Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Dual Nexus 7000 vPC roles primary/secondary

I have 2 Nexus 7k in our data center

2 - vPC peerlinks ( one on module 1 and the second on module 2)

1 - peer keepalive ( layer 3 on moduel 3)

45 vPCs

supporting about 50 "top of rack" switches ( 4948s and nexus 22xx )

Nexus 1 role is primary

Nexus 2 role is secondary


During a maintenance activiaty,  when Nexus #1 is taken down/offline ( dropping each vPC peerlink and the peer keepalive interface)

Currently my Nexus # 2 transitions all port channels to status down and interfaces to suspend

Should Nexus 2 pickup vPC control immediatley ?  or is there a convergence time ?

Thanks for any input

Cisco Employee

Dual Nexus 7000 vPC roles primary/secondary

It should be about 1-2 ping drop from a PC, if the flow is going toward N7K-1.

My question is, how did you take down the switch for maintenance? If you take down the peer-link and peer-keepalive, the vPC secondary should pick all the interfaces (vPC role should become "secondary, operational primary").

Also I am not so clear what do you mean 2 vPC peer-link? Do you mean 2 links in a PO (mod 1 and mod 2)?



Dual Nexus 7000 vPC roles primary/secondary

1 -2 pings being dropped is what I expected too... as soon as the keepalive  timeout was reached, I expected Nexus 2 to pick up control of the vPCs.... it didn't.  ??????????

yes, the vPC peer link consists of 2 individual ports eth1/1 and eth10/1 in a port channel. the vPC peer keepalive runs between nexus 1 and 2 on  physical port 3/1 as a layer 3 link)

Maintenance really means doing a software upgrade from 4.2(3) to 5. 1(5) which required EPLD  updates to each module.

Process was,  shut down all active interfaces on Nexus 2 ( secondary vPC role) run the upgrade, re-enable all interfaces on Nexus 2... worked great.

Repeat process for Nexus 1 (primary vPC role)..... only problem was when the interfaces on Nexus 1 were shut down. Nexus 2 showed all vPCs down ( status no active channel members) and interfaces showed status suspend.

timers are all at default (see below)

vPC Keep-alive parameters

--Destination                   :

--Keepalive interval            : 1000 msec

--Keepalive timeout             : 5 seconds

--Keepalive hold timeout        : 3 seconds

--Keepalive vrf                 : pkal

--Keepalive udp port            : 3200

--Keepalive tos                 : 192

any thoughts ?--- TAC is looking into it also.

Cisco Employee

Re: Dual Nexus 7000 vPC roles primary/secondary

Hm... interesting... how about change the N7K-2's vPC priority to a lower number (force it to be the primary), bounce the vpc peer-link, so N7K-2 is the vPC primary. Shut down all the links on N7K-1 and upgrade.



Dual Nexus 7000 vPC roles primary/secondary

Yes, that process definitely works...I used that to complete the upgrade. when manually initating the switch 1-2 pings are all that drops.

the bigger issue is, if the  primary vPC Nexus (1) box were ever to fail, the secondary vPC Nexus (2) does not appear to pick up quickly enough... since these boxes  are the core switches for a really large healthcare data center.. that's really bad.

Is there any "vpc track" options that could initate a switch from primary to secondary ?



Cisco Employee

Dual Nexus 7000 vPC roles primary/secondary

H Charles.

Please refer to following ligk, which desciribes "auto-recovery" approach:



CreatePlease to create content