MX250 Routed Mode HA connected to Nexus 9k pair with VPC - redundant design help

Solved
drizz_labs
Conversationalist

MX250 Routed Mode HA connected to Nexus 9k pair with VPC - redundant design help

Hi everyone, looking for design help building off a previous post

 

ISP-A/B to BR-A/B to MX250 HA pair in routed mode to Nexus 9k core using VPC where multiple SVIs and three VRFs will live. (see diagram)

 

How would you guys recommend I configure the lan ports on the MX250 HA routed mode pair facing the core so full redundancy can be achieved? My understanding is LAG/VPC is not supported on the MXs?

 

Any help on this is appreciated, thanks a ton.

 

meraki diagram 2.png

1 Accepted Solution
Ryan_Miles
Meraki Employee
Meraki Employee

Hey @drizz_labs 

 

Will there be multiple VLANs on the MX LAN side or just a single VLAN/transit network to the cores? MX doesn't support LAG as you mentioned. So just ensure the LAN ports are all configured identically on the MX and switch sides (same mode, native VLAN/allowed VLANs, etc). And, make sure spanning tree is properly configured on your switches. MX doesn't participate in STP, but the STP packets will pass through the MX LAN ports so the switches can keep the topology loop free.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

View solution in original post

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

Spanning Tree Protocol (STP)

Note: The MX does not run STP in any capacity, and will not exchange BPDUs with other switches or participate in the root bridge election process.

 

If the MX received BPDUs on the LAN, these BPDUs will be re-forwarded within the broadcast domain that they were received on. If there are multiple switches connected to the LAN of the MX participating in an STP election, all BPDUs sent to the MX will be forwarded to other links with the same VLAN allowed, which can cause switches to see BPDUs from multiple other switches, causing ports to get into an unknown/unidentifiable state and impacting the root bridge election process.

 

Below is a diagram illustrating how the STP election process can be affected by this MX LAN forwarding behavior - when 3+ switches are connected in the same broadcast domain, each switch will receive BPDUs from 2 or more switches on their connected uplinks. In the case of switches 2 and 3, the uplink is both a root port and a designated port from the switches' perspectives, causing the ports to go into an unknown state. In practice, this can also result in rapid STP port status changes for uplinks on multiple switches.

 

 

 

 

 

There are a few things that can be done to prevent this from occurring:

 

Avoid connecting more than two switches in the same STP domain directly to the LAN of the MX

 

Isolate the MX in its own broadcast domain by implementing Layer 3 switching downstream

 

 

 

The STP Root Bridge doesn't generate TCNs to notify of topology changes, only the non-root switches do. This can cause longer failover and STP convergence times and should be considered when setting up the root bridge and/or redundant links in the environment.

 

Note: STP convergence times may vary depending on the size of the network.

 

https://documentation.meraki.com/MX/Networks_and_Routing/MX_Layer_2_Functionality

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Ryan_Miles
Meraki Employee
Meraki Employee

Hey @drizz_labs 

 

Will there be multiple VLANs on the MX LAN side or just a single VLAN/transit network to the cores? MX doesn't support LAG as you mentioned. So just ensure the LAN ports are all configured identically on the MX and switch sides (same mode, native VLAN/allowed VLANs, etc). And, make sure spanning tree is properly configured on your switches. MX doesn't participate in STP, but the STP packets will pass through the MX LAN ports so the switches can keep the topology loop free.

Ryan

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

I'm thinking there will just be a single VLAN/transit network from the MX HA pair to the cores, and all intervlan routing (and likely inter VRF routing) will take place on the cores, followed by static routes on the MX pair to get to all the DC routes.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels