Small step toward , repaired the ospf adjency between the Nexus pair. They see each other (int vlan 2 down..) But the CoreAB OSPF process doesn't see the Nexus switches. TEST_N5k-primary# sh ip ospf neighbor OSPF Process ID 1 VRF default Total number of neighbors: 1 Neighbor ID Pri State Up Time Address Interface 22.214.171.124 1 FULL/BDR 00:09:39 10.58.16.2 Vlan2 TEST_N5k-secondary# sh ip ospf neighbor OSPF Process ID 1 VRF default Total number of neighbors: 1 Neighbor ID Pri State Up Time Address Interface 126.96.36.199 1 FULL/DR 00:10:36 10.58.16.1 Vlan2 CoreAB TEST_CoreAB#sh ip ospf Routing Process "ospf 1" with ID 192.168.11.246 Start time: 00:04:22.185, Time elapsed: 00:14:05.537 Supports only single TOS(TOS0) routes Supports opaque LSA Supports Link-local Signaling (LLS) Supports area transit capability Supports NSSA (compatible with RFC 3101) Supports Database Exchange Summary List Optimization (RFC 5243) Event-log enabled, Maximum number of events: 1000, Mode: cyclic It is an autonomous system boundary router Redistributing External Routes from, static, includes subnets in redistribution Router is not originating router-LSAs with maximum metric Initial SPF schedule delay 5000 msecs Minimum hold time between two consecutive SPFs 10000 msecs Maximum wait time between two consecutive SPFs 10000 msecs Incremental-SPF disabled Minimum LSA interval 5 secs Minimum LSA arrival 1000 msecs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs EXCHANGE/LOADING adjacency limit: initial 300, process maximum 300 Number of external LSA 0. Checksum Sum 0x000000 Number of opaque AS LSA 0. Checksum Sum 0x000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of areas in this router is 1. 1 normal 0 stub 0 nssa Number of areas transit capable is 0 External flood list length 0 IETF NSF helper support enabled Cisco NSF helper support enabled Reference bandwidth unit is 100 mbps Area BACKBONE(0) (Inactive) Number of interfaces in this area is 1 Area has no authentication SPF algorithm last executed 00:13:11.570 ago SPF algorithm executed 2 times Area ranges are Number of LSA 1. Checksum Sum 0x00BF42 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 TEST_CoreAB#sh ip ospf route OSPF Router with ID (192.168.11.246) (Process ID 1) Base Topology (MTID 0) Area BACKBONE(0) Intra-area Route List * 10.58.16.3/32, Intra, cost 0, area 0, Connected via 10.58.16.3, Vlan2 First Hop Forwarding Gateway Tree 10.58.16.3 on Vlan2, count 1 TEST_CoreAB(config)#do sh ip ospf 1 int vlan 2 Vlan2 is up, line protocol is up Internet Address 10.58.16.3/29, Area 0, Attached via Interface Enable Process ID 1, Router ID 192.168.11.246, Network Type BROADCAST, Cost: 1 Topology-MTID Cost Disabled Shutdown Topology Name 0 1 no no Base Enabled by interface config, including secondary ip addresses Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 192.168.11.246, Interface address 10.58.16.3 No backup designated router on this network Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:02 Supports Link-local Signaling (LLS) Cisco NSF helper support enabled IETF NSF helper support enabled Index 1/1/1, flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 0, maximum is 0 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 0, Adjacent neighbor count is 0 Suppress hello for 0 neighbor(s) I don't know why inactive area 0 on CoreAB.
... View more
Hello! Previously I asked about this topic, than was only a plan and now we have already the Nexus switches. Here is the current topology and next the migrated draw with 2 piecies 5548UP (L3 card + license too) Current situation 1. ZONE-4s24 is 4pcs WS-C3850-24T in stack and only 2 switch has 10Gbps Network modul (2x2 port) 2. ZONE-4s24 has both L3 and L2 function - Advertise server networks with OSPF - Routing between VLAN - Direct link to servers, blade switches, firewall etc. - The 10Gbps moduls link use to servers not the other switches 3. ZONE-4s24 connect to Core-AB with L3 PoCh 4. Core-AB (2pcs C3850-24T) connect Core-CD L3 link with PoCh3 copper, PoCh4 is the redundant link (higher OSPF cost) 5. Core-AB is the OSPF DR of the full network, to advertise HQ and Branch Office networks 6. Core-CD is the OSPF BDR, to advertise Partner networks Plans 1. Every 3850 will get 10Gbps network modul, so the Core-AB and Core-CD switch to connect with 2x10Gbps 2. ZONE-4s24 is 4 unit stack and i want to split 2 part (ZONE-A, ZONE-B) and they will have only L2 task 3. In current state the ZONE-4s24 doesn't has redundant link, its a SPOF and traffic from partner's network goes to Core-CD --> Core-AB --> ZONE instead of Core-CD --> Zone directly. So I want Nexus switches connect to both switch. 4. Nexus primary and secondary have to take over L3 task of ZONA-4s24 and to link ZONE-A and ZONE-B with L2 vPC 2x10Gbps My question is relate to 3. Routing between Nexus-CoreAB and Nexus-CoreCD I read that after 7.3.0 IOS can be work the L3 dynamic routing, but I found only this relevant example: http://b.shnosh.net/nexus-dynamic-routing-over-vpc-vlan/ Common routing vlan is VLAN 2 - 10.58.16.0/29. So what I did (relevant part): Core-AB Te1/1/3 --> N5k_prim Eth1/1 Core-AB Te2/1/3 --> N5k_secon Eth1/1 Core-AB (3850) ip routing interface Vlan2 ip address 10.58.16.3 255.255.255.248 no ip redirects ip ospf 1 area 0 ip ospf cost 1 interface TenGigabitEthernet1/1/3 description *PoCh_10->N5k_primary* switchport mode trunk channel-group 10 mode active interface TenGigabitEthernet2/1/3 description *PoCh_10->N5k_secondary* switchport mode trunk channel-group 10 mode active interface Port-channel10 description *PoCh->Nexus* switchport mode trunk router ospf 1 redistribute static subnets network 10.58.16.0 0.0.0.7 area 0 N5K-primary feature ospf feature interface-vlan feature lacp feature vpc vpc domain 1 peer-switch role priority 50 peer-keepalive destination 172.16.10.101 source 172.16.10.100 delay restore 150 peer-gateway layer3 peer-router ip arp synchronize interface Vlan2 description *** OSPF Peering with CoreAB *** no shutdown no ip redirects ip address 10.58.16.1/29 no ip ospf passive-interface ip router ospf 1 area 0.0.0.0 interface port-channel10 description ***Core-AB*** switchport mode trunk no lacp suspend-individual vpc 10 interface Ethernet1/1 description *PoCh_10->Core-AB* switchport mode trunk channel-group 10 mode active router ospf 1 router-id 188.8.131.52 area 0.0.0.0 range 10.58.16.0/29 N5K-secondary feature ospf feature interface-vlan feature lacp feature vpc vpc domain 1 peer-switch role priority 100 peer-keepalive destination 172.16.10.100 source 172.16.10.101 delay restore 150 peer-gateway layer3 peer-router ip arp synchronize interface Vlan2 description *** OSPF Peering with CoreAB *** no shutdown no ip redirects ip address 10.58.16.2/29 no ip ospf passive-interface ip router ospf 1 area 0.0.0.0 interface port-channel10 description ***Core-AB *** switchport mode trunk no lacp suspend-individual vpc 10 interface Ethernet1/1 description *PoCh_10->Core-AB* switchport mode trunk channel-group 10 mode active router ospf 1 router-id 184.108.40.206 area 0.0.0.0 range 10.58.16.0/29 In this case I got trunk connection in port-channel 10 without ospf neigbors. Opinions? The 2 new Nexus are in our lab room with 2pcs spare 3850. I updated the IOS (7.3.3.) and I know to try different config versions. Thank you Gy.
... View more
Thank you the detail explanation.
In case of 2. option have to do lot of physical (moving devices in other cabinet unit, assembly the network modules in 3850, cabling, etc.) and configure modification almost everywhere. In production enviroment its mean pause.
I think it would be easier when in first step change the place of devices, assembly the Nexus and network modules. Configure the first version when the Nexus work as L2 sw. In this case doesn't change the Core switch but connect the Nexus not only to Core_AB but the Core_CD also as the 2. option (interface shutdown both side).
An other day, other downtime could be the configuration to change end will became the Nexus core sw .
1. What do you think?
2. If the Nexus N5k_primary will be the OSPF DR than the BDR would be the N5k_secondary or its logical one switch and the Core_CD have to do the role henceforward?
... View more
I would like to ask help to decide the reform of our network topology.
I drew the relevant part of network and the 2 opportunity.
We have 2pc 3850 (stack) L3 switch (Core-AB) as Designated router with OSPF routing. The area numbers 12, the dynamic networks are some 300 pieces. Cisco offer the 3850 is access switch not Core.
Until now we don't have 10Gb switch and now we will buy 2 pieces Nexus 5548UP with L3 licences. The main goal was to link servers with 10Gbs. Current we have to use only 2x10Gb network modul in C3850.
I have 2 opportunity:
1. Put the Nexus in the network as L2 switch and minimal topology change
2. Change the 3850 DR to 5548 UP and then the Nexus will be the OSPF DR and every servers with 10Gbs interface connecting in the new Core sw.
The first version less and easier modification but the Nexus has much more performance.
If I know the 2 Nexus (with vPC) not same as stacked C3850, so the OSPF DR task will have to do only one.
Thanks any advice.
... View more