05-14-2020 10:30 AM
Hi All,
Is it possible to to have two Nexus switches VPC'ed in DC1 and two Nexus switches VPC'ed in DC2 and run HSRP or some sort of GLBP across two DCs for distribution switches?
I want to make sure the VPC switches in DC1 are aware of VPC switches in DC2 for some gateway load balancing.
DC1: Nexus1<---VPC-->Nexus2 ------HSRP-----DC2: Nexus3<---VPC--->Nexus4
DC1 and DC2 would both have a link or two to a distribution switch in another building.
Thanks
Solved! Go to Solution.
05-14-2020 11:16 AM
Hi @oj
If you do not have any overlay flavors running on your Nexus switches (FP, VXLAN, OTV), then best approach is to isolate the HSRP. between the two vPC domains.
This is an example of FHRP isolation: https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118934-configure-nx7k-00.html
Reason for this approach is to avoid reaching into the state of having HSRP active in one vPC domain and HSRP standby in the second vPC domain. This state will affect the L3 forwarding of traffic.
Hope it helps,
Sergiu
05-14-2020 11:16 AM
Hi @oj
If you do not have any overlay flavors running on your Nexus switches (FP, VXLAN, OTV), then best approach is to isolate the HSRP. between the two vPC domains.
This is an example of FHRP isolation: https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118934-configure-nx7k-00.html
Reason for this approach is to avoid reaching into the state of having HSRP active in one vPC domain and HSRP standby in the second vPC domain. This state will affect the L3 forwarding of traffic.
Hope it helps,
Sergiu
05-15-2020 03:15 AM
Hi Sergiu
Thanks for quick reply.
No not bothered about overlay for this one.
I was looking at VPC/HSRP active-active design as below (p. 85)
I'm guessing your suggestion for FHRP goes with the above right? In fact it has to be configured with it.
Is that correct?
I have attached an image what I'm trying to achieve. With possibility of vlan to vlan routing via the firewalls but with hsrp gateways on switches.
Is this achievable?
Thanks in advance @Sergiu.Daniluk
05-15-2020 06:36 AM
Hi @oj
No, the FHRP isolation is not the same as HSRP Active-Active nature in vPC.
What the HSRP/VRRP active/active with vPC chapter is describing is how the HSRP or VRRP works when configured on a vPC domain - both vPC peers are Active in terms of forwarding.
What I shared (FHRP isolation) is keeping the HSRP/VRRP separate between 2 different vPC domains. This means, that you will have same group, with same VIP, Active/Standby (or Active/Active from forwarding perspective) in each vPC domain. You achieve this by filtering the HSRP control packets, APRs and HSRP GARPs between the vPC domains.
Best regards,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide