cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3418
Views
0
Helpful
10
Replies

Cisco 65xx (Data Centre) and HP Procurve 5406zl (local Site) integeration

huzaif
Level 1
Level 1

Current Situation:

----------------------

I have recently started a new role and this network/infrastructure is in complete chaos which is an understatement. So a lot of changes need to be made to get things right.

Network/Infrastructure background:
----------------------------------------------

This is a multi-site environment and offices are spread across in 9 different locations.

All sites are linked together using [ 1 GB LES connections ] more or less in a star topology with the exception of 2 sites have a secondary connection but the [ LES contract ] is about to expiry for those 2 sites so secondary connections will be made defunct.

The ip address they use is one single flat subnet of 60000 + ip address across all sites. No vlans!!!

Majority of the switches on all sites are HP Procurve 18xx....

The internet feed is on one single site which has also been placed on the wrong location as that is not the central site either.

Changes recommended by 3rd party consultancy firm:
---------------------------------------------------------------------

Centralise majority of the servers/services in a data centre (due to power issues on each site)

Implement 10.x.x.x/19 subnets to each site.

Implement Layer 3 routing on each site and make each site self-sufficient.

Implement only required servers locally i.e. DC/DNS/DHCP/WINS/F & P.

Run independent MST instance on each L3 switch for their local vlans including cisco 65xx located in the Data centre.

Orders they want to place are:
---------------------------------------

HP Procurve 5406zl * 9 - L3 for each site.

Cisco 65xx * 2 for the data center. (core)

Create vlan's from subnet 10.x.x.x/19 allocated to each site for local vlan's which will be routed locally by 5406zl ( L3 ). This ensures the site can function if LES connection has problems with the local services being available.

The Data centre will also have 10.x.x.x/19 subnet and will be further sub netted for relevant services firewall/load balancers /DC/Exchange farm .etc.....

Change edge switches on each site to either HP 2500/2610/2910al.

Concerns
----
--------

HP Procurve has been chosen purely to save money or else cisco is still the first choice.

HP Procurve L3 switches don’t act/function like Cisco L3 switches do i.e. for example a cisco 3750 you can simply run “no switch port " and assign a ip add and make it a L3 port as opposed to HP Procurve you cannot do that it has to be a SVI interface.

So the question is if we do place an order how will this work. I am doing an internal research to ensure this solution is looked into before a significant investment is made.

I can no longer go back to the consultants as the initial consultancy was free but if we decide to go with this any further we will have to pay hence the post here...which we will eventually once we are happy.

Queries:
-----------

1. How will the switches react when plugged in together as they don’t share spanning-tree information? Each L3 switch will be a MST root for each site.

2. Example: Vlan 10 on site A will be in a different subnet and vlan 10 on site B will be a separate subnet.

local vlans on each site will consist of ..........

vlan 10 - servers
vlan 20 - desktops
vlan 30 - wireless
vlan 40 - printers
etc....

3. It would be easy if it was a Cisco switch at both ends but it is not the case as we have 6500 at one end and Procurve 5406zl on the other end.

Any insight to this topic will be greatly appreciated.

cheers

10 Replies 10

Leo Laohoo
Hall of Fame
Hall of Fame

Cisco 65xx * 2 for the data center. (core)

Any monkey can say this (no offense to anyone except the consultant).  What's the supervisor engine?  Sup720?  or Sup2T?  VSS or not?

HP Procurve 5406zl * 9 - L3 for each site.

Why mix Cisco and HP?  Financial budget?  Or someone just want to make this difficult to the people who are meant to configure and maintain?  What's the topology like for the sites?  Why use all layer 3 on all sites?

Hello Leolaohoo

Thank you for your response.

>Any monkey can say this (no offense to anyone except the consultant).  What's the supervisor engine?  Sup720?  or Sup2T?  VSS or not?

You will be surprised and I disagree as my company has had 6 different 3rd party companies submit recommendations and I have rejected all except this one as the others were crazy......school boy network design...let’s not get into those details for now anyways.

They have not given those absolute details yet as mgmt. have not yet reverted back to them as they were waiting for me to start.

I am not even sure what the spec of the HP 5406zl will be i.e. multiple/single mgmt. modules on each switch & the port density, etc…

Also as mentioned earlier the initial consultancy was free so now if we go back it will be to first guarantee the orders than discuss it further; these were the terms I have been told were agreed right in the beginning.

So the answer to your question I don’t know yet. Currently I am not familiar with this 65xx model of the switch & I will have to read up on it to bring myself up to speed.

But I am very curious to know the reason for your question?

What diff will it make to the design as L 3 routing will/has to be performed on each site.

>Why mix Cisco and HP?  Financial budget? 

Yes it is only due to budget problems that is the message from mgmt. team.

I wish we had some company in UK who would be Cisco top level partners and challenge any HP Procurve price.

But then HP wins on Life time warranties and free IOS upgrades. 

> Or someone just want to make this difficult to the people who are meant to configure and maintain? 

As for the above comment I would say yes to both but I am not sure how this will work in the first case?

Mgmt. Team have insisted that as part of the requirement of this exercise is that all local sites should keep functioning in case of the LES circuit failure which has happened in the past.

Another reason I heard rumours of not sure how true but the thinking behind this from mgmt. team is if they sell one site office i.e. the business they can sell it easily. So the Server team plan is to seize FSMO roles on that site delete all unwanted user accounts & GPO & OU’s from AD and that’s all that office is entirely independent without the requirement of it being have to be redeployed with any further investment. From network side they will terminate the LES circuit & the local L3 switch can carry on routing as it would do normally.

> What's the topology like for the sites? 

As mentioned earlier currently all sites are connected in a Star Topology using LES connections to HO. Once the data center has been chosen all these sites will than have a signle LES connection going back to the Data Center as opposed to HO as it currently stands. Also the internet feed will be relocated to the Data Center.

This LES Lan Extension is simply a fibre Layer 2 connection thats all.

>Why use all layer 3 on all sites?

This will ensure if LES is down no problems occur onsite.

Local Layer 3 routing will facilitate this as follows:

1. Ensure all vlans are routed locally.

2. The local services like DC/DHCP/DNS/WINS will ensure logins work on all XP machines.

3. Local F & P will facilitate all flat file access.

4. Building MGMT system & Access Control will work as that will also be part of one of the VLAN's.

There will be loss of internet access which is not very important to the nature of the business. But staff can still have quick access to emails using one of their mobile handheld devices.

So L3 routing locally is essential.

Hope I have answered all your questions in detailed.

The key answer I am trying to understand is how will 6500 & HP 5406zl work together using the LES connections.

cheers

I am still thinking.......how this can be achieved if at all possible 

I feel this might be there plan but I wanted to take experts view here if it makes sense?

1. They will create 1 MSTP instances on the 65xx * 2 switches for Data centre and all Data Centre vlans in that MSTP instance example: DataCenter.

2. Define additional MSTP instance for each site

Example: SITEA

example: SITEB.

Example: SITEC.

Example: SITED.

3. Make each of these instances the primary and secondary Root Bridge on 65xx * 2 in the Data Centre.

4. Assign a SVI interface on 65xx * 2 too and assign relevant VLAN 900: ip add /30.

5. Assign the LES Fibre connection to this VLAN 900 on one of the 65xx switches. (Note: the swap/failover to the second switch will be manual fibre swap process I guess in case of a switch failure as the ISP will provide only one connection)

5. They will than define an additional MSTP instance on the local site HP Procurve 5406zl as well example: SITEA and give this instance the lowest priority to ensure it does not become the root bridge for that instance.

6. Assign the other side of the fibre LES connection on HP Procurve 5406zl to VLAN 900.

7. The default route on the local site HP Procurve 5406zl will point to the /30 ip add which is located on the data centre example vlan 900

The only thing I am thinking is if the 65xx will spit an error saying if vlan 10 exisit on both switches and in different subnets. But if the above solution is in place than the link is not a trunk so that error might not happen at all?

I hope this makes sense. 

Any input will be greatly appreciated

cheers

Hi,

Regarding your last concern, as long as the port is access it doesn't matter what VLAN numbers you use on both sides ie. you can have vlan 900 on HP and vlan 10 on 6500. A good design though will use the same VLAN on both sides for consistency and easiness  in administration so you will have an "interconnect" VLAN for each of your sites.

Other than that your implementation plan looks good to me.

Regards,

Adrian

Adrian,

I think you might have miss understood my last statement/concern.

