Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2175
Views
0
Helpful
1
Replies

Extending VLANs to DR site

irfan.ahmed
Level 1
Level 1

‎08-04-2016 11:03 PM - edited ‎03-08-2019 06:53 AM

We have L2 10G dark fiber connectivity between two data centre. Dark fibre is connected between two L3 Switch. What is the best way to extend VLAN to other data centre.  I also wants to enable redundancy between two data centre + internet link failover.

Please help

Labels:
0 Helpful
1 Reply 1

Bobby Stojceski
Level 1
Level 1

‎08-07-2016 04:07 PM

Extending or stretching a VLAN over a L2 link like Dark Fibre is easy by using nothing more than a simple trunk interface. Think of it as connecting two switches together within a site, except they happen to be miles apart.

For redundancy, you could use HSRP on both switches whereby one of them is the 'active' gateway with the other as standby. So if your primary data centre fails (or the link fails), HSRP will failover to standby (or both DC's become active, but since they don't see each other at that time the split brain issue may be a non-issue).

It depends on what you're running in each Data Centre and whether split brain will become an issue for WAN clients during a dark fibre outage (like an active/active setup). But I imagine a dark fibre outage should be rare. But know that during split brain scenario, the rest of what I say below could be an issue for you.

For Internet redundancy, that can be tackled several ways. Have an internet link in each Data Centre. Get a 'floating' IP range on the two internet links (whereby a public subnet is setup by your ISP to be available on both of those links), then using BGP on your two Internet routers, you make it prefer the primary DC. In case of Internet failure, BGP basically moves the public range to your second DC. You setup your firewalls to have the same rules at each DC.

For the default route from within the Data Centres, you can either use a routing protocol between your core switches and the firewalls/edge routers, or use IP SLA to inject a default route based on conditions like the primary DC being able to communicate with the next hop from your edge router to the Internet. If the switch can get to it, inject a default route, if not, move the default route to the secondary DC internet gateway.

Just some high level examples. Your WAN could work the same way as the Internet except without public ranges. Just use a routing protocol (OSPF for example) between the core and the WAN routers. Use BGP preference/weighting on the WAN router to make the primary DC the preferred path to the DC for your WAN clients, with your secondary DC being less preferred but still advertising the same subnets. If the main DC fails, the secondary takes over since the primary DC stops advertising the subnets.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card