Nexus vPC | Routing over vPC
ฝัง
- เผยแพร่เมื่อ 14 ต.ค. 2024
- Let me tell you a sad story...
Some time ago, I ran into a problem. I was in the data centre all night and nearly pulled my hair out in frustration. No matter what I tried, I couldn't get vPC to work with #OSPF or #EIGRP
Let me save you this pain, and show you the pitfall of routing over #vPC, and how to avoid it, using layer-3 peer-router
This video is particularly helpful to network engineers working with vPC in production.
Also useful for CCNP Data Center, and CCIE Data Center
Part 1: How vPC Works - vPC adds redundancy to the data centre, while avoiding the older technologies like spanning-tree. See how it fits into your solution, and parts under the hood
• Nexus vPC | How vPC works
Part 2: vPC Configuration - Now you know how vPC works, you can start configuring. See how it's done by watching live config on real Nexus switches
• Nexus vPC | Configurat...
Part 3: Routing over vPC - Be careful! There are pitfalls when running routing protocols over vPC! I fell into one of these myself. See how you can avoid this
• Nexus vPC | Routing ov...
Some platforms now support hitless vPC role changes.
[networkdirecti...|Hitless vPC Role Change]
Read the full article at networkdirectio...
/ networkdirection
/ netwrkdirection
300-180 DCIT
300-160 DCID
300-165 DCII
layer3 peer-router
Fore more info, see:
networkdirection.net/vPC+and+Routing+Protocols
I love your storytelling combining with the real-time troubleshooting approach, that's really helped me a lot to understand the whole situation on how to apply dedicated command regarding your scenario. Great video !!
Thank you , it's really good to hear that this video is providing practical help
Excellent video, it took me weeks of research to fully understand what you explained in minutes. I have a similar project where we were having issues with EIGRP, "layer3 peer-router" fixed it!
Took me weeks too 🤓
I went through a lot of pain along the way
This issue is fundamentally caused by the fact that vPC makes two switches look like one device at layer 2 but NOT at layer 3.
Really loved it
That is exactly what I've experienced last week after an upgrade to nxos 7.3.7 with eigrp
Lucky me, i remembered your video
Thanks
Really glad that I saved you the trouble I had!
what was the prev version ? why did you have such a problem after the upgrade?
That is really good information on Routing Over VPC. Short, Simple and Amazing information. Thank you.
Thanks Chetan,
There’s definitely a few gotchas to be aware of. I hope the video helps clear them up
Thx a lot for sharing your issue, will keep note of this.
does this solution of applying the 'layer3 peer-router' command is suitable for multicast traffic as well?
BTW - great video great explanations!
As far as I'm aware, yes, this is supported with multicast as well. I haven't had any issues myself.
This could vary depending on the platform. The Nexus range is a bit special like that. Something that's fine on an N3K may not work on an N9K.
I would recommend asking TAC what they support, just to be sure.
If you do learn anything of interest along the way, I encourage you to share it here. It's always nice to learn something new :)
heheh I like how it begins. "Oh, the horror!!! Routing and vPC!!!!!"
:-D
Thanks 👍
You kept us waiting a while for this video 🙂
+Euan Phipps
I sure did! I had to learn a few new video tricks.
I hope it was worth the wait 😃
Thank you for this video as it served as a sanity check. I’m having an issue where a port-channel has 2 links to an adjacent firewall and both sides are forming a BGP adjacency and the peering is stable. However, when both port-channel members are UP, there are packet drops seen when trying to reach a loop back interface on the firewall. If I disable the port-channel link going to VPC with secondary role, the traffic to the loopback stabilizes. I saw you have the command ip arp synchronize which I do not have. What does that command do beyond the obvious inference? Do you think this may help?
So in summary from what i have understood:
it is the purpose that the router forms a neighborship with only one of the NX-OS devices that are bundled in the VPC domain. even thought both the NX-OS devices act as 1 device
It can happen that the router sends IGP related data to the other NX-OS device ( because of the LAG hashing algortihm)
With the peer-router command configured on the NX-OS devices this is no problem because the NX-OS device that receives the IGP related data which was not ment for him , he will send it over the peer-link to the other NX-OS device. But the problem is that he will decrement the TTL which in many times with IGPs is 1 (so it will become 0 and hence discarded), so the NX-OS device for which the IGP related data was ment never receives it.
result = IGP neighborship flapping
solution: add layer3 peer-router command or increase the IGP ttl to 2.
does this describe the issue correctly?
That's pretty close. However, remember that vPC is a layer-2 technology, while routing is L3.
The pair acts as a single device from a layer-2 perspective
From layer-3, each device acts independantly
thanks for the video. we have a pair of vpc 9ks that we're attempting to do BGP neighborship with an active/standby ASA so they can excahange routes. Do you recommend we that we use the same AS on both the 9ks or different AS numbers?
These videos are everything. I have to connect two 5k (5548, 5596) to a Nexus 2k in the morning. From your video's can I connect the 2k to Vlan 20?
That's a bit different to this video...
It depends on the topology that you want to achieve. Have a look here:
www.cisco.com/c/en/us/support/docs/switches/nexus-2000-series-fabric-extenders/200363-nexus-2000-fabric-extenders-supported-un.html
Network Direction Thank you! I will check the document out. I will more than likely run EIGRP.
You’re welcome!
As for EIGRP, it will depend on what’s peering with what. Are you attaching a router to the FEX?
No, I will not have a router. I will have two servers hanging off the 2k in separate vlans. The goal is to setup up active/active between the 5k’s and test inter vlan connectivity. This goal was assigned to me this today.
Network Direction similar to your nexus vpc video one, instead of having two servers connecting to the 5k’s (via vpc) I will have a 2k and the two serves connected to the 2k.
So the big question on everybody's mind is if I add the layer3 peer router command to both switches will traffic be interrupted? I have this exact issue with my edge switch and I'd like to fix it during a maintenance window but I need to tell my business if there's going to be a possible downtime. Thx.
That's a good question...
I don't remember for sure, but I don't think it causes any downtime.
I recommend calling TAC to check with them
@@NetworkDirection I went ahead and did this during a maintenance window and no downtime was experienced. I also had a colleague at another company confirm in his test lab. Appreciate this video very much and my network is running much smoother because of it.
@@mauricewalker2350 Glad to hear it went well for you, and thanks for sharing your experience here
Thank you. Very good video.
Thanks , How configuration EBGP from VPC to VSS switch , should we use L2 link or L3 link ?should we have additional link between vpc switch ?
Using Layer 3 routed ports is preferred for peering.
eBGP can use multi hop anyway, so you shouldn’t have the same problems that IGPs have
4:20 sw2 and router connected interfaces are different networks?? As far as I know, the TTL is not reduced for the same network. Therefore, if it is the same network, the TTL will not be 0, so I don't think there is a problem with OSPF. What do you think in my opinion?
I think TTL would only be reduced for a L3 hop, so you're right. If they're in the same L3 network, the TTL will not be reduced
Could you please share the full config of the topology
Thanks for video.How do i announce my subnet in ospf in nx-os.For example: in isr router press command network 10.1.1.0 0.0.0.255 area 1
But in nexus not found this command
Nexus is a bit different. From memory, it's configured under the interface
wowww cool solution thks a lot
Thanks for this!
Thanks for the feedback!
I was thinking of maybe doing some VxLAN stuff next. How does that sound?
Network Direction that would be very informative! Looking forward to that!
good videos thanks
Thanks Moorthy!
Nice sir.
Thanks!
So confusing this third part
It's true, there's a lot in it. I learned the hard way.
This is what you came to see - th-cam.com/video/KPsnI6h1RIs/w-d-xo.html