Nexus vPC routing to orphan port

Started by wintermute000, December 30, 2015, 03:20:21 PM

Previous topic - Next topic

wintermute000

OK going over my Nexus readings again and again and I'm 95% sure its all good but I want to ask the hive mind


I have a pair of 7ks with vPCs.
I have separate L2 peer-link and L3 routed link.
On one of the 7ks, I have an orphan port going to a L3 device peering BGP to the 7k its attached to ONLY. The other Nexus receives the route redistributed via OSPF, over the L3 routed link NOT the peer link.


am I correct in saying that vPC traffic to either Nexus will be fine, as I'm not traversing the peer link?
Even if vPC traffic destined for the orphan port hits the second Nexus, it will just route an extra hop and doesn't matter?



that1guy15

1)  Nexus-1 fails you are dead
2) Nexus-2 fails as secondary you are good
3) Nexus-2 fails as primary and the peer-link cant be used, orphans will be shut unless configured as orphan no suspend
,
..
...
4) both Nexus fail... go drink scotch and let God sort it out.

As long as bi-directional routes are flowing through OSPF Im thinking you should be fine.
That1guy15
@that1guy_15
blog.movingonesandzeros.net

routerdork

Quote from: that1guy15 on December 30, 2015, 04:43:30 PM4) both Nexus fail... go drink scotch and let God sort it out.
Inviting myself to join.  :pub:
"The thing about quotes on the internet is that you cannot confirm their validity." -Abraham Lincoln

DanC

#3
Quote from: wintermute000 on December 30, 2015, 03:20:21 PM
OK going over my Nexus readings again and again and I'm 95% sure its all good but I want to ask the hive mind


I have a pair of 7ks with vPCs.
I have separate L2 peer-link and L3 routed link.
On one of the 7ks, I have an orphan port going to a L3 device peering BGP to the 7k its attached to ONLY. The other Nexus receives the route redistributed via OSPF, over the L3 routed link NOT the peer link.


am I correct in saying that vPC traffic to either Nexus will be fine, as I'm not traversing the peer link?
Even if vPC traffic destined for the orphan port hits the second Nexus, it will just route an extra hop and doesn't matter?

You have an OSPF adjacency on the routed link yeah? Will work fine until the shiz which that1guy15 says... Routed port on 7k1 would be better, or failing that an SVI on a non-vPC VLAN.

I had a similar scenario in a previous role temporarily until a secondary CE was connected to the 2nd 7K.


wintermute000

#4
yeah I know re: failover, we also have another pair of 7ks across 2x DWDM links at the other site doing the peering to the same device. Its a stretched cluster.

Yes, the horror. Its not my design, I inherited it and was told to just get it working. Yes the OSPF adjacency is on the routed link (as well as routed VLANs to the other pair at the other site) so OSPF should just take care of any reconvergence. Not enough 10G ports to dual home it (multicontext....)


It just looks weird instinctively as N2 will have 1x extra L2 hop, but i guess that's no different to an 'approved' design with dual L3 /30s to each Nexus - the NH is different depending on which Nexus the vPC traffic ends up on but will just get forwarded as standard.

FWIW they're currently using... static routes. Everywhere. (3x FW clusters, 8x Nexus VRFs). Its ridiculous. did I forget to meniton stretched vlans everywhere?

I'm not even going to get into ASN duplicates due to VRFs/contexts (instead of using VDCs/different firewalls), not using EIGRP because proprietary (but hey we're all Nexus/ASA/IOS and we use vPCS everywhere and want to use OTV in future).

Dieselboy

Just chiming in here as I'm interested.

Do you have the capacity on the L3 device to use another port and connect it to the other Nexus? I guess you'd have to use routed ports.

wintermute000

nope. ASA-5585X with 4x10Gb ports.... two contexts... inside and outside on both sides.

Its a retarded design. I just got told due to politics I have to make it work with straight up eBGP redist into the OSPF core, whereas the 'smart' design would be a iBGP mesh over the OSPF core - all external routes stay in BGP, classic Service Provider design - but no we can't mention the word 'iBGP' (long story, but basically someone else f--ked it up spectacularly last time)


icecream-guy

Quote from: wintermute000 on January 06, 2016, 03:14:33 AM
nope. ASA-5585X with 4x10Gb ports.... two contexts... inside and outside on both sides.

I have to make it work with straight up eBGP redist into the OSPF core,

you plan on running the routing protoocls on the ASA,  both? BGP and OSPF? with redistribution of how many routes into OSPF?  wow,
that might put some load on that huge ASA-5585X
:professorcat:

My Moral Fibers have been cut.

wintermute000

Nah, straight eBGP to/from ASAs to N7ks

the issue is that the 7ks then have to redistribute BGP into OSPF, whereas I'd rather run a full iBGP mesh and keep the external (ASA originated) routes in BGP. Nice and clean.

Problem is, someone before me messed up an iBGP design hard and now the term iBGP is verboten. Also, the project has no more scope for core network re-designs, since we shoudl have got it right the first time round. I should have shoved the iBGP in there the first time round when I put in the OSPF over the top of the static routing, but it was literally a firefighting exercise where I had no time to do any design or thinking, just walk in there and fix it.

wintermute000

Update: it works, change successful lol.