Cisco Nexus 5000 Troubleshooting Guide
Troubleshooting Virtual Port Channel Issues
Downloads: This chapterpdf (PDF - 126.0KB) The complete bookPDF (PDF - 3.24MB) | Feedback

Troubleshooting Virtual Port Channel Issues

Table Of Contents

Troubleshooting Virtual Port Channel Issues

Improper Configurations

vPC fails to start

Unable to configure vPC

vPC in blocking state

vPC domain ids

Connectivity issues

Peer-link issues

vPC Consistency parameter issues


Troubleshooting Virtual Port Channel Issues


A virtual port channel (vPC) allows links that are physically connected to two different Cisco Nexus 5000 Series switches to appear as a single port channel to a third device. The third device can be a switch, server, or any other networking device. A vPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bandwidth, enabling multiple parallel paths between nodes and load-balancing traffic where alternative paths exist.

This chapter describes how to identify and resolve problems that can occur with vPC in the Cisco Nexus 5000 Series switch.

This chapter includes the following section:

Improper Configurations

Improper Configurations

vPC fails to start

This issue may have many possible causes:

Unable to configure vPC

vPC in blocking state

vPC domain ids

Connectivity issues

Peer-link issues

vPC Consistency parameter issues

Unable to configure vPC

Possible Cause

vPC is not enabled or is not supported in the NX-OS release of software that you are running.

Solution

Ensure that the NX-OS release supports vPC. vPC is supported in NX-OS Release 4.1 and later releases. If the NX-OS release supports vPC, then use the command feature of vPC to enable it.

vPC in blocking state

Possible Cause

A bridge protocol data unit (BPDU) only sends data on a single link of a port channel. If a bridge assurance (BA) dispute is detected, then vPC moves into a blocking state.

Solution

Do not enable bridge assurance on the vPC link: because of the following:

Cannot be used on a spanning tree port type network.

Prevents you from encountering ISSU issues. Bridge assurance should only be enabled on the vPC peer link.

vPC domain ids

Possible Cause

The vPC domain IDs of two switches do not match.

Solution

Compare the vPC domain IDs of the two switches and ensure that they match.

Example:

 
   
switch1# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
 
   
vPC domain id                   : 500 
Peer status                     : peer link is down             
vPC keep-alive status           : Suspended (Destination IP not reachable)
Configuration consistency status: success 
vPC role                        : secondary, operational primary
Number of vPCs configured       : 4   
Peer Gateway                    : Disabled
Dual-active excluded VLANs      : -
 
   
vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po500  down   -  
 
   
 
   
switch2# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
 
   
vPC domain id                   : 1   
Peer status                     : peer link is down             
vPC keep-alive status           : Suspended (Destination IP not reachable)
Configuration consistency status: success 
vPC role                        : primary                       
Number of vPCs configured       : 4   
Peer Gateway                    : Disabled
Dual-active excluded VLANs      : -
 
   
vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po500  down   - 
 
   
 
   

The two switches in this example have different vPC domain IDs. The vPC domain IDs of these Nexus switches must be changed to match. This can be done by entering configuration commands, one per line, and ending each with Cntl + Z.

 
   
 
   
switch2(config)# vpc domain 500
Changing domain id will flap peer-link and vPCs. Continue (yes/no)? [no] yes
Note: 
 --------:: Re-init of peer-link and vPCs started  ::--------
 
   
switch2# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
 
   
vPC domain id                   : 500 
Peer status                     : peer adjacency formed ok      
vPC keep-alive status           : peer is alive                 
Configuration consistency status: success 
vPC role                        : primary, operational secondary
Number of vPCs configured       : 4   
Peer Gateway                    : Disabled
Dual-active excluded VLANs      : -
 
   
vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po500  up     1,19,91,99,757                                           
 
   

Connectivity issues

Possible Cause

vPC peer keepalive link and connectivity issues over mgmt0 might exist.

Solution

Check for the peer keepalive mgmt0 reachability.

On the other Nexus 5000 switch, enter the command:

show run interface mgmt 0

Example:

 
   
switch2# sh run int mgmt 0
 
   
!Command: show running-config interface mgmt0
!Time: Tue Mar  8 03:20:58 2011
 
   
version 4.2(1)N2(1)
 
   
interface mgmt0
  ip address 172.18.118.162/24
 
   

Ensure there is reachability from switch1:

switch1# ping 172.18.118.162 vrf management 
PING 172.18.118.162 (172.18.118.162): 56 data bytes
64 bytes from 172.18.118.162: icmp_seq=0 ttl=254 time=5.306 ms
64 bytes from 172.18.118.162: icmp_seq=1 ttl=254 time=3.963 ms
64 bytes from 172.18.118.162: icmp_seq=2 ttl=254 time=4.04 ms
64 bytes from 172.18.118.162: icmp_seq=3 ttl=254 time=4.077 ms
64 bytes from 172.18.118.162: icmp_seq=4 ttl=254 time=4.057 ms
 
   

If the ping fails, it means that the connectivity between both mgmt0 interfaces does not exist or that they are not interconnected properly.

