Cisco Nexus 5500 Troubleshooting Guide
Troubleshooting Virtual Port Channel Issues
Downloads: This chapterpdf (PDF - 160.0KB) The complete bookPDF (PDF - 1.25MB) | Feedback

Table of Contents

Troubleshooting Virtual Port Channel Issues

Improper C onfigurations

vPC fails to start

Unable to configure vPC

vPC in blocking state

vPC domain ids

Connectivity issues

Peer-link issues

vPC Consistency parameter issues

Troubleshooting Virtual Port Channel Issues

A virtual port channel (vPC) allows links that are physically connected to two different Cisco Nexus 5000 Series switches to appear as a single port channel to a third device. The third device can be a switch, server, or any other networking device. A vPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bandwidth, enabling multiple parallel paths between nodes and load-balancing traffic where alternative paths exist.

This chapter describes how to identify and resolve problems that can occur with vPC in the Cisco Nexus 5000 Series switch.

This chapter includes the following section:

Improper Configurations

Unable to configure vPC

Possible Cause

vPC is not enabled or is not supported in the NX-OS release of software that you are running.

Solution

Ensure that the NX-OS release supports vPC. vPC is supported in NX-OS Release 4.1 and later releases. If the NX-OS release supports vPC, then use the command feature of vPC to enable it.

vPC in blocking state

Possible Cause

A bridge protocol data unit (BPDU) only sends data on a single link of a port channel. If a bridge assurance (BA) dispute is detected, then vPC moves into a blocking state.

Solution

Do not enable bridge assurance on the vPC link: because of the following:

  • Cannot be used on a spanning tree port type network.
  • Prevents you from encountering ISSU issues. Bridge assurance should only be enabled on the vPC peer link.

vPC domain ids

Possible Cause

The vPC domain IDs of two switches do not match.

Solution

Compare the vPC domain IDs of the two switches and ensure that they match.

Example:

 
switch1# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
 
vPC domain id : 500
Peer status : peer link is down
vPC keep-alive status : Suspended (Destination IP not reachable)
Configuration consistency status: success
vPC role : secondary, operational primary
Number of vPCs configured : 4
Peer Gateway : Disabled
Dual-active excluded VLANs : -
 
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po500 down -
 
 
switch2# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
 
vPC domain id : 1
Peer status : peer link is down
vPC keep-alive status : Suspended (Destination IP not reachable)
Configuration consistency status: success
vPC role : primary
Number of vPCs configured : 4
Peer Gateway : Disabled
Dual-active excluded VLANs : -
 
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po500 down -
 
 

The two switches in this example have different vPC domain IDs. The vPC domain IDs of these Nexus switches must be changed to match. This can be done by entering configuration commands, one per line, and ending each with Cntl + Z.

 
 
switch2(config)# vpc domain 500
Changing domain id will flap peer-link and vPCs. Continue (yes/no)? [no] yes
Note:
--------:: Re-init of peer-link and vPCs started ::--------
 
switch2# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
 
vPC domain id : 500
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
vPC role : primary, operational secondary
Number of vPCs configured : 4
Peer Gateway : Disabled
Dual-active excluded VLANs : -
 
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po500 up 1,19,91,99,757
 

Connectivity issues

Possible Cause

vPC peer keepalive link and connectivity issues over mgmt0 might exist.

Solution

  • Check for the peer keepalive mgmt0 reachability.

On the other Nexus 5000 switch, enter the command:

show run interface mgmt 0

Example:

 
switch2# sh run int mgmt 0
 
!Command: show running-config interface mgmt0
!Time: Tue Mar 8 03:20:58 2011
 
version 4.2(1)N2(1)
 
interface mgmt0
ip address 172.18.118.162/24
 

Ensure there is reachability from switch1:

switch1# ping 172.18.118.162 vrf management
PING 172.18.118.162 (172.18.118.162): 56 data bytes
64 bytes from 172.18.118.162: icmp_seq=0 ttl=254 time=5.306 ms
64 bytes from 172.18.118.162: icmp_seq=1 ttl=254 time=3.963 ms
64 bytes from 172.18.118.162: icmp_seq=2 ttl=254 time=4.04 ms
64 bytes from 172.18.118.162: icmp_seq=3 ttl=254 time=4.077 ms
64 bytes from 172.18.118.162: icmp_seq=4 ttl=254 time=4.057 ms
 

If the ping fails, it means that the connectivity between both mgmt0 interfaces does not exist or that they are not interconnected properly.

