Re: [c-nsp] [External] VPC + MLAG but more of a general question I guess
Just for the list, it turns out that the issue was that on the Nexus side the uplinks weren't in the same port channel and this is important when trying to trick the other side into thinking it's one system. Thanks, sorry for noise. -Original Message- From: cisco-nsp On Behalf Of Drew Weaver Sent: Friday, July 8, 2022 2:39 PM To: 'Crist Clark' Cc: 'cisco-nsp@puck.nether.net' Subject: Re: [c-nsp] [External] VPC + MLAG but more of a general question I guess That isn’t actually what is occurring though. Nothing is being blocked by STP and there are no runaway traffic loops. From: Crist Clark Sent: Friday, July 8, 2022 2:09 PM To: Drew Weaver Cc: Hunter Fuller ; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] [External] VPC + MLAG but more of a general question I guess Because spanning tree. If the DELL switches are paired, they are a single STP bridge. The vPC switches are a single STP bridge. If you have two independent links between those two bridges, one will block. It will all work fine, and you’ll get redundancy, but only one link is available for use. On Fri, Jul 8, 2022 at 10:45 AM Drew Weaver mailto:drew.wea...@thenap.com>> wrote: Hello, If we connect a host like a server or whatever to the C9336s using VPC each host has its own VPC ID. So I guess the way I am thinking about this, potentially incorrectly (I might add) is that LAB-1 is a host and LAB-2 is a host. So that is why I gave each one their own VPC ID on the Cisco side. From a technical standpoint why would each pair of switches need to know that the other pair is running VPC/MLAG at all, i.e. why does the VPC ID even matter? So instead of thinking about it as one big switch made up of 4 actual switches I'm more thinking about it as two pairs of switches that happen to be connected together with port channels. C9336s LAB-1 is VPC po19/vpc19 LAB-2 is VPC po18/vpc18 On the Dell [OS6] side PO2 is VPC55 on both. Originally I had it setup exactly the same on both ends [VPC18 and VPC19] but the Dell side wouldn't learn MAC addresses across the peer-link when configured that way. So assuming there is a technical reason that invalidates the current design would: A) All four port-channels need to be configured as VPC 55 or B) The two Dell switch port channels configured as VPC 55 and the two Cisco switches configured as VPC 19 OR 18 The reason I am sort of asking for more technical details as to why the VPC ID would matter outside of my specific scenario is because with the behavior of the Dell switches [bringing up po2 while simultaneously complaining it cannot possibly bring up PO2 because of a key mismatch] I'm having a hard time trusting anything they say. Especially since they won't even try to explain why it's simultaneously complaining about the keys and also the port-channel is active. Thanks, -Drew -Original Message- From: Hunter Fuller mailto:hf0...@uah.edu>> Sent: Friday, July 8, 2022 12:00 PM To: Drew Weaver mailto:drew.wea...@thenap.com>> Cc: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> Subject: Re: [External] [c-nsp] VPC + MLAG but more of a general question I guess > If you have two Cisco switches in a VPC domain and then you connect another > pair of switches downstream (that also run MLAG/VPC) is it required that all > of the port-channels [for the partner network, not the peer-link] between > those two sets of switches use the same VPC id? I'm sorry, I just reread this, the answer is yes. Set all the mentioned ports on the C9336 to have the same vPC ID. > Typically if a port channel configuration is invalid on the C9336 side it > will put one of the ports into Stby to prevent loops but in this case the > Cisco end doesn't see any problem with anything whatsoever. It is still receiving valid LACPDUs from the remote switches so it is bundling those ports. The problem is in the far side, it should not be bundling the ports in this situation. The far side is correctly identifying the misconfiguration. > 2. The switch actually DID add the interfaces to PO2 even if it > continually says that it can't do that. Yeah, it shouldn't have. > Should connecting a pair of MLAG switches downstream from a VPC domain be any > different than connecting any other host to a VPC domain? Well, no, it isn't different. Imagine if you had one switch, and you wanted its uplink to be a vPC. You would put all the 9336 ports in a vPC with the same ID. Since you run MLAG on your downstream switches, they act as "one big switch" for the purpose of LACP. So you need to have the same vPC ID on all the 9336 ports because "they are all facing the same big switch" if that makes sense. > My thinking is that the uplinks from each downstream switch really don't have > anything to do with each other, which is why I configured them in separate > VPCs on the Cisco side. T
