Solved: Re: L3 switch for interVLAN and router - Page 2

ALIAOF_ · ‎11-14-2013

I'm working on a project where I need my layer 3 switch to handle all the interVLAN routing and DHCP

And all the internet and traffic to the corporate office needs to hit the router.

I have the router setup as 10.255.255.1 --> then a port on the switch as 10.255.255.6

Next I have a route on the switch, "ip route 0.0.0.0 0.0.0.0 10.255.255.1" and I did enable routing on the switch by "ip routing"

I have a loopback on the switch 172.16.11.1

Router has BGP setup to advertise the networks

I setup one port on a VLAN got a DHCP IP, but I can't ping the router 10.255.255.1 or the loopback. What am I missing here?

ALIAOF_ · ‎11-22-2013

2) how amny routes though ?

*** I'm assuming 536 ?

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

y.y.y.y 4 65113 52827 51111 1339 0 0 5d20h 2

x.x.x.x 4 13979 51750 51232 1339 0 0 5d22h 536

3) but for the example we are talking about you have you used L3 port-channels - yes/no ?

*** Yes first site I used a L3 port channel

4) I was think of perhaps using an IBGP peering between the 2 routers and then using local preference to influence which path to take but there may be easier solutions.

*** Gotcha, with the HSRP setup without a L3 switch that is how it is currently setup i.e; ibgp peering between the 2 routers.

Jon Marshall · ‎11-22-2013

Okay, lets take a step back here. You initially were going to use HSRP between the routers and the switch but because you configured them as L3 HSRP wouldn't work. Now i initially stated that i didn't know if your routers supported L2 etherchannels (i suspect not unless you have a switching module). Do you know if your routers support L2 etherchannels ?

If so why not go that route with your setup ? You can use IBGP peering and how your failover works depends on whether you have a dedicated interconnect between the routers. I can explain fully how it would work with this if you need but it sounds like you already have this setup in use.

The other alternative as discussed is to use L3 links between the routers and the switch. 536 routes is not a huge number so you could redistribute these into either EIGRP or OSPF influencing the metrics as previously discussed.

But you still have not told me what switch it is ? Also what IOS version and feature set (feature set is important as it may not run EIGRP/OSPF).

To be honest if the L3 switch supported EIGRP/OSPF and could handle those routes i think that is the cleanest solution because a failure on either the LAN or WAN links is automatically taken care of. But i wonder why you are not using your existing HSRP/IBGP solution or is it that it is not that reliable ?

Jon

Jon Marshall · ‎11-20-2013

One final point. This is where if you can summarize your IPs from each site it really helps because then the routing table on your L3 switch would be greatly reduced.

All of what i have written assumes that you are not receiving a lot of internet routes.

Jon

ALIAOF_ · ‎11-29-2013

Okay, lets take a step back here. You initially were going to use HSRP between the routers and the switch but because you configured them as L3 HSRP wouldn't work.

Now i initially stated that i didn't know if your routers supported L2 etherchannels (i suspect not unless you have a switching module). Do you know if your routers support L2 etherchannels ?

If so why not go that route with your setup ? You can use IBGP peering and how your failover works depends on whether you have a dedicated interconnect between the routers. I can explain fully how it would work with this if you need but it sounds like you already have this setup in use.

The other alternative as discussed is to use L3 links between the routers and the switch. 536 routes is not a huge number so you could redistribute these into either EIGRP or OSPF influencing the metrics as previously discussed.

*** Ok so the routers can support L3 and L2 etherchannels but what I used L3 etherchannel in the first scenario to keep any broadcast and multicast traffic away from hitting the router and just staying on the switch (2960XR)

*** In the second scenario I was not able to to do L3 etherchannel because the switch (2960X) does not support it, however it does support basic "IP Routing". So I created SVI's on the switch for all the VLAN's and enabled IP Routing. Then created a separate VLAN on the switch to connect the rotuer instead of doing a trunk port. And connected an access port to the router that is part of this vlan. For example:

SWITCH CONFIG:

conf t

!

interface vlan 999

ip address 10.10.10.2 255.255.255.252

!

vlan 999

!

interface Port-channel1

description 47/48-Router1

switchport access vlan 999

switchport mode access

!

interface range GigabitEthernet1/0/47-48

description Router 1

switchport access vlan 999

switchport mode access

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust cos

auto qos voip trust

channel-group 1 mode on

ROUTER CONFIG:

interface Port-channel1

ip address 10.10.10.1 255.255.255.252

!

interface GigabitEthernet0/1

description MEMBER OF PO1

no ip address

duplex auto

speed auto

channel-group 1

!

interface GigabitEthernet0/2

description MEMBER OF PO1

no ip address

duplex auto

speed auto

channel-group 1

Now I guess in this scenario I might be able to get HSRP working.

But you still have not told me what switch it is ? Also what IOS version and feature set (feature set is important as it may not run EIGRP/OSPF).

*** SCENARIO 1 with L3 etherchannel: 2960XR (c2960x-universalk9-mz.150-2.EX1) - This supports EIGRP

*** SCENARIO 2 with L2 etherchannel: 2960X (c2960x-universalk9-mz.150-2.EX3) - Only supports basic InterVLAN Routing

To be honest if the L3 switch supported EIGRP/OSPF and could handle those routes i think that is the cleanest solution because a failure on either the LAN or WAN links is automatically taken care of. But i wonder why you are not using your existing HSRP/IBGP solution or is it that it is not that reliable ?

*** We are currently using it for the old setup in place but going on forward we will be utilizing the above mentioned scenarios instead of router on the stick situation.

Jon Marshall · ‎11-29-2013

Mohammed

With scenario 1 and only about 500 routes i would try distributing BGP into EIGRP on your ASRs and let the 2960XR see 2 equal cost paths. If you want only one router to be used under normal operations then you can alter the metric of the backup router's EIGRP routes when you redistribute. Because you are redistibuting into EIGRP if you lose any part of the connection your 2960 will know ie.

WAN interface of ASR goes down, no BGP routes received so no routes redistributed into EIGRP so the 2960 switches to the backup router.

LAN interface of ASR goes down no EIGRP routes received by 2960 so again it switches to the backup router.

When the primary ASR gets either it's WAN or LAN interface back up then EIGRP routes with a better metric are again received by the 2960 and it switches back to the main router.

The 2960XR supports 24K of unicast routes using the ipv4 sdm template. You need the IP-Lite feature set.

Note - there is another post going on in this forum where someone else is doing a similiar thing and they are finding that when the primary comes back up and sends EIGRP routes with a better metric the L3 switch (3560) is ignoring them and staying with the backup router. They have to clear the BGP connection on the backup router for it to work. However they are doing mutual redistribution ie. they redistribute BGP into EIGRP but they also redistribute EIGRP into BGP to advertise the internal networks out via BGP. Adn we could always increase the delay to the outgoing interface on the link from the 2960 to the backup router but this shouldn't be needed

I'm assuming you are not proposing to redistribute EIGRP into BGP as well ? (can you confirm). Even if you did, with proper route filtering it should still work and we haven't got to the bottom of why their solution is not working. So what i have proposed should work but it needs testing when the primary fails and when the primary comes back.

It is also worth mentioning that if EIGRP did present problems you could always use OSPF and redistribute the routes as type 1s from the primary router and type 2s from the backup. Type 1 externals are preferred over type 2 externals. But i think the EIGRP solution should work fine.

Jon

ALIAOF_ · ‎12-05-2013

Thank you Jon for the excellent reply. We will definitely have to do the un equal paths for the backup router.

In my scenario I don't think I'll have to do mutual distribution. ASR has BGP on it and I can distribute it into EIGRP. EIGRP is configured between the routers and the 2960XR. For the internal networks I will keep the way it is now i.e; use BGP to advertise them out. So on the Router I have a static route pointing back to the L3 interface of the switch for the internal networks and then matching "network" statements under BGP.

I concur and I'm pretty confident that EIGRP should work I have a bit more experience with EIGRP vs OSPF and I like it better than OSPF too so most likely will go with that.

Jon Marshall · ‎11-29-2013

Just in case it got lost in the last post -

how are you proposing to advertise the internal subnets via BGP ie. network statements under BGP or redistributing the IGP into BGP ?

How many internal subnets are there and can they be summarised ? If so network statements are definitely the way to go.

Finally i'm assuming you don't receive a default route from BGP on both routers ?

Jon

ALIAOF_ · ‎12-05-2013

how are you proposing to advertise the internal subnets via BGP ie. network statements under BGP or redistributing the IGP into BGP ?

*** Network statements under the BGP config and then static statements pointing to the L3 Switch interface

How many internal subnets are there and can they be summarised ? If so network statements are definitely the way to go.

*** Usually 4 or 5 so here is how it looks:

router bgp xxxxx

network 192.168.1.0 255.255.255.0

network 192.168.2.0 255.255.255.0

network 192.168.3.0 255.255.255.0

network 172.16.15.0 255.255.255.224

.......

Then static routes

ip route 192.168.1.0 255.255.255.0 10.255.255.2

ip route 192.168.2.0 255.255.255.0 10.255.255.2

and so on.