Passport 8600 Core Design

[mmits]

We've just purchased a second passport 8600 for our data center. Currently we have a single layer3 switch (8600) fornt ending our main routers. Im looking for some design help in setting the second 8600 in place to ease the burden on the first and also to provide some redundancy.

One solution I've come up with is to simply, trunk the two together with all port-based and protocol bases VLANS on both, VRRP setup for links to the routers.

Any ideas? Any one done this before?? Is it even worth it to have the second? The first is getting pounded CPU utilization wise.

 

[whiskeytrain]

How large is your network? We have had single 8600's in place on large installs and the CPU's have never worked very hard.

 

[mmits]

New to the company...but existing 8600 has 9 VLAN's, all protocol based, roughly 25 routers, many hanging off two LANs. I believe there are 3 IP based VLANs that should have been port-based. Traces show an awful lot of packets heading to the CPU for resolution, which means somebodys not sitting where they should be or VLANs not setup correctly..thing is, they bought the box already and its sitting in the data center, now I have to install it in a working network..but yeah, certain times the CPU maxes out..

 

[whiskeytrain]

Sounds quit complicated. You mention that there are 9 protocol based VLAN's on the 8600. What are the 9 different protocols that are defined for the VLAN's? What type are the other 25 routers? Are they directly connected to the 8600? Brief CPU spikes are not uncommon in large networks, are yours 100% sustained (10 to 20 sec +?) The CPU is used when the box needs to make some sort of non-switching decision. Relearning ARP, routes, bla bla...
It would seem that your network is in flux. Is it an exteremely dynamic network with lots of stuff coming on and off line frequently?

 

[mmits]

No, not really. There isn't offline issues, the subnets are very large broadcast wise, and as I mentioned the IP bases subnets tend to send a lot of packets to the CPU for resolution. There are nine vlans, 1 port based, 3 IP based, AT, LAT, 2-Decnet, etc...basically, my idea s to ceate 3 port based VLANs, assign IPS, lay the protocols bneeded across the top of the port based to handle any extra protocol needed traffic.

The issue is design wise- I wanted to get input on how to configure the 2nd passport for optimal performance and redunancy. HAve the usual ideas, VRRP, and MLT, and switching to port based VLAN.s, as Nortel recommends...but was hoping someones done it before and could run me some of their experiences and issues.

 

[NMSman]

Hi , i'm Pete and i've done many Passport designs before, including adding a second one to a single Passport setup. If you can send me your configuration and a diagram, i will be able to help you further.

 

[whiskeytrain]

Are the 3 IP based VLANs really subnet based VLANs?

 

[mmits]

Not subnet based, Ip protocol based, its got to ID as IP to be admitted.

 

[mmits]

NMSman, Pete, shoot me your contact please, I cant seem to find yours..mmits@yahoo.com