MLAG (VPC) N3000 connectivity issue

Question

Hi there, I'm a little new to the MLAG of the N3000, but not the VLT of the Force10, but somehow, something is not behaving the same way, or I am missing something. I have 2 switchs, connected together by a Port-channel in trunk mode and MLAG Eventhough the MLAG is up and running, and the Port-Channel linking both peers is in trunk mode for all VLANs, I cannot connect to a device on the same vlan that is connected to the other switch. But If i connect a PC to a partner switch, I can connect to any device connected to either one or the other peer switch. Any ideas why the peer link is behaving that way? Thanks for your help!

DELL-Josh Cr · Accepted Answer

' I understand, and it makes sense, in a way. But wasting a port to achieve this seem like a strange strategy. Must be another way'     The strategy is to connect orphan devices to a partner switch which does have a VPC link back to both partner swtches. MLAG and VLT, though conceptually similar, and existing on two switch platforms owned by the same company, are running different OSes and don’t work the same way. As the white paper I referenced to you originally pointed out (page 23), there are plans to address the 'single-home / orphan device connected directly to a primary or secondary peer switch' scenario, by using a secondary, redundant, port-channel between the peer switches to pass traffic for just those single-homed/orphan devices. One critical aspect of this planned implementation is that the VLANs used by single-homed/orphan devices cannot also be passed on the peer-link port-channel (because of the obvious loop that would occur).   --------- Did not work either. It does not ping Po23 is a device on port 1/0/23 on SW2 ME_Core_Switch2 is the Primary peer. The described workaround functions only for devices that are physically connected to the secondary peer. This would let an orphan/single-home device on the secondary peer communicate with either:            A device that is connected to both peers with a vpc port-channel (i.e. a partner switch or partner host); OR            A device connected to that partner switch; OR           A single-home/orphan device connected to the same (i.e. secondary peer) A single-home/orphan device physically connected to the primary peer will never be able to communicate properly. Po46 is my computer on port 1/0/46 on SW1 ME_Core_Switch1(config)#do show vpc bri VPC admin status............................... Enabled Keep-alive admin status........................ Enabled VPC operational status......................... Enabled Self role...................................... Secondary Peer role...................................... Primary Peer detection admin status.................... Peer detected, VPC Operational Peer-Link details VPC id# 23 ----------- Interface...................................... Po23 Configured VLANs............................... 20 VPC interface state............................ Active Local Members Status ----------------- ------ Gi1/0/23 DOWN << THIS IS WRONG Peer Members Status ---------------- ------ VPC id# 46 ----------- Interface...................................... Po46 Configured VLANs............................... 20 VPC interface state............................ Active Local Members Status ----------------- ------ Gi1/0/46 Up << THIS IS CORRECT Peer Members Status ---------------------------------------------------------------------------------------------------------------- ME_Core_Switch2(config-if-Po46)#do show vpc bri VPC admin status............................... Enabled Keep-alive admin status........................ Enabled VPC operational status......................... Enabled Self role...................................... Primary Peer role...................................... Secondary Peer detection admin status.................... Peer detected, VPC Operational Peer-Link details ----------------- Interface...................................... Po1 Peer-link admin status......................... Enabled Peer-link StP admin status..................... Disabled Configured VLANs............................... 1,10,20,30,40,60,100,170,192 Egress tagged VLANs............................ 10,20,30,40,60,100,170,192 VPC Details ----------- Number of VPCs configured...................... 2 Number of VPCs operational..................... 2 VPC id# 23 ----------- Interface...................................... Po23 Configured VLANs............................... 20 VPC interface state............................ Active Local Members Status ----------------- ------ Gi1/0/23 Up << THIS IS WRONG Peer Members Status ---------------- ------ Gi1/0/23 DOWN VPC id# 46 ----------- Interface...................................... Po46 Configured VLANs............................... 20 VPC interface state............................ Active Local Members Status ----------------- ------ Gi1/0/46 DOWN << THIS IS CORRECT Peer Members Status

DELL-Josh Cr · Answer

Hi,

It sounds like just the peer link is not transmitting traffic and the partner switches that connect to both peers works fine. Can you post the peer configuration from the switches? Page 9 of the MLAG guide shows an example of the config. http://en.community.dell.com/techcenter/extras/m/white_papers/20438244

Dranizz · Answer

Strange thing is, from SW1 I can sucessfully ping SW2 in VLAN 20

But if one device is connected in VLAN 20 in SW1 it cannot ping device in VLAN 20 in SW2

And I cannot event ping SW2 from a device in VLNA 20 in SW1

Thanks for your help!

There you go:

SW1

-----------------------------------------------------------------------------------------------------------------------------

!Current Configuration:

!System Description "Dell Networking N3048, 6.1.0.6, Linux 3.6.5-320b2282"

!System Software Version 6.1.0.6

!

configure

vlan 10

exit

vlan 20

exit

vlan 30

exit

vlan 40

exit

vlan 60

exit

vlan 100

exit

vlan 170

exit

vlan 10,20,30,40,60,100,170,192

exit

ip telnet server disable

slot 1/0 3 ! Dell Networking N3048

sntp unicast client enable

clock timezone -5 minutes 0

stack

member 1 4 ! N3048

stack-port Tw1/0/1 shutdown

stack-port Tw1/0/2 shutdown

exit

logging 10.160.1.2

level warnings

exit

ip http secure-server

no ip http server

interface vlan 1

ip address dhcp

exit

interface vlan 20

ip address 192.168.200.253 255.255.255.0

exit

username "bob" password 47a38f349d882967354e37fe4ebfe92b3bf privilege 15 encrypted

ip ssh server

spanning-tree priority 0

spanning-tree mode rapid-pvst

!

interface Gi1/0/1

switchport access vlan 20

exit

!

interface Gi1/0/2

switchport access vlan 20

exit

!

interface Gi1/0/3

switchport access vlan 20

exit

!

interface Gi1/0/48

channel-group 1 mode active

description "VPC_Temp"

udld enable

udld port aggressive

exit

!

interface gi1/0/47

switchport access vlan 20

exit

!

18777475005

ass mieux etre

c02926223

interface port-channel 1

description "VPC_PeerLink"

switchport mode trunk

vpc peer-link

exit

snmp-server engineid local 800002a203f8b156619e64

enable password b73981e6dbbf5e11dbb806905dd6b4aa encrypted

feature vpc

vpc domain 1

role priority 10

peer-keepalive enable

peer-keepalive destination 192.168.200.254 source 192.168.200.253

peer detection enable

exit

--------------------------------------------------------------------------------------------------------

SW2

!Current Configuration:

!System Description "Dell Networking N3048, 6.1.0.6, Linux 3.6.5-320b2282"

!System Software Version 6.1.0.6

!

configure

vlan 10

exit

vlan 20

exit

vlan 30

exit

vlan 40

exit

vlan 60

exit

vlan 100

exit

vlan 170

exit

vlan 192

exit

vlan 10,20,30,40,60,100,170,192

exit

ip telnet server disable

hostname "ME_Core_Switch2"

slot 1/0 3 ! Dell Networking N3048

sntp unicast client enable

clock timezone -5 minutes 0

stack

member 1 4 ! N3048

stack-port Tw1/0/1 shutdown

stack-port Tw1/0/2 shutdown

exit

level warnings

exit

ip http secure-server

no ip http server

interface vlan 1

ip address dhcp

exit

interface vlan 20

ip address 192.168.200.254 255.255.255.0

exit

username "bob" password 47a38f34929dd5467354e37fe4ebfe92b3bf privilege 15 encrypted

ip ssh server

spanning-tree priority 4096

spanning-tree mode rapid-pvst

!

interface Gi1/0/1

switchport access vlan 20

exit

!

interface Gi1/0/2

switchport access vlan 20

exit

!

interface Gi1/0/3

switchport access vlan 20

exit

!

interface Gi1/0/48

channel-group 1 mode active

description "VPC_Temp_Link"

udld enable

udld port aggressive

exit

!

interface port-channel 1

description "VPC_Temp_Core"

switchport mode trunk

vpc peer-link

exit

snmp-server engineid local 800002a203f8b156619fe0

enable password b73981e6dbbf5e11dbb806905dd6b4aa encrypted

feature vpc

vpc domain 1

role priority 20

peer-keepalive enable

peer-keepalive destination 192.168.200.253 source 192.168.200.254

peer detection enable

exit

DELL-Josh Cr · Answer

Let’s make sure that spanning-tree isn’t blocking the port, can you run show spanning-tree blockedports and make sure the port channel is not one of the ports?

Dranizz · Answer

Yeah I'Ve checked. And as soon as I disable VPC feature, all goes well...

Dranizz · Answer

Already did...

DELL-Josh Cr · Answer

Can you try updating to the latest firmware? [View:www.dell.com/.../DriversDetails]

DELL-Josh Cr · Answer

The issue may be that there are orphan ports, which the N series doesn’t have support for when using MLAG. You can create a static LAG and disconnect one port and that should work if the active interface is on the VPC secondary switch.

Dranizz · Answer

Interesting Worth trying. I'll give you results tomorrow

Dranizz · Answer

With Force10 VLT, it is recommended to use a Static LAG for the peer link, I always wondered why it was not the case for the N3000 VPC

Dranizz · Answer

I found out that both my switchs see themselfs as Root for spanning-tree Think it might be the problem? I tried to change the priority, but it does not work

DELL-Josh Cr · Answer

It could be a problem, what spanning tree mode is it in, you could disable spanning-tree on one of the switches.

Dranizz · Answer

I manage to make it work correctly, with one switch being the root, and all ports are fowarding state

But as soon as I enable VPC Mlag, no communication pass between the 2 switchs exept a ping to each other. A server connected to one switch cannot ping another on the opther switch but same VLAN

DELL-Josh Cr · Answer

Ok, so that rules out spanning-tree, were you able to switch to a static LAG as well?

Dranizz · Answer

Yes, but it did not work either

Networking General

Was this post helpful?