See attached drawing, please.
I have about 300 vlans that terminate on the WSR01 and WSR02 routers on site 1. We want to integrate those vlans into the routed domain of the site 2. Thats why we have the routed ethernet connection in BLUE.
Here is the challenge. In addition to those 300 VLANs that are already terminated on the WSR routers, there will be 4 more management vlans, and with those vlans, we may want to extend them across the inter-site link and would like to terminate them (create the L3 interface for them) on switch 1 and 2 at site 2.
One client engineer is proposing the following: That instead of terminating the ethernet inter-site link on routed interfaces at both ends, that we do so instead on switched interfaces, make it a trunk, pass the management vlans and extend them across to the other site. And instead of using routed interfaces, we just use the old SVI on each router method to extend the /30 point-to-point vlan, thereby allowing routing updates to pass for the other 300 vlans that we do NOT want to extend pass those WSR routers.
Does this make sense?
Yes it makes sense if you want to extend some of the management vlans across the link. Other possible options
1) Use a separate link for just L2 management vlans - obviously costly.
2) Look into L2TPv3 which allows you to extend L2 vlans across a L3 routed WAN - depends on whether your routers support on each of WAN link support it.
3) Use different management vlans at each site.
Personally if possible i would go with 3) because unless you have to have L2 adjacency for the management vlans it seems unnecessary to change the link to L2. But perhaps you do need L2 adjacency on the management vlans.
If you do then fine, go with his solution altho it's not clear what the routing devices are at each end of the link ie. do they support SVI's, are they actually L3 switches. Note if they are L3 switches then you can rule out option 2) from above.
Obviously you need to be very precise on which vlans are allowed across the trunk link.
Forgot to mention. If either end of the ethernet link is a L3 switch don't run VTP between them as an extra measure. Make the switch in site 2 VTP transparent and then just add your management vlans.
Sorry, i keep forgetting to add things - not one of my better days :-)
The reason i suggested option 3) is because if you turn the link into a L2 trunk you have now obviously extended the L2 domain between sites. If a loop was created in ine of the management vlans this could then have a knock on effect to the other site. In effect a broadcast storm, for example, could take down your link. Having said that, if it is management vlans you are extending you should have more control over those then user vlans. Just obviously make sure vlan 1 is not one of the management vlans.
With L3 this can't happen.
Jon, those were really GREAT ad informative answers. if this isnt one o fyour better days, I am looking forward to when you 'are" on top of your game! :-)
I agree with you.
I was thinking of the L2TPv3, but seemed more like a pain than it was worth.
The second link is costly, so that isnt going to happen, I think.
I think the best solution is to leave it a routed connection and terminate the management vlans at site 1 and be done with it.
As I see it, there is no real reason to have to extend the management VLANs across to the other site.
The knowledge that you applied to help this person out....
is that CCNP knowledge, CCIE knowledge, or just experience. I read alot of your, rburts, leos, and a few others, and just wondering how in the blue blazes your so on top of things. I guess what I am asking is would a CCNP be able to have answered that, or does it take a CCIE? or maybe not the cert, but the equivilant experience.
I start my first two CCNP courses this fall, but have already started reading Cisco Press Advanced Routing (for 642-901) to be 10% as smart as you :)
Firstly many thanks for the complimentary words.
Unfortunately i may not be the best placed to answer your question but i'll give it a go :-).
I've not done much certification. I did have CCNA a while back but it has long since expired and from reading posts on these forums i think the CCNA i took was very different to the one you take now. I do have a number of CCIE books on Routing/Switching etc. and these i use as my reference books when the Cisco doc's get a bit cryptic which they can do :-).
Also i have been an engineer and a network designer and the design side does help you visualize how things will work.
Personally i believe getting the concepts clear in your head is more important than knowing every single detail of a particular technology, the details can be filled in with command references, configuration guides etc. I have been lucky enough to be both an engineer and a designer and the design side of things certainly helps with the concepts side of things.
But there is no doubt that the more you know and understand things the better you are both as an engineer and a designer.
How you get this knowledge doesn't really matter. I tend to read up on a subject and then play around with it either in a physical lab or using dynamips. But using certification to obtain that knowlegde is just as valid a way of doing it. Key thing for me is that you must be really interested in what you are doing.
As for experience, well it goes without saying that is one of the most important factors. It can be daunting for people because unlike studying, practicising etc. it's not something you can get unless you are in the industry. So it can be a major barrier to progression. But i would still argue that a person with no practical experience of a particular technology who has studied and understood it is in a much better place than someone who has no experience and no knowledge of it.
And then of course there is the stuff you don't learn through CCNA/CCNP/CCIE eg. which modules work with which supervisor in a 6500, and these sort of things you just pick up as you go along. My first network job involved using 6500 switches and my experience of LAN switching/routing is still stronger than my WAN experience. Ask me to configure a DSL router/RAS server and i'm off to the docs, ask me to configure a 6500 switch and the docs are only there as a backup.
Finally a lot depends on the person themself. I have worked with CCNA's, CCNP's and CCIE's and each person is different. I've known some CCNA's who could answer this question and some CCNP's who couldn't etc. Doesn't make those CCNP's bad, just that they may not have the right level of knowledge/experience in that particular technology.
That's about the best answer i can give, hope some of it helped and apologies to anyone else if i've bored the pants off them :-)
Good luck with your CCNP studies.