Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1370
Views
0
Helpful
6
Replies

Enterprise Network Design

rsharma1818
Level 1
Level 1

‎01-08-2019 11:58 PM - edited ‎03-03-2019 08:58 AM

Hi,

 

I have to design an enterprise network. The topology is as below

enterprise_nw.JPG

 

 

 

AS1, AS2 ---> Access switches (L2)

DS1, DS2 ---> Distribution Layer Switches (L2 and L3)

CS1, CS2 ---> Core routers

 

1. 2 Vlans viz. 100 & 200 are to be used in access layer.  Vlans DO NOT span across access layer switches

 

2. For gateway redundancy for each vlan, I have decided to use VRRP.

    DS1 will act as primary for both vlan 100 & 200 and DS2 will act as backup

 

3. At DS1 & DS2, I have created Bridge domains for vlan 100 & 200. IRB.100 and IRB.200 interfaces act as routed interfaces for respective VLANs. IRB interfaces are added to VRRP configuration at DS1 and DS2. 

 

4. The link between DS1 & DS2 is L3

 

Under normal conditions, traffic from PC in vlan 100 towards the core will flow as: AS1 --> DS1 --> CS1 --> Core

Traffic from core towards PC in vlan 100 will flow as: Core --> CS1 --> DS1 --> AS1

 

 

Failure condition:

When link between AS1 & DS1 fails, DS2 becomes VRRP master. 

 

Traffic from PC in vlan 100 towards the core will flow as: AS1 --> DS2 --> CS2  --> Core

 

Regarding reverse traffic from core towards PC in vlan 100, how do I ensure that traffic follows this path: 

 

Core --> CS2 --> DS2 --> AS1 

 

I do not want the reverse traffic to get blackholed at DS1 or use the link between DS1 & DS2.

The requirement is that the reverse traffic should flow via DS2 only.

 

Please assist.

 

Thanks,

Kaushik

 

 

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎01-09-2019 12:13 AM

AS1, AS2 ---> Access switches (L2)

DS1, DS2 ---> Distribution Layer Switches (L2 and L3)

CS1, CS2 ---> Core routers

 

This seems to reasonable approach.

 

In the CS1 and DS1  you can run IGP (OSPF, standard insducstry Standard).

From  DS1 to AS - you can extended the L2 or you can do same L3 with IGP for routing. (to limit the broadcast domain in the ACCESS Later only)

 

I prefer to run HSRP rather VRRP, again depends on your expert and understanding.

 

you can refer latest CVD

 

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Campus/CVD-Campus-LAN-WLAN-Design-Guide-2018JAN.pdf

 

Regarding the traffic path  depends on your design, example if the L2 mesh network  if the STP in place. alternative path any way it will be blocked. and only used if the primary path fails.

 

Hope this make sense ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎01-10-2019 04:54 AM

Hello

As your not extending your access layer 2 stp will take care of the L2 path regards AS1-AS2.- For the distribution to/from the cores, running an igp like eigrp/ospf you could apply an less preferred interface delay or cost metric between DS1-CS2, DS2-CS1


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

rsharma1818
Level 1
Level 1
In response to paul driver

‎01-11-2019 02:04 AM - edited ‎01-11-2019 02:04 AM

Hi,

 

If the interface between AS1 and DS1 goes down, is there a way to make the SVI/IRB interface for vlan down in DS1 switch ?

Basically, I do not want the DS1 switch to advertise the IRB interface into OSPF when the link between AS1 and DS1 goes down

 

Thanks,

Kaushik

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to rsharma1818

‎01-11-2019 03:45 AM

If you are deploying IGP between Core and Distribution along with SVI and HSRP, once the interface down, the OSPF process is down,

Routing Changes automatically calculate alternative best path to route the traffic.

hope this make sense ?

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

rsharma1818
Level 1
Level 1
In response to balaji.bandi

‎01-11-2019 04:47 AM

Hi Balaji,

Are you saying that if the link between AS1 & DS1 (Not DS1 & CS1) goes down, the IGP will know about it ?

How will the Layer 3 know about failures in Layer 2 domain ?
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to rsharma1818

‎01-11-2019 06:11 AM

I was referring Core and Dist for IGP.

 

Access layer any way L2 only, STP - TCN will have new path, when the link go down between AS and DS

 

make sense ?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents