vPC Primary and Secondary Roles
In a vPC system, one vPC switch is defined as primary, and one is defined as secondary, based on defined priorities. The lower number has higher priority, so it wins. Also, these roles are nonpreemptive, so a device may be operationally primary but secondary from a configuration perspective.
When the two vPC systems are joined to form a vPC domain, the priority decides which device is the vPC primary and which is the vPC secondary. If the primary device reloads, when the system comes back online and connectivity to the vPC secondary device (now the operational primary) is restored, the operational role of the secondary device (operational primary) does not change, to avoid unnecessary disruptions. This behavior is achieved with a sticky-bit method, whereby the sticky information is not saved in the startup configuration, thus making the device that is up and running win over the reloaded device. Hence, the vPC primary becomes the vPC operational secondary.
If the peer link is disconnected, but the vPC peers are still connected through the vPC peer-keepalive link, the vPC operational roles stay unchanged.
If both the peer link and peer-keepalive link are disconnected, both vPC peers become operational primary, but upon reconnection of the peer-keepalive link and the peer link, the vPC secondary device (operational primary) keeps the primary role, and the vPC primary becomes the operational secondary device.
vPC modifies the way in which spanning tree works on the switch to help ensure that a vPC in a single domain appears as a single spanning tree entity on vPC ports. Also, the vPC helps ensure that devices can connect to a vPC domain in a non-vPC fashion with classic spanning tree topology. The vPC is designed to support hybrid topologies. Depending on the Cisco NX-OS release, this can be achieved in slightly different ways.
In all Cisco NX-OS releases, the peer link is always forwarding because of the need to maintain the MAC address tables and IGMP entries synchronized.
The vPC, by default, ensures that only the primary switch forwards BPDUs on vPCs. This modification is strictly limited to vPC member ports. As a result, the BPDUs that may be received by the secondary vPC peer on a vPC port are forwarded to the primary vPC peer through the peer link for processing.
Note
Non-vPC ports operate like regular spanning tree ports. The special behavior of the primary vPC member applies uniquely to ports that are part of a vPC.
The vPC primary and secondary are both root devices and both originate BPDUs.
The BPDUs originated by both the vPC primary and the vPC secondary have the same designated bridge ID on vPC ports.
The BPDUs originated by the vPC primary and secondary on non-vPC ports maintain the local bridge ID instead of the vPC bridge ID and advertise the bridge ID of the vPC system as the root.
The peer-switch option has the following advantages:
It reduces the traffic loss upon restoration of the peer link after a failure.
It reduces the disruption associated with a dual-active failure (whereby both vPC members become primary). Both devices keep sending BPDUs with the same bridge ID information on vPC member ports, which prevents errdisable from potentially disabling the port channel for an attached device.
It reduces the potential loss of BPDUs if the primary and secondary roles change.
The presence of a vPC domain does not hide the fact that two distinct Cisco Nexus switches are running. The Cisco CDP will show that there is a two-network device.
Leave a Reply