So I've been tasked with retiring a pair of 6509s that are in our DC core. I'm looking to get some advice and input on my design considerations, I'm a Nexus newbie... First off, these 6509s are the core routers for 4 primary functional areas: DMZ (external servers), SAN, Internal Servers and the corporate user network. Today it is functioning as collapsed core, distribution and access for the internal server network. It's a distribution/core for the SAN. And the DMZs are on their own switches off to the side of the firewall.
I'm looking to consolidate all of these functions into a single pair of Nexus chassis'.
Question 1. Can I continue to have a collapsed core/distribution/access for my internal servers that would reside in a VDC, let's call it 'corp-servers'? So I'd have copper ports, F-series module fiber ports and M-series module (for L3 routing) ports allocated to this VDC to facilitate. Pros/Cons?
The next part to this would be carving up the Nexus into the other functional VDCs... I was planning on 4 VDCs, let's call them:
default (which would be the corporate user-net)
Question 2. In the above scenario, I'd be using the default VDC to pass all corporate user traffic into and out of the other VDCs. The only folks with access to this VDC would be the qualified network team members. We are a relatively small company (~1500 emp), security is important but I wouldn't classify us as high security per say. Are there any other drawbacks to this?
Question 2b. If so... I wouldn't be against combining the corp-servers and user-net into a single VDC, let's call it corp-internal. Are there any drawbacks here?
On to the storage VDC... I would have directly connected SANs but also may scatter some FEX N2Ks around and I'd like the flexibility for 1G and 10G uplinks.
Question 3. If my L3 boundary (default gw for these SAN networks) exists on the N7Ks, what would be the optimal module to use to connect my SAN and FEX switches? Can I get away with the N7K-F132XP-15 (F-series) or would I need an M-series? I'm kind of confused on just how to implement these. I was thinking I would purchase a single 32 port 10G M-series, allocate ports within to each VDC and use that to route between VDCs while all of my uplinks are configured the f-series ports in their respective VDCs.
So in short, I would be carving up a single M-series module, allocating ports from within each VDC to facilitate routing to/from my different 'zones'. Attached is a rudimentary drawing of my plan... Note that all of the 7Ks in the picture represent a single pair.
Thanks in advance!!!