cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2509
Views
0
Helpful
9
Replies

Routing Nexus 5k when vPC is involved

Steven Williams
Level 4
Level 4

I read this article all the time and see have trouble understanding it.

 

https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/118997-technote-nexus-00.html

 

I have two Nexus 5000's in vPC mode. They have northbound vPCs to Cat9500. The Nexus switches share a vPC peer-link and also share a a Layer 3 link. 

 

I have two Palo Altos running in vWire mode between the Nexus switches and Cat9500s. 

 

So here's the question...

 

Can I run EIGRP between the Nexus switches and the Cat9500s, while making sure the routing and adjacency does not form over the vPC Peer-Link?

 

CaptureNexus.PNG

1 Accepted Solution

Accepted Solutions

Depending on which devices are acting as routers, you would need to have a layer 3 link between those devices and the 5K switches (not vPC.)

 

Very interesting link about multicast: http://blog.lah.io/2014/01/troubleshooting-cisco-nexus-5500-igmp.html

 

View solution in original post

9 Replies 9

Yachay
Level 1
Level 1

Nexus 5K works in a different way. Your topology matches with one of the deployments of the first link, without the layer 3 link between them (check also the NX-OS version):

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/interfaces/7x/b_5600_Interfaces_Config_Guide_Release_7x/config_vpc.html#concept_411EC30FA71841A49905F2E5C133799D

 

https://adamraffe.com/2013/03/08/l3-over-vpc-nexus-7000-vs-5000/

 

So then peering between the two peers does not need to exist? Is that what that document is saying? I always thought it did for some reason. 

 

Also looks like this may pose some challenges with multicast traffic. I am running inforacast servers behind my nexus switches so multicast is a must. What are the challanges with multicast when it comes to vPC? 

According to the documentation, L3 link between Nexus 5K switches is not needed (but again, check the NX-OS version)

 

This stuff drives me nuts, its supported for this, but not this, its supported when the sun lines up with mercury, but not Jupiter. Are they talking about the multicast as it pertains to routing protocols or all multicast traffic like voice and video?

 

Connecting to a Router in a vPC Topology

When you connect a router to a pair of Cisco Nexus 5500 Platform switches in a vPC topology and enable routing, traffic forwarding may result in suboptimal traffic paths crossing the peer link similar to the situation described in the "Layer 3 Forwarding for Packets to a Peer Switch MAC Address" section. We recommend that you use Layer 3 links for connections between the router and the Nexus 5500 switch, instead of a port channel with an IP address.

Figure 5-6 illustrates the topology that is not recommended. In this topology, control protocol packets may be hashed by the port channel to the wrong Cisco Nexus 5500 Platform switch, which would then forward the control packets to the correct routing peer (1.1.1.1) in the picture.

Figure 5-6 Control Traffic Forwarding in a vPC Topology

 

 

This topology is supported for unicast traffic but not for multicast traffic. In this topology, we recommend that you use Layer 3 interfaces instead of vPC interfaces to connect routers to Cisco Nexus 5500 Platform switches whenever possible.

Figure 5-7, shows the recommended topology for connectivity of routers to a vPC domain. The router connects with Layer 3 interfaces 1.1.1.2 and 2.2.2.2 to the two vPC peers and these interfaces are not part of a vPC port channel.

Figure 5-7 Connecting a Router to a vPC Domain Using Layer 3 Interfaces

 

 

Depending on which devices are acting as routers, you would need to have a layer 3 link between those devices and the 5K switches (not vPC.)

 

Very interesting link about multicast: http://blog.lah.io/2014/01/troubleshooting-cisco-nexus-5500-igmp.html

 

Due to the risks of running routing over vPC, I think I will just run Layer 3 port-channels from each N5k to each C9k and run routing on those, then I can use ECMP with EIGRP and let routing decide what it wants to do. Anyone see any issues with that? I really think vPC should be kept at a layer 2 level. 

That's fine.

The only question is, do the Nexus switches need a L3 link between to peer EIGRP with each other?

Yes sir.