DCI hsrp

opnineopnine · ‎06-23-2016

Hello,

I have a customer with 2 remote sites, on each site we have 2 Nexus 5548, I will connect this sites via dark fiber, this will be a L2 type, I will configure the same vlans on both sites. My question is I need to have the same VIP for this hsrp vlans, on each site, how can I configure this ?

thanks.

Mark Malone · ‎06-23-2016

Hi

You will at least need to have SVIs on each 5k as below if your going to fail over per vlans, then your client devcies would be given a gateway of the VIP , the issue is though your going over dark fibre , by design of HSRP at least 1 lan switch will need to be linked to each 5k like the picture below so the users have the redundant physical path

And since there 5ks you should use a vpc setup as well much better setup , s1 and s2 would be the 5ks

interface Vlan28
ip flow monitor xxxxx input sampler xxxx
no ip redirects
ip address 10.1.1.252/24
no ipv6 redirects
ip router eigrp 1
ip passive-interface eigrp 1
hsrp version 2
hsrp 28
    authentication text xxxx
    preempt
    priority 150 forwarding-threshold lower 1 upper 150
    timers msec 500 msec 1500
    ip 10.1.1.254
description Windows_secured_server
no shutdown

interface Vlan28
ip flow monitor xxxxx input sampler xxxx
no ip redirects
ip address 10.1.1.253/24
no ipv6 redirects
ip router eigrp 1
ip passive-interface eigrp 1
hsrp version 2
hsrp 28
    authentication text xxxx
    preempt
    priority 200 forwarding-threshold lower 1 upper 200
    timers msec 500 msec 1500
    ip 10.1.1.254
description Windows_secured_server
no shutdown

opnineopnine · ‎06-23-2016

Hello Mark,

Sorry, did not mention before, yes, we have SVI, and let me see if I understand this:

I need to have a vpc between sites?

How can I manage traffic so it will not go to the other site, unless we have a failover? should´t I use

hsrp Isolate?

thanks.!

Mark Malone · ‎06-23-2016

hI

You don't have to have a VPC but if possible I would use it, you would still use HSRP on the vlans as above but also I would have a VPC setup between the 5ks themselves , it can be done without VPC. It may be an issue though for your design that your sites are stretched apart to use VPC as it requires several links

jay.cruz2739 · ‎06-23-2016

I agree with mark's input above, for you to be able to use hsrp functionality all for N5k's (1 pair on each site) needs to connect to the access layer where your servers needs to be connected.

I wonder if, OTV can solve your issue. Having the same set of IP Address and vlan expanding to your local DC

Mark Malone · ‎06-23-2016

hmm otv did cross my mind but I thought it was only supported on 7ks , they may have changed it though since I last checked the docs

opnineopnine · ‎06-23-2016

Hi all,

I will apply a vpc in my action plan, and about otv like Mark said I think is only for the 7k.

Should I use hsrp isolate?

thanks all!

Mark Malone · ‎06-23-2016

That really depends on your overall topology , you really only need isolate in certain physical setups , currently what I know about your setup I don't think you require it

http://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/118934-configure-nx7k-00.html

opnineopnine · ‎06-23-2016

Mark,

But if I use the same VIP on both sites, and to avoid routing issue, shouldn't I use hsrp isolate, with this I will avoid this routing issue?

Or is there any other way I can do this?

thanks.!

Mark Malone · ‎06-24-2016

you usually only use that in OTV setups interconnecting data centres not what your trying to do connect 2 switches remotely using redundant gateway with vip , the fact your using standard hsrp setup only 1 gateway will be active anyway at a time on the 5ks to push traffic out , the other will be in standby so It will only route the to whatever the active gateway is