VPC Design and Best Practices
What You Say?
In order to understand Virtual Port Channels we must know what a Port-Channel is. A port channel provides a way to aggregate (bond) multiple interfaces together. Traffic is then load balanced across each of the connections.
Port Channel Benefits
- Redundancy – Should one of the interfaces fail traffic is sent over the remaining links.
- Bandwidth – Increase in bandwidth due to bundling multiple interfaces together. Traffic is then loadbalanced across each of the links within the ‘bundle’.
- Spanning Tree – Port-Channels are seen as a single switchport by Spanning-Tree protocols.
Though Port-Channels are great, the problem is that all links within the “bundle” must be connected to the same switch.
vPC: Virtual Port Channel
- vPC (Virtual Port-Channel), also known as multichassis EtherChannel (MEC) is a feature on the Cisco Nexus switches that provides the ability to configure a Port-Channel across multiple switches (i.e. vPC peers).
- vPC is similar to Virtual Switch System (VSS) on the Catalyst 6500s. However, the key difference between vPC and VSS is that VSS creates a single logical switch. This results in a single control plane for both management and configuration purposes. Whereas with vPC each switch is managed and configured independently.
- It is important to remember that with vPC both switches are managed independently. This means you will need to create and permit your VLANs on both Nexus switches.
Design Best Practices
- You should create a separate Layer 2 trunk port-channel between peer switches to transport non-vPC VLAN traffic.
- Do not use VPC to connect more than two Data Centers. You should use OTV for that.
- Use multiple line cards for VPC peer-link. For example, if you choose 6 links for VPC peer-link, take ports from at least two separate line cards, more is better. It’s because, if one line card got faulty, you still have another line-cards to provide backup. Probability of peer-link down issue is less here.
- Use dedicated link for keep-alive. 1GE port is enough for keep-alive. Port-channel with 2x1G port is even better. In addition, try to take ports from multiple line cards just like peer-link recommendation.
Configuration Best Practices
- Use a dedicated VRF for keep-alive link. For example, OUR-KEPPALIVE-VRF
- You must configure vpc keep-alive link before configuring peer-link. Otherwise, VPC will remain down.
- VLAN Pruning is highly recommended on peer-link. In other words, always configure allowed VLANs list in Peer-link.
- vPC peer-gateway should be enabled in the vPC domain.
- vPC ARP Sync should be enabled in the vPC domain.
- Delay restore should be enabled in the vPC domain & then add the time based on network profile.
- vPC graceful type-1 check should be enabled in the vPC domain.
- vPC auto-recovery should be enabled in the vPC domain.
- Auto-recovery reload-delay should be enabled in the vPC domain.
- vPC member port configuration must be same on both vPC peer devices.
- It is not must, but it is a good idea to use same vPC ID as port-channel ID for ease of configuration, monitoring, and troubleshooting.
- Active-Active LACP is recommended for member port.
