we are trying to implement a new solution for a client of ours who has purchased a pair of nexus 5596UP devices.
We have this topology attached in jpeg. They want to use the pair of 5k's for local lan and WAN connectivity.
Customer wants a VPC setup between the pair of nexus 5k's beucase at some point they will want to purchase FEX modules and VPC servers directly, in which case the VPC will be required (VPC Vlans L3 will terminate on 5k's using HSRP).
1. Can I have the same vlan with SVI built on each nexus and pass the vlan across the peer link so I can build IBGP and peer EBGP as per the diagram. Will this work?
2. Is it possible to build a layer 3 link from each nexus to remote PE device and then setup another SVI on each nexus and allow that accross the peer link? Would this configuration work and would traffic pass across the peer link for IBGP connectivity?
3. Or can I have it as per question 1 above and use a seperate port-channel (non-vpc) between the Nexus 5k pair to trunk the vlan across?
What is the best design around this kind of solution?
The alternative is to have the Layer 2 switch connect to both Nexus 5k's without port-channel and let spanning tree manage the loop. In this case would I need to build another trunk between the 5k's or could I just allow the vlan across the VPC Peer link.
You can create a vlan used exclusively for Nexus-to-Nexus iBGP peering. Use a new 'access' link between the two switches and place them on the new vlan. Make sure that this VLAN does not traverse the VPC peer link. Then, create SVIs on each switch for that VLAN and peer over that link. Then, you can create a L3 link on each nexus to peer with your eBGP neighbors.
The point you want to make sure you understand is the VPC loop prevention mechanism that says "If a packet is received on a VPC port, traverses the VPC peer link, it is not allowed to egress on a VPC port."
With your alternative in the last paragraph, you wouldn't have to rely on spanning-tree if you configure the attached n5k ports as layer 3 interfaces instead of SVIs and VLANs. You can set the L2 switch interface with portfast on both the n5k and eBGP peer links.
You should replace the "portchannel" label on the L2 to n5k switch with "vPC" and replace the "vPC" on the link between the two n5k switches with "Peer Link". At least on the n7k, the routing protocol issue has to do with the vPC member links and not the peer link between the n7ks. It is a valid config to route on the peer link, but it is not the first choice. First choice would be to use a separate L3 link between them.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...