排除ACI中的虚拟端口通道(vPC)故障
下载选项
已更新: 2022 年 10 月 31 日
文档 ID:218374
非歧视性语言
此产品的文档集力求使用非歧视性语言。在本文档集中,非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言,文档中可能无法确保完全使用非歧视性语言。 深入了解思科如何使用包容性语言。
关于此翻译
思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。
目录
简介
本文档介绍如何识别和解决ACI中的vPC可能出现的问题。
背景信息
虚拟端口通道(vPC)允许物理上连接到两个不同ACI枝叶节点的链路显示为第三个设备(即网络交换机、服务器和支持链路汇聚技术的任何其他网络设备)的单个端口通道。
vPC包括两台指定为vPC对等交换机的ACI枝叶交换机。在vPC对等设备中,一个是主设备,另一个是辅助设备。交换机组成的系统称为vPC域。
vPC对等之间没有专用对等链路;交换矩阵本身充当MCT。
· 对等可达性协议-使用ZMQ代替CFS。
· ZMQ是使用TCP作为传输协议的开源高性能消息库。
· 该库在交换机上打包为libzmq,并链接到需要与vPC对等设备通信的每个应用。
对等连通性不通过物理对等链路处理;相反,路由触发器用于检测对等连通性。
· vPC管理器向URIB注册对等路由通知。
· 当ISIS发现到对等体的路由时,URIB通知vPC管理器,然后尝试打开对等体的ZMQ套接字。
· 当ISIS撤销对等路由时,URIB会再次通知vPC管理器,并关闭MCT链路。
作为升级最佳实践的一部分,建议升级每个Pod中至少两个独立组的交换机,以使每个Pod中有一半的枝叶和主干节点在任何给定时间都处于工作状态。例如,一个组具有偶数编号的枝叶和主干节点,另一个组在每个Pod中具有奇数编号的枝叶和主干。通过vPC配置设备,我们可以将至少一个设备放在不同的组中,以确保在升级期间正常运行。这样可以防止升级期间出现任何故障,因为至少一个设备在升级另一个设备时仍保持运行。
缩写
ACI:以应用为中心的基础设施
vPC:虚拟端口通道
MCT:多机箱EtherChannel中继
CFS:思科交换矩阵服务
ZMQ:零消息队列
LACP:链路聚合控制协议
PDU:协议数据单元
LAG:链路聚合
vPC端口通道故障排除的前提条件
vPC验证
1. vPC状态:show vpc
FAB3-L1# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 101
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
686 Po3 up success success 86
FAB3-L2# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 101
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
686 Po2 up success success 86
输出显示,使用vPC域ID 101形成对等邻接,注意vPC保持连接状态在ACI中禁用,因为不需要专用链路。具有活动vlan 86的vPC中Po3处于工作状态。请注意,vPC对交换机上的端口通道号可能不同。
2. vPC角色、vPC系统Mac和LAG ID:show vpc role
FAB3-L1# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary, operational secondary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:65
vPC system-priority : 32667
vPC local system-mac : 00:81:c4:b1:25:4f
vPC local role-priority : 101
FAB3-L2# show vpc role
vPC Role status
----------------------------------------------------
vPC role : secondary, operational primary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:65
vPC system-priority : 32667
vPC local system-mac : 00:5d:73:57:c4:2c
vPC local role-priority : 102此命令显示L1为主要,L2为次要。
由于终端设备连接到两台不同的vPC交换机,因此必须有一种机制使它们将vPC对等设备标识为一个逻辑设备。这可通过在对等体之间共享的LAG ID中使用vPC系统Mac实现。这使终端设备将vPC对等设备视为一个逻辑单元。
N3K# show lacp interface ethernet 1/24
Interface Ethernet1/24 is up
Channel group is 1 port channel is Po1
PDUs sent: 31726
PDUs rcvd: 31634
Markers sent: 0
Markers rcvd: 0
Marker response sent: 0
Marker response rcvd: 0
Unknown packets rcvd: 0
Illegal packets rcvd: 0
Lag Id: [ [(7f9b, 0-23-4-ee-be-65, 82ae, 8000, 4121), (8000, 0-a6-ca-75-6f-c1, 8000, 8000, 15d)] ]
Operational as aggregated link since Fri Sep 2 08:05:52 2022
Local Port: Eth1/24 MAC Address= 0-a6-ca-75-6f-c1
System Identifier=0x8000, Port Identifier=0x8000,0x15d
Operational key=32768
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Synchronization=IN_SYNC
Collecting=true
Distributing=true
Partner information refresh timeout=Long Timeout (90s)
Actor Admin State=61
Actor Oper State=61
Neighbor: 0x4121
MAC Address= 0-23-4-ee-be-65
System Identifier=0x7f9b, Port Identifier=0x8000,0x4121
Operational key=33454
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Synchronization=IN_SYNC
Collecting=true
Distributing=true
Partner Admin State=61
Partner Oper State=61
Aggregate or Individual(True=1)= 1
N3K# show lacp interface ethernet 1/25
Interface Ethernet1/25 is up
Channel group is 1 port channel is Po1
PDUs sent: 31666
PDUs rcvd: 31651
Markers sent: 0
Markers rcvd: 0
Marker response sent: 0
Marker response rcvd: 0
Unknown packets rcvd: 0
Illegal packets rcvd: 0
Lag Id: [ [(7f9b, 0-23-4-ee-be-65, 82ae, 8000, 111), (8000, 0-a6-ca-75-6f-c1, 8000, 8000, 161)] ]
Operational as aggregated link since Fri Sep 2 08:00:34 2022
Local Port: Eth1/25 MAC Address= 0-a6-ca-75-6f-c1
System Identifier=0x8000, Port Identifier=0x8000,0x161
Operational key=32768
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Synchronization=IN_SYNC
Collecting=true
Distributing=true
Partner information refresh timeout=Long Timeout (90s)
Actor Admin State=61
Actor Oper State=61
Neighbor: 0x111
MAC Address= 0-23-4-ee-be-65
System Identifier=0x7f9b, Port Identifier=0x8000,0x111
Operational key=33454
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Synchronization=IN_SYNC
Collecting=true
Distributing=true
Partner Admin State=61
Partner Oper State=61
Aggregate or Individual(True=1)= 1输出显示LAG ID (7f9b, 0-23-4-ee-be-65, 82ae, 8000, 4121),它是作为系统ID的优先级(以十六进制表示32667)、vPC系统mac(00:23:04:ee:be:65)、操作密钥(以十六进制表示33454)和端口标识符的组合。
3. Port-channel状态:show port-channel extended
FAB3-L1# show port-channel extended
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
F - Configuration failed
-----------------------------------------------------------------------------
Group Port- BundleGrp Protocol Member Ports
Channel
-----------------------------------------------------------------------------
3 Po3(SU) 101-102 LACP Eth1/33(P)
Show port-channel extended显示作为端口信道捆绑一部分的物理链路状态的详细信息。
4. TEP详细信息和逻辑对等链路状态:show system internal epm vpc
FAB3-L1# show system internal epm vpc
Local TEP IP : 10.3.208.64
Peer TEP IP : 10.3.208.67
vPC configured : Yes
vPC VIP : 10.3.16.67
MCT link status : Up
Local vPC version bitmap : 0x7
Peer vPC version bitmap : 0x7
Negotiated vPC version : 3
Peer advertisement received : Yes
Tunnel to vPC peer : Up
vPC# 686
if : port-channel3, if index : 0x16000002
local vPC state : MCEC_STATE_UP, peer vPC state : MCEC_STATE_UP
current link state : LOCAL_UP_PEER_UP
vPC fast conv : Off5. ZMQ连接详细信息:show system internal vpcm zmq statistics
FAB3-L1# show system internal vpcm zmq statistics
--------------------------------------------
MCECM ZMQ counters
----------------------------------------------
ZMQ server : 1
ZmQ: Registered ZmQ print callback
ZmQ: ====== Start ZMQ statistics printing ======
