OSPF Layer3 Switch Design-Question

whistleblower14 · ‎01-29-2022

Hi all,

I´d like to understand a (e.g. OSPF) design-related topic!

When using so called SVI Interfaces on a Layer3 switch, it would be interessting for me to know if the attached setup would make sense to you/in your opinion and of course would work for ECMP Routing as well?!

What do you think of using the (Layer3) switch in addition to his Layer3 function at the same time to connect the 2nd switch physically and in the same OSPF Transit-VLAN/Subnet? Is this a suggested design or if not, can you tell me the drawbacks?

thanks to all of you!

Georg Pauwen · ‎01-29-2022

Hello,

it is unclear what OSPF design you want to configure. I guess it would help if you put the desired OSPF config into the image.

MHM Cisco World · ‎01-29-2022

From my view this not relate to ospf,

the question is why we need L2 between the two l3sw ?

we need it in case that there is same one or multi vlan in both l3sw, so we need L2 to connect host in same vlan connect to both l3sw.

now I see fw why we need L2 not L3 connect l3sw to fw?

simply the fw can do it job by inspection the traffic when pass from one vlan to other since it GW for all vlan so the traffic between two differ vlan pass through the fw and can inspect it.

Richard Burts · ‎01-29-2022

There are some things in your question that are not clear to me?

- is the firewall participating in OSPF or is OSPF just between the switches?

- ECMP implies multiple paths toward some destination. Where would the multiple paths be?

- you ask "using the (Layer3) switch in addition to his Layer3 function at the same time to connect the 2nd switch physically" Your layer1/2 drawing is pretty clear that there is one physical connection. Is this part of the question suggesting a second physical connection?

HTH

Rick

whistleblower14 · ‎01-30-2022

thanks to oll of you for responding, I appriciate that very much! please see my answers inline...

@MHM Cisco World @Richard Burts

the question is why we need L2 between the two l3sw ?

we need it in case that there is same one or multi vlan in both l3sw, so we need L2 to connect host in same vlan connect to both l3sw.

that's exactly the reason! it`s also necessary to be able to connect devices in the same vlan over both switches! The FW is a Cluster and on the other Layer3 Switch the Standby-Applicance is located for e.g.!

now I see fw why we need L2 not L3 connect l3sw to fw?

simply the fw can do it job by inspection the traffic when pass from one vlan to other since it GW for all vlan so the traffic between two differ vlan pass through the fw and can inspect it.

the firewall should terminate all VLANs and act as default gateway for all of them as well! Of course the Firewall will participate in OSPF because there`re also behind the FW other networks which would needed to be redistributed into the Area! The Layer3 Switches are only needed to connect to another location where there is an independent layer2 environment with overlapping vlan ids, so own stp instances can be operated independently of each other...

does that make sense to you?

MHM Cisco World · ‎02-01-2022

OK why FW connect to L2 because FW cluster need L2 connection between the all Out In interface for all FW, otherwise it will not work.

Joseph W. Doherty · ‎01-30-2022

Assuming your L3 design's links are all the same bandwidth, one disadvantage of such a design your two switches could create ingress congestion on the FW port.

Although your L3 design would permit ECMP, it buys you little as you only have the single link, in both designs, to/from FW.

If your FW could provide another port, more interesting option become available. You could then do ECMP and manage possible congestion at each port's egress (although I suspect FW, and even the switches, have weak QoS feature support).

If your pair of switches support stacking, VSS, etc., other options might arise with using a dual Etherchannel from FW with connections to each member switch, but might not be better than forgoing two link L3. (Design might get a bit more complex.)