Hello guys,
I am puzzled on the following topology i want to create.
I have a core at the DMZ consisting of 2 Catalyst 6800 chassis, now we want to add a couple of N9K with VPC.
The N9K would be place northbound of the 6800 and they will form a VPC, this way we can connected next gen servers (10g) on them and they can still connect to the topology below southbound of the 6800.
My question is:
Can 2 N9K form a VPC towards 2 6800 (Who are not in a VSS), so this means that 1 link of a 6800 will go to 1 peer and the other to second peer in the VPC domain.
I would say that it's not possible because the 6800 will have a port-channel going to the N9K but to different chassis? But then i saw a test setup on INE.com which got me thinking that it is possible. Because for the 6800 the N9K would be 1 switch so the port channel (even though physically wired to 2 different N9K) would be 1 switch. The topology i saw at INE was with 7K VPC to a 5K access, but it was not a back to back VPC.
Caveats of the topology are:
- Layer capabilities should reside on the 6800 because of the DMZ nature (firewalls are connected here)
- Due to the current design, sometimes the layer 3 resides on the firewall which is connected to the 6800
- Servers that connect to the N9K will have then full layer 2 to the 6800 where the layer 3 resides
- 6800 connect to a Top of Rack switch design access layer.