Best Practices for VPC on Cisco Nexus

Today we will learn Best Practices for VPC on Cisco Nexus switches. Before going in deep, you should understand, what is vPC? Virtual Port-Channel (vPC) is a technology that allows links to be physically connected with two different devices to appear as a single port channel to a third device.

You can read more from my VPC contents list-

Best Practices for VPC on Cisco Nexus

I will divide these best practices into two segments. One in topology and other in configuration. There are so many to follow, but i will only mention major best practices. Hope it will be helpful for you. So, let started-

1.Best Practices for VPC Design:

• You should create a separate Layer 2 trunk port-channel between peer switches to transport non-vPC VLAN traffic.
• Do not use VPC to connect more than two Data Centers. You should go for OTV for that.
• Use multiple line cards for VPC peer-link. For example, if you choose 6 links for VPC peer-link, take ports from at least two separate line cards, more is better. It’s because, if one line card got faulty, you still have another line-cards to provide backup. Probability of peer-link down issue is less here.
• Use dedicated link for keep-alive. 1GE port is enough for keep-alive. Port-channel with 2x1G port is even better. In addition, try to take ports from multiple line cards just like peer-link recommendation.

2. Best practices for Configuration:

• Use a dedicated VRF for keep-alive link. For example, OUR-KEPPALIVE-VRF
• You must configure vpc keep-alive link before configuring peer-link. Otherwise, VPC will remain down.
• VLAN Pruning is highly recommended on peer-link. In other words, always configure allowed VLANs list in Peer-link.
• vPC peer-gateway should be enabled in the vPC domain.
• vPC ARP Sync should be enabled in the vPC domain.
• Delay restore should be enabled in the vPC domain & then add the time based on network profile.
• vPC graceful type-1 check should be enabled in the vPC domain.
• vPC auto-recovery should be enabled in the vPC domain.
• Auto-recovery reload-delay should be enabled in the vPC domain.
• vPC member port configuration must be same on both vPC peer devices.
• It is not must, but it is a good idea to use same vPC ID as port-channel ID for ease of configuration, monitoring, and troubleshooting.
• Active-Active LACP is recommended for member port.

If i miss any mostly used best practices, please comment below. So, that i can add them in my content. Thanks 🙂