Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
0
Helpful
9
Replies

Multiple Aggragate Layers for SVI's

Go to solution
Chad Parish
Level 1
Level 1

‎06-10-2016 09:30 AM - edited ‎03-08-2019 06:08 AM

My company would like to begin migrating servers from our 4948 access switches over to our new Nexus 5624Q switches.  Currently the 4948's trunk up to our collapsed core which consists of a pair of 6509's (note, these do not use VSS).  At the 6509's we use HSTP where even VLANs have their gateways on one of the 6509's and the other is primary for the odd numbered vlan gateways.

Currently, the two Nexus 5624Q's single trunk up to the 6509's (i.e. one of the 5K's has a trunk to one of the 6509's and the others has a single trunk up to the other 6509).

The idea is to have the servers use 2K Fexes for access into the 5K's where the server vlan gateways would now be located, leaving only the IDF vlan gateways still on the 6509's.  

While ultimately, this means that I would replace the trunk links between the 6509's and the 5K's with layer 3 routes using eigrp.   To start out, we would like to move a single vlan and verify traffic flows correctly, but this means that for any other vlans we would still need layer 2 trunking in place between 6509's and 5K's.

So my question is this, can I simply make a new physical cabling connection between the 6509's and the 5K's and then make those terminations on each end routed interfaces, enabling the layer 3 routing and interdomain routing features on the 5K's (note: 5624Q's are layer 3 capable without a daughter card).and then configure eigrp, adding the required eigrp config to the new vlan interface?

Will layer 2 and layer 3 work together in this fashion between the 6509's and 5K's?   Will this create a loop?  Would I have to create a new subnet for the migrated servers?

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-10-2016 09:54 AM

If I have read your description correctly then a routed link between the 5Ks and 6509 should work. Creating a new connection and making it a routed link will not create any loop (assuming that your question is about layer 2 loops and Spanning Tree). Layer 2 and layer 3 should work together, assuming that you have an appropriate design and that the config changes are made correctly. Since the servers are in some particular subnet when connected via 6509 when you move them to be connected via 5K then they will need a new subnet configured on the 5K and both the 6509 and 5K will use routing to get to the new subnet on the 5K.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Chad Parish

‎06-12-2016 10:21 AM

I believe that what you have said here is right and will work. However what you describe is after the servers have been moved over. The part that gets a bit tricky is what happens in the period when you are moving the servers and your post does not address that.

As I envision it there are two approaches that you can use for moving the servers. You could use a gradual transition or you could use a clean cut move.

In the gradual transition all of the servers start in some existing vlan (using your drawing perhaps that would be vlan 4) which is on the 6509s. You would then configure a new vlan/new subnet on the 5Ks (using the drawing perhaps it is vlan 5) along with the routed link connecting 6509s and 5Ks. Then a few servers at a time move from the old vlan on 6509 to the new vlan on 5K. This plan uses incremental changes where the level of effort for any change is relatively small but changes extend over time. When all the servers have moved you would remove the old vlan and the old vlan gateway from the 6509s (and could move that vlan/subnet to the 5K if you want to). There are some challenges in this approach. You are creating a new set of server addresses and you will need to manage access so that clients are using the correct address as servers move.

In the clean cut you schedule a maintenance window. During the maintenance window you configure the vlan on the 5Ks with SVI and vlan gateway, you shut down the servers, move all of the servers to connections on 5Ks, remove the vlan, the SVI with the vlan gateway from the 6509, and configure the routing. The advantage of this approach is that servers keep their original addresses so nothing for the clients or their access to the servers needs to change. The challenge of this approach is that it is a bigger and more complex set of changes to make and if there are any problems in the transition the impact would be on all servers and not just a few of them.

HTH

Rick 

HTH

Rick

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-10-2016 09:54 AM

If I have read your description correctly then a routed link between the 5Ks and 6509 should work. Creating a new connection and making it a routed link will not create any loop (assuming that your question is about layer 2 loops and Spanning Tree). Layer 2 and layer 3 should work together, assuming that you have an appropriate design and that the config changes are made correctly. Since the servers are in some particular subnet when connected via 6509 when you move them to be connected via 5K then they will need a new subnet configured on the 5K and both the 6509 and 5K will use routing to get to the new subnet on the 5K.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Chad Parish
Level 1
Level 1
In response to Richard Burts

‎06-10-2016 10:48 AM

Thanks Richard, so to clarify, I currently have both layer 2 trunks between 6509's as well as Layer 3 routed connections (those routed interfaces have not yet been enabled).

I understand that once I move all the servers over to the 5K's, remove the server SVI from the 6509's and re-configure that SVI on the 5K's and enable that gateway interface, then the traffic between the servers and the users (on other vlans) will be routed between the 6509's and the 5K's.

If I still have devices in other vlans connected to the 5K's, they will use the existing layer 2 trunks to reach their own respective vlan gateways still located at the 6509's.

I attached a diagram to illustrate.  I just want to be sure I am not cutting off any server or user from their gateway.  Note, the vlans are not the actual ones used.

Preview file
103 KB
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Chad Parish

‎06-12-2016 10:21 AM

I believe that what you have said here is right and will work. However what you describe is after the servers have been moved over. The part that gets a bit tricky is what happens in the period when you are moving the servers and your post does not address that.

As I envision it there are two approaches that you can use for moving the servers. You could use a gradual transition or you could use a clean cut move.

In the gradual transition all of the servers start in some existing vlan (using your drawing perhaps that would be vlan 4) which is on the 6509s. You would then configure a new vlan/new subnet on the 5Ks (using the drawing perhaps it is vlan 5) along with the routed link connecting 6509s and 5Ks. Then a few servers at a time move from the old vlan on 6509 to the new vlan on 5K. This plan uses incremental changes where the level of effort for any change is relatively small but changes extend over time. When all the servers have moved you would remove the old vlan and the old vlan gateway from the 6509s (and could move that vlan/subnet to the 5K if you want to). There are some challenges in this approach. You are creating a new set of server addresses and you will need to manage access so that clients are using the correct address as servers move.

In the clean cut you schedule a maintenance window. During the maintenance window you configure the vlan on the 5Ks with SVI and vlan gateway, you shut down the servers, move all of the servers to connections on 5Ks, remove the vlan, the SVI with the vlan gateway from the 6509, and configure the routing. The advantage of this approach is that servers keep their original addresses so nothing for the clients or their access to the servers needs to change. The challenge of this approach is that it is a bigger and more complex set of changes to make and if there are any problems in the transition the impact would be on all servers and not just a few of them.

HTH

Rick 

HTH

Rick
0 Helpful

Go to solution
Chad Parish
Level 1
Level 1
In response to Richard Burts

‎06-14-2016 11:55 AM

Thank you again Richard, I believe you have summed up my options quite well. While I like the first option most, I think our server team will balk at the mention that they must assign new IPs to their servers in order to fit into a new vlan (and of course new ASA policies would have to be applied as well.)

So I think that the second option may need to be the route I take.   

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Chad Parish

‎06-14-2016 02:32 PM

There are pro and con to each of the alternatives and either one can get you to where you need to be. As a network engineer I would probably prefer #1. But consideration of the impact on the server group and considerations like keeping ASA policies the same would certainly point toward the clean cut approach.

Good luck with the changes. After they are done please post back to the forum and let us know how it went.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Chad Parish
Level 1
Level 1
In response to Richard Burts

‎06-15-2016 12:13 PM

Will do Richard, thanks so much.  And what I think we are going to do for the time being is keep the 5K's at layer 2, keep the SVI's for everything up at the collapsed cores, and start migrating the servers (a few at a time) from the 4948 server switches over to the 2K fex's.  Then once all have made the physical move to the Nexus we will remove the server SVI from the collapsed cores and configure it on the 5K's, then enable EIGRP on the 5K's and change the trunked uplinks between cores and 5K's to layer 3 routed interfaces adding the server subnet into EIGRP.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Chad Parish

‎06-15-2016 01:49 PM

What you suggest here sounds pretty good and it does avoid the need to do a clean cut by continuing to use the vlan over the trunk until all servers are moved. I do have a concern about what you suggest. In a previous post in this thread you talk about the possibility of devices connected on the 5K in vlans other than the server vlan. If this does happen then those devices have been dependent on the trunk connection and when you change the trunked uplinks to routed links then the devices connected on 5K but in vlans/subnets not the server vlan/subnet will be cut off.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Chad Parish
Level 1
Level 1
In response to Richard Burts

‎06-15-2016 02:13 PM

Yep, I think there will have to be a clear delineation regarding what vlans can exist in which part of the network.  To begin with, all devices using the server vlan will have to be connected up through the 5K environment and any clients using an SVI located at the collapsed cores will have to come up through the legacy layer 2 switches.  Thus if I have an SVI for VLAN 5 on the 6509's, there will be no devices using VLAN 5 connected to the Nexus switches. 

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Chad Parish

‎06-16-2016 03:00 AM

If you are careful with that delineation then your approach should work. Any vlan and its subnet must be entirely on the 6509s or entirely on the 5Ks.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card