Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k

ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss with Cisco expert Bobby Thekkekandam about the concepts and best practices for high availability and redundancy within a campus network, from redundant hardware, processors, and line cards. Bobby joined Cisco Systems, Inc. in the Customer Proof of Concept (CPOC) lab in 1998, and has been an engineer in the Technical Assistance Center (TAC) LAN switching group since 2002. His current responsibilities include escalations and troubleshooting complex issues related to the Cisco Catalyst series switches as well as providing training.

Remember to use the rating system to let Bobby know if you have received an adequate response.

Bobby might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through April 6, 2007. Visit this forum often to view responses to your questions and the questions of other community members.

36 REPLIES
New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi,

I want to know can 3 differrent FWSM module in 3 differrent Cat 6500 switches can act as redundant to each other?Suppose switch1 is primary, switch2 is HSRP secondary standby and Switch3 is 3rd Standby in same HSRP group.

FWSm module in switch1 is active and switch2 is standby how I can make use of 3rd FWSm in switch3.Can it also join FWSM redundancy group?

Sanjay

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Sanjay,

While it would be a nice feature to have, FWSM failover only has support for an active and standby unit.

HTH,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

hi,

I have a question about le release note 12.1(22)EA9 for the cat2950. I found that this release is just below the versions 12.1.22-EA8a.

for exemple:

12.1.22-EA8a (ED)

12.1.22-EA6a (ED)

12.1.22-EA5a (ED)

12.1.22-EA4a (ED)

12.1(22)EA9

Why the download page recommende that? Is that means the version 12.1.22-EA8a (ED) is more recent than 12.1(22)EA9? And we should choose 12.1.22-EA8a?

The link page web download:

http://www.cisco.com/cgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi?get_crypto=&data_from=&hardware_name=&software_name=&release_name=&majorRel=12.1&state=&type=

Thank you and best regards

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi,

Thank you for your question, but your question is unrelated to the topic of High Availability or Redundancy in switched networks, so I would suggest posting your question as a new topic in the "LAN Switching and Routing" section.

thanks,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hello all,

This is my first for me join this kind of discussant. I hope that I am doing it in the right way.

So now my question:

Could any of you compare for me Cisco Router 2811 and any Layer 3 switch in meaning of throughput supported?

One of my clients is asking me what is best for him to buy a Router or a Layer 3 Switch and what the throughput is supported by each one?

Thank for your time.

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Nojkovska,

Hi,

Thank you for your question, but your question is unrelated to the topic of High Availability or Redundancy in switched networks, so I would suggest posting your question as a new topic in the "LAN Switching and Routing" section.

thanks,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Bobby,

I have four copper gigabit connections between a 6513 and a 2 switch 3750 stack (on the gigabit SFP's). I have placed all of these in an etherchannel to give me a 4 Gig pipe. However, since I am using cross stack etherchannel, I have had to force the channel group to be on - desirable is not an option in this config. This all works fine but I am worried about a loop occuring in case of a fault. I thought there used to be a type of etherchannel Spanning tree tool to guard against this?

What would you recommend? Since the customer does not require anything like 4 gig of bandwdith I thought of breaking the Etherchannel into two seperate 2-gig bundles, one on each 3750 in the stack so that I can run desirable mode.

What do you think?

Thanks, Steve

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Steve,

Using mode "on" disables channel negotiation as you know, which can potentially mask underlying problems.

If the channel partner supports it, you can use LACP to negotiate the channel. LACP does support cross-stack channeling. Please refer to the following document for more info:

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225sec/3750scg/

HTH,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Thanks Bobby !! That fixes my problem !!

Regards,

steve

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Bobby,

I have a query on the High Availability and Redundancy model in a Campus LAN..

What would be the best practice model for High Availability and Redundancy at both L2(STP) and L3(HSRP,GLBP,etc) to be implemented in a Campus LAN when we have multiple VLAN's which are extended VLAN's(on different switches across the campus)..Could you please ellaborate with an example and a diagram as an example to be followed..

