Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
593
Views
0
Helpful
2
Replies

Nexus 5548 + VPC + Fabricpath + HSRP

Tobias Hilbert
Level 1
Level 1

‎10-22-2015 12:54 AM

Hi

 

We have two datacenter with two Nexus 5548 each. The two N5k in each location are in a VPC bundle. All four N5K are running fabricpath and are connected in a ring situation.

 

Now we bought four L3 Modules for inter VLAN routing. Do you have any recommandations on FHRP?

I have read that beacause of the VPC loop avoidance there could be issues regarding servers/switches connected via vpc.

 

Please see the attached drawing.

 

with kind regards

Tobias

Labels:
Preview file
156 KB
0 Helpful
2 Replies 2

Mark Vickstrom
Level 1
Level 1

‎10-22-2015 07:17 PM

Hi Tobias,

 

FHRPs are designed to work with vPC and with HSRP can actually be active/active from a forwarding perspective. One switch in the vPC pair will still have the active HSRP role and it will be the switch that replies to ARPs for the HSRP VIP. Both switches in a vPC pair will forward traffic received with a destination MAC address of the HSRP vMAC.

 

The main restriction with vPC and L3 is that you cannot peer with a L3 device over a vPC. Since FHRP are layer 2 from the host then layer 3 to the next hop as long as your not using a dynamic routing protocol to a next hop over a vPC then you should be fine.

 

You may also look into leveraging vPC features like ARP sync for active/active HSRP to improve convergence time. 

 

Starting on page 69 of the vPC best practices guide talks about L3 restrictions and active/active with HSRP. http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

 

I'm a little confused with your diagram on where your next layer 3 hop is. FabricPath between the data centers is L2. I see two firewalls in your diagram, are those your next L3 destination?

 

If so I would recommend plugging the firewalls into the N5Ks not the FEXs and then you could run your HSRP on one pair of your N5Ks. 

 

You might also look at AnyCast HSRP since that will allow all 4 of your N5Ks to actively participate in HSRP and forward traffic. This will prevent you from crossing between DataCenters to get to the default gateway. AnyCast HSRP is supported on the 5500s no so that would be my recommendation. http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/fabricpath/7x/fp_n5500_config/fp_n5500_interfaces.html#pgfId-1693449 

0 Helpful

Tobias Hilbert
Level 1
Level 1
In response to Mark Vickstrom

‎10-26-2015 07:16 AM

Hi Mark

 

Thank for your reply.

From a server perspective the L3 Module inside the N5k is the next hop. Following that the ASA will be next L3 Hop. (this may change in favour of a transparent FW)

The ASA has only GigBaseT ports. We didn't want to waste a 10G SFP Ports of the N5K.

About the anycast feature  I am not shure if this is supported on the 5548up?

 

with kind regards

Tobias

0 Helpful
Customers Also Viewed These Support Documents