Virtual Portchannels

Virtual port-channel is Multichassis link aggregation technology. You can

configured a port-channel connected to two different switches.
Since it is a port-channel advantage here is to avoid spanning tree
blocking ports for any given VLAN that are allowed on that vPC.
Two switches that emulate as a single switch has to part of a new entity
called a Domain ID. These two switches are called vPC peers.
vPC peer-link

vPC peer keepalive

-link
vPC 10

www.silantia.com

Virtual Portchannels

Peer-link: A Layer 2 trunked port-channel between two

Nexus switches that are part of same domain.
In each vPC domain one switch is elected as a primary
and other is secondary. Only 10 Gig ports are supported
as peer-link port-channel member ports.
vPC peer-link ports can reside on F1 series line cards but
it has to be a 10G port, When using M1 32 port line card
for peer-link make sure peer-link ports are in dedicated
rate mode otherwise peer-link wont come up.
Peer-link is used for control functions like synch ARP
tables, MAC address table and IGMP snooping table
between vPC peers.
2

www.silantia.com

Virtual Portchannels

Peer-link keep alive link: This is Layer 3 routed link used for
heartbeat between two vPC peers.
Peer-keepalive uses UDP port 3200 and every one second sends
packet to check health of the peer.
In case peer-link fails peer-keepalive link is used to find out if
other peer is alive and active.
Configuring peer-keepalive in management vrf is best practice
because you do not need to dedicate a1 G port for peer-keepalive
and management port give direct access to CPU for health check.
vPC vlan: Any vlan that is allowed on vpc peer-link is called vPC
vlan.
Peer-keepalive link can be formed using supervisor mgmt ports or
using a routed port on M1 line card.

www.silantia.com

Virtual Portchannels

Consistency parameters: There are some configuration

parameters has to be same on both vPC peers in order
for vPC to work properly.
Some configuration settings has to be same on Global
level and some has to be same at interface level. E.g
MTU settings, Network QoS, Spanning tree mode, etc.
There are two types of consistency parameters
Any type-1 consistency parameter mismatch will
suspend the vPC.
Any type-2 consistency parameter mismatch keeps vpc
up but causes odd forwarding behavior

www.silantia.com

Virtual Portchannels

A vPC port is a port that is assigned to a vPC channel

group. The ports that form the vPC are split between
two vPC peers and are referred to as vPC member ports.
Orphan ports: Any port that is connected to any one
vPC peer and are not port of any vPC is called orphaned
port.

www.silantia.com

Virtual port-channels

Domain ID has to be unique.

It is imp to remember that vPC is layer 2 bundling technology. You
can only configure Layer 2 virtual port-channels and both vpc
peers are two independent routers. No L3 routing information
synchronizes with each other.
NX-OS uses Cisco Fabric Services (CFS) to synchronize the state
information (MAC address table, IGMP snooping database etc)
between vpc peers.
N7010A-Dist# show cfs ?

application

Show locally registered applications

internal

Show internal infomation

lock

Show state of application's logical/physical locks

merge

Show cfs merge information

peers

Show all the peers in the physical fabric

regions

Show all the applications with peers and region information

status

Show current status of CFS

Role priority can be configured to manually elect vPC role. vPC

does not support role preemption. (Primary, Operational
Secondary)

Virtual Portchannels

# 1 Design rule for VPC topologies : Always

dual attach devices to both vpc peers to get
predictable traffic flow. For L3 connections
use routed ports and routing protocols ECMP.

vPC will not allow traffic that was RECEIVED

over a vPC peer-link to be sent out a vPC
member port. This is a vPC loop prevention
logic.

www.silantia.com

Configuring vPC
Step 1: Enabled feature vpc and LACP.
Step 2: Configure vdc Domain and define role priority etc.
Step 3: Configure L3 routed ports for Peer-keepalive link in a
separate VRF. Verify peer-keepalive is working before
proceeding to next step.
Step 4: Configure a Layer 2 LACP portchannel with two 10 Gig
ports as members. Make it as trunk link.
Step 5: Configured this portchannel as vpc peer-link.
Step 6: Configure vPCs with same vPC number on both switches.
Step 7: Verify using show vpc command.
Above steps should be followed in order.

www.silantia.com

Configuring vPC
N7010A-Dist# sh run vpc
feature vpc
Presents both vpc
vpc domain 1
peers as single
switch to access
peer-switch
switches
peer-keepalive destination 10.23.242.225
source 10.23.242.220 vrf management
peer-gateway
ipv6 nd synchronize
ip arp synchronize
interface port-channel1
switchport mode trunk
vpc peer-link
interface port-channel10
vpc 10
Use VRF
management

To enable local
forwarding of
packets destined
to peers MAC
address

N7010B-Dist# sh run vpc

feature vpc
vpc domain 1
peer-switch
peer-keepalive destination
10.23.242.220 source 10.23.242.225
vrf management
peer-gateway
ipv6 nd synchronize
ip arp synchronize
interface port-channel1
switchport mode trunk
vpc peer-link
interface port-channel10
vpc 10
To enable
ARP/ND sych on
both peer
switches for
faster
convergence

Configuring vPC

peer-switch command presents both vPC peers as

single switch to access switches. Emulates same Bridge
ID for BPDUs.
peer-gateway command allows a vPC peer to respond
both the the HSRP virtual and the real MAC address of
both itself and its peer.
vPC primary switch election is based on role priority,
lower priority wins if not, lower system mac wins.
Role determines who will process BPDUs and LACPDUs.

10

www.silantia.com

Monitoring and troubleshooting vPC

show vpc
show vpc peer-keepalive
show vpc orphan-ports

show vpc consistency-parameter global

L2 Ports that are not part of vpc and attached to

only one vpc peer.
Shows global consistency paramters.

show vpc role

Shows who is primary and secondary.

Unsupported vPC topologies

OSPF

OSPF
OSPF

L2
L3
Vpc peer-link
OSPF

OSPF

supporte
d

unsupporte
d

Supported vPC topologies

OSPF

OSPF

L2
L3
Vpc peer-link
OSPF

OSPF

vPC 10

vPC Failure Scenario

When peer-link fails both vPC communicates over peer

keepalive-link to find if it is active. In this case secondary
vPC switch suspends all its interface.
When peerkeepalive-link fails no impact to existing vPC
because peer-link is up.
When peer-link and peer-keepalive link both fails then
both peers enters into a dual active scenario.
When primary switch fails secondary switch assumes role
of primary (operational primary) but when original
primary switch recovers it stays in operational secondary
mode.

Virtual Portchannels

Double sided vPC: In double-sided vPC both the Nexus 7000 and Nexus 5000 switches
run vPC. Each vPC pair of Nexus 5000 switches is connected to the Nexus 7000 vPC pair
using a unique vPC

15

www.silantia.com

Virtual Portchannels and FEX

FEX ports can be a member ports for vPC.

FEX can be dual attached to both vPC peers.

16

www.silantia.com

Enhanced vPC
FEX is dual attached to each Nexus 5500 and Severs are also dual attached to
both FEX with active active NIC teaming.

Logically a similar HA model to that currently provided by dual supervisor based modular
switch.

Full redundancy for supervisor, linecard, fabric via vPC and cable or NIC failure via Portchanneling.

17

www.silantia.com

vPC+
vPC can be used in conjunction with fabricpath which
allowes servers to be connected to two fabricpath
enabled switches.
Configure vPC peer-link in fabricpath mode.
interface po 10
switchport mode fabricpath
Both switches emulates a new switch id.
vpc domain 70
fabricpath switch-id 70
Hence converting from vPC to vPC+ is distruptive
process because it requires peer-link to be
reconfigured.

18

www.silantia.com

vPC and vPC+

Q & A.

19

www.silantia.com