03-04-2024 10:06 AM
We are looking to implement a double sided VPC between pairs of Nexus 9ks. The plan is to form VPC peers between the two 9ks in each DC for server redundancy.
DC1-A will be a VPC peer with DC1-B (Domain 1)
DC2-A will be a VPC peer with DC2-B (Domain 2)
All 4 switches will connect to each other for mesh connectivity.
Our plan is to then run HSRP between each of the A switches and route up to our Core.
Is it a valid configuration to have HSRP peers in different VPC domains?
03-04-2024 10:10 AM
Hello @Beazle
It seems to be a valid configuration. In fact, this is a common design practice for achieving redundancy and high availability in data center networks.
In your setup, each pair of Nexus 9k in DC1 and DC2 forms a VPC domain. Within each VPC domain, the two switches are VPC peers, providing redundancy for server connections. Right ?
By running HSRP between the A switches (for example, DC1-A and DC2-A), you can achieve gateway redundancy for the servers. Each A switch will act as the active gateway for its local subnet, and in the event of a failure, the standby gateway on the other A switch will take over.
This design allows for redundancy at both the server access layer (using VPC) and the gateway layer (using HSRP).
03-04-2024 11:08 AM
Yep, that is the plan. Thank you for your response
03-04-2024 10:16 AM
confirm below
double side
same VLAN in all NSK
HSRP for same VLAN
if all above Yes you can use HSRP in all SW
https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf
03-04-2024 11:28 AM
The plan would be similar. Based on the diagram that you shared we would want 7k1 and 7k3 to participate in HSRP while 7k2 and 7k4 would not. 7k1 would also have a connection to 7k4 and 7k3 with a connection to 7k2 for additional redundancy.
I suppose we wouldnt get the advantage of having active/ active because the VPC peers wouldnt both be participating in HSRP. So there would not be a shared virtual MAC for the HSRP peers.
Or would there be a way to still achieve the active / active functionality while only having 7k1 and 7k3 participating in HSRP?. Is that what the PACL describes when stopping the propagation of the HSRP hellos across PO10 in figure 77? Or is that describing how to have separate HSRP instances in each DC?
Appreciate your help
03-04-2024 12:23 PM
unfortunately
I have limit RAM in my server to run four NSK, but
the idea is simple
run HSRP in four NSK
we isolation HSRP between the two domain by PACL
each domain will select it HSRP active Peer, if down the NSK in same domain will elect as new active
I think this is what you looking for
NOTE:- I read in CCIE DC that we can use different password to isolate the HSRP instead of use PACL
MHM
03-04-2024 12:33 PM
Can you think of any reason to not run GLBP on 7k1 and 7k3 to achieve the active / active functionality?
03-04-2024 12:40 PM
Friend' hsrp will elect active peer in each domain BUT
Both vPC NSK in each domain will work as active/active' this different of vpc than other SW.
AND The active hsrp in vpc beside for data traffic responsible of reply to ARP.
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide