(config)#shut, no shutHave you tried turning it off and on again?

(L3) Nexus 9000: Dynamic Routing over vPC VLAN

Purpose

Configure EIGRP on the N9K platform (running NX-OS code to support routing over vPCs) to establish dynamic routing adjacencies to achieve ECMP on a vPC VLAN over the vPC peer-link and vPC switch links (port-channels).

Update 2018.04.03

A previous version of this post provided two different options, or cases, for accomplishing dynamic routing over vPC.

One case utilized separate L3 segments for each routing adjacency path, which I have learned is not a supported or functional topology since I got my hands on a staging environment with the N9K hardware.

Unsupported L3 Topology

The other case which remains, utilizes a single L3 segment for all routing adjacencies. This is the supported deployment method that I have validated in a staging environment with the N9K hardware.

Supported L3 Topology

Considerations & Goals

  • Labbed in VIRL 1.3.296 on NX-OSv 9000 nodes running NX-OS reference platform 7.0(3)I6(1).
  • Reproduced and validated on NX-OS 7.0(3)I7(1) on 9504/9508 chassis with SUP-B.
  • N9K core switches in vPC domain must be running code capable of vPC routing, reference:
    https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/118997-technote-nexus-00.html
  • Stand-alone N9K distribution switch is connected to cores via vPC.
  • EIGRP adjacencies between cores and distribution switches.
  • Distribution switches should have ECMP to 0/0 via both cores.
  • A single transit network, or L3 segment, used between all devices.
L2 vPC Topology

Single Transit Network, or L3 Segment

Single transit VLAN/subnet for EIGRP peering; DIST-2 has ECMP to both cores.

!See Caveats & Discoveries notes at the end of this post.

vPC VLAN Subnet Purpose
1003 10.0.3.0/29 Single transit between both CORE-1, CORE-2, and DIST-2.
Single Transit VLAN

Configurations

CORE-01

vlan 998
  name NATIVE
vlan 1003
  name RT:Transit
!
vpc domain 1
  peer-switch
  role priority 1
  system-priority 8192
  peer-keepalive destination 172.16.31.255 source 172.16.31.254 vrf VPC-KA
  peer-gateway
  layer3 peer-router
  ip arp synchronize
!
interface port-channel1
  description CORE-02:vPC-PEER
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1-997,999-4094
  spanning-tree port type network
  vpc peer-link
!
interface port-channel12
  description DIST-02:vPC
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1003
  spanning-tree port type normal
  spanning-tree guard root
  vpc 12
!
interface loopback13
 description LOOPBACK:GRT
 ip address 172.31.255.251/32
!
interface Vlan1003
  description TRANSIT:CORES to DIST-02
  no shutdown
  no ip redirects
  ip address 10.0.3.1/29
  ip router eigrp CORE
  ip summary-address eigrp CORE 0.0.0.0/0
  no ip passive-interface eigrp CORE
!
router eigrp CORE
  autonomous-system 1
  router-id 172.31.255.251
  passive-interface default

CORE-02

vlan 998
  name NATIVE
vlan 1003
  name RT:Transit
!
vpc domain 1
  peer-switch
  role priority 2
  system-priority 8192
  peer-keepalive destination 172.16.31.254 source 172.16.31.255 vrf VPC-KA
  peer-gateway
  layer3 peer-router
  ip arp synchronize
!
interface port-channel1
  description CORE-01:vPC-PEER
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1-997,999-4094
  spanning-tree port type network
  vpc peer-link
!
interface port-channel12
  description DIST-02:vPC
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1003
  spanning-tree port type normal
  spanning-tree guard root
  vpc 12
!
interface loopback13
 description LOOPBACK:GRT
 ip address 172.31.255.252/32
!
interface Vlan1003
  description TRANSIT:CORES to DIST-02
  no shutdown
  no ip redirects
  ip address 10.0.3.2/29
  ip router eigrp CORE
  ip summary-address eigrp CORE 0.0.0.0/0
  no ip passive-interface eigrp CORE
!
router eigrp CORE
  autonomous-system 1
  router-id 172.31.255.252
  passive-interface default

DIST-02

vlan 998
  name NATIVE
vlan 1003
  name RT:CORES
!
interface port-channel12
  description CORE:vPC
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1003
  spanning-tree port type normal
!
interface loopback13
 description LOOPBACK:GRT
 ip address 172.31.255.253/32
!
interface Vlan1003
  description TRANSIT:CORES to DIST-02
  no shutdown
  no ip redirects
  ip address 10.0.3.3/29
  ip router eigrp DIST
  no ip passive-interface eigrp DIST
!
router eigrp DIST
  autonomous-system 1
  router-id 172.31.255.253
  passive-interface default

ECMP Validation

DIST-02

ECMP to 0/0 via CORE-1 and CORE-2, both on VL 1003.

DIST-02# show ip ei nei
IP-EIGRP neighbors for process 1 VRF default
H   Address                 Interface       Hold  Uptime  SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.0.3.1                Vlan1003        14   23:50:30  569  3414  0   942
1   10.0.3.2                Vlan1003        13   23:50:20  135  810   0   1052
!
DIST-02# show ip ro ei
IP Route Table for VRF "default"
* denotes best ucast next-hop
** denotes best mcast next-hop
[x/y] denotes [preference/metric]
% in via output denotes VRF 

0.0.0.0/0, ubest/mbest: 2/0
    *via 10.0.3.1, Vlan1003, [90/3072], 00:00:05, eigrp-DIST, internal
    *via 10.0.3.2, Vlan1003, [90/3072], 00:00:05, eigrp-DIST, internal

Caveats & Discoveries

References

Supported Topologies for Routing over Virtual Port Channel on Nexus Platforms

Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7.x – Layer 3 over vPC Supported Topologies

Nexus 9396 duplicate ICMP echo-reply (DUP!)

PDF file

Tags: , , , , , , , , , , , , , , , , , , , , ,

3 comments

  • Thank you!
    This post helped me.

  • Nice article, for your error message I have found using “no layer3 peer-router syslog” under the vPC domain context helps

    Have you tried this with HSRP? I am assuming we can’t peer IGP with the HSRP VIP?

    • Thanks for the tip.

      Correct – no peering with HSRP VIPs; even if it were configured, each router would only peer with their SVI assigned addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.