I have a single 7010 chassis w/ 2 M132XP's and 2 M148GT's. I understand that a few more 7k's would be nice to complete a 3-tier design, but that wasn't possible. I also have 2 5k's and 12 2k's in the project. I have the VDC license and came up w/ the following 2-tier collapsed core/agg design using dual-vPC between the 7k-5k's. All L2 links. I debated using all 4 VDC's and going 3-tier, but I ended up using so many ports connecting the VDC's together it was difficult to justify. For EIGRP between the 7k's, I am thinking 2 VLANs w/ 30bit subnets and neighboring w/ SVI's over the vPC peer-link. Is this the best design option w/ the hardware available? Any other recomendations?
See picture for details.
I was working with the Nexus 7K last year and there are some things to consider when working with VPC and layer 3 SVI to consider. Specifically I had a need to be able to do both layer 2 trunks and layer 3 routing. In my previous configuration with VSS this was not and issue because the single active supervisor. VPC is a different animal and cannot route traffic back accross a link so there are some design considerations I got from Cisco's Nexus business unit. Because of you design I thought that I would share my notes, I hope that they are helpful...
Layer 3 and vPC Interactions: Unsupported Designs:
1. Peering over a vPC inter-connection
2. Peering over an STP inter-connection using a vPC VLAN
3. Peering over a vPC inter-connection
vPC Connect layer-3 routing device
- When connect layer-3 routing devices to a vPC domain, do not form routing adjacency with vPC peer devices over the vPC peer-link (unsupported design)
- If dynamic routing is required to a vPC domain, L3 routed interfaces should be utilized
- If L3 routed interfaces can not be used, connect L3 routing devices to a vPC domain using vPC and implement static routing to FHRP address
vPC Design Considerations
Do not mix vPC and Layer 3 on the same interface
- Different recommendation for Aggregation to Core than with VSS ECMP LInks
- Use separate L3 links to hook up Core Switches to a vPC domain
- Don’t use L2 port channel to attach routers to a vPC domain unless you statically route to HSRP address
- If both, routed and bridged traffic is required, use individual L3 links for routed traffic and L2 port- channel for bridged traffic
Also please consider that all VDC will use same hardware resources - so no actual redandancy will be available. If one linecard will fail, both VDCs will be affected. Same with TCAM, memory etc - if one VDC will drain resources, second vdc will be affected.
As for routing between devices: it's better to use L3 link between vdc to run routing. And use ECMP link to connect upstream router.