There are a lot of options when it comes to vPC. What enhancements should you consider? I’ll go through some of the options worth considering.
Peer Switch – The Peer Switch feature changes how vPC behaves in regards to STP. Without this enabled, you would configure different STP priorities on the primary and secondary switch. The secondary switch forwards BPDUs coming from vPC-connected switches towards the primary switch. The secondary switch doesn’t process these received BPDUs. Only the primary switch sends BPDUs to the vPC-connected switches. Note that the secondary switch can process and send BPDUs to switches that are only connected to the secondary switch. Without Peer Switch it looks like this:
- The BPDU sent by SW04 is not processed by SW02. It is forwarded towards SW01.
- SW04 BPDU is only sent initially. Port will become Root port and stop sending BPDUs.
- SW02 sends BPDU towards SW05 as it is not connected with vPC. The BPDU has information about cost to Root (SW01).
- SW02 doesn’t send BPDU towards SW03 as it is connected with vPC.
- SW01 and SW02 have different STP priorities and send distinct BPDUs. They are not one switch from STP perspective.
- If SW01 goes down, STP needs to converge which may cause a brief outage.
The behavior with Peer Switch changes to this:
- SW01 and SW02 are configured with the same STP priority.
- They are seen as one switch from STP perspective.
- SW02 will now send a BPDU towards SW04.
- SW04 now receives BPDUs from both SW01 and SW02.
- The content of the BPDUs are exactly the same.
- SW04 BPDU can be consumed by SW02. No forwarding towards SW01 is required.
- SW04 will not send any BPDUs when the port becomes Root.
It’s not likely that you will connect switches to your leafs, but it still makes sense to enable this feature.
Peer Gateway – When using HSRP in combination with vPC, one switch will be active and the other will be standby. Only the active switch responds to ARP requests. If ARP request is received by standby switch, it is forwarded to the active switch. However, they are both active from data plane perspective. The standby switch can process frames that have a destination MAC belonging to the Virtual IP (VIP). However, there are some systems, for example some NAS or load balancers, where there is a very simplistic networking implementation where rather than generating ARP request for gateway, it assumes that source MAC of incoming frame is what should be used to communicate with the sender. This can lead to a scenario where the device sends a frame with destination MAC of the other switch, where frame needs to be forwarded across peer link and is then dropped due to loop avoidance mechanism. This is shown below:
The server is sending frame with MAC of SW01 instead of MAC of HSRP VIP. Normally, SW02 is not allowed to consume this frame, it would forward it across the peer link and then the frame would be dropped when it needs to be forwarded to a vPC member port. With Peer Gateway, SW02 is allowed to consume the frame. There’s no real drawback to enabling Peer Gateway so enable it even if you don’t know of any systems that have a poor networking stack.
ARP Sync – Wait, doesn’t vPC synchronize ARP automatically? Well, it does for bindings it has learned while vPC is up. When the peer link is up, the switches will use CFS to send information on IP to MAC mappings that they have learned locally and have in their ARP cache. However, in a scenario where the peer link goes down, and then recovers, there is no bulk sync of what the devices have in their local ARP cache. Only new mappings they learn of would be synched. When enabling ARP Sync, in the scenario where the peer link recovers, there will be a bulk transfer of mappings based on the ARP cache. Why is this useful? This is to prevent a black holing scenario where traffic is forwarded to a switch that doesn’t have a mapping for a specific IP to MAC. There would be some packet loss otherwise until the switch has learned of this mapping.
These are the main three features that almost always get enabled. Then there are other features like Peer Router, suspending orphan ports, delay restore, and so on. Which ones do you usually enable?