I have 3 scenarios that I know the result but the explanation escapes me.
We have a L2 switch that is Port-channel to 2 Nexus that in turn have a peer-link. I know that if I have an orphan port on one of the nexus, I am allowed to communicate over the Peer-Link because I have no other path (Assuming 50% of my traffic will hit the Nexus with the orphan and 50% won't) So in my head the reason this doesn't get dropped is because the target is an orphan and not a vPC Member.
Same physical layout but we are now doing OSPF to SVI on all three devices. I know that this scenario doesn't work because of building adj over the peer-link is a no-no. What I am try to grasp is what exactly is killing the scenario. Is the issue the broadcast? What is causing peer-link to drop the packets in this scenario and not the the first? Both are traveling over Port-channel and then Peer-link yet one gets dropped (I don't know if it is dropped immediately crossing the Peer-Link or is the return traffic dropped?
Same Layout as Scenario one, if a PC is plugged into the L2 Switch and it tries to telnet or SSH to either Nexus. At some point the packets will make a crossing of the peer-link. I know this works but why isn't the traffic that is going across the peer-link in this case dropped? (I am assuming I have HSRP on)
1. Correct. Only recomendation is to have all orphan ports only on one nexus - since if type-1 inconsistency wil occur- peer-link will be shutted down so connectivity between orphan ports will be lost.
2. Peering between SVI's on VPC peers is possible but not recommended. For that separate L3 link is recommended.
No-No solution is peering through VPC between nexuses and the switch. Topology may work but behavior may be unpredictable. Here is the link for configuring connection between N7K and VSS cluster
Allowed solution is either configure ECMP links from nexuses to switch or connect a router behind the switch and do the peering with it, not with the switch
3. VPC Loop avoidance condition is NOT forward traffic received from VPC peer-link over VPC conection.
In 3rd case connection via SSH to nexus2 (for example) goes to nexus1, passes VPC-peer-link and reached nexus2 - so nexus2 doesn't send traffic further via VPC link - and doesn't hit Loop condition avoidance.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...