Thanks

Akki

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Akki,

For STP, Cisco's best practices are the following:

-Do not change timers, as this can adversely affect stability.

-Ideally, keep user traffic off the management VLAN.

-Do not over-design redundancy.

-Keep the total SPT diameter under seven hops.

-Influence and know where Root functionality and blocked ports reside, and document them on the topology diagram.

-Prune unnecessary VLANs off trunk-ports

For more detail on these best practices please refer to the following document:

http://www.cisco.com/en/US/customer/products/hw/switches/ps663/products_tech_note09186a0080094713.shtml#stp

For HSRP/GLBP, best practices are going to vary by topology, but for a great example, please refer to page 12 of the following PDF:

http://www.cisco.com/warp/public/779/largeent/learn/technologies/campuslan.pdf

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Bobby,

Im new on this too, so i hope i follow the rules.

My question resides on the following scenario:

I have a client with 2 WS-C6006, with 1 WS-X6K-SUP1A-2GE each other and HSRP on Vlan1, connected between them in 1 GigaEthernet trunk.

These are the distributed switch my client have to connect to the access switchs.

Connecting these 2 WS-C6006 they have a WS-C4506, making a "ring", with a Supervisor WS-X4013+ without a redundant one.

I have several servers on this switch and

this switch split the User Access Area from connections to WAN, FireWall, DMZ's and Internet.

1st. Could i call this Switch a Core Switch ? or should i stand calling a Distributed one?

2nd. Is this kind of topology the best one with the existing equipment ?

3rd. If something fails on WS-4506, my client will lost most of application services, cause there is no redundancy on that.

Any best practises on this faulty solution?

I attach a brief of the network im talking about.

Best Regards,

Petr?nio

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Petronio,

for your questions:

1) The layout doesn't specifically follow the Hierarchical Design model, so the referenced nomenclature doesn't really matter.

2) From a design standpoint, there appear to be multiple single points of failure, and implementing the hierarchical design model may better enable you to design resiliency into the network. For more on this, see:

http://www.cisco.com/univercd/cc/td/doc/cisintwk/idg4/nd2002.htm

3) Certainly, the 4506 is a single point of failure. Possible solutions here include adding another 4506 switch and dual-homing the firewall to each. The same applies for the WAN router. Alternately, you can migrate the WAN and Firewall connections such that each are dual homed to the 6006 switches which will give you multiple points of failure to your application services (assuming they are on the other end of the WAN or firewall)

Design is a very subjective thing and there are certainly a plethora of valid designs that will accomplish the same thing. The hierarchical design model is one that is time tested and well documented, and what Cisco generally recommends.

Another great document on Switched Network design using the Hierarchical Model:

http://www.cisco.com/en/US/tech/tk1330/technologies_design_guide_chapter09186a0080666712.html

HTH,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

I've been doing some research on L2 vs. L3 links between redundant distribution switches, and I have seen articles advocating both solutions.

In a 3-tier model, assuming that vlan's do not span more than one distribution switchport or access switch, what type of link between redundant distribution switches (L2 vs. L3) would be recommended, and why? Thanks.

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Bobby, is there any documentation regarding when to use a Layer 2 trunk link versus a L3 routed link between redundant distribution switches? Thank you.

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi,

In general, you'll want L3 between your distribution switches, and in your case as detailed above, since your VLANs are terminated locally from the perspective of the distribution switches, this certainly holds true.

Additionally, you may want to consider a routed access layer, for faster convergence, isolating network disruption, simplified redundancy (no need to deal with the complexities of spanning-tree, root election, loop mitigation, etc.).

Here are a few documents that cover this in greater depth:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns17/c664/cdccont_0900aecd804598c2.pdf

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a00805fccbf.pdf

HTH,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Thanks for the reply. As far as the routed access layer, I'm reluctant to think that is a viable solution for all but a few organizations. The reason for this is the sheer cost of purchasing L3 access switches, such as the 3560/ 4500/6500's. Once the price comes down on those, or a more affordable model is released, I'd be all over it.

