Thanks for the reply daniel

1. Cisco 2921 router has default router to the ISP.

2. There is no issue i can use any routing protocol which is supported in these devices as far as it does not effect the LAN side funtionality.

Then I suggest that you setup either EIGRP or OSPF and generate a default route on the 2921 so that the 4500 devices will use the default to reach the Internet.

The 2921 will need to know about your internal networks to be able to send packets back but I suppose that is already setup today? Is that through static routes?

I don't really like HSRP load balancing but that is your choice, maybe it's necessary due to traffic load in your case, I don't know.

Since the 2921 would have equal cost routes to the internal networks there could be cases of asymmetric routing where traffic from the Internet coming back in reaches the secondary 4500 but it shouldn't be a big issue since you don't have a stateful device in between like a firewall.

Daniel Dib
CCIE #37149

Hello Daniel,

Thanks for the reply. I did the test in lab to implement at site using EIGRP and static routing. I feel below configuration will work fine using static routing.

Kindly advise if you feel any flaws in it below config.

CORE1

=========

track 1 ip sla 1 reachability

ip sla 1

icmp-echo 192.168.250.1 source-ip 192.168.250.2

frequency 5

exit

ip sla schedule 1 life forever start-time now

interface Vlan10

ip address 192.168.10.252 255.255.255.0

standby 1 ip 192.168.10.254

standby 1 priority 120

standby 1 preempt

standby 1 track 1 decrement 60

!

interface Vlan11

ip address 192.168.11.252 255.255.255.0

standby 11 ip 192.168.11.254

standby 11 preempt

interface GigabitEthernet1/48

no switchport

ip address 192.168.250.2 255.255.255.252

ip route 0.0.0.0 0.0.0.0 192.168.250.1

Core 2

================

track 1 ip sla 1 reachability

ip sla 1

icmp-echo 192.168.250.5 source-ip 192.168.250.6

frequency 5

ip sla schedule 1 life forever start-time now

!

interface Vlan10

ip address 192.168.10.253 255.255.255.0

standby 1 ip 192.168.10.254

standby 1 preempt

!        

interface Vlan11

ip address 192.168.11.253 255.255.255.0

standby 11 ip 192.168.11.254

standby 11 priority 120

standby 11 preempt

standby 11 track 1 decrement 60

interface GigabitEthernet1/32

no switchport

ip address 192.168.250.6 255.255.255.252

ip route 0.0.0.0 0.0.0.0 192.168.250.5

Router

=============

interface GigabitEthernet0/1

ip address 192.168.250.1 255.255.255.252

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/2

ip address 192.168.250.5 255.255.255.252

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

ip route 0.0.0.0 0.0.0.0 192.168.100.1 (points to ISP)

ip route 192.168.1.0 255.255.255.0 192.168.250.2   (1st Preference to CORE1)

ip route 192.168.1.0 255.255.255.0 192.168.250.6 2 (2nd Preference to CORE2)

ip route 192.168.10.0 255.255.255.0 192.168.250.2   (1st Preference to CORE1)

ip route 192.168.10.0 255.255.255.0 192.168.250.6 2 (2nd Preference to CORE2)

ip route 192.168.11.0 255.255.255.0 192.168.250.6    (1st Preference to CORE2)

ip route 192.168.11.0 255.255.255.0 192.168.250.2 2  (2nd Preference to CORE1)

Aditionally in the network i am using RSTP so convergence time is less when trunks are down due to any reason. I did the following tests.

1. Remove the trunk connecting to CORE1 from access switch for VLAN 10 host and there was no effect on HSRP but it took the patch from Access>core2>core1>router>internet. It took only 1 ping drop to switch the path.

2. Remove the trunk connecting to CORE2 from access switch for VLAN 11 host and there was no effect on HSRP but it took path from Access>core1>core2>router>internet. It took only 1 ping drop to switch the path.

3. Remove the cable connecting between CORE1 and Router for VLAN 10 host and CORE2 become HSRP active gateway for VLAN 10. It took 3-4 ping drops. I need to alter the timings. When i connect the cable back CORE1 become HSRP active gateway for vlan 10.

4.Remove the cable connecting between CORE2 and Router for VLAN 11 host and CORE1 become HSRP active gateway for VLAN 11. It took 3-4 ping drops. I need to alter the timings. When i connect the cable back CORE2 become HSRP active gateway for vlan 11.

Will i get any additional benefit if i use EIGRP.

Please reply.

Many Thanks.

Hi Fazal,

First I'll comment on your findings:

1 and 2)

Yes, this is expected behavior. Because the HSRP active owns the IP and MAC the traffic has to cross between the core. Should not be a big deal unless the crosslink has lots of traffic.

3 and 4)

Yes, the IP SLA had to send the ICMP packets before the priority was decremented. The main benefit to implement dynamic routing would be here. As soon as one of the Cores lost the link towards the router it could query its neighbor for an alternate route. This would converge much faster.

I think the config looks good but at the router you have two static routes towards the core with higher AD on the secondary one. This should work as long as you have link down, if there is an error but no link down then traffic could be black holed. So make sure you don't have any devices in between like fibre converter or so if you rely on these static routes.

Daniel Dib
CCIE #37149

Actually when i use EIGRP it was load balancing to core1 and core2 from router therefore i gave a try to static routing.

For asymmetric routeing in EIGRP what i need to change like bandwidth or delay.

Kindly consider from router lets say 192.168.1.0 -192.168.5.0 subnets should router to CORE1 and 192.168.6.0-192.168.10.0 subnets should router to CORE2.

When CORE1 or CORE2 is down traffic should change through other CORE switch.

Many Thanks for the reply.

Fazal

Could i ask why you trying to engineer the path of the traffic like this ? You would have to use PBR to send some traffic one way and other traffic another and your config is already getting complicated.

Why not, as Daniel has suggested, just run a routing protocol between the core switches and the router and let it load balance. There is nothing wrong with this. In my last job our DC had this setup and it worked fine. Again, as Daniel has said, it only becomes an issue if you have a device in between the core switches and routers that needs to see the whole connection, like a firewall for example, but you don't so it's not a concern.

The simpler you keep your configs the easier it is to troubleshoot when things wrong.

Jon

Just have to say as well that I agree with Jon. As I'm studying design right now, one of the big guys in that area Russ White usually says that "Don't configure anything that you don't understand if someone phones you at 2 AM in the morning" or something like that. Meaning that fancy/complex solutions might work but they aren't very nice to troubleshoot.

Doing VLAN load sharing is already a step towards that in my opinion although it's a quite common design. I'd rather have one topology for all my VLANs but I understand that might not always be possible.

Anyway the simplest solution is definitely to run a routing protocol and just let it do its thing. You can always manipulate metrics if you like but that also makes it more complex.

Daniel Dib
CCIE #37149

edited

Hi,

Yes it's true that asymmetric routing could occur. It should only be an issue if you have a stateful device in between or if you L2 topology is not congruent with the L3 toplogy. That could lead to black holes. Otherwise I wouldn't worry about it but you could increase the delay on the SVIs that should be secondary path on the Core routers. That should prevent the routes from becoming equal cost.

Daniel Dib
CCIE #37149

Thanks for the reply guys.

As still i am implementing it in the lab environment, i change the routing to EIGRP and  just advertise all the direclty connected subnets. i did the similar tests which i did when i configured static routing.

I feel the convergence time is very less when compare to static routing.

CORE1

======

!

interface Vlan1

ip address 192.168.1.10 255.255.255.0

standby 10 ip 192.168.1.254

standby 10 priority 120

standby 10 preempt

!

interface Vlan10

ip address 192.168.10.252 255.255.255.0

standby 1 ip 192.168.10.254

standby 1 priority 120

standby 1 preempt

standby 1 track 1 decrement 60

!

interface Vlan11

ip address 192.168.11.252 255.255.255.0

standby 11 ip 192.168.11.254

standby 11 preempt

!

router eigrp 100

network 192.168.1.0

network 192.168.10.0

network 192.168.11.0

network 192.168.50.0

network 192.168.250.0

CORE2

======

interface Vlan10

ip address 192.168.10.253 255.255.255.0

standby 1 ip 192.168.10.254

standby 1 preempt

!

interface Vlan11

ip address 192.168.11.253 255.255.255.0

standby 11 ip 192.168.11.254

standby 11 priority 120

standby 11 preempt

!

!

router eigrp 100

network 192.168.1.0

network 192.168.10.0

network 192.168.11.0

network 192.168.50.0

network 192.168.250.0

Router

==========

router eigrp 100

network 192.168.100.0

network 192.168.250.0

redistribute static

ip route 0.0.0.0 0.0.0.0 192.168.100.1

Many Thanks for the support.

Just one question. I do have to connect voice gateway/2951 router in the similar way on the same core switches for SIP line. If i am right just i need to advertise its subnet in eigrp that all.

Hello Fazal

I have some question. In the diagram do you have a conection link between two switch core ?

Can you explaim how did yo do ? Etherchannel  in which port ? L2 or L3 ? Can you share that part of the configuration ?

Thanks

Hello Wilson,

I am running simple layer 2 ether channel on two 1Gbps ports. Its good to use 10Gbps port but here this hardware is available.

I agree with the guys that VSS is a much better option where it will convert two physical switches into single virtual switch.

I discuss this topic earlier and due to hardware limitation i could not implement it here.

https://supportforums.cisco.com/message/4085031#4085031

Thanks.

Hi,

I need some help
i have a issue in my Network.

Considering the access,distribution and core design, the switches in  core (Not Cisco ) , Active and Backup Switch.