Cisco’s vPC is a virtual port-channel which allows links physically connected to two different switches to appear as a single device to a downstream device as part of a single port-channel.
To learn more, I recommend reading NX-OS and Cisco Nexus Switching by Ron Fuller, David Jansen, and Matthew McPherson.
A vPC is configured on a Cisco Nexus switch and allows Layer 2 port-channels from a downstream device to span two separate switches.
vPC consists of two vPC peer switches connected by a vPC peer link. One switch is primary and the other is secondary. A vPC domain is formed by both Nexus switches. A Nexus can only be part of one vPC domain and only two switches can make up a vPC domain.
vPC peer link creates a single control plane which forwards BPDUs or LACP packets from the primary vPC switch to the secondary vPC switch. A vPC peer link is formed into a port-channel which can be a maximum of 16 ports but at a minimum it should be 2 ports. The peer link synchronizes MAC addresses and STP BPDUs.
In addition to the vPC peer link, there is a peer keepalive link which monitors the vPC peer switch. A keepalive link can be configured using the management interface or through an SVI. There is no data sent over this link. It’s sole purpose is for vPC keepalives.
A vPC port is a port assigned to a vPC channel group. Ports part of the vPC are split between the vPC peers.
Components of a vPC
- One primary switch and one secondary switch (vPC peers)
- Layer 3 link for peer-keepalives (resolves dual-active scenarios)
- Redundant port channel for a peer link between vPC peers.
- vPC port members forming a the virtual Port Channel.
Configuration
Connect each switch together to create a vPC peer link. You need two 10 GbE interfaces.
Connect the management interfaces to each switch to form the vPC keepalive link. You lose out on using the management interface. In my scenario, these two Nexus switches will be racked together.
Enable the vPC feature.
conf t feature vpc
Configure the management interfaces.
switch1(config)#interface mgmt0 switch1(config-if)#ip address 192.168.1.1/30 switch1(config-if)#vrf member management switch2(config)#interface mgmt0 switch2(config-if)#ip address 192.168.1.2/30 switch2(config-if)#vrf member management
Create the port-channel interface for the vPC peer link.
interface po24 switchport mode trunk
Add the vPC peer link interfaces as a member of the port-channel.
interface e1/22-23 channel-group 24 mode active
Now we convert the port-channel into a vPC peer link.
interface po24 vpc peer-link
The switch will convert the port-channel into a network port type for spanning-tree.
The only time traffic should go over the vPC peer-link is if the Nexus loses its upstream connection. Connectivity would still be accessible through the peer switch but over the peer-link connection.
Now we will create a vPC domain which needs to be unique in the layer 2 domain. When defining a vPC domain, you must specify the peer keepalive destination and source addresses.
switch1(config)#vpc domain 1 switch1(config-vpc-domain)#peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf management switch2(config)#vpc domain 1 switch2(config-vpc-domain)#peer-keepalive destination 192.168.1.1 source 192.168.1.2 vrf management
Verification
View the running configuration for vPC.
switch1#show run vpc !Command: show running-config vpc !Time: Tue Jun 2 13:19:40 2015 version 6.0(2)A4(1) feature vpc vpc domain 1 peer-keepalive destination 192.168.1.2 source 192.168.1.1 auto-recovery interface port-channel24 vpc peer-link
There are a few options to select from.
switch1#show vpc ? 1-4096 Enter a Virtual Port Channel number > Redirect it to a file >> Redirect it to a file in append mode brief Brief display of vPC status consistency-parameters Show vPC Consistency Parameters orphan-ports Show ports that are not part of vPC but have common VLANs peer-keepalive VPC keepalive status role VPC role status statistics Statistics | Pipe command output to filter
To get a summary of the vPC configuration use show vpc brief. Take note of the vPC domain ID that is used, status of vPC, what role the current switch is in, peer-link status, and more.
switch1#show vpc brief Legend: (*) - local vPC is down, forwarding via vPC peer-link vPC domain id : 1 Peer status : peer adjacency formed ok vPC keep-alive status : peer is alive Configuration consistency status : success Per-vlan consistency status : success Type-2 consistency status : success vPC role : primary Number of vPCs configured : 0 Peer Gateway : Disabled Dual-active excluded VLANs : - Graceful Consistency Check : Enabled Auto-recovery status : Enabled (timeout = 240 seconds) vPC Peer-link status --------------------------------------------------------------------- id Port Status Active vlans -- ---- ------ -------------------------------------------------- 1 Po24 up 10,20,30,40 vPC status ---------------------------------------------------------------------------- id Port Status Consistency Reason Active vlans ------ ----------- ------ ----------- -------------------------- -----------
You can view the status of the keepalives which displays its last status and what interface the keepalive is being sent out of.
switch1#show vpc peer-keepalive vPC keep-alive status : peer is alive --Peer is alive for : (84224) seconds, (468) msec --Send status : Success --Last send at : 2015.06.02 21:22:15 805 ms --Sent on interface : mgmt0 --Receive status : Success --Last receive at : 2015.06.02 21:22:15 781 ms --Received on interface : mgmt0 --Last update from peer : (0) seconds, (875) msec vPC Keep-alive parameters --Destination : 192.168.1.2 --Keepalive interval : 1000 msec --Keepalive timeout : 5 seconds --Keepalive hold timeout : 3 seconds --Keepalive vrf : management --Keepalive udp port : 3200 --Keepalive tos : 192
The above is a brief description of Cisco vPC on Nexus switches and a general configuration of vPC between two peer switches. I tested this configuration on two Nexus 3524s with a downstream Catalyst 2960X stack. The 2960X stack had two 10GbE uplinks, one to each Nexus.
When one of the Nexus switches loses its uplink, connectivity was maintained through the other Nexus through the vPC peer link.
If one Nexus was to fail completely, the secondary Nexus would change its role to primary for the vPC domain.
I’m still learning a lot about vPC in my lab which includes more complex designs. If you’d like to provide any input or maybe if there’s an error in my text above, please let me know in the comments below.
Useful vPC Resources
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_vpc_ops.html
Good post, thank you. Looking forward to test this out with 3524’s myself. Can’t seem to find any official documentation though stating that 3524’s are supposed to support vPC. Do you know if the base license will support it or do we need a different license?
It should work with LAN Base.