Cisco Community
English
Register
Speak French? Now you can ask your questions in the new French Community! CLICK HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
395
Views
0
Helpful
0
Replies
Highlighted
KELLEYD
KELLEYD Beginner
Beginner
‎03-09-2018 04:53 AM
‎03-09-2018 04:53 AM

Best Practices: Point-to-point via the fabric?

Hello. I've picked up a lot from some of you who are ACI Kung Fu Masters and some of you who are very creative and have even more bizarre use cases than I. :) So, I figured I would post here asking for best practice suggestions.

 

We have two data centers, several miles apart.  We have them setup using multipod on 3.0(2k).  The IPN is a a pair of N9Ks (Standalone) at each DC, each with a 10G Metro-E between them.  Along with the IPN VRF, we are also routing our core area 0. This is also where our common L3out terminates. (Core VRF, not IPN VRF). Why does the common L3out terminate here? Read on and, if you are experienced with OSPF, you will probably pick up on why.

 

Our WAN circuits out to our various locations come into yet another pair of standalone N9Ks at each DC so that they can traverse our IPS before hitting our ASR1K at each DC.

 

For "Reasons", some of our DC SVIs remain on our ASR1K routers. They run VRRP across DCs. Currently, this is via the fabric  Each ASR has a port-channel to a leaf pair with the various VLANs trunked. Our data centers are, by policy, hot standby. So the ASR at DC1 is the VRRP master. It works out okay unless the need arises to have any given site use their backup WAN circuit as their primary. This use case has arisen.

 

This is an inherent problem with OSPF, so there is a standard fix.  And let's skip the debate over design. I inherited it. What I need to do is enable OSPF multi area adjacency between the two ASR1Ks. The requirement to do so is to have point-to-point adjacency between the two routers.

 

What I'm thinking is that I could simply use the existing port-channel and create a new SVI on each ASR. Let's call it Po100.666 (the necessary evil). ip ospf 1 area 0. ip ospf network point-to-point. ip ospf 1 multi area 1234. Drop the mic.  Enjoy life as women everywhere want to be with me and men everywhere want to be me.

 

The philosophical question: is that the right way to do this? The ACI fabric is for servers, not transit. But I am already doing this anyway. In theory, it would go away when Po100 goes away anyway.

 

Or will it? It's nice to have that multi area adjacency.

 

So if I don't use the fabric for transport, what do I do? QinQ tunnel through the IPN switches between ASRs? GRE? An EVPN through them? But I already have an EVPN setup with VXLAN encapsulation. So why not use it?

 

I think I have my answer but I wanted your opinions. What would you do?

 

Also, if you were to use the existing port-channel for this purpose, given that only these two endpoints would exist in the new non-routed bridge domain, how would you configure the BD and EPG?

 

 [Edit: ASR1K not 9k.]

Labels:
0 Helpful
Reply
Latest Contents
Pondering Automation: Less is More Part 2
Created by Shaun Roberts on 08-13-2019 10:52 AM
0
0
0
0
  Howdy out there in automation land!!!! Again... two in one day... wow :) So onwards we press. If you have not read Part 1, please go back and do that as it might not make sense. In this part of the Less is More series we are going to install Cloud... view more
Pondering Automation: Less is More Part 1
Created by Shaun Roberts on 08-13-2019 09:49 AM
0
5
0
5
  Howdy out there in Automation land!!! Today... I have the start of a long set of two blogs for my readers. We are going to do something exciting and really useful... but purely about system setup and design... no real "automation" today. But first... view more
Voice of the Engineer Presentation 7-25-19, ACI NIR/NAI
Created by rfrothin on 08-07-2019 01:45 PM
0
0
0
0
 
Intersight Account Reset Tool
Created by Ugo Emekauwa on 07-31-2019 10:11 AM
0
0
0
0
Cisco Intersight Account Reset Tool   The Cisco Intersight Account Reset Tool is designed to increase the efficiency of developers, engineers, sellers and trainers working with Cisco Intersight by automating the Intersight account reset process. The ... view more
Pondering Automation: Back to Basics Part 3
Created by Shaun Roberts on 07-30-2019 01:46 PM
0
0
0
0
Howdy out there in Automation land!! Hope everyone is having a great summer. We draw into the last true month of summer and we are going to take you further on your Action Orchestrator journey. Since we are on our last "Back to the Basics", I think we wil... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
July's Community Spotlight Awards