Troubleshooting Virtual Port Channel Issues
A virtual port channel (vPC) allows links that are physically connected to two different Cisco Nexus 5000 Series switches to appear as a single port channel to a third device. The third device can be a switch, server, or any other networking device. A vPC can provide Layer 2 multipathing, which allows you to create redundancy by increasing bandwidth, enabling multiple parallel paths between nodes and load-balancing traffic where alternative paths exist.
This chapter describes how to identify and resolve problems that can occur with vPC in the Cisco Nexus 5000 Series switch.
This chapter includes the following section:
Improper Configurations
vPC fails to start
This issue may have many possible causes:
Unable to configure vPC
Possible Cause
vPC is not enabled or is not supported in the NX-OS release of software that you are running.
Solution
Ensure that the NX-OS release supports vPC. vPC is supported in NX-OS Release 4.1 and later releases. If the NX-OS release supports vPC, then use the command feature of vPC to enable it.
vPC in blocking state
Possible Cause
A bridge protocol data unit (BPDU) only sends data on a single link of a port channel. If a bridge assurance (BA) dispute is detected, then vPC moves into a blocking state.
Solution
Do not enable bridge assurance on the vPC link: because of the following:
- Cannot be used on a spanning tree port type network.
- Prevents you from encountering ISSU issues. Bridge assurance should only be enabled on the vPC peer link.
vPC domain ids
Possible Cause
The vPC domain IDs of two switches do not match.
Solution
Compare the vPC domain IDs of the two switches and ensure that they match.
Example:
(*) - local vPC is down, forwarding via vPC peer-link
Peer status : peer link is down
vPC keep-alive status : Suspended (Destination IP not reachable)
Configuration consistency status: success
vPC role : secondary, operational primary
Number of vPCs configured : 4
Dual-active excluded VLANs : -
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
(*) - local vPC is down, forwarding via vPC peer-link
Peer status : peer link is down
vPC keep-alive status : Suspended (Destination IP not reachable)
Configuration consistency status: success
Number of vPCs configured : 4
Dual-active excluded VLANs : -
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
The two switches in this example have different vPC domain IDs. The vPC domain IDs of these Nexus switches must be changed to match. This can be done by entering configuration commands, one per line, and ending each with Cntl + Z.
switch2(config)# vpc domain 500
Changing domain id will flap peer-link and vPCs. Continue (yes/no)? [no] yes
--------:: Re-init of peer-link and vPCs started ::--------
(*) - local vPC is down, forwarding via vPC peer-link
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
vPC role : primary, operational secondary
Number of vPCs configured : 4
Dual-active excluded VLANs : -
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po500 up 1,19,91,99,757
Connectivity issues
Possible Cause
vPC peer keepalive link and connectivity issues over mgmt0 might exist.
Solution
- Check for the peer keepalive mgmt0 reachability.
On the other Nexus 5000 switch, enter the command:
show run interface mgmt 0
Example:
switch2# sh run int mgmt 0
!Command: show running-config interface mgmt0
!Time: Tue Mar 8 03:20:58 2011
ip address 172.18.118.162/24
Ensure there is reachability from switch1:
switch1# ping 172.18.118.162 vrf management
PING 172.18.118.162 (172.18.118.162): 56 data bytes
64 bytes from 172.18.118.162: icmp_seq=0 ttl=254 time=5.306 ms
64 bytes from 172.18.118.162: icmp_seq=1 ttl=254 time=3.963 ms
64 bytes from 172.18.118.162: icmp_seq=2 ttl=254 time=4.04 ms
64 bytes from 172.18.118.162: icmp_seq=3 ttl=254 time=4.077 ms
64 bytes from 172.18.118.162: icmp_seq=4 ttl=254 time=4.057 ms
If the ping fails, it means that the connectivity between both mgmt0 interfaces does not exist or that they are not interconnected properly.
Make sure the mgmt0 interface is unshut and that you can ping the switch mgmt0 interface.
switch# sh int br | grep mgmt0
mgmt0 -- down 172.16.118.62 -- 1500
If the status shows that it is down, it means there is no physical connection to mgmt0 or that the interface is in admin shutdown. You need to verify the physical connectivity and unshut the port:
switch1(config)# int mgmt 0
switch1(config-if)# no shut
switch1(config-if)# show int br | grep mgmt0
mgmt0 -- up 172.16.118.62 1000 1500
If pinging the other switch continues to fail, then there is an interconnection issue between the two Nexus 5000 switches.
Check the networking in between the switches:
– Switch interconnecting in access VLAN mode, using the same VLAN for both Nexus switches.
– The VLAN is allowed across and between the switches.
- Check the vPC configuration and compare the mgmt0 IP addresses that are used:
switch1# show run int mgmt 0
!Command: show running-config interface mgmt0
!Time: Tue Mar 8 03:53:48 2011
ip address 172.18.118.163/24
!Command: show running-config vpc
!Time: Tue Mar 8 03:53:57 2011
peer-keepalive destination 172.18.118.162
switch2# show run int mgmt 0
!Command: show running-config interface mgmt0
!Time: Tue Mar 8 03:53:53 2011
ip address 172.18.118.162/24
!Command: show running-config vpc
!Time: Tue Mar 8 03:54:01 2011
peer-keepalive destination 172.18.118.162
In this example, the destination IP is not correct. The correct IP is 172.18.118.163, which is the peer IP address.
Peer-link issues
Possible Cause
The peer link is not configured.
Solution
Configure the peer link correctly.
Example:
In this example, the problem is that the vPC peer-link does not exist.
(*) - local vPC is down, forwarding via vPC peer-link
Peer status : peer link not configured
vPC keep-alive status : peer is alive
Configuration consistency status: failed
Configuration consistency reason: vPC peer-link does not exists
You can use the show cdp neighbor command to determine which physical ports are connected to the other Nexus switch.
switch1# show cdp neighbor
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
Device-ID Local Intrfce Hldtme Capability Platform Port ID
switch2(SSI1324033X)Eth1/25 128 S I s N5K-C5020P-BF Eth1/25
switch2(SSI1324033X)Eth1/26 128 S I s N5K-C5020P-BF Eth1/26
In this example, ports 25 and 26 connect to the other Nexus 5000 switch and should be configured as a peer link.
Run the same command on the other Nexus 5000 switch and observe the ports.
switch2# show cdp neighbor
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
S - Switch, H - Host, I - IGMP, r - Repeater,
V - VoIP-Phone, D - Remotely-Managed-Device,
Device-ID Local Intrfce Hldtme Capability Platform Port ID
switch1(SSI14150768)Eth1/25 168 S I s N5K-C5020P-BF Eth1/25
switch1(SSI14150768)Eth1/26 168 S I s N5K-C5020P-BF Eth1/26
switch2# show run int e1/25
!Command: show running-config interface Ethernet1/25
!Time: Tue Mar 8 04:09:17 2011
switch2# show run int e1/26
!Command: show running-config interface Ethernet1/26
!Time: Tue Mar 8 04:09:20 2011
In this example, you can see that port-channel 500 is used on the connection to switch1 on switch2.
You now need to determine how port-channel 500 is configured on switch2.
switch2# show run int po 500
!Command: show running-config interface port-channel500
!Time: Tue Mar 8 04:10:38 2011
interface port-channel500
spanning-tree port type network
Create a port-channel 500 on switch1 and associate it to the ports connecting to e1/25 and e1/26 on switch2.
switch1(config)# int po 500
switch1(config-if)# int e1/25-26
switch1(config-if-range)# channel-group 500
switch1(config-if-range)# int po 500
switch1(config-if)# vpc peer-link
Notice that the spanning tree port type has changed to a network port type on the vPC peer link.
This enables spanning tree bridge assurance on the vPC peer link, provided that STP bridge assurance is not disabled. (STP bridge assurance is enabled by default.)
Check the vPC again.
switch1(config-if)# show vpc brief
(*) - local vPC is down, forwarding via vPC peer-link
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status: success
Number of vPCs configured : 4
Dual-active excluded VLANs : -
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po500 up 1,19,91,99,757
Port channel 500 and the peer-link are now up. The vPC is successful.
vPC Consistency parameter issues
Possible Cause
vPC is not operational if type 1 consistency parameters do not match on both Nexus 5000 switches.
Solution
Ensure that type 1 consistency parameters match.
The possible values for type are 1, 2, or -. Items that are type 1 must match on both Nexus 5000 switches. If they do not match, then vPC is suspended. Starting with Release 5.0, a type 2 was introduced. Items that are type 2 do not have to match on both Nexus 5000 switches for the vPC to be operational.
The command in the following example displays local and peer values. Run the command on both switches to ensure that the type 1 items match.
Example:
To check for a mismatch, display the consistency parameters.
switch1# show vpc consistency-parameters global
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
------------- ---- ---------------------- -----------------------
QoS 1 ([], [3], [], [], [], ([], [3], [], [], [],
Network QoS (MTU) 1 (1538, 2240, 0, 0, 0, (9216, 2240, 0, 0, 0,
Network Qos (Pause) 1 (F, T, F, F, F, F) (F, T, F, F, F, F)
Input Queuing (Bandwidth) 1 (50, 50, 0, 0, 0, 0) (50, 50, 0, 0, 0, 0)
Input Queuing (Absolute 1 (F, F, F, F, F, F) (F, F, F, F, F, F)
Output Queuing (Bandwidth) 1 (50, 50, 0, 0, 0, 0) (50, 50, 0, 0, 0, 0)
Output Queuing (Absolute 1 (F, F, F, F, F, F) (F, F, F, F, F, F)
STP Mode 1 Rapid-PVST Rapid-PVST
STP MST Region Name 1 "" ""
STP MST Region Revision 1 0 0
STP MST Region Instance to 1
STP Loopguard 1 Disabled Disabled
STP Bridge Assurance 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Simulate PVST 1 Enabled Enabled
Allowed VLANs - 1,19,91,99,120,757 1,10,19-20,91,99,400-4
Local suspended VLANs - 120 -
In this example, there are different MTU values for Network QoS. The value for the peer switch is 9216 on the peer switch (switch2) and the value for the local switch is 1538 (switch1). vPC will not be operational until the Network QoS values match on both switches.