Tuesday, April 13, 2021

Cisco ACI - Set up VPC pair with a single leaf in the fabric (temporarily during migration)

Hi all,

We are planning a migration of a couple of NX-OS switches (C93180YC-EX) in a VPC pair to ACI, to which we have dual-homed servers connected with LACP port-channels.

To minimize downtime, our idea was:

  • Migrate one of the switches to ACI in a non-redundant VPC config to allow LACP negotiation:
  • Repatch the servers one by one to the new switch (and unplugging the cable to the NX-OS switch) - causing just a short outage per server
  • Migrate the second switch to ACI and reconnect the redundant cabling

We're doing this in a test setup right now, but are unable to get the VPC up and running:

  • 1 leaf fully operational in ACI (switch/port profiles, etc)
  • 1 leaf pre-provisioned - so there is a node-id configured with switch/port profiles, etc
  • We can create the VPC protection group just fine, however it throws this fault:

" Failed to configure the vPC policy for the vPC pair xxx and a virtual IP address of xxx because: VPC Node IP Address Unknown,One Node in VPC is Not Leaf,One Node in VPC Not in Fabric,Nodes are not part of same POD "

  • "show vpc" on the CLI of the ACI leaf indeed shows that VPC is not configured at all:

Legend:

(*) - local vPC is down, forwarding via vPC peer-link

vPC domain id : Not configured

Peer status : peer link not configured

vPC keep-alive status : Disabled

Configuration consistency status : failed

Per-vlan consistency status : success

Configuration inconsistency reason: vPC peer-link does not exist

Type-2 consistency status : failed

Type-2 inconsistency reason : vPC peer-link does not exist

vPC role : none established

Number of vPCs configured : 0

Peer Gateway : Disabled

Dual-active excluded VLANs : -

Graceful Consistency Check : Disabled

Auto-recovery status : Enabled (timeout = 240 seconds)

Operational Layer3 Peer : Disabled

Has anyone gone through this process successfully by any chance?

An alternative we're thinking about could be to configure local port-channels on the ACI leaf so at least LACP will come up when we repatch the servers, but then we still need to convert them one by one from PC to VPC one the second leaf is available in the fabric. But at least it wouldn't be a total downtime while migrating both switches.

Or any other ideas?

Thanks!



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)