Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1785
Views
0
Helpful
3
Replies

VPC + HSRP Campus Datacenter

Go to solution
oj
Level 1
Level 1

‎05-14-2020 10:30 AM

Hi All,

 

Is it possible to  to have two Nexus switches VPC'ed in DC1 and two Nexus switches VPC'ed in DC2 and run HSRP or some sort of GLBP across two DCs for distribution switches?

I want to make sure the VPC switches in DC1 are aware of VPC switches in DC2 for some gateway load balancing.

 

DC1: Nexus1<---VPC-->Nexus2 ------HSRP-----DC2: Nexus3<---VPC--->Nexus4

 

DC1 and DC2 would both have a link or two to a distribution switch in another building.

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎05-14-2020 11:16 AM

Hi @oj 

If you do not have any overlay flavors running on your Nexus switches (FP, VXLAN, OTV), then best approach is to isolate the HSRP. between the two vPC domains.

This is an example of FHRP isolation: https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118934-configure-nx7k-00.html 

Reason for this approach is to avoid reaching into the state of having HSRP active in one vPC domain and HSRP standby in the second vPC domain. This state will affect the L3 forwarding of traffic.

 

Hope it helps,

Sergiu

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎05-14-2020 11:16 AM

Hi @oj 

If you do not have any overlay flavors running on your Nexus switches (FP, VXLAN, OTV), then best approach is to isolate the HSRP. between the two vPC domains.

This is an example of FHRP isolation: https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118934-configure-nx7k-00.html 

Reason for this approach is to avoid reaching into the state of having HSRP active in one vPC domain and HSRP standby in the second vPC domain. This state will affect the L3 forwarding of traffic.

 

Hope it helps,

Sergiu

0 Helpful

Go to solution
oj
Level 1
Level 1
In response to Sergiu.Daniluk

‎05-15-2020 03:15 AM

Hi Sergiu

 

Thanks for quick reply.

 

No not bothered about overlay for this one.

 

I was looking at VPC/HSRP active-active design as below (p. 85)

https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

 

I'm guessing your suggestion for FHRP goes with the above right? In fact it has to be configured with it.

Is that correct?

 

I have attached an image what I'm trying to achieve. With possibility of vlan to vlan routing via the firewalls but with hsrp gateways on switches. 

Is this achievable?

 

Thanks in advance @Sergiu.Daniluk 

Preview file
29 KB
0 Helpful

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to oj

‎05-15-2020 06:36 AM

Hi @oj 

No, the FHRP isolation is not the same as HSRP Active-Active nature in vPC.

What the HSRP/VRRP active/active with vPC chapter is describing is how the HSRP or VRRP works when configured on a vPC domain - both vPC peers are Active in terms of forwarding.

What I shared (FHRP isolation) is keeping the HSRP/VRRP separate between 2 different vPC domains. This means, that you will have same group, with same VIP, Active/Standby (or Active/Active from forwarding perspective) in each vPC domain. You achieve this by filtering the HSRP control packets, APRs and HSRP GARPs between the vPC domains.

 

Best regards,

Sergiu

0 Helpful
Customers Also Viewed These Support Documents