Hitless vPC Role Change

Thursday October 19, 2017

“Always two there are; no more, no less. A vPC primary and a vPC secondary.”Yoda (paraphrased)

Like Yoda says, there has always been a primary and secondary in a vPC relationship. But, they’ve always been non-preemptive. That means that a secondary will not automatically become primary unless there’s a failure of some sort.

So, if you reboot the primary switch, the secondary will become primary. When the first switch finished booting up, it will stay secondary. This is because a role change would be disruptive.

A feature called vPC Role Preempt, or ‘Hitless Role Change’ was recently introduced on the Nexus 9K in version 7.0(3)I7(1).  This was previously introduced on the 7K in version 7.3(0)D1(1).

This doesn’t enable automatic preemption. But, it does allow you to force a transition from primary to secondary without any traffic loss.

This would be a useful feature during maintenance. If you need to reboot a switch, transition it to secondary first. Once it’s finished rebooting, transition it back to the primary role.

You can verify the role a switch currently has with show vpc role. This also shows the role-priority.

Switch-1# show vpc role

vPC Role status
vPC role                        : primary
Dual Active Detection Status    : 0
vPC system-mac                  : 00:23:04:ee:be:05
vPC system-priority             : 1000
vPC local system-mac            : 28:6f:7f:ae:6c:39
vPC local role-priority         : 10
vPC local config role-priority  : 10
vPC peer system-mac             : 28:6f:7f:ae:b4:19
vPC peer role-priority          : 15
vPC peer config role-priority   : 15

Thevpc role preempt command is used to switch roles.

Before switching, the priorities have to be changed. To become primary, a switch needs to have the lowest role priority.

Switch-2# vpc role preempt
ERROR: Couldn't perform role change: to change local to Primary, please adjust vpc role priority () on local and/or peer vpc so that local one is smaller than peer one.

Switch-1# vpc role preempt
ERROR: Couldn't perform role change: to change local to Secondary, please adjust vpc role priority () on local and/or peer vpc so that local one is larger than peer one.

When you change priority, the switch reminds you that the change won’t take effect until you preempt the roles.

Switch-1(config-vpc-domain)# role priority 10
 Change will take effect after user has:
   1. Triggered "vpc role preempt" (non-disruptive - no traffic loss on STP root switch)
OR 2. Re-initd the vPC peer-link (disruptive)
 !!:: vPCs will be flapped on current primary vPC switch while attempting option 2 ::!!

Finally, the roles can change. This generates syslog messages on both switches.

Switch-1# vpc role preempt
Please ensure peer-switch is enabled and operational('show spanning-tree summary'). Continue (yes/no)? [no] y
Switch-1# 2017 Oct 17 03:59:55 Switch-1 %$ VDC-1 %$ %VPC-2-VPC_ROLE_CHANGE_NOTIFICATION: VPC role is changed from Master to Slave

Switch-2# 2017 Oct 17 03:59:16 Switch-2 %$ VDC-1 %$ %VPC-2-VPC_ROLE_CHANGE_NOTIFICATION: VPC role is changed from Slave to Master

More on vPC…

[maxbutton id=”4″ text=”vPC’s” url=”https://networkdirection.net/Virtual+Port+Channels”][maxbutton id=”4″ text=”Advanced vPC’s” url=”https://networkdirection.net/Advanced+vPC”]