Solved: Need Advice for redundancy between two Nos of 4510R-E - Page 2

Dipesh Patel · ‎10-21-2009

Dear All,

Pls suggest me the configuration for two Nos of 4510R-E chassis with 2 nos of SUP V plus 2 10GE.

On both switches config must be same.

Config will include 1 backbone vlan and some static routes.

I want to implement redundancy of Backbone for distribution using HSRP and also SUP redundancy.

Also want to know the config for using 3 nos of link between two 4510R-E .

Pls give me the sample config....

Regards,

Dipesh P.

Giuseppe Larosa · ‎10-28-2009

Hello Dipesh,

>> - If I will create all the Vlans ( total nos of Vlans are 60 to 70 ) on both CORE.

this would extend the STP reach from access layer to distribution to core.

Also in a previous post you had said that the different distribution switches are using the same vlan-ids but they associate them to different IP subnets.

So this is something that would make difficult to move intervlan routing to core devices.

drawbacks are that core-distrib links will be more used by broadcast traffic in all vlans.

Also the campus network will be more exposed in case of bridging loops (that can happen I see this on my job).

Usually all designs agree on having L3 duties on distribution devices.

the static routes will be removed but at an high price.

not recommended

MST: only if supported in all devices.

VTP:

at least one VTP server is needed in one domain, if you want to join two vtp domains this is something that would need attention

Edit:

object tracking would be complex: you would need to track 13 different IP next-hops (one for each distribution in backbone vlan2)

So you would need to configure 13 probes, one for each next-hop, the IP flows representing each probe have to locally policy routed.

Hope to help

Giuseppe

Dipesh Patel · ‎10-28-2009

Thanks Man,

So It's clear now that the existing topoloogy is ok. Only thing I have to think is about static routing.

I will post OSPF config tomorrow for confirmation weather it is ok or not.

And one more thing : Can I make ARP time out reduce to 1 hr and Cam table time out to 1 hr. Will it be solve the problem ?

Reply Soon,

Dipesh P.

Dipesh Patel · ‎10-29-2009

Dear,

Can you pls, Give me the OSPF config for CORE accor. to my Static IP route.

and OSPF ofr Remote Router Config.

I am very much confusing about which IP segement I should take in Area 0 and which in others?

Pls help.

Dipesh P.

Giuseppe Larosa · ‎10-29-2009

Hello Dipesh,

I had already provided an example of OSPF configuration in a previous post:

with a dynamic routing core switches and a distribution nodes just need to share a common IP subnet: the distribution node will advertise all client Vlans IP subnets.

>> from previous post

OSPF uses areas, in a single or multi-area design.

I would suggest one area per site

0 backbone area

101 this site made of Cisco devices

other sites will have their own area-id

distrib config (the same for all distrib in this site)

router ospf 10

network 0.0.0.0 255.255.255.255 area 101

core config

router ospf 10

network 10.0.100.0 0.0.0.255 area 101

network x.x.x.x 0.0.y.y area 0

where x.x.x.x represents links to other sites.

The choice of areas is for all the internal links of each site.

Area 0 needs to be used in all inter-site links.

take time to review the design guide link I've provided in that previous post.

Hope to help

Giuseppe

Dipesh Patel · ‎10-30-2009

Dear,

I am attaching the simplified config and topology dia.

Can you pls give the configuration for the following things?

1. STP config.

2. HSRP config for CORE and DISTRIBUTION

3. Daynamic Routing for both CORE and DIST. ( OSPF )

Pls help.

Regards,

Dipesh P.

Giuseppe Larosa · ‎10-31-2009

Hello Dipesh,

I've opened the documents you have attached to your last post.

Before answering to your questions let me write some notes:

1) I see you have a single management vlan 1 that spans on all the site.

You could consider two possible changes:

to use a per switch block management vlan to avoid to have a single vlan that spans in all campus

and to avoid to use vlan1 that is not recommended for security reasons in L2 security best practices.

2) your picture shows two distribution switches per switch block: my understanding was you have only one distribution for switch block and you provide part of configuration of only one.

Again if distribution switches were two this redundancy should be managed by using HSRP also on the client vlans.

In the following I suppose you have only one distribution node per switch block

Answers follow:

Q1) STP and VTP

if all devices are in VTP mode transparent mode you need to manually create vlans in all devices.

Example

! create L2 vlan vlan2

conf t

vlan 2

name backbone

about STP: you should enforce STP root bridge election not only on cores but also on each distribution

switch block1

spanning-tree vlan 3,4 priority 16384

switch block2

spanning-tree vlan 5,6 priority 16384

and so on. Each distrib should be root for client vlans of its block.

Q2) HSRP

your configuration could be tuned with some tracking action, but note that HSRP would be not used if OSPF is deployed.

As noted above if there are two distrib nodes per block HSRP should be deployed for each client Vlan of the block.

Q3) OSPF

here I suppose you still have vlan1 that spans in the whole campus, if you implement per block management vlan minor changes are needed.

core

router ospf 10

network 10.0.2.0 0.0.0.255 area 0

network 10.0.1.0 0.0.0.255 area 101

! to propagate knowledge of static routes of other non OSPF speaking sites:

redistribute static subnets

!

Edit:

this was a point I had left unclear core switches can inject in OSPF routes equivalent to static routes to distribution devices

to access the internet a default route is needed, also this has to be addressed

default-information originate

! end of ospf config on core devices

Note:

on core you can remove only static routes pointing to OSPF speaking devices

distrib block1

router ospf 10

network 10.0.2.0 0.0.0.255 area 0

network 10.0.3.0 0.0.0.255 area 101

network 10.0.4.0 0.0.0.255 area 101

(same config in second distrib node if any)

distrib block2

router ospf 10

network 10.0.2.0 0.0.0.255 area 0

network 10.0.5.0 0.0.0.255 area 101

network 10.0.6.0 0.0.0.255 area 101

Hope to help

Giuseppe

Dipesh Patel · ‎10-31-2009

Thanks Giuseppe,

This will help me a lot.

You have said that HSRP will not work with OSPF. Why?

Yes there are two Dist. and redundancy will be provided using HSRP only that is configured on client vlan.

With are 30 sites are there which connecte to this site all have static route.

So it is ok if I implement ospf for Local site intranet communication and for outside I will continue with static routes?

Regrds,

Dipesh P.

Giuseppe Larosa · ‎10-31-2009

Hello Dipesh,

>> You have said that HSRP will not work with OSPF. Why?

to take advantage of OSPF you should remove those static routes on distribution using as a next-hop the HSRP VIP in backbone vlan.

if you don't do this you are still using static routes for distribution to core routing!

>> So it is ok if I implement ospf for Local site intranet communication and for outside I will continue with static routes?

I think this can be a good first step.

In previous posts you have described remote sites as multi vendor.

For this reason the choice of OSPF as routing protocol.

You can then perform an analysis of each remote site to classify them in two categories:

OSPF capable core/distrib in remote site

OSPF not capable devices in remote site.

sites of second category need to use static routes. FINISH

sites of first category can be migrated one by one to OSPF.

You may find some subtle issues in using OSPF in multi-vendor context.

You need to look at nortel or other vendor documentation.

the line guides are the same:

core links in area 0

other links in a specific area per remote site.

be aware that Cisco allows area-id = number.

other vendors use:

area-id =x.y.z.k

like an IP address

so area 0 becomes 0.0.0.0

Again I think that migrating this first site is a good first move.

Later you can extend OSPF to other sites.

Hope to help

Giuseppe

Dipesh Patel · ‎11-03-2009

Dear Giuseppe,

I have prepared the config for the dia attached.

Pls varify it.

If you find any thing i need to add than pls mention.

I am attaching Simple topology Dia. and config for the same.

Pls Help ....

Dipesh P.

Giuseppe Larosa · ‎11-05-2009

Hello Dipesh,

sorry for late answer.

I've read your config template and network diagram and I think it is correct.

again if distribution switches are two in each switch block you should use HSRP on client Vlans.

I see also that you have introduced a per switch block management vlan (vlan1) and that you are advertising them.

Hope to help

Giuseppe

Dipesh Patel · ‎11-05-2009

Dear Giuseppe,

Thanks,

I m going step by step .

1st I will implement this part and than move to other part like 2 dist.

Any thing shuld I add in this ?

OSPF part is correct?

router ospf 10

network 10.0.2.0 0.0.0.255 area 0

redistribute static subnets

default-information originate

ip route 0.0.0.0 0.0.0.0 10.0.2.250

ip route EXT_SITE1-WAN 10.0.2.250

ip route EXT_SITE2-WAN 10.0.2.250

ip route EXT_SITE3-WAN 10.0.2.250

ip route EXT_SITE4-WAN 10.0.2.250

ip route EXT_SITE1-LAN 10.0.2.250

ip route EXT_SITE2-LAN 10.0.2.250

ip route EXT_SITE3-LAN 10.0.2.250

ip route EXT_SITE4-LAN 10.0.2.250

I had given 0.0.0.0 0.0.0.0 10.0.2.250

and also ospf. IS it ok ?

default-information originate is also ok ?

Im confused in this part.

Reply soon.

Dipesh P.

Giuseppe Larosa · ‎11-06-2009

Hello Dipesh,

the OSPF configuration is correct.

default-information originate generates an OSPF default route 0.0.0.0/0 that is sent in the OSPF domain.

To work a local default route has to be present in the routing table provided by any means with the execption of the same OSPF process.

so the static default route is needed and 10.0.2.250 has to the next-hop to the internet router.

note:

I suppose all this on the core switches, it is not needed at distribution.

the redistribute static allows for injecting OSPF routes corresponding to normal static routes (it is not able to inject a default static route) so it is fine to provide information about the remote sites' IP subnets.

Hope to help

Giuseppe

Dipesh Patel · ‎11-09-2009

Dear Giuseppe,

I have marked some STP features with RED in dia. attached.

Is it ok or pls give some suggation.

Dipesh P.

Giuseppe Larosa · ‎11-09-2009

Hello Dipesh,

STP loop guard has to be enabled on both sides of each link and on link(s) between the core switches.

UDLD aggressive can be too much however again has to be enabled on both sides of the links.

I recommend also broadcast storm-control at 1% if supported it helps.

Hope to help

Giuseppe

Dipesh Patel · ‎11-09-2009

Dear Giuseppe,

I can not understand what you have said ?

U mean to say that I should enable loopguard on both side of the link connected between CORE and Dist which I have shown at only on Dist SW?

And What about UDLD ? Is it ok or What should I use?

Pls suggest STP tuning for the said dia.

One Problem is there in our existing Topology :

Logs and runnning Config is shown in attached file.

Pls suggest what should I change in config ?

Some time Ports go in to errordisable state and NW was down.

Yesterday also the same thing happen and I could not find any log for the same.

Pls suggest.

Reply soon,

Dipesh P.