Solved: routing question

dkblee · ‎10-02-2008

hi! We are migrating our eol 29xx edge switch to 45xx and currently all the routing is done in the core sw 65xx. Will it be a good idea to move the routing between vlan to the 45xx switches? (the svr resouces are in different vlan from all the clients' dept vlan) What would be the advantage and disadvantage?

We are also looking at adding another pair of 65xx core sw in our new DC. As the existing 65xx will be configured as the aggreagation/distribution sw with all the dept vlan and hsrp configured on it, what need to be done on the new 65xx to maximize the switching? any new vlan required in the new 65xx to create a L3 link to the old 65xx?

quite new in this kind of setup :) pls advise. Thanks.

Jon Marshall · ‎10-06-2008

No you can't. The reason is this

edge switch 1 = ed1

edge switch 2 = ed2

ed1 has dual L3 uplinks to the distro switches.

ed2 also has dual L3 uplinks to the distro switches.

On ed1 we have vlan 10 - 192.168.5.0 255.255.255.0

Now lets say you rhen create the same vlan/ip subnet on ed2.

Note that with L3 switches the vlan number is local to the switch so the vlan number 10 here is largely irrelevant. What is relevant is the IP subnet being the same. So

On ed1 you have a host attached with IP address 192.168.5.20. Call this host H1.

on ed2 you have a host attached with IP address 192.168.5.30. Call this host H2.

H1 wants to send a packet to H2. Because they are on the same network H1 arps out for H2 ie. there is no need to route. But the arp stays local to ed1 ie. it never gets to ed2.

Even if somehow ed1 knew H2 wasn't local ed1 would not be able to route to the 192.168.5.0/24 network on ed2 because ed1 knows 192.168.5.0/24 is a directly connected network.

If ed1 and ed2 were L2 connected to the distro switches and the L3 vlan interfaces were on the distro switches then it would all work fine.

Hope this makes sense.

Jon

View solution in original post

Jon Marshall · ‎10-02-2008

David

L3 from the access-layer is becoming more common but you need to make sure it will fit with your existing vlan setup. For example if you had a buliding with 4 floors and you needed a certain vlan to be spanned across all 4 floors a routed access-layer would not work for you.

That said it does have certain advantages

1) No spanning-tree from the access-layer to the distro/core switches. This is often seen as one of the major pro's although to be fair rapid-pvst+ goes a long way towards alleviating spanning-tree issues. I have used a L3 access-layer where we deployed Nortel VOIP and Nortel don't use STP.

2) Equal cost load-balancing from the access-layer. If each access-layer switch has dual uplinks to the core/distro switches then each access-layer switch sees 2 paths and will use them both. If one fails you will barely notice it, if at all, as all traffic shifts to the one uplink, although you need to make sure that uplink can handle all the traffic. You can achieve this with L2 but it requires manual configuration.

3) Troubleshooting. This is my own opinion but i have found more engineers understand routing a lot better than switching and therefore it is an easier setup to support.

L2 from the access-layer undoubtedly gives more flexibility in terms of vlans and it can be restrictive in a data centre environment but it works well in a campus/building environment.

Your second pair of 6500 switches. Again you can route or you can switch (L2 switch that is). In the good old days, oh dear that makes me sound old :), L2 switching was always recommended because they were far more efficient than routers but now L3 switches can cope perfectly well.

Removing STP from your core is never a bad idea but in a data centre it can be a bit restrictive.

In short there are no right and wrongs and a lot of it comes down to your specific apps/requirements. A very good place to start is with the Cisco design docs -

www.cisco.com/go/srnd

Jon

dkblee · ‎10-06-2008

hi! in your first paragraph, you mentioned that a single vlan can't span multiple L3 edge switch in different floor. Can i achieve that by simply running certain routing procotol, for intervlan routing? Thanks.

lamav · ‎10-06-2008

D:

What Jon was saying is that in an L3 access layer design, the vlan is confined to the switch that is hosting that vlan. This is called L3 isolation. Remember that a vlan is an L2 broadcast domain and an L3 interface poses a boundary to that. The vlan ends right there.

This may or may not pose a problem for your environment. As Jon points out, in data centers, the L3 access layer perhaps faces its biggest challenge because one usually wants to implement multihoming/NIC teaming -- and for that you need L2 adjacencies.

In my latest engagement, the client had the perfect set up for an L3 access layer, except for the fact that they had a wireless vlan that spanned the entire office. So, we had to go with L2 access.

HTH

Victor

Jon Marshall · ‎10-06-2008

No you can't. The reason is this

edge switch 1 = ed1

edge switch 2 = ed2

ed1 has dual L3 uplinks to the distro switches.

ed2 also has dual L3 uplinks to the distro switches.

On ed1 we have vlan 10 - 192.168.5.0 255.255.255.0

Now lets say you rhen create the same vlan/ip subnet on ed2.

Note that with L3 switches the vlan number is local to the switch so the vlan number 10 here is largely irrelevant. What is relevant is the IP subnet being the same. So

On ed1 you have a host attached with IP address 192.168.5.20. Call this host H1.

on ed2 you have a host attached with IP address 192.168.5.30. Call this host H2.

H1 wants to send a packet to H2. Because they are on the same network H1 arps out for H2 ie. there is no need to route. But the arp stays local to ed1 ie. it never gets to ed2.

Even if somehow ed1 knew H2 wasn't local ed1 would not be able to route to the 192.168.5.0/24 network on ed2 because ed1 knows 192.168.5.0/24 is a directly connected network.

If ed1 and ed2 were L2 connected to the distro switches and the L3 vlan interfaces were on the distro switches then it would all work fine.

Hope this makes sense.

Jon

satish_zanjurne · ‎10-02-2008

Hi,

1.As you are adding new pair of Catalyst 6500, as a core, don't shift the routing to Catalyst 4500.

2.Keep Catalyst 4500 as wiring closet switches or edge switches.

3.When you are making old/existing Catalyst 6500 as distribution, make sure you are doing vlan load balancing.

4.Suppose you have 4 vlan ,make one Catalyst 6500 as primary root for vlan A & B , secondary root for vlan C & D & other Catalyst 6500 as primary root for vlan c & D , secondary root for vlan A & B

5.Implement intervlan routing on Core / New Catalyst 6500 .From Distribution 6500 to Core 6500 put one uplink per vlan.

i.e For 4 vlan's 4 uplink from Distribution Catalyst 6500 to core Catalyst 6500 on both sides.

6.Make the HSRP gateways on Core Catalyst 6500

Here also make One Core Catalyst 6500 as

HSRP active gateway for 2 vlan & standby for other 2 vlan & do reverse on the other Core Catalyst 6500.

7.Run EIGRP or OSPF on Core, advertise each vlan uplink in it.

8.Make sure you are adding L2 etherchannel between Distributiobn Catalyst 6500 & L3 etherchannel on Core Catalyst 6500. Advertise same in routing

HTH...rate if helpful..