Hi,
I don't remember any vsx option that would disable a "standalone" interface when the ISL link goes down.
But I've ran a vsx lab before and tested creating two M-LAG to connect only one device to each. For example, M-LAG-50 for FW-1 connecting to switch-1 and M-LAG-60 for FW2 connecting to switch-2.
Using this configuration in the event of an ISL failure the M-LAG on the secondary VSX switch-2 will be disabled.
If someone know of an option to do that differently I would also like to know.
------------------------------
Luciano Carvalho
------------------------------
Original Message:
Sent: Nov 03, 2020 06:32 AM
From: Alon Haber
Subject: VSX Split brain behavior for non vsx ports
Hi all,
I deployed two 8320 in VSX topology.
I have designing limitations, so two FW are connected each one with 1 uplink to the 8320.
Meaning, FW-1 to 8320-1 (1 link) and FW-2 to 8320-2. The FWs are in active standby.
The problem is when I have split-brain prevention with the keepalive port between the two 8320.
The Secondary (8320-2) shuts all its VSX lags because of the split-brain But keeps the port to the FW-2 up.
I want it to shut this port to the FW as well since I don't want it to be active for some reason.
I know Nexus VPC has the feature of "orphan ports" for this kind of situation and was wondering if something similar exists on VSX as well.
Thank you all,
------------------------------
Alon Haber
------------------------------