vpcVPC Domain Config

peer-keepalive destination [ip]

Configures the destination IP address for the Virtual Port Channel (vPC) peer-keepalive link, which monitors the health of the vPC peer device.

Overview

The 'peer-keepalive destination' command is used in Cisco NX-OS to configure the destination IP address for the vPC peer-keepalive link. This link is a critical component of a vPC domain, providing a Layer 3 path between the two vPC peer switches to exchange keepalive messages. The keepalive mechanism ensures that each peer can detect if the other peer fails, allowing the surviving switch to take over the vPC traffic seamlessly. The command is configured in vPC domain configuration mode and typically uses a dedicated management VRF to isolate the keepalive traffic from data traffic. On Cisco Nexus switches, the peer-keepalive link is mandatory for vPC operation and must be operational before the vPC peer-link can come up. The command is often used during initial vPC setup or when modifying the keepalive parameters. In troubleshooting workflows, verifying the peer-keepalive status is the first step to diagnose vPC issues, as a dead keepalive can cause vPC instability or split-brain scenarios.

Syntax·VPC Domain Config
peer-keepalive destination {ip-address} [source {ip-address}] [vrf {vrf-name}]

When to Use This Command

  • Setting up a vPC domain with a dedicated keepalive link to detect peer failures.
  • Configuring a management VRF for the keepalive link to isolate traffic from the data plane.
  • Changing the destination IP when the peer's management interface IP is updated.
  • Using a separate VRF for the keepalive link to ensure reachability even if the default VRF fails.

Parameters

ParameterSyntaxDescription
ip-addressA.B.C.DThe destination IP address of the peer switch's interface used for keepalive messages. Typically the management interface IP of the peer.
sourceA.B.C.DThe source IP address for the keepalive packets. If not specified, the switch uses the IP of the outgoing interface.
vrfvrf-nameThe VRF to use for the keepalive link. Commonly set to 'management' to isolate keepalive traffic from the default VRF.

Command Examples

Basic peer-keepalive configuration

peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf management

Configures the peer-keepalive destination as 10.1.1.2, source as 10.1.1.1, and uses the management VRF.

Verifying peer-keepalive status

show vpc peer-keepalive
vPC keep-alive status : peer is alive
-- keep-alive interval : 1000 ms
-- keep-alive timeout : 5
-- keep-alive hold timeout : 3
-- keep-alive vrf : management
-- keep-alive destination : 10.1.1.2
-- keep-alive source : 10.1.1.1

Shows the keepalive status as 'peer is alive', along with timers, VRF, and IP addresses.

Understanding the Output

The 'show vpc peer-keepalive' command displays the status of the keepalive link between vPC peers. The first line indicates whether the peer is alive or dead; 'peer is alive' means the keepalive is functioning correctly, while 'peer is dead' indicates a failure. The interval, timeout, and hold timeout values show the keepalive parameters: interval is how often keepalives are sent (default 1000 ms), timeout is the number of missed keepalives before declaring peer dead (default 5), and hold timeout is the time to wait before bringing down vPC links (default 3 seconds). The VRF, destination, and source fields confirm the configured parameters. Healthy output shows 'peer is alive' and consistent timer values; problem values include 'peer is dead' or mismatched IP addresses.

Configuration Scenarios

Basic vPC Keepalive Configuration

Two Nexus switches forming a vPC domain with dedicated management interfaces for keepalive.

Topology

Nexus-A (mgmt0: 10.1.1.1/24) <--> Nexus-B (mgmt0: 10.1.1.2/24)

Steps

  1. 1.Enter vPC domain configuration mode on Nexus-A.
  2. 2.Configure the peer-keepalive destination with source and VRF.
  3. 3.Repeat on Nexus-B with reversed IPs.
Configuration
! Nexus-A
vpc domain 1
  peer-keepalive destination 10.1.1.2 source 10.1.1.1 vrf management
! Nexus-B
vpc domain 1
  peer-keepalive destination 10.1.1.1 source 10.1.1.2 vrf management

Verify: Use 'show vpc peer-keepalive' on both switches to confirm status is 'peer is alive'.

Watch out: Ensure the management VRF exists and the interfaces are in that VRF; otherwise, the keepalive will fail.

Troubleshooting with This Command

When troubleshooting vPC keepalive issues on Cisco NX-OS, start with 'show vpc peer-keepalive' to check the status. If the status shows 'peer is dead', verify IP connectivity between the configured source and destination addresses using ping from the appropriate VRF. Use 'ping vrf management 10.1.1.2 source 10.1.1.1' to test. Check that the management interfaces are up and have correct IP addresses. Ensure that no ACLs or firewall rules block UDP port 3200, which is used by the keepalive protocol. Also verify that the VRF specified in the peer-keepalive configuration exists and that the source IP is reachable from that VRF. If the keepalive status is flapping, check for network congestion or high CPU usage. The 'show vpc consistency-parameters global' command can help identify mismatched configurations that might affect keepalive. In split-brain scenarios, where both switches become active, the keepalive link is often the culprit; ensure it is properly configured and redundant if possible.

CCNA Exam Tips

1.

Remember that the peer-keepalive link must be in a separate VRF from the vPC peer-link to avoid routing loops.

2.

The default keepalive interval is 1000 ms; you can adjust it with the 'keepalive interval' command.

3.

On CCNP exams, know that the peer-keepalive uses UDP port 3200 and must be allowed in any ACLs.

Common Mistakes

Using the same VRF for both peer-keepalive and peer-link, which can cause routing issues.

Forgetting to configure the source IP, leading to asymmetric routing or unreachability.

Setting the keepalive destination to an IP that is not reachable from the source, resulting in 'peer is dead'.

Platform Notes

On Cisco NX-OS, the peer-keepalive command is specific to vPC and is not available on IOS. The equivalent on Cisco IOS (for VSS) is 'dual-active detection' using different mechanisms. On Nexus, the keepalive uses UDP port 3200, whereas on some other platforms it may use different protocols. The default timers are consistent across Nexus models, but can be modified with 'keepalive interval', 'keepalive timeout', and 'keepalive hold-timeout' commands. In NX-OS versions prior to 5.0, the keepalive VRF was not configurable; it used the management VRF by default. Always use a dedicated VRF for keepalive to avoid routing loops.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions