Double sided VPC with HSRP peers in separate VPC domains

Beazle · ‎03-04-2024

We are looking to implement a double sided VPC between pairs of Nexus 9ks. The plan is to form VPC peers between the two 9ks in each DC for server redundancy.

DC1-A will be a VPC peer with DC1-B (Domain 1)

DC2-A will be a VPC peer with DC2-B (Domain 2)

All 4 switches will connect to each other for mesh connectivity.

Our plan is to then run HSRP between each of the A switches and route up to our Core.

Is it a valid configuration to have HSRP peers in different VPC domains?

M02@rt37 · ‎03-04-2024

Hello @Beazle

It seems to be a valid configuration. In fact, this is a common design practice for achieving redundancy and high availability in data center networks.

In your setup, each pair of Nexus 9k in DC1 and DC2 forms a VPC domain. Within each VPC domain, the two switches are VPC peers, providing redundancy for server connections. Right ?

By running HSRP between the A switches (for example, DC1-A and DC2-A), you can achieve gateway redundancy for the servers. Each A switch will act as the active gateway for its local subnet, and in the event of a failure, the standby gateway on the other A switch will take over.

This design allows for redundancy at both the server access layer (using VPC) and the gateway layer (using HSRP).

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

Beazle · ‎03-04-2024

Yep, that is the plan. Thank you for your response

MHM Cisco World · ‎03-04-2024

confirm below
double side
same VLAN in all NSK
HSRP for same VLAN

if all above Yes you can use HSRP in all SW
https://www.cisco.com/c/dam/en/us/td/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

Beazle · ‎03-04-2024

The plan would be similar. Based on the diagram that you shared we would want 7k1 and 7k3 to participate in HSRP while 7k2 and 7k4 would not. 7k1 would also have a connection to 7k4 and 7k3 with a connection to 7k2 for additional redundancy.

I suppose we wouldnt get the advantage of having active/ active because the VPC peers wouldnt both be participating in HSRP. So there would not be a shared virtual MAC for the HSRP peers.

Or would there be a way to still achieve the active / active functionality while only having 7k1 and 7k3 participating in HSRP?. Is that what the PACL describes when stopping the propagation of the HSRP hellos across PO10 in figure 77? Or is that describing how to have separate HSRP instances in each DC?

Appreciate your help

MHM Cisco World · ‎03-04-2024

unfortunately
I have limit RAM in my server to run four NSK, but
the idea is simple
run HSRP in four NSK
we isolation HSRP between the two domain by PACL
each domain will select it HSRP active Peer, if down the NSK in same domain will elect as new active
I think this is what you looking for

NOTE:- I read in CCIE DC that we can use different password to isolate the HSRP instead of use PACL

MHM

Beazle · ‎03-04-2024

Can you think of any reason to not run GLBP on 7k1 and 7k3 to achieve the active / active functionality?

MHM Cisco World · ‎03-04-2024

Friend' hsrp will elect active peer in each domain BUT

Both vPC NSK in each domain will work as active/active' this different of vpc than other SW.

AND The active hsrp in vpc beside for data traffic responsible of reply to ARP.

MHM