Configure vPC in Eve with Nexus 9000v

Moderator: mike

kluuter
Posts: 11
Joined: Tue Mar 21, 2017 7:27 am

Configure vPC in Eve with Nexus 9000v

Post by kluuter » Mon Jul 31, 2017 2:28 pm

Hi all,

According to this Cisco page: http://www.cisco.com/c/en/us/td/docs/sw ... 43DAFA1ACD

vPC (Virtual Portchannel) should be working in Release 7.0(3)I5(2) and 7.0(3)I6(1), I'm using the last one and can't get it working...
I keep getting messages on console like; "%L2FM-2-L2FM_INVALID_PORT_NUM: Invalid port num 2, max_ports 0"
Has someone tried to configure a vPC within Eve-NG already?

See also my setup:
Image

Images used:

NXOS: 7.0(3)I6(1)
IOU L2: i86bi-linux-l2-adventerprisek9-15.2d.bin
IOU L3: i86bi-linux-l3-adventerprisek9-15.4.2T.bin

kluuter
Posts: 11
Joined: Tue Mar 21, 2017 7:27 am

Re: Configure vPC in Eve with Nexus 9000v

Post by kluuter » Tue Aug 08, 2017 4:35 pm

Hi all, VPC is working!! :geek:

Seems there is a problem with creating a portchannel between Nexus 9000v and IOU.
So i changed the topology, replaced IOU with 2 Nexus 9000v appliances and it works:

Image

Code: Select all

N7K-1# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 30
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : primary
Number of vPCs configured         : 2
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router    : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id    Port   Status Active vlans
--    ----   ------ -------------------------------------------------
1     Po1    up     100


vPC status
----------------------------------------------------------------------------
Id    Port          Status Consistency Reason                Active vlans
--    ------------  ------ ----------- ------                ---------------
10    Po10          up     success     success               100



20    Po20          up     success     success               100




Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.

Code: Select all

N7K-2# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 30
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : secondary
Number of vPCs configured         : 2
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router    : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id    Port   Status Active vlans
--    ----   ------ -------------------------------------------------
1     Po1    up     100


vPC status
----------------------------------------------------------------------------
Id    Port          Status Consistency Reason                Active vlans
--    ------------  ------ ----------- ------                ---------------
10    Po10          up     success     success               100



20    Po20          up     success     success               100




Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.

Code: Select all

N5K-1# show port-channel summary
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        b - BFD Session Wait
        S - Switched    R - Routed
        U - Up (port-channel)
        p - Up in delay-lacp mode (member)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
10    Po10(SU)    Eth      LACP      Eth1/3(P)    Eth1/4(P)

Code: Select all

N5K-2# show port-channel summary
Flags:  D - Down        P - Up in port-channel (members)
        I - Individual  H - Hot-standby (LACP only)
        s - Suspended   r - Module-removed
        b - BFD Session Wait
        S - Switched    R - Routed
        U - Up (port-channel)
        p - Up in delay-lacp mode (member)
        M - Not in use. Min-links not met
--------------------------------------------------------------------------------
Group Port-       Type     Protocol  Member Ports
      Channel
--------------------------------------------------------------------------------
20    Po20(SU)    Eth      LACP      Eth1/3(P)    Eth1/4(P)
Configuration:

N7K-1:

Code: Select all

feature lacp
feature vpc

vlan 100
  name LAN

vpc domain 30
  role priority 10
  peer-keepalive destination 10.0.20.2 source 10.0.10.2


interface port-channel1
  switchport mode trunk
  switchport trunk allowed vlan 100
  spanning-tree port type network
  vpc peer-link

interface port-channel10
  switchport mode trunk
  vpc 10

interface port-channel20
  switchport mode trunk
  vpc 20

interface Ethernet1/1
  switchport mode trunk
  switchport trunk allowed vlan 100
  channel-group 1 mode active

interface Ethernet1/2
  switchport mode trunk
  switchport trunk allowed vlan 100
  channel-group 1 mode active

interface Ethernet1/3
  switchport mode trunk
  channel-group 10 mode active

interface Ethernet1/4
  switchport mode trunk
  channel-group 20 mode active
N7K-2:

