of vPC peer-link. It is a dedicated interface. Please see the below diagram.



In term of HSRP, you have to understand one thing first. In vPC, HSRP behavior has modified, both switch will forward traffic (different from C6K where only one is active). Please see the below link on how HSRP works under vPC (somehow this link is broken right now, let me see if I can get someone to fix it):


http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/white_paper_c11-516396.html


To answer your question:

1. When N5K-1 goes down, N5K-2 will forward traffic out, and vise versa.

2. When vPC peer-link goes down. vPC secondary will shut down all vPC related interfaces and SVI. If SVI is down, routing protocol will stop the advertisement.


HTH,

jerry

AdnanShahid Mon, 07/30/2012 - 11:51
User Badges:

Hi Jerry,


Few days back we have got the N5K and N2K product. Currently we have deplyed these as a test bed to test the configuration before proceed for the final deployment on 1st week of next month.


So far we have configured VPC Keepalive (2x10G) & VPN Peer (1x1G) between N5K. Also we have configured one N2K with Dual Hommed VPC with both N5K.


Now I am having some difficulties with desining/configuring EIGRP with Upstream routers/L3 65xxVSS switch.


Here is the queries,


1) I have to create another 1GE link between these 2 N5K.

2) For these 2xN5K I have to define Eigrp on physical Interface or Have to create VLAN & VRF to enable routing in between.

3) For N5K to Upstream L3 device I have to configure Eigrp (Either on phy int or create VLAN, VRF).


Appreciate if you can suggest me or share me any doc/link configuring Eigrp between N5K with other L3 device.


Thanks a lot.


Regards,

Adnan



Jerry Ye Mon, 07/30/2012 - 12:26
User Badges:
  • Cisco Employee,

I am assuming you mean 2x10G for vPC peer-link and 2x1GE for vPC peer-keepalive (I think you have that reversed in your description).


1) Yes, you "should" have a point-to-point L3 link for EIGRP between the N5Ks as per my diagram before.

2) I think you mean routing over the newly P2P L3 link? Routing should be done on physical.

3) Routing on interfaces to upstream should be done on physical link also.


In another word, try not to use SVI on L3 P2P interfaces, it is not necessary. If your L2 domain is not properly set up, and when you use SVI to enable routing, it might cause problem in vPC.


Regards,

jerry

AdnanShahid Mon, 07/30/2012 - 13:16
User Badges:

Hi Jerry,


Thanks a lot for your answers. As per your previous discussion here is what I understood,


1) "try not to use SVI on L3 P2P interfaces, it is not necessary." - this is a helpful suggestion for me. I have searched internet and find out that in some documents they use SVI and in other documents they - which makes me a little confuse. As you said, so I will avoid this and do EIGRP on physical interface.


2) We are using only one 1GE link for VPC keepalive and 2x10GE link for VPC peer. Yes you are right.


3) For L3 routing between these 2 N5K I will create another L3 Link and configure EIGRP on both N5K on the physical interface with /30 subnet.


4) We have 2 DC with 2 link each. DC1 with 1GE, 1GE and DC2 has 1GE, 10GE. These 2 links from each DC will connect with /30 subnet to each of N5K switchs.


     N5K-1 >> DC1-1GE and DC2-10GE

     N5K-2 >> DC1-1GE and DC2-1GE.


     For all these 4 links I will configure EIGRP in interface at N5K end and configure EIGRP in "router eigrp" at other end.


5) Also need to know how I should proceed with Summary route. Does EIGRP will automatically summarize the subnets. Any suggestions.


Please confirm me if the Point 3, Point 4 and Point 5 will provid me the complete and proper Routing between all the DC.


Waiting for your feedback. Thanks a lot.


Regards,

Adnan

Jerry Ye Mon, 07/30/2012 - 13:23
User Badges:
  • Cisco Employee,

Below are the answers:

3) yes.

4) What do you mean DC2 wil have 1x 10GE link? Yes, you should configured that on the physical interface.

5) EIGRP will not summarize addresses automatically. Nexus has "no auto-summary" on by default. If you want to summarize addresses, you need to configure them specifically on the interface with "ip eigrp summary" command.


HTH,

jerry

AdnanShahid Mon, 07/30/2012 - 13:31
User Badges:

Hi Jerry,


Thanks a lot for your suggestions. Please find my comments.


4) For DC2 we have 2 WAN links. One is 1GE and another is 10GE.


