Solved: Best LAN Network Architecture

Rowlands Price · ‎07-15-2016

Dear Support,

I have Two sites (SITE A and SITE B).

SITE A: a 3750-12s distribution switch with a vtp domaine called SITE_A with some vlans

SITE B another 3750-12s Distribution switch with a vtp domaine called SITE_B with also somes vlans

The two sites were connected by a micro wave link of 20 Mb/s

Recenty, we connected the both sites by a straight fiber optic (see the diagram attached), the fiber is connected on each distribution switch on à gigaethernet port.

To keep the existing routing between the two sites, we configured the fiber optic ports as routed with a ip address.

so my question is; Can change the design an configure the both site on the same VTP domain?

the both distribution swicth will be the vtp server in the same vtp domain

The distance between the sites is around 0.63 miles

What is the best design for my case?

Need your precious help

Mark Malone · ‎07-15-2016

Hi

,if you want to go same vtp domain the fibre will need to be set as layer 2 trunk to carry the vlans/ info , is this going over an ISP or do you have that fibre ran yourselves as if its through and ISP you will need to check with them can they support l2 across it

if its yours own fibre point-point then you can have layer 2 or 3 the best design is really a personal choice to what your comfortable managing as its small enough network either will work well but if you want 1 vtp domain it needs to be all in same l2 domain and not broken by l3 segment

the distance doesn't matter whether l2 or l3 its more for the fibre length which is already in place and working , only 1 vtp server will be chosen the other will be a backup when 2 or more are implemented in same l2 broadcast domain

View solution in original post

Mark Malone · ‎07-15-2016

Hey

If it was working on a 20mb link and now its gone to a hard gig wired fibre that's a huge increase in throughput couldn't see there being any issue unless you have added a lot more device's since then

Your currently routed and changing to layer 2 ,so if its working on later 3 it will work fine on layer 2 as it one less layer the switches have to process , check your current fibre interface and see when your busy each site what the tx/rx show on each int that will give you an indication of what the current usage is of the circuit is and the traffic impact is , honestly cant see any issue occurring with a jump like that in throughput , its 50 times what it was before and wired is huge diff compared to microwave as its more susceptible to interference than wired

View solution in original post

Mark Malone · ‎07-15-2016

Hi

,if you want to go same vtp domain the fibre will need to be set as layer 2 trunk to carry the vlans/ info , is this going over an ISP or do you have that fibre ran yourselves as if its through and ISP you will need to check with them can they support l2 across it

if its yours own fibre point-point then you can have layer 2 or 3 the best design is really a personal choice to what your comfortable managing as its small enough network either will work well but if you want 1 vtp domain it needs to be all in same l2 domain and not broken by l3 segment

the distance doesn't matter whether l2 or l3 its more for the fibre length which is already in place and working , only 1 vtp server will be chosen the other will be a backup when 2 or more are implemented in same l2 broadcast domain

Rowlands Price · ‎07-15-2016

Hi Mar Malone

The fiber is personnal and its a point to point direct fiber, no ISP or another node.

i want to set layer 2 trunk between the connected switch to carry all vlans.

My question will the link be enough to support all traffic between the two sites?

Mark Malone · ‎07-15-2016

Hey

If it was working on a 20mb link and now its gone to a hard gig wired fibre that's a huge increase in throughput couldn't see there being any issue unless you have added a lot more device's since then

Your currently routed and changing to layer 2 ,so if its working on later 3 it will work fine on layer 2 as it one less layer the switches have to process , check your current fibre interface and see when your busy each site what the tx/rx show on each int that will give you an indication of what the current usage is of the circuit is and the traffic impact is , honestly cant see any issue occurring with a jump like that in throughput , its 50 times what it was before and wired is huge diff compared to microwave as its more susceptible to interference than wired

Rowlands Price · ‎07-15-2016

Yes, it's now a direct link between the two switches, directly connected to the switch with optical module.

GigabitEthernet1/1/4 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0006.f681.d2d1 (bia 0006.f681.d2d1)
Description: LINK TO SIEGE
Internet address is 10.168.250.1/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 3/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseLX SFP

Mark Malone · ‎07-15-2016

Looking at that output your not even using 2% of the throughout at the minute on the gig int

When you go full layer 2 make sure all access ports are stp portfast with bpduguard set as well, set 1 of the dist switches as spanning-tree root primary and the 2nd dist switch as spanning-tree root secondary and if supported set all switches to be spanning-tree rapid-pvst

These commands should all be done together in a window as there will be recalculation at layer 2 while everything adjusts , now that your going full layer 2 the more control you have over spanning-tree the faster the convergence will be if there ever is an issue on the network , its better than leaving everything up to default settings but it is optional , stp will still do its thing in the background but if the network ever went into a spin/loop at layer 2 for some reason these commands will help resolve it a lot faster

if the microwave link is still there as a resilient backup circuit you could set the cost on each end of it to be 2000 so it only kicks in if the fibre fails as well if it hasn't be removed or decommissioned

Rowlands Price · ‎07-15-2016

Thanks Mark

the link is not occuped. so i will do like you said

SITE A: the distribution will be root for vlan of building A, backup for vlan of site B

SITE B: the distribution will be root for vlan of building B, bacup for vlans of site A

Regards

Rowlands Price · ‎07-16-2016

Thanks for you response.

My concern is about one particular vlan,

with routing, is it possible to have a vlan 5 on site A and have the same vlan on site B too in the same ip range? This is why i want to use L2 link to carry all vlan between the both sites.

I have servers in site A and want to have others servers int site B with the same ip range, how can i do this?

Regards

Joseph W. Doherty · ‎07-15-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Mark has already (correctly) answered that you can convert your new gig inter-site link to L2 and run both sites as one VTP domain.

Generally more "modern" designs tend to favor L3, when possible.

Mark has noted, what you show is small enough it should work fine if L2. I'm not as certain as Mark.

If you have VLANs that cross sites, where will the gateways be, for hosts on that VLAN? Could a gateway be at the other site? If so, you could pull traffic across your intersite link that's now possibly routed locally.

If you keep VLAN gateways local to the site that uses them now, you also open yourself to possible unicast flooding issues if you have more than one VLAN. (This, though, could also be avoided by setting your CAM and ARP timeouts the same.)

I don't believe we have enough information to say moving your sites to use a L2 link won't cause near or long term issues. Measuring your current inter-site traffic level, alone, might not predict the traffic level for converting link to L2.

Mark also mentioned that moving to a L2 design causes your L3 switches to process one less layer. That's true, but L3 switches should effectively perform L3 forwarding as fast as they do L2 switching. So, you shouldn't see any noticable performance difference. (BTW, I believe the 3750G-12S is the only 3750 model with a larger TCAM; it was designed for a distribution role.)

Also, Mark mentioned only 1 VTP server is chosen and others become backups, that might be true with VTP version 3, but if you're running VTP version 1 or 2 (which I suspect is more likely the case), the only thing really special about a VTP server, it allows you to make VLAN configuration changes on it.

I would suggest you further analyze the pros and cons of moving your inter-site link from L3 to L2.

Rowlands Price · ‎07-15-2016

Hi Joseph,

Thanks for your response

Here is what i want to do

SITE A will have gateway SVI on switch on site A

SITE B will have gateway SVI on switch on site B

Notice that all applications servers and internet are in site A, so all users from site B will crossing the link to access applications servers and Internet

There are no servers on site B

Regards

Rowlands Price · ‎07-15-2016

Hi Joseph

Thanks for you response

I will keep gateway locally by using SVI.

note that SITE B doesn't have servers and applications, all applications and Internet connection are based on site A which is the datacenter

Joseph W. Doherty · ‎07-15-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Not sure how to read that - i.e. both local gateways and all resources in DC.

So, will you still have SVI gateways on both 3750s? Are hosts and severs on different VLANs? If so, you're setting yourself up for possible unicast flooding. (If you're not familiar with what I'm mentioning, this Cisco Technote might help, see cause 1: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6000-series-switches/23563-143.html)

PS:

You have a working L3 topology now, correct? If so, what advantage do you see replacing it with L2? You're looking to manage just one VTP domain rather than two?

Rowlands Price · ‎07-16-2016

Dear Joseph,

My concern is how to have the same vlan 5 with ip 10.10.10.0/24 on site from site A to site B.

i have servers 10.10.10.1 & 10.10.10.2 on site A.

we want to have a backup of these servers on site B. so the integrator of the solution need to keep the same ip range on site B, he want to have server 10.10.10.3 & 10.10.10.4 on site B

How can this be possible?, this is my real concern,

Joseph W. Doherty · ‎07-17-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

With a L3 link between your sites, it's possible with a L2 over L3 protocol, although I don't recall 3750s supporting such a protocol.

You might also consider a "hybrid" solution. I.e. you go ahead and create a L2 trunk between your sites, but you only allow two VLANs across the link. One VLAN would be the one that runs on both sites, to support your solution integrator, the other would be a p2p transit VLAN, the latter VLAN only is on the two trunk ports.

Rowlands Price · ‎07-17-2016

Hi Jospeh, here attached is my design and what i want, it's possible with 3750 switch connected together with a routed port to bring the same vlan from site A to site B?

Do i need any devices to cross vlan 5 from site A to site 8 over the red link?

Need your support