Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
6
Replies

L3out using SVI and trunking VLANS on the VPC link

Go to solution
nkhawaja1
Level 1
Level 1

‎03-30-2023 05:46 AM

Hi Gurus,

I am trying to figure out if I have a VPC towards a FW, can I make OSPF neighbor with between border leaf and FW as well pass some L2 VLANS on the same VPC. Simliar to  creating a L3 out using SVI and also passing some EPGs on the same link.

 

Also Can the same be done via Nexus Dashboard fabric controller in standard N9K Vxlan setup? If so how you do it.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nkhawaja1
Level 1
Level 1
In response to M02@rt37

‎03-31-2023 08:42 AM

what if I only use one VLAn on BL1/BL2/FW which is /28 

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
M02@rt37
VIP
VIP

‎03-31-2023 04:36 AM

Hello @nkhawaja1 

Yes, it's possible to establish an OSPF neighbor relationship between a border leaf and a firewall over a VPC link, while also passing L2 VLANs on the same VPC. This can be achieved by configuring the border leaf and the firewall to run OSPF and ensuring that the VPC link is configured as an OSPF-enabled interface on both devices. The L2 VLANs can then be extended across the VPC link using technologies such as VxLAN or FabricPath.

Regarding the use of the Nexus Dashboard fabric controller in a standard N9K VxLAN setup, yes, it is possible to configure the same setup using Nexus Dashboard. The specific steps may vary depending on the version of Nexus Dashboard and the exact configuration of the network, but in general, you would need to configure the VPC link between the border leaf and the firewall, configure OSPF on both devices, and configure the L2 VLANs to be extended across the VPC link using VxLAN or FabricPath.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
nkhawaja1
Level 1
Level 1

‎03-31-2023 07:10 AM

Thank you for your reply, does this require using L4-L7 services workflow in NDFC? also for the VPC, is it ok to use virtual vpc pearlink or we need physical? the L4-L7 workflow doesn't support OSPF, only BGP. while we have OSPF?

 

if you have some more detailed steps, please let me know

 

thanks,

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to nkhawaja1

‎03-31-2023 08:20 AM

@nkhawaja1 

You're welcome. The use of L4-L7 services workflow in NDFC depends on your specific network architecture and requirements. If you need to apply L4-L7 services, such as load balancing or firewalling, to the traffic passing through the VPC, then you may need to use the L4-L7 services workflow.

For the VPC, you can use a virtual VPC peer link or a physical VPC peer link, depending on your network requirements and design. The virtual VPC peer link uses the same physical links as the member links in the VPC, while the physical VPC peer link uses separate links for the peer link.

If you need to establish OSPF neighbor relationships between the border leaf and the firewall, then you should use OSPF as the routing protocol. The L4-L7 services workflow in NDFC may not support OSPF, but you can still configure OSPF manually on the border leafs and firewall.

Here are the high-level steps to configure the setup you described, assuming you have two border leaf switches (BL1 and BL2), one firewall (FW), and two VLANs (VLAN10 and VLAN20):

-- Configure the VLANs on both border leafs and the firewall. Assign unique IP subnets to each VLAN.

-- Create the SVIs for VLAN10 and VLAN20 on BL1 and BL2, and configure them with IP addresses in their respective subnets.

-- Enable OSPF on the SVIs on BL1 and BL2, and configure them to advertise their respective subnets.

-- Connect the FW to BL1 or BL2, and configure an IP address on the interface facing the border leaf.

-- Enable OSPF on the FW interface facing the border leaf, and configure it to advertise its IP address.

-- Configure a VPC between BL1 and BL2, and configure VLAN10 and VLAN20 as member VLANs.

-- Configure a VLAN interface (VLANI) for VLAN10 and VLAN20 on BL1 and BL2, and assign them the same VXLAN ID.

-- Configure the VPC peer link to carry the VLAN traffic for VLAN10 and VLAN20 using the same VXLAN ID.

-- Test the connectivity between the hosts in VLAN10 and VLAN20, and verify that OSPF is correctly advertising the IP subnets.

These are just the high-level steps, and the specific configuration commands and settings may vary depending on your network architecture and design.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
nkhawaja1
Level 1
Level 1
In response to M02@rt37

‎03-31-2023 08:42 AM

what if I only use one VLAn on BL1/BL2/FW which is /28 

 

0 Helpful

Go to solution
nkhawaja1
Level 1
Level 1

‎04-02-2024 07:48 AM

Hi, So I am back with the same question. I have a VPC with an external router and the VPC is using Virtual Link. I created one VLAN and SVI and added a VPC link towards external router. Leaf1 cant ping Leaf2 or external router. but Leaf2 can ping external router. It seems something towards virtual link (po500) is an issue. Have you tried this? in your ealrier post you mentioned creating two separate vlans but using same VNID. is that something to be done here?

0 Helpful

Go to solution
Deepak Bansal
Level 1
Level 1
In response to nkhawaja1

‎04-02-2024 09:09 PM

Its expected behavior as ping reply coming to different vpc pair leaf. I dont know why you want to establish such neighbourship , you can explain in more detail the use case.

 

But in general the recommendation is dont do neighbourship over vpc as its dosnt provide redudancy

0 Helpful
Customers Also Viewed These Support Documents