vPC (Virtual Port-Channel) Failure Scenarios Explained

Reference: Design and Configuration Guide Cisco

I- vPC Peer-Link Failure

When vPC peer-link fails down and vPC peer-keepalive link is still up, the vPC secondary peer device performs the following operations:

  • Suspends its vPC member ports
  • Shuts down the SVI associated to the vPC VLAN


This protective behavior from vPC allows to redirect all southbound and northbound traffic to primary peer device.
Note that when vPC peer-link is down, both vPC peer devices cannot synchronize each other anymore so
designed protection mechanism leads to isolate one of the peer device (in occurrence the secondary peer device) from the data path


What about orphan ports

If orphan ports are connected to vPC secondary peer device, they become isolated once peer-link is down. To maintain Layer 3 connectivity to these orphan ports, a command is available to prevent the SVI (associated to vPC VLAN) from being shut down: ‘dual-active exclude interface-vlan


II- vPC Keep Alive Failure

In case of Keep Alive link failure, there is no impact or down on the Dataplane. Also, there is no change in the vPC Peers roles.



III- vPC Peer Switch Failure

In case of the vPC peer Switch failure, the traffic will be forwarded by the remaining links of the active switch.

In case of the failure of the Primary switch, the secondary switch will detect that the Peer-link is down, then, check that no keep Alive hearbeats, and will assume the role of vPC operational Primary.

When the failed switch recover, it will be the operational secondary switch (because vPC role is non-preemptive), and will start forwarding traffic.


IV- vPC split Brain scenario

Also called vPC Dual active scenario.

This scenario will Occur when Keep-Alive link fails, then Peer-link fails.

If the vPC keepalive link fails first and then a peer link fails, vPC primary switch continues to be primary
but the vPC secondary switch becomes the operational primary switch and keeps its vPC member ports
up.

This situation is known as a split-brain scenario. There is no loss of traffic for existing flows but new flows can be effected as the peer link is not available, the two vPC switches cannot synchronize the unicast MAC address and the IGMP groups and therefore they cannot maintain the complete unicast and multicast forwarding table and there may be some duplicate packet forwarding.

Bilel

Bilel

Related articles

Understanding Multicast PIM Sparse Mode (Packet Flow)

Understanding MST: Multiple Spanning Tree Protocol With Example [GNS3 Lab]

Private VLAN Forwarding Explained (With LAB and Packet Flows)

BGP Local Preference Configuration on Cisco ACI

VXLAN with Multicast Control Plane -Configuration and Packet Flow [EVE-ng Lab]

IS-IS and OSPF Redistribution (Configuration Example on Nexus 9K)

IS-IS Adjacency Packet Capture [Step by Step Wireshark Analysis]

IS-IS Routing Protocol Fundamental Explained

IS-IS Routing protocol configuration Step by Step [GNS3 Lab]

NSAP addressing and IS-IS NET Explained

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x