Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
613
Views
0
Helpful
0
Replies

Nexus 5k assistance with VPC and BGP

vyas.nilay
Level 1
Level 1

‎03-26-2019 01:58 PM

Hello Experts,

 

I have a question which might have answerd serveral times but I couldn't find any satisfactory answer so I open this to discuss.

I have a following situation

 

Firewall A --- active link --- 5k 1

               ----Standby link -- 5k 2

 

Firewall B -- active link -- 5k1

              --- Standby Link - 5K2

 

Setup :

Firewall A and B are in Cluster mode so Firewall A will be active all the time until hardware failure

Each firewall has active- standby link to both 5k and standby link will become only active if the Active link fails due to cable or switch failure.

5K1 and 5K2 are sharing VPC

 

Requirement:

 

- i-bgp between 5k1 and 5K2 to share all the external routes which directly termianate on the 5K via ISP with ebgp. One to one connection.. So 5k1 -- ISP1 and 5K2 -- ISP 2.. 

- i bgp between 5ks and Firewall

 

Discussions or issues or help on design

 

-  Is following a good option

5k1 vlan 10 --- ibgp --- FW A

5k2 vlan 20 -- i bgp --- FW A

5K1 vlan 30 - ibgp - 5K2

VLAN 10 will not be created on 5K2

VLAN 20 will not be created on 5K1

VLAN 30 will not be trunk across to FWA

Traffic:

5k1 will have ibgp with active link 

5k2 will have ibgp over secondary link but no traffic will flow 

failure of the 5k1 or link 5k2 will start processing the traffic over it's ibgp and share the routes with 5k1 over ibgp .. if the link is failure

 

this is standard stand alone switch setup. .... no fency VPC setup. 

 

Secnario 2

 

5k1 vlan 10 --- ibgp --- FW A

5k2 vlan 20 -- i bgp --- FW A

5K1 vlan 30 - ibgp - 5K2

 

VLAN 10 and 20 will be crated on both 5k

SVI on vlan 10 will only exist on 5K1

SVI on vlan 20 will only exist on 5K2

 

Traffic

firewall wil use th 5k1 -- active link for the peering vlan 10 and 20 to both Nexus.

Traffic engneering will performed to make sure routes learnd from VLAN 10 is prefred over vlan 20.

if the link between 5k1 and Firewall A fails.. Firewall will still able to manage the BGP connection to 5K1 via Secondary link and also another BGP via 5K2 on vlan 20.

 

Discussion / Help / Question:

 

Will this work ???

 

Last question:

 

Is there any better way for design using Peer gateway or any other way which is more effective?

 

Thanks a lot for reading this and helping me out with this riddle. 

 

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents