Solved: Re: HSRP hello messages with only two Nexus 9k

waterwalk · ‎04-05-2024

I have a question about the connection between only two Nexus 9k switches with HSRP, and will this work properly.

We are looking at upgrading the core switches in a small data management location and we want to replace some old catalyst stack switches with a pair of Nexus 9k as peers with vPC. At this location, the only network devices will be the two Nexus 9k and a firewall.

We are doing our inter-vlan routing on these core switches, so we want the L3 SVI interfaces to be on the new Nexus and we want to use HSRP for the VLAN interfaces.

My question is this: with only two Nexus switches and the firewall, how will the HSRP hello packets communicate with each other? Can they use the vPC Peer Link? Do I need to configure a dedicated L3 port between the two Nexus for them to send these hello packets? Will I be forced to try to use the firewall to pass this traffic (I hope I don't have to use the firewall)? I'm hoping I can send this traffic over the vPC Peer Link, but I don't know if it will allow this.

Thanks in advance for any help!

Edit: Clarified the location of the office from small branch office, so that the post isn't misleading.

MHM Cisco World · ‎04-05-2024

Indeed the NSK use Peer-link for HSRP hello
lab below only the Peer-link L2 and keepalive L3 connect to NSK
the HSRP is work and each NSK detect it neighbor

View solution in original post

Giuseppe Larosa · ‎04-05-2024

Hello @waterwalk ,

>> at a very small branch location and we want to replace some old catalyst stack switches with a pair of Nexus 9k as peers with vPC.

I would look for using a stack of Catalyst 9200 or Catalyst 9300, two Nexus switches in vPC may be too much for a branch office.

They are datacenter switches. Cat 9200/9300 would be an easier transition as they support stack.

Hope to help

Giuseppe

waterwalk · ‎04-05-2024

Thanks for the reply, Giuseppe. I didn't intend to be misleading in my description, I was just trying to keep it simple. I used the term branch office as a somewhat generic statement. This is a small isolated office location that does a huge amount of data management. There are massive storage systems here that move large amounts of data between the systems and the current switches are dropping lots of packets, as they can't move the data fast enough. I need something that has a lot more throughput, but I also have to meet budget requirements, which is why I was looking at these switches.

I'm really trying to find out how to get the L3 VLAN interfaces to use HSRP with only two Nexus, if that is even possible.

Thanks

Giuseppe Larosa · ‎04-05-2024

Hello @waterwalk ,

now it makes more sense.

Hope to help

Giuseppe

MHM Cisco World · ‎04-05-2024

I test it now update you later today

MHM

waterwalk · ‎04-05-2024

Thank you MHM. I would greatly appreciate that!

MHM Cisco World · ‎04-05-2024

Indeed the NSK use Peer-link for HSRP hello
lab below only the Peer-link L2 and keepalive L3 connect to NSK
the HSRP is work and each NSK detect it neighbor

waterwalk · ‎04-05-2024

Thank you for sharing this! I do have a couple of additional questions for clarification.

I see that you have two separate links between the Nexus; the Peer-Link and the Keepalive. I believe you have also said that the Keepalive link is an L3 link. Can we be sure that the HSRP hello messages are using the Peer-Link and not the L3 Keepalive link? Is the L3 Keepalive link just for HSRP data or is that also traversing the Peer-Link? I'm not sure what the Keepalive link is doing in this scenario.

Sorry if I'm misunderstanding something here.

Edit: After posting this reply and thinking about it, I'm guessing since the vPC-Peer Keepalive would likely be in it's own VRF or used exclusively for that purpose, then HSRP couldn't use this link for its own keepalive traffic or any other data. It seems to make sense, as you stated, that HSRP must be using the vPC-Peer Link for all of its traffic.

Thanks again!