pfSense CARP + Cisco N5k vPC

DARA

Hi,

I am connecting a pair of Netgate 7100s to a pair of Nexus 5500s. I am wondering how would I go about connecting the devices to have the optimal setup.

My idea is to use CARP in LAN and WAN between the pfSense devices and VPC between the n5ks. In theory, it would cover redundancy and failure scenarios the best and simplify the design. I am not sure about the connections between the 4 devices.

Would you have comments to share about this design?

philippe richard

@dara
Hello, I have two 7100 in HA with a VPC architecture and 4 Nexus 9K.

philippe richard

@dara
Here is a plan of our architecture.
Port-channel 51 is the VPC and port-channel 49 is the Peer-link VPC.

We have two 7100 in HA. the 7100a is connected to nexus4 and the 7100b to nexus3.

DARA

@philippe-richard Hi Philippe, Thanks a lot. This is more complete and interesting than our setup.

I wonder how you configured the connection between the routers and switches?

In my setup, each router has a single connection to a single switch configured as an Orphan port. For now it is working perfectly.

I am not sure however how it will handle different link and device failure scenarios but I will test it sometime soon and post my findings here.

philippe richard

@dara said in pfSense CARP + Cisco N5k vPC:

@philippe-richard Hi Philippe, Thanks a lot. This is more complete and interesting than our setup.

I wonder how you configured the connection between the routers and switches?

In my setup, each router has a single connection to a single switch configured as an Orphan port. For now it is working perfectly.

I am not sure however how it will handle different link and device failure scenarios but I will test it sometime soon and post my findings here.

Hello, the plan below reflects our current architecture fairly well.
For the moment the leased lines and the fiber modems are in a single building but in the fairly near future, we will have the same thing in the second building.
I did not indicate it on the plan but nexus 1 and 2 are interconnected with the other switches of the other buildings.
We are working on the consolidation of the Nexus infra because we have HA problems with the Netgate (probably a layer 2 and multicast problem with the Vpc but, not sure)

philippe richard

@dara said in pfSense CARP + Cisco N5k vPC:

@philippe-richard Hi Philippe, Thanks a lot. This is more complete and interesting than our setup.

I wonder how you configured the connection between the routers and switches?

In my setup, each router has a single connection to a single switch configured as an Orphan port. For now it is working perfectly.

I am not sure however how it will handle different link and device failure scenarios but I will test it sometime soon and post my findings here.

Hello, have you made progress on your configuration?
Have a good day