Re: Routing and vPC guidance

Jeffrey_233 · ‎11-15-2022

Hi All

I've inherited this network and an task to upgrade and replace a Arista (mlag Domain) vPC
With another pair of Nexus 3.5K's
I tried to do a over night swap without success as a result I'm force to do the granular method.

Not having done much vPC integration I wanted to check I can do this to phase out my Arista's

I've got my new vPC domain 5 setup and running.
To merge it in should it be as simple as dropping in the new vlan with these IP's?

Jeffrey_233 · ‎11-22-2022

Hey All

So i've got this setup going as per above.
I wanted to know if there is a way i could have the same scope on Domain1 and Domain 5?

Because this is just a link between our Data Center and the office. I'd really like to be able to get my switches all on 1 range.

paul driver · ‎11-22-2022

Hello
you need to make sure the connection between old arista and nxos is connected at L2 and L3

This way it will allow you to migrate peicemeal the trunk interconnects

Once this is complete you could then begin with the routing - you dont mention if you are running any dynamic routing but if you are you can enable it on the nxos and then again piecemeal relocate the l3svis (including any related static routes)
once that is complete you then relocate firewall connection and disconnect the arista.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Jeffrey_233 · ‎11-23-2022

So I'm using static routing for next hop.
When you say connect the Nexus to the Arista, you saying just connect it via a port-channel, then trunk a the vlan's I need?

Also is there a way i can keep a scope the same on both VPC domain's?
At the moment everything on VPC domain 1 is a 10.11.10.x
Everything on VPC Domain 5 is a 10.15.10.x
e.g Have 10.20.10.x serve on both VPC Domain 1&5

balaji.bandi · ‎11-23-2022

but your diagram not show that IP address space at all what you looking to do ?

remove the secure information and post show run from, new and old nexus, possible FW config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jeffrey_233 · ‎11-23-2022

So i gave that ago but i just created a lagg/port-channel group which didn't work.
It freaked out because it's getting duplicates across my vpc keepalive.

What i just realised, I bet you meant that i need to create another Vlan and just rotate the route around.

balaji.bandi · ‎11-23-2022

If you looking to replace Arista, then you need build new nexus 3K vpc in the same way , so you can shutdown the Arista links and bring up nexus links

make sure you use the same IP address space if you looking to Migrate Like a Like setup

if you looking to change the Routing mode, then you need routing in place for the 10.10.10.0/29 network back from FW.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Jeffrey_233 · ‎11-23-2022

Hey Balaji

So as per first diagram I'm doing a gradual change over as I had an issue doing and overnight swap out using the Arista's routing IP's.
Currently my routing is working on the new Nexus IP route.

I'm going ot try what Paul suggested and see how i go.

My other question about having the same IP scope on both VPC domain's.
I think I figured is out just need to double check.
basically if i have 10.20.10.x in both VPC Domain i just need to make sure that both have routes to each outher.

i.e. VPC Domain 1 : ip route 10.20.10.0/24 10.30.10.4
VPC Domain 5: ip route 10.20.10.0/24 10.30.10.1

Jeffrey_233 · ‎11-23-2022

Okay so i tried this bit not getting it right.
I get a ping between everything okay. So the links between the switches are good.

How do I cycle a vlan between them successfully.
config setup:

Domain 1
ip route 10.20.10.0/24 10.10.10.2

Domain 2
ip route 10.20.10.0/24 10.10.10.1

Domain 5
ip route 10.20.10.0/24 10.50.10.2
ip route 10.20.10.0/24 10.30.10.1

If i try add a ip route to domain 5 for 10.20.10.0/24 from domain 1
Then only that subnet works on Domain 5 and drops it on Domain 2

What am i missing?

MHM Cisco World · ‎11-24-2022

I follow you and I dont get what issue here, you want to remove arista then you add interconnect to vPC Domain5 ??

I issue I think is NAT and ACL and routing in FW,
what FW platform you use ??

Jeffrey_233 · ‎11-24-2022

So DNS and DHCP are coming for a Windows Server VM on Domain 1.
Firewall is PFsense.
I can't get the static routing to work between vPC domain1,5 and the Arista's at that same time.
If i put in static routing to the vPC domain 5 then i loose my routing to the Arista.

MHM Cisco World · ‎11-24-2022

static route for what ? what is behind Domain 5 and Arista you need Domain 1 have static route for it ?

Jeffrey_233 · ‎11-24-2022

I'm trying to replace the Arista with Domain 5.
I'd like to have routing between Arista, Domain 5 and Domain 1.
So that I can slowly move everything off the Arista and on to Domain 5 with minimal interruption.

MHM Cisco World · ‎11-25-2022

again the issue is FW, I know cisco FW and I think that PFsense is same in deal with asymatric traffic,
traffic is out from one interface and then enter form other.

Jeffrey_233 · ‎12-03-2022

Thanks all for you help.
Spent 16 Hours in my DC last night, doing the change over.
But I got there.