Solved: Nexus 7000 Proxy L3 Routing

thsmfe001 · ‎09-08-2013

Hi,

I will suggest Nexsu 7000 as Backbone switch to my client.

But i don't understand why proxy L3 routing must be used under M & F2 mixed condition.

Although F2 module also support all L3 capacity, L3 routing dosen't be support on F2 module with M series module.

Could you tell me why this happen and explain Nexus 7000 architecture?

Thanks

Yun.

rebecca.richards · ‎10-13-2013

M2 + F2e in the same VDC works as of 6.2(2), in which case F2e module reverts to the classic L2 forwarding mode, leaving all L3 decisions up to the M2 module, so you still need proxy L3 routing.

I think the reasoning behind this is due to the M2 L3 engine being far more powerful than the F2e L3 forwarder. For instance, the M2 engine can do OTV, the F2e cannot. Makes sense to me to revert L3 decisions to a more powerful card.

What I find strange is that even though the F2e line card has an L3 forwarding engine built-in, I cannot configure L3 IP addresses directly on the F2e ports. Creating a VLAN SVI and setting the F2e port to access-mode works, but then if I only need a single point-to-point L3 link between the Nexus 7K and another device, and I've configured vPC, the vPC goes into an Type-2 Inconsistent state, because the VLAN and/or SVI isn't present on the peer switch.

View solution in original post

Marwan ALshawi · ‎09-10-2013

L3 proxy is required only when you have M with F1,

F2 already support L3

but keep in mind that F2 has to be in differnt VDC than the M unless you are using F2e ! ( but you need to double check on this )

HTH

thsmfe001 · ‎09-11-2013

Thank you for your reply.

As you mentioned, F2 has to be in diffrent VDC than M series modules.

If i have to use same VDC with F2 and M, proxy L3 routing is adopted automatically between them.

In that case, why is Proxy L3 adopted though F2 also support full L3 functions?

Marwan ALshawi · ‎09-21-2013

u can not the Nexus dose not support both M and F2 line card int he same VDC

the new line card F2e i think can coexist with M line cards you can read about the F2e

hope this help

rebecca.richards · ‎10-13-2013

M2 + F2e in the same VDC works as of 6.2(2), in which case F2e module reverts to the classic L2 forwarding mode, leaving all L3 decisions up to the M2 module, so you still need proxy L3 routing.

I think the reasoning behind this is due to the M2 L3 engine being far more powerful than the F2e L3 forwarder. For instance, the M2 engine can do OTV, the F2e cannot. Makes sense to me to revert L3 decisions to a more powerful card.

What I find strange is that even though the F2e line card has an L3 forwarding engine built-in, I cannot configure L3 IP addresses directly on the F2e ports. Creating a VLAN SVI and setting the F2e port to access-mode works, but then if I only need a single point-to-point L3 link between the Nexus 7K and another device, and I've configured vPC, the vPC goes into an Type-2 Inconsistent state, because the VLAN and/or SVI isn't present on the peer switch.

Marwan ALshawi · ‎10-16-2013

Nice response Rebecca, 5+

mfarrenkopf · ‎03-11-2015

Hi Rebecca,

I just stumbled onto your reply while searching to understand Nexus VDC modes. I've got two 7Ks that have been using M2 cards up to this point but I need to configure an F2e card into the VDC. Based on what I've seen it looks like I'll maintain my M2 configuration but lose my F2e config, which is fine -- I've not configured anything on it yet.

What you're describing reminds me of the Catalyst DFC vs CFC. It may not technically be the same, but in principle it's similar -- the M2 cards are like DFC cards and can make their own decisions; the F2e cards are like CFC cards (when used with M-series cards) so they need to punt their packets elsewhere for forwarding decisions.

My initial thought on your VLAN going type-2 inconsistent: if your peer link is configured to allow all VLANs, then it's going to expect the VLAN for your SVI for the point-to-point link to be on both sides. If you remove that VLAN, or perhaps a range of VLANs you want to use for uplinks, from the peer link then you shouldn't get that error. I originally configured our environment so I was specifying each allowed VLAN on the peer link. Now, any new equipment I'm configuring to just allow all VLANs on the peer link and removing any that are used on an individual switch.