5) We will use 3 IP subnet at this new DC (Nexus). 172.16.7.0/24, 172.16.8.0/24 and 172.16.200.0/24. Do we need any kind of summary command in the physical interface between these two N5K and also with upstream L3 devices while configuring EIGRP. Kindly share me you comments.


Thanks again.


Regards,

Adnan

Jerry Ye Mon, 07/30/2012 - 13:34
User Badges:
  • Cisco Employee,

Ok.


4) It will not be ECMP cause one of the link is much faster (10x).


5) It depends on your design and over all DC addressing scheme. By just looking at it, you can only combine (summarize) 172.16.7.0/24 and 172.16.8.0/24 into a /23.


HTH,

jerry

AdnanShahid Mon, 07/30/2012 - 13:58
User Badges:

Hi Jerry,


Thanks.


4) It is still ok with us if this is not doing ECMP and we will treat the other 1GE link as the Redundant link in case of 10GE link failure.


5) Ok. Actually in DC1 and DC2 we have "no auto summary" command in L3 device for Eigrp. That is the reason I asked you this question. As I have doubt whether EIGRP will automatically summarize the subnet to '/16' instead of 3 '/24' subnet. kindly suggest me how can I achieve this "no auto summary" in N5K.


Thanks for your comments and suggestions.


I will check the configuration today with our test bed and let you know for any update.


Regards,

Adnan

Jerry Ye Mon, 07/30/2012 - 14:11
User Badges:
  • Cisco Employee,

For 5), EIGRP "no auto-summary" is on by default, you cannot turn it off in Nexus.


HTH,

jerry

AdnanShahid Mon, 07/30/2012 - 14:52
User Badges:

Thanks a lot Jerry. I will check today and let you know. Thanks.

AdnanShahid Thu, 08/02/2012 - 21:55
User Badges:

Hi Jerry,


I have configured both my N5K and one L3 uplink switch with EIGRP routing. I have also configured HSRP in 2xN5K for it local Vlan77. Here is the jist.


                          [N5K-1]

                        /  |   | ||  \

[PC1] -- [L3SW]    |   | ||     [N2K] -- [PC1]

                        \  |   | ||  /

                          [N5K-2]


Here,

     PC1 in Vlan78 (IP:172.16.78.10, GW:172.16.78.254)

     PC2 in Vlan77 in N5K with HSRP (IP:172.16.77.10, GW:172.16.77.1)


Problem:

     - From PC1, I can ping L3SW gateway, N5K L3 Interfaces, ---> but I cant ping HRSP GW in N5K (172.16.77.1) and PC1 under N5K (172.16.77.10).

     - From PC2, I can ping N5K HSRP gateway 172.16.77.1. ---> but I cant ping any thing else.


I wonder if there is any STP issue or VLAN allow inssue. I am also not sure about EIGRP configuration in N5K.


I am sharing the configuration of all the N5K with some vpc, hsrp output. (File attachment link is not showing so I have paste the configuration here).


Appreciate if you can help.


Thanks.

Adnan




N5K-01+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

sh run



!Command: show running-config

!Time: Fri Aug  3 04:19:11 2012


version 5.2(1)N1(1)

logging level feature-mgr 0

hostname MT-DC-DIST-SW01


feature telnet

cfs ipv4 distribute

cfs eth distribute

feature eigrp

feature udld

feature interface-vlan

feature hsrp

feature lacp

feature vpc

feature lldp

feature vtp

feature fex


username admin password 5 $1$kDmLSJK8$/9gGfUigMG3N6d.H4xPPF1  role network-admin


[7m--More-- [27m

banner motd #Nexus 5000 Switch

#


ip domain-lookup

class-map type qos class-fcoe

class-map type queuing class-fcoe

  match qos-group 1

class-map type queuing class-all-flood

  match qos-group 2

class-map type queuing class-ip-multicast

  match qos-group 2

class-map type network-qos class-fcoe

  match qos-group 1

class-map type network-qos class-all-flood

  match qos-group 2

class-map type network-qos class-ip-multicast

  match qos-group 2

system qos

  service-policy type queuing input fcoe-default-in-policy

  service-policy type queuing output fcoe-default-out-policy

  service-policy type qos input fcoe-default-in-policy

  service-policy type network-qos fcoe-default-nq-policy

vtp mode transparent

[7m--More-- [27m

fex 101 [K

  pinning max-links 1

  description "MT-DC-N2K-SW01"

  type N2248TP-E

snmp-server user admin network-admin auth md5 0xd8e825eac236793619b170efc28d4bb7

priv 0xd8e825eac236793619b170efc28d4bb7 localizedkey


vrf context management

  ip route 172.16.0.0/16 172.31.1.254

vrf context VPC_KEEPALIVE

vlan 1

vlan 2

  name NATIVE-VLAN

vlan 3

  name VPC-KEEPALIVE

vlan 77

  name VIR-VLAN-77

vpc domain 1

  peer-keepalive destination 172.31.77.2 source 172.31.77.1 vrf default

  delay restore 150

  peer-gateway

  auto-recovery

port-profile default max-ports 512

[7m--More-- [27m


[K


interface Vlan1


interface Vlan3

  no shutdown

  no ip redirects

  ip address 172.31.77.1/30


interface Vlan77

  no shutdown

  no ip redirects

  ip address 172.16.77.2/24

  hsrp version 2

  hsrp 77

    name VIR-VLAN-77

    preempt delay minimum 60

    priority 150

    ip 172.16.77.1


interface port-channel1

  switchport mode trunk

  switchport trunk native vlan 2

[7m--More-- [27m

  switchport trunk allowed vlan 2-50,77

  spanning-tree port type network

  vpc peer-link


interface port-channel101

  description Connected to MT-DC-N2K-SW01

  switchport mode fex-fabric

  switchport trunk native vlan 2

  switchport trunk allowed vlan 77

  fex associate 101

  vpc 101


interface port-channel1010


interface Ethernet1/1

  switchport mode trunk

  switchport trunk native vlan 2

  switchport trunk allowed vlan 2-50,77

  channel-group 1 mode active


interface Ethernet1/2

  switchport mode trunk

  switchport trunk native vlan 2

[7m--More-- [27m

  switchport trunk allowed vlan 2-50,77

  channel-group 1 mode active


interface Ethernet1/3

  switchport mode trunk

  speed 1000


interface Ethernet1/4


interface Ethernet1/5

  description *** Connected to UPLINK-SW ***

  no switchport

  speed 1000

  ip address 172.31.77.9/30

  ip router eigrp Test1


interface Ethernet1/6

  description *** Connected to N5K-02 ***

  no switchport

  speed 1000

  ip address 172.31.77.5/30

  ip router eigrp Test1


[7m--More-- [27m

interface Ethernet1/7


interface Ethernet1/8


interface Ethernet1/9


interface Ethernet1/10


interface Ethernet1/11


interface Ethernet1/12


interface Ethernet1/13


interface Ethernet1/14


interface Ethernet1/15


interface Ethernet1/16


interface Ethernet1/17


interface Ethernet1/18


interface Ethernet1/19


interface Ethernet1/20


interface Ethernet1/21


interface Ethernet1/22


interface Ethernet1/23


interface Ethernet1/24


interface Ethernet1/25


interface Ethernet1/26


interface Ethernet1/27


interface Ethernet1/28


interface Ethernet1/29


interface Ethernet1/30


interface Ethernet1/31


interface Ethernet1/32

  description Connected to MT-DC-N2K-SW01

  switchport mode fex-fabric

  switchport trunk native vlan 2

  switchport trunk allowed vlan 77

  fex associate 101

  channel-group 101


interface mgmt0

  ip address 172.31.1.222/24


interface Ethernet101/1/1

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/2

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/3

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/4

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/5

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/6

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/7

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/8

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/9

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/10

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/11

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/12

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/13

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/14

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/15

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/16

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/17

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/18

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/19

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/20

[7m--More-- [27m

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/21

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/22

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/23

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/24

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/25

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/26

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/27

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/28

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/29

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/30

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/31

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/32

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/33

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/34

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/35

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/36

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/37

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/38

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/39

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/40

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/41

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/42

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/43

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/44

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/45

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/46

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/47

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/48

  description Connected to Server

  switchport access vlan 77

line console

line vty

boot kickstart bootflash:/n5000-uk9-kickstart.5.2.1.N1.1.bin

boot system bootflash:/n5000-uk9.5.2.1.N1.1.bin

router eigrp Test1

  autonomous-system 100



MT-DC-DIST-SW01# sh fex


  FEX         FEX           FEX                       FEX              

Number    Description      State            Model            Serial    

------------------------------------------------------------------------

101  MT-DC-N2K-SW01                Online   N2K-C2248TP-E-1GE   SSI154104YJ


MT-DC-DIST-SW01# sh vpc


Legend:

                (*) - local vPC is down, forwarding via vPC peer-link


vPC domain id                     : 1  

Peer status                       : peer adjacency formed ok     

vPC keep-alive status             : peer is alive                

Configuration consistency status  : success

Per-vlan consistency status       : success                      

Type-2 consistency status         : failed 

Type-2 inconsistency reason       : QoSMgr Qos configuration incompatible

vPC role                          : secondary                    

Number of vPCs configured         : 49 

Peer Gateway                      : Enabled

Peer gateway excluded VLANs     : -

Dual-active excluded VLANs        : -

Graceful Consistency Check        : Enabled

Auto-recovery status              : Enabled (timeout = 240 seconds)


vPC Peer-link status

---------------------------------------------------------------------

id   Port   Status Active vlans   

--   ----   ------ --------------------------------------------------

1    Po1    up     2-3,77                                                   

[7m--More-- [27m


[K

vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

101    Po101       up     success     success                    -          

102400 Eth101/1/1  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102401 Eth101/1/2  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102402 Eth101/1/3  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102403 Eth101/1/4  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102404 Eth101/1/5  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102405 Eth101/1/6  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102406 Eth101/1/7  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102407 Eth101/1/8  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102408 Eth101/1/9  down*  Not         Consistency Check Not      -          

[7m--More-- [27m

                          Applicable  Performed                             

102409 Eth101/1/10 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102410 Eth101/1/11 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102411 Eth101/1/12 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102412 Eth101/1/13 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102413 Eth101/1/14 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102414 Eth101/1/15 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102415 Eth101/1/16 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102416 Eth101/1/17 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102417 Eth101/1/18 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102418 Eth101/1/19 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102419 Eth101/1/20 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

[7m--More-- [27m

102420 Eth101/1/21 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102421 Eth101/1/22 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102422 Eth101/1/23 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102423 Eth101/1/24 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102424 Eth101/1/25 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102425 Eth101/1/26 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102426 Eth101/1/27 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102427 Eth101/1/28 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102428 Eth101/1/29 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102429 Eth101/1/30 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102430 Eth101/1/31 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102431 Eth101/1/32 down*  Not         Consistency Check Not      -          

[7m--More-- [27m

                          Applicable  Performed                             

102432 Eth101/1/33 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102433 Eth101/1/34 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102434 Eth101/1/35 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102435 Eth101/1/36 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102436 Eth101/1/37 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102437 Eth101/1/38 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102438 Eth101/1/39 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102439 Eth101/1/40 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102440 Eth101/1/41 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102441 Eth101/1/42 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102442 Eth101/1/43 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

[7m--More-- [27m

102443 Eth101/1/44 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102444 Eth101/1/45 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102445 Eth101/1/46 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102446 Eth101/1/47 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102447 Eth101/1/48 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             


MT-DC-DIST-SW01# sh hrsp 


Vlan77 - Group 77 (HSRP-V2) (IPv4)

  Local state is Active, priority 150 (Cfged 150), may preempt

    Forwarding threshold(for vPC), lower: 1 upper: 150

  Preemption Delay (Seconds) Minimum:60

  Hellotime 3 sec, holdtime 10 sec

  Next hello sent in 0.491000 sec(s)

  Virtual IP address is 172.16.77.1 (Cfged)

  Active router is local

  Standby router is 172.16.77.3 , priority 100 expires in 0.172000 sec(s)

  Authentication text "cisco"

  Virtual mac address is 0000.0c9f.f04d (Default MAC)

  5 state changes, last state change 16:10:16

  IP redundancy name is VIR-VLAN-77 (cfgd)



MT-DC-DIST-SW01# sh spanning-tree su mmary


Switch is in rapid-pvst mode

Root bridge for: none

Port Type Default                        is disable

Edge Port [PortFast] BPDU Guard Default  is disabled

Edge Port [PortFast] BPDU Filter Default is disabled

Bridge Assurance                         is enabled

Loopguard Default                        is disabled

Pathcost method used                     is short

STP-Lite                                 is enabled


Name                   Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------

VLAN0001                     0         0        0          1          1

VLAN0002                     1         0        0          1          2

VLAN0003                     1         0        0          1          2

VLAN0077                     1         0        0          1          2

---------------------- -------- --------- -------- ---------- ----------

4 vlans                      3         0        0          4          7


MT-DC-DIST-SW01# sh vla [23D [J

MT-DC-DIST-SW01# sh vla [Jn



VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Eth1/3, Eth1/4, Eth1/7, Eth1/8

                                                Eth1/9, Eth1/10, Eth1/11

                                                Eth1/12, Eth1/13, Eth1/14

                                                Eth1/15, Eth1/16, Eth1/17

                                                Eth1/18, Eth1/19, Eth1/20

                                                Eth1/21, Eth1/22, Eth1/23

                                                Eth1/24, Eth1/25, Eth1/26

                                                Eth1/27, Eth1/28, Eth1/29

                                                Eth1/30, Eth1/31

2    NATIVE-VLAN                      active    Po1, Eth1/1, Eth1/2, Eth1/3

3    VPC-KEEPALIVE                    active    Po1, Eth1/1, Eth1/2, Eth1/3

77   VIR-VLAN-77                      active    Po1, Eth1/1, Eth1/2, Eth1/3

                                                Eth101/1/48


VLAN Type  Vlan-mode

---- ----- ----------

1    enet  CE    

2    enet  CE    

3    enet  CE    

77   enet  CE    

[7m--More-- [27m


[K

Remote SPAN VLANs

-------------------------------------------------------------------------------


Primary  Secondary  Type             Ports

-------  ---------  ---------------  -------------------------------------------


N5K-2++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

MT-DC-DIST-SW02# sh run



!Command: show running-config

!Time: Fri Aug  3 04:20:51 2012


version 5.2(1)N1(1)

logging level feature-mgr 0

hostname MT-DC-DIST-SW02


feature telnet

cfs eth distribute

feature eigrp

feature udld

feature interface-vlan

feature hsrp

feature lacp

feature vpc

feature lldp

feature vtp

feature fex


username admin password 5 $1$Q8KWr8VJ$Fp2a8nL7YWdOf1VQdkcXS0  role network-admin

no password strength-check


banner motd #Nexus 5000 Switch

#


ip domain-lookup

class-map type qos class-fcoe

class-map type queuing class-fcoe

  match qos-group 1

class-map type queuing class-all-flood

  match qos-group 2

class-map type queuing class-ip-multicast

  match qos-group 2

class-map type network-qos class-fcoe

  match qos-group 1

class-map type network-qos class-all-flood

  match qos-group 2

class-map type network-qos class-ip-multicast

  match qos-group 2

vtp mode transparent

fex 101

  pinning max-links 1

  description "MT-DC-N2K-SW01"

