cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

375
Views
0
Helpful
1
Replies
Highlighted
Beginner

Nexus 5548 migration (from 3850) with OSPF (vPC)

Hello!

Previously I asked about this topic, than was only a plan and now we have already the Nexus switches.

Here is the current topology and next the migrated draw with 2 piecies 5548UP (L3 card + license too)
Current situation

1. ZONE-4s24 is 4pcs WS-C3850-24T in stack and only 2 switch has 10Gbps Network modul (2x2 port)
2. ZONE-4s24 has both L3 and L2 function
- Advertise server networks with OSPF
- Routing between VLAN
- Direct link to servers, blade switches, firewall etc.
- The 10Gbps moduls link use to servers not the other switches
3. ZONE-4s24 connect to Core-AB with L3 PoCh
4. Core-AB (2pcs C3850-24T) connect Core-CD L3 link with PoCh3 copper, PoCh4 is the redundant link (higher OSPF cost)
5. Core-AB is the OSPF DR of the full network, to advertise HQ and Branch Office networks
6. Core-CD is the OSPF BDR, to advertise Partner networks

Plans
1. Every 3850 will get 10Gbps network modul, so the Core-AB and Core-CD switch to connect with 2x10Gbps
2. ZONE-4s24 is 4 unit stack and i want to split 2 part (ZONE-A, ZONE-B) and they will have only L2 task
3. In current state the ZONE-4s24 doesn't has redundant link, its a SPOF and traffic from partner's network goes to Core-CD --> Core-AB --> ZONE instead of Core-CD --> Zone directly.
So I want Nexus switches connect to both switch.
4. Nexus primary and secondary have to take over L3 task of ZONA-4s24 and to link ZONE-A and ZONE-B with L2 vPC 2x10Gbps

current_state-after_migration.png
My question is relate to 3. Routing between Nexus-CoreAB and Nexus-CoreCD
I read that after 7.3.0 IOS can be work the L3 dynamic routing, but I found only this relevant example: 

http://b.shnosh.net/nexus-dynamic-routing-over-vpc-vlan/
Common routing vlan is VLAN 2 - 10.58.16.0/29. 
So what I did (relevant part):
Core-AB Te1/1/3 --> N5k_prim Eth1/1
Core-AB Te2/1/3 --> N5k_secon Eth1/1

 

Core-AB (3850)


ip routing
interface Vlan2
 ip address 10.58.16.3 255.255.255.248
 no ip redirects
 ip ospf 1 area 0
 ip ospf cost 1

interface TenGigabitEthernet1/1/3
 description *PoCh_10->N5k_primary*
 switchport mode trunk
 channel-group 10 mode active

 

interface TenGigabitEthernet2/1/3
 description *PoCh_10->N5k_secondary*
 switchport mode trunk
 channel-group 10 mode active

 

interface Port-channel10
 description *PoCh->Nexus*
 switchport mode trunk

 

router ospf 1
 redistribute static subnets
 network 10.58.16.0 0.0.0.7 area 0


N5K-primary

feature ospf
feature interface-vlan
feature lacp
feature vpc

 

vpc domain 1
peer-switch
role priority 50
peer-keepalive destination 172.16.10.101 source 172.16.10.100
delay restore 150
peer-gateway
layer3 peer-router
ip arp synchronize

 

interface Vlan2
 description *** OSPF Peering with CoreAB ***
 no shutdown
 no ip redirects
 ip address 10.58.16.1/29
 no ip ospf passive-interface
 ip router ospf 1 area 0.0.0.0
 
interface port-channel10
 description ***Core-AB***
 switchport mode trunk
 no lacp suspend-individual
 vpc 10
 
interface Ethernet1/1
 description *PoCh_10->Core-AB*
 switchport mode trunk
 channel-group 10 mode active
router ospf 1
 router-id 1.1.1.1
 area 0.0.0.0 range 10.58.16.0/29

 

 

N5K-secondary

 
feature ospf
feature interface-vlan
feature lacp
feature vpc

vpc domain 1
peer-switch
role priority 100
peer-keepalive destination 172.16.10.100 source 172.16.10.101
delay restore 150
peer-gateway
layer3 peer-router
ip arp synchronize

interface Vlan2
 description *** OSPF Peering with CoreAB ***
 no shutdown
 no ip redirects
 ip address 10.58.16.2/29
 no ip ospf passive-interface
 ip router ospf 1 area 0.0.0.0

interface port-channel10
 description ***Core-AB ***
 switchport mode trunk
 no lacp suspend-individual
 vpc 10
 
interface Ethernet1/1
 description *PoCh_10->Core-AB*
 switchport mode trunk
 channel-group 10 mode active

router ospf 1
 router-id 2.2.2.2
 area 0.0.0.0 range 10.58.16.0/29



In this case I got trunk connection in port-channel 10 without ospf neigbors.

Opinions?
The 2 new Nexus are in our lab room with 2pcs spare 3850. I updated the IOS (7.3.3.) and I know to try different config versions.

Thank you
Gy.

Everyone's tags (2)
1 REPLY 1
Beginner

Re: Nexus migration (from 3850) with L3 topology

Small step toward , repaired the ospf adjency between the Nexus pair. They see each other (int vlan 2 down..) But the CoreAB OSPF process doesn't see the Nexus switches.

 

TEST_N5k-primary# sh ip ospf neighbor
OSPF Process ID 1 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
2.2.2.2 1 FULL/BDR 00:09:39 10.58.16.2 Vlan2

 

TEST_N5k-secondary# sh ip ospf neighbor
OSPF Process ID 1 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
1.1.1.1 1 FULL/DR 00:10:36 10.58.16.1 Vlan2

CoreAB 

TEST_CoreAB#sh ip ospf
Routing Process "ospf 1" with ID 192.168.11.246
Start time: 00:04:22.185, Time elapsed: 00:14:05.537
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an autonomous system boundary router
Redistributing External Routes from,
static, includes subnets in redistribution
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300
Number of external LSA 0. Checksum Sum 0x000000
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
         Area BACKBONE(0) (Inactive)
         Number of interfaces in this area is 1
         Area has no authentication
         SPF algorithm last executed 00:13:11.570 ago
         SPF algorithm executed 2 times
         Area ranges are
         Number of LSA 1. Checksum Sum 0x00BF42
         Number of opaque link LSA 0. Checksum Sum 0x000000
         Number of DCbitless LSA 0
         Number of indication LSA 0
         Number of DoNotAge LSA 0
         Flood list length 0

 

TEST_CoreAB#sh ip ospf route
OSPF Router with ID (192.168.11.246) (Process ID 1)

Base Topology (MTID 0)

Area BACKBONE(0)
Intra-area Route List
* 10.58.16.3/32, Intra, cost 0, area 0, Connected
via 10.58.16.3, Vlan2
First Hop Forwarding Gateway Tree
10.58.16.3 on Vlan2, count 1

 

TEST_CoreAB(config)#do sh ip ospf 1 int vlan 2
Vlan2 is up, line protocol is up
Internet Address 10.58.16.3/29, Area 0, Attached via Interface Enable
Process ID 1, Router ID 192.168.11.246, Network Type BROADCAST, Cost: 1
Topology-MTID Cost Disabled Shutdown Topology Name
0 1 no no Base
Enabled by interface config, including secondary ip addresses
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 192.168.11.246, Interface address 10.58.16.3
No backup designated router on this network
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:02
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 1/1/1, flood queue length 0
Next 0x0(0)/0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 0
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)

 I don't know why inactive area 0 on CoreAB.

Everyone's tags (2)
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards