12-26-2010 10:19 AM - edited 03-06-2019 02:42 PM
Current Situation:
----------------------
I have recently started a new role and this network/infrastructure is in complete chaos which is an understatement. So a lot of changes need to be made to get things right.
Network/Infrastructure background:
----------------------------------------------
This is a multi-site environment and offices are spread across in 9 different locations.
All sites are linked together using [ 1 GB LES connections ] more or less in a star topology with the exception of 2 sites have a secondary connection but the [ LES contract ] is about to expiry for those 2 sites so secondary connections will be made defunct.
The ip address they use is one single flat subnet of 60000 + ip address across all sites. No vlans!!!
Majority of the switches on all sites are HP Procurve 18xx....
The internet feed is on one single site which has also been placed on the wrong location as that is not the central site either.
Changes recommended by 3rd party consultancy firm:
---------------------------------------------------------------------
Centralise majority of the servers/services in a data centre (due to power issues on each site)
Implement 10.x.x.x/19 subnets to each site.
Implement Layer 3 routing on each site and make each site self-sufficient.
Implement only required servers locally i.e. DC/DNS/DHCP/WINS/F & P.
Run independent MST instance on each L3 switch for their local vlans including cisco 65xx located in the Data centre.
Orders they want to place are:
---------------------------------------
HP Procurve 5406zl * 9 - L3 for each site.
Cisco 65xx * 2 for the data center. (core)
Create vlan's from subnet 10.x.x.x/19 allocated to each site for local vlan's which will be routed locally by 5406zl ( L3 ). This ensures the site can function if LES connection has problems with the local services being available.
The Data centre will also have 10.x.x.x/19 subnet and will be further sub netted for relevant services firewall/load balancers /DC/Exchange farm .etc.....
Change edge switches on each site to either HP 2500/2610/2910al.
Concerns
------------
HP Procurve has been chosen purely to save money or else cisco is still the first choice.
HP Procurve L3 switches don’t act/function like Cisco L3 switches do i.e. for example a cisco 3750 you can simply run “no switch port " and assign a ip add and make it a L3 port as opposed to HP Procurve you cannot do that it has to be a SVI interface.
So the question is if we do place an order how will this work. I am doing an internal research to ensure this solution is looked into before a significant investment is made.
I can no longer go back to the consultants as the initial consultancy was free but if we decide to go with this any further we will have to pay hence the post here...which we will eventually once we are happy.
Queries:
-----------
1. How will the switches react when plugged in together as they don’t share spanning-tree information? Each L3 switch will be a MST root for each site.
2. Example: Vlan 10 on site A will be in a different subnet and vlan 10 on site B will be a separate subnet.
local vlans on each site will consist of ..........
vlan 10 - servers
vlan 20 - desktops
vlan 30 - wireless
vlan 40 - printers
etc....
3. It would be easy if it was a Cisco switch at both ends but it is not the case as we have 6500 at one end and Procurve 5406zl on the other end.
Any insight to this topic will be greatly appreciated.
cheers
12-26-2010 08:54 PM
Cisco 65xx * 2 for the data center. (core)
Any monkey can say this (no offense to anyone except the consultant). What's the supervisor engine? Sup720? or Sup2T? VSS or not?
HP Procurve 5406zl * 9 - L3 for each site.
Why mix Cisco and HP? Financial budget? Or someone just want to make this difficult to the people who are meant to configure and maintain? What's the topology like for the sites? Why use all layer 3 on all sites?12-27-2010 03:33 AM
Hello Leolaohoo
Thank you for your response.
>Any monkey can say this (no offense to anyone except the consultant). What's the supervisor engine? Sup720? or Sup2T? VSS or not?
You will be surprised and I disagree as my company has had 6 different 3rd party companies submit recommendations and I have rejected all except this one as the others were crazy......school boy network design...let’s not get into those details for now anyways.
They have not given those absolute details yet as mgmt. have not yet reverted back to them as they were waiting for me to start.
I am not even sure what the spec of the HP 5406zl will be i.e. multiple/single mgmt. modules on each switch & the port density, etc…
Also as mentioned earlier the initial consultancy was free so now if we go back it will be to first guarantee the orders than discuss it further; these were the terms I have been told were agreed right in the beginning.