  type N2248TP-E

snmp-server user admin network-admin auth md5 0xb54570ce73756454d188924d08435275

priv 0xb54570ce73756454d188924d08435275 localizedkey


vrf context management

  ip route 172.16.0.0/16 172.31.1.254

vrf context VPC_KEEPALIVE

vlan 1

vlan 2

  name NATIVE-VLAN

vlan 3

  name VPC-KEEPALIVE

vlan 77

  name VIR-VLAN-77

vpc domain 1

  peer-keepalive destination 172.31.77.1 source 172.31.77.2 vrf default

  delay restore 150

  peer-gateway

  auto-recovery

port-profile default max-ports 512



interface Vlan1


interface Vlan3

  no shutdown

  no ip redirects

  ip address 172.31.77.2/30


interface Vlan77

  no shutdown

  description *** Connected to HC-TestGW ***

  no ip redirects

  ip address 172.16.77.3/24

  hsrp version 2

  hsrp 77

    name VIR-VLAN-77

    preempt delay minimum 60

    ip 172.16.77.1


interface port-channel1

  switchport mode trunk

  switchport trunk native vlan 2

  switchport trunk allowed vlan 2-50,77

  spanning-tree port type network

  vpc peer-link


interface port-channel101

  description Connected to MT-DC-N2K-SW01

  switchport mode fex-fabric

  switchport trunk native vlan 2

  switchport trunk allowed vlan 77

  fex associate 101

  vpc 101


interface Ethernet1/1

  switchport mode trunk

  switchport trunk native vlan 2

  switchport trunk allowed vlan 2-50,77

  channel-group 1 mode active


interface Ethernet1/2

  switchport mode trunk

  switchport trunk native vlan 2

  switchport trunk allowed vlan 2-50,77

  channel-group 1 mode active


interface Ethernet1/3

  switchport mode trunk

  speed 1000


[7m--More-- [27m

interface Ethernet1/4


interface Ethernet1/5

  no switchport

  speed 1000

  ip address 172.31.77.13/30

  ip router eigrp Test1


interface Ethernet1/6

  description *** Connected to N5K-01 ***

  no switchport

  speed 1000

  ip address 172.31.77.6/30

  ip router eigrp Test1


interface Ethernet1/7


interface Ethernet1/8


interface Ethernet1/9


interface Ethernet1/10


[7m--More-- [27m

interface Ethernet1/11


interface Ethernet1/12


interface Ethernet1/13


interface Ethernet1/14


interface Ethernet1/15


interface Ethernet1/16


interface Ethernet1/17


interface Ethernet1/18


interface Ethernet1/19


interface Ethernet1/20


interface Ethernet1/21


interface Ethernet1/22


interface Ethernet1/23


interface Ethernet1/24


interface Ethernet1/25


interface Ethernet1/26


interface Ethernet1/27


interface Ethernet1/28


interface Ethernet1/29


interface Ethernet1/30


interface Ethernet1/31


interface Ethernet1/32

  description Connected to MT-DC-N2K-SW01

  switchport mode fex-fabric

  switchport trunk native vlan 2

  switchport trunk allowed vlan 77

  fex associate 101

  channel-group 101


interface mgmt0

  ip address 172.31.1.223/24


interface Ethernet101/1/1

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/2

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/3

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/4

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/5

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/6

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/7

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/8

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/9

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/10

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/11

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/12

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/13

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/14

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/15

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/16

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/17

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/18

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/19

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/20

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/21

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/22

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/23

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/24

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/25

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/26

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/27

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/28

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/29

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/30

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/31

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/32

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/33

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/34

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/35

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/36

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/37

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/38

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/39

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/40

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/41

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/42

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/43

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/44

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/45

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/46

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/47

  description Connected to Server

  switchport access vlan 200


interface Ethernet101/1/48

  description Connected to Server

  switchport access vlan 77

line console

line vty

boot kickstart bootflash:/n5000-uk9-kickstart.5.2.1.N1.1.bin

boot system bootflash:/n5000-uk9.5.2.1.N1.1.bin

router eigrp Test1

  autonomous-system 100



MT-DC-DIST-SW02#     sh fex


  FEX         FEX           FEX                       FEX              

Number    Description      State            Model            Serial    

------------------------------------------------------------------------

101  MT-DC-N2K-SW01                Online   N2K-C2248TP-E-1GE   SSI154104YJ


MT-DC-DIST-SW02# sh vpc


Legend:

                (*) - local vPC is down, forwarding via vPC peer-link


vPC domain id                     : 1  

Peer status                       : peer adjacency formed ok     

vPC keep-alive status             : peer is alive                

Configuration consistency status  : success

Per-vlan consistency status       : success                      

Type-2 consistency status         : failed 

Type-2 inconsistency reason       : QoSMgr Qos configuration incompatible

vPC role                          : primary                      

Number of vPCs configured         : 49 

Peer Gateway                      : Enabled

Peer gateway excluded VLANs     : -

Dual-active excluded VLANs        : -

Graceful Consistency Check        : Enabled

Auto-recovery status              : Enabled (timeout = 240 seconds)


vPC Peer-link status

---------------------------------------------------------------------

id   Port   Status Active vlans   

--   ----   ------ --------------------------------------------------

1    Po1    up     2-3,77                                                   


vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

101    Po101       up     success     success                    -          

102400 Eth101/1/1  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102401 Eth101/1/2  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102402 Eth101/1/3  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102403 Eth101/1/4  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102404 Eth101/1/5  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102405 Eth101/1/6  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102406 Eth101/1/7  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102407 Eth101/1/8  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102408 Eth101/1/9  down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102409 Eth101/1/10 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102410 Eth101/1/11 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102411 Eth101/1/12 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102412 Eth101/1/13 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102413 Eth101/1/14 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102414 Eth101/1/15 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102415 Eth101/1/16 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102416 Eth101/1/17 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102417 Eth101/1/18 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102418 Eth101/1/19 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102419 Eth101/1/20 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102420 Eth101/1/21 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102421 Eth101/1/22 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102422 Eth101/1/23 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102423 Eth101/1/24 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102424 Eth101/1/25 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102425 Eth101/1/26 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102426 Eth101/1/27 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102427 Eth101/1/28 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102428 Eth101/1/29 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102429 Eth101/1/30 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102430 Eth101/1/31 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102431 Eth101/1/32 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102432 Eth101/1/33 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102433 Eth101/1/34 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102434 Eth101/1/35 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102435 Eth101/1/36 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102436 Eth101/1/37 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102437 Eth101/1/38 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102438 Eth101/1/39 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102439 Eth101/1/40 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102440 Eth101/1/41 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102441 Eth101/1/42 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102442 Eth101/1/43 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102443 Eth101/1/44 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102444 Eth101/1/45 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102445 Eth101/1/46 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102446 Eth101/1/47 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             

102447 Eth101/1/48 down*  Not         Consistency Check Not      -          

                          Applicable  Performed                             


MT-DC-DIST-SW02#   sh s  [Jhr  [Jsrp


Vlan77 - Group 77 (HSRP-V2) (IPv4)

  Local state is Standby, priority 100 (Cfged 100), may preempt

    Forwarding threshold(for vPC), lower: 1 upper: 100

  Preemption Delay (Seconds) Minimum:60

  Hellotime 3 sec, holdtime 10 sec

  Next hello sent in 2.397000 sec(s)

  Virtual IP address is 172.16.77.1 (Cfged)

  Active router is 172.16.77.2, priority 150 expires in 8.428000 sec(s)

  Standby router is local

  Authentication text "cisco"

  Virtual mac address is 0000.0c9f.f04d (Default MAC)

  1 state changes, last state change 15:59:27

  IP redundancy name is VIR-VLAN-77 (cfgd)




MT-DC-DIST-SW02# sh spanning-tree su [Jmmary


Switch is in rapid-pvst mode

Root bridge for: VLAN0001-VLAN0003, VLAN0077

Port Type Default                        is disable

Edge Port [PortFast] BPDU Guard Default  is disabled

Edge Port [PortFast] BPDU Filter Default is disabled

Bridge Assurance                         is enabled

Loopguard Default                        is disabled

Pathcost method used                     is short

STP-Lite                                 is enabled


Name                   Blocking Listening Learning Forwarding STP Active

---------------------- -------- --------- -------- ---------- ----------

VLAN0001                     0         0        0          1          1

VLAN0002                     0         0        0          2          2

VLAN0003                     0         0        0          2          2

VLAN0077                     0         0        0          2          2

---------------------- -------- --------- -------- ---------- ----------

4 vlans                      0         0        0          7          7

Correct Answer
Jerry Ye Fri, 08/03/2012 - 16:03
User Badges:
  • Cisco Employee,

You VLAN 77 in the N5K is not configured to be advertised into EIGRP. Add the following commands in both N5K and it should work:


interface vlan 77

  ip router eigrp Test1

  ip passive-interface eigrp Test1


HTH,

jerry

AdnanShahid Sat, 08/04/2012 - 05:10
User Badges:

Hi Jerry,


Very nice to inform you that we have just tested the routing scenerio and it worked just fine. Thank you so much for your suggestion and cooperation.


During our activity we have solved a problem of VPC PEER. In our previous configuration the VPC keep-alive link was communicating over Vlan 3 and via ethernet 1/3 with trunk. But this creates a problem and our VPC peer is not getting up if I restart any one of the peer switches. Later we found that when the Peer switch is up than all its SVI's remain shutdown untill its peer link is up and peer link is not getting up as its VLAN 3 is down. Hence peer is not forming. For this we have shutdown the VLAN 3 and configure the IP on ethernet1/3. After that the problem resolved and peer is forming automatically after any peer switch rebooted.


Now, I would like to let me know one important routing issue that I hav found during redundancy testing. Also I would request you to suggest me for few more features.


1) Routing Issue: During our activity we found that if we shutdown or plugout the L3 link between N5K-1 and L3-Uplink-Switch, then routing become as follows between the 2 pc (PC1 and PC2).


     - PC1-PC2: PC1>L3SWGW>N5K-2>PC2. - This is fine.

     - PC2-PC1: PC2>N5K-1>L3LinkbetweenN5K-1&N5k-2>N5K-2>L3SW>PC2 - (!!)


Now, my queries are,


     - Why PC2 to PC1 is using L3 link between 2 5K instead of VPC-Peer Link. It could have been much faster?

     - Why HSRP is allowing to keep N5K-1 as gateway where as traffic from PC2 can easily go to N5K-2 and then use the L3 link of N5K-2 to reach the L3UplinkSW. In that case, PC1-PC2 and PC2-PC1 traffice would follow the same routed pattern.


                             [N5K------------1]

                             /  |        | ||       \

     [PC1] -- [L3SW]    |        | ||          [N2K] -- [PC2]

                             \  |        | ||       /

                               [N5K------------2]



2) VPC-Peer Role Issue: In our VPC peer we have seen that N5K-2 role is "Primary" and N5K-1 role is "Secondary:. I try to make N5K as Primary with Role Priority. Then it shows "Secondary, Operational Primary" in N5K-1 and "Primary, Operational Secondary" in N5K-2. I am not sure how it has formed Primary/Secondary and whether it has any major impact or not??... Kindly need you suggestion.


3) Suggestion on STP: I am not sure yet whether there is any STP bottleneck here or not. How can I verify it? Is there any best practices regarding how to check and how to verify. Please suggest.


4) Authentication and Configuration in HSRP: It would be nice if you can suggest,

     - Should we implement authentication in HSRP? Will it hamper performance or increase latency or increase process utilization? Is is recommended?

     - Is our HSRP configuration is ok? Specially Priority and Preempt?


5) Authentication in Eigrp: Should we implement authentication in Eigrp? Will it hamper performance or increase latency or increase any process utilization? Is is recommended by cisco?


Thank you so much again to give me such nice understading and insights to build our network. Really appreciate you cooperation in this.


We will test one more scenario (L2 and L3 together with 2 different WAN link with L3SW) before proceed for final deployment on 9-Aug-2012. Will let you know too.


Thanks again.


Regards,

Adnan

Jerry Ye Sat, 08/04/2012 - 09:33
User Badges:
  • Cisco Employee,

1) This is the fundamental concept of how HSRP works in a vPC environment. Both HSRP routers will forward traffic upstream. If the up stream L3 link(s) is broken, the N5K<->N5K L3 link will be used as last resort. Why it is not using the L2 vPC peer-link? It is because vPC PL is L2 and not going to forward L3 traffic (speed here doesn't make any difference).


http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9670/design_guide_c07-625857.pdf


Page 23 explains how HSRP and vPC works together.


2) This is normal about the role. vPC doesn't support role preemption. In terms of the impact, you have to understand how vPC works first. If vPC PL failed, "Secondary" switch will take down its vPC POs, hence, if role changed, instead of N5K2, now N5K1 will take down vPC PO during PL failure.


3) I am not sure what you are talking about? STP bottleneck? It is configured as vPC and all gateway and links will forward traffic. I guess you can verify if there is any STP BLK ports.


4) It is upto your corporate policy to implement HSRP authentication or not. I will not make any suggestion here.


5) It is upto your corporate policy to implement EIGRP authentication or not. I will not make any suggestion here.


Regards,

jerry

AdnanShahid Sat, 08/04/2012 - 10:06
User Badges:

Hi Jerry,


Thanks for your reply.


1) Routing with HSRP: OK. It seems that our test bed scenario is working exactly as written in the document.


2) VPC-Peer Role Issue: OK. I will make my vPC "Primary" switch as the N5K-1 and also make HRSP active on that switch. This way it will be easy for us to understood: vPC Primary Swtich <=> N5K-1 <=> HSRP active gateway.


3) STP: Actually the design is quite standard in terms of integration between two N5K and fex with N2K. I just wanted to know if there is any STP issue that I might need to be taken care of in this design.


4, 5) Authentication in HSRP and Eigrp: Currently there is no such policy that I have to use authentication. However considering the security I would like to implement this. Now I just wanted to know, if I implement this than will there be any chance of any performance issue (such as high process utilization in the switch or high latency in traffi etc.) might happen or not. If there is no chance of such issue, then we would like to implement it.


However, thank you soo much for your reply and suggestions, otherwise we couldn't have finish the configuration so early.


Regards,

Adnan

Jerry Ye Sat, 08/04/2012 - 10:47
User Badges:
  • Cisco Employee,

3) Nexus 2000 is not a switch, hense, no STP is running between them.


4) Protocol authentication should not cause performance.


Regards,

jerry

AdnanShahid Sat, 08/04/2012 - 11:32
User Badges:

Thanks a lot Jerry. I will check and let you know.


Regards,

Adnan

Actions

This Discussion

Related Content