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

I have 2 windows 2000 servers running RADIUS, both on the same VLAN on the same 6509 running IOS 12.2. Is there a way for me to use the switches to load balance between the two servers without using Microsoft's HA feature in Windows?

If the answer is yes, would this be on a per packet basis or a per connection basis?

Thanks

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Yes, you can use IOS Server Load Balancing to accomplish this.

You can define a virtual server that represents a group of real servers in a cluster of network servers known as a server farm. In this environment, the clients connect to the IP address of the virtual server. When a client initiates a connection to the virtual server, the IOS SLB function chooses a real server for the connection based on a configured load-balancing algorithm.

Depending on which algorithm use, the load balancing will still be on a per connection basis rather than a per packet basis, as it wouldn't be feasible for server A to service one packet and server B to service another, as the information to complete the transaction would not be complete.

Please refer to the following document for more info:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1838/products_feature_guide09186a0080134a97.html

HTH,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi,

Why we have data and voice VLANs for a cisco IPCC architecture. I would like to know from a security point of view.

Thanks

Rajesh

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi, Bobby.

While I agree that "design is a very subjective thing," from an engineering standpoint it seems that a wise design for redundancy would be guided by actual field data on the relative (or absolute) reliability of various components. Does Cisco ever make such data available?

Or should I only bother asking if I'm among Cisco's top 20 global customers :-) ?

Thank you.

Paul

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Paul,

Certainly, there are designs that are time, lab, and field tested to be sound from an engineering and availability standpoint.

Case Studies, Design Guides, and White Papers are often published with such data. For example, you can find such information specifically for the large enterprise here:

http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/networking_solutions_packages_list.html

HTH,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Bobby,

Could you point me to a document that explains the switching modes on the 6500 please? For example, there are all types of switching modes like truncated etc. If I have a chassis full of 67xx cards and I install a 6148 card, say, does that impact on the performance of my 67xx series? If so why? Each of the 67xx cards has its dedicated CEF 720 traces to the crossbar so why should a classic card upset the 67xx's?

Am I am also correct in thinking that the DFC modules only allow autonomous switching descsions to be made on the line card concerned? The DFC does not allow slot to slot comunications without going across the supervisor?

THanks if you can point me to some useful doc on this; the configuration guides don't really exaplain this in detail.

TIA

Steve

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

hi bobby,

I will explain about one of customer network (BPO), having campus network with core switches of 4506 back to back connected. configure vlans . using 3550 as access switches.

i will explain one of his customer network.

3550--4506--Pix firewall--WAN Route--CE Router---ISP cloud

Already impleted one MPLS data circuit and planning for one more mpls circuit. now he is asking me about high availabiliy .

How the 2 CE router will connect to his LAN.

Thanks

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi,

This question is out of the scope of this discussion. I suggest posting this question in the LAN Switching, and Routing section.

Thanks,

Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

We are installing a new 6500 with dual Sup's in our data centre. Is it possible to do a no impact IOS upgrade if you have dual sup-720 installed??

When I install the new IOS on the backup sup and reload it, redudancy changes to RPR (from SSO) and backup sup is seen as Cold standby.

When I do a force-reload switchover - fails over to backup-sup all line cards reload and get an outage of upto 5minutes.

Can this outage be reduced if modular IOS is used???

Is there such a thing a no outage IOS upgrade?? i.e. true high availability

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Basically want I'm asking is when will ISSU (In Service Software Updates) be available on the 6500 platform.

Understand it is already available with modular ios patching. But not is the base image needs upgrading??

Cisco Employee

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

Hi Chris,

At this point in time, there is no way to do a hitless upgrade even with modular IOS. However, as modular IOS matures, This will be a feature that will be available, although I'm not currently aware of any specific timeframes for this.

-Bobby

New Member

Re: ASK THE EXPERT - HIGH AVAILABILITY IN CAMPUS NETWORKS

54
Views
18
Helpful
36
Replies
CreatePlease to create content