Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Designing network edge

Status
Not open for further replies.
18121999

18121999

Technical User
May 27, 2002
22
GB
Hi guys,
I wonder if some of you gurus might help me. I am in the process of designing the edge of our network which connects to 5 other sites. We have purchased 2 6500 switches and to this is connected the LES connections to the other sites, the firewall and other such edge devices.
Would you advice routed p2p links with the core devices or hsrp/glbp etc. I want complete resilience but I'm not too concerned with load sharing as there does not appear to be too much traffic traversing the link.

Currently the routing protocol in use is ospf and the core devices are currently connected directly to another switch which has the LES connections to the other sites. This will be decommisioned once the edge switches are in live.
The core switches and all the core switches in the 5 sister sites are all in area 0 so all routes are seen by all the 6 sites without any further effort.

My questions here are:
1. Should all the sites be in are 0 or should they be in separate areas? Please give reasons.
2. I now need the edge devices to run ospf as well, should I just put this in area 0 too or should the core and edge be in separate areas, please advice as to how to correctly design the ospf.
3. Any tips on designing the edge and how it should connect to/work with the core.

There are currently quite a few vlans in the core but I want to change these to routed links with the distribution switches and the server farm, any pointers.
I need the two edge switches to be in a completely resilient design with all edge devices connecting to them both and automatic failover, any ideas on what to do, should i implement pbr? all the cabling is in place i just need to configure the devices.
I know all this is probably as clear as mud but please ask me any questions, I appreciate the time you've taken to read this long post.
Thanks,
Martha.
 
Sort by date Sort by votes
Your OSPF design will really depend on if your topology is a full mesh or if you are running a hub and spoke with your remote sites

I need the two edge switches to be in a completely resilient design with all edge devices connecting to them both and automatic failover, any ideas on what to do, should i implement pbr?
Click to expand...
So if the 6500's are on your enterprise edge, what is running in your core?? Do you have multiple incoming connections for the 6500's from your service provider?? Can you upload a .jpg of your current network infrastructure??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
How many routers are there currently in your OSPF network?
 
Upvote 0 Downvote
Thanks Baddos and unclerico for your responses. We have two 6500's which are connected to 6 distribution blocks. The DB's are in separate stub areas.

I have been advised that it is best to have the edge devices in Area 0 and have the core router as the ABR for all the areas so I'll do it that way although I'm not sure if its better to combine all the DB's into a single site ospf area or just leave it as it is for now.

There are 6 sites, at the moment all the sites core devices are all in area 0. When I get round to putting edge devices into the other sites than I will configure a site ospf and have the core as the ABR.

To answer your question Unclerico, the connection to the ISP router is via the firewall which connects to the edge switch. There are two firewalls configured for automatic failover.
I need to configure pbr between the two edge switches/firewalls to ensure we have a fully resilient connection but dont know where to start, any advice would be much appreciated.
Thank you.

 
Upvote 0 Downvote
Could you put together a diagram of your topology using Visio or something?? I am interested to see this

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I'm trying to attach a diagram but failing miserably :(
 
Upvote 0 Downvote
Do you have an account with box.net or anything?? you could upload it there, share it, and then post the link here.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
No,I dont.

Regarding links between my two core devices and my ditribution blocks which have the connection (currently not configured) to each core switch, how would you advice these are configured?

My current options are to use routed point-to-point links between each dist switch and each core devices and have ospf handle the failover
or
Configure layer 2 trunks - all ip routing would be handled by the core. The 2 core switches have multiple links to the dist switches would be via layer 2 ether-channel trunk and the core switches would run HSRP on the SVI interfaces over VLAN instance, providing failover layer 3 IP connectivity.

My understanding is that we should try to avoid having trunks in the core so that is why I am leaning towards the routed P2P links but can I convince the powers that be at work that I have put in the most efficient,resilient solution?

A similar confusion also arises in the connection from the core switches to the edge switches, again I have abled up the connections so each core switch connects to an edge switch and toe each other but I dont know whether to use routed P2P links. Can I still run hsrp over this.
Do I have all the edge and core connecting interfaces in the same subnet? Please give some config sample to help with this.

EDGE1------------EDGE1

| |
| |
| |
CORE1-------------CORE2
| | | |
| | | |
| | | |

4 Distribution blocks

(each with dual connections to both core switches (currently not configured).

Please pardon the rough depiction.
Any help will be much appreciated.

 
Upvote 0 Downvote
go here and upload the image, no need for an account;



------------------------------------
Dallas, Texas
Telecommunications Tech
CCVP, CCNA, Net+

CCNP in the works
 
Upvote 0 Downvote
It depends on your edge devices. If you have a lot of money and they agree to buy edge switches which will run ospf (expensive) then A routed design would work . If you have the edge with something like 2960 or even 3750 or 3560's with the ip base then you have to have the routing on the core and trunks to the access layer with hsrp . Both work pretty well if set up correctly.
 
Upvote 0 Downvote
Thanks Dallas, I will get the image uploaded later, websense at work is preventing access right now.

Vipergg, thanks for your response, the edge switches (3750'5) have alraedy been purchased and I intend to configure them with ospf as part of Area 0.

Please see my plan of action below and advise, any tips on how to ensure it is set up correctly? I am more concerned about connections between the distribution, core and edge devices.

1. Distribution switches would have links to both core switches using p-t-p links with the OSPF cost determining the primary route and the 2nd connection simply as backup. There is no load sharing primarily because I can't implement glbp due to the DS's not being Cisco.

2. Core - both core devices would be connected by p-t-p links and there would also be p-t-p routed links between the core andedge devices so again no hsrp.

I have currently cabled uo CS1 to ES1 and CS2 to ES2, both edge switches and core switches are connected to its partner switch but it is not actually fully meshed as such i.e CS1 does not have a connection to both edge switches and vice versa yet. I will check that the cabling exists and if it does implement p-t-p links but if not the use hsrp, but I agree with your recommendation not to use HSRP between the core switches and the edge devices and would really rather not.

3. The edge - I will implement a common subnet between the edge devices and the encryption devices and use hsrp here.

I have not considered the scenario where both encryption routers are unavailable, that would be incredibly unlucky and I suppose if that happened they would not be able to send the protected data as it has to be specially encrypted using one of these devices.

I will definitely implement RSTP.

I would like to implement PBR though but dont know where to start, any pointers?

Thanks.
 
Upvote 0 Downvote
Thats cool just make sure they ordered the 3750's with the image thqat supports dynamic routing like ospf , the base ios does not and then you are tasked with buying upgrade licenses from cisco to do that .
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
144
Luzbel
Luzbel
CDIV
  • Locked
  • Question
EDGE SWITCH 1
Replies
1
Views
60
VinceWhirlwind
VinceWhirlwind
CDIV
  • Locked
  • Question
Help me build a network
Replies
1
Views
84
burtsbees
burtsbees
bmiller23
  • Locked
  • Question
Issues Between Cisco Network & NVT Phybridge POLRE 8 Port Extender
Replies
13
Views
260
VinceWhirlwind
VinceWhirlwind
telklass
  • Locked
  • Question
Network + Subnet Mask
Replies
2
Views
78
burtsbees
burtsbees

Part and Inventory Search

Sponsor

Back
Top