Cisco Support Community
Community Member

OSPF over vpc and orphan ports

Hello Gents,

There is specific design where Cisco ASA5585-SSP40 HA cluster connected to 1st N7K VPC domain with vPC port-channel. This domain consequently connected to 2nd N7K VPC domain. Two servers are single- and non-vpc connected to the latter VPC domain (1 server per vpc-peer). Finally ASA and servers must build OSPF ajacency over some vlan switched from ASA's port-channel toward server's access ports. The case of control plane and data forwarding direction from servers toward ASA is validated. But opposit direction (control and data packets from ASA toward servers) may take not optimal path: f.e. ASA's port-channel decide to forward packet to a one of the servers in such a way that on a final VPC domain frame must cross vpc-peer-link to reach the destination. Would the last swithcing vpc-peer drop this frame instead of forward it toward the server?          

Simplified L1-3 diagrams are attached

Thank U in advance        

Everyone's tags (4)
Community Member

OSPF over vpc and orphan ports

Correct A from CPDI Help:

"As soon as servers are single-attached (non-vPC ports) their upstream switch (vPC-peer) will accept and forward frame received from peer-link and destined to the server."

Again this is vulnerable scenario if server attached to secondary peer and vpc-peer-link goes down.


CreatePlease to create content