Configure EIGRP on the N9K platform (running NX-OS code to support routing over vPCs) to establish dynamic routing adjacencies and achieve ECMP on a vPC VLAN over the vPC peer-link and vPC switch links (port-channels).
Update 2018.04.03
A previous version of this post provided two different options for accomplishing vPC dynamic routing.
One case utilized separate L3 segments for each routing adjacency path, which I have learned is not a supported or functional topology since I got my hands on a staging environment with the N9K hardware.
The other case which remains, utilizes a single L3 segment for all routing adjacencies. This is the supported deployment method that I have validated in a staging environment with the N9K hardware.
| Supported | Unsupported |
|---|---|
 |
 |
Considerations & Goals
- Labbed in VIRL 1.3.296 on NX-OSv 9000 nodes running NX-OS reference platform 7.0(3)I6(1).
- Reproduced and validated on NX-OS 7.0(3)I7(1) on 9504/9508 chassis with SUP-B.
- N9K core switches in vPC domain must be running code capable of vPC routing.
- Stand-alone N9K distribution switch is connected to N9K cores via vPC.
- EIGRP adjacencies between cores and distribution switch.
- Distribution switch should have ECMP to 0/0 via both cores.
- A single transit network, or L3 segment, used between all devices.
Single Transit Network, or L3 Segment
See Caveats & Discoveries located at the bottom of this article.
| vPC VLAN | Subnet | Purpose |
|---|---|---|
| 1003 | 10.0.3.0/29 | Single transit between both CORE-1, CORE-2, and DIST-2. |
- EIGRP adjacencies formed between CORE-1, CORE-2, and DIST-2 over a single L3 segment.
- CORE-1 and CORE-2 advertise a default route using
ip summary-address.
Configurations
CORE-01
vlan 998
name NATIVE
vlan 1003
name RT:Transit
!
vpc domain 1
peer-switch
role priority 1
system-priority 8192
peer-keepalive destination 172.16.31.255 source 172.16.31.254 vrf VPC-KA
peer-gateway
layer3 peer-router
ip arp synchronize
!
interface port-channel1
description CORE-02:vPC-PEER
switchport mode trunk
switchport trunk native vlan 998
switchport trunk allowed vlan 1-997,999-4094
spanning-tree port type network
vpc peer-link
!
interface port-channel12
description DIST-02:vPC
switchport mode trunk
switchport trunk native vlan 998
switchport trunk allowed vlan 1003
spanning-tree port type normal
spanning-tree guard root
vpc 12
!
interface loopback13
description LOOPBACK:GRT
ip address 172.31.255.251/32
!
interface Vlan1003
description TRANSIT:CORES to DIST-02
no shutdown
no ip redirects
ip address 10.0.3.1/29
ip router eigrp CORE
ip summary-address eigrp CORE 0.0.0.0/0
no ip passive-interface eigrp CORE
!
router eigrp CORE
autonomous-system 1
router-id 172.31.255.251
passive-interface default
CORE-02
vlan 998
name NATIVE
vlan 1003
name RT:Transit
!
vpc domain 1
peer-switch
role priority 2
system-priority 8192
peer-keepalive destination 172.16.31.254 source 172.16.31.255 vrf VPC-KA
peer-gateway
layer3 peer-router
ip arp synchronize
!
interface port-channel1
description CORE-01:vPC-PEER
switchport mode trunk
switchport trunk native vlan 998
switchport trunk allowed vlan 1-997,999-4094
spanning-tree port type network
vpc peer-link
!
interface port-channel12
description DIST-02:vPC
switchport mode trunk
switchport trunk native vlan 998
switchport trunk allowed vlan 1003
spanning-tree port type normal
spanning-tree guard root
vpc 12
!
interface loopback13
description LOOPBACK:GRT
ip address 172.31.255.252/32
!
interface Vlan1003
description TRANSIT:CORES to DIST-02
no shutdown
no ip redirects
ip address 10.0.3.2/29
ip router eigrp CORE
ip summary-address eigrp CORE 0.0.0.0/0
no ip passive-interface eigrp CORE
!
router eigrp CORE
autonomous-system 1
router-id 172.31.255.252
passive-interface default
DIST-02
vlan 998
name NATIVE
vlan 1003
name RT:CORES
!
interface port-channel12
description CORE:vPC
switchport mode trunk
switchport trunk native vlan 998
switchport trunk allowed vlan 1003
spanning-tree port type normal
!
interface loopback13
description LOOPBACK:GRT
ip address 172.31.255.253/32
!
interface Vlan1003
description TRANSIT:CORES to DIST-02
no shutdown
no ip redirects
ip address 10.0.3.3/29
ip router eigrp DIST
no ip passive-interface eigrp DIST
!
router eigrp DIST
autonomous-system 1
router-id 172.31.255.253
passive-interface default
ECMP Validation
DIST-02
- EIGRP adjacencies with CORE-1 and CORE-2, both on VL-1003.
show ip ei nei
IP-EIGRP neighbors for process 1 VRF default
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 10.0.3.1 Vlan1003 14 23:50:30 569 3414 0 942
1 10.0.3.2 Vlan1003 13 23:50:20 135 810 0 1052
- ECMP to 0/0 via CORE-1 and CORE-2, both on VL-1003.
show ip ro ei
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF
0.0.0.0/0, ubest/mbest: 2/0
*via 10.0.3.1, Vlan1003, [90/3072], 23:50:30, eigrp-DIST, internal
*via 10.0.3.2, Vlan1003, [90/3072], 23:50:20, eigrp-DIST, internal
Caveats & Discoveries
- (DUP!) ICMP echo-replies were observed in some cases; it seems that NX-OSv isn't disabling IP redirects on SVIs mapped over vPC VLANS, as the configuration guide suggests it should when the peer-gateway is enabled. Configuring
no ip redirectson all SVIs is suggested. Even with this command added, DUP! events were still experienced in some cases. This may be an issue with VIRL, as other users have reported some MAC learning concerns.
References
- Supported Topologies for Routing over Virtual Port Channel on Nexus Platforms
- Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide, Release 7.x - Layer 3 over vPC Supported Topologies
- Nexus 9396 duplicate ICMP echo-reply (DUP!)
| Download this article as a PDF document. |
