(config)#shut, no shutHave you tried turning it off and on again?

Dynamic Routing over vPC VLAN

Preamble

Configure EIGRP on the N9K platform (running NX-OS code to support routing over vPCs) to establish dynamic routing adjacencies and achieve ECMP on a vPC VLAN over the vPC peer-link and vPC switch links (port-channels).

Update 2018.04.03

A previous version of this post provided two different options for accomplishing vPC dynamic routing.

One case utilized separate L3 segments for each routing adjacency path, which I have learned is not a supported or functional topology since I got my hands on a staging environment with the N9K hardware.

The other case which remains, utilizes a single L3 segment for all routing adjacencies. This is the supported deployment method that I have validated in a staging environment with the N9K hardware.

Unsupported Supported
Unsupported_L3_Topology Supported_L3_Topology

Considerations & Goals

  • Labbed in VIRL 1.3.296 on NX-OSv 9000 nodes running NX-OS reference platform 7.0(3)I6(1).
  • Reproduced and validated on NX-OS 7.0(3)I7(1) on 9504/9508 chassis with SUP-B.
  • N9K core switches in vPC domain must be running code capable of vPC routing.
  • Stand-alone N9K distribution switch is connected to N9K cores via vPC.
  • EIGRP adjacencies between cores and distribution switch.
  • Distribution switch should have ECMP to 0/0 via both cores.
  • A single transit network, or L3 segment, used between all devices.

L2_vPC_Toplology

Single Transit Network, or L3 Segment

See Caveats & Discoveries located at the bottom of this article.

vPC VLAN Subnet Purpose
1003 10.0.3.0/29 Single transit between both CORE-1, CORE-2, and DIST-2.
  • EIGRP adjacencies formed between CORE-1, CORE-2, and DIST-2 over a single L3 segment.
  • CORE-1 and CORE-2 advertise a default route using ip summary-address.

Single_Transit_VLAN

Configurations

CORE-01

vlan 998
  name NATIVE
vlan 1003
  ame RT:Transit
!
vpc domain 1
  peer-switch
  role priority 1
  system-priority 8192
  peer-keepalive destination 172.16.31.255 source 172.16.31.254 vrf VPC-KA
  peer-gateway
  layer3 peer-router
  ip arp synchronize
!
interface port-channel1
  description CORE-02:vPC-PEER
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1-997,999-4094
  spanning-tree port type network
  vpc peer-link
!
interface port-channel12
  description DIST-02:vPC
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1003
  spanning-tree port type normal
  spanning-tree guard root
  vpc 12
!
interface loopback13
  description LOOPBACK:GRT
  ip address 172.31.255.251/32
!
interface Vlan1003
  description TRANSIT:CORES to DIST-02
  no shutdown
  no ip redirects
  ip address 10.0.3.1/29
  ip router eigrp CORE
  ip summary-address eigrp CORE 0.0.0.0/0
  no ip passive-interface eigrp CORE
!
router eigrp CORE
  autonomous-system 1
  router-id 172.31.255.251
  passive-interface default

CORE-02

vlan 998
  name NATIVE
vlan 1003
  name RT:Transit
!
vpc domain 1
  peer-switch
  role priority 2
  system-priority 8192
  peer-keepalive destination 172.16.31.254 source 172.16.31.255 vrf VPC-KA
  peer-gateway
  layer3 peer-router
  ip arp synchronize
!
interface port-channel1
  description CORE-01:vPC-PEER
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1-997,999-4094
  spanning-tree port type network
  vpc peer-link
!
interface port-channel12
  description DIST-02:vPC
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1003
  spanning-tree port type normal
  spanning-tree guard root
  vpc 12
!
interface loopback13
  description LOOPBACK:GRT
  ip address 172.31.255.252/32
!
interface Vlan1003
  description TRANSIT:CORES to DIST-02
  no shutdown
  no ip redirects
  ip address 10.0.3.2/29
  ip router eigrp CORE
  ip summary-address eigrp CORE 0.0.0.0/0
  no ip passive-interface eigrp CORE
!
router eigrp CORE
  autonomous-system 1
  router-id 172.31.255.252
  passive-interface default

DIST-02

vlan 998
  name NATIVE
vlan 1003
  name RT:CORES
!
interface port-channel12
  description CORE:vPC
  switchport mode trunk
  switchport trunk native vlan 998
  switchport trunk allowed vlan 1003
  spanning-tree port type normal
!
interface loopback13
  description LOOPBACK:GRT
  ip address 172.31.255.253/32
!
interface Vlan1003
  description TRANSIT:CORES to DIST-02
  no shutdown
  no ip redirects
  ip address 10.0.3.3/29
  ip router eigrp DIST
  no ip passive-interface eigrp DIST
!
router eigrp DIST
  autonomous-system 1
  router-id 172.31.255.253
  passive-interface default

ECMP Validation

DIST-02

  • EIGRP adjacencies with CORE-1 and CORE-2, both on VL-1003.
DIST-02# show ip ei nei
IP-EIGRP neighbors for process 1 VRF default
H   Address                 Interface       Hold  Uptime    SRTT  RTO    Q   Seq
                                            (sec)           (ms)        Cnt  Num
0   10.0.3.1                Vlan1003        14    23:50:30  569   3414   0   942
1   10.0.3.2                Vlan1003        13    23:50:20  135   810    0   1052
  • ECMP to 0/0 via CORE-1 and CORE-2, both on VL-1003.
DIST-02 show ip ro ei
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

0.0.0.0/0, ubest/mbest: 2/0
    *via 10.0.3.1, Vlan1003, [90/3072], 23:50:30, eigrp-DIST, internal
    *via 10.0.3.2, Vlan1003, [90/3072], 23:50:20, eigrp-DIST, internal

Caveats & Discoveries

References

PDF Download this article as a PDF document.

Tags: , , , , , , , , , , , , , , , , , , , , ,

3 comments

  • Thank you!
    This post helped me.

  • Nice article, for your error message I have found using “no layer3 peer-router syslog” under the vPC domain context helps

    Have you tried this with HSRP? I am assuming we can’t peer IGP with the HSRP VIP?

    • Thanks for the tip.

      Correct – no peering with HSRP VIPs; even if it were configured, each router would only peer with their SVI assigned addresses.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.