cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1332
Views
0
Helpful
4
Replies

Nexus 7K VPC-HSRP

swelsch
Level 1
Level 1

Hello,

i need a solution. The design of the network is shown in the attachment.

I have two Nexus 7K as "core" with about 50 interface vlans ( ipv4 and some ipv6 ) and HSRP up and running. All internal traffis is routed by the 7K's without problems. All clients attached to the 5K gets ip adresses by DHCP and work fine by internal vlan-routing. VPC's are up and running without any problems, Internet connectivity is realised by a ASR router, but yet only single attached to the 7K-1. 

If i attach a host to 5K-1 and do a traceroute to the internet, i get as first hop the physical address of the active HSRP router, then the ASR router and then the whole way to the internet and internet browsing works.

If i attach a host to 5K-2 and do a traceroute to the internet, i get as first hop the physical address of the second HSRP router, then the ASR router and after the ASR, the traceroute gets no answer any more, so the internet browsing doesn't work.

Result:

- all clients can access the whole internal network

- client attached to the N5K-1 can access the internet, clients attached to the N5K-2 can't access the internet.

Workaround for now: the 5K's are only connected to the 7K-1, and all clients can work

i have configured peer-gateway, but no change in behaviour.

Can anybody help me ?, Where is the faulty configuration ?

Thanks

4 Replies 4

dukenuk96
Level 3
Level 3

Hi

we have similar design and everything works fine, seems you misconfigured some vPC, can you add port numbers in your network diagram and share full configs of all Nexuses?

Hello,

attached the config of the Nexus, the vpc failure are because the 5K are yet only connected to the 7K1.

in addition: the ASR is physical connected to the 5K-1, but routed by the 7K-1

thanks

On N7ks, add this:

vpc domain 2
 peer-switch
 ip arp synchronize

On N5ks, add this:

vpc domain 1
 peer-switch
 ip arp synchronize

Then show traceroutes.

Read this article http://www.ccierants.com/2012/03/vpc-gotchas-you-need-to-know.html and search for words 'routing over vpc yes and no' - it will clear for you some design considerations.

Also - on peer-links - do not configure these port-channels just as trunks, define what exact VLANs will be allowed. This will help if you will want some time to use FC/FCoE or will want different VLANs/SVIs or Nexus heads.

Sorry about the late answer,

 

the customer has to plan an outage to test the new configuration, but still has no time to realize it. Now there is another issue.

The provider ASR can deliver a second connection to the customer 7K-VPC to get redunancy. How whould you implement the second connection ?

1. transfer network ( vlan )  with HSRP on 7K-1 ans 7K-2

2. dedicated L3 links on 7K-1 and 7K-2 with OSPF

3. L2 oder L3 Port-channel on ASR

 

thanks

Review Cisco Networking for a $25 gift card