Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
574
Views
3
Helpful
3
Replies

vPC for ACI Multisite ISN

Fairytale16
Level 1
Level 1

‎08-16-2023 07:26 PM - edited ‎08-16-2023 08:30 PM

G'day everyone,

I'm building the ACI Multi Site. There are 2 DCs connected via Dark Fiber (DF).

I have 2 switches allocated to build an ISN. There are going to be a few other services *(L2 only) to use DF as well, such as FW HA, LB HA etc.

I decided to use vPC to efficiently use the links. I'm a bit worried about vPC nodes to Spines L3 connection. I'm looking forward to have 2 sub-interfaces *(tag 4) configured on each of the ISN switches and establish P2P OSPF between them and Spines. The diagram is below.

I wonder if anybody did this before and can share some experience. *(unfortunately I don't have access to the lab at the moment)

isn.JPG

 

 

Labels:
0 Helpful
3 Replies 3

Robert Burns
Cisco Employee
Cisco Employee

‎08-17-2023 11:50 AM

I would recommend against configuring each Sites ISN switches as VPC Peers.  The reason is for better resiliency if/when you need to upgrade one of the two, and/or swap them out.  VPC can be much more restrictive.  Since everything is L3 between the ISN and Spines, it'll recover sub-second.  I don't see the need to add additional complexity at L2 unless you have a good reason for this. 

Can you explain why you have the need for both L2 & L3 links between the ISN devices at each site? 

Robert

Fairytale16
Level 1
Level 1
In response to Robert Burns

‎08-17-2023 05:39 PM

Hi Robert,

Thank you for your reply. The reasoning for L3 is for ISN/ACI MultiSit purposes only. As for L2  I need to connect a few systems between DCs bypassing ACI:

  • Firewall HA links *(data and control)
  • Load Balancer HA links
  • Since the firewall is active-standby *(stretched cluster between sites) and keeping gateway Nexus Dashboard management and OoB,  I need to connect OoB switches to the standby firewall node (to keep access in case of fail-over).
  • Nexus Dashboard (residing on Site A) to connect to Site B for Mgmt and Data *(Insights).

So vPC here just for L2 redundancy purposes. I'm working towards getting a pair of C9300s for each site to separate the L2 stuff and leave ISN alone. Just need to see alternatives if the purchase declined.

0 Helpful

waleedmatter
Level 1
Level 1

‎05-19-2024 02:57 PM

I have the same your scenario that i need to connect the two ISN nodes (N9k's) in each site with two DMZ switch through port-channel so i will make vPC between two ISN nodes per site and i need to extend the L2 from the two ISN nodes per side as your picture above so my question if i create vlan x and SVI for it between 4 ISN nodes to establish ospf

for ACI multisite  so i will have 4 ospf adjacency  ,is this ok and no problem for ACI multisite as at the end i need ospf end to end between spines in site 1 and spines in site 2 to establish MBGP ?

between site 1 ISN-1-----site 1 ISN-2  ,  Site 1 ISN-1-----Site 2 ISN-1 , Site 1 ISN 2---------Site 2 ISN 2 , Site 2 ISN 1-----Site 2 ISN2 so there will be any problem

Site 1

ISN-1--------L2vPC Vlanx------ISN2

/                                                      /

/                                                     /

L2                    Vlanx                    L2

/                                                 /

ISN-1------vPC Vlanx------   ISN-2

Site 2

 

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License