we have N7K1 -- N7K1 vPC pair. 3750 switch is connected to each of these N7K using port-channel vPC.
what are the best practices for OSPF ? can 3750 form OSPF neighbor ship with N7K HSRP VIP?
Best and recomendation is peer with point to point link.
here is the best practice good document to understand and config reference :
Do I configure correctly? I found when reload the active HSRP box, it takes a long time to standby for about four minutes. How should I do?
Thank you very much.
we required more information about HSRP config and timers
also post-show standby brief.
you can refer NX OS config :
feature hsrp interface Vlan1000 no shutdown no ip redirects ip address x.151.177.252/25 no ipv6 redirects ip router ospf 100 area 0.0.0.40 hsrp version 2 hsrp 1000 preempt priority 110 ip x.151.177.254
Thank you very much.
i will come back to you later related to the HSRP timer issue.
quick question the screenshot posted for both the switches or single? switch for the vpc output?
if they posted both the switches, how come both are primary? ( am i missing something here ?) can you post both the configuration of vPC?
Not sure if you necessarily need HSRP for this. You can possibly use a transit vlan with a /29 subnet, assign one IP to the 3750 side and one to each Nexus switch and than add the same transit vlan to vPC peer-link.
@Reza Sharifi makes an interesting point about whether you need HSRP. But the original poster asks a question which has an answer. The question was "can 3750 form OSPF neighbor ship with N7K HSRP VIP?" and the answer is that NO OSPF forms neighbor ship with physical interface addresses and not with the VIP.
If you would like to have dynamic routing between 3750 and each N7k in vPC pair, you don't need HSRP (I believe it would not work anyway, since OSPF will use interface address as source). Also, you can't use single vPC VLAN with /29 mask and assign address for each device (3750 and 2xN7k). Because in this case, traffic might be incorrectly forwarded. It means, that traffic from 3750 perspective might be routed over 1st N7K, but switched over 2nd N7K. In this case traffic will cross vPC peer-link and will be dropped by loop prevention mechanism.
The solution here would be following:
1. Use 3 separate VLANs with /30 subnet each. Establish OSPF neighborship between devices in each of these VLANs.
a. VLAN between 3750 and 1st N7k
b. VLAN between 3750 and 2nd N7k
c. VLAN between 1st N7k and 2nd N7k - this VLAN should be not allowed on vPC peer.-link. Instead your vPC pair should have separate link for non-vPC VLANs, and this VLAN should be allowed there.
2. Use separate L3 links with the same logical design.
Actually, using peer-gateway & layer3 peer-router you can form adjacency between vpc peers and vpc connected routers over peer-link: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/118997-technote-nexus-00.html
No need for dedicated l3 interfaces anymore.