vPC aka Virtual PortChannel

ByFabio Semperboni

April 20, 2016

The vPC aka virtual Port Channel is a Cisco technology that presents both Nexus paired
devices as a unique Layer 2 logical node to a third device. The third device can be a switch,
server, or any other networking device that supports link aggregation technology.

From a spanning tree standpoint, vPC eliminates STP blocked ports and uses all available uplink

bandwidth. Spanning-Tree is used as a fail safe mechanism and does not dictate L2 path for vPC
attached devices.

First of all, it is required to understand all vPC components:

 vPC: The combined port-channel between the vPC peers and the downstream device.
 vPC peer device: A vPC switch (one Nexus device).
 vPC domain: Domain containing the 2 peer devices. Note: Only 2 peer devices max can be
part of same vPC domain.
 vPC peer-link: Link used to synchronize the state between vPC peer devices.
 vPC peer-keepalive link: The keepalive link between vPC peer devices; this link is used to
monitor the liveness of the peer device.
 vPC member port: One of a set of ports that form a vPC.
 Orphan port: A port that belong to a single attached device.
 

Configuration

1. Enable vPC feature.

2. Create a vPC domain.
3. Create a vPC peer link.
4. Create a virtual Port-Channel
1. Enable VPC feature

The vPC feature must be enabled before it can be configured.

2. Create a vPC Domain

Define a VPC domain and the peer-keepalive link; by default, vPC peer-keepalive is placed in VRF
management.

My suggestion is to define the role priority statically: the switch with lower role priority will be
elected as the vPC primary switch. In the “Failure scenarios” paragraph (at the end of this article),
you will understand how this feature works.

Ciscozine1#
vpc domain 1
peer-keepalive destination 10.0.0.2 source 10.0.0.1
role priority 8192
Ciscozine2#
vpc domain 1
peer-keepalive destination 10.0.0.1 source 10.0.0.2
role priority 16384

Note: There are several vPC features like “auto-recovery”, “ip arp syncronyze”, “peer-gateway”…
check on cisco.com.

3. Create a vPC peer link.

These commands are the same on Ciscozine1 and Ciscozine2.

interface port-channel1
 description Peer Link
switchport
switchport mode trunk
vpc peer-link

interface Ethernet1/1
channel-group 1 mode active

interface Ethernet2/1
channel-group 1 mode active

Note: vPC peer-link is a L2 trunk carrying vPC VLAN and it must be a 10-Gigabit Ethernet link.

Remember: The vPC peer-link is always in forwarding state (due to its function)! Below the

spanning tree state of the peer link (port-channel1).

Ciscozine1# show spanning-tree interface port-channel 1

Vlan Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
VLAN0001 Root FWD 1 128.4096 (vPC peer-link) Network P2p

Ciscozine2# show spanning-tree int port-channel 1

Vlan Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
VLAN0001 Desg FWD 1 128.4096 (vPC peer-link) Network P2p

4. Create a virtual Port–Channel

Configure a “traditional” port-channel adding the “vpc number” sub-command. Again, these

commands are the same on Ciscozine1 and Ciscozine2 devices.

interface port-channel10
description Link VPC to Ciscozine-L2
switchport
switchport mode trunk
vpc 10

interface Ethernet3/1
channel-group 10 mode active

Remember: The vPC number does not need to match the PortChannel number, but it must

match the number of the vPC peer switch for that vPC bundle.
What is the point of view from the Ciscozine-L2? This device is connected to bofh Nexus with a
LACP port-channel. Obviously, you will see two different devices for the same Ciscozine-L2 port-
channel (check the “show cdp neighbors” output):

Ciscozine-L2# show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID Local Intrfce Holdtme Capability Platform Port ID

Ciscozine1(JKK1444CDAK)
Ten 1/1 148 R S I C N7K-C7010 Eth 3/1
Ciscozine2(JKK1412CDAK)
Ten 2/1 127 R S I C N7K-C7010 Eth 3/1

Ciscozine_L2#show etherchannel summary

Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator

M - not in use, minimum links not met

u - unsuitable for bundling
w - waiting to be aggregated
d - default port

Number of channel-groups in use: 1

Number of aggregators: 1

Group Port-channel Protocol Ports

------+-------------+-----------+-----------------------------------------------
1 Po1(SU) LACP Te1/1(P) Te2/1(P)

Verifying the vPC Configuration

The most used show commands:

show vpc: Displays brief information about the vPCs.

Ciscozine1# show vpc

Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary, operational secondary
Number of vPCs configured : 1
Peer Gateway : Enabled
Peer gateway excluded VLANs : -
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)

vPC Peer-link status

---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 1

vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
10 Po10 up success success 1

show vpc orphan-port: Display all orphan-ports.

Ciscozine1# show vpc orphan-ports

Note:
--------::Going through port database. Please be patient.::--------

VLAN Orphan Ports

------- -------------------------
1 Eth3/24

show vpc consistency-parameter interface port-channel ‘x’: Displays the status of those
parameters that must be consistent across a Port-Channel.

Ciscozine1# show vpc consistency-parameters interface port-channel 1

Note: **** Global type-1 parameters will be displayed for peer-link *****
Legend:
Type 1 : vPC will be suspended in case of mismatch

Name Type Local Value Peer Value

------------- ---- ---------------------- -----------------------
STP Mode 1 Rapid-PVST Rapid-PVST
STP Disabled 1 None None
STP MST Region Name 1 "" ""
STP MST Region Revision 1 0 0
STP MST Region Instance to 1
VLAN Mapping
STP Loopguard 1 Disabled Disabled
STP Bridge Assurance 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Simulate PVST 1 Enabled Enabled
Interface-vlan admin up 2
Interface-vlan routing 2 1 1
capability
VTP domain 2 TEST TEST
VTP version 2 1 1
VTP mode 2 Transparent Transparent
VTP password 2
VTP pruning status 2 Disabled Disabled
Allowed VLANs - 1 1
Local suspended VLANs - - -

Remember: There are two types of consistency checks:

 Type 1 – Puts peer device or interface into a suspended state to prevent invalid packet

forwarding behavior. With vPC Graceful Consistency check, suspension occurs only on the
secondary peer device.
 Type 2 – Peer device or Interface still forward traffic. However they are subject to
undesired packet forwarding behavior.

Note: Type 1 and Type 2 consistency check apply both for global configuration and for vPC
interface configuration.

Failure scenarious

Four events could occur:

1. vPC peer keepalive link fault: During a vPC peer keepalive link failure there is no impact on
traffic flow; in fact, the vPC peer link is operational.
2. “partial” vPC peer link fault: Nothing happens, because the peer link is up.

3. vPC peer link fault: Based on the configured role priority for the switch, only the secondary
peer device (higher priority) shuts its vPC member ports to down state and in addition shuts all its
vPC VLAN interface.
4. vPC keepalive link failure followed by a peer link failure: A dual active scenario occours; vPC
primary switch continues to be primary but the vPC secondary switch becomes the operational
primary switch and keeps its vPC member ports up. There is no loss of traffic for existing flows but
new flows can be effected as the peer link is not available, the two vPC switches cannot
synchronize the unicast MAC address and the IGMP groups.

Remember: If orphan ports are connected to vPC secondary peer device, they become

isolated.

Note: vPC is similar but not identical to Cisco Virtual Switching System (VSS); in fact, the main
two differences are: vPC works with NX-OS and each Nexus devices has the control-plane active,
while VSS works with IOS and only one device has the control-plane active.

Source: https://www.ciscozine.com/cisco-vpc-virtual-portchannel/