I'm fairly new to the Nexus line and am trying to wrap my head around features and operation of them. I've been going though different remote sites that have them and noticed that they are not all set up the same concerning vPC and would like to know what is the best practice and why you would want to configure them a certain way.
All of the 5000s are configured with a peer link. I understand the concept of this. This is how the switch is able to acheive the vPC without causing loops.
All of the 5000s are configured with a peer link keepalive as well and this I don't quite grasp and in addition not all of the remote sites have the peer link configured the same way.
Some have a seperate vrf just for the peer link keepalive and are directly connected to the other 5000 using the a VLAN 996 and a VLAN 997. VLAN 996 has an IP on both of the 5000s in the same subnet and VLAN 997 is named VPC-Peer-Link with no IP and both VLANs are carried through a trunk directly to the other 5000. Others use the Management vrf and are connected to the other 5000 though another layer 2, 2960 switch ( both 5000s have their mgmt0 port patched into the same VLAN).
First - what is the keepalive link needed for if we have a configured vpc peer link? Redundacy?
Also, what is the preferred method to set this up or are both ways acceptable?
The keepalive link is used to monitor the state of the the Nexus pair. The peer link is used to exchange control plane information and possibly data although you should do all you can to keep data off the peer link.
The reason they are separate is that the keepalive link needs to detect if the peer link has failed the Nexus pair will both go active and the keepalive link is used to detect this and take the appropriate steps.
The keepalive link is a L3 link and can be configured in a number of ways which is probably why you are seeing different setups in different sites. Attached is a link to vPC best pratices which cover the peer link, keepalive link and whole lot more. If you are just familiarising yourself with Nexus switches it is a great place to start -
the doc mentions that it is not recommended that you connect the peer keep-alive link using a point to point link between the 7Ks if using dual supervisors. I am only connecting 5548s together. Would it be recommended to connect the 2, 5548s point to point via the mgmt link as this would eliminate a point of failure?
I have setup the keepalive link between 5ks using the below methods without any issues.
1) Direct copper link between the 5K management interfaces. This is done if we don't have a dedicated out of band management network and require a simple setup.
2) 5K management interfaces connected together via a separate switch such as a 2960. This is done if we do have a dedicated management network and we require out of band management access to the 5ks as well.
3) Connecting a single link or multiple links in a port-channel between the 5Ks (either 1 or 10 Gbps) and configuring a dedicated SVI/VRF on each 5K with /30 IP addresses.
The only thing that you should not do is create the vPC keep-alive link over the vPC peer link itself.
There are not many documents that recommend connecting the 5K management interfaces directly together as its commonly suggested to use a switch, but I believe this is only because you lose the ability to use the management interfaces for accessing the device (ssh/telnet etc) or if you have 7ks with dual sups. I have not seen any technical reasons why this shouldn't be done with the 5ks
Thanks for the response - I 've been searching around for an answer about the peer keep-alive link and what happens when it goes down but, the peer link remains up. It appears that nothing will happen to user traffic while the peer keep-alive link is down. In your experience is this true? Will I be able to change the peer keep-alive links from each 5548 going to a seperate switch to a point to point link between the 2, 5548s without fear of traffic interruption?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...