Hello all. I want to provide full network redundancy to the internet. I have the following equipment:
7204VXR /w NPE-G1 - Internet router
(2) Catalyst 3560 - DMZ/Outside switchs (seperate VLANs)
(2) Pix 535 - Firewalls
(2) Catalyst 6509 /w Sup720
Ultimately, we will provide outside network access to a site via fiber, connecting into the 3560 via a GBIC. I want to provide full redundany for this other than if the 7204VXR dies completely. I want two gig interfaces from the 7204 to go to the two 3560s. If one interface goes down (cable dies, switch dies, other), the other will continue passing traffic.
We will be providing outside fiber connections to sites, so I need to be able to assign multiple networks to the router. I like creating sub-interfaces for doing this routing. The best way I've found to do what I'm looking for is using BVIs and assigning the sub-interfaces to the bridge-groups. This works, but even with changing the spanning-tree timers, it takes about 10 - 15 seconds for the network to converge. I feel there's a more effective way to do what I'm trying to do. Any thoughts? See the attachment for more details.