Configure vPC Multi-Homing

This chapter contains these sections:

Primary IP addresses

A primary IP address (PIP) is a VTEP configuration attribute on vPC-enabled leaf or border leaf switches that

  • serves as the BGP next-hop for certain Layer-3 routes

  • ensures that traffic is forwarded to the correct vPC-enabled switch, and

  • provides an alternative to the virtual IP address (VIP) for specific routing scenarios.

Reference Information for Advertising Primary IP Address

In Cisco data center environments using vPC-enabled leaf or border leaf switches, Layer-3 routes are typically advertised with the secondary IP address (VIP) of the VTEP as the BGP next-hop. However, prefix routes and routes generated by the leaf switch are not synchronized between vPC peers. Using the VIP as the next-hop for these routes can result in traffic being sent to the wrong switch and potentially being dropped (black-holed).

The provision to use the primary IP address (PIP) as the BGP next-hop for prefix routes and loopback interface routes allows for more precise traffic engineering. It ensures that traffic destined for these routes always reaches the correct vPC-enabled leaf or border leaf switch.

The configuration command for advertising the PIP is advertise-pip .

  • On the Cisco Nexus 9300-FX2 switch, the advertise-pip command was not supported prior to Cisco NX-OS Release 7.0(3)I7(4). For more information, see CSCvi42831.

  • advertise-pip : Lets BGP use the PIP as next-hop when advertising externally learned routes or for the redistributed direct routes if vPC is enabled.

  • For proper route advertisement, enable or disable advertise virtual-rmac and advertise-pip together. Configuring only one is considered invalid and may cause unexpected behavior.

    For Cisco Nexus 9504 and 9508 switches with -R line cards, always configure advertise virtual-rmac without advertise-pip .

Example: Advertising PIP in BGP

The configuration command to enable advertising the PIP as the BGP next-hop is:

switch(config)# router bgp 65536
  address-family 12vpn evpn
    advertise-pip
interface nve 1
    advertise virtual-rmac

With both advertise-pip and advertise virtual-rmac enabled, type 5 routes are advertised with the PIP and type 2 routes are still advertised with the VIP. The system MAC is used with the PIP, and the virtual MAC (VMAC) is used with the VIP.

If only advertise-pip or advertise virtual-rmac is enabled (but not both), the configuration is invalid and proper route advertisement does not occur.

Using the PIP as the BGP next-hop is like mailing a package directly to a person’s home address, instead of a shared mailbox, to ensure it reliably arrives at the intended recipient.

Border PE switches

A border PE switch is a network device that

  • operates as part of a vPC (virtual port channel) configuration for high availability and redundancy

  • uses a common, virtual VTEP IP address and a system-specific router MAC address to support VXLAN deployments, and

  • advertises Layer-3 prefixes or default routes via the shared virtual VTEP IP and router MAC address as the next hop.

In VXLAN vPC deployments, two border PE switches are paired as a vPC, enabling communication using a common, virtual VTEP IP address (configured as a secondary loopback). This virtual VTEP uses a unique router MAC address for the system. Layer-3 prefixes or the default route are advertised from the border PE switch with the shared virtual VTEP IP and router MAC address as the next hop.

When configuring with the advertise-pip and advertise-pip commands, Layer-3 prefixes or defaults are instead advertised with the primary IP and system-specific router MAC address, while MAC addresses are advertised with the secondary IP and a router MAC derived from the secondary IP.

If both border PE switches form a vPC in VXLAN, their shared secondary loopback IP serves as the VTEP. All routing advertisements use this IP and a system-specific router MAC address, ensuring seamless routing and redundancy across the network.

DHCP relay configuration in vPC setups

A DHCP relay configuration in vPC setups is a network configuration method that

  • enables DHCP or DHCPv6 relaying on vPC leaf switches,

  • supports environments where the DHCP server is located in a non-default, non-management VRF, and

  • requires the advertise-pip command on vPC leaf switches to ensure proper relay and routing functionality.

Sample DHCP relay configuration in vPC

To configure DHCP relay in a vPC setup with a non-default VRF on the vPC leaf switches, use this configuration:
switch(config)# router bgp 100
  address-family 12vpn evpn
    advertise-pip
interface nve 1
  advertise virtual-rmac

This configuration allows BGP EVPN to advertise Route-type 5 routes with the next-hop set to the VTEP interface’s primary IP address, ensuring correct DHCP relay operation in vPC environments.

IP prefix advertisement in vPC setups

An IP prefix advertisement is a BGP EVPN routing feature that

  • distributes Layer-3 reachability information across the fabric,

  • enables the propagation of different types of routes between switches, and

  • supports consistency and correctness in forwarding traffic in vPC environments.

There are three types of Layer-3 routes that that BGP EVPN can advertise:

  • Local host routes: Learned from directly attached servers or hosts.

  • Prefix routes: Learned via other routing protocols at the leaf, border leaf, and border spine switches.

  • Leaf switch generated routes: Include interface routes and static routes.

Prefix advertisements are essential in a vPC setup to ensure traffic destined for external networks is efficiently routed and does not get dropped, especially when using the primary IP address (PIP) or virtual IP address (VIP) as the BGP next-hop.