If you thought you were in for another run-of-the-mill tutorial, think again. This isn’t just another PowerPoint presentation or a mind-numbing configuration guide. No, my friend, this is a cautionary tale about routing and vPC that will open your eyes to the potential pitfalls you may encounter.
Picture this: it’s 2017, and you and your colleague are tasked with installing a new pair of Nexus switches in a production data center. Simple enough, right? Well, not quite. You soon realize that the vPC attached routers and firewalls aren’t peering with the switches as expected. The routers are up, and you can ping them, but the OSPF peering is unstable. It’s like hitting a roadblock you didn’t anticipate.
Let me take you through a lab demo to illustrate what was happening. We’ve got a pair of Nexus 9000 switches with vPC configured, and everything seems normal. Switch-1 is peering with three different neighbors, including Switch-2, which is experiencing some issues. The two routers connected to Switch-2 are stuck in an INIT and EXSTART loop. It’s a perplexing situation that had us scratching our heads for hours on end.
But fear not, there is a solution. After days of research and testing, we finally cracked the code. To understand the root cause of this problem, let’s do a quick review of LAGs (Link Aggregation Groups) and vPC.
A LAG is simply a bundle of physical links that connect two devices, where each flow of traffic is assigned to one of the links. On the other hand, vPC takes LAGs to the next level by involving two Nexus switches. But here’s the catch: sometimes traffic meant for one switch arrives on the other switch. This happens because Switch-2 can respond on behalf of Switch-1 due to a feature called peer-gateway.
Now, let’s dig deeper into how routing protocols interact with vPC. Routing protocols, aside from BGP, expect routers to be directly connected. To enforce this, packets are sent with a TTL (Time to Live) of 1. During the process of forming neighbors, multicast and unicast packets are exchanged. If Switch-2 receives packets meant for Switch-1, it naturally decrements the TTL. When the TTL reaches zero, the packet is discarded, leading to incomplete neighbor relationships.
So how do we solve this problem? Well, it depends on the topology you’re working with. If the routers want to peer with each other and are connected to the switches with vPC, you’re in luck. This scenario works because the routers are connected at Layer 2, and the switches don’t decrement the TTL of the peering traffic.
But what if you want the switches to participate in dynamic routing? In that case, the router shouldn’t use vPC but instead be connected to an orphan port. If you want to peer with both switches, you might need to add an additional layer-2 inter-switch link, but consult the Routing over vPC document for your specific platform.
Alternatively, you can take a hybrid approach. In this setup, a router peers with one or both switches over an orphan port while still being able to peer with the vPC-connected router. Another option is to change the links to routed ports using the no switchport command, which allows the routers to peer with the switches.
Now, let’s tackle a more complex situation. Imagine you have a cluster of ASA’s that you want to attach using VSS or vPC. In this case, you might consider whether you really need dynamic routing. If the cluster is on the edge of the network, a default outbound route and some static inbound routes might suffice. But if dynamic routing is a must, running BGP could be an option, although it may require tuning and redistribution into another routing protocol.
However, there’s one final option that can work like magic. By adding the ‘layer3 peer-router’ command to the vPC configuration on both sides, you enable vPC connected routers to peer with the switches. This simple solution is not without its limitations, so ensure you have the right NXOS version and consider any hardware constraints.
So there you have it, a guide to avoiding routing issues with Nexus vPC. I hope these insights will help you navigate the challenges I faced at the beginning of this tale. For further exploration of vPC, I recommend checking out the ‘How vPC Works’ and ‘vPC Configuration’ videos. And if you’re hungry for even more knowledge, head over to Techal, where you’ll find a wealth of informative content.
Remember, the key to success in the world of routing and vPC lies in understanding the nuances and finding creative solutions. Embrace the challenge and let your expertise shine as you guide your network towards seamless connectivity.
