Yannick Vranckx

Hello guys,

I am puzzled on the following topology i want to create.

I have a core at the DMZ consisting of 2 Catalyst 6800 chassis, now we want to add a couple of N9K with VPC.

The N9K would be place northbound of the 6800 and they will form a VPC, this way we can connected next gen servers (10g) on them and they can still connect to the topology below southbound of the 6800.

My question is:

Can 2 N9K form a VPC towards 2 6800 (Who are not in a VSS), so this means that 1 link of a 6800 will go to 1 peer and the other to second peer in the VPC domain.

I would say that it's not possible because the 6800 will have a port-channel going to the N9K but to different chassis? But then i saw a test setup on which got me thinking that it is possible. Because for the 6800 the N9K would be 1 switch so the port channel (even though physically wired to 2 different N9K) would be 1 switch. The topology i saw at INE was with 7K VPC to a 5K access, but it was not a back to back VPC.

Caveats of the topology are:

- Layer capabilities should reside on the 6800 because of the DMZ nature (firewalls are connected here)

- Due to the current design, sometimes the layer 3 resides on the firewall which is connected to the 6800

- Servers that connect to the N9K will have then full layer 2 to the 6800 where the layer 3 resides

- 6800 connect to a Top of Rack switch design access layer.

