Mar 31st, 2012


I have a senario where i'm going to have 2 Nexus 7010 connected as a core, and i'm going to have 4 5510's connected in a star formation.

Each nexus 5510 will connect to the nexus core Via two 10Gb links.

Each nexus 5510 will have 2 links attached to The core switches in vPc's.

Nexus 7010-1 = Core 1

Nexus 7010-2 = Core 2

Nexus 5510-1 = vPC = 100 2 Ports in vPc 100 -- > 7010-1, 7010-2

Nexus 5510-2 = vPC = 200 2 Ports in vPC 200 -- > 7010-1, 7010-2

Nexus 5510-3 = vPC = 100 2 Ports in vPc 300 -- > 7010-1, 7010-2

Nexus 5510-4 = vPC = 200 2 Ports in vPC 400 -- > 7010-1, 7010-2

The way I intend to configure the vPC's is this the best way. If i get a vPC dual active scenario what would happen. All ports will be forwarding all VLAN traffic this is how I intend to have it work.

Mohamed Sobair Sat, 03/31/2012 - 14:29

This is the best approach of connecting Nexus Core to the Distribution.

All ports connecting you N5k to the N7K will be in one vPC domain and will results in both ports forwardings.

Nothing Should Happen, this is what its intended for..



Carl Williams Sat, 03/31/2012 - 15:44

Sorry correction the topology is like the below.

Nexus 7010-1 = Core 1

Nexus 7010-2 = Core 2

Nexus 5510-1 = vPC = 100 2 Ports in vPc 100 -- > 7010-1, 7010-2

Nexus 5510-2 = vPC = 200 2 Ports in vPC 200 -- > 7010-1, 7010-2

Nexus 5510-3 = vPC = 300 2 Ports in vPc 300 -- > 7010-1, 7010-2

Nexus 5510-4 = vPC = 400 2 Ports in vPC 400 -- > 7010-1, 7010-2

But could you explain why this is the best topology. Whould happen within a dual active scenario.

Oleksandr Nesterov Sun, 04/01/2012 - 02:48

Hi Carl

Nexus 7000 have ways to prevent dual-active scenario. If Peer-link is lost secondary vpc peer will shutdown all it's vpc links. So nexus 5000 will continue forwarding traffic via one alive link to primary peer.

In your topology from nexus 5000 there won't be any vpc - they will be configured for standart port-channel.

But if you plan use for example n5k1 and n5k2 (or n5k3 with n5k4) to connect same servers and have redundance - you can also configure them as vpc peers - and get vpc duble-sided configuration.



Mohamed Sobair Sun, 04/01/2012 - 04:08


In the OP describtion, its obvious he is using N5Ks at the Access Layer, and dual linked to the Core/Distribution to both N7Ks.

Why he Cant use vPC between N5K and N7K?

It would be beneficiary for hi to have dual Links from each N5K to both N7K Cores and would therefore place each N5k in One vPC domain.

For His Servers, he can use Similar approach to connect Dual homed Servers and place them in One vPC domain.


The Nexus Switches have a feature called Duplicate Frame Detection, this feature allows both member ports on a vPC to be forwarding at a time, and prevent from L2 Loops.



Oleksandr Nesterov Sun, 04/01/2012 - 04:58


Please read more closely Carl's and my posts.

Carl uses different vpc port-channel numbers for different n5k switches which means that from vpc cluster perspective - these portchannels will be considered as separate links.

I'm sure that Carl would use one VPC uplink, if n5k would be configured as vpc peers.

>Why he Cant use vPC between N5K and N7K?

Carl can use vpc between pair n5k and pair n7k - but decision should depend on network needs.


this link may be helpful:



Carl Williams Sun, 04/01/2012 - 15:58

I'll be using Vpc's 100,200 between switches 5k01,5k02 and 7k01,7k02

I'll be using Vpc's 300,400 between switches 5k03, 5k04 and 7k01,7k02

I have peer links between the nexus 7010 core. What would happen if there was a peer link failure to my vPC's.

Also is this the best topology design from a vPC perspective.

Carl Williams Sun, 04/01/2012 - 16:24

I guess the way i'm thinking is good because if i have a dual active scenario. My traffic will always get forwarded via the primary vPc,s. all vpc,s will have one link to each core switch.

Oleksandr Nesterov Sun, 04/01/2012 - 23:04

Hi Carl

You're correct that in case of dual active scenario traffic will be forwarded only via primary peer.

Also you're correct that this is most redundant topology - if each of your servers will be connected only to one nexus 5000. But if you want to get more redundancy and balance traffic between several switches in more intelligent way - you always can configure vpc between n5k01 and n5k02, and use vpc portchannel 100 between both n5k and n7k, in such case server will loadbalance traffic between two n5ks, and in case of failure of one n5k second will seamlesly cnotinue forwarding all traffic. Also bot of them will loadbalance traffic between two n7k.



Carl Williams Mon, 04/02/2012 - 12:25

Ok I understand we need to configure vPC's between the nexus 5k's. Ok all good i've read in some documentation that when you configure double sided vPc's, I need to make sure that all my port exist within one port-channel between the nexus 5k and nexus 7k.

Can i still have nexus 5k and nexus 7k in a doubled sided vPC configuration, and still have...

vPC's 100

vPC's 200

vPC's 300

vPC's 400

Is this the best way to configure doubled sided vPC and port-channels...

I know that double sided vPC will give me both load balancing from a server perspective, and load balancing from nexus 5k to nexus 7k.

Oleksandr Nesterov Mon, 04/02/2012 - 13:39

In general there won't bee need in separate vpc links towards two n5k.

You will have one logical vpc link which can contain up to 16 links in any configuration you like.

SO finaly you will have vpc 100 between n5k1&n5k2 and n7k1&n7k2 and vpc 200 between n5k3&n5k4 and n7k1&n7k2



Carl Williams Mon, 04/02/2012 - 14:02

another question...

My attention is to create..///

Peer link: Port-channel 1000 Nexus 7k's

Peer link: Port-channel 1000 Nexus 5k's

vpc: 100 nexus 5k1,5k2 -->nexus 7k1, nexus 7k2

vpc: 200 nexus 5k3, 5k --> nexus 7k1 nexus 7k2

Just to confirm is this the best port-channel design.//

Oleksandr Nesterov Mon, 04/02/2012 - 14:10

Yes Carl,

Thats correct.

Just one note - VPC domain numbers must be different that will avoid LACP conflicts.

Do my posts reply to your questions?



Carl Williams Mon, 04/02/2012 - 14:43

Ok nice one sir can you confirm the different failure scenario's.

what will happen in a dual active scenario with this topology, can you also confirm the operations with spanning-tree. MST.

Carl Williams Wed, 04/04/2012 - 03:05

Is the below statement true just checking....

A double sided vPC system if say for example, we have different Vpc’s configured between Nexus 5k and Nexus 7k vPC 100, vPC 200. One vPC will be blocked because when vPC systems are connected the vPC system is seen by the nexus 7k and nexus 5k switch as one logical domain from a spanning-tree point of view..


