We are looking to implement vPC soon on our Nexus 7Ks. The vPC peer link will provide layer 2 connectivity between two N7Ks, all vlans will need to be allowed across the vPC peer link even those vlans which don't require vPC.

My first question is if a vlan is allowed across the vPC peer link does this in effect make this vlan a vPC vlan? If so is there anyway to prevent it from becoming a vPC vlan as I need to be able to allow non vPC vlans across the vPC peer link? I know the recommendation is to use dedicated ports for non vPC vlans but the problem is I haven't got any spare 10Gb ports available for this purpose.

The other problem is I have a particular vlan with hosts which have a dual & single attached devices.  I have no option but to use ophan ports for the single attached devices and I cannot move these devices to a new non vPC vlan. Am I correct in thinking that ALL the single attached devices must be attached to the primary vPC peer because if not communication will not be permitted between the single attached devices across the vPC peer link?

Final question is do the servers with dual connections have to be configured to use a LACP port channel. Currently they are teamed in active - standby but we would like to continue with this and gradually move the server to using LACP.

•4.      If (3) is not an option – connect device directly to (primary) vPC peer in a vPC VLAN

PROS: Easy deployment

CONS: Generally Bad. Bound to vPC roles, Full Isolation on peer-link failure when attached vPC toggles to a secondary vPC role.


Sunday was probably not a good time to post this as no one would be around.



Hi Darren

The image, that you have attached is very good. Because it shows one of the reason why vpc peer-link shouldn't be used for non-vpc vlans.

1. vpc vlan is a vlan that is configured on vpc peer-link and vpc port-channels.

2. vlans that can be configured on peer-link and are not used on vpc port-channels are not vpc vlans.

a. You can configure non-vpc vlans over vpc peer-link. You can find this statement in the same presentation where you get the image. But still the best practice to run a separate link for these vlans and this will solve your 2nd and 3rd questions.

b. yes - good practice wil be to connect all orphan devices to the primary peer - since peerlink will be suspended in case of issues.

c. you can run port channel in "on" mode without LACP, but it's highly recomended to run LACP because it's very flexible protocol.

As for the attached image there you can see two orphan devices connected to vpc vlan on different peers. When issue occurs on any of the nexuses, peer-link and vpc links on secondary peer are suspended which breaks the connection between orphan devices.



In the ask the expert discussion referenced here, I see a contridiction to you what you are saying Alex:

I am quoting this from the above link:

To answer your question , by definition any vlan that is forwarded on the vpc peer link beocmes a vpc vlan ...If the devices are single homed ( i.e connected to only one peer either directly or via N2K) , then the question should be do you really want those vlans to be forwarded on the peer link and by doing so extend your L2 domain across the two peers ....because you can easily configure the vlan only on the peer where the device is connected to and use an SVI for further connectivity.That way there will be no need to extend these vlans across on the peer link essentially making those vlans 'non-vpc' vlans.

Does this mean that even if you do not have this vlan configured on any of the vPC member ports, it is still considered a vPC VLAN??? very confusing.

Any clarification would be very appreciated.


