Solved: cannot create vpc peerlink between 2 NK5-C5548UP-Fa

christoph.brunner · ‎06-21-2012

Hi

I have very strange problem. I have two NK5-C5548UP-Fa where I need to implement the vpc features. I want my peer link go over an SVI. I have Port-Channel 100 configured as a trunk with 3 vlans in it (my VPC-Peer Vlan included in a seperate VRF, and two data vlans).

I have set up the vpc domain 1 and configured the peer-keepalive source, destination and vrf. All seemed fine.

So I had a connection between those Switches and could ping each way in my SVI.

In the moment i set the command vpc peer-link in the port-channel the vlans in the trunk went on err-disable and I lost connection.

SWITCH# sh int trunk

--------------------------------------------------------------------------------

Port Native Status Port

Vlan Channel

--------------------------------------------------------------------------------

Eth1/1 1 trnk-bndl Po100

Eth1/17 1 trnk-bndl Po100

Po100 1 trunking --

--------------------------------------------------------------------------------

Port Vlans Allowed on Trunk

--------------------------------------------------------------------------------

Eth1/1 410-412

Eth1/17 410-412

Po100 410-412

--------------------------------------------------------------------------------

Port Vlans Err-disabled on Trunk

--------------------------------------------------------------------------------

Eth1/1 410-412

Eth1/17 410-412

Po100 410-412

I have the following message in the log:

2012 Jun 21 09:42:31 SWITCH %ETHPORT-3-IF_ERROR_VLANS_SUSPENDED: VLANs 4

10-412 on Interface port-channel100 are being suspended. (Reason: peer-keepalive

not operational, peer never alive)

And I've seen this in debug vpc peer-keepalive

SWITCH(config-if)# 2012 Jun 21 11:58:46.742933 vpc: Added 3 vlans to loc cfg list

2012 Jun 21 11:58:46.743004 vpc: Saving the MCT [1] context in PSS

2012 Jun 21 11:58:46.747084 vpc: Vlans [410-412] in Error vlan list for MCT

Anybody some Ideas how to fix this?

I use this NX-OS: n5000-uk9.5.1.3.N2.1.bin

I am pretty sure, the config is fine... but somewhere I am missing something.

Thanks Chris

Oleksandr Nesterov · ‎06-21-2012

Hi Christoph

I think Reza wanted to say that we can't see interfaces that act as endpoints for peer keep-alive link.

Also here is VPC operations guide which stands that mgmt port is recommended solution for keep-alive link:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999392

HTH,

Alex

View solution in original post

Reza Sharifi · ‎06-21-2012

Hi,

Can you post your config?

christoph.brunner · ‎06-21-2012

feature interface-vlan

feature lacp

feature vpc

vrf context VPC-PEER

vrf context management

ip route 0.0.0.0/0 192.168.10.1

vlan 1

vlan 410

name VPC-PEER

vlan 411

name VMotion

vlan 412

name Storage

vpc domain 1

role priority 100

system-priority 100

peer-keepalive destination 192.168.0.2 source 192.168.0.1 vrf VPC-PEER

peer-config-check-bypass

auto-recovery

interface port-channel100

description VPC-Peer-Link

switchport mode trunk

switchport trunk allowed vlan 410-412

spanning-tree port type network

spanning-tree guard loop

speed 10000

vpc peer-link

interface Ethernet1/1

description SWITCH2,Eth1/1

switchport mode trunk

switchport trunk allowed vlan 410-412

channel-group 100 mode active

interface Ethernet1/17

description SWITCH2,Eth1/17

switchport mode trunk

switchport trunk allowed vlan 410-412

channel-group 100 mode active

interface mgmt0

description Mgmt-Vlan

ip address 192.168.10.25/24

I figured out that I can set up the VCP-Peer over the mgmt0 Interface. Then I can switch the configuration to my SVI and it works. But after a reload of the whole system, I have the same problem.

I guess the peer must go over mgmt0

Reza Sharifi · ‎06-21-2012

I don't see your VPC domain config:

Have a look at this sample config and make the necessary changes to reflect your environment

! enable features

feature vpc

feature lacp

! Define a vrf for the keepalive traffic

vrf context vpc-ka

! Configure vpc domain - this switch (in the vpc-ka vrf) is 10.0.0.1; its partner is 10.0.0.2

vpc domain 1

role priority 100

system-priority 100

peer-keeplive destination 10.0.0.2 source 10.0.0.1 vrf vpc-ka

peer-gateway

! Configure the VPC keepalive interface (port-channel or single interface)

interface Ethernet 1/1

vrf member vpc-ka

ip address 10.0.0.1/31

no shutdown

! Configure the layer 2 interchassis peer-link

interface Ethernet 2/1

channel-group 1 force mode active

no shutdown

interface Ethernet 3/1

channel-group 1 force mode active

no shutdown

interface port-channel1

switchport

switchport mode trunk

switchport trunk allowed vlan a,b,c

vpc peer-link

spanning-tree port type normal

no shut

! Configure the actual vPC facing the downstream device

! For the 'vpc xxx' command:

! 1) use a different xxx for each port-channel to a downstream device;

! 2) ensure that the 'partner' port-channel on DST2 uses the same xxx;

! 3) xxx has nothing to do with the vpc domain number configured earlier.

!

interface Ethernet 2/8

channel-group 2 force mode active

no shut

interface Ethernet 3/8

channel-group 2 force mode active

no shut

interface port-channel2

switchport

switchport mode trunk

switchport trunk allowed vlan a,b,c

vpc 102

no shut

Oleksandr Nesterov · ‎06-21-2012

Hi Christoph

I think Reza wanted to say that we can't see interfaces that act as endpoints for peer keep-alive link.

Also here is VPC operations guide which stands that mgmt port is recommended solution for keep-alive link:

http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999392

HTH,

Alex

christoph.brunner · ‎06-22-2012

Hey

I've done it now with the recommended solution. I am still confused why it doesn't work with the SVI, as I had my own VRF. I think the SVI must not run on the actuall VPC Peer Link. I think thats the point.

Thanks