Nexus 7K & 5K design

jun-primerica · ‎08-22-2012

We are thinking of following classic design, would Nexus 5K can have 2 seperate connections to each VDC?

Nexus 7K w/ different VDC (Internal / DMZ )

|

Nexus 5K

|

Servers

Can Nexus 5K have a VPC connection to Nexus 7K to Internal VDC as well as DMZ VDC, and seperate traffic?

Leo Laohoo · ‎08-22-2012

It would look like your 5500 was connected to two logical 7K.

Benjamin Kools · ‎08-22-2012

Lealaohoo is correct. With Nexus VDCs, there is no way to make traffic go between two of them across the back plane. Even for your Internal and DMZ VDCs to talk to each other you must connect a physical cable between the same Nexus switch, and configure the port on one end to be in the Internal VDC, and the other end to be in the DMZ. Note a port channel would be recommended for redundancy. Here's a good doc from cisco:

http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/ps9512/White_Paper_Tech_Overview_Virtual_Device_Contexts.html

Jerry Ye · ‎08-22-2012

You can connect your N5Ks to 2 different VDC (via different physical connections). But you have to be really careful. You need to use non-overlapping VLANs (meaning e.g. VLAN1-500 for internal and VLAN 501-1000 for DMZ) and prune traffic accordingly. You should also consider to use dedicated native VLAN (not VLAN1). You don't want to mix up your STP topology.

HTH,

jerry