04-22-2016 10:08 PM - edited 03-08-2019 05:28 AM
Hi Ladies and Gentleman,
I'm going to deploy a pair of Nexus 7K and have a full mesh connectivity to two WAN Router as below.
I had prepared the configuration between Nexus and WAN switch but not sure whether this will work or not. Can help to comment? Thanks
WANSW1 | WANSW2 |
interface Vlan10 | interface Vlan20 |
ip address 10.10.10.13 255.255.255.252 | ip address 10.10.10.17 255.255.255.252 |
ip ospf authentication message-digest | ip ospf authentication message-digest |
ip ospf message-digest-key 1 md5 7 12345 | ip ospf message-digest-key 1 md5 7 12345 |
ip ospf network point-to-point | ip ospf network point-to-point |
ip ospf hello-interval 5 | ip ospf hello-interval 5 |
! | ! |
interface Port-channel100 | interface Port-channel200 |
description To Nexus | description To Nexus |
switchport trunk encapsulation dot1q | switchport trunk encapsulation dot1q |
switchport mode trunk | switchport mode trunk |
! | ! |
interface GigabitEthernet1/3 | interface GigabitEthernet1/3 |
description To Nexus | description To Nexus |
switchport trunk encapsulation dot1q | switchport trunk encapsulation dot1q |
switchport mode trunk | switchport mode trunk |
channel-group 100 mode on | channel-group 200 mode on |
! | ! |
interface GigabitEthernet1/4 | interface GigabitEthernet1/4 |
description To Nexus | description To Nexus |
switchport trunk encapsulation dot1q | switchport trunk encapsulation dot1q |
switchport mode trunk | switchport mode trunk |
channel-group 100 mode on | channel-group 200 mode on |
! | ! |
router ospf 1 | router ospf 1 |
log-adjacency-changes | log-adjacency-changes |
redistribute static subnets | redistribute static subnets |
passive-interface default | passive-interface default |
no passive-interface Vlan100 | no passive-interface Vlan200 |
no passive-interface GigabitEthernet1/2 | no passive-interface GigabitEthernet1/2 |
network 10.10.10.9 0.0.0.0 area 0 | network 10.10.10.10 0.0.0.0 area 0 |
network 10.1010.13 0.0.0.0 area 0 | network 10.10.10.17 0.0.0.0 area 0 |
default-information originate | default-information originate |
! | ! |
N7K-1 | N7K-2 |
vlan 5,6,10,20 | vlan 5,6,10,20 |
! | ! |
interface Vlan10 | interface Vlan20 |
no ip redirects | no ip redirects |
ip address 10.10.10.14/30 | ip address 10.10.10.18/30 |
ip ospf message-digest-key 1 md5 3 12345 | ip ospf message-digest-key 1 md5 3 12345 |
no ip ospf passive-interface | no ip ospf passive-interface |
ip router ospf 1 area 0.0.0.0 | ip router ospf 1 area 0.0.0.0 |
description WANSW | description WANSW |
no shutdown | no shutdown |
! | ! |
interface port-channel100 | interface port-channel100 |
description Port-Channel Link To WANSW | description Port-Channel Link To WANSW |
switchport | switchport |
switchport mode trunk | switchport mode trunk |
spanning-tree port type normal | spanning-tree port type normal |
vpc 100 | vpc 100 |
! | ! |
interface port-channel200 | interface port-channel200 |
description Port-Channel Link To WANSW | description Port-Channel Link To WANSW |
switchport | switchport |
switchport mode trunk | switchport mode trunk |
spanning-tree port type normal | spanning-tree port type normal |
vpc 200 | vpc 200 |
! | ! |
interface port-channel500 | interface port-channel500 |
description vPC L2Peer-Link to N7K2 | description vPC L2Peer-Link to N7K1 |
switchport | switchport |
switchport mode trunk | switchport mode trunk |
switchport trunk allowed vlan 5,6 | switchport trunk allowed vlan 5,6 |
spanning-tree port type network | spanning-tree port type network |
vpc peer-link | vpc peer-link |
! | ! |
interface port-channel800 | interface port-channel800 |
description L3Peerlinks to N7K2 | description L3Peerlinks to N7K1 |
switchport | switchport |
switchport mode trunk | switchport mode trunk |
switchport trunk allowed vlan 10,20 | switchport trunk allowed vlan 10,20 |