ZmQ: ZMQ socket type: 5, local ID: 40d0030a
ZmQ: Socket base 0x1109c3b4, #endpoints 1
ZmQ: Total 1 I/O pipes, CONNECT CNT: 0, DISCONNECT CNT: 0
ZmQ: RX CNT: 66, BYTES: 124132, ERRORS: 0
ZmQ: TX CNT: 66, BYTES: 125096, ERRORS: 0
ZmQ: Pipe tcp://10.3.208.64:5001 (ID: FD 54 flag 1 state 0): read 66 (124132 bytes) write 66 (125096 bytes) Peer I/O pipe: read 66 (125096 bytes) write 66 (124132 bytes)
ZmQ: Stream engine 0xae90049c ZMQ SOCKET 0x1109c3b4 TCP FD: 54 @ 10.3.208.67:58740
ZmQ: RX CNT: 72 BYTES: 124494 ERRORS: 0 TX CNT: 73 BYTES: 125458 ERRORS: 0
ZmQ: CONNECT CNT: 0 DISCONNECT CNT: 0
ZmQ: ====== End ZMQ statistics printing ======ZMQ统计信息显示ZMQ会话的状态、连接次数、断开事件和发生的任何错误。
排除VPC端口通道故障
1. 物理端口关闭
FAB3-L1# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 101
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
686 Po3 down* success success
输出显示Po3关闭。
FAB3-L1# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
F - Configuration failed
-------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
-------------------------------------------------------------------------------
3 Po3(SD) Eth LACP Eth1/33(D) 我们进一步查看作为port-channel一部分的接口的状态。此处,Eth1/33处于Down状态。LACP被配置为捆绑协议。
FAB3-L1# show int e1/33
Ethernet1/33 is down (notconnect)
admin state is up, Dedicated Interface
Belongs to po3
Hardware: 100/1000/10000/auto Ethernet, address: 0081.c4b1.2521 (bia 0081.c4b1.2521)
MTU 9000 bytes, BW 0 Kbit, DLY 1 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 10 Gb/s
FEC (forward-error-correction) : disable-fec
Beacon is turned off
Auto-Negotiation is turned on
Input flow-control is off, output flow-control is off
Auto-mdix is turned off
Switchport monitor is off
EtherType is 0x8100
EEE (efficient-ethernet) : n/a
Last link flapped 00:08:15
Last clearing of "show interface" counters never
9 interface resets
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 0 bits/sec, 0 packets/sec
Load-Interval #2: 5 minute (300 seconds)
input rate 0 bps, 0 pps; output rate 0 bps, 0 ppsshow interface output提供关于接口e1/33的详细信息。可以看到E1/33在notconnect状态下关闭。
建议操作:
确保端口连接正确且配置正确。
2. 由LACP暂停
FAB3-L1# show port-channel extended
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
F - Configuration failed
-----------------------------------------------------------------------------
Group Port- BundleGrp Protocol Member Ports
Channel
-----------------------------------------------------------------------------
3 Po3(SD) 101-102 LACP Eth1/33(s)
输出显示Eth1/33处于挂起状态。接下来,我们查看show interface Eth1/33以了解更多详细信息。
FAB3-L1# show int e1/33
Ethernet1/33 is down (suspended-due-to-no-lacp-pdus)
admin state is up, Dedicated Interface
Belongs to po3
Hardware: 100/1000/10000/auto Ethernet, address: 0081.c4b1.2521 (bia 0081.c4b1.2521)
MTU 9000 bytes, BW 0 Kbit, DLY 1 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 10 Gb/s
FEC (forward-error-correction) : disable-fec
Beacon is turned off
Auto-Negotiation is turned on
Input flow-control is off, output flow-control is off
Auto-mdix is turned off
Switchport monitor is off
EtherType is 0x8100
EEE (efficient-ethernet) : n/a
Last link flapped 00:00:13
Last clearing of "show interface" counters never
12 interface resets
30 seconds input rate 0 bits/sec, 0 packets/sec
30 seconds output rate 1640 bits/sec, 0 packets/secshow interface建议端口挂起因为没有LACP PDU。我们可以进一步查看LACP计数器并确定是否正在发送和接收LACP PDU。
FAB3-L1# show lacp counters interface port-channel 3
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
---------------------------------------------------------------------
port-channel3
Ethernet1/33 314 264 0 0 0 0 0
FAB3-L1#
FAB3-L1#
FAB3-L1# show lacp counters interface port-channel 3
LACPDUs Marker Marker Response LACPDUs
Port Sent Recv Sent Recv Sent Recv Pkts Err
---------------------------------------------------------------------
port-channel3
Ethernet1/33 315 264 0 0 0 0 0 输出显示,计数器仅增加Sent LACPDUs,并且Recv计数器保持不变。这表明我们没有从远程终端收到LACP PDU。
我们还可以查看LACP协商参数、计数器等等,以了解特定接口使用“show lacp interface e1/33”的情况。
FAB3-L1# show lacp interface e1/33
Interface Ethernet1/33 is suspended
Channel group is 3 port channel is Po3
PDUs sent: 317
PDUs rcvd: 264 received
Markers sent: 0
Markers rcvd: 0
Marker response sent: 0
Marker response rcvd: 0
Unknown packets rcvd: 0
Illegal packets rcvd: 0
Lag Id: [ [(7f9b, 00-23-04-ee-be-65, 82ae, 8000, 121), (0, 0-0-0-0-0-0, 0, 0, 0)] ]
Operational as aggregated link since Mon Aug 22 09:29:53 2022
Local Port: Eth1/33 MAC Address= 00-81-c4-b1-25-4f
System Identifier=0x8000,00-81-c4-b1-25-4f
Port Identifier=0x8000,0x121
Operational key=33454
LACP_Activity=active
LACP_Timeout=Long Timeout (30s)
Synchronization=NOT_IN_SYNC
Collecting=false
Distributing=false
Partner information refresh timeout=Long Timeout (90s)
Actor Admin State=(Ac-1:To-0:Ag-1:Sy-0:Co-0:Di-0:De-1:Ex-0)
Actor Oper State=Ac-1:To-0:Ag-1:Sy-0:Co-0:Di-0:De-1:Ex-0
Neighbor: 0x0
MAC Address= 0-0-0-0-0-0
System Identifier=0x0,0x0
Port Identifier=0x0,0x0
Operational key=0
LACP_Activity=unknown
LACP_Timeout=Long Timeout (30s)
Synchronization=NOT_IN_SYNC
Collecting=false
Distributing=false
Partner Admin State=(Ac-0:To-0:Ag-0:Sy-0:Co-0:Di-0:De-0:Ex-0)
Partner Oper State=(Ac-0:To-0:Ag-0:Sy-0:Co-0:Di-0:De-0:Ex-0)
Aggregate or Individual(True=1)= 2
此外,还可以在枝叶上为LACP数据包执行数据包捕获。您可以使用特定过滤器过滤掉相关接口。
tcpdump -vvvi kpm_inb ether proto 0x8809建议操作:
确保在远程端正确配置了LACP,并且设备在正确的接口上发送LACP PDU。
3. 通过vPC挂起
FAB3-L1# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 101
Peer status : peer adjacency formed ok
vPC keep-alive status : Disabled
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
Operational Layer3 Peer : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 up -
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
686 Po3 down* failed vpc port channel
mis-config due to
vpc links in the 2
switches connected
to different
partners
此输出显示vPC端口通道因vPC错误配置而关闭。观察端口通道状态。
FAB3-L1# show port-channel summary
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
F - Configuration failed
-------------------------------------------------------------------------------
Group Port- Type Protocol Member Ports
Channel
-------------------------------------------------------------------------------
3 Po3(SD) Eth LACP Eth1/33(D)
此处,Eth1/33处于Down状态。有关详细信息,请观察show interface e1/33。
FAB3-L1# show int e1/33
Ethernet1/33 is down (suspend-by-vpc)
admin state is up, Dedicated Interface
Belongs to po3
Hardware: 100/1000/10000/auto Ethernet, address: 0081.c4b1.2521 (bia 0081.c4b1.2521)
MTU 9000 bytes, BW 0 Kbit, DLY 1 usec
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, medium is broadcast
Port mode is trunk
full-duplex, 10 Gb/s
FEC (forward-error-correction) : disable-fec
Beacon is turned off
Auto-Negotiation is turned on
Input flow-control is off, output flow-control is off
Auto-mdix is turned off
Switchport monitor is off
EtherType is 0x8100vPC使用LAG ID确定vPC对等设备是否连接到同一主机。如果LAG ID不匹配,则接口将由vPC挂起。
Show vpc brief显示vPC对等体上port-channel中的物理链路未连接到相同的远程设备。
使用show vpc consistency-parameters interface port-channel 3可检查LAG ID比较。
FAB3-L1# show vpc consistency-parameters interface port-channel 3
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
------------- ---- ---------------------- -----------------------
lag-id 1 [(7f9b, [(7f9b,
0-23-4-ee-be-65, 82ae, 0-23-4-ee-be-68, 82ae,
0, 0), (8000, 0, 0), (8000,
0-a6-ca-75-6f-c1, 0-a6-ca-75-6f-c1,
8000, 0, 0)] 8000, 0, 0)]
mode 1 active active
Speed 1 10 Gb/s 10 Gb/s
Duplex 1 full full
Port Mode 1 trunk trunk
Native Vlan 1 0 0
MTU 1 9000 9000
vPC card type 1 Empty Empty
Allowed VLANs - 86 86
Local suspended VLANs - - -
如果LAG-ID不匹配,端口将挂起。
建议操作:
确保port-channel中的物理链路连接到同一远程设备。
4. LACP挂起个人
如果端口未从对等体接收LACP PDU,LACP会将端口设置为挂起状态。这会导致某些服务器无法启动,因为它们需要LACP才能在逻辑上启动端口。可以通过禁用LACP suspend individual将行为调整为单独使用。
要执行此操作,请在vPC策略组中创建一个端口通道策略,将模式设置为LACP active后,删除Suspend Individual Port。现在,vPC中的端口保持活动状态,并继续发送LACP数据包。
FAB3-L1# show port-channel extended
Flags: D - Down P - Up in port-channel (members)
I - Individual H - Hot-standby (LACP only)
s - Suspended r - Module-removed
b - BFD Session Wait
S - Switched R - Routed
U - Up (port-channel)
M - Not in use. Min-links not met
F - Configuration failed
-----------------------------------------------------------------------------
Group Port- BundleGrp Protocol Member Ports
Channel
-----------------------------------------------------------------------------
1 Po1(SD) 101-102 LACP Eth1/33(I)
输出显示,即使删除LACP Suspend-Individual标记后未在Eth1/33上收到LACP PDU,端口仍作为单个端口运行。请注意,我们仍然使用此配置从ACI枝叶发送LACP PDU。收到LACP PDU后,端口将返回捆绑模式。
其他错误
还有其他接口错误不是特定于vPC,但仍适用于vPC接口。有关详细信息,请参阅链接。
1. mcp-loop-err-disable
2. bpdu-guard-err-disable
修订历史记录
| 版本 | 发布日期 | 备注 |
|---|---|---|
1.0 |
31-Oct-2022 |
初始版本 |
由思科工程师提供
- 萨文德·辛格TAC
反馈