01-08-2019 11:58 PM - edited 03-03-2019 08:58 AM
Hi,
I have to design an enterprise network. The topology is as below
AS1, AS2 ---> Access switches (L2)
DS1, DS2 ---> Distribution Layer Switches (L2 and L3)
CS1, CS2 ---> Core routers
1. 2 Vlans viz. 100 & 200 are to be used in access layer. Vlans DO NOT span across access layer switches
2. For gateway redundancy for each vlan, I have decided to use VRRP.
DS1 will act as primary for both vlan 100 & 200 and DS2 will act as backup
3. At DS1 & DS2, I have created Bridge domains for vlan 100 & 200. IRB.100 and IRB.200 interfaces act as routed interfaces for respective VLANs. IRB interfaces are added to VRRP configuration at DS1 and DS2.
4. The link between DS1 & DS2 is L3
Under normal conditions, traffic from PC in vlan 100 towards the core will flow as: AS1 --> DS1 --> CS1 --> Core
Traffic from core towards PC in vlan 100 will flow as: Core --> CS1 --> DS1 --> AS1
Failure condition:
When link between AS1 & DS1 fails, DS2 becomes VRRP master.
Traffic from PC in vlan 100 towards the core will flow as: AS1 --> DS2 --> CS2 --> Core
Regarding reverse traffic from core towards PC in vlan 100, how do I ensure that traffic follows this path:
Core --> CS2 --> DS2 --> AS1
I do not want the reverse traffic to get blackholed at DS1 or use the link between DS1 & DS2.
The requirement is that the reverse traffic should flow via DS2 only.
Please assist.
Thanks,
Kaushik
01-09-2019 12:13 AM
AS1, AS2 ---> Access switches (L2)
DS1, DS2 ---> Distribution Layer Switches (L2 and L3)
CS1, CS2 ---> Core routers
This seems to reasonable approach.
In the CS1 and DS1 you can run IGP (OSPF, standard insducstry Standard).
From DS1 to AS - you can extended the L2 or you can do same L3 with IGP for routing. (to limit the broadcast domain in the ACCESS Later only)
I prefer to run HSRP rather VRRP, again depends on your expert and understanding.
you can refer latest CVD
Regarding the traffic path depends on your design, example if the L2 mesh network if the STP in place. alternative path any way it will be blocked. and only used if the primary path fails.
Hope this make sense ?
01-10-2019 04:54 AM
Hello
As your not extending your access layer 2 stp will take care of the L2 path regards AS1-AS2.- For the distribution to/from the cores, running an igp like eigrp/ospf you could apply an less preferred interface delay or cost metric between DS1-CS2, DS2-CS1
01-11-2019 02:04 AM - edited 01-11-2019 02:04 AM
Hi,
If the interface between AS1 and DS1 goes down, is there a way to make the SVI/IRB interface for vlan down in DS1 switch ?
Basically, I do not want the DS1 switch to advertise the IRB interface into OSPF when the link between AS1 and DS1 goes down
Thanks,
Kaushik
01-11-2019 03:45 AM
If you are deploying IGP between Core and Distribution along with SVI and HSRP, once the interface down, the OSPF process is down,
Routing Changes automatically calculate alternative best path to route the traffic.
hope this make sense ?
01-11-2019 04:47 AM
01-11-2019 06:11 AM
I was referring Core and Dist for IGP.
Access layer any way L2 only, STP - TCN will have new path, when the link go down between AS and DS
make sense ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide