Cisco NX-OS: vPC & FHRP

FHRP acts as active/active forwarding over vPC:

  • traffic received in vPC Member Port of FHRP Standby to FHRP Virtual MAC is not forwarded over Peer Link to Active FHRP – essentially HSRP Standby acts as HSRP Active
  • peer-gateway allows to proxy not only virtual active MAC address but also to proxy physical primary MAC address (in case destination MAC address is an Active device, but not a control/management plane of the box itself)
  • the goal – avoid using Peer Link for data plane and it should forward traffic to the upstream L3 router etc
  • in general use GLBP for this behavior, but for vPC it is a default

Nexus SVI configuration:

feature interface-vlan
!
interface Vlan10
  ip address 10.10.10.253/24
  no shutdown
!
interface Vlan20
  ip address 10.10.20.253/24
  no shutdown

Nexus HSRP configuration:

feature hsrp
!
interface Vlan10
  hsrp 10
    ip 10.10.10.1
    priority 255
!
interface Vlan20
  hsrp 20
    ip 10.10.20.1
    priority 255
!priority is not important, since HSRP will act as Active/Active in vPC

SW9 is using port e2/0 to forward traffic, because NXOS1 is Primary

Peer gateway configuration

If the destination MAC address is an NXOS1 physical address but destination IP address is not on NXOS1 (something behind NXOS1), NXOS2 does not use Peer Link and send traffic over Member vPC

vpc domain 1
   peer-gateway

Entire config

feature interface-vlan
feature hsrp
!
vpc domain 1
 peer-gateway
!
interface Vlan10
  no shutdown
  ip address 10.10.10.253/24
  hsrp 10
    priority 255
    ip 10.10.10.1
!
interface Vlan20
  no shutdown
  ip address 10.10.20.253/24
  hsrp 20
    priority 255
    ip 10.10.20.1
Share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *