VPC Design and Best Practices

Categories Cisco, Switch

What You Say?

In order to understand Virtual Port Channels we must know what a Port-Channel is. A port channel provides a way to aggregate (bond) multiple interfaces together. Traffic is then load balanced across each of the connections.

Port Channel Benefits

  • Redundancy – Should one of the interfaces fail traffic is sent over the remaining links.
  • Bandwidth – Increase in bandwidth due to bundling multiple interfaces together. Traffic is then loadbalanced across each of the links within the ‘bundle’.
  • Spanning Tree – Port-Channels are seen as a single switchport by Spanning-Tree protocols.

Though Port-Channels are great, the problem is that all links within the “bundle” must be connected to the same switch.

vPC: Virtual Port Channel

  • vPC (Virtual Port-Channel), also known as multichassis EtherChannel (MEC) is a feature on the Cisco Nexus switches that provides the ability to configure a Port-Channel across multiple switches (i.e. vPC peers).
  • vPC is similar to Virtual Switch System (VSS) on the Catalyst 6500s. However, the key difference between vPC and VSS is that VSS creates a single logical switch. This results in a single control plane for both management and configuration purposes. Whereas with vPC each switch is managed and configured independently.
  • It is important to remember that with vPC both switches are managed independently. This means you will need to create and permit your VLANs on both Nexus switches.

Design Best Practices

  • You should create a separate Layer 2 trunk port-channel between peer switches to transport non-vPC VLAN traffic.
  • Do not use VPC to connect more than two Data Centers. You should use OTV for that.
  • Use multiple line cards for VPC peer-link. For example, if you choose 6 links for VPC peer-link, take ports from at least two separate line cards, more is better. It’s because, if one line card got faulty, you still have another line-cards to provide backup. Probability of peer-link down issue is less here.
  • Use dedicated link for keep-alive. 1GE port is enough for keep-alive. Port-channel with 2x1G port is even better. In addition, try to take ports from multiple line cards just like peer-link recommendation.

Configuration Best Practices

  • Use a dedicated VRF for keep-alive link. For example, OUR-KEPPALIVE-VRF
  • You must configure vpc keep-alive link before configuring peer-link. Otherwise, VPC will remain down.
  • VLAN Pruning is highly recommended on peer-link. In other words, always configure allowed VLANs list in Peer-link.
  • vPC peer-gateway should be enabled in the vPC domain.
  • vPC ARP Sync should be enabled in the vPC domain.
  • Delay restore should be enabled in the vPC domain & then add the time based on network profile.
  • vPC graceful type-1 check should be enabled in the vPC domain.
  • vPC auto-recovery should be enabled in the vPC domain.
  • Auto-recovery reload-delay should be enabled in the vPC domain.
  • vPC member port configuration must be same on both vPC peer devices.
  • It is not must, but it is a good idea to use same vPC ID as port-channel ID for ease of configuration, monitoring, and troubleshooting.
  • Active-Active LACP is recommended for member port.