Solved: Excellent. Well spotted. I

Paul Morgan · ‎11-12-2014

I have four layer 3 switches in a ring and they are all IP ROUTING.

I have several Vlans. If I traceroute to endpoints on a different vlan, I see results showing that the vlan hop took place somewhere random on the ring.

Surely the switch nearest me should route the traffic onto the correct vlan?

Vasilii Mikhailovskii · ‎11-14-2014

Your Router has following in routing table:

S 192.168.177.0/24 is directly connected, GigabitEthernet0/0

It means you leverage on proxy-arp to reach out the local network (192.168.178.0/24).

That is why you use different switches per destination - whichever answers first on your ARP request, becomes your gateway.

For sure, that is not a good design and you need to run either routing protocol or FHRP on the switches.

View solution in original post

Vasilii Mikhailovskii · ‎11-14-2014

Hello.

Could you please provide your topology (with IP-addresses per device), routing protocol configuration and "show ip route" from your switches?

Please provide traces you are trying to understand and please let us know what default gateway is configured on the client.

Paul Morgan · ‎11-14-2014

On the diagram, SW1 and SW2 and R1 and R2 are eigrp neighbours. SW3 and SW4 are not using EIGRP but are enabled for routing. (I think this is important) The SAN has 192.168.177.x subnet addresses in it and the connection from SW1 is active in Spanning Tree with SW2 blocking.

Below are the Traces from R1 and R2 to addresses in the SAN.

192.168.178.51>traceroute 192.168.177.10

Type escape sequence to abort.
Tracing the route to 192.168.177.10

1 192.168.178.104 4 msec 0 msec 4 msec
2 192.168.177.10 0 msec 4 msec 0 msec

192.168.178.52>traceroute 192.168.177.10

Type escape sequence to abort.
Tracing the route to 192.168.177.10

1 192.168.178.103 4 msec 0 msec 4 msec
2 192.168.177.10 0 msec 0 msec 0 msec

These are the same for all addresses on the SAN, physical and virtual.

The routing tables on the two core switches are predictably normal

SW1>sh ip route

      192.168.177.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.177.0/24 is directly connected, Vlan177
L        192.168.177.51/32 is directly connected, Vlan177
      192.168.178.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.178.0/24 is directly connected, Vlan178
L        192.168.178.101/32 is directly connected, Vlan178

SW2>sh ip route

      192.168.177.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.177.0/24 is directly connected, Vlan177
L        192.168.177.53/32 is directly connected, Vlan177
      192.168.178.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.178.0/24 is directly connected, Vlan178
L        192.168.178.102/32 is directly connected, Vlan178

So why is the trace showing traffic flowing to the two lower distribution switches from the core switches?

devils_advocate · ‎11-14-2014

Can you provide a show ip route result from both the R1 and R2?

What is the default gateway address of the SAN?

Are you using HSRP/VRRP or GLBP at all?

Thanks

Paul Morgan · ‎11-14-2014

Both routers use statics for internal LANs

S     192.168.177.0/24 is directly connected, GigabitEthernet0/0
      192.168.178.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.178.0/24 is directly connected, GigabitEthernet0/0

There is no DG for the SAN as such; there are multiple subnets. The 177 subnet has a DG on SW1 which is HSRP with SW2. There are physical switches in the SAN ring which have the DGs for internal subnets. But before making this more complicated, even traces to the core switches go too far.

This is from R1 to SW1 (mind, the IPs are similar) and goes via SW4

192.168.178.51>traceroute 192.168.177.51

Type escape sequence to abort.
Tracing the route to 192.168.177.51

1 192.168.178.104 0 msec 4 msec 4 msec
2 192.168.177.51 0 msec * 4 msec

This suggests that routing is not taking place within EIGRP but is always routing away from EIGRP?

devils_advocate · ‎11-14-2014

Your topology looks far too complicated for me to try and diagnose your issue over the internet, I don't know where to start really :)

Presumably you have a Trunk link between SW1 and R1?

Having an interface in the 192.168.178.0 /24 network on each of the switches and the Router seems odd to me. The topology doesn't look like something I would expect to see.

Thanks

Paul Morgan · ‎11-14-2014

No need for a trunk since the switch is layer 3 and R1<>SW1 is only carrying one vlan.

The topology is really simple. All traffic bound for addresses off the LAN are forwarded to Vlan178. Simple.

All SAN VMs are Vlan177.

The L3 switches should pass traffic bound for Vlan177 straight into it, not to other switches. This doesn't happen and I cant see why?

Vasilii Mikhailovskii · ‎11-14-2014

Your Router has following in routing table:

S 192.168.177.0/24 is directly connected, GigabitEthernet0/0

It means you leverage on proxy-arp to reach out the local network (192.168.178.0/24).

That is why you use different switches per destination - whichever answers first on your ARP request, becomes your gateway.

For sure, that is not a good design and you need to run either routing protocol or FHRP on the switches.

Paul Morgan · ‎11-14-2014

Excellent. Well spotted. I didn't think of that. The static routes were legacy from before we had L3 switches. I have removed them and tweeked the routing and it is working normally now.

Many thanks. !!

devils_advocate · ‎11-14-2014

How do you mean they are in a ring?
Do you mean they are stacked?

Generally just one L3 switch per 'network' will be routing, the others will simply be layer 2.

We really need to see your topology and your configs if possible.

Thanks

My Layer3 switches are not routing intervlan traffic correctly