VPC Terminology & Deployment Scenarios

VPC Terminology & Deployment Scenarios

Posted on Jan 24, 2020 (0)

VPC Terminology & Deployment Scenarios

Virtual Port Channel (vPC):

Virtual Port channel enables physical link to be connected to two different nexus 7000/5000 series switches to appear as a single port-channel to third device like switch, server, etc.

Following are the benefits of the vPC:

  • It allow all ports of the STP to be in forwarding state, no blocked ports.
  • Utilizes full available uplink bandwidth
  • Does fast convergence when link or device fails.
  • Provide active – active default gateways for end servers
  • Provides Dual homed connectivity to servers.

 Below figure provide the physical and logical topology of the vPC.

End devices are connected to peer switch via vPC which uses al port-channel member link to forward traffic based on hash algorithms.

NX-OS Version & License requirement for vPC:

  • For vPC to run on Nexus devices mostly on Nexus 7000 series switches the NX-OS version must be equal or greater then NX-OS 4.1.3.
  • For License vPC runs on Base license of Nexus 7000/5000 series model.

Component of vPC:

Let’s discuss the component of vPC one by one and later we will see how to configure the vPC in steps:

  • vPC Peer Device: A nexus 7000/5000 series switch which are used to create vPC domain and configure vPC.
  • vPC Domain: Maximum Two Nexus devices are used to form vPC domain which makes the virtual MAC same for both peer device.
  • vPC Peer-Link: A port-channel configure with peer-link command helps us to synchronize the control plane and CFS protocol. This link is also a Layer 2 trunk link for carrying vPC VLAN.
  • vPC Peer-Keepalive Link: This is L3 link used to send vPC keepalive message every second to prevent the dual active or split brain scenarios.
  • vPC Member Port: Those ports which are connected to end device or server and are part of port-channel and a particular vPC is said to be vPC member ports.
  • vPC VLAN: Those VLAN which are allowed on vPC peer-link is called as vPC VLAN.

vPC Data Plane Loop Avoidance:

In vPC the loop is avoided at data plane rather than control plane. As per Cisco Design of vPC all data should be forwarded locally and peer-link should not be typically used for data packets. This is because Peer-link is used to synchronize control plane information like MAC address, Port-state information and IGMP information between peer-switch.

Let’s understand by above figure example for loop to avoid, when a broadcast or unknown unicast are sent from server to S1 switch , and due to broadcast in nature when it crosses the  peer-link and reached to S2 , than S2 before forwarding it to its vPC member ports check the following :

  • Is this traffic crossed the Peer-link
  • Is its vPC member ports on peer-device is UP say E1/1 on S1.

If both condition comes true then it will forward the traffic to it vPC member port that is E1/2 on S2. 

Only exception is that when the vPC member port goes down, both vPC peer-device will exchange the member port status states and will reprogram the vPC loop avoidance logic and thus Peer-link will be used as backup path.

vPC Deployment Scenarios:

vPC can be deployed in inside DataCenter and across DataCenter, both has its different design method.

Single Sided vPC: In a single sided vPC, all access devices like switch or servers, FW, Load balancer which supports link aggregation technology are dual connected to vPC peer switch.

Depending upon the line cared used on Nexus 7000 switch, maximum number of member in port-channel can be from 16 to 32.

  • M1 Series Module: 16 active member ports (8 on peer device 1 and 8 on peer-device 2)
  • F1/F2 Module: 32 active member ports (16 on peer device 1 and 16 on peer-device 2)

Cisco Nexus 5000 supports 16 active member ports per-port-channel.

Double Sided vPC:

In double sided vPC , there are two different vPC domain as shown in figure and the port between these two domain are part of one port-channel and one vPC. The Both two domain must have different domain number.

vPC domain in bottom is used for active/active connectivity from endpoint device to access layer. vPC domain in Top is used for active/active FHRP in L2/L3 boundary.


  • Super Duper Like


Please login here to comment.