Simple design - a Nexus vPC pair collapsed core with WAN routers hanging off of it, and a firewall for internet egress hanging off of it
We naturally could do /30 links everywhere, however, since the plan is to use Layer3 peer-router to peer SVIs over the vPC peer link, why not just use that VLAN as a "peering domain" for all L3 devices hanging directly off this core? Everything peers with each other, and can directly route to each other using the core just for switching that traffic.
The benefit of this design (imo) is that I can have LACP trunk connections to all my other L3 devices, peer using the peering domain tag, but then still have the ability to build new tagged networks on the routers and have them ride that redundant link to the core -- in some cases I may want the gateways for certain networks (like replication) to not live locally on that collapsed core, and this gives me the option of homing that gateway on a tagged interface on one of the WAN routers in a VRF, and just use the core for switching that traffic down to the replication appliances.
Anyways, my question is: are there any glaring drawbacks or issues I may run into with this particular configuration? Outside of VTEPs requiring a real routed link for VXLAN encapsulated traffic to egress (this deployment will never use VXLAN), I can't think of any.
No comments:
Post a Comment