I'm looking to re do a few things in our data center soon. I plan to buy a second 4506 so i can run GLBP. Currently i have one 4506 doing all of my intervlan routing with numerous layer 2 switches connected to it as well as all of my servers. I would like to add a second link from the servers to a new 4506. I would like to do the same for most of the switches where i have spare fiber links. My question is since i have about 30 SVI's on the 4506 and if i add another 4506, what kind of links do i use to connect to the layer 2 switches? Right now they are layer 2 trunks and if i have 2 links going from one switch to two 4506's, STP will put one in blocking which seems like it would not allow GLBP to function correctly. any suggestions?
In the campus environment you describe I can't see any obvious benifits as it would appear the servers all have active connection on the first switch, therefore intervlan routing would be best achived by everything going through the first switch.
Also if you can define traffic flows e.g. Database to Web Server in different VLAN, then manual controlling of gateways using HSRP would be a better option.
This is just of the top of my head, but the Cisco information does not give a good steer on delpoyment scenarios, definatley worth an indepth discussion.
The best scenario I can imaging for GLBP is in a branch office with two wan circuit. Where previously you would need a mix of HSRP groups to provide different default gateways and manually load balance the client. This goes away with GLBP as you can provide one Default GW address and Load balance the egress traffic from site.
I'm trying to achieve redundancy more than anything. Each server would have redundant connections to both GLBP/HSRP switches in case of a switch failure. We have a large campus environment, mainly layer 2 trunks going out to layer 2 switches. but we do have a few layer 3 switches that do inter vlan routing for those locations. Everything is fed from our main 4506. If it dies, then we are completely down. Thats why i am looking to add a second 4506 and have all of the servers connect to both, as well as the switches. At least 50% of switches would be connected to 4506 #1 and 50% to 4506#2. Does this make sense?
Here is what I think you should do.
Create a HSRP group per VLAN
Ensure all host on that vlan use the same switch as the active HSRP gateway.
Tune spanning tree per vlan so that the layer 2 switch to core 4605 is the shortest path.
by doing this per vlan you can spread the load between switches. However you still have to be very careful on traffic flows. e.g.
If you have large backups running accross the network then keep them on the shortest path to the backup server.
I think i understand. We actually have all of our servers in our data center and they are directly connected to our 4506. Like i said before, we have buildings all around with layer 2 access switches and a few layer 3 running eigrp connected via fiber. Does it sound feasible to have half of the switches connect to 1 4506 and the other connect to the second 4506? As far as the servers I'd like to have 2 NIC's in them, and connect each NIC to the 4506s for redundancy. The backups should be fine since they already go through the 4506 now. I guess another questions is if i have half the network going through 4506#1 and half going trough 4506#2 and 4506#1 is the active gateway, will the hosts connected to #2 still be up? I had this idea in my head about GLBP. Now i think I'm starting to get confused.
Here is an updated picture. This is what I'm trying to accomplish. I think I understand your design recommendation. But to me HSRP is a waste when i can load balance with GLBP. I requested a new 4506 and I'm trying to justify why i need it. It is possible that a few layer 2 switches could have redundant links to each 4506, but not all.
here is a good link and almost exactly what I'm trying to accomplish. I did notice on the second picture on the link, there is no physical link between the distribution switches, only the layer 2 access switches.
What you need to do is ensure that you have a layer 2 loop-free design when implementing GLBP for best results.
You should try not span vlans. Each switch should have its own vlan. If you do span vlans, make sure you tune STP, set higher port costs where needed, so that the links from each access switch is forwarding to both distribution switches. Same for servers. Also, for spanned vlans, you need to look into asymmetric routing and unicast flooding problems, you'd need to tune your arp and cam timer to be the same.
Tune STP on the Distribution switches so one is STP root and the other is secondary.
What I would personally do is map out incoming and outgoing traffic, create scenarios and look into potential problems.
You can make it work but you have to design it properly.
Because you cannot control which host will goto which router on GLBP, you will achive load balance egrees traffic from VLANs however you will have no control of the L2 traffic moving on interswitch trunks.
this is why I beleive HSRP is more appropriate in this intervlan routing, since we can be in control of traffic flows.
I agree about the spanned vlans. When i first started they had only one large flat network of 1200 hosts on vlan 1!!!! I am almost done segmenting into vlans, but some do span. I also have implemented EIGRP in some cases and i plan to run it network wide and isolate vlans only to access switches. For now i think i will go with HSRP, and after i get the network up to par i will try to implement GLBP.
"what kind of links do i use to connect to the layer 2 switches?"
answer: you use trunk between your new switch 4506 and layer 2 switches.
"Right now they are layer 2 trunks and if i have 2 links going from one switch to two 4506's, STP will put one in blocking which seems like it would not allow GLBP to function correctly. any suggestions? "
I noticed in your attachment there is a direct link between two 4506 switches.
We can manipulate the cost of that link so it will be blocked for all 30 vlans on access switches.
Now your toplogy will result in " v" shape .
Both trunks red and blue to each access switch would be operational.
Next thing we need to do is to decide which protocol to use.
Options are HSRP, VRRP, GLBP
I use HSRP for our case.
Next I show how to configure the HSRP for one vlan so that both links to 4506 could be used.
You could replicate the process for the rest of vlans
Let say we have one vlan with ip subnet 184.108.40.206
now we chose one 4506 say sw1(4506)
sw(config)interface vlan 1
sw(con-if) ip address 220.127.116.11 255.255.255.0
standby 1 priority 200
standby 1 ip 18.104.22.168 (this is the address half of hosts in vlan 1 should be pointed at)
standby 2 ip 22.214.171.124 (this is ip address ,rest of hosts in vlan 1 , use for default gateway)
Now second 4506 switch ,say sw2(4506)
sw2(config)# int vlan 1
sw2(con-if)# ip address 126.96.36.199 255.255.255.0
standby 1 ip 188.8.131.52
standy 2 priority 200
standby 2 ip 184.108.40.206
you could repeat this process for the rest of all vlans.
If you still need more info, just ask.
Just returning the favor from fellow Net pros!