spanning-tree port type network | spanning-tree port type network |
! | ! |
interface Ethernet1/1 | interface Ethernet1/1 |
description Po100 to WANSW | description Po100 to WANSW |
switchport | switchport |
switchport mode trunk | switchport mode trunk |
channel-group 100 mode on | channel-group 100 mode on |
no shutdown | no shutdown |
! | ! |
interface Ethernet1/2 | interface Ethernet1/2 |
description Po200 to WANSW | description Po200 to WANSW |
switchport | switchport |
switchport mode trunk | switchport mode trunk |
channel-group 200 mode on | channel-group 200 mode on |
no shutdown | no shutdown |
! | ! |
interface Ethernet1/23 | interface Ethernet1/23 |
description L3Peerlinks to N7K2 | description L3Peerlinks to N7K2 |
switchport | switchport |
switchport mode trunk | switchport mode trunk |
switchport trunk allowed vlan 10,20 | switchport trunk allowed vlan 10,20 |
channel-group 800 | channel-group 800 |
no shutdown | no shutdown |
! | ! |
interface Ethernet1/24 | interface Ethernet1/24 |
description L3Peerlinks to N7K2 | description L3Peerlinks to N7K2 |
switchport | switchport |
switchport mode trunk | switchport mode trunk |
switchport trunk allowed vlan 10,20 | switchport trunk allowed vlan 10,20 |
channel-group 800 | channel-group 800 |
no shutdown | no shutdown |
! | ! |
interface Ethernet1/45 | interface Ethernet1/45 |
description "vPC L2Peer-Link to N7K2" | description "vPC L2Peer-Link to N7K2" |
switchport mode trunk | switchport mode trunk |
switchport trunk allowed vlan 5,6 | switchport trunk allowed vlan 5,6 |
channel-group 500 | channel-group 500 |
no shutdown | no shutdown |
! | ! |
interface Ethernet1/46 | interface Ethernet1/46 |
description "vPC L2Peer-Link to N7K2" | description "vPC L2Peer-Link to N7K2" |
switchport mode trunk | switchport mode trunk |
switchport trunk allowed vlan 5,6 | switchport trunk allowed vlan 5,6 |
channel-group 500 | channel-group 500 |
no shutdown | no shutdown |
04-23-2016 11:25 AM
Hi,
The design and configuration should work fine. A couple of notes:
1-I am not sure what type of switches are your WANSW1 and 2 are. Just make sure you have the right license to run routing protocols specialty if you are planning to run BGP with the providers.
2-What device will do the NAT for you or you don't need to run NAT at all?
3-Since you have switches facing the Internet providers, you may want to think about putting a set of firewalls between WANSW1, 2 and the Nexus for security unless you are planning to do that with the switches.
HTH
04-23-2016 09:30 PM
Hi,
Thanks for the advise.
1. Both WANSW are existing running switches so the license is not an issue.
2. I dont do NAT at all because the interface that faced ISP is a DWDM link so it still internal IP.
3. ISP provided DWDM and not Internet Service so it is still ok for time being.
I have some concerns with the design and configuration.
Lets say the HSRP master for Vlan5 is N7K01, will it still utilize E1/1 and E1/2 to reach the WANSW or only E1/1? becasue E1/2 is connected to WANSW2 which is Vlan20.
In the event of N7K01 fails, will both E1/1 and E1/2 of N7K2 be utilize?
Thanks
04-24-2016 04:43 PM
Hi,
Lets say the HSRP master for Vlan5 is N7K01, will it still utilize E1/1 and E1/2 to reach the WANSW or only E1/1? becasue E1/2 is connected to WANSW2 which is Vlan20.
This should be tested, but if you are going to use OSPF between the Nexus and the WAN switches without any cost changes and since the links are equal cost, OSPF will load balance the traffic between e1/1 and e1/2. You can always modify the cost on one of the links so it is always used as backup.
In the event of N7K01 fails, will both E1/1 and E1/2 of N7K2 be utilize?
If the destination costs adds up to be the same for both links than the traffic will be load balanced.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide