I have a query around a supported VPC design using Nexus 77xx. I've struggled to find any documentation specific to this particular scenario.
I have a client who has a requirement to create a DMZ network (layer 2 separation) through a Nexus 7700 pair, with layer 3 routing carried out using a separate firewall appliance.
A host on one of these VLANs requires resilient connectivity, using bundled links with LACP. The intention would be to cross-patch these links across separate FEX, with separate parent chassis using VPC.
Connectivity to the upstream firewall (active/standby) would be via a layer 2 port-channels (non-VPC) directly between the core switches and the firewall appliances. These port-channels would trunk the VLAN of the DMZ network, as well as other (transit) networks where the devices peer using EIGRP. The transit/peering VLANs for all other traffic are non-VPC.
Layer 3 routing for the DMZ network would be carried out by these firewalls to allow segregation, with no layer 3 configuration present on the Nexus core switches.
The VLAN would be trunked across the VPC port-channel between the two Nexus core switches.
I've thrown together the below diagram to try and show the intended setup.
Is this a supported design?
Are there any considerations regarding failover for this solution?
I hope the above description and diagram is reasonably clear, but please let me know if you need further information.
I do not see any issue in terms of design, Layer 2 handover to FW, FW configured correctly with HA with Floated IP, you should be good..
why do you think you have an issue here?
I don't believe there's an issue, I'm just looking for reassurance in the absence of any validated designs.
Thanks for your feedback.