Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1559
Views
10
Helpful
5
Replies

Migrating VRF based data center to Nexus VDC

BirkJones7747
Level 1
Level 1

‎06-06-2019 12:59 PM

Hello experts

Working on a project where i have two data centers connected via L2 fiber link. Currently traffic is segregated through VRF which terminates on the firewall. Some 10 VRF that has multiple subnets. The idea is to have VDCs to segregate the traffic both at control, data and management plane. Although its not difficult to bring up the new VDCs, I'm just thinking what is just the best way to migrate the VRF over to the new VDCs.

Each VDC will be a security zones in itself,m Like DMZ,  DMZ Mgt, Core Zone, External zone etc... Likewise today the whole of the infrastructure is done with VRF that segregate the traffic, moving forward this will be in VDCs.

Any idea, how to migrate those?

Thanks

1 person had this problem
Labels:
0 Helpful
5 Replies 5

lovsharm
Cisco Employee
Cisco Employee

‎06-07-2019 05:38 AM - edited ‎06-07-2019 05:41 AM

Hi Jones, 

 

if you are moving the 10 vrf in individual vdc, this is not possible, we only support 8 vdc at max.

it is not scalable if you have the probability of more VRF addition in future, because vdc still remain same. But you can definitely go like admin/core/edge klnd of structure and move the respective VRF in respective VDC. like keeping Mgmt vdc just for mgmt traffic. 

 

We do not have any less disruptive way to do that, because you have to move those interfaces from default vdc to particular vdc but it will loose all configuration in the previous vdc for that interface, you can also not have port mapped to same port asic allocated to different vdc, plus you can not share same interface in multiple VDC which you can do with l2 interfaces with vrf. please let me know if you have any specific concern.

 

Regards,

Lovkesh

BirkJones7747
Level 1
Level 1
In response to lovsharm

‎06-07-2019 06:33 AM

Hi lovesh
Thanks for your reply. I know there are 8 vdcs. Also the vrf currently are
on the 6506 where they are terminated to to a firepower firewall.
Therr are 10 vrfs but i dont need 10 vdcs. 1 vdc will host more than one
vrf.
The new vdc will be connected to the firepower on new interfaces. My point
here, is whats the best pracrice to migrate those vrf into the vdcs? As the
vdcs are on the 7k. The vrfs terminate on the firewall.
Thanks
0 Helpful

lovsharm
Cisco Employee
Cisco Employee
In response to BirkJones7747

‎06-07-2019 10:17 AM

Hi Johns, 

 

It's really depends on topology. Let's say you have the Gw configured in the 65xx in that case you can build SVI on 7k and FHRP and send all that traffic to GW and make n7k as vdc and primary and move that traffic to n7k.

 

Regards,

Lovkesh

0 Helpful

BirkJones7747
Level 1
Level 1
In response to lovsharm

‎06-07-2019 01:37 PM

Currently, the Gateway is on the 65xx, all servers are configured to have the default gateway on the catalyst. From your point of view I shud have 7k vdc connected at Layer 2 to the catalyst and setup SVIs on the N7K under the VRF and from 65xx route the traffic to the 7k vdc, which in turns point to the Firewall?

 

0 Helpful

lovsharm
Cisco Employee
Cisco Employee
In response to BirkJones7747

‎06-10-2019 08:01 PM

Yes, if you want to move the GW to n7k you can run the  same group HSRP on n7k and meanwhile when all L2 connections are right you can eventually change the GW on 7k to active and shut down SV on C65xX. 

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card