Customer needs a solution for High availability enterprise backbone, where the following are proposed:
Two NG firewalls are proposed in High Availability for network perimeter (Internet side)
Two Nexus 9508 (each with 4 FM, 2 Sup, 9564TX and 9564PX line cards, redundant power supply, L3 Routing license)
Six Distribution Switches (Catalyst 3580-24XS-S)
Each NG Firewall is proposed to connect to both Core switches. Similarly on the LAN side, each Distribution switch is proposed to be uplinked to both Core switches using 10G links.
The customer wants that:
The Core switches should be deployed in Active-Active configuration for High availability.
The two downlinks from the NG Firewall should terminate on Core Switch #1 and Core Switch #2 in such a way that the NG Firewall sees the two core switches as a single logical switch. The downlinks from each NG Firewall to the two Core switches should be aggregated at the Firewall to provide are active-active load sharing links.
Similarly, each Distribution Switch should connect to both Core Switches using 10G uplinks. The uplinks on the Distribution switches should be aggregated to provide active-active load sharing with Layer-3 routing.
Can anyone please confirm and provide links to provide information such a configuration. I believe using vPC along with ECMP on the Core switches and LACP or Etherchannel on the NG Firewall and Distribution switches, it may be possible to deploy this in a completely High availability configuration with fail-over and load sharing.
This is a very complicated question that leads to a design and network provision and configuring discussion which would require multiple interactive session and is a bit too in depth for this discussion board. With that said, I would like to connect you with the proper Cisco technical support channel if you need. Please contact me through my community account and I will try to connect you with the proper Cisco support channel the best I can. Thanks!