10-14-2015 11:37 PM
Hi All,
This is my first post in this forum.
I am new to data center switches in terms of configuration and implementation. All of sudden i am now given this task to set up a data center for XYZ client.
Devices involved (my scope):
1. Nexus 5548UP - with daughter card for L3 feature.
2. Nexus 3048
3. Nexus 2232PP
Please refer the diagram attached for more details.
Brief requirement:
There are few (lets assume 50) servers coming up. I will be allocating /27 IP pool in Nexus 5548 for each VLANs for these servers.
Say there are 5 Vlans: Vlan 10, Vlan 20, Vlan 30, Vlan 40 and vlan 50 and these 50 servers will be part of some or the other vlans.
The shaded rectangle will be my scope and client will be sitting beyond firewall who will be accessing these servers.
Port channel will be created between ASA5548 and Nexus 5548.
These nexus 5548UP will act as redundant device (will configure VRRP). Each server will have 2 ports connected to each Nexus 2232PP.
Nexus 3048 will be connected to Firewall and will be used to manage other network devices.
1. How do i configure VLANs on Nexus 5548 ?
2. Is it possible to advertise these pool towards firewall via port channel sub-interface via static route ?
Please require your expert advice on the same.
Thanks in advance.
Rgds
10-15-2015 06:40 AM
Hi All, This is my first post in this forum. I am new to data center switches in terms of configuration and implementation. All of sudden i am now given this task to set up a data center for XYZ client. Devices involved (my scope): 1. Nexus 5548UP - with daughter card for L3 feature. 2. Nexus 3048 3. Nexus 2232PP Please refer the diagram attached for more details. Brief requirement: There are few (lets assume 50) servers coming up. I will be allocating /27 IP pool in Nexus 5548 for each VLANs for these servers. Say there are 5 Vlans: Vlan 10, Vlan 20, Vlan 30, Vlan 40 and vlan 50 and these 50 servers will be part of some or the other vlans. The shaded rectangle will be my scope and client will be sitting beyond firewall who will be accessing these servers. Port channel will be created between ASA5548 and Nexus 5548. These nexus 5548UP will act as redundant device (will configure VRRP). Each server will have 2 ports connected to each Nexus 2232PP. Nexus 3048 will be connected to Firewall and will be used to manage other network devices. 1. How do i configure VLANs on Nexus 5548 ? 2. Is it possible to advertise these pool towards firewall via port channel sub-interface via static route ? Please require your expert advice on the same. Thanks in advance. Rgds
Hi,
Design seems to be simple, Just few observation why don't you connect 2k with both 5 k and do Vpc for high availability.
and how is the traffic flow will be in this architecture from top to bottom or something else.
ASA with switches will be Active/passive cluster mode would be easy and simple.
with static routing you can do routing logic easily but administrative task would be more.
Check out the below link with N5k and N2k vPC design consideration and configuration.
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/configuration_guide_c07-543563.html
Hope it Helps..
-GI
Rate if it Helps
10-18-2015 10:49 PM
Hi Hari,
Thanks for your reply.
I guess in this case FW will be connected in active-active mode.
Regarding the suggestion on 2k connectivity to both 5k: Client do not want this connectivity.
Traffic Flow: Client will be sitting behind the firewalls and will be accessing the servers.
My question is :
1. Can i allocate a VLAN IP Pool in N5K (which would act as gateway to all servers) and advertise these pools towards firewall by static routing? will i face any challenge while configuring the same ?
Rgds
10-19-2015 08:22 AM
Hi Hari, Thanks for your reply. I guess in this case FW will be connected in active-active mode. Regarding the suggestion on 2k connectivity to both 5k: Client do not want this connectivity. Traffic Flow: Client will be sitting behind the firewalls and will be accessing the servers. My question is : 1. Can i allocate a VLAN IP Pool in N5K (which would act as gateway to all servers) and advertise these pools towards firewall by static routing? will i face any challenge while configuring the same ? Rgds
Hi Ashwin ,
Are you saying 5K as l3 and there should be routing between ASA and 5k.
If yes , then create a point to point subnet between 5k and ASA and point a default route towards ASA interface from 5 k and reverse route in ASA for all 5k subnet towards 5k interface IP.
With above 5k subnets will be reachable from ASA.
Hope it Helps..
--GI
Rate if it Helps..
10-21-2015 03:49 AM
Hi Ganesh,
I will be creating port channel between ASA and N5K and assign IP pool (in diff VRFs) for servers in N5K (n5k will act as gateway to all the servers). Port channel between ASA and n5k will have diff subinterfaces which will carry static route of that VRF towards f/w.
Problem is, is this possible ?
Rgds
10-21-2015 09:44 AM
Hi Ganesh, I will be creating port channel between ASA and N5K and assign IP pool (in diff VRFs) for servers in N5K (n5k will act as gateway to all the servers). Port channel between ASA and n5k will have diff subinterfaces which will carry static route of that VRF towards f/w. Problem is, is this possible ? Rgds
Hi Ashwin,
Yes, This can be possible.
As the gateway for all VLANs are at Nexus 5k so there would be point to point subnet between each VRF to ASA interface. In ASA you need to be very sure to point reverse static route towards that Nexus 5k VRF ip address.
Check out the below link
http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf
Hope it Helps..
-GI
Rate if it Helps..
11-02-2015 10:14 PM
Hi Ganesh,
There is slight change in design.
In this case FW will be connected in Active-Standby mode.
These nexus 5548UP will act as redundant device (will configure VRRP). Each server will have 2 ports connected to each Nexus 2232PP.
1. Can i create VRFs on Nexus 5548UP to seperate all the VLAN traffic ? Can i run OSPF between two Nexus 5548 and Nexus 3048 and configure VRRP for each VRFs ?
2. Is it possible to advertise these pool towards firewall via port channel sub-interface via static route ?
Physical and Logica digram attached for more information.
Ashwin
11-04-2015 07:28 AM
Hello Ashwin,
You need to have Layer 3 license for vrf confogiration, I have seen the diagram.
Yes, You can configire VRRP between N5k and make gateway for each vlan under vrf.
What you will achive with running OSPF between N5k , As you are having simple plain flat netwrok till N5k like SVI configired and another point topoint link towards firewall , May be default route in the same vrf.
Note :- If you create vrf for all vlans, Any communication would require a layer 3 device like firewall between vrf or some mechanism like vrf-lite.
Hope it Helps..
Much Appreciate if you can rate to previous posts.
-GI
Rate if it Helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide