Circuit and Service High Availability Design Question

anni.meeks · ‎02-05-2010

Hello!

I need some help in deciding on a best practice design for building WAN and Service redundancy/ high availability into our Mulit-Metro Ethernet circuit Topology. I have read about various technologies such as MST, Bridging, Sharing one VTP/VLAN domain between location edge and core devices, MPLS. Just not sure which if any are suitable for our current and growing infrastructure. I am thinking one or possibly two of the above technologies along with EIGRP will work in the below environment?

The Circuit Vendor Topology: Full mesh cloud over one VLAN

Our Topology: Hub/Spoke using EIGRP, trunking on circuit facing interfaces, site specific vlans/vtp domains on edge devices - which makes redundancy / best path impossible as traffic is only allowed to pass from point A to B or A to C, but not from B to C unless traversing A.

1 - Hub - Core Site = Cisco 6509 (600mg ethernet circuit)

1 - Diaster Recovery Site = Cisco 3750 (100mg ethernet circuit) (in process of bringing up)

12 - Branch Sites = Cisco 3750 - 3560 (30-70mg ethernet circuit)

I really need to get this implemented before the next big project - Multihoming ISP's using ASA5520's

Hopefully this is not a redundant question in the community, but any expertise is greatly apprciated!

Thank you,

Anni

Giuseppe Larosa · ‎02-06-2010

Hello Anni,

there is one point that is not clear to me:

you define the service as a full mesh using a single vlan.

Then you say you have or you would like to have an Hub and Spoke topology where direct communication between spokes is not possible.

These two don't fit together: if the service provides a VPLS and all your devices facing the Metro ethernet links are in the same IP subnet the end result is that all devices will become EIGRP neighbors and direct communications between spokes/remote sites will be possible.

Possible solutions could be:

changing the service in a collection of different vlans/point-to-point services so that for each remote site the only possible neighbor is the hub site and possibly DR site (or remote site in another vlan-id and each remote would use two vlan-ids one to reach hub and one to reach DR.

Implementation of a logical Hub and Spoke topology:

a possible tool for this is DMVPN, in this case EIGRP should run over the multipoint GRE tunnel.

For a reference to DMVPN see the solution reference design:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html

Unfortunately your devices specially the switches in the remote site don't support DMVPN so this is not a viable option unless you add an ISR router in each site.

EIGRP allows to run multiple EIGRP processes on the same interface.

A dedicated EIGRP process for each remote site running on that remote site, HUB and DR could be a way to implement a logical hub and spokes if the number of remote sites is not high.

HUB and DR could then advertise a simple default route inside each process. In this way different remot site devices would not be able to build a direct EIGRP neighborship for the different EIGRP AS number.

So the question becomes how many are the remote sites?

if they are 10-20 this could be done otherwise the metro ethernet service should be reviewed.

Hope to help

Giuseppe

anni.meeks · ‎02-07-2010

Hello Giuseppe,

Thank you for the response. Sorry, this was a bit confusing, basically, our vendor provides us a meshed layer 2 topology in which I wanted to make sure to take advantage of. Meaning, I want our internal structure to provide the same full mesh. At present it is point to point - hub/spoke topology which no longer meets our needs. Our service environment now stretches across into a Disaster Recovery Site w/second ISP, as well as other Branch sites.

From what you wrote if I want direct communication between circuit links I just configure them in the same IP subnet, and let EIGRP do the load balancing and failover routing, correct? Should I place the edge devices in same VTP domain as well or does this matter? What is STP's role in this, do I need to do anything special here?

My goal is to build the most efficient and reliable network possible, as we deal with 24/7 patient care. Therefore I really appreciate your time and knowledge.

Hopefully this reply is clearer,

Anni

Giuseppe Larosa · ‎02-07-2010

Hello Anni,

your reply clarifies several points.

the L2 VPLS can be the right tool for the new needs that moves to any to any connectivity.

Your understanding is correct a common IP subnet can be deployed on edge routers.

All routers will become EIGRP neighbors allowing for direct communication between remote sites.

DR site has to inject routes with an higher metric if it advertises the same subnets as HQ.

For doing this the best choice is to increase delay on client facing / internal interfaces on DR site edge router.

VTP domains should be confined at each site for better scalability and control on broadcast traffic.

Depending on DR site design and needs you may need to extend some vlans between HQ and DR site.

If this is true it may be wise to join HQ and DR site VTP domains, for all other sites I don't see any advantage on trying to extend vlans between them.

Hope to help

Giuseppe

anni.meeks · ‎02-08-2010

Thank you, Giuseppe! Your expert input is very helpful. Have a great day.