Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2623
Views
0
Helpful
21
Replies

Integrating new BGP routers into existing Nexus 5K network

Go to solution
CiscoNutt
Level 1
Level 1

‎01-26-2014 07:00 AM - edited ‎03-04-2019 10:10 PM

Hi,

I am having a little trouble wrapping my head around how to do this.  We have an existing network that consists of Nexus 5K in the data center.  We are now in the process of designing and implementing a new site into the new network.

I have attached a diagram of the network segment in question.

To simplify management of the routes we want to integrate the new routers into the BGP network (both the 2900 routers are new).  What I am having trouble grasping is how to intigrate the new network with the existing network.

In a lab, I am only able to set up the VRF, BGP scenario using RD and RT.  From my understanding, and correct me if I am wrong, If I use RD and RT on the 2900s I would need the same setup on the Nexus for traffic to pass.  Under normal circumstances I could just add RDs and RTs to the N5K but then I would also need to go to all the other locations and configure them as well.

I would be greatful for some input on how I can integrate these new routers with the existing network and maintain dynamic routing using BGP.

Thanks

Labels:
Preview file
98 KB
0 Helpful
21 Replies 21

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to CiscoNutt

‎01-26-2014 12:09 PM

But you are not running any L3 for the VRF networks on the Nexus so you can't redistribute there ie. the Nexus never sees any of the VRF routes, the only devices that see them are the 2900s per VRF and the firewall in it's global routing table.

The whole idea behind the suggestion i posted was that only the firewall will see all routes.

The WAN device running BGP needs to have the VRF routes in it's routing table to be able to advertise them into BGP.

So what is the WAN device running BGP that all the remote sites come in to ?

I suspect you may need a different solution as it would appear that you do actually need those VRF routes available to a device that is neither the 2900 nor the firewall.

Can you clarify how the rest of the WAN connectivity works.

Jon

0 Helpful

Go to solution
CiscoNutt
Level 1
Level 1
In response to Jon Marshall

‎01-26-2014 12:20 PM

The Nexus 5K pairs run BGP and connect to the WAN.  Some connections are over a IPVPN others over dark fiber.  Currently BGP is the only routing protocol in the network.

The firewall does route between VRFs but traffic within a VRF should be routed directly to its destination.  this is the reason I was looking into using BGP.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-26-2014 01:24 PM

The firewall does route between VRFs but traffic within a VRF should be routed directly to its destination.  this is the reason I was looking into using BGP

Do you have multiple subnets per VRF then ? If you do you don't need BGP for this, you simply assign multiple SVIs into the same VRF.

Where it is more complicated is the existing WAN. I am assuming you do not want to extend the VRFs to existing sites which would mean configuration on all existing sites ?  If not then presumably you just want to advertise out the VRF networks to the existing sites with BGP and implement the isolation in the main site. You also wouldn't advertise the VRF networks out from the new remote site.

If so then if you do the route leaking on the Nexus then it will simply route directly between the existing network and the new VRF networks without going via the firewall which is not what you want. Two solutions spring to mind -

1) use static routes for the VRF networks on the Nexus switches pointing to the firewall production interface and then you can simply advertise these out via BGP.

or

2) run OPSF between the firewall and the Nexus switches and have the firewall advertise all the VRF routes and redistribute this into BGP. 

Both of the above would mean the Nexus had to send traffic to the firewall to get to the VRF networks which is what you want.

Jon

0 Helpful

Go to solution
CiscoNutt
Level 1
Level 1
In response to Jon Marshall

‎01-26-2014 01:43 PM

Your second option is actually what I was just thinking about.  Thanks for the insight

0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to CiscoNutt

‎01-26-2014 03:22 PM

I think I have been down the road with VRF's on the 5k. I do not believe the 5ks support inter-VRF routing or route leaking. Dont quote me though.

0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to Steven Williams

‎01-26-2014 03:28 PM

Nevermind. You can do this using RT's in each VRF on the 5k. You must be very careful not to route traffic over the peer-link?

0 Helpful

Go to solution
CiscoNutt
Level 1
Level 1
In response to Steven Williams

‎01-27-2014 12:14 AM

Not to worry, only intra VRF traffic is routed on the N5K, all inter VRF traffic goes through a firewall.

Thanks for the heads up though

0 Helpful
Customers Also Viewed These Support Documents