12-18-2011 02:17 AM - edited 03-07-2019 03:56 AM
Hello,
I have a big issue with routing over Nexus 7000 vpc peerlink....
I am exactly in the case of the diagram 3 of the link bellow :
http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/
My question is how can I resolve my problem, I don't understand.
Also, the above link is the only one who speak about the routing over Nexus 7000 vPC peerlink, I am very frustated because cisco documentation don't speak about detail vPC working and consequently it is very very difficult to understand side effect of vPC integration.
Thank you in advance,
Best regards,
Thibault
12-18-2011 02:47 AM
What is the issue you have?
12-18-2011 03:23 AM
Do you see the network diagram 3 ?
The firewalls are singly attached (no vPC) to a VLAN that is forwarded on the Nexus 7000′s vPC peer link. The firewalls are running OSPF and attempting for form an adjacency with the each Nexus 7000. This design don't work.
Each firewall will form an OSPF adjacency with both Nexus 7000′s. This means that some OSPF routed traffic will traverse the vPC peer-link (even when no ports or links are failed). As a result, this traffic will be dropped.
Do you see my problem now ?
Thank you,
Regards,
Thibault
12-18-2011 05:54 AM
Best practice:
****** Read the Cisco vPC best practices design guides ******
http://www.cisco.com/en/US/products/ps9670/products_implementation_design_guides_list.html
12-18-2011 10:09 PM
Ok thank you I think I have the answer to my question. However, vPC best practice come from an unofficial documentation or I don't find it on Cisco Website.
Andrew Prince wrote:
Best practice:
****** Read the Cisco vPC best practices design guides ******
http://www.cisco.com/en/US/products/ps9670/products_implementation_design_guides_list.html
Thank you
05-12-2014 03:20 AM
Hi,
I have mix between the two suggestion solution:
1. i have two VDCs and run ospf between them.
2. i attached cisco 6500 on of the VDC and using trunk allowed specific vlans and run OSPF over vlan.
i am confusing if i need extra link between the nexus to run ospf or i can use peer-link
what is the best practice to achieve this.
05-12-2014 03:42 AM
both will work
but if you want to use the OSPF over the vPC peerling make sure to use a non vPC Vlan otherwise your IGP will not function correctly
05-14-2014 12:47 AM
HI Marwan
thanks for your replay,
can you give an example to do it
Thanks
07-24-2015 07:38 AM
i believe issues of Design 3 are addressed in NX OS 7.2 ? any ideas?
found this.
Dynamic Routing over vPC feature enables L3 routing protocols such as OPSF to form adjacency with the two vPC peer chassis. The equal routing cost matrices must be configured on applicable interface on each of the vPC peers, failure to do so can result in blocking the traffic. Asymmetric routing feature has to be implemented to address this issue and to configure Dynamic Routing over vPC. Additionally, when Dynamic Routing over vPC is enabled a warning log message is printed.
05-09-2014 10:25 AM
Hi,
i have the same query:
i have two nexus divided to two VDCs (VDC-1 and VDC-2) the connection between VDC-1 and VDC-2 is L3 and run OSPF.
On VDC-2 two ASA connected on it as showing in the network diagram. my queries are:
1. for ASA sync do i need add extra link between two nexuses only to allow sync vlan or i can use vPC peer-link in the diagram showing (state/keepalive) this is for ASA sync not for vPC keepalive. please correct me what if it is best practice ?
2. regarding the two VDCs since we are enabling ospf between them can i enable OSPF over peer-link in each VDC ? please advice me because i am really confusing when i check the routing over peer-link and if you can add sample configuration for each VDC
Thanks
08-10-2018 01:23 PM
Running into a similar issue and thank you for guidance. However do you know exactly where it talks about these points specifically related to routing protocols ?
08-14-2018 02:05 PM
12-18-2011 05:50 AM
The recommended design is to have a separate link for ospf peering other than the vpc peer link if you are riming ospf between the firewalls and n7k
Which is described in the link you pivoted above
Hope this help
Sent from Cisco Technical Support iPhone App
12-18-2011 10:14 PM
Hello marwanshawi,
I have two Firewall, one per Nexus and in the same Vlan. So i have to create two network to interconnect each Firewall with his nexus and an interconnect network between the two Nexus that's it ?
Thank you,
Regards,
Thibault
12-19-2011 12:16 PM
It is ok. I create an other trunk and it work.
And if servers or switches are singly attached (orphan ports) on Nexus 1, can they ping Nexus 2 IP (in the same vlan than servers or switches) via vPC peerlink ?
Thank you in advance.
Thibault
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: