I'm having a hard time getting my head around some design issues and need some input... here is our scenario:

2 buildings across the street from each other

  Copious amounts of single mode fiber between the two

  A datacenter in each bldg

  Appx 15 wiring closets going to end users on each side (appx 300 users in each bldg)

  DS-3 Internet connects to Site 1

From the drawing you can see that I have a pair of Nexus 5548UP at each site with 4 FEX's attached to each.  We have 2960S switches in all the closets.  We have Palo Alto firewalls to filter between the user VLAN's and the servers/core in each DC.  I would like to do access/distribution/core/aggregation/access but we have no more budget to do anything else.  I could build these as two completely separate entities and route between the two but I have a requirement to have some L2 VLAN's that span across properties but would I need to use GRE between the two and would that limit my 2 10G connections between the sites to active passive (I guess I could "old skool" STP some traffic on one and some on the other)?

I can't get Port Channel to work between the two sites, maybe it's not enough connections or it's the way they are connected, or more likely a limitation of my knowledge.  It seems like if I could get this working I could start breaking it up into the VLAN's, implement some ACL's and start getting this traffic to flow the way I want it to.

If this were yours what would you do?  What would you do different?  We are out of budget so I may be able to get some small pieces and parts but nothing major.  BTW, there is not a huge amount of traffic or bandwidth between any of these networks.  From ALL user VLAN's to ALL server VLAN's we measure roughly 250M sustained throughput (roughly 12,000 sessions).

Thanks, Shane

(Cheers for those of you across the pond)