25 Aug

vPC peer-link on Nexus switches

On Catalyst 6500 platform we had VSS technology that provides redundancy of uplinks with single spanning-tree point. Pair of Nexus switches cannot be one logical devices but with vPC technology those can act as singe spanning-tree point. Idea of redundancy is pretty much similar – downstream switch have two bundled uplinks, one to each uplink switches. If one of links of switches fails traffic is still forwarded using second link. This technology on Nexus switches is called vPC (Virtual PortChannel).

Configuration is pretty simple. All we have to have are two 10Gbit ports that will be used as peer-link between pair of switches and Layer 3 port on each switches that will be used to send keepalives. OOB Management ports can be utilized, because switches doesn’t have to be directly connected, this is only recommended if single supervisor is in each of them.
Configuration of vPC is simple. vPC feature have to be enabled on both switches, then port channel between pair of Nexus switches have to be created and set as vps peer-link and vPC domain have to be configured. Port-channel 10 is example how vPC port-channel is terminated on pair of switches – it is identified by vpc id.

Configuration on N7K-SW1:

feature vpc

vpc domain 1
  role priority 2000
  peer-keepalive destination 1.1.1.2

interface port-channel1
  vpc peer-link

interface port-channel10
  vpc 10

Configuration on N7K-SW2

feature vpc

vpc domain 1
  role priority 5000
  peer-keepalive destination 1.1.1.1

interface port-channel1
  vpc peer-link

interface port-channel10
  vpc 10

With configuration like that we have redundancy provided but still have two STP points.

N7K-SW1# show spanning-tree vlan 12

VLAN0012
  Spanning tree enabled protocol rstp
  Root ID    Priority    12
             Address     a8b1.d457.ccc1
             This bridge is the root
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    12     (priority 0 sys-id-ext 12)
             Address     a8b1.d457.ccc1
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po10             Desg FWD 1         128.4105 (vPC) P2p Peer(STP) 
Eth4/1           Desg FWD 2         128.513  P2p 
N7K-SW2# sh spanning-tree vlan 12

VLAN0012
  Spanning tree enabled protocol rstp
  Root ID    Priority    12
             Address     a8b1.d457.ccc1
             Cost        1
             Port        4096 (port-channel1)
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4108   (priority 4096 sys-id-ext 12)
             Address     0026.982e.55c1
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Root FWD 1         128.4096 (vPC peer-link) Network P2p 
Po10             Desg FWD 1         128.4105 (vPC) P2p 

With NX-OS 5.0 and later this can be changed. Cisco introduced vPC peer-switch feature which allows pair of switches to act as a single STP point. This will make STP topology simpler and reduce convergence during primary vPC switch failure.

Configuration on N7K-SW1:

vpc domain 1
  peer-switch
  role priority 2000
  peer-keepalive destination 1.1.1.2

spanning-tree vlan 1-3967,4048-4093 priority 0

Configuration on SW2

vpc domain 1
  peer-switch
  role priority 5000
  peer-keepalive destination 1.1.1.2

spanning-tree vlan 1-3967,4048-4093 priority 0

On both switches spanning-tree priority is set to 0 so both switches can act as a STP root for all VLANs

N7K-SW1# sh spanning-tree vlan 12

VLAN0012
  Spanning tree enabled protocol rstp
  Root ID    Priority    12
             Address     0023.04ee.be01
             This bridge is the root
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    12     (priority 0 sys-id-ext 12)
             Address     0023.04ee.be01
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Desg FWD 1         128.4096 (vPC peer-link) Network P2p 
Po10             Desg FWD 1         128.4105 (vPC) P2p Peer(STP) 
Eth4/1           Desg FWD 2         128.513  P2p 

N7K-SW2# sh spanning-tree vlan 12

VLAN0012
  Spanning tree enabled protocol rstp
  Root ID    Priority    12
             Address     0023.04ee.be01
             This bridge is the root
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    12     (priority 0 sys-id-ext 12)
             Address     0023.04ee.be01
             Hello Time  2  sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1              Root FWD 1         128.4096 (vPC peer-link) Network P2p 
Po10             Desg FWD 1         128.4105 (vPC) P2p 

For uplinks that not utilize vPC technology spanning-tree pseudo-information will be used to ensure STP consistency.

7 thoughts on “vPC peer-link on Nexus switches

  1. Hi, I you are using vpc peer switch feature, the stp priority should be different on two peers. Please check config guide for this. Cheers
  2. Actually I meant to say the opposite. I mean if you are NOT using peer switch feature, it is best to set different STP priorities to match vPC Primary role and etc. Cheers. Dumlu
  3. Actually, you need to consider the rest of the environment before categorically stating both should be zero or they should have different values. If for example, HSRP is being used, the STP root should be the same as the primary HSRP peer.
  4. Hello, I have an environment with two Nexus 5k in version 5.1 (3) N2 (1). I do not have the option to configure the peer-switch in a domain. This is a Bug? Can you help?
  5. Francisco, I think peer-switch feature came on Nexus 5k on version 5.2(1)N1 or later... check Cisco website you should upgrade if you want to use it

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: