Virtual Port Channel (vPC) Peer-switch Feature Explained
I- STP and VPC
STP sees the port channel as a unique logical link.
vPC maintains dual active control planes and Spanning Tree Protocol still runs on both switches.
For vPC ports, only the vPC primary switch runs the STP topology for those vPC ports. In other words, Spanning Tree Protocol for vPCs is controlled by the vPC primary peer device, and only this device generates then sends out Bridge Protocol Data Units (BPDUs) on Spanning Tree Protocol designated ports. This happens irrespectively of where the designated Spanning Tree Protocol root is located.
Both vPC member ports on both peer devices always share the same STP port state (FWD state in a steady network).
STP on the secondary vPC switch must be enabled but it doesn’t dictate the vPC member port state.
By default, STP implementation (in the context of vPC) allocates each vPC peer device with its own bridge ID value.
- Recommendation:
– Configure the Spanning Tree Protocol root for all VLAN on vPC primary device (spanning-tree vlan 100-102 root primary)
– Configure the Spanning Tree Protocol secondary root for all VLAN on vPC secondary device (spanning-tree vlan 100-102 root secondary)
- vPC and STP recommended design
vPC Peer-Switch
- Without vPC Peer-switch feature:
Without vPC Peer-switch vPC primary peer device failure and recovery usually create around 3 seconds of traffic disruption: when the primary vPC device reload, the secondary device will claim the operational vPC primary role and it will be responsible for sending the STP BPDU.
With vPC Peer-switch Feature:
The vPC Peer-Switch feature allows a pair of vPC peer devices to appear as a single Spanning Tree Protocol root in the Layer 2 topology (they have the same bridge ID). vPC peer-switch must be configured on both vPC peer devices to become operational.
Example: vPC Peer-switch Lab
Initially, for the downstream switch R4, N7K-1 is the Root bridge:
Switch#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 32778
Address 5001.0000.1b08
Cost 59
Port 65 (Port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address aabb.cc00.4000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/2 Desg FWD 100 128.3 P2p
Po10 Root FWD 56 128.65 P2p
SW1# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary, operational secondary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 50:01:00:00:1b:08
vPC local role-priority : 32667
vPC local config role-priority : 32667
vPC peer system-mac : 50:02:00:00:1b:08
vPC peer role-priority : 32667
vPC peer config role-priority : 32667
SW1# show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 32778
Address 5001.0000.1b08
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 5001.0000.1b08
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Desg FWD 3 128.4096 (vPC peer-link) Network P2p
Po10 Desg FWD 1 128.4105 (vPC) P2p Peer(STP)
Eth1/6 Desg FWD 4 128.6 P2p
This feature simplifies Spanning Tree Protocol configuration by configuring vPC VLAN on both peer devices with the same Spanning Tree Protocol priority. A vPC Peer-Switch eliminates the need to map the Spanning Tree Protocol root to the vPC primary peer device.
Required recommendation:
- When vPC peer-swtich is activated, both vPC peer devices MUST have the same spanning tree
configuration (same Spanning Tree Protocol priority for all vPC VLAN).
BPDU processing with and without Peer-switch:
Without vPC peer-switch:
- BPDU is processed only by primary peer device for vPC attached switched.
- For directly single-attached switches, the respective connected NEXUS 7000 switch will process locally the BPDU.
With vPC peer-switch:
- With vPC peer-swtich activated, STP BPDUs are directly processed by the logical Spanning Tree Protocol root formed by the 2 peer devices. Note that a vPC-attached access device will receive 2 BPDU: 1 per vPC peer device.
The content of the BPDU is exactly the same. BPDU proxing over vPC peer-link is no more needed once vPC peerswitch is activated. - For directly single-attached switches, the respective connected NEXUS 7000 switch will process locally the BPDU.
Peer-switch Configuration and verification:
- Configuration:
vPC peer-switch must be configured on both peers to take effect:
SW1(config)# vpc domain 1
SW1(config-vpc-domain)# peer-switch
SW2(config)# vpc domain 1
SW2(config-vpc-domain)# peer-switch
- Verification:
On the vPC member device, we can see that the Root has changed to 0023.04ee.be01, which is the vPC system mac address, both devices ( primary and secondary) are sending out the same BPDU.
Switch#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol ieee
Root ID Priority 32778
Address 0023.04ee.be01
Cost 56
Port 65 (Port-channel10)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address aabb.cc00.4000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/2 Desg FWD 100 128.3 P2p
Po10 Root FWD 56 128.65 P2p
we can check that the Rood id is indeed the vPC system MAC and not the Root
SW1# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary, operational secondary
Dual Active Detection Status : 0
vPC system-mac : 00:23:04:ee:be:01
vPC system-priority : 32667
vPC local system-mac : 50:01:00:00:1b:08
vPC local role-priority : 32667
vPC local config role-priority : 32667
vPC peer system-mac : 50:02:00:00:1b:08
vPC peer role-priority : 32667
vPC peer config role-priority : 32667
An interesting point to mention is that both Devices are now the Root because logically they are the same from STP point of view:
SW1# show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 32778
Address 0023.04ee.be01
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 0023.04ee.be01
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Po1 Root FWD 3 128.4096 (vPC peer-link) Network P2p
Po10 Desg FWD 1 128.4105 (vPC) P2p Peer(STP)
Eth1/6 Desg FWD 4 128.6 P2p