Code: Select all

feature lacp
feature vpc

vlan 100
  name LAN

vpc domain 30
  role priority 20
  peer-keepalive destination 10.0.10.2 source 10.0.20.2

interface port-channel1
  switchport mode trunk
  switchport trunk allowed vlan 100
  spanning-tree port type network
  vpc peer-link

interface port-channel10
  switchport mode trunk
  vpc 10

interface port-channel20
  switchport mode trunk
  vpc 20

interface Ethernet1/1
  switchport mode trunk
  switchport trunk allowed vlan 100
  channel-group 1 mode active

interface Ethernet1/2
  switchport mode trunk
  switchport trunk allowed vlan 100
  channel-group 1 mode active

interface Ethernet1/3
  switchport mode trunk
  channel-group 10 mode active

interface Ethernet1/4
  switchport mode trunk
  channel-group 20 mode active

ecze
Posts: 533
Joined: Wed Mar 15, 2017 1:54 pm

Re: Configure vPC in Eve with Nexus 9000v

Post by ecze » Wed Aug 09, 2017 12:17 am

Screen Shot 2017-08-09 at 02.14.52.png
Seems LACP not very compatible between nxos and other node type

So I did channel between IOL and Nexus in mode forced ( mode on )

This way works nicely....

E.
You do not have the required permissions to view the files attached to this post.

kluuter
Posts: 11
Joined: Tue Mar 21, 2017 7:27 am

Re: Configure vPC in Eve with Nexus 9000v

Post by kluuter » Wed Aug 09, 2017 9:37 am

ecze wrote:
Wed Aug 09, 2017 12:17 am
So I did channel between IOL and Nexus in mode forced ( mode on )
Tried without using LACP but no succes, now I'm thinking about it that was IOSvL2 not IOU.
I'll give it a try with IOU, thanks for your reply!

stevenjwilliams83
Posts: 77
Joined: Mon Mar 20, 2017 1:53 pm

Re: Configure vPC in Eve with Nexus 9000v

Post by stevenjwilliams83 » Wed Aug 09, 2017 3:55 pm

Does this work with titanium 7.3 image of NX-OS or just the 9K image?

ecze
Posts: 533
Joined: Wed Mar 15, 2017 1:54 pm

Re: Configure vPC in Eve with Nexus 9000v

Post by ecze » Wed Aug 09, 2017 4:57 pm

POC

LACP is not compliant -> using static port-channel + UDLD


VPCPOC.zip
Screen Shot 2017-08-09 at 18.57.05.png
You do not have the required permissions to view the files attached to this post.

stevenjwilliams83
Posts: 77
Joined: Mon Mar 20, 2017 1:53 pm

Re: Configure vPC in Eve with Nexus 9000v

Post by stevenjwilliams83 » Thu Aug 10, 2017 12:45 pm

I dont understand why vPC works with the 9k NXOS image but not the titanium image? Anyone have an idea?

vkukshal03
Posts: 25
Joined: Fri Mar 24, 2017 9:38 am

Re: Configure vPC in Eve with Nexus 9000v

Post by vkukshal03 » Thu Aug 10, 2017 4:41 pm

Please let me know which IOU image has been used ???

Thanks in advance.

vkukshal03
Posts: 25
Joined: Fri Mar 24, 2017 9:38 am

Re: Configure vPC in Eve with Nexus 9000v

Post by vkukshal03 » Thu Aug 10, 2017 5:49 pm

stevenjwilliams83 wrote:
Thu Aug 10, 2017 12:45 pm
I dont understand why vPC works with the 9k NXOS image but not the titanium image? Anyone have an idea?
It will not work as VPC require LACP feature to be enabled,,, you can enable vpc in Titanium image, but you cannot enable LACP there , hence NO VPC , hope it will answer you question.

ecze
Posts: 533
Joined: Wed Mar 15, 2017 1:54 pm

Re: Configure vPC in Eve with Nexus 9000v

Post by ecze » Thu Aug 10, 2017 7:09 pm

vkukshal03 wrote:
Thu Aug 10, 2017 5:49 pm
stevenjwilliams83 wrote:
Thu Aug 10, 2017 12:45 pm
I dont understand why vPC works with the 9k NXOS image but not the titanium image? Anyone have an idea?
It will not work as VPC require LACP feature to be enabled,,, you can enable vpc in Titanium image, but you cannot enable LACP there , hence NO VPC , hope it will answer you question.
Well,

Using NXOS9K and IOL L2...
TITANIUM doesn't support Port-channel at all !!!

There is theory and there is the field......

VPC require port-channel and a symmetry of channel config between Nexus nodes....

LACP help because failure detection is provided by sort of keepalive packet sent by LACP members but it is not mandatory at all !!!
Yes Cisco guide use LACP in every example...
But here we have to be smart and build ourselves a way to detect link failure....

So VPC works with Static Port-Channels and for failure detection, using UDLD aggressive mode permit to shut ports on both ends.

That's the way I used to build a working VPC with NXOS9K and IOL L2

E.

Post Reply