Re: [c-nsp] [External] VPC + MLAG but more of a general question I guess
That isn’t actually what is occurring though. Nothing is being blocked by STP and there are no runaway traffic loops. From: Crist Clark Sent: Friday, July 8, 2022 2:09 PM To: Drew Weaver Cc: Hunter Fuller ; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] [External] VPC + MLAG but more of a general question I guess Because spanning tree. If the DELL switches are paired, they are a single STP bridge. The vPC switches are a single STP bridge. If you have two independent links between those two bridges, one will block. It will all work fine, and you’ll get redundancy, but only one link is available for use. On Fri, Jul 8, 2022 at 10:45 AM Drew Weaver mailto:drew.wea...@thenap.com>> wrote: Hello, If we connect a host like a server or whatever to the C9336s using VPC each host has its own VPC ID. So I guess the way I am thinking about this, potentially incorrectly (I might add) is that LAB-1 is a host and LAB-2 is a host. So that is why I gave each one their own VPC ID on the Cisco side. From a technical standpoint why would each pair of switches need to know that the other pair is running VPC/MLAG at all, i.e. why does the VPC ID even matter? So instead of thinking about it as one big switch made up of 4 actual switches I'm more thinking about it as two pairs of switches that happen to be connected together with port channels. C9336s LAB-1 is VPC po19/vpc19 LAB-2 is VPC po18/vpc18 On the Dell [OS6] side PO2 is VPC55 on both. Originally I had it setup exactly the same on both ends [VPC18 and VPC19] but the Dell side wouldn't learn MAC addresses across the peer-link when configured that way. So assuming there is a technical reason that invalidates the current design would: A) All four port-channels need to be configured as VPC 55 or B) The two Dell switch port channels configured as VPC 55 and the two Cisco switches configured as VPC 19 OR 18 The reason I am sort of asking for more technical details as to why the VPC ID would matter outside of my specific scenario is because with the behavior of the Dell switches [bringing up po2 while simultaneously complaining it cannot possibly bring up PO2 because of a key mismatch] I'm having a hard time trusting anything they say. Especially since they won't even try to explain why it's simultaneously complaining about the keys and also the port-channel is active. Thanks, -Drew -Original Message- From: Hunter Fuller mailto:hf0...@uah.edu>> Sent: Friday, July 8, 2022 12:00 PM To: Drew Weaver mailto:drew.wea...@thenap.com>> Cc: cisco-nsp@puck.nether.net<mailto:cisco-nsp@puck.nether.net> Subject: Re: [External] [c-nsp] VPC + MLAG but more of a general question I guess > If you have two Cisco switches in a VPC domain and then you connect another > pair of switches downstream (that also run MLAG/VPC) is it required that all > of the port-channels [for the partner network, not the peer-link] between > those two sets of switches use the same VPC id? I'm sorry, I just reread this, the answer is yes. Set all the mentioned ports on the C9336 to have the same vPC ID. > Typically if a port channel configuration is invalid on the C9336 side it > will put one of the ports into Stby to prevent loops but in this case the > Cisco end doesn't see any problem with anything whatsoever. It is still receiving valid LACPDUs from the remote switches so it is bundling those ports. The problem is in the far side, it should not be bundling the ports in this situation. The far side is correctly identifying the misconfiguration. > 2. The switch actually DID add the interfaces to PO2 even if it > continually says that it can't do that. Yeah, it shouldn't have. > Should connecting a pair of MLAG switches downstream from a VPC domain be any > different than connecting any other host to a VPC domain? Well, no, it isn't different. Imagine if you had one switch, and you wanted its uplink to be a vPC. You would put all the 9336 ports in a vPC with the same ID. Since you run MLAG on your downstream switches, they act as "one big switch" for the purpose of LACP. So you need to have the same vPC ID on all the 9336 ports because "they are all facing the same big switch" if that makes sense. > My thinking is that the uplinks from each downstream switch really don't have > anything to do with each other, which is why I configured them in separate > VPCs on the Cisco side. The fact that you are running MLAG on the downstream side, makes them have a lot to do with each other. They need to be in the same LAG. > The second vendor is telling me that po2 from each downstream switch has to > be in the same VPC on the Cisco side which isn't really clicking/making sense > to me. Yeah, I think you would do well to think of vPC and MLAG as technologies that turn two switches into one big switch, for the purposes of that LAG. I even think of
Re: [c-nsp] [External] VPC + MLAG but more of a general question I guess
Hello, If we connect a host like a server or whatever to the C9336s using VPC each host has its own VPC ID. So I guess the way I am thinking about this, potentially incorrectly (I might add) is that LAB-1 is a host and LAB-2 is a host. So that is why I gave each one their own VPC ID on the Cisco side. >From a technical standpoint why would each pair of switches need to know that >the other pair is running VPC/MLAG at all, i.e. why does the VPC ID even >matter? So instead of thinking about it as one big switch made up of 4 actual switches I'm more thinking about it as two pairs of switches that happen to be connected together with port channels. C9336s LAB-1 is VPC po19/vpc19 LAB-2 is VPC po18/vpc18 On the Dell [OS6] side PO2 is VPC55 on both. Originally I had it setup exactly the same on both ends [VPC18 and VPC19] but the Dell side wouldn't learn MAC addresses across the peer-link when configured that way. So assuming there is a technical reason that invalidates the current design would: A) All four port-channels need to be configured as VPC 55 or B) The two Dell switch port channels configured as VPC 55 and the two Cisco switches configured as VPC 19 OR 18 The reason I am sort of asking for more technical details as to why the VPC ID would matter outside of my specific scenario is because with the behavior of the Dell switches [bringing up po2 while simultaneously complaining it cannot possibly bring up PO2 because of a key mismatch] I'm having a hard time trusting anything they say. Especially since they won't even try to explain why it's simultaneously complaining about the keys and also the port-channel is active. Thanks, -Drew -Original Message- From: Hunter Fuller Sent: Friday, July 8, 2022 12:00 PM To: Drew Weaver Cc: cisco-nsp@puck.nether.net Subject: Re: [External] [c-nsp] VPC + MLAG but more of a general question I guess > If you have two Cisco switches in a VPC domain and then you connect another > pair of switches downstream (that also run MLAG/VPC) is it required that all > of the port-channels [for the partner network, not the peer-link] between > those two sets of switches use the same VPC id? I'm sorry, I just reread this, the answer is yes. Set all the mentioned ports on the C9336 to have the same vPC ID. > Typically if a port channel configuration is invalid on the C9336 side it > will put one of the ports into Stby to prevent loops but in this case the > Cisco end doesn't see any problem with anything whatsoever. It is still receiving valid LACPDUs from the remote switches so it is bundling those ports. The problem is in the far side, it should not be bundling the ports in this situation. The far side is correctly identifying the misconfiguration. > 2. The switch actually DID add the interfaces to PO2 even if it > continually says that it can't do that. Yeah, it shouldn't have. > Should connecting a pair of MLAG switches downstream from a VPC domain be any > different than connecting any other host to a VPC domain? Well, no, it isn't different. Imagine if you had one switch, and you wanted its uplink to be a vPC. You would put all the 9336 ports in a vPC with the same ID. Since you run MLAG on your downstream switches, they act as "one big switch" for the purpose of LACP. So you need to have the same vPC ID on all the 9336 ports because "they are all facing the same big switch" if that makes sense. > My thinking is that the uplinks from each downstream switch really don't have > anything to do with each other, which is why I configured them in separate > VPCs on the Cisco side. The fact that you are running MLAG on the downstream side, makes them have a lot to do with each other. They need to be in the same LAG. > The second vendor is telling me that po2 from each downstream switch has to > be in the same VPC on the Cisco side which isn't really clicking/making sense > to me. Yeah, I think you would do well to think of vPC and MLAG as technologies that turn two switches into one big switch, for the purposes of that LAG. I even think of it this way - vPCs face a single "remote system" - this "system" can be made up of one switch, or multiple switches running MLAG/vPC.. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
