Solved: VPLS with Resiliency

de1denta · ‎01-03-2013

Hi All,

I am working with a customer who has VPLS network connecting all of their sites. The VPLS network is a single instance creating a single broadcast domain.

The customer has purchased backup VPLS links for two of their offices as shown in the attached diagram. The links are attached Cisco 3560 switches and the L3 is handled by SVIs, static routes and HSRP. As all all links are in the same VLAN then spanning tree is blocking the backup circuits in offices 1 and 2.

This is currently working and manageable but this network will grow over the next few month when 5 more sites are added all with primary and backup VPLS circuits. My fear is that is going to spawn into one big spanning tree mess and is going to be difficult to scale and manage,

Is there a better way to achieve resiliency without using spanning tree? I was thinking that dynamic routing can be used but this wont stop basic layer 2 loop prevention from taking place unless ports facing the VPLS are routed. Is this possible? If I go with routed ports will the primary and backup links need to be in different subnets?

Any assistance is appreciated.

Thank you

Edison Ortiz · ‎01-03-2013

Yes, Office 3 will have network reachability to Office 1 via Office 2 and

Office 1 will have network reachability to Office 3 via Office 2.

Please remember to rate useful posts.

View solution in original post

Edison Ortiz · ‎01-03-2013

Your concern is valid and I highly suggest moving towards the L3 design at the CEs.

Yes, the egress ports will have different subnets but with routing you can manipulate the traffic flow.

Or you can also simply rely on ECMP (Equal Cost MultiPath) if you want to fully utilize both links.

Regards,

Edison

de1denta · ‎01-03-2013

Hi,

Thanks for the reply.

Will there be any issues having different subnets in the same VPLS broadcast instance?

Also what will be the best way to acheive this. Would I configure the primary VPLS circuits in one subnet and the backup circuits in another subnet and then run OSPF/EIGRP over the top?

Edison Ortiz · ‎01-03-2013

I personally have not seen any issues with different subnets in a VPLS.

Yes, your approach is sound. You can run an IGP over these links and I recommend applying some kind of MD5 authentication. It will protect you from ISP and leaking your routes to other customers.

Regards,

Edison

de1denta · ‎01-03-2013

Great, that makes sense.

In this scenario what would happen to sites with a single primary link into the VPLS network.

For example, office3 in my diagram has a sinle link and will be configured in the primary subnet and will form an OSFP/EIGRP adjacency with the primary links in office1 and 2. What would happen if the primary link in office1 went down, would office3 only be able to connect back to office1 via office2?

Sorry for the questions but this type of scenario is new to me.

Edison Ortiz · ‎01-03-2013

Yes, Office 3 will have network reachability to Office 1 via Office 2 and

Office 1 will have network reachability to Office 3 via Office 2.

Please remember to rate useful posts.

de1denta · ‎01-07-2013

Great, thanks for the assistance, your help is much appreciated.

Thank you