VXLAN Fabric using EVPN with Cisco Nexus 9000 Switches

I deployed a VXLAN fabric using Cisco’s Nexus 9K switches recently, and started seeking out the best way to do things. I came up with a few questions that need to be answered first, and a configuration that I believe is best to use for most deployments.

Topology

The below diagram details a VXLAN fabric deployment.

VXLAN Fabric

VXLAN Fabric

As you can see, all the VLANs/subnets that are normally configured on switches are placed inside a separate routing table called a tenant VRF.  This allows for address separation amongst multiple tenants within the same physical fabric.  If only a single tenant uses the fabric, all the traffic processing remains within a tenant VRF.

Read more

WCCP with Multiple Firewall Zones

I can’t count how many times I’ve seen the topic of WCCP in the Cisco support forums where people want to use their Ironport WSA to block traffic from internal users *and* DMZ servers. This clearly DOES NOT WORK, but I’ve never seen a very good explanation of why it doesn’t work. This is my attempt to explain why this DOES NOT WORK.

Read more

« Older Entries