Configuring Cisco Nexus vPC

Cisco’s vPC is a virtual port-channel which allows links physically connected to two different switches to appear as a single device to a downstream device as part of a single port-channel.

To learn more, I recommend reading NX-OS and Cisco Nexus Switching by Ron Fuller, David Jansen, and Matthew McPherson.

A vPC is configured on a Cisco Nexus switch and allows Layer 2 port-channels from a downstream device to span two separate switches.

vPC consists of two vPC peer switches connected by a vPC peer link. One switch is primary and the other is secondary. A vPC domain is formed by both Nexus switches. A Nexus can only be part of one vPC domain and only two switches can make up a vPC domain.

vPC peer link creates a single control plane which forwards BPDUs or LACP packets from the primary vPC switch to the secondary vPC switch. A vPC peer link is formed into a port-channel which can be a maximum of 16 ports but at a minimum it should be 2 ports. The peer link synchronizes MAC addresses and STP BPDUs.

In addition to the vPC peer link, there is a peer keepalive link which monitors the vPC peer switch. A keepalive link can be configured using the management interface or through an SVI. There is no data sent over this link. It’s sole purpose is for vPC keepalives.

A vPC port is a port assigned to a vPC channel group. Ports part of the vPC are split between the vPC peers.

Components of a vPC

• One primary switch and one secondary switch (vPC peers)
• Layer 3 link for peer-keepalives (resolves dual-active scenarios)
• Redundant port channel for a peer link between vPC peers.
• vPC port members forming a the virtual Port Channel.

Configuration

Connect each switch together to create a vPC peer link. You need two 10 GbE interfaces.

Connect the management interfaces to each switch to form the vPC keepalive link. You lose out on using the management interface. In my scenario, these two Nexus switches will be racked together.

Enable the vPC feature.

conf t
feature vpc

Configure the management interfaces.

switch1(config)#interface mgmt0
switch1(config-if)#ip address 192.168.1.1/30
switch1(config-if)#vrf member management

switch2(config)#interface mgmt0
switch2(config-if)#ip address 192.168.1.2/30
switch2(config-if)#vrf member management

Create the port-channel interface for the vPC peer link.

interface po24
switchport mode trunk

Add the vPC peer link interfaces as a member of the port-channel.

interface e1/22-23
channel-group 24 mode active

Now we convert the port-channel into a vPC peer link.

interface po24
vpc peer-link

The switch will convert the port-channel into a network port type for spanning-tree.

The only time traffic should go over the vPC peer-link is if the Nexus loses its upstream connection. Connectivity would still be accessible through the peer switch but over the peer-link connection.

Now we will create a vPC domain which needs to be unique in the layer 2 domain. When defining a vPC domain, you must specify the peer keepalive destination and source addresses.

switch1(config)#vpc domain 1
switch1(config-vpc-domain)#peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf management

switch2(config)#vpc domain 1
switch2(config-vpc-domain)#peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf management

Verification

View the running configuration for vPC.

switch1#show run vpc
!Command: show running-config vpc
!Time: Tue Jun  2 13:19:40 2015
version 6.0(2)A4(1)

feature vpc

vpc domain 1

peer-keepalive destination 192.168.1.2 source 192.168.1.1
auto-recovery

interface port-channel24
vpc peer-link

There are a few options to select from.

switch1#show vpc ?

1-4096               Enter a Virtual Port Channel number

>                      Redirect it to a file

>>                      Redirect it to a file in append mode

brief                   Brief display of vPC status

consistency-parameters  Show vPC Consistency Parameters

orphan-ports            Show ports that are not part of vPC but have common VLANs

peer-keepalive          VPC keepalive status

role                    VPC role status

statistics              Statistics

|                       Pipe command output to filter

To get a summary of the vPC configuration use show vpc brief. Take note of the vPC domain ID that is used, status of vPC, what role the current switch is in, peer-link status, and more.

switch1#show vpc brief

Legend:

(*) - local vPC is down, forwarding via vPC peer-link

 

vPC domain id                     : 1

Peer status                       : peer adjacency formed ok

vPC keep-alive status             : peer is alive

Configuration consistency status  : success

Per-vlan consistency status       : success

Type-2 consistency status         : success

vPC role                          : primary

Number of vPCs configured         : 0

Peer Gateway                      : Disabled

Dual-active excluded VLANs        : -

Graceful Consistency Check        : Enabled

Auto-recovery status              : Enabled (timeout = 240 seconds)

 

vPC Peer-link status

---------------------------------------------------------------------

id   Port   Status Active vlans

--   ----   ------ --------------------------------------------------

1    Po24  up     10,20,30,40


vPC status

----------------------------------------------------------------------------

id     Port        Status Consistency Reason                     Active vlans

------ ----------- ------ ----------- -------------------------- -----------

You can view the status of the keepalives which displays its last status and what interface the keepalive is being sent out of.

switch1#show vpc peer-keepalive

vPC keep-alive status           : peer is alive

--Peer is alive for             : (84224) seconds, (468) msec

--Send status                   : Success

--Last send at                  : 2015.06.02 21:22:15 805 ms

--Sent on interface             : mgmt0

--Receive status                : Success

--Last receive at               : 2015.06.02 21:22:15 781 ms

--Received on interface         : mgmt0

--Last update from peer         : (0) seconds, (875) msec


vPC Keep-alive parameters

--Destination                   : 192.168.1.2

--Keepalive interval            : 1000 msec

--Keepalive timeout             : 5 seconds

--Keepalive hold timeout        : 3 seconds

--Keepalive vrf                 : management

--Keepalive udp port            : 3200

--Keepalive tos                 : 192

The above is a brief description of Cisco vPC on Nexus switches and a general configuration of vPC between two peer switches. I tested this configuration on two Nexus 3524s with a downstream Catalyst 2960X stack. The 2960X stack had two 10GbE uplinks, one to each Nexus.

When one of the Nexus switches loses its uplink, connectivity was maintained through the other Nexus through the vPC peer link.

If one Nexus was to fail completely, the secondary Nexus would change its role to primary for the vPC domain.

I’m still learning a lot about vPC in my lab which includes more complex designs. If you’d like to provide any input or maybe if there’s an error in my text above, please let me know in the comments below.

Useful vPC Resources

http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/design_guide_c07-625857.html

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_vpc_ops.html

http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf