I have a pair of 5548UP running 7.0.x NX-OS, which is now kind of old (2016 release). Need to get it updated.
Want to run a proper ISSU, because there are 8 dual-homed FEXen in play and I'd rather not have all of those down for the entire upgrade window if I can avoid it. (I also don't really want to lose both 5k's simultaneously because there are some 10Gb hosts directly cabled.)
When I test for the install impact, it complains about spanning-tree being a problem.
show spanning-tree issu-impact
Gives me complaints about two port-channels (actually, 4-link vPCs with 2 links per Nexus).
One port channel is the uplink to the core (a pair of 3850s stacked). The other port channel is a downlink to a pair of Nexus 93180s.
I found and read through this informative blog post. I still don't fully understand what Cisco expects here.
Are they saying that on the uplink port-channel / vPC, I should have the port in
spanning-tree port type edge trunk
Rather than leaving it at the default type or setting it to "network"?
Oh actually, I see that a port designated as root shouldn't trigger this...
I'm getting complaints of Criteria 2 failing because I have the port between the 5ks and the 9ks set as "type network." That makes sense (I did it)... but would Cisco rather I set the port type to "edge" and effectively turn off spanning-tree on that vPC? Seems like madness to me?
The other error I'm getting seems to be due to the core not being the spanning tree root for one of the VLANs (I'm in rapid-pvst and not MST mode). I guess I could fix that by just preventing that VLAN from leaking back to the core, or instead by adding it to the core explicitly so it becomes root bridge there (causing the interface to go to "Root" instead of "Desg")....
It just seems like insanity to me to disable spanning-tree on a switch that's connected to another switch.
OTOH, Cisco often says that Nexus switches shouldn't be used "upstream" of other switches... so maybe it's my own fault? (The link between the two Nexus pairs is temporary, I need to get some additional fiber run and then the 9Ks can hang off the core themselves instead of hanging from the 5Ks.)
Po2 is the uplink to the core (2x 10Gb per 5K, vPC) Po4 is the downlink to the pair of Nex93180s (same as above)
n5k-1# show spanning-tree issu-impact For ISSU to Proceed, Check the Following Criteria : 1. No Topology change must be active in any STP instance 2. Bridge assurance(BA) should not be active on any port (except MCT) 3. There should not be any Non Edge Designated Forwarding port (except MCT) 4. ISSU criteria must be met on the VPC Peer Switch as well Following are the statistics on this switch List of all the Ports with BA Enabled Port ---------------- port-channel4 No Active Topology change Found! Criteria 1 PASSED !! Criteria 2 FAILED!! List of all the Non-Edge Ports Port VLAN Role Sts Tree Type Instance ---------------- ---- ---- --- --------- --------- port-channel4 1 Desg FWD PVRST 1 port-channel4 26 Desg FWD PVRST 26 port-channel2 26 Desg FWD PVRST 26 port-channel4 69 Desg FWD PVRST 69 port-channel2 69 Desg FWD PVRST 69 port-channel2 190 Desg FWD PVRST 190 port-channel2 300 Desg FWD PVRST 300 port-channel2 310 Desg FWD PVRST 310 Criteria 3 FAILED !! ISSU Cannot Proceed! Change the above Config
No comments:
Post a Comment