Solved: DCI to Interconnect three (3) Data Centers?

sawosankung · ‎10-04-2015

According to Cisco "Design and Configuration Guide: Best Practices for Virtual Virtual Port Channels (vPC) on Cisco Nexus 7000 Series Switches, Revised: June 2015", vPC DCI can be used to interconnect max 2 data centers. Why or how is this the case?

Also is there a workaround to use vPC DCI to interconnect 3 sites using doublesided vPCs on Nexus 7000 series?

Many thanks.

szirazsombor · ‎10-28-2015

Hi,

In genereal better performance could be achieved with VPC becuse in your case traffic going from vpc secondary to the branch office needs to cross the peer-link.

Additionaly I'd consider the following:

- Do you really need L2 to the 3rd site?

- Will you run any routing protocol between the 3 sites?

Routing over VPC can be tricky, but there are good articles around this topoic:

http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/

http://adamraffe.com/2013/03/08/l3-over-vpc-nexus-7000-vs-5000/

View solution in original post

szirazsombor · ‎10-15-2015

Hi,

You can use vPC for three DC as well, but if you want to connect them full-mesh (triangle) you could have STP blocked DCI links if you extend a VLAN to all three DCs. If you only want to connect the DCs without a redundant path then you don't even have this issue.

When designing DCIs usualy one goal is to separate failure domain and using VPC all your DCs will be in one broadcast domain. I.e. a L2 loop in one of your DC will have impact on the other two.

If you have N7K devices and you need L2 between the DCs you should consider to use Fabricpath or OTV for DCI.

Hope it helps

Zsombor

sawosankung · ‎10-18-2015

Hi Zsombor,

Thank you very much for your response. So in the case of full-mesh (triangle) then bpdu filter should be disabled on the vPC DCI link. Correct?

Thanks

szirazsombor · ‎10-20-2015

Yes, thats correct.

sawosankung · ‎10-27-2015

Hi Zsombor,,

Again, thank you very much for your response. Finally we decided to use regular PortChannel (PC) between the third site and the other two. Actually the third site has no data center, only users, but still required bpdu filter disabled on the vPC and the two PCs. We have two N3Ks at the 3rd site. The primary vPC domain peer was connected to the primary vPC peer of DC-1 and the secondary peer connected to DC-2. This way full redundancy is ensured.

Of course the debate was whether better performance would be gained from using vPC or regular PC at the 3rd site. What is your thought on that?

Many thanks

szirazsombor · ‎10-28-2015

Hi,

In genereal better performance could be achieved with VPC becuse in your case traffic going from vpc secondary to the branch office needs to cross the peer-link.

Additionaly I'd consider the following:

- Do you really need L2 to the 3rd site?

- Will you run any routing protocol between the 3 sites?

Routing over VPC can be tricky, but there are good articles around this topoic:

http://bradhedlund.com/2010/12/16/routing-over-nexus-7000-vpc-peer-link-yes-and-no/

http://adamraffe.com/2013/03/08/l3-over-vpc-nexus-7000-vs-5000/

sawosankung · ‎11-07-2015

Hi Zsombor,

I have read extensively on vPC and IGP over vPC, especially TAC guidelines.

For that reason I am not running IGP (e.g. EIGRP) on the N7Ks, only L2/vPC and static routes.

But if I run only a single instance of EIGRP on only the Primary peer in each vPC domain, and use a non-vPC VLAN over a non-vPL between the peers for routing between the routers, would this work and would TAC support it?

I can provide a diagram to elucidate.

Thanks

Sankung

PS: I am just trying to be innovative here!