HSRP in VPC between Nexus Switches

Hello Rene,
I know my question is not relevant here since this is not the right platform for this question. However, it will be really helpful if you or someone else clarifies this.

I am going to use the above topology for the questions. In this topology, 5K-A and 5K-B are a VPC pair and HSRP is configured between them for Vlan 10 where 5K-A is the active router. I have read somewhere preempt and tracking do not need to be configured in VPC . My questions are mainly about these two things:

1) Preempt: I understand in VPC both routers send traffic (active in data plane) even though one router is active in the control plane and another one is standby. If preempt and tracking is not configured, how would one router take over the active role in the control plane when uplink goes down?

2) Tracking: According to the topology, 5K-A is the Active router in the HSRP and 5K-B is the standby. Since VPC is configured between them, they both are sending traffic (since they both are active in data plane) towards the both upstream 7K devices. Now if the link between 5K-A and 7K-A goes down, something will need to tell 5K-A to stop responding to the HSRP arp and stop sending traffic to upstream 7K-A. 5K-A will not send this traffic through the vpc peer link either. Is it correct? Would someone please explain how this entire thing work? How would 5K-A realize that upstream link is down and it can not send packets anymore?

Thanks…

Azm

Hello Azm

This is a very good question. I spent some time researching and yes I did find the same best practice suggestion you mentioned. Specifically, in Cisco’s Design and Configuration Best Practices for vPCs on Nexus devices document, Cisco just recommends:

“Do not use HSRP/VRRP object tracking in a vPC domain.”

Not very helpful. They don’t mention an alternative to object tracking. However, I have found the following useful: The Peer Gateway Feature which provides peer-gateway functionality that allows a vPC switch to act as the active gateway for packets that are addressed to the router MAC address of the vPC peer. This feature enables local forwarding of such packets without the need to cross the vPC peer-link. More about the way it can be configured can be found here.

I hope this has been helpful!

Laz

Thanks a lot Laz

Azm

1 Like