Cisco vPC Best Practices and Failure Scenarios

Cisco vPC Best Practices and Failure Scenarios

Cisco's Virtual Port Channel (vPC) technology is developed for Cisco NX-OS software for Cisco Nexus switches like Nexus 7000, Nexus 5000 (with or without Fabric Extender Nexus 2000), etc. Port-channel technology (IEEE 802.3ad) is defined in which multiple links between two devices are bundled to form a single logical link. This logical link can be used to forward traffic by using a load-balancing algorithm that equally balances traffic across the physical links. It has one limitation that it operates only between two devices. Thus, it is not hardware-failure-proof.

In vPC, a pair of switches acting as vPC peer endpoints look like a single entity to port-channel-attached devices, although the two devices that act as logical port-channel endpoint are still two separate devices. This provides hardware redundancy with port-channel benefits. Both switches form a vPC Domain, in which one vPC switch is Primary while the other is secondary.

vPC Best Practices

Cisco recommends following best practices for vPC configurations:

    • Two Nexus 7000 switches must be connected through 2 redundant 10G Ethernet links for forming peer-link between vPC peers.
    • The two interfaces of the peer-link must come from two different line card and should be part of a port-channel running in trunk mode.
    • The vPC peer link (the port-channel connecting vPC peers) must preferably carry only vPC VLANs used by vPC member ports.
    • The vPC peer keepalive link must not be directly connected between vPC peer devices.
    • mgmt 0 interface can be used for routed vPC peer keepalive link to avoid dual-active scenarios. This peer keepalive link can be connected to the out-of-band management network.
    • The vPC peer keepalive traffic should not be carried over vPC peer link.
    • An additional Layer 2 trunk link must be configured between vPC peer devices to carry non-vPC VLANs, or consider using dual-active exclude interface-vlan <non-vPC-VLAN-list> to decouple SVI status from peer-link failure.
    • Spanning-tree primary Root Bridge and vPC primary must match.

Figure 1 shows a sample diagram with above recommendations followed.

Figure 1. Sample Network Topology using vPC

Failure Scenarios

In figure 1, VLANs 10 & 20 are non-vPC VLANs, while VLANs 40, 50, 60 & 70 are vPC VLANs.

Scenario 1: