You can have only two
devices as vPC peers; each device can serve as a vPC peer to only one other vPC
peer. The vPC peer devices can also have non-vPC links to other devices.
The figure below for invalid vPC peer configurations.
Figure 3. vPC Peer
Configurations That Are Not Allowed
To make a valid
configuration, you first configure a port channel on each device and then
configure the vPC domain. You assign the port channel on each device as a peer
link, using the same vPC domain ID. For redundancy, we recommend that you
should configure at least two of the dedicated ports into the port channel
because if one of the interfaces in the vPC peer link fails, the device
automatically falls back to use another interface in the peer link.
We recommend that
you configure the Layer 2 port channels in trunk mode.
Many operational parameters and configuration parameters must be the same in each device connected by a vPC peer link (see the “Compatibility Parameters for vPC Interfaces” section). Because each device is completely independent on the management plane, you must ensure that the devices are compatible on the critical parameters. vPC peer devices have separate control planes. After configuring the vPC peer link, you should display the configuration on each vPC peer device to ensure that the configurations are compatible.
You must ensure that the two devices connected by the vPC peer link have certain identical operational and configuration parameters. For more information on required configuration consistency, see the “Compatibility Parameters for vPC Interfaces” section.
When you configure the vPC peer link, the vPC peer devices negotiate that one of the connected devices is the primary device and the other connected device is the secondary device (see the “Configuring vPCs” section). The Cisco NX-OS software uses the lowest MAC address to elect the primary device. The software takes different actions on each device—that is, the primary and secondary—only in certain failover conditions. If the primary device fails, the secondary device becomes the new primary device when the system recovers, and the previously primary device is now the secondary device.
You can also configure which of the vPC devices is the primary device. Changing the priority of the vPC peer devices can cause the interfaces in your network to go up and down. If you want to configure the role priority again to make one vPC device the primary device, configure the role priority on both the primary vPC device with a lower priority value and the secondary vPC device with the higher value. Then, shut down the port channel that is the vPC peer link on both devices by entering the shutdown command, and finally reenable the port channel on both devices by entering the no shutdown command.
We recommend that you use two different modules for redundancy on each vPC peer device on each vPC peer link.
The software keeps all
traffic that forwards across the vPC peer devices as local traffic. A packet
that ingresses the port channel uses one of the local links rather than moving
across the vPC peer link. Unknown unicast, multicast, and broadcast traffic
(including STP BPDUs) are flooded across the vPC peer link. The software keeps
the multicast forwarding state synchronized on both of the vPC peer devices.
You can configure any of the standard load-balancing schemes on both the vPC peer link devices and the downstream device (see Chapter 6, “Configuring Port Channels” for information about load balancing).
Configuration information flows across the vPC peer links using the Cisco Fabric Services over Ethernet (CFSoE) protocol. (See the “CFSoE” section on page 7-30 for more information about CFSoE.)
All MAC addresses for those VLANs configured on both devices are synchronized between vPC peer devices. The software uses CFSoE for this synchronization. (See the “CFSoE” section on page 7-30 for information about CFSoE.)
If the vPC peer link
fails, the software checks the status of the remote vPC peer device using the
peer-keepalive link, which is a link between vPC peer devices that ensures that
both devices are up. If the vPC peer device is up, the secondary vPC device
disables all vPC ports on its device, to prevent loops and disappearing or
flooding traffic. The data then forwards down the remaining active links of the
We recommend that you create and configure a separate VRF and configure a Layer 3 port on each vPC peer device in that VRF for the vPC peer-keepalive link. The default ports and VRF for the peer-keepalive are the management ports and VRF.
The software learns of
a vPC peer device failure when the keepalive messages are not returned over the
Use a separate link (vPC peer-keepalive link) to send configurable keepalive messages between the vPC peer devices. The keepalive messages on the vPC peer-keepalive link determines whether a failure is on the vPC peer link only or on the vPC peer device. The keepalive messages are used only when all the links in the peer link fail. See the “Peer-Keepalive Link and Messages” section for information about the keepalive message.