Folding WAN connection into LAN Core

joneswill · ‎08-12-2011

Hi all,

We have a basic 4 site WAN.

Our WAN links are all 1GB.

We run EIGRP between each site, and within each site.

We are moving our infrastructure model which will mean quite a lot of applications will be remote, located accross the WAN. As such, the existing 3825 routers will no longer be good enough as they can only sustain 180Mb/s - quite a number of our apps are bursty and we need the ability to microburst up to 1Gb without issue.

With this in mind, I was thinking of removing the WAN routers and instead, bringing the handoff directly into an SVI on my core route/switches, on line rate GigE ports.

I know that in a traditional design WAN connectivity is terminated onto WAN routers, however considering our requirement, I would like to hear reasons why terminating directly onto my LAN core, onto a specific SVI would not be sufficient?

thanks in advance

Jon Marshall · ‎08-12-2011

Presumably you have 2 core switches at the main site ?

If so the main issue is with redundancy. With a WAN router you can termnate the WAN link from a remote site and then have 2 LAN connections from your WAN router to each core switch. Without the router, and assuming you only have one actual WAN connection you must choose a core switch to connect it into.

By doing this you have actually reduced redundancy because if the core switch you have directly connected the WAN link into fails then so does remote access. And if that happens then why bother having 2 core switches ?

Now you could spread the WAN links across the core switches but you still have the same issue. I appreciate with only one WAN router that is a single point of failure as well but you are actually building in more chance of something going wrong.

It also makes maintenance of the core switches a lot harder simply because if you need to do maintenance on one and they were fully redundant then you should be able to take down one of the switches. But you won't be able to if you start connection WAN connections directly into them.

A further consideration is routing paths. If you had a connection from each core switch to a WAN router then any traffic from the core to the WAN will see 2 equal cost paths and simply send the traffic to the WAN router. However if you connect directly into the core then only one switch has a path out to the WAN. The other core switch must send all it's traffic destined for remote sites to that switch.

In addition bear in mind things like QOS. You do not get as many features on a hardware switch as you do on routers eg. shaping for example.

The above are just some of the considerations you need to take into account. I have connected links directly into core switches before although it was more a MAN link than a WAN link but it was always a temporary measure and i was much happier when i move the link to a router dual connected back to the core switches.

Having said all that a router that can handle 1Gbps is not cheap and as with everything all the above must be balanced against budget.

Jon

joneswill · ‎08-12-2011

Hi John

Thanks for the response.

We have 2 wan links per site. I'm planning of putting a link into each core. I can tune eigrp to preference what I deem to be my primary link, however my cloud is all 1Gb links so I'm not overly concerned as connectivity between the two furthest points is only two hops away.

Maintenance wise I hear what you're saying - but I wouldnt be doing any live work as our production environment can't be touched during production hours.

Good point re: QOS. I'll bear that in mind.

Right now it's making sense as I've just specced ASR1001s (as I need to be able to actually sustain 1Gb/s) and it's quite a bit of outlay considering I could, in reality, do it for nothing.

thanks

Jon Marshall · ‎08-12-2011

2 links make it easier to implement.

One key point. Make sure you are summarising EIGRP from remote sites to the main site or better yet consider using EIGRP stub. If you don't summarise then a failure in a remote site could lead to EIGRP queries being sent across the WAN. If you connect directly into you core switches this is additional overhead they don't need.

I'm assuming at the main site that you don;t have other connectivity hanging off your WAN router eg. a connection to a firewall for internet. If you do then bear in mind this also now has to go via your core switches.

Overall, what you are proposing will work and with the info you have provided i've covered most of the issue. Ideally WAN routers would be the solution but i can also understand what you mean when you talk of cost.

One final point. No idea what the core switches are bu if they are 4500/6500 then make you sure you take into account any oversubscription you may have on the linecards you are connecting the WAN links into.

Jon

joneswill · ‎08-12-2011

Yep I already summarise. I dont much enjoy SIA's

the WAN links will be into 4507R-Es onto line rate gig-e ports.

I may eventually have to change to OSPF as I might be moving to Arista's in one site. But that's for another day.

thanks again

Marwan ALshawi · ‎08-12-2011

just to add to the great posts form Jon 5+

if you are going to use OSPF then as suggested by Jon with eigrp use stub with OSPF same idea,it is better to use stub or totally stuby areas in the remote sites depends if you have local Internet or not

also if you have any redistributed route from the branches then you need to consider NSSA or Totaly NSSA

to reduce the routing table, CPU load and complexity

HTH

if helpful Rate

joneswill · ‎08-12-2011

I cant use stub because at a couple of locations I have subnets I want other locations to know about.

When/If I move over to ospf things might have changed, but I can cross that bridge.

thanks

Jon Marshall · ‎08-12-2011

Thanks Marwan