vPC (Virtual Port-Channel) Failure Scenarios Explained
Reference: Design and Configuration Guide Cisco
I- vPC Peer-Link Failure
When vPC peer-link fails down and vPC peer-keepalive link is still up, the vPC secondary peer device performs the following operations:
- Suspends its vPC member ports
- Shuts down the SVI associated to the vPC VLAN
This protective behavior from vPC allows to redirect all southbound and northbound traffic to primary peer device.
Note that when vPC peer-link is down, both vPC peer devices cannot synchronize each other anymore so
designed protection mechanism leads to isolate one of the peer device (in occurrence the secondary peer device) from the data path
What about orphan ports
If orphan ports are connected to vPC secondary peer device, they become isolated once peer-link is down. To maintain Layer 3 connectivity to these orphan ports, a command is available to prevent the SVI (associated to vPC VLAN) from being shut down: ‘dual-active exclude interface-vlan‘
II- vPC Keep Alive Failure
In case of Keep Alive link failure, there is no impact or down on the Dataplane. Also, there is no change in the vPC Peers roles.
III- vPC Peer Switch Failure
In case of the vPC peer Switch failure, the traffic will be forwarded by the remaining links of the active switch.
In case of the failure of the Primary switch, the secondary switch will detect that the Peer-link is down, then, check that no keep Alive hearbeats, and will assume the role of vPC operational Primary.
When the failed switch recover, it will be the operational secondary switch (because vPC role is non-preemptive), and will start forwarding traffic.
IV- vPC split Brain scenario
Also called vPC Dual active scenario.
This scenario will Occur when Keep-Alive link fails, then Peer-link fails.
If the vPC keepalive link fails first and then a peer link fails, vPC primary switch continues to be primary
but the vPC secondary switch becomes the operational primary switch and keeps its vPC member ports
This situation is known as a split-brain scenario. There is no loss of traffic for existing flows but new flows can be effected as the peer link is not available, the two vPC switches cannot synchronize the unicast MAC address and the IGMP groups and therefore they cannot maintain the complete unicast and multicast forwarding table and there may be some duplicate packet forwarding.