Quick Intro
As usual, I’m adding a short intro because I think it needs to be here. So, what is vPC technology for Cisco Nexus switches? It allows two switches to appear
as a single logical switch to connected devices. This setup enables high availability, load balancing, and redundancy without the complexity of spanning tree protocols (STP). More general term used in the industry is MC-LAG, almost every vendor nowadays has it own flavor of this technology implemented in their software. For my case I needed this because I’m planning to use dual-homed endpoints connected to leaf switches in my topology
Here is my first pair of switches (similar configuration will be added to the other pairs):
So, first of all, vPC has some connection requirements. It has to have vPC peer link and vPC keepalive link
- vPC keepalive link – will run periodic heartbeat between vPC peers to ensure they’re still up and running. There are multiple ways to connect vPC keepalive link, in my case I’m going to use dedicated MGMT network.
- vPC peer-link – will run CFS (Cisco Fabric Services) protocol responsible for the validation and consistency between vPC peers, including synchronization, etc.
Configuration template used for the base vPC configuration:
- dc01-r01-leaf01
!
feature vpc
!
vpc domain 1
peer-switch
role priority 100
system-mac aa:bb:cc:dd:ee:01
system-priority 1024
peer-keepalive destination 192.168.100.2 source 192.168.100.1 vrf management
peer-gateway
layer3 peer-router
auto-recovery
ip arp synchronize- dc01-r01-leaf02
!
feature vpc
!
vpc domain 1
peer-switch
role priority 200
system-mac aa:bb:cc:dd:ee:01
system-priority 1024
peer-keepalive destination 192.168.100.1 source 192.168.100.2 vrf management
peer-gateway
layer3 peer-router
auto-recovery
ip arp synchronizeConfiguration breakdown:
- feature vpc – enables vPC feature on the platform
- vpc domain – enters vPC configuration mode and assigns specific ID, which should be the same for both peers.
- peer-switch – helps a pair of switches act as a single entity within the STP domain, where a secondary peer will never proxy BPDUs back to the primary
- role priority – defines roles for the switches, primary or secondary within the vPC pair, lower is better
- system-mac, used to identify the vPC pair, should be configured on both switches. As soon as it is unique, it can be artificially crafted.
- system-priority – manually defining system priority to form LACP
- peer-keepalive – responsible for the peer-keepalive link configuration. In my case, it will be running over the mgmt interface within the default vrf management
- peer-gateway – allows any vPC switch in the pair to act as an active gateway for the traffic addressed to his peer’s MAC address.
- layer3 peer-router – enabled routing over vPC peer link
- auto-recovery – ensures that vPC will recover after peer-link failure
- ip arp synchronize – reduces convergence time and ensure that arp table is in sync between peers
The CLI output after the initial configuration:
dc01-r01-leaf01# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer link not configured
vPC keep-alive status : peer is alive
Configuration consistency status : failed
Per-vlan consistency status : failed
Configuration inconsistency reason: vPC peer-link does not exist
Type-2 consistency status : failed
Type-2 inconsistency reason : vPC peer-link does not exist
vPC role : none established
Number of vPCs configured : 0
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer configuration)
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : DisabledNow I need to configure peer-link using E1/14 and E1/15 network interfaces:
!
feature lacp
!
interface Ethernet1/14
description Peer-Link
lacp rate fast
switchport
switchport mode trunk
channel-group 4096 mode active
no shutdown
!
interface Ethernet1/15
description Peer-Link
lacp rate fast
switchport
switchport mode trunk
channel-group 4096 mode active
no shutdown
!
interface port-channel4096
description Peer-Link
switchport
switchport mode trunk
vpc peer-linkAfter adding vPC peer-link configuration previous output will show completion of the vPC configuration:
dc01-r01-leaf01# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Enabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po4096 up 1 At the end of this section, we assume that the rest of the leaf pair are configured as vPC peers with their own unique mac addresses and vPC domain IDs.
Yet another Blog 
Leave a comment