Hi all, just looking for some advice which I have been asked to review our network setup for or DC. Firstly this was all done before me starting here.
Current we have the following configuration.
Layer 3 flow:
MPLS CE → Core 3850 (VLAN SVI) → Firewall → servers
Layer 2 connecvity:
MPLS CE → Core 3850 (port channel) → Nexus 9K (SW-1 & SW-2 VPC) → firepower (Port Channel) → Nexus 9K (SW-1 & SW-2 VPC) → Server
This works use to work ok but theres a couple of issues. The main one is the firewalls a bit dated and needs a upgrade to something more modern, as it having throughput issues. This will not happen any time soon due to budget. Secondaly the Nexus 9K is not doing anything but layer 2 which is a waste (the 9k was a new purchase).
Some of our servers dont need to be behind the firewall, so what we was thinking of doing is having the nexus do layer 3 between different server networks and the firewall only dealing with DMZ and any traffic out via MPLS. So from layer 3 it would be
MPLS CE→ Core 3850 (SVI) → Nexus (SVI VLAN – still using VPC) → Firewall → server
alt:
MPLS CE→ Core 3850 (SVI) → Nexus (SVI VLAN – still using VPC) → server
Things to note, the MPLS CE runs eigrp and ospf re injecting into BGP. Currently we eigrp between the CE and 385 on one AS, and eigrp between the 3850 and firewall on a different AS.
Can anyone advice how best to go about doing layer 3 on the Nexus9K using VPC and EIGRP?
From what I understand this should be possible based on: https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/118997-technote-nexus-00.html
If anyone has any better suggestions on what to do then that would also be great thanks.
Thanks
No comments:
Post a Comment