vPC Failure Scenarios – Cisco Port Channels and vPCs

by

vPC Failure Scenarios

The following describes how vPC Nexus switches interact with events triggered by failure of a vPC peer-keepalive link, vPC peer-link, and so on:

  • vPC member port failure: When one vPC member port fails, the host MAC detects a link failure on one of the port channel members and redistributes the affected flows to the remaining port channel members. Before the failure, the MAC pointed to primary port, and after the failure, it points to secondary port. This is one of the scenarios where a vPC peer-link is used to carry data traffic.
  • vPC peer-link failure: In a vPC topology, one vPC peer switch is elected as the vPC primary switch and the other switch is elected as the vPC secondary switch, based on the configured role priority for the switch. In a scenario where the vPC peer-link goes down, the vPC secondary switch shuts down all of its vPC member ports if it can still receive keepalive messages from the vPC primary switch (which indicates that the vPC primary switch is still alive). The vPC primary switch keeps all of its interfaces up, as shown in Figure 4-12.

  

Figure 4-12 vPC Peer-Link Failure Scenario

  • vPC peer-keepalive link failure: During a vPC peer-keepalive link failure, there is no impact on traffic flow.
  • vPC primary switch failure: In a vPC topology, if a failure occurs on a primary switch, the secondary switch becomes the operational primary switch. If the primary switch comes back again, it will take the role of vPC operational secondary.
  • vPC keepalive-link failure followed by a peer-link failure: If the vPC keepalive link fails first and then a peer-link fails, the vPC primary switch continues to be primary but the vPC secondary switch becomes the operational primary switch and keeps its vPC member ports up (this is also known as a dual active scenario). This can occur when both the vPC switches are healthy but the failure has occurred because of a connectivity issue between the switches. This situation is known as a split-brain scenario. There is no loss of traffic for existing flows, but new flows can be affected as the peer-link is not available. The two vPC switches cannot synchronize the unicast MAC address and the IGMP groups and therefore cannot maintain the complete unicast and multicast forwarding table. Also, there may be some duplicate packet forwarding, as shown in Figure 4-13.

  

Figure 4-13 vPC Keepalive Link Failure Followed by a Peer-Link Failure Scenario vPC peer-link and keepalive both fail but only keepalive returns: Initially a dual active state will exist. When the keepalive link is restored, we can expect that the configured primary will become the operational primary.

Leave a Comment