[c-nsp] [External] VPC + MLAG but more of a general question I guess
Drew Weaver
drew.weaver at thenap.com
Fri Jul 8 13:41:03 EDT 2022
Hello,
If we connect a host like a server or whatever to the C9336s using VPC each host has its own VPC ID.
So I guess the way I am thinking about this, potentially incorrectly (I might add) is that LAB-1 is a host and LAB-2 is a host. So that is why I gave each one their own VPC ID on the Cisco side.
From a technical standpoint why would each pair of switches need to know that the other pair is running VPC/MLAG at all, i.e. why does the VPC ID even matter?
So instead of thinking about it as one big switch made up of 4 actual switches I'm more thinking about it as two pairs of switches that happen to be connected together with port channels.
C9336s
LAB-1 is VPC po19/vpc19
LAB-2 is VPC po18/vpc18
On the Dell [OS6] side PO2 is VPC55 on both. Originally I had it setup exactly the same on both ends [VPC18 and VPC19] but the Dell side wouldn't learn MAC addresses across the peer-link when configured that way.
So assuming there is a technical reason that invalidates the current design would:
A) All four port-channels need to be configured as VPC 55
or
B) The two Dell switch port channels configured as VPC 55 and the two Cisco switches configured as VPC 19 OR 18
The reason I am sort of asking for more technical details as to why the VPC ID would matter outside of my specific scenario is because with the behavior of the Dell switches [bringing up po2 while simultaneously complaining it cannot possibly bring up PO2 because of a key mismatch] I'm having a hard time trusting anything they say.
Especially since they won't even try to explain why it's simultaneously complaining about the keys and also the port-channel is active.
Thanks,
-Drew
-----Original Message-----
From: Hunter Fuller <hf0002 at uah.edu>
Sent: Friday, July 8, 2022 12:00 PM
To: Drew Weaver <drew.weaver at thenap.com>
Cc: cisco-nsp at puck.nether.net
Subject: Re: [External] [c-nsp] VPC + MLAG but more of a general question I guess
> If you have two Cisco switches in a VPC domain and then you connect another pair of switches downstream (that also run MLAG/VPC) is it required that all of the port-channels [for the partner network, not the peer-link] between those two sets of switches use the same VPC id?
I'm sorry, I just reread this, the answer is yes. Set all the mentioned ports on the C9336 to have the same vPC ID.
> Typically if a port channel configuration is invalid on the C9336 side it will put one of the ports into Stby to prevent loops but in this case the Cisco end doesn't see any problem with anything whatsoever.
It is still receiving valid LACPDUs from the remote switches so it is bundling those ports. The problem is in the far side, it should not be bundling the ports in this situation. The far side is correctly identifying the misconfiguration.
> 2. The switch actually DID add the interfaces to PO2 even if it continually says that it can't do that.
Yeah, it shouldn't have.
> Should connecting a pair of MLAG switches downstream from a VPC domain be any different than connecting any other host to a VPC domain?
Well, no, it isn't different. Imagine if you had one switch, and you wanted its uplink to be a vPC. You would put all the 9336 ports in a vPC with the same ID.
Since you run MLAG on your downstream switches, they act as "one big switch" for the purpose of LACP. So you need to have the same vPC ID on all the 9336 ports because "they are all facing the same big switch" if that makes sense.
> My thinking is that the uplinks from each downstream switch really don't have anything to do with each other, which is why I configured them in separate VPCs on the Cisco side.
The fact that you are running MLAG on the downstream side, makes them have a lot to do with each other. They need to be in the same LAG.
> The second vendor is telling me that po2 from each downstream switch has to be in the same VPC on the Cisco side which isn't really clicking/making sense to me.
Yeah, I think you would do well to think of vPC and MLAG as technologies that turn two switches into one big switch, for the purposes of that LAG. I even think of it this way - vPCs face a single "remote system" - this "system" can be made up of one switch, or multiple switches running MLAG/vPC..
More information about the cisco-nsp
mailing list