Summary
The Nexus 7000 hardware has loop prevention logic that drops traffic traversing the peer link (destined for a vPC member port) when there are no failed vPC ports or links. Normally peer-link traffic is non-existent in a normal network and this is never a problem for attaching normal Layer 2 switches or servers. However when external devices attempt to form a routing adjacency with the Nexus 7000′s over the vPC peer-link, some traffic destined for a vPC member port can be forced over the peer-link even when the network is healthy, causing traffic to be dropped by the loop prevention logic.
Best practice:
- Attach external routers or L3 switches with L3 routed interfaces.
- It’s OK to use the vPC peer-link to form a routing adjacency between the two Nexus 7000′s. Use a VLAN dedicated to the routing adjacency and only forward this VLAN on the peer-link, not on the vPC member ports.
- Use the ‘passive-interface default’ command in your routing protocol to prevent a routing adjacency on all the other VLANs.
- If attaching external devices on a Layer 2 port running a routing protocol with the Nexus 7000′s (e.g. firewall running OSPF), provision a new non-vPC inter-switch link, and attach the device to non-vPC VLANs.
- Use static routes to the HSRP gateway address on external devices such as firewalls and load balancers. Do not run routing protocols on these devices unless absolutely necessary.
via Routing over Nexus 7000 vPC peer-link? Yes and No. : BRAD HEDLUND.
1 comment
I see you don’t monetize your page, i think there is one opportunity to earn extra cash on your site, search in google for; idol4jp
makes money