[c-nsp] Nexus vPC loop avoidance details?

Adrian Chung adrian at enfusion-group.com
Wed Apr 27 00:48:59 EDT 2011 

On 11-04-27 12:05 AM, "Lincoln Dale" <ltd at cisco.com> wrote:


>On 23/04/2011, at 11:08 AM, Adrian Chung wrote:
>> The 6500s each have two ten gigE interfaces in a port-channel connected
>>up
>> to vPCs on the 7K side.  On top of this, each 6500 is forming an OSPF
>> adjacency with each 7K.  The adjacencies form without a problem, and
>>we're
>> not using peer-gateway.
>
>running a L3 routing protocol over vPC member links between SVIs is not a
>supported configuration (as you state).
>
>what you have may _seem_ to work today. that doesn't mean they will
>continue to work in future.
>
>what may cause it to stop working?
>well, for starters, OSPF uses a few different types of control packets.
>some use link-local multicast, which if they arrive on the 'right' N7K
>will work.  but if they arrive on the 'wrong' N7K they will fail.
>
>whether a device sends to the 'right' or 'wrong' N7K depends on which
>physical link it chooses to use in a LAG bundle.  as the neighboring
>device has no idea its a point-to-multipoint bundle, its not really in a
>position to choose the 'right' or 'wrong' link.

This makes complete sense.  It's just weird that when sourced from transit
interfaces on the directly adjacent 6500s, traffic to the "wrong" N7K is
actually dropped when the egress would be to another vPC, but when sourced
from something beyond the 6500s, regardless of the physical link within
the LAG that's chosen, all traffic appears to work.

>
>as to how vPC does loop avoidance, its sort of beside the point as to how
>it actually does it - just that it _does_ do it.
>i don't think its a secret per-se as to how we do it, but what you've
>observed with routing protocols is somewhat orthogonal to that.

Mostly curious as to why some scenarios appear to work even though the
traffic is traversing links which are to the "wrong" N7K.  vPC loop
avoidance should be dropping these packets as well, so my assumption was
that it is more involved than simply setting a bit when the packet
traverses the peer-link and then filtering.

In any case, it's not a big deal.  Unsupported, we won't do it, we'll
leave it at that. :)

More information about the cisco-nsp mailing list