Hello
We will be migrating a customer's core from a stacked pair of 3750Gs to a pair of Nexus 3172Ps and would like to get some feedback on our migration plan.
Their network consists of 3 Dell switch stack pairs connected to the core. A pair of redundant F5s, a pair of redundant Cisco ASAs and the WAN links also connect to the core.
We plan on connecting a temporary Layer 2 trunk between the existing 3750Gs and new Nexus and migrating vlans one by one. Here's the proposed configuration:
!! Enable features !!
feature interface-vlan
feature dhcp
feature pbr
feature privilege
!feature telnet
feature vrrp
feature tacacs+
cfs ipv4 distribute
cfs eth distribute
feature hsrp
feature lacp
feature vpc
feature vtp
!feature sla sender
!feature sla responder
!feature sflow
!! Enable DHCP !!
service dhcp
ip dhcp relay
!ipv6 dhcp relay
!! Create vPC domain (Reverse the IPs on the secondary N3K) !!
vpc domain 1
role priority 100
peer-keepalive destination 172.19.42.26 source 172.19.42.25
peer-gateway
auto-recovery
ip arp synchronize
!! configure port-channel and VPC for peer-link !!
interface port-channel47
description vPC peer-link channel-group
switchport mode trunk
spanning-tree port type network
vpc peer-link
!! Configure physical interfaces for peer-link !!
interface Ethernet1/47
description vPC peer-link
switchport mode trunk
spanning-tree port type network
channel-group 47 mode active
interface Ethernet1/48
description vPC peer-link
switchport mode trunk
spanning-tree port type network
channel-group 47 mode active
!! set default route !!
ip route 0.0.0.0 0.0.0.0 <firewall internal IP>
!! set NTP servers to local DCs !!
ntp server 172.19.34.7 prefer
ntp server 172.19.34.10
___________________________________
!! create test vlan !!
vlan 32
name Test
!! Configure temporary L2 link to 3750s !!
interface Ethernet 1/x
description L2 to 3750s
switchport mode trunk
switchport trunk allowed vlan 32
spanning-tree port type network
!! configure test vlan - CURRENTLY L3 IS ON 3750s. TEST L2 FIRST !!
!interface Vlan32
! description Test
! no shutdown
! no ip redirects
! ip address 172.19.x.x/x
! no ipv6 redirects
! !hsrp with switch 2
___________________________________
!! configure port-channels & VPCs to downstream switches !!
interface port-channel101
description VPC to SEA1C1R1DS0 sw1
switchport mode trunk
vpc 101
shutdown
interface port-channel102
description VPC to SEA1C1R1DS0 sw2
switchport mode trunk
vpc 102
shutdown
interface port-channel103
description VPC to SEA1C1R2DS0 sw1
switchport mode trunk
vpc 103
shutdown
interface port-channel104
description VPC to SEA1C1R2DS0 sw2
switchport mode trunk
vpc 104
shutdown
interface port-channel105
description VPC to SEA1C1R3DS1 sw1
switchport mode trunk
vpc 105
shutdown
interface port-channel106
description VPC to SEA1C1R3DS1 sw2
switchport mode trunk
vpc 106
shutdown
!! configure physical interfaces to downstream switches !!
!!(Need speed/duplex?)
interface Ethernet1/1
description VPC to SEA1C1R1DS0 sw1
switchport mode trunk
!! speed 10000
!! duplex full
channel-group 101 mode active
shutdown
interface Ethernet1/2
description VPC to SEA1C1R1DS0 sw2
switchport mode trunk
channel-group 102 mode active
shutdown
interface Ethernet1/3
description VPC to SEA1C1R2DS0 sw1
switchport mode trunk
channel-group 103 mode active
shutdown
interface Ethernet1/4
description VPC to SEA1C1R2DS0 sw2
switchport mode trunk
channel-group 104 mode active
shutdown
interface Ethernet1/5
description VPC to SEA1C1R3DS1 sw1
switchport mode trunk
channel-group 105 mode active
shutdown
interface Ethernet1/6
description VPC to SEA1C1R3DS1 sw2
switchport mode trunk
channel-group 106 mode active
shutdown
_____
And here is the migration plan:
- Configure vPC peer-link between the N3Ks
- Connect temporary L2 trunk between N3ks and 3750s
- Create L2 vlan 32 on N3Ks and add to trunk port between N3Ks and 3750Gs. (Only allow vlan 32)
- Connect laptop to an N3K port in vlan 32, assign an available IP and test connectivity for the laptop
- Connect and configure N3K 10G ports, port-channel and vPCs to rack 3 Dell switches and only allow vlan 32 on trunk
- Configure Dell switch side uplink to only allow vlan 32
- Remove vlan 32 from 3750 port-channel to Dell switch and enable port-channel between rack 3 Dell switches and N3K
- Connect laptop to rack 3 Dell switch on vlan 32 and test connectivity
- Move vlan 32 SVI from 3750s to N3ks and test connectivity
- Repeat for other rack switches
- Repeat for other vlans
- Once no more traffic is going over 1G links from 3750s to rack switches, shut the ports down from the 3750 side
- Connect F5s to N3Ks and configure ports, port-channels and vpc
- Move external facing links over
- Move ASAs over
______
Any feedback/suggestions would be very much appreciated. We're trying to minimize downtime and break down the steps as much as possible to simplify troubleshooting and in case we need to backout. We also have some PBR so I imagine we'll need to have that in place on the Nexus before moving the SVIs over. Please let me know what further info you need, I can post the existing 3750 config if that's helpful.
Thanks
AK
No comments:
Post a Comment