VPLS Design

de1denta · ‎02-05-2012

Hi,

I need some help with a VPLS design.

We currently have 3 sites connected by a VPLS network, 1 HQ and 2 remote offices. All sites are connected by a single link into the VPLS using a dedicated SVI on the terminating switch for the VPLS network - VLAN 10 - 192.168.10.x. OSPF is running on on the VPLS interfaces in area 0.

We are planning to add a second VPLS link to our HQ office for redundancy and I need to work out the best way to configure the switches. If I add the second switch with a trunk to the first, create a new SVI in VLAN 10 on the new switch and connect to the VPLS, I assume a loop will form and block one of the VLAN 10 interfaces, see attached (I can manipulate STP to block the second VPLS link instead of VLAN 10 on the trunk). If the primary link fails then the second VPLS will start forwarding.

Is this an acceptable design for VPLS and has anyone had any experiences with this type of setup?

I did consider changing the VPLS interfaces to routed interfaces or disabling VLAN 10 on the trunk to prevent STP but rememebered that we have firewalls attached to the HQ switch in the VPLS network provding a default route for all sites. Is it recommend to have firewalls in area 0 or should these be moved to a seperate subnet in a seperate area?

Thanks,

Kishore Chennupati · ‎02-05-2012

Hi Will,

When you bring up your second link let your SP know about the setup.Your SP should run STP on their u-PE's then it shouldnt be a problem as STP will look after the loop problem. This is a common setup that you have where the customer has a backdoor trunk between the switches.at a particular site.

You can place the FW's in the same Area , that shouldnt be a problem.

Let me know if you need more info.

ebarticel · ‎02-05-2012

If you will run OSPF why not use it to provide backup? You can have trunk links between switches and STP will take care of loops (make sure the management vlan is same on both switches), then create a static route pointing to the backup path you want to have and change the AD (greater than OSPF AD) for static route. OSPF will use the main link and if it goes down then will add static route to routing table.

Hope this helps

Eugen

de1denta · ‎02-06-2012

Thanks.

I will configure the new switch with a VLAN 10 SVI and trunk between the switches, I will et the ISP know this and hopefully STP will block the secondary link.

I will still be using OSPF to provide redundacy in the event that one of the switches fail. I assume that even though one of the VPLS links are blocked, both HQ switches will still appear in VLAN 10 and will maintain an active OSPF adjacency with all of the VPLS switches.

One other question, as the remote offices only have a single link into the VPLS, is it recommended to filter BDPUs on the remote switch VPLS interfaces?

Thanks,

ebarticel · ‎02-06-2012

How are the ports configured? If they are access ports you should configure BPDU guard. If they are trunk ports just filter the vlans that you don't want to cross that link.

de1denta · ‎02-06-2012

The ports facing the VPLS will just be access ports configured in VLAN 10. If I configure BDPU guard on these ports wont they go into error disable when they recevice BDPUs over the VPLS from the HQ switches which have to participate in STP?

ebarticel · ‎02-06-2012

An acess port should not receive BPDUs and BPDU guard protects that switch from going into trunking mode if it receives a BPDU ( usualy if you have RSTP running a port changes from access to trunking if it receives a BPDU).

Hope this helps

Eugen