cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1014
Views
0
Helpful
1
Replies

layer 3 peering over VPC+

sandevsingh
Level 1
Level 1

Hi, we are doing a customer deployment in which 2 x n7ks are fabricpath enabled and are doing vpc+ all the devices that are dual attached to them. We need to connect the ASAs to them and the customer wants to do dynamic layer 3 peering.  (Not static routes) .

I am yet to do this in a lab environment, BUT will the ASAs see the 2 x N7Ks as 2 different rouiting-peers? (Same if you connect them to a VPC Domain).

what would be the best way to interconnect the ASAs with the N7Ks?

1 Reply 1

pille1234
Level 3
Level 3

I am afraid this is an unsupported design and may lead to traffic loss when packets need to be switched via peer link between both N7k.

Simple design would be to use layer2 links between N7k+ASA with VLAN interfaces on both N7ks, then peer the ASA with both of them. Assuming you use 2 ASAs with active/standby you still have redundancy if the single link to the active device goes down.

Oh one more thing: do some failover testing with the ASA and the dynamic routing protocol. If you use OSPF get ready for a disappointing surprise.