Dual Nexus 7000 vPC roles primary/secondary

charles wainwright · ‎01-16-2012

I have 2 Nexus 7k in our data center

2 - vPC peerlinks ( one on module 1 and the second on module 2)

1 - peer keepalive ( layer 3 on moduel 3)

45 vPCs

supporting about 50 "top of rack" switches ( 4948s and nexus 22xx )

Nexus 1 role is primary

Nexus 2 role is secondary

Question:

During a maintenance activiaty, when Nexus #1 is taken down/offline ( dropping each vPC peerlink and the peer keepalive interface)

Currently my Nexus # 2 transitions all port channels to status down and interfaces to suspend

Should Nexus 2 pickup vPC control immediatley ? or is there a convergence time ?

Thanks for any input

Jerry Ye · ‎01-16-2012

It should be about 1-2 ping drop from a PC, if the flow is going toward N7K-1.

My question is, how did you take down the switch for maintenance? If you take down the peer-link and peer-keepalive, the vPC secondary should pick all the interfaces (vPC role should become "secondary, operational primary").

Also I am not so clear what do you mean 2 vPC peer-link? Do you mean 2 links in a PO (mod 1 and mod 2)?

Regards,

jerry

charles wainwright · ‎01-17-2012

1 -2 pings being dropped is what I expected too... as soon as the keepalive timeout was reached, I expected Nexus 2 to pick up control of the vPCs.... it didn't. ??????????

yes, the vPC peer link consists of 2 individual ports eth1/1 and eth10/1 in a port channel. the vPC peer keepalive runs between nexus 1 and 2 on physical port 3/1 as a layer 3 link)

Maintenance really means doing a software upgrade from 4.2(3) to 5. 1(5) which required EPLD updates to each module.

Process was, shut down all active interfaces on Nexus 2 ( secondary vPC role) run the upgrade, re-enable all interfaces on Nexus 2... worked great.

Repeat process for Nexus 1 (primary vPC role)..... only problem was when the interfaces on Nexus 1 were shut down. Nexus 2 showed all vPCs down ( status no active channel members) and interfaces showed status suspend.

timers are all at default (see below)

vPC Keep-alive parameters

--Destination : 10.79.14.42

--Keepalive interval : 1000 msec

--Keepalive timeout : 5 seconds

--Keepalive hold timeout : 3 seconds

--Keepalive vrf : pkal

--Keepalive udp port : 3200

--Keepalive tos : 192

any thoughts ?--- TAC is looking into it also.

Jerry Ye · ‎01-17-2012

Hm... interesting... how about change the N7K-2's vPC priority to a lower number (force it to be the primary), bounce the vpc peer-link, so N7K-2 is the vPC primary. Shut down all the links on N7K-1 and upgrade.

Regards,

jerry

charles wainwright · ‎01-17-2012

Yes, that process definitely works...I used that to complete the upgrade. when manually initating the switch 1-2 pings are all that drops.

the bigger issue is, if the primary vPC Nexus (1) box were ever to fail, the secondary vPC Nexus (2) does not appear to pick up quickly enough... since these boxes are the core switches for a really large healthcare data center.. that's really bad.

Is there any "vpc track" options that could initate a switch from primary to secondary ?

thanx

chuck

Oleksandr Nesterov · ‎01-22-2012

H Charles.

Please refer to following ligk, which desciribes "auto-recovery" approach:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/interfaces/configuration/guide/if_vPC.html#wp1829497

HTH,

Alex