What I meant by saying that is....

We have local vlans on each site i.e. each L3 switch on every site.

So we if we make the port trunk I am mostly certain we will get errors as the subnet on vlan 10 / vlan 20 / vlan 30 switch will not match on the other switch ?

HP Procurve 5406zl

VLAN 10   - servers                          10.10.x.x

VLAN 20   - desktops                       10.10.5.x

VLAN 30   - wireless                         10.10.7.x

VLAN 40   - BMS                             10.10.9.x

VLAN 900 - HPConnectivitySite1       10.1010.x

Cisco 65xx

VLAN 10   - servers                          10.20.x.x

VLAN 20   - desktops                       10.20.5.x

VLAN 30   - wireless                        10.20.7.x

VLAN 40   - BMS                            10.20.9.x

VLAN 900 - HPConnectivitySite1      10.2010.x/30

VLAN 901 - HPConnectivitySite2      10.3010.x/30

VLAN 902 - HPConnectivitySite3      10.4010.x/30

Hence I am thinking that the consultants who have suggested this design might be considering the last option I suggested in my earlier post ? i.e. DUAL MST instances on each switch and the L3 ip residing on the core Data center switch only.

So this will avoid

1. Subnet conflict.

2. Spanning-tree issues.

3. Routing issues.

4. In the long run we can actually run OSPF as well.

>as long as the port is access it doesn't matter what VLAN numbers you use on both sides ie. you can have vlan 900 on HP and vlan 10 on 6500

How will this work ? The vlans have to match at both ends ? or it will be a vlan miss match right ?

cheers

Hi,

From my point of view you have two options for this topology:

1. You can configure the same VLAN numbers on the sites and the central location, configure the interconnect between sites and central location in VLAN 90x  (using access ports) and run OSPF between the HP switches and the 6500.This way you will not worry about MSTP as for each site you can configure an instance for the local VLANs and another instance for the interconnect VLAN (you could use the same instance also for the interconnect though).

2. As you mentioned in your last email you could also have the L3 IP address for each VLAN on all sites on the Core switches. This will make the connection between the sites and central location a trunk but you will not be able to use the same VLAN IDs on each location. I would not recommend this last option as you won't be using any of the L3 capabilities of the HP switch (you could have only a L2 switch on the remote locations).

Regards,

Adrian

I guess I am getting the idea.

Thank you everyone

Huzaif

Yes it is only due to budget problems that is the message from mgmt. team.

I wish we had some company in UK who would be Cisco top level partners and challenge any HP Procurve price.

But then HP wins on Life time warranties and free IOS upgrades.

Depending on the switches you purchase, due to HP's "lifetime warranties", Cisco has responded with Cisco Enhanced Limited Lifetime Hardware Warranty (http://www.cisco.com/en/US/customer/docs/general/warranty/EnhLmtdLf_78-19324-01.html).  If you have any questions, please send them to warranties@cisco.com.

Cisco can't and won't win with HP's level of prices.  However, to make the price differences come down to a level of "contest", please contact a Cisco Account Manager or Sales Engineer.

But I am very curious to know the reason for your question?

The current core supervisor engine for the 6500 is the Sup720.  A newer supervisor engine, the VSS-Sup2T, will be un-vieled in the next few months.  Mid-2011 or 3rd quarter of 2011.  I doubt if the authors of the recommendations know this.  But if you can "stall" the purchasing so you and your company can review the technical details, then this is the way to go.  And stay away from the 6708-10GE.

http://www.cisco.com/web/AP/partners/assets/docs/Day1_03a_Catalyst_Update.pdf

Leo Laohoo
Hall of Fame
Hall of Fame

Another thing ... Who does the line encryption to your different sites?  I don't see any routers and/or firewalls mentioned.

Price & warranty hmm.......this has made my life very difficult to convince mgmt. that we must only look at Cisco and forget HP but we are being sucked into it more and more due to financial issues and HP seems a better alternate in each site....

As for the line encryption.....the way I see it this is a LES connection which is point-to-point L2 connection and hence there are no security issues ?

am I missing something here ?

I am sure there are many online here on the forums who will be using LES from either BT / Virgin / Timico right ? do you all implement security on those lines ?

I am not sure if there are any security issues here ?

cheers

Review Cisco Networking for a $25 gift card