Hi Guys
Wow I learn more about vPC day after day, anyone would think I am trying to go for my CCIE DC or something ;)
Anyway, today i learnt the importance of making ABSOLUTELY SURE your vPC peers have near identical configurations, especially in relation to routing.
I had a situation where traffic from a particular host to particular destinations was failing, i had two nexus 5k's setup connecting to Cisco UCS Fabric interconnects, now as per all best practice documents I had vPC from my UCS A to both Nexus 5k's and vPC from my UCS B to both Nexus 5k's
So, the two 5k's where configured for VRRP, one was the master, one was the secondary, the default gateway for everyone was the VRRP Master
The host itself as i mentioned could ping its default gateway (hooray!) but could only ping certain hosts in the subnet.
The issue ended up being the routing table on nexus B, even though that switch Nexus B was NOT the VRRP master, traffic was still being routed through it, and since it had no route to particular destinations it had issues, why? Because vPC when combined with HSRP or VRRP will allow the NON VRRP master to "spoof" that it is the VRRP master to avoid traffic having to flow unnecessairly over the vPC Peer Link.
Could you post a snip of the config for the 5Ks?
ReplyDeleteA basic vPC config and a L3 interface enabled with any FHRP (HSRP/VRRP/GLBP) will do. That is the default behaviour of vPC with FHRPs: the standby peer spoofs the Virtual MAC, so traffic is sent to it and it forwards it northbound, like Peter said, without using the Peer Link.
DeleteEven more, if you configure "peer-gateway" under your vpc domain, the standby peer will not only spoof for the Virtual MAC, but also for the MAC of the Active peer's interface!