Nexus 7K full mesh to WAN Router interoperability

zheepingliew · ‎04-22-2016

Hi Ladies and Gentleman,

I'm going to deploy a pair of Nexus 7K and have a full mesh connectivity to two WAN Router as below.

I had prepared the configuration between Nexus and WAN switch but not sure whether this will work or not. Can help to comment? Thanks

WANSW1	WANSW2
interface Vlan10	interface Vlan20
ip address 10.10.10.13 255.255.255.252	ip address 10.10.10.17 255.255.255.252
ip ospf authentication message-digest	ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 12345	ip ospf message-digest-key 1 md5 7 12345
ip ospf network point-to-point	ip ospf network point-to-point
ip ospf hello-interval 5	ip ospf hello-interval 5
!	!
interface Port-channel100	interface Port-channel200
description To Nexus	description To Nexus
switchport trunk encapsulation dot1q	switchport trunk encapsulation dot1q
switchport mode trunk	switchport mode trunk
!	!
interface GigabitEthernet1/3	interface GigabitEthernet1/3
description To Nexus	description To Nexus
switchport trunk encapsulation dot1q	switchport trunk encapsulation dot1q
switchport mode trunk	switchport mode trunk
channel-group 100 mode on	channel-group 200 mode on
!	!
interface GigabitEthernet1/4	interface GigabitEthernet1/4
description To Nexus	description To Nexus
switchport trunk encapsulation dot1q	switchport trunk encapsulation dot1q
switchport mode trunk	switchport mode trunk
channel-group 100 mode on	channel-group 200 mode on
!	!
router ospf 1	router ospf 1
log-adjacency-changes	log-adjacency-changes
redistribute static subnets	redistribute static subnets
passive-interface default	passive-interface default
no passive-interface Vlan100	no passive-interface Vlan200
no passive-interface GigabitEthernet1/2	no passive-interface GigabitEthernet1/2
network 10.10.10.9 0.0.0.0 area 0	network 10.10.10.10 0.0.0.0 area 0
network 10.1010.13 0.0.0.0 area 0	network 10.10.10.17 0.0.0.0 area 0
default-information originate	default-information originate
!	!

N7K-1	N7K-2
vlan 5,6,10,20	vlan 5,6,10,20
!	!
interface Vlan10	interface Vlan20
no ip redirects	no ip redirects
ip address 10.10.10.14/30	ip address 10.10.10.18/30
ip ospf message-digest-key 1 md5 3 12345	ip ospf message-digest-key 1 md5 3 12345
no ip ospf passive-interface	no ip ospf passive-interface
ip router ospf 1 area 0.0.0.0	ip router ospf 1 area 0.0.0.0
description WANSW	description WANSW
no shutdown	no shutdown
!	!
interface port-channel100	interface port-channel100
description Port-Channel Link To WANSW	description Port-Channel Link To WANSW
switchport	switchport
switchport mode trunk	switchport mode trunk
spanning-tree port type normal	spanning-tree port type normal
vpc 100	vpc 100
!	!
interface port-channel200	interface port-channel200
description Port-Channel Link To WANSW	description Port-Channel Link To WANSW
switchport	switchport
switchport mode trunk	switchport mode trunk
spanning-tree port type normal	spanning-tree port type normal
vpc 200	vpc 200
!	!
interface port-channel500	interface port-channel500
description vPC L2Peer-Link to N7K2	description vPC L2Peer-Link to N7K1
switchport	switchport
switchport mode trunk	switchport mode trunk
switchport trunk allowed vlan 5,6	switchport trunk allowed vlan 5,6
spanning-tree port type network	spanning-tree port type network
vpc peer-link	vpc peer-link
!	!
interface port-channel800	interface port-channel800
description L3Peerlinks to N7K2	description L3Peerlinks to N7K1
switchport	switchport
switchport mode trunk	switchport mode trunk
switchport trunk allowed vlan 10,20	switchport trunk allowed vlan 10,20
spanning-tree port type network	spanning-tree port type network
!	!
interface Ethernet1/1	interface Ethernet1/1
description Po100 to WANSW	description Po100 to WANSW
switchport	switchport
switchport mode trunk	switchport mode trunk
channel-group 100 mode on	channel-group 100 mode on
no shutdown	no shutdown
!	!
interface Ethernet1/2	interface Ethernet1/2
description Po200 to WANSW	description Po200 to WANSW
switchport	switchport
switchport mode trunk	switchport mode trunk
channel-group 200 mode on	channel-group 200 mode on
no shutdown	no shutdown
!	!
interface Ethernet1/23	interface Ethernet1/23
description L3Peerlinks to N7K2	description L3Peerlinks to N7K2
switchport	switchport
switchport mode trunk	switchport mode trunk
switchport trunk allowed vlan 10,20	switchport trunk allowed vlan 10,20
channel-group 800	channel-group 800
no shutdown	no shutdown
!	!
interface Ethernet1/24	interface Ethernet1/24
description L3Peerlinks to N7K2	description L3Peerlinks to N7K2
switchport	switchport
switchport mode trunk	switchport mode trunk
switchport trunk allowed vlan 10,20	switchport trunk allowed vlan 10,20
channel-group 800	channel-group 800
no shutdown	no shutdown
!	!
interface Ethernet1/45	interface Ethernet1/45
description "vPC L2Peer-Link to N7K2"	description "vPC L2Peer-Link to N7K2"
switchport mode trunk	switchport mode trunk
switchport trunk allowed vlan 5,6	switchport trunk allowed vlan 5,6
channel-group 500	channel-group 500
no shutdown	no shutdown
!	!
interface Ethernet1/46	interface Ethernet1/46
description "vPC L2Peer-Link to N7K2"	description "vPC L2Peer-Link to N7K2"
switchport mode trunk	switchport mode trunk
switchport trunk allowed vlan 5,6	switchport trunk allowed vlan 5,6
channel-group 500	channel-group 500
no shutdown	no shutdown

Reza Sharifi · ‎04-23-2016

Hi,

The design and configuration should work fine. A couple of notes:

1-I am not sure what type of switches are your WANSW1 and 2 are. Just make sure you have the right license to run routing protocols specialty if you are planning to run BGP with the providers.

2-What device will do the NAT for you or you don't need to run NAT at all?

3-Since you have switches facing the Internet providers, you may want to think about putting a set of firewalls between WANSW1, 2 and the Nexus for security unless you are planning to do that with the switches.

HTH

zheepingliew · ‎04-23-2016

Hi,

Thanks for the advise.

1. Both WANSW are existing running switches so the license is not an issue.

2. I dont do NAT at all because the interface that faced ISP is a DWDM link so it still internal IP.

3. ISP provided DWDM and not Internet Service so it is still ok for time being.

I have some concerns with the design and configuration.

Lets say the HSRP master for Vlan5 is N7K01, will it still utilize E1/1 and E1/2 to reach the WANSW or only E1/1? becasue E1/2 is connected to WANSW2 which is Vlan20.

In the event of N7K01 fails, will both E1/1 and E1/2 of N7K2 be utilize?

Thanks

Reza Sharifi · ‎04-24-2016

Hi,

Lets say the HSRP master for Vlan5 is N7K01, will it still utilize E1/1 and E1/2 to reach the WANSW or only E1/1? becasue E1/2 is connected to WANSW2 which is Vlan20.

This should be tested, but if you are going to use OSPF between the Nexus and the WAN switches without any cost changes and since the links are equal cost, OSPF will load balance the traffic between e1/1 and e1/2. You can always modify the cost on one of the links so it is always used as backup.

In the event of N7K01 fails, will both E1/1 and E1/2 of N7K2 be utilize?

If the destination costs adds up to be the same for both links than the traffic will be load balanced.

HTH