So the answer to your question I don’t know yet. Currently I am not familiar with this 65xx model of the switch & I will have to read up on it to bring myself up to speed.
But I am very curious to know the reason for your question?
What diff will it make to the design as L 3 routing will/has to be performed on each site.
>Why mix Cisco and HP? Financial budget?
Yes it is only due to budget problems that is the message from mgmt. team.
I wish we had some company in UK who would be Cisco top level partners and challenge any HP Procurve price.
But then HP wins on Life time warranties and free IOS upgrades.
> Or someone just want to make this difficult to the people who are meant to configure and maintain?
As for the above comment I would say yes to both but I am not sure how this will work in the first case?
Mgmt. Team have insisted that as part of the requirement of this exercise is that all local sites should keep functioning in case of the LES circuit failure which has happened in the past.
Another reason I heard rumours of not sure how true but the thinking behind this from mgmt. team is if they sell one site office i.e. the business they can sell it easily. So the Server team plan is to seize FSMO roles on that site delete all unwanted user accounts & GPO & OU’s from AD and that’s all that office is entirely independent without the requirement of it being have to be redeployed with any further investment. From network side they will terminate the LES circuit & the local L3 switch can carry on routing as it would do normally.
> What's the topology like for the sites?
As mentioned earlier currently all sites are connected in a Star Topology using LES connections to HO. Once the data center has been chosen all these sites will than have a signle LES connection going back to the Data Center as opposed to HO as it currently stands. Also the internet feed will be relocated to the Data Center.
This LES Lan Extension is simply a fibre Layer 2 connection thats all.
>Why use all layer 3 on all sites?
This will ensure if LES is down no problems occur onsite.
Local Layer 3 routing will facilitate this as follows:
1. Ensure all vlans are routed locally.
2. The local services like DC/DHCP/DNS/WINS will ensure logins work on all XP machines.
3. Local F & P will facilitate all flat file access.
4. Building MGMT system & Access Control will work as that will also be part of one of the VLAN's.
There will be loss of internet access which is not very important to the nature of the business. But staff can still have quick access to emails using one of their mobile handheld devices.
So L3 routing locally is essential.
Hope I have answered all your questions in detailed.
The key answer I am trying to understand is how will 6500 & HP 5406zl work together using the LES connections.
cheers
12-27-2010 07:15 AM
I am still thinking.......how this can be achieved if at all possible
I feel this might be there plan but I wanted to take experts view here if it makes sense?
1. They will create 1 MSTP instances on the 65xx * 2 switches for Data centre and all Data Centre vlans in that MSTP instance example: DataCenter.
2. Define additional MSTP instance for each site
Example: SITEA
example: SITEB.
Example: SITEC.
Example: SITED.
3. Make each of these instances the primary and secondary Root Bridge on 65xx * 2 in the Data Centre.
4. Assign a SVI interface on 65xx * 2 too and assign relevant VLAN 900: ip add /30.
5. Assign the LES Fibre connection to this VLAN 900 on one of the 65xx switches. (Note: the swap/failover to the second switch will be manual fibre swap process I guess in case of a switch failure as the ISP will provide only one connection)
5. They will than define an additional MSTP instance on the local site HP Procurve 5406zl as well example: SITEA and give this instance the lowest priority to ensure it does not become the root bridge for that instance.
6. Assign the other side of the fibre LES connection on HP Procurve 5406zl to VLAN 900.
7. The default route on the local site HP Procurve 5406zl will point to the /30 ip add which is located on the data centre example vlan 900
The only thing I am thinking is if the 65xx will spit an error saying if vlan 10 exisit on both switches and in different subnets. But if the above solution is in place than the link is not a trunk so that error might not happen at all?
I hope this makes sense.
Any input will be greatly appreciated
cheers
12-27-2010 10:49 AM
Hi,
Regarding your last concern, as long as the port is access it doesn't matter what VLAN numbers you use on both sides ie. you can have vlan 900 on HP and vlan 10 on 6500. A good design though will use the same VLAN on both sides for consistency and easiness in administration so you will have an "interconnect" VLAN for each of your sites.
Other than that your implementation plan looks good to me.
Regards,
Adrian
12-27-2010 11:35 AM
Adrian,
I think you might have miss understood my last statement/concern.
What I meant by saying that is....
We have local vlans on each site i.e. each L3 switch on every site.
So we if we make the port trunk I am mostly certain we will get errors as the subnet on vlan 10 / vlan 20 / vlan 30 switch will not match on the other switch ?
HP Procurve 5406zl
VLAN 10 - servers 10.10.x.x
VLAN 20 - desktops 10.10.5.x
VLAN 30 - wireless 10.10.7.x
VLAN 40 - BMS 10.10.9.x
VLAN 900 - HPConnectivitySite1 10.1010.x
Cisco 65xx
VLAN 10 - servers 10.20.x.x
VLAN 20 - desktops 10.20.5.x
VLAN 30 - wireless 10.20.7.x
VLAN 40 - BMS 10.20.9.x
VLAN 900 - HPConnectivitySite1 10.2010.x/30
VLAN 901 - HPConnectivitySite2 10.3010.x/30
VLAN 902 - HPConnectivitySite3 10.4010.x/30
Hence I am thinking that the consultants who have suggested this design might be considering the last option I suggested in my earlier post ? i.e. DUAL MST instances on each switch and the L3 ip residing on the core Data center switch only.
So this will avoid
1. Subnet conflict.
2. Spanning-tree issues.
3. Routing issues.
4. In the long run we can actually run OSPF as well.
>as long as the port is access it doesn't matter what VLAN numbers you use on both sides ie. you can have vlan 900 on HP and vlan 10 on 6500
How will this work ? The vlans have to match at both ends ? or it will be a vlan miss match right ?
cheers
12-27-2010 12:03 PM
Hi,
From my point of view you have two options for this topology:
1. You can configure the same VLAN numbers on the sites and the central location, configure the interconnect between sites and central location in VLAN 90x (using access ports) and run OSPF between the HP switches and the 6500.This way you will not worry about MSTP as for each site you can configure an instance for the local VLANs and another instance for the interconnect VLAN (you could use the same instance also for the interconnect though).
2. As you mentioned in your last email you could also have the L3 IP address for each VLAN on all sites on the Core switches. This will make the connection between the sites and central location a trunk but you will not be able to use the same VLAN IDs on each location. I would not recommend this last option as you won't be using any of the L3 capabilities of the HP switch (you could have only a L2 switch on the remote locations).
Regards,
Adrian
12-27-2010 01:36 PM
I guess I am getting the idea.
Thank you everyone
Huzaif
12-27-2010 09:14 PM
Yes it is only due to budget problems that is the message from mgmt. team.
I wish we had some company in UK who would be Cisco top level partners and challenge any HP Procurve price.
But then HP wins on Life time warranties and free IOS upgrades.
Depending on the switches you purchase, due to HP's "lifetime warranties", Cisco has responded with Cisco Enhanced Limited Lifetime Hardware Warranty (http://www.cisco.com/en/US/customer/docs/general/warranty/EnhLmtdLf_78-19324-01.html). If you have any questions, please send them to warranties@cisco.com.
Cisco can't and won't win with HP's level of prices. However, to make the price differences come down to a level of "contest", please contact a Cisco Account Manager or Sales Engineer.
But I am very curious to know the reason for your question?
The current core supervisor engine for the 6500 is the Sup720. A newer supervisor engine, the VSS-Sup2T, will be un-vieled in the next few months. Mid-2011 or 3rd quarter of 2011. I doubt if the authors of the recommendations know this. But if you can "stall" the purchasing so you and your company can review the technical details, then this is the way to go. And stay away from the 6708-10GE.
http://www.cisco.com/web/AP/partners/assets/docs/Day1_03a_Catalyst_Update.pdf
12-28-2010 02:49 PM
Another thing ... Who does the line encryption to your different sites? I don't see any routers and/or firewalls mentioned.
12-30-2010 02:49 AM
Price & warranty hmm.......this has made my life very difficult to convince mgmt. that we must only look at Cisco and forget HP but we are being sucked into it more and more due to financial issues and HP seems a better alternate in each site....
As for the line encryption.....the way I see it this is a LES connection which is point-to-point L2 connection and hence there are no security issues ?
am I missing something here ?
I am sure there are many online here on the forums who will be using LES from either BT / Virgin / Timico right ? do you all implement security on those lines ?
I am not sure if there are any security issues here ?
cheers
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide