Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
2
Replies

Aggregating ASR LAN Connections

Go to solution
Steven Kalafatich
Level 1
Level 1

‎05-25-2016 06:01 AM - edited ‎03-08-2019 05:56 AM

I have been given a recent design for a redundant edge stack and am stuck trying to provide the best solution for ASR connectivity to the LAN.

In my scenario, a single ASR1001 acting as an edge router would be connected to two 9372's. These switches would be interconnected and provide downstream redundancy through the firewall stack before connecting to our internal network.

Where I'm running into issues is aggregating the links on the ASR down to the 9372. From the research I've done so far, I not found any instance where someone has aggregated or bridged 2 separate layer 2 connections to separate switches. I have thought about using a vPC to accomplish this across the 9372 but there are design recommendations against doing that due to sub-optimal routing but I think that might be a minor concern given the traffic load and size of the stack.

The only solution I've found so far involves using BVI on the ASR to join 2 LAN interfaces but I worry about broadcast storms and haven't tested this in the lab yet. Is there anyone familiar with alternate methods of accomplishing this? I think I recall seeing mlppp used similarly but I think it would need the vPC on the 9372.

Additional Info:

Some might ask why I don't just route to the 9372. The goal is to peer BGP from the LAN distributions inside the firewalls to a single interface on ASR across a single layer 2 domain.

Labels:
Preview file
60 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Carlos Villagran
Cisco Employee
Cisco Employee

‎05-25-2016 06:15 AM

Hi!

You can use a bridge domain in your ASR, I recently had to work with a network deployement using this and almost your exact requirement:

http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/bdi.html

I really recommend you reading through the documentation. The interfaces connected to the ASR will become L2 and can be used as access VLANs, TRUNKs. The ASR basically becomes a switch from that side.

Hope it helps, best regards!

JC

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Carlos Villagran
Cisco Employee
Cisco Employee

‎05-25-2016 06:15 AM

Hi!

You can use a bridge domain in your ASR, I recently had to work with a network deployement using this and almost your exact requirement:

http://www.cisco.com/c/en/us/td/docs/routers/asr1000/configuration/guide/chassis/asrswcfg/bdi.html

I really recommend you reading through the documentation. The interfaces connected to the ASR will become L2 and can be used as access VLANs, TRUNKs. The ASR basically becomes a switch from that side.

Hope it helps, best regards!

JC

0 Helpful

Go to solution
Steven Kalafatich
Level 1
Level 1
In response to Carlos Villagran

‎05-25-2016 07:55 AM

Thank you Carlos. That's does work and it's good to have a confirmation someone else is using it successfully.

I have done some testing and noticed that when I drop the port-channel between the 9372's, I can still ping switch 2 from switch 1 across the ASR. I looked at spanning tree on the switches and each switch becomes the root during the shutdown of the port-channel.

I have concerns with this setup as to what spanning-tree is doing on the ASR and how to prevent loops in this environment. There also seems to be a 20 seconds outage, if one of the uplinks between the switch and ASR fails, prior to forwarding traffic via the other switch.

I'll have to look at ways to improve that, if possible.

0 Helpful
Customers Also Viewed These Support Documents