What is Cisco vPC: Benefits, Components, Config & Best Practices

What is Cisco vPC and its brief History

What is Cisco vPC (virtual Port Channel), and how has normal port-channel evolved to this point? Let us understand port-channel first; it is the simplest and oldest technology that combines two or more interfaces. In return, it gives the benefits like load balancing across links, redundancy in case any link goes down, increased bandwidth since you combined two or more links, and a single spanning-tree view of the links. However, these benefits come at the cost of connecting all the links within a bundle to a single device. And if that single device fails, you will lose everything connected to that switch. However, port channels are still common in networks because of their simplicity and vendor-neutral approach.

Port-channel vs Cisco VSS vs Cisco vPC
Port-channel vs. Cisco VSS vs. Cisco vPC

Then Cisco introduced Cisco Catalyst 6500 in late 1999’s with the MEC (multi-Etherchannel) feature, which offered to combine two links in a bundle going to the two different 6500 switches. And because the end device is cabled to two separate 6500 switches, It provided a better resiliency than a simple port channel. This technology is called Cisco VSS (Virtual Switch System). That was a huge advantage, and almost all enterprises purchased Cisco 6500’s due to this feature alone.

Then in 2008, Cisco introduced the Nexus series switches which also had the link bundling (Multi-Etherchannel) feature similar to Cisco 6500 VSS, and it was called vPC. Finally, Cisco officially launched vPC in 2009. The main difference between VSS and vPC is that VSS creates a logical switch that combines the control and management plane of the two Cisco 6500 chassis. On the other hand, in Cisco vPC, both Cisco Nexus switches have separate control planes and are managed independently. More on this topic later in a separate post.

Please refer to the table to find the difference between Simple port-channel, Cisco VSS, and Cisco vPC technologies.

Simple Port-channel vs Cisco VSS vs Cisco vPC

Technology AreaSimple Port-ChannelCisco VSSCisco vPC
RedundancyIt can only be connected between two switches or devices.It can be connected between three devices making a triangle.It can be connected between three devices making a triangle.
SoftwareIt is supported in Cisco Catalyst Operating system.It is supported in Cisco Catalyst Operating system.It is supported in Cisco NXOS only.
PlatformIt is supported on Cisco Catalyst Switches.It is supported on only Cisco 6500 series Catalyst Switches.It is supported on Cisco Nexus Series Switches.
Control PlaneSeparate control plane on single switch.Single control plane on two 6500 switches. Two separate control plane , one on each cisco nexus switch.
Etherchannel Protocols supportStatic, PAgP, PAgP, LACPStatic, PAgP, PAgP, LACPStatic, LACP
ConfigurationSingle Configuration on single Cisco Catalyst switch.Single Configuration on two Cisco 6500 switches.Two different configurations on two nexus switches.
STP as a failbackYesYesYes
Loop-free topologyYesYesYes
Multi-Chassis Port ChannelNoYesYes
Maximum Physical Nodes122
No Disruptive ISSU supportNot requiredNo Yes
Layer 3 port channel supportYesYesLimited
Heart beat link between devicesNot required.VSL is used to transfer data and control messages between the active and standby switches.CFS transmits control messages through Peer Link, and a Peer keep alive link is utilized to monitor heartbeats and detect dual-active states.
HSRP required for layer 3 redundancyHSRP is required.Not requiredHSRP is required.
Separate Instance for other protocolsSingle instance on single switch.On each physical switch in the VSS, the same instance of STP, FHRP, IGP, and BGP will be used.On each physical switch in the VPC, a separate instance of STP, HSRP, VRRP, IGP, and BGP will be required.
Simple Port-channel vs Cisco VSS vs Cisco vPC

Let’s elaborate on Cisco vPC; it enables a device to view cables/links that are physically connected to two separate Cisco Nexus switches as a single port channel. A switch, server, or any other networking device that supports port channels can be that device. A vPC can provide Layer 2 multipathing, which has great benefits: it increases bisectional bandwidth and redundancy by providing numerous parallel pathways and load balancing between nodes. (the best definition I found online and then simplified to digest it quickly).

Cisco VPC Benefits

The following are the advantages of using Cisco vPC:

  • Allows a single device to use a port-channel across two upstream devices.
  • vPC Eliminates ports that are blocked by Spanning Tree Protocol (STP).
  • Provides a loop-free topology.
  • Uses all available uplink bandwidth.
  • Provides fast convergence in the case of link failure or device failure.
  • Provides link-level resiliency.
  • Assures high availability.

Cisco vPC Explained

Cisco vPC has the following components:- 

What is Cisco vPC and its components?
What is Cisco vPC and its components?
vPC TerminologyBrief Definition
vPCIt is the port-channel that includes vPC peers and the downstream device altogether.
A vPC is an L2 port type: switchport mode trunk or switchport mode access.
vPC Peer SwitchA vPC switch (one of a Cisco Nexus 7000/9000 Series pair)
vPC domainA Domain contains  2 nexus peer switches.
vPC domains are limited to have a maximum of two peer devices each.
vPC member PortOne of a set of ports (that is, port-channels) that form a vPC (or port-channel member of a vPC).
vPC peer linkvPC Peer-Link is used to synchronize vPC peer state between two vPC peer switches. It must be 10GbE.
It is also an L2 trunk carrying vPC VLAN.
vPC peer keepalive linkThe keepalive link between vPC peer devices is used to monitor their liveness.
vPC VlanvPC VLAN is carried via the vPC peer-link and is used to communicate with a third device via the vPC.
Once a VLAN is defined on a vPC peer-link, it automatically becomes a vPC VLAN.
Non vPC VlanA VLAN that is not a member of any vPC and is not attached to any vPC peer link.
Orphan PortA port that belongs to a single attached device.
vPC VLAN is commonly used on this port.
Cisco Fabric Services (CFS) protocolUnderlying protocol running on top of vPC peer-link providing reliable synchronization and consistency check mechanisms between the 2 peer devices.

Cisco vPC Requirements:-

  1. vPC technology is supported since NX-OS 4.1.3. NX-OS appropriate version depends on line cards configuration, so it is always advisable to check the detailed hardware guide before deployment.
  2. vPC feature is included in the base NX-OS software license.

How to Configure Cisco vPC

Configuring vPC is easy; follow the below steps, and you will configure it in no time.

  1. Enable necessary features
  2. Create vPC vrf and Define vPC domains
  3. Establish vPC Peer Keepalive connectivity
  4. Create a vPC Peer link
  5. Create vPCs
  6. Make Sure Configurations are Consistent

Please note: Order does matter.

vpc configuration nexus 9000
vpc configuration nexus 9000

You must enable vPC and LACP features inside nexus switches.

Nexus-A and B
feature vpc
feature lacp

Create vPC vrf

Nexus-A and B
vrf context VPC_PKAL

Define vPC Domains

We will be using vPC domain 1. So you can choose domain id between <1-1000>. Then we will set priorities for both switches; lower priority will become primary.

Nexus-A
vpc domain 1
role priority 8192
peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf VPC_PKAL
Nexus-B
vpc domain 1
role priority 16384
peer-keepalive destination 10.1.1.1 source 10.1.1.2 vrf VPC_PKAL

Establish vPC Peer Keepalive connectivity ( back to back physical connection is preferred)

Nexus-A & B
interface Ethernet1/10
description vPC Keepalive
no switchport
channel-group 100 mode active
interface Ethernet1/11
description vPC Keepalive
no switchport
channel-group 100 mode active
interface port-channel100
description vPC Keepalive
vrf member VPC_PKAL
no switchport
ip address 10.1.1.[1-2]/30
Nexus-A & B
interface Ethernet1/1
description vPC Peerlink
switchport mode trunk
channel-group 200 mode active
interface Ethernet1/2
description vPC Peerlink
switchport mode trunk
channel-group 200 mode active
interface port-channel200
description vPC Peerlink
vpc peer-link

Create vPC Member Ports

The next step is to bundle the downstream vPC member ports with “Channel-group 30” and  “vPC 30” commands on both switches. This will accomplish our vPC configuration.

The last step would be to do the port-channel config on the downstream device, a server in our case.

Nexus-A & B
interface Ethernet1/20
channel-group 30
interface po30
vpc 30

Make Sure vPC Configurations are Consistent

Use the below command to check vPC consistency across vPC peer switches.

Nexus-A & B
show vpc consistency-parameters vpc 30

Important Show Commands to verify and Troubleshoot VPC Deployments

Show vpc brief

The first place to check to see an overview and status of vPC setup via the command “show vpc brief”

Nexus-A & B
Nexus-B# show vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 2
Peer Gateway : Enabled
Peer gateway excluded VLANs : -
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled (timeout = 240 seconds)
vPC Peer-link status
- ---- ------ ---------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po200 up 1,2,5,10
vPC status
----------------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
------ ----------- ------ ----------- -------------------------- -----------
30 Po30 up success success 10

Check if you have any Orphan Ports

The following command is used to determine Orphan ports.

Nexus-A# show vpc orphan-ports

Nexus-A & B
Nexus-A# show vpc orphan-ports
Note:
--------::Going through port database. Please be patient.::--------

VLAN    Orphan Ports
------- -------------------------
900     Eth1/7

show vpc consistency-parameter

You can use “Show vpc consistency-parameter” to check configuration consistency among two Nexus Switches.

Nexus-A & B
Nexus-A# shpw vpc consistency-parameters vpc 30
Legend:
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
------------- ---- ---------------------- -----------------------
Shut Lan 1 No No
STP Port Type 1 Edge Trunk Port Edge Trunk Port
STP Port Guard 1 None None
STP MST Simulate PVST 1 Default Default
lag-id 1 [(7f9b, [(7f9b,
0-2-4-ef-be-69, 801b, 0-2-4-ef-be-69, 801b,
0, 0), (8000, 0, 0), (8000,
f4-cf-e2-0-1e-76, 2, f4-cf-e2-0-1e-76, 2,
0, 0)] 0, 0)]
mode 1 active active
Speed 1 10 Gb/s 10 Gb/s
Duplex 1 full full
Port Mode 1 trunk trunk
Native Vlan 1 1 1
MTU 1 1500 1500
Admin port mode 1
vPC card type 1 Empty Empty
Allowed VLANs - 2-8,10-4092,4094 2-8,10-4092,4094
Local suspended VLANs - - -
Peer-KeepAlive

Show vPC Peer-KeepAlive

Finally, to check the status of the vPC keepalive the command show vpc peer-keepalive is used.

Nexus-A & B
Nexus-B# show vpc peer-keepalive
vPC keep-alive status : peer is alive
--Peer is alive for : (2900862) seconds, (249) msec
--Send status : Success
--Last send at : 2021.08.20 03:32:42 418 ms
--Sent on interface : Po100
--Receive status : Success
--Last receive at : 2021.08.20 03:32:43 645 ms
--Received on interface : Po100
--Last update from peer : (0) seconds, (192) msec
vPC Keep-alive parameters
--Destination : 10.1.1.1
--Keepalive interval : 1000 msec
--Keepalive timeout : 5 seconds
--Keepalive hold timeout : 3 seconds
--Keepalive vrf : VPC_PKAL
--Keepalive udp port : 3200
--Keepalive tos : 192

Cisco vPC Show Commands

Cisco vPC CommandPurpose
show featureDisplays whether the vPC is enabled or not.
show vpc briefDisplays brief information about the vPCs.
show vpc consistency-parametersDisplays the current status of parameters that must be constant/consistent across all vPC interfaces on both vPC peer switches.
show running-config vpcDisplays running configuration information for vPCs.
show port-channel capacityDisplays how many port channels are configured and how many are still available on the device.
show vpc statisticsDisplays statistics about the vPCs.
show vpc peer-keepaliveDisplays information about the peer-keepalive messages.
show vpc roleDisplays the vPC peer's state including its role, the vPC system MAC address and system priority, and also the MAC address and priority of the local device.
To display vPC configuration information, use one of the above commands.

Cisco vPC best practices

Use the below table as a guideline when configuring vPC.

vPC Configuration parametersBest Practice
vPC Domain-IDYou should always use unique Domain-id's for all vPC pairs in a contiguous layer 2 domain.
vPC Peer-LinkvPC Peer-link should be a point-to-point connection.
Peer-Link member ports can be 10/40/100GE interfaces.
You should design peer-Link bandwidth as per the vPC.
DONT's:- vPC imposes the rule that peer-link should never be blocking.
vPC Peer-Keepalive linkUse dedicated back to back links as a primary option and mgmt0 interface as secondary when using Nexus 7X00 and 9500 series.
Use mgmt0 interface as a primary option and dedicated back to back links as a secondary option when using Nexus 9300/6000/5X00/3X00 series.
Use layer3 infrastructure as a 3rd a option for all kind of Nexus Switches.
vPC Peer-Keepalive link – Dual SupervisorsUse the management interface when you have an out-of-band management network (management switch in between).
DONT's:- When using dual supervisors and mgmt0 interfaces to carry the vPC peer-keepalive, DO NOT connect them back to back between the two switches.
Spanning Tree (STP)All switches in Layer 2 domain should run either Rapid-PVST+ or MST.
You should always set the vPC domain as the STP root for all VLANs in that domain.
DONT's:- Do not disable spanning-tree protocol for any VLAN.
vPC Peer-GatewayAlways configure vPC Peer-gateway under vPC domain.
N7k(config-vpc-domain)# peer-gateway
It makes a vPC switch as the active
gateway for packets addressed to the peer
router MAC.
It keeps forwarding of traffic local to the vPC node and avoids the use of the peer-link.
It also allows Interoperability with features of some NAS or load-balancer devices.
vPC Peer-switchAlways configure vPC Peer-switch under vPC domain.
N7k(config-vpc-domain)# peer-switch
Peer-Switch makes the vPC peer devices to appear as a single STP root.
BPDUs processed by the logical STP root formed by the 2 vPC peer devices.
PVLAN on vPC PVLAN configuration across both VPC switches should be identical.
Note- PVLAN configuration not supported on Peer-Link.
vPC auto-recoveryAlways enable auto-recovery.
Nexus(config)# vpc domain 1
Nexus(config-vpc-domain)# auto-recovery
Auto-recovery addresses two cases of single switch behavior
--> Peer-link fails and after a while primary switch (or keepalive link) fails
--> Both VPC peers are reloaded and only one comes back up.
Object-tracking It is good practice to configure Object Tracking as per your company's SLA.
vPC object tracking, tracks both peer-link and uplinks in a list of Boolean OR
Object Tracking triggered when the track object goes down.
Suspends the vPCs on the impaired device.
Traffic forwarded over the remaining vPC peer
Spanning Tree Bridge AssuranceSTP Bridge Assurance is enabled by default on vPC Peer-Link.
DONT's:- DON’T disable Bridge Assurance on vPC Peer-link.
NO Bridge Assurance on vPC member ports (even with peer-switch)
Unidirectional Link Detection (UDLD)UDLD only in normal mode on vPC member ports if required.
UDLD is a Lightweight Layer 2 failure detection protocol.
UDLD is Designed for detecting, One-way connections due to physical or soft failure and Mis-wiring detection (loopback or triangle).
DONT's:- UDLD is NOT recommended on vPC peer-link.
UDLD is NOT recommended on vPC member ports if LACP is used.

Acronyms used in this blogpost

  • vPC: Virtual Port-Channel
  • VSS: Virtual Switch System
  • UDLD: Unidirectional Link Detection

Cisco vPC Quiz

Conclusion

In this article, we discussed Cisco vPC, its brief history, and its benefits, and then we explained each vPC architecture component in detail. In addition, we also looked into vPC configuration nexus 9000 and important show and debug commands to verify and troubleshoot any vPC deployment issues. Finally, we ended the article with a Cisco vPC quiz. I hope you liked the article; please share it and subscribe to the mailing list to receive networking tips, tricks, and news.

Frequently Asked Questions About Cisco VPC

Is vpc cisco proprietary ?

What is cisco vpc

Yes, virtual Port Channel (vPC) is cisco proprietary.

What is vpc cisco?

What is cisco vpc

Cisco vPC is a Cisco Nexus Switch-specific feature that provides the capability to the links/cables of the third or downstream device that are physically connected to two different Cisco Nexus Switches to appear as a single port channel. The third device in this case can be a switch, server, or any other networking device that supports port channels. A vPC can provide Layer 2 multipathing, which creates redundancy and increase the bisectional bandwidth by enabling multiple parallel paths between the nodes.

What is difference between VSS and vPC?

What is Difference Between VSS and vPC

Please refer to the image to find the difference between Simple port-channel, Cisco VSS, and Cisco vPC technologies.

Leave a Reply

Your email address will not be published. Required fields are marked *