VPC(Core) and VSS(Distribution) Interoperability

agapitca19 · ‎01-25-2016

Hi,

Need some inputs about connections between VPC(will act as Core) and VSS(will act as Distribution) switches, not much experience in design so bear with me.

In the network diagram below, we have Nexus 7K-A in production and the rest will be deployed for a LAN upgrade.

Questions:

Core and Distribution

1. What's the recommended way to connect the vpc and vss switches(RED connections), L2 or L3 etherchannels? What are the advantages and disadvantages over the other?

2. If I use L3 etherchannels, is it a valid design for vss and vpc switches get peered with EIGRP?

3. I have read a Cisco document that says only L2 links are supported in vpc. In Nexus 7000 Module Comparison Matrix.pdf link below, it shows that with N77-F348XP-23 module, which what our Nexus 7K-A has right now, it supports L3 over vpc(page 2 under L2 Features). Can please someone clarify?

4. Nexus 7K-A has already have some vlans, HSRP, and EIGRP configured. If the vss and vpc switches are connected with L2 links, does that mean that all vlans and SVIs in the network should reside in vpc switches and vss switches should only be configured as pure L2 aggregation switches?

5. If L3 etherchannels with EIGRP are used between vss and vpc switches, is it a valid design or recommended for some vlans and SVIs to reside in the core and distribution switches while vpc switches maintain the HSRP configuration?

6. Is it a valid design to mix L2 and L3 links between vss and vpc switches?

Thanks!

http://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/nexus7000/sw/matrix/technical/reference/Module_Comparison_Matrix.pdf

Jon Marshall · ‎01-26-2016

I don't have direct experience with Nexus switches so take that into account with the following but as far as I am aware vPC is a L2 technology so there is no such thing as a L3 vPC.

When it says L3 over vPC it is referring to running a routing protocol over the vPC which was not possible originally but this restriction has been lifted for some modules etc.

So to answer your questions -

1) L3 vPCs not possible on the Nexus although VSS support L3 MEC which is essentially the same thing ie. an etherchannel spread across different chassis.

2) as above although note you can use L3 P2P links if you want and these links could be L3 etherchannels but you can't spread the etherchannel between the chassis as you can with a vPC.

3) already clarified

4) you could have all routing between vlans on the VSS and then simply use vlans to connect to the Nexus switches.

Just because the connection is L2 not L3 does not mean all SVIs need to be on the Nexus.

Or you could, as you say, make the VSS L2 only and do all L3 on the Nexus switches although this is not typically what you would do ie. the core is used primarily to provide a fast L3 interconnect between multiple L3 distribution blocks.

5) you could spread SVIs between the switches but I am not sure why you would want to do this if all traffic has to come through the VSS first.

6) pretty much covered ie. you can use L3 P2P links but these obviously would not be a vPC.

As to whether it is a valid design it really depends on what you are trying to achieve.

You have a core to interconnect multiple aggregation or distribution switches but your diagram only shows a pair of distribution switches so it's not obvious what the core is doing.

Not saying it isn't needed, just that I can't tell from the diagram you have posted.

You may want to have a read of the following design guide if you haven't already -

http://www.cisco.com/c/en/us/solutions/enterprise/data-center-designs-data-center-networking/index.html

and it makes the specific point of using L3 for connectivity in your setup but as I say some modules now support peering across vPCs (probably after the design guide date) but it is still a L2 not a L3 connection between your switches.

Like I say not used Nexus switches so the designs may be slightly different to what I am used to so please bear that in mind.

Jon

agapitca19 · ‎02-02-2016

Thanks Jon for the reply. I don't have experience too yet on Nexus switches but I appreciate your inputs.

Currently on N7K-A, there are two firewalls(active/standby mode), dmz vss switches(L2) that are also behind the two firewalls(SVIs with eigrp), wireless controllers, Nexus 5Ks(L2), router, and some distribution switches(L2) from other buildings that are connected. This is the reason why I asked whether it is okay or not to mix L2 and L3 links between vss(Distribution) and vPC(Core) switches because the devices behind N7K-A have mix of L2 and L3 connections.

Based on CVD-DataCenterDesignGuide-AUG14.pdf(Configure connectivity to the LAN core page 46-49) from the link that you have provided http://www.cisco.com/c/en/us/solutions/enterprise/data-center-designs-data-center-networking/index.html, why eigrp 100 is only configured on Nexus 5500UP A & B and not also on Cisco 6000 vss switches?

I also came across this link http://www.netcraftsmen.com/designing-vpc-and-routing (SUMMARY: MAKING ROUTING WORK WITH VPC).

Thanks.

Jon Marshall · ‎02-03-2016

You do configure EIGRP on the VSS it's just that you don't do it under the interface so it is not shown in that's section.

At least that is what I am assuming because otherwise there would be no EIGRP routes between the switches.

Jon

agapitca19 · ‎02-06-2016

I agree with you assumption. I just thought for a moment that maybe there was a new way of advertising routes.

Thanks!