Turning on peer-switch in production vPC setup

Unanswered Question
Jun 23rd, 2013
User Badges:


I would like to understand what exactly happens when you turn on peer-switch within a vpc domain on a N7K vPC setup. Today we have only a few vlans rooted on the primary vPC switch. The secondary vPC does not have any spanning-tree priority for these vlans yet (non existing stp config for any vlans)

I would like to know what happens if I where to turn on the function on both N7K's and duplicate the primary's STP config over to the secondary as you should do it when using peer-switch. Will the vlan's having the the primary N7K as root do any reconvergence or will just the secondary merge in and cause no interference for said vlans?

primary# sh run | inc spanning

spanning-tree vlan 28,150,679,838,841,xxx..... priority 4096

  spanning-tree port type network

secondary# sh run | inc spanning

  spanning-tree port type network

Anyone who know willing to give some insight about such a scenario and what to expect?

Thank you!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
fragilemahinder Mon, 06/24/2013 - 04:27
User Badges:


Peer-switch will make both N7K-1  and N7K-2 as Root Bridge , and  why do we need to make both N7K as root is here goes..

Suppose primary Switch N7K-1  fails which is Root bridge in that case secondary vPC switch N7k-2 will elect itself as Operational Primary and STP root SW, now depending on control plane it might couple seconds to initiate BPDU from Operation Secondary to forward down stream but vPC member port won't see and STP port change.. till now we don't have  any issue..

Now our Primary failed Switch N7K-1 came online but  vPC role is non-Preemptive in that case Primary N7K-1 continue to be act Operatioinal Secondary but we have configured lower STP priority earlier on N7K-1 , now we have STP role change , Peer link will become STP root Port and that will trigger SYNC process inherit in VPC process , which blocks vPC  trunk member port although time conumpation in overall process of SYNC is quite low but in production HFT envirnoment it matter alot .

other option is lower hello timers in STP could be used to minimize drop in forwarding.

To avoid this behaviour we use Peer-switch under VPC DOMAIN.

i hope this clarifies what you have asked



aleksander.olse... Mon, 06/24/2013 - 06:54
User Badges:

Hi Mahinder and thanks for your reply.

I already know why I want the peer-switch functionallity in out environment. The thing I want to know, is what actually happens with the traffic on the vlans running through the Nexus core when i do turn it on. How does STP behave when I hit the switch on the functionallity. Nothing? Is there a best order to do it? Keep in mind my secondary Nexus does not have ny STP priority settings for any of the vlans currently root'ing on the primary Nexus.

Thanks :-)


aleksander.olse... Sun, 08/18/2013 - 03:00
User Badges:

So, in the last nights window I enabled peer-switch in the following order.


conf t

vpc domain 101




conf t

vpc domain 101




Checking logs I got the following line telling me to sync the spanning-tree config between the vPC peers.

sh logging last 50


2013 Aug 17 22:19:09 NX01 %STP-2-VPC_PEERSWITCH_CONFIG_ENABLED: vPC peer-switch configuration is enabled. Please make sure to configure spanning tree "bridge" priority as per recommended guidelines to make vPC pee r-switch operational.


sh vpc role tells me that the system mac's are now identical as expected and both peers reporting as root bridge for defined vlans.

I registered no downtime by enabling this.

karansinghdadwal Fri, 05/29/2015 - 03:37
User Badges:



I did not want to intrude but I need help to understand below. It would be great if you can clarify as I am really stuck:


We have a Linux server that is dual homed to N2Ks in active/standby teaming. N2Ks are X connected to two N5Ks in vPC.Now my question is that CDP neighbor on server discovers only one N5K parent switch on both NICs. Can you please explain the behavior? Below is sample topology. When we look on server on both NICs the neighbor discovered is either of the N5Ks and not both.


|----------|   vPC          |----------|
|N5K1  |=========|N5K2   |
|----------|                    |----------|
   |     \                         /   |
   |       \                  /        |
   |         \                /        |
   |           \            /          |
   |             \        /            |
   |              \      /             |
   |                \ /\               | 
   |               /      \            |
   |           /           \           |
|----------|                \  |---------|
|N2K1  |                    |N2K2  |
|----------|                    |---------| 
    \                            /
     \                         /
      \                      / 
       \                   /
        \                / 
 NIC1\            / NIC2
         |                |
         | Server   |
         |               |
         |               |




danailpetrov Mon, 08/19/2013 - 15:28
User Badges:

Just to drop my two cents on that.

Peer switch is a good feature and Mahinder nailed the benefits of it. However, you need to consider that properly as you wont be able to run another L2 link between both peers or at least you'd need to disable the STP on that link (which, imo, is not a good thing for a production environment). What will happen basically is that the vPC secondary device will see its"own BPDU" coming on that port and it will put the port into Blocking/BACKUP state. At this stage (for some reason) Cisco consider that as a bug (check this out)


Devavrat Oka Fri, 08/30/2013 - 10:15
User Badges:

Also a point to remember - vpc peer-switch makes the nexus switch the root bridge only for VLANs that are in the vPC domain (or are allowed on the vPC peer-link).

For the realm of non vPC VLANs, the STP topology works in a traditional manner with the root bridge being whatever switch is set with spanning-tree vlan X priority .


This Discussion

Related Content