Make sure the mgmt0 interface is unshut and that you can ping the switch mgmt0 interface.

 
   
switch# sh int br | grep mgmt0
mgmt0  --           down   172.16.118.62             --       1500
 
   

If the status shows that it is down, it means there is no physical connection to mgmt0 or that the interface is in admin shutdown. You need to verify the physical connectivity and unshut the port:

 
   
switch1# config t
switch1(config)# int mgmt 0
switch1(config-if)# no shut
switch1(config-if)# show int br | grep mgmt0
mgmt0  --           up     172.16.118.62               1000     1500
 
   

If pinging the other switch continues to fail, then there is an interconnection issue between the two Nexus 5000 switches.

Check the networking in between the switches:

Switch interconnecting in access VLAN mode, using the same VLAN for both Nexus switches.

The VLAN is allowed across and between the switches.

Check the vPC configuration and compare the mgmt0 IP addresses that are used:

 
   
switch1# show run int mgmt 0
 
   
!Command: show running-config interface mgmt0
!Time: Tue Mar  8 03:53:48 2011
 
   
version 4.2(1)N2(1)
 
   
interface mgmt0
  ip address 172.18.118.163/24
 
   
 
   
switch1# show run vpc
 
   
!Command: show running-config vpc
!Time: Tue Mar  8 03:53:57 2011
 
   
version 4.2(1)N2(1)
feature vpc
 
   
vpc domain 500
  peer-keepalive destination 172.18.118.162
 
   
 
   
switch2# show run int mgmt 0
 
   
!Command: show running-config interface mgmt0
!Time: Tue Mar  8 03:53:53 2011
 
   
version 4.2(1)N2(1)
 
   
interface mgmt0
  ip address 172.18.118.162/24
 
   
 
   
switch2# sh run vpc
 
   
!Command: show running-config vpc
!Time: Tue Mar  8 03:54:01 2011
 
   
version 4.2(1)N2(1)
feature vpc
 
   
vpc domain 500
  peer-keepalive destination 172.18.118.162 
 
   

In this example, the destination IP is not correct. The correct IP is 172.18.118.163, which is the peer IP address.

Peer-link issues

Possible Cause

The peer link is not configured.

Solution

Configure the peer link correctly.

Example:

In this example, the problem is that the vPC peer-link does not exist.

switch1# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
 
   
vPC domain id                   : 500 
Peer status                     : peer link not configured      
vPC keep-alive status           : peer is alive                 
Configuration consistency status: failed  
Configuration consistency reason: vPC peer-link does not exists
 
   

You can use the show cdp neighbor command to determine which physical ports are connected to the other Nexus switch.

 
   
switch1# show cdp neighbor
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater,
                  V - VoIP-Phone, D - Remotely-Managed-Device,
                  s - Supports-STP-Dispute
 
   
 
   
Device-ID             Local Intrfce Hldtme Capability  Platform      Port ID
 
switch2(SSI1324033X)Eth1/25       128    S I s     N5K-C5020P-BF Eth1/25      
switch2(SSI1324033X)Eth1/26       128    S I s     N5K-C5020P-BF Eth1/26      
 
   

In this example, ports 25 and 26 connect to the other Nexus 5000 switch and should be configured as a peer link.

Run the same command on the other Nexus 5000 switch and observe the ports.

switch2# show cdp neighbor
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater,
                  V - VoIP-Phone, D - Remotely-Managed-Device,
                  s - Supports-STP-Dispute
 
   
 
   
Device-ID             Local Intrfce Hldtme Capability  Platform      Port ID
      
switch1(SSI14150768)Eth1/25       168    S I s     N5K-C5020P-BF Eth1/25    
  
switch1(SSI14150768)Eth1/26       168    S I s     N5K-C5020P-BF Eth1/26    
 
 
   
switch2# show run int e1/25
 
   
!Command: show running-config interface Ethernet1/25
!Time: Tue Mar  8 04:09:17 2011
 
   
version 4.2(1)N2(1)
 
   
interface Ethernet1/25
  switchport mode trunk
  channel-group 500
 
   
switch2# show run int e1/26
 
   
!Command: show running-config interface Ethernet1/26
!Time: Tue Mar  8 04:09:20 2011
 
   
version 4.2(1)N2(1)
 
   
interface Ethernet1/26
  switchport mode trunk
  channel-group 500
 
   

In this example, you can see that port-channel 500 is used on the connection to switch1 on switch2.

You now need to determine how port-channel 500 is configured on switch2.

 
   
switch2# show run int po 500
 
   
!Command: show running-config interface port-channel500
!Time: Tue Mar  8 04:10:38 2011
 
   
version 4.2(1)N2(1)
 
   
interface port-channel500
  switchport mode trunk
  vpc peer-link
  spanning-tree port type network
  speed 10000
 
   

Create a port-channel 500 on switch1 and associate it to the ports connecting to e1/25 and e1/26 on switch2.

 
   
switch1(config)# int po 500
switch1(config-if)# int e1/25-26
switch1(config-if-range)# channel-group 500
switch1(config-if-range)# int po 500
switch1(config-if)# vpc peer-link 
 
   

Notice that the spanning tree port type has changed to a network port type on the vPC peer link.

This enables spanning tree bridge assurance on the vPC peer link, provided that STP bridge assurance is not disabled. (STP bridge assurance is enabled by default.)

Check the vPC again.

switch1(config-if)# show vpc brief
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link
 
   
vPC domain id                   : 500 
Peer status                     : peer adjacency formed ok      
vPC keep-alive status           : peer is alive                 
Configuration consistency status: success 
vPC role                        : primary                       
Number of vPCs configured       : 4   
Peer Gateway                    : Disabled
Dual-active excluded VLANs      : -
 
   
vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po500  up     1,19,91,99,757   
 
   

Port channel 500 and the peer-link are now up. The vPC is successful.

vPC Consistency parameter issues

Possible Cause

vPC is not operational if type 1 consistency parameters do not match on both Nexus 5000 switches.

Solution

Ensure that type 1 consistency parameters match.

The possible values for type are 1, 2, or -. Items that are type 1 must match on both Nexus 5000 switches. If they do not match, then vPC is suspended. Starting with Release 5.0, a type 2 was introduced. Items that are type 2 do not have to match on both Nexus 5000 switches for the vPC to be operational.

The command in the following example displays local and peer values. Run the command on both switches to ensure that the type 1 items match.

Example:

To check for a mismatch, display the consistency parameters.

switch1# show vpc consistency-parameters global 
 
   
    Legend:
        Type 1 : vPC will be suspended in case of mismatch
 
   
Name                        Type  Local Value            Peer Value             
-------------               ----  ---------------------- -----------------------
QoS                         1     ([], [3], [], [], [],  ([], [3], [], [], [], 
                                  [])                    [])                   
Network QoS (MTU)           1     (1538, 2240, 0, 0, 0,  (9216, 2240, 0, 0, 0, 
                                  0)                     0)                    
Network Qos (Pause)         1     (F, T, F, F, F, F)     (F, T, F, F, F, F)    
Input Queuing (Bandwidth)   1     (50, 50, 0, 0, 0, 0)   (50, 50, 0, 0, 0, 0)  
Input Queuing (Absolute     1     (F, F, F, F, F, F)     (F, F, F, F, F, F)    
Priority)                                                                      
Output Queuing (Bandwidth)  1     (50, 50, 0, 0, 0, 0)   (50, 50, 0, 0, 0, 0)  
Output Queuing (Absolute    1     (F, F, F, F, F, F)     (F, F, F, F, F, F)    
Priority)                                                                      
STP Mode                    1     Rapid-PVST             Rapid-PVST            
STP Disabled                1     None                   None                  
STP MST Region Name         1     ""                     ""                    
STP MST Region Revision     1     0                      0                     
STP MST Region Instance to  1                                                  
 VLAN Mapping                                                                  
STP Loopguard               1     Disabled               Disabled              
STP Bridge Assurance        1     Enabled                Enabled               
STP Port Type, Edge         1     Normal, Disabled,      Normal, Disabled,     
BPDUFilter, Edge BPDUGuard        Disabled               Disabled              
STP MST Simulate PVST       1     Enabled                Enabled               
Allowed VLANs               -     1,19,91,99,120,757     1,10,19-20,91,99,400-4
                                                         01,403,420,440,442,444
                                                         -446,451-486,499,757,7
                                                         97                    
Local suspended VLANs       -     120                    -   
 
   

In this example, there are different MTU values for Network QoS. The value for the peer switch is 9216 on the peer switch (switch2) and the value for the local switch is 1538 (switch1). vPC will not be operational until the Network QoS values match on both switches.