HSRP vs Stacking

Answered Question
Dec 21st, 2009
User Badges:

Hello Everyone,

I am working on a network design and just wanted to get some feedback. The client has about 150 users and is a 24x7 shop. So, they have very high availability requirements. We are looking at replacing their core switches.


They have about 20 internal VLANs, and we are going to be using layer 3 switches to route between the VLANs.


Right now the plan is to use 3 48-port 3560s. the servers would connect directly to the 3560s, as well as the access layer switches.


Here is a basic diagram of the currently planned topology:

Planned.gif


But, I started looking at it, and in order to have redundancy between the switches we would be running about 20 different instances of HSRP.  Everytime we created or modified the access-lists, we would also need to make that configuration change on the redundant switch also. That also means that redundancy to the access switches will be provided by Spanning Tree Protocol.


So, I am trying to persuade the client to use 3570 switches. But, they are very budget sensitive. I am suggesting that they could use 2 24 port 3570s at the core, and connect the servers to 2 24(or 48) port 2960Gs. to keep the same port count (144 gigabit ports), they would be paying about $3K more for the 3570/2960 scenario. But, I think they can go with a lesser port count and save about $6K.


This is a basic diagram of what I'd like to do:

Proposed.gif


So, the premise of my position and what I would be interested in asking all of you is...


1. Is the Stacking ability worth $3K? I think it is. I think the extra work of having to configure everything twice, (now and in the future), plus the security and productivity risk of doing it wrong, would cost more than $3K. What do you think?


2. Am I correct in my understanding that HSRP would be the only redundant mechanism? I also thought about OSPF or EIGRP. But, that would mean than the switchports with dual-nicd servers on it would have to be on differnt subnets, which would mean that the servers would have two different IPs. that's messy. Or, we would have to push routing down to the access layer. $$. sounds like too much for 150 users.


3. Do you see anything here than means that I should be looking at the enhanced IOS?


4. I kind of have this problem with attaching servers to the core switches. seems to make more sense to create an access-layer specifically for the servers.


Note: stacking the server switches also would be nice, but I just don't see it in the budget.


Any advice would be helpful.

Correct Answer by Jon Marshall about 7 years 7 months ago

Ben


There is a slight problem in that the client has very high availability requirements but they are very budget sensitive. Something usually has to give


Your second design is a better design in my opinion. You could uplink the access-layer switches using cross-stack etherchannel to the 3750 switches, ditto for the server switches. I also agree that if budget allows servers are better connected to their own set of switches which are then uplinked to the 3750s but you need to factor in throughput of 2960 compared to 3560/3750.


You are right that HSRP is the redundant mechanism for the end devices.


One other thing, if you were loking at high availability i would prefer routing from the access-layer because you remove STP from the uplinks but if you can't do that and you won't be able to because of budget then try to isolate vlans to individual access-layer switches and clear the other vlans off the uplink.


Also 24x7 you need redundant power supplies etc..


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jon Marshall Mon, 12/21/2009 - 15:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Ben


There is a slight problem in that the client has very high availability requirements but they are very budget sensitive. Something usually has to give


Your second design is a better design in my opinion. You could uplink the access-layer switches using cross-stack etherchannel to the 3750 switches, ditto for the server switches. I also agree that if budget allows servers are better connected to their own set of switches which are then uplinked to the 3750s but you need to factor in throughput of 2960 compared to 3560/3750.


You are right that HSRP is the redundant mechanism for the end devices.


One other thing, if you were loking at high availability i would prefer routing from the access-layer because you remove STP from the uplinks but if you can't do that and you won't be able to because of budget then try to isolate vlans to individual access-layer switches and clear the other vlans off the uplink.


Also 24x7 you need redundant power supplies etc..


Jon

Benjamin Waldon Mon, 12/21/2009 - 16:07
User Badges:

Thanks Jon,

Am I correct to state that we remove STP from the access-to-core layer connection because there is now an etherchannel from the access to the core?


Is "cross-stack etherchannel" dependant on using Cisco switches at the access layer? Eventually, we want to get cisco at the access layer, but right now we have a mixed vendor envoirnment.


It's a bit redundant to the earlier posts, but I want to make sure I understand.


Thanks,

Ben

Jon Marshall Mon, 12/21/2009 - 16:19
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

benwaldon wrote:


Thanks Jon,

Am I correct to state that we remove STP from the access-to-core layer connection because there is now an etherchannel from the access to the core?


Is "cross-stack etherchannel" dependant on using Cisco switches at the access layer? Eventually, we want to get cisco at the access layer, but right now we have a mixed vendor envoirnment.


It's a bit redundant to the earlier posts, but I want to make sure I understand.


Thanks,

Ben


You don't remove STP as such but STP treats the etherchannel as one link so it doesn't need to block any of the physical links. But you are still running STP across the links hence the reason i suggested trying to stick to one or two vlans per access-layer switch.


As for cross-stack etherchannel being dependant on Cisco switches. I don't think but i have never tested it with non-Cisco switches so cannot promise but it should do.


Jon

Actions

This Discussion