Cisco Nexus Virtual Port-Channel (vPC) Overview

The Nexus 7000 and 5000 series switches the take port-channel functionality to the next level by enabling links connected to different devices to aggregate into a single, logical link. This technology was introduced in NX-OS version 4.1(4) and is called virtual Port Channel. In addition to link redundancy provided by port-channels, vPCs offer some additional benefits:

  •  Device level redundancy with faster convergence than multiple port-channels using traditional Spanning Tree
  • Further elimination of spanning tree blocked ports by providing a loop-free topology
  • Better bandwidth utilization

vPCs are configured by associating two Nexus devices into a vPC domain. Within the vPC domain, information is exchanged between vPC peers across two special links:

  •  vPC peer-keepalive link: Provides heartbeating between vPC peers to ensure that both devices are online, and also to avoid active/active or split-brain scenarios that could introduce loops into the vPC topology. The vPC peer-keepalive link can be either 1 Gbps or 10 Gbps.
  • vPC peer link: Used to exchange state information between the vPC peers and also provides additional mechanisms that can detect and prevent split-brain scenarios.

Some other terminology that you must understand for vPCs follows:

  •  vPC link: A link configured as a vPC on the Nexus. The downstream device sees the vPC link as a normal port-channel.
  • vPC Role: Each of the members of a vPC domain participates in an election to determine the primary and secondary devices in the vPC domain. Only the vPC operational primary devices generate and receive BPDUs. This election can be manipulated by way of a role priority, which is defined under the vPC domain configuration mode.
  • Orphan Port: An orphaned port is a link that is not configured as a vPC link that is carrying a VLAN present on a vPC link, or the vPC peer-link. Orphan ports should generally be avoided if possible. Orphan ports can be displayed by using the show vpc orphan-ports command. Orphan ports can be avoided by keeping the vPC domain “pure,” which is to say that all devices are dual homed to both members of the vPC domain with vPC links.

Three things worth noting here are –

  • Port-channels configured as vPCs can be used only as Layer 2 links, and no dynamic routing protocol should be used across the link.
  • On the Nexus 7000, the mgmt0 interface can be used as the vPC peer-keepalive link but should be avoided if at all possible. On the Nexus 7000, the mgmt0 is actually a logical interface representing the physical management port of the active supervisor. During processes such as supervisor switchover during hardware failure or In-Service Software Upgrades (ISSU), the physical link supporting the mgmt0 interface might change, causing a disruption of the keepalive messages. By using normal switch interfaces, additional levels of redundancy in the port-channels can be used. If the mgmt0 interface is used as the peer-keepalive link, it is critical to ensure that all physical management ports are connected to an external device, such as a management switch.
  • On the Nexus 7000, interfaces that are members of the vPC peer-link must be 10-GbE ports, and it is recommended that they are in dedicated rate-mode if they reside on an M1 card.

vPC Peer-Gateway

The vPC Peer-Gateway feature was introduced in NX-OS 4.2(1). This feature is designed to enable certain storage, application servers, or load balancers to implement fast-path functionality. This causes nodes to send return traffic to a specific MAC address of the sender rather than HSRP address. By default, this traffic might be dropped as vPC loop avoidance does not enable traffic received on a vPC peer-link to be forwarded out a vPC interface (loop avoidance). A vPC Peer-Gateway enables the vPC peer device to forward packets destined for its peer router MAC locally.

vPC Peer-Switch

vPC creates an environment in which two devices are seen as a single device for purposes of Etherchannel. Peer-Switch extends this to make the vPC domain appear as a single spanning tree domain to the entire topology. To accomplish this, the switches in a vPC domain synchronize their Bridge IDs; both generate BPDUs. For this to completely work, the Priorities contained within those BPDUs must match on both switches

Below is configuration example required to make vPC work for you –

1. Enable the vPC feature on each vPC peer:

! Nexus-1

Nexus-1# conf t

Enter configuration commands, one per line. End with CNTL/Z.

Nexus-1

Nexus-1(config)# feature vpc

Nexus-1(config)# exit

! Nexus-2

Nexus-2(config)# feature vpc

Nexus-2(config)# exit

2. Create VRF for the vPC keepalive link:

! Nexus-1

Nexus-1(config-if)# vrf context vpc-keepalive

Nexus-1(config-vrf)# exit

! Nexus-2

Nexus-2(config)# vrf context vpc-keepalive

Nexus-2(config-vrf)# exit

! Nexus-1

Nexus-1(config)# int ethernet 2/47

Nexus-1(config-if)# vrf member vpc-keepalive

Nexus-1(config-if)# ip address 1.1.1.1 255.255.255.252

Nexus-1(config-if)# no shutdown

Nexus-1(config-if)# exit

Nexus-1(config)# exit

 

! Nexus-2

Nexus-2(config)# interface ethernet 2/48

Nexus-2(config-if)# no switchport

Nexus-2(config-if)# vrf member vpc-keepalive

Nexus-2(config-if)# ip address 1.1.1.2 255.255.255.252

Nexus-2(config-if)# no shutdown

Nexus-2(config-if)# exit

Nexus-2(config)# exit

 

! Nexus-1

Nexus-1(config-if)# vrf context vpc-keepalive

Nexus-1(config-vrf)# exit

 

! Nexus-2

Nexus-2(config)# vrf context vpc-keepalive

Nexus-2(config-vrf)# exit

 

! Nexus-1

Nexus-1(config)# int ethernet 2/47

Nexus-1(config-if)# vrf member vpc-keepalive

Nexus-1(config-if)# ip address 1.1.1.1 255.255.255.252

Nexus-1(config-if)# no shutdown

Nexus-1(config-if)# exit

Nexus-1(config)# exit

 

! Nexus-2

Nexus-2(config)# interface ethernet 2/48

Nexus-2(config-if)# no switchport

Nexus-2(config-if)# vrf member vpc-keepalive

Nexus-2(config-if)# ip address 1.1.1.2 255.255.255.252

Nexus-2(config-if)# no shutdown

Nexus-2(config-if)# exit

3. Verify connectivity of the vPC peer keepalive link:

 Nexus-1# ping 1.1.1.2 vrf vpc-keepalive

Recommended Reading -

Also don’t forget to use and rate our DNS Troubleshooting tools