Hi Wolfgang,

I described customer configuration. Yes, actually router_A is connected only to member_1 due to have 20gb of speed and because the have not PVC configuration. If HSRP on router fail over to router_B and this is not due to link down from router to member, we loose connection.

This is not a good configuration, so in the evolution we proposed using Maestro, I want to improve this situation.

Which is the better way to connect 2 orchestrator with 2 router that use HSRP (not VPC) using 2 link (10G+10G) from every router?

I proposed the configuration shared before, using 1 bond with 4 eth, 2 for MHO_1 and 2 for MHO_2. Is it correct?

M

You cannot doing a bond with two routers they are not doing something like VPC/PVC. As @Pawel_Topczewsk mentioned you need an additional switch infrastructure. Between MHOs and this switch you can bond 4 interfaces (two from each MHO). Your routers can connect with one bond (both interfaces) on each router to this switch. Put them all in the same VLAN and your' right.

Hi there, and thanks for your support.

Sorry, maybe I expleined in a wrong way. The router I told are Cisco Nexus so they are L3 switch, have a HSRP vIP for every VLAN the manage and have a trunk between them.

In production environment we have several VIP configured on HSRP Nexus. Customer don't want to do change on router side.

Is this solution supported: use a turnk of 2 ports from Nexus_1 to MHO_1, and other 2 ports from Nexus_2 to MHO_2, and Nexus implement HSRP to manage vIP of this VLAN? On Security Group, configure a bond with the 4 ports (2 from MHO_1 and 2 from MHO_2) usin LACP mode.

In this scenario, if VIP is active on Nexus_1, the VS1 running on Security Group VSX:

- will use the 4 ports to reach the VIP (2 ports is connected directly to Nexus_1 while 2 other ports will use Nexus_2 on L2, the trunk Nexus_1/Nexus_2 and reach the VIP on Nexus_1

or

-will use onty the 2 ports (one per MHO) that are connected to Nexus_1 so can reach the VIP?

Please, help me to solve this doubt

M

If you configure a LACP-bond  with 4 interfaces on the MHOs you have to configure a LACP-bond with 4 interfaces on your Nexus-Switches. You need to have to support for a LACP-bond via two switch devices. Normally this will be done with vPC in the NEXUS world or stacking with other switches. Other option will be  Cisco VSS (Virtual Switch System), but we don't know what you're customer is using.

Hi Wolfgang, so my solution can't working in that way, it's right?

Without adding device or modifing Nexus with vPC or VSS, what can I do to have a good redundancy from my 2 MHO and my 2 Nexus in HSRP? Which is the best topology I can set?

Actually I have 2 link of 10 GB (total 20GB in LACP) for Nexus/Member of VSX, how to mantain this speed?

With your new Maestro deployment you have the same problem as with your old ClusterXL solution. There is a need for link redundancy between both routers. This can be achieved with VPC or with an external switch. You wrote you need 2x10Gb for your router to gateway connection. This looks like for me not like a  small or simple solution. 20Gb will be a request for more effort to build a redundant solution. Adding two additional switches with some 10Gb interfaces should be not so much cost and work. On the other hand VPC and HSRP deployment is a normal use case.

Hi Wolfgang,

talking with che customer, we think that create a VPC is now possible. In this case, is this solution possible:

Nexus1 -> 10 GB -> MHO1

Nexus2 -> 10 GB -> MHO2

Create a VPC on Nexus1/Nexus2 and use HSRP on them to share the VIP

Create a bond on the SecurityGroup and assign it to the VS. In this case, can I configure the bond in Active/Standby or if I prefer (so I can use the 20GB) configure the LACP?

@Marco32 with VPC both solution are possible (active/standby or LACP).

The nexus administrators should configure a LACP-portchannel with one 10G port port from every Nexus, you'll get 20Gb/s.

set "LACP Rate" => fast and "Transmit Hash Policy" => "Layer 3+4"

If you use "Transmit Hash Policy" => "Layer 2" you're connections with the routers VIP will be always goes only over one physical link. The same configuration will be needed in the NEXUS configuration.

Hi Wolfgang,

ok in this scenario I can use the 2 link or if client prefer I can use 4 link in the uploink bond. In this case LACP is the only solution.

with "layer3+4" do the bond distribuite the traffic on the 2 (or 4) link?

@Marco32 @you can build the LACP-group with 2 or 4 interface.

With „Layer3+4“ hash policy the traffic will be distributed over all links in your LACP-group, but one connections traffic will always flows only over one link.