I have two 4507 core switches (collapsed core) doing intervlan routing and running hsrp on each vlan. The 2 cores are connected via L2 etherchannel links. Core 1 is active for all vlans & core2 is standby.
I have one 2821 router connecting this site to our central site. I am running osppf on both the cores and the 2821. Since Core 2 (standby core) has an rj45module, I created a Vlan interface on core 2, ip address 172.16.214.225 /27, did not include hsrp for this vlan, moved an rj45 port (rj45 module on core 2) under this vlan and connected the 2821 router ethernet port (ip 172.16.214.226) to this port on core 2.
Connections are running fine now. I want to know if I create a second svi on core1, say 172.16.214.200/27 and connect the routers second ethernet interface to a port under this vlan (using GLC-T on the 4507 SFP module) in order to have ospf load balancing hence router redundancy, is this a safe design, without routing loops? Any considerations about this design?
All feedback is appreciated
Solved! Go to Solution.
In my opinion a better approach would be to
1) Connect the 2821 to both 4500 switches
2) Configure the ports on the 4500 as routed ports ie.
ip address x.x.x.x x.x.x.x
3) You can use a /30 for each connection.
This way there will be 2 equal cost paths from the 2821 to the 4500 switches.
Thanks jon for the quick reply.
Just out of curiousity, having 2 SVIs and connecting the router ports to layer 2 core switch ports under these vlans (as I initially did) would work or not?
BTW, ". . . ospf load balancing hence router redundancy . . .", router redundancy is good, but on a 2821, assuming your Ethernet connections are 100 or better, you don't really need to worry about load balancing. The router can struggle with one loaded 100 Mbps link.
The links are actually Gigabit, but thanks for the tip.
My main aim was to avoid having a single physical connection from the cores to the router. I will monitor bw and router cpu, and if it is high, I will plug the router to an intermediate switch which is connected to both the cores.
Although a 2821's Ethernet interfaces support gig, it's sometimes better to run the interfaces at 100 to keep the upsteam devices from easily overtaxing the 2821's performance accepting their Ethernet packets in bursts.
Yes I understood your aim was to avoid just a single connection from cores to router, which is valid and important, but using an intermediate switch could just impose a new single point of failure without real benefit unless it slows the traffic rate to the 2821 which can just as easily be done from your cores.
Traffic from the 2821 isn't usually an issue since the WAN side bandwidth is usually well within the performance capacity of the router.
BTW, gig into the 2821 isn't always a problem since the WAN also tends to bottleneck the outbound transmission rates. This being so, slowing input to 100 Mbps is still often much faster than the WAN side, yet avoids gig bursts into the router. However, if your overall utilization is low, running the 2821 Ethernet interfaces at gig might work just fine too.
Thanks for the valuable points.
Since I was planning to use a GLC-T in the sfp module of core1, this limits me to gig speed only. I could use the sup ethernet port, but I am not comfortable with that.
What do you recommend?
Oops, overlooked the GLC-T in your first post.
If you have any other 10 or 100 Mbps copper ports that are available on the core switches, you might use one of those. (I assume 10 Mbps will also be faster than the WAN connection.) A copper port would also save you the cost of the SFP.
If you're really stuck with the using the gig only GLC-T, you can try it. It might just be fine. If it's not, you could place a 8 port 2960 in-line to down the speed from gig to 100 or 10. If you go the in-line 2960 path, since they only provide 1 gig port, you would either need two, one for each core link, or use one but cost the path so OSPF only uses it unless it fails.