> I do not believe L3 is the problem, the problem is routing protocols over
> the vPC.
This is really the key. There are instances where your layer 3 ECMP hashing and your layer 2 port channel hashing don't agree, in which case a layer 3 frame destined for vPC neighbor A gets layer 2 forwarded to vPC neighbor B, and it may or may not be dropped depending on whether it needs to go to a vPC member port or not. The end result is difficult to troubleshoot because packet loss will occur based on non-deterministic flow hashing.
There are some ways to solve this problem depending on your design though. Post more details if you want more specific help.
On Apr 14, 2013, at 12:14 AM, "Joe Sanchez" <marco207p_at_gmail.com> wrote:
> Vibeesh,
>
> I do not believe L3 is the problem, the problem is routing protocols over
> the vPC. For instance eigrp over a vPC will not work properly. However I
> have setup MANY vPC's to for instance Fortinet Firewalls with not problems
> well none that fortinet didn't have to write new code for, in fact Cisco
> ASA's as well. If you try doing dynamic routing over the vPC you will
> start pulling your hair out trying to troubleshoot why it's not working
> properly.
>
> If you are vPC'ng to a None Cisco device such as firewalls with
> Active/Standby you want to disable lacp graceful convergence. After doing
> hours and hours of failover testing with devices other than cisco that are
> vPC'd to Nexus 5k and 7k's, Ive found that cisco's version of LACP doesn't
> play well with other non-cisco devices if you do not disable graceful
> convergence. Cisco by default uses graceful convergence and if you have
> Active/Passive firewalls and or other devices that automatically failover
> back to the original active device you will lose packets due to the Cisco
> side of the LACP links gracefully bringing the links back after a failure.
>
> On 4/13/13 9:44 PM, "Vibeesh S" <vibselva_at_gmail.com> wrote:
>
>> Cisco does not recommend having a vpc setup to a L3 device.
>>
>> If I use SVI on the 7K and connect it to a ASA with VPC who is also having
>> ether channel are there any issues that we foresee pop up ?
>> appreciate your response
>>
>> --
>> CCIE - R&S
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Apr 14 2013 - 00:42:23 ART
This archive was generated by hypermail 2.2.0 : Wed May 01 2013 - 06:47:40 ART