Cisco Nexus 7010 VDC with VPC

mohankumarm · ‎01-30-2013

Hello everyone,

In our LAN network design, we have two Nexus 7010 switches on the core connected via vPC. Then LAN access switches are directly connected to the Core Nexus switches via regular port channels on the 3750's and vPC on Nexus. The core Nexus switches will be linked to an existing LAN network and the applications will be progressively migrated from the old to the new network.

In this scenario, three VDCs are planned to be configured on the Nexus - One for the Interconnect (and WAN at a later stage), one for the LAN/local services and one for the building facilities/local services.

My queries are as follows:

1. What is the best way to communicate between VDC? assuming that each VDC will have its own vPC peer-link, keep alive links, Non overlapping IP address space, VLANs etc.

2. As several services are planned to be migrated from the existing to the new LAN, will the VDC design ensure that the migration is seamless.

The Interlink between the old and new sites is planned for Layer 3 and will use tunneling to transport the VLAN infromation from the old to the new sites.

3. Can the local services (part of the LAN VDC) be shared with the other building facilities VDC?

4. Is is better to use a single VDC design for the above or by using multiple VDC will ensure that migration is smooth and does not make this design complex.

Thanks and Regards.

Gregory Snipes · ‎01-30-2013

I am not getting a real clear picture of what you are trying to achieve in the above scenario. You should have a clear reason for using the VDC function. VDCs completely separate all functions and traffic. If you do not want your traffic completely separate, you should go with a different option. VDCs are not a magic bullet for every situation.

The best practice here is just to think of each VDC as a completely separate device. If you had two separate physical devices in the same situation what would you do? If you would want a trunk between the two devices, configure a trunk port on each VDC and connect those two ports together. If you want a security boundary between these two devices stand up a firewall with one port in one VDC and one port in another.

mohankumarm · ‎01-30-2013

Hi Greg,

Thanks for your response. We are trying to implement VDC basically 1) To enable collapsing and segmentation of multiple logical networks - existing LAN, new LAN as well as Building Facilities control onto a single Nexus infrastructure. 2 ) To completely isolate some common service migration between the existing LAN and the new LAN and 3) to aid in future migration of WAN circuits to the new LAN infrastructure without propagating any unknown routes to other segments

Also with this approach the fault domain is isolated within the individual VDCs.

Thanks and Regards.

mohankumarm · ‎01-30-2013

Just to add to the above..,my question is how do we plan for the services migration from the old to the new LAN on separate VDCs ( assume same IP subnet and VLAN on both sides)

Thanks and REgards.

Mohan

Gregory Snipes · ‎01-30-2013

Mohan,

I think I now understand what you are asking. I would put up several trunks from your old equipment to each of your new VDCs. Then restrict the VLANs that flow up those trunks to only the ones you plan on moving to that VDC. Use HSRP priority manipulation to move the active layer 3 interface from the old equipment to the new.

Does this cover what you are looking for?

Greg

mohankumarm · ‎01-30-2013

Yeah more or less i am getting the idea. Since the old and new sites are connected over optical transport - two links connecting the core switches on both sides, and as the old site is on Cat65K core, i was thinking of communicating between the VDC (using physical cable from port to port for Inter VDC communication) .. and each will be in their own HSRP/Spanning Tree domain.

THanks and REgards,

Mohan