Make sure the mgmt0 interface is unshut and that you can ping the switch mgmt0 interface.

 
switch# sh int br | grep mgmt0
mgmt0 -- down 172.16.118.62 -- 1500
 

If the status shows that it is down, it means there is no physical connection to mgmt0 or that the interface is in admin shutdown. You need to verify the physical connectivity and unshut the port:

 
switch1# config t
switch1(config)# int mgmt 0
switch1(config-if)# no shut
switch1(config-if)# show int br | grep mgmt0
mgmt0 -- up 172.16.118.62 1000 1500
 

If pinging the other switch continues to fail, then there is an interconnection issue between the two Nexus 5000 switches.

Check the networking in between the switches:

Switch interconnecting in access VLAN mode, using the same VLAN for both Nexus switches.

The VLAN is allowed across and between the switches.

  • Check the vPC configuration and compare the mgmt0 IP addresses that are used:
 
switch1# show run int mgmt 0
 
!Command: show running-config interface mgmt0
!Time: Tue Mar 8 03:53:48 2011
 
version 4.2(1)N2(1)
 
interface mgmt0
ip address 172.18.118.163/24
 
 
switch1# show run vpc
 
!Command: show running-config vpc
!Time: Tue Mar 8 03:53:57 2011
 
version 4.2(1)N2(1)
feature vpc
 
vpc domain 500
peer-keepalive destination 172.18.118.162
 
 
switch2# show run int mgmt 0
 
!Command: show running-config interface mgmt0
!Time: Tue Mar 8 03:53:53 2011
 
version 4.2(1)N2(1)
 
interface mgmt0
ip address 172.18.118.162/24
 
 
switch2# sh run vpc
 
!Command: show running-config vpc
!Time: Tue Mar 8 03:54:01 2011
 
version 4.2(1)N2(1)
feature vpc
 
vpc domain 500
peer-keepalive destination 172.18.118.162
 

In this example, the destination IP is not correct. The correct IP is 172.18.118.163, which is the peer IP address.

Peer-link issues

Possible Cause

The peer link is not configured.

Solution

Configure the peer link correctly.

Example:

In this example, the problem is that the vPC peer-link does not exist.

switch1# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
 
vPC domain id : 500
Peer status : peer link not configured
vPC keep-alive status : peer is alive
Configuration consistency status: failed
Configuration consistency reason: vPC peer-link does not exists
 

You can use the show cdp neighbor command to determine which physical ports are connected to the other Nexus switch.

 
switch1# show cdp neighbor
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
 
 
Device-ID Local Intrfce Hldtme Capability Platform Port ID
 
switch2(SSI1324033X)Eth1/25 128 S I s N5K-C5020P-BF Eth1/25
switch2(SSI1324033X)Eth1/26 128 S I s N5K-C5020P-BF Eth1/26
 

In this example, ports 25 and 26 connect to the other Nexus 5000 switch and should be configured as a peer link.

Run the same command on the other Nexus 5000 switch and observe the ports.

switch2# show cdp neighbor
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
s - Supports-STP-Dispute
 
 
Device-ID Local Intrfce Hldtme Capability Platform Port ID
switch1(SSI14150768)Eth1/25 168 S I s N5K-C5020P-BF Eth1/25
switch1(SSI14150768)Eth1/26 168 S I s N5K-C5020P-BF Eth1/26
 
 
switch2# show run int e1/25
 
!Command: show running-config interface Ethernet1/25
!Time: Tue Mar 8 04:09:17 2011
 
version 4.2(1)N2(1)
 
interface Ethernet1/25
switchport mode trunk
channel-group 500
 
switch2# show run int e1/26
 
!Command: show running-config interface Ethernet1/26
!Time: Tue Mar 8 04:09:20 2011
 
version 4.2(1)N2(1)
 
interface Ethernet1/26
switchport mode trunk
channel-group 500
 

In this example, you can see that port-channel 500 is used on the connection to switch1 on switch2.

You now need to determine how port-channel 500 is configured on switch2.

 
switch2# show run int po 500
 
!Command: show running-config interface port-channel500
!Time: Tue Mar 8 04:10:38 2011
 
version 4.2(1)N2(1)
 
interface port-channel500
switchport mode trunk
vpc peer-link
spanning-tree port type network
speed 10000
 

Create a port-channel 500 on switch1 and associate it to the ports connecting to e1/25 and e1/26 on switch2.

 
switch1(config)# int po 500
switch1(config-if)# int e1/25-26
switch1(config-if-range)# channel-group 500
switch1(config-if-range)# int po 500
switch1(config-if)# vpc peer-link
 

Notice that the spanning tree port type has changed to a network port type on the vPC peer link.

This enables spanning tree bridge assurance on the vPC peer link, provided that STP bridge assurance is not disabled. (STP bridge assurance is enabled by default.)

Check the vPC again.

switch1(config-if)# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
 
vPC domain id : 500
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
vPC role : primary
Number of vPCs configured : 4
Peer Gateway : Disabled
Dual-active excluded VLANs : -
 
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po500 up 1,19,91,99,757
 

Port channel 500 and the peer-link are now up. The vPC is successful.

vPC Consistency parameter issues

Possible Cause

vPC is not operational if type 1 consistency parameters do not match on both Nexus 5000 switches.

Solution

Ensure that type 1 consistency parameters match.

The possible values for type are 1, 2, or -. Items that are type 1 must match on both Nexus 5000 switches. If they do not match, then vPC is suspended. Starting with Release 5.0, a type 2 was introduced. Items that are type 2 do not have to match on both Nexus 5000 switches for the vPC to be operational.

The command in the following example displays local and peer values. Run the command on both switches to ensure that the type 1 items match.

Example:

To check for a mismatch, display the consistency parameters.

switch1# show vpc consistency-parameters global
 
Legend:
Type 1 : vPC will be suspended in case of mismatch
 
Name Type Local Value Peer Value
------------- ---- ---------------------- -----------------------
QoS 1 ([], [3], [], [], [], ([], [3], [], [], [],
[]) [])
Network QoS (MTU) 1 (1538, 2240, 0, 0, 0, (9216, 2240, 0, 0, 0,
0) 0)
Network Qos (Pause) 1 (F, T, F, F, F, F) (F, T, F, F, F, F)
Input Queuing (Bandwidth) 1 (50, 50, 0, 0, 0, 0) (50, 50, 0, 0, 0, 0)
Input Queuing (Absolute 1 (F, F, F, F, F, F) (F, F, F, F, F, F)
Priority)
Output Queuing (Bandwidth) 1 (50, 50, 0, 0, 0, 0) (50, 50, 0, 0, 0, 0)
Output Queuing (Absolute 1 (F, F, F, F, F, F) (F, F, F, F, F, F)
Priority)
STP Mode 1 Rapid-PVST Rapid-PVST
STP Disabled 1 None None
STP MST Region Name 1 "" ""
STP MST Region Revision 1 0 0
STP MST Region Instance to 1
VLAN Mapping
STP Loopguard 1 Disabled Disabled
STP Bridge Assurance 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Simulate PVST 1 Enabled Enabled
Allowed VLANs - 1,19,91,99,120,757 1,10,19-20,91,99,400-4
01,403,420,440,442,444
-446,451-486,499,757,7
97
Local suspended VLANs - 120 -
 

In this example, there are different MTU values for Network QoS. The value for the peer switch is 9216 on the peer switch (switch2) and the value for the local switch is 1538 (switch1). vPC will not be operational until the Network QoS values match on both switches.