cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
20977
Views
0
Helpful
7
Replies

Nexus vPC Layer 3 and peer-gateway enhancement ?

dumlutimuralp
Level 1
Level 1

Hi,

Most people are aware of the Layer 3 port channel limitation on Nexus 7K. Since both chassis has seperate control planes and a packet which comes in through a vPC has to leave through a vPC, we need to configure two different routed links from the edge device towards the Nexus7Ks.

What I am curious about is since Nexus7K has this "peer-gateway" enhancement why do we still have the above limitation ? Cause even with the routing protocols, when the edge device (layer 3 switch or router) sends a packet to 7K-1 MAC address, but because of port channel distiribution algorihm on the edge device, packet is sent towards 7K-2, then 7K-2 could route this packet on behalf of 7K-1 ? Competitors have this kind of features ? (like Avaya' s RSMLT, ex- Nortel ERS8600)

I am asking this out of curiosity.

Thanks in advance.

Dumlu

7 Replies 7

Jerry Ye
Cisco Employee
Cisco Employee

As the feature listed, it is call peer-gateway not peer-router, and it is designed for access device using the Nexus as its default. If you want to peer through the vPC as L3, there might be some side affect that will prevent this from happening (such as routing protocol multicast/unicast packets going through the vPC peer-link, etc).

Please read this post and especially on Chad's comment.

https://supportforums.cisco.com/thread/2047031?tstart=0

Regards,

jerry

Hi Jerry,

First of all thanks for replying.

About the other discussion topic, actually Chad' s explanation is the one which is written in all whitepapers. I am aware that a packet which comes in froma vPC peer link should leave through a regular member link NOT a vPC member link. What I am trying to ask has a little different focus though.

According to Chad' s sample topology, what I suggest is to prevent the 7000-2 to switch the packet through the vPC peer link in the first step. Cause if 7000-2  can route that packet on behalf of 7000-1 all the problems will go away. That feature is the one that some others have. However Cisco makes a clear point by saying that vPC VLAN traffic will not be carried over vPC peer link, traffic will be locally switched.

However I missed the routing protocol multicast packets issue though. Again, according to Chad' s sample topology, when R1 sends an EIGRP neighborship packet destined for 224.0.0.10, this packet is gonna be hashed by the port channel balancing algorithm set on R1 and then if the link chosen is the one towards the 7000-2 then 7000-2 will receive this packet.

The question pops out in my head right this moment. Will 7000-2 replicate this packet over the vPC peer link ? I can not clearly remember the multicast traffic behavior. But this EIGRP neighborship packet will be processed by 7000-1 itself if 7000-1 gets this packet, I mean the packet wont be switched through another port on 7000-1.

If 7000-2 does not replicate this packet, then yeah, R1 and 7000-1 will never form an EIGRP neighborship at first.

Correct me if I am wrong.

Appreciate it.

Dumlu

Why are you relying on vPC to do something that can be done in a pre-vPC day with routing protocol. If routes are advertised correctly, L3 routing protocols will do ECMP and load balance the traffic.

Using vPC with VLAN interfaces to try this is simplily not a best practice. You are creating unnecessary L2 domain between the router and the Nexus. At the end, the traffic will still need to route through the Nexus's SVI to different destination.

Regards,

jerry

Hi Jeye,

That makes sense. Somewhere around this research I guess I got lost. May be I remember what I am trying to emphasize.

However do you have any comments about my other question ? Do any of the vPC peers detect an EIGRP neighborship packet (which is sent by the edge switch through the link towards N7K-2) and NOT forward it through the vPC peer link ? I mean I am just curious that if the eIGRP neighborship between the edge switch and N7K-2 does come up or not in such a scenarion ?

N7K-1 - - - - N7K-2

   \               /

     \           /

       \       /

    Edge Switch

Thanks.

Hi,

Thanks a lot. Ive already gone through this url. Also there is updated Networkers Presos that Ive noticed recently. Static routing would work fine so far. Dynamic routing still doesnt seem to be supported cause Dynamic Routing Procotol Hello Packets are still multicast and there are some corner cases with multicast packets.

Thanks a lot.

Dumlu

I believe 'peer-gateway' is of only use when we are running nonstandard applications which seem to reply back to the physical mac instead of the virtual mac.

As we have active active forwarders with HSRP on NX-7K we might face issues of traffic traversing over peer links in case we get the reply back on standby forwarder. Just to keep peer link out of data plane we kina hack the process by sharing burned-in macs of the physical interfaces using peer-gateways.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: