Nexus 7000 BGP routing design question VPC/non-vpc vlan

2colin-cant · ‎04-29-2013

Hi guys,

there is a lot of confusion around regarding how to design and deploy routing protocols such as OSPF / EIGRP / BGP and so on..

well, I have my questions too... and would be happy if you guys could comment:

Within the Release notes 5.2 I have found the following:

http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html

I have not found this in the Release Notes of 6.0 and 6.1, if I was to blind to find it, please point it out. But I imagine it is still a valid point also in future versions to come. @ Cisco guys, please correct me if I'm mistaken.

Below are four options, whereby I believe only Option 1 is valid:

Option 1: Router running BGP peering from its physical interfaces to the two Nexus 7000 directly connected Interfaces (routed ints on N7K) VALID

Option 2: Router BGP attached to N5K which is VPCed to N7K, peering from its SVI with the Router below. -> most likely NOT valid

Option 3: Router BGP attached to N2K which is single attached to one N7K or VPCed to both N7K's. On N2K a routed port is created. -> most likely NOT valid too.

Option 4: Router BGP attached to routed port on N2K, transiting via N5K VPCed to N7K -> most likely NOT valid.

Routed.Links.on.Nexus.01

In order to support a possible scenario, I thought of the following:

But most likely NOT VALID too, but please correct me.

Creating two local independant Vlans on each N7K. Peering from N7K's SVI towards the Router below via VPCed N5K / N2K.

Having N2K configured on port 1 as vlan access X and on port 2 as vlan access Y.

And having the BGP session peer over it.

Of course there also has to be a peering between the two N7Ks which I forgotten to draw here.

Routed.Links.on.Nexus.02

Routed.Links.on.Nexus.03_SVI-non-vpc-vlan01

This may work:

Running OSPF between the two N7K via a seperate port-channel over a NON-VPC-VLAN and having the Router attached via the VPCed N5K -> N2K.

On N2K the ports would reside in Vlan X, enabling a OSPF adjacency from the Router below to both N7K's.

Over this OSPF session I would use Loopbacks in order to establish my BGP session.

Routed.Links.on.Nexus.03_SVI-non-vpc-vlan02

OSPF and BGP session info

Thank you for your comments

Colin

2colin-cant · ‎04-30-2013

Another additional question in regards to the vPC keep-alive connection:

is it possible to connect the N7K's via port-channel spanning over two different line cards? I have never seen such an example.

Thank you

Colin

Gustavo Novais · ‎05-10-2013

Hi Colin,

I think that the base rule that you need to keep in mind is that peering two dual vPC's attached devices is supported (assuming the N7k, N5k will not be participating in your routing), but everything that may involve a device ECMP (more than one next-hop) over a vPC (where there's a hashing decision, underlying to the ECMP) seems not to be supported.

The general rule for vPC multi-card peer link is that both cards need to be the same model on both devices.

On a quick analysis, I tend to agree with the conclusions you drew about your designs.

Another possibility would be to add L3 in the N5k's, and do a second bowtie (as you called it) on pure L3 links between 7k's and 5k's for OSPF traffic, and let BGP peering flow through these. Your router would be OSPF adjacent to the 5K's and you'd be able to build your eBGP peering over them towards the 7k's.

I understand it may not always be possible...;)

Gustavo

millerjw · ‎05-07-2013

I would also like to know the answer to this. I swear that I heard in a tech talk a few months ago that this caveat of routing over VPC was no longer. Without sticking it in a lab I have no idea how to verify it.

-J