Thursday, January 16, 2014

Cisco Nexus: vPC Keepalive Notes

I have had several discussions about vPC keepalives recently and are preparing to put two 7000s, two 5000s, and several FEXs in.  The last Nexus I setup, I did vPC keepalives across the management interface of two 5000s.  This works well and has not had any problems since I put it in.  However, the engineer I was talking with was concerned about someone unplugging a cable from the management interface.  He says he has seen people do that in the past and wanted to keep that from happening.  Very good point on his part, so I did some research and wanted to post the notes I came across about vPC keepalives.  This is pretty important when you are doing your design for redundancy setup of 7000s/5000s.  Im posting the link on where I found this information and cut and pasting in the notes on this topic.  I dont think I can explain it any better than the author (Pulkit Nagpal).  Ive learned a lot from going back over these notes and for me, its worth reviewing again.

The vPC Peer-keepalive Link (PK-link) is used to provide protection against dual active scenarios in the event of the primary Peer Link being lost. If loss of the Peer Link takes place, the PK-link is used to determine the status of the opposite peer (in other words, to determine whether the loss of connectivity is due to link failure or node failure).

The PK-Link uses a simple heartbeat between vPC peers these messages are sent out every 2 seconds, and the link uses a 3 second hold timeout upon loss of the primary Peer Link.

In order of preference, the following types of interface should be used for the vPC PK-link:

1. Dedicated Link (1Gbps is sufficient) using dedicated VRF

2. mgmt0 interface (shared link with management traffic)

3. Routed over L3 infrastructure (least preferred)

In the event that the chassis is not equipped with any 1GE linecards (i.e. the chassis supports 10GE only), then option 1 becomes less desirable - it is considered inefficient and expensive to dedicate a 10GE connection solely for the PK-link. In this case, option 2 (mgmt0 interface) should be considered.

NOTE: If the mgmt0 interface is used for vPC peer-keepalive functionality, these interfaces must be connected together using an intermediate switch. This is because in a dual Supervisor system, only one management port is active at any one time (e.g. either slot 5 or slot 6). If the mgmt0 interfaces are connected without a switch, i.e. back-to-back, this will cause issues with vPC.

One topology which should not be considered is where the vPC PK-link is routed across the vPC Peer Link. This defeats the object of having a dedicated PK-link - the PK-link is designed to act as a backup for the primary Peer Link, therefore it does not make sense to route the PK-link across the Peer Link.

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.