vPC Self-Isolation
Last Updated: [last-modified] (UTC)
vPC Self-Isolation is a new feature. At the present time, there is not a lot of information available on how it works.
This is a technology used for handling failures, like object tracking. If, for example, a module fails on the primary switch, it can send a message over the keep alive link to the peer. The message informs the peer of it’s intention to isolate itself from the network. The peer then transitions to the primary role.
This is also useful with a peer-link misconfiguration. If there are no VLANs present on the peer-link, the primary may isolate itself.
Self-Isolation is only available on a limited range of the Nexus platform. It is currently available on the N5K, the N6K, and the N7K.
It is disabled by default. Enable it with the peer-gateway and self-isolation commands under the vPC domain. Use show vpc brief to see if it is enabled.
For self-isolation to work, both switches. If it’s not on both switches, it will not cause a consistency mismatch, it just won’t do anything.
While isolated, the switch can be reloaded, debugged, removed from the network, and so on. This will not affect vPC forwarding through the non-isolated switch. Keep in mind though, that isolation is only for vPC functions. To isolate other features, investigate Graceful Insertion and Removal.
To manually isolate a switch, enter the vPC domain configuration, and enter the shutdown command. When finished, enter the no shutdown command.
References
Cisco Live (pp. 61-62) – BRKDCT-2378 – vPC Best Practices and Design on NXOS