Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNP) > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts)
2298 Views 10 Replies Latest reply: Sep 19, 2011 6:07 AM by Todd RSS

Currently Being Moderated

Deploying the L2 /L3 Boundary at the Distribution Layer

Sep 18, 2011 11:38 AM

Todd 6 posts since
Sep 18, 2011

Hello, when deploying the L2 /L3 Boundary at the Distribution Layer and distribution switches have L3 interlink it looks like Figure 58 here.

VLANs 20, 140 use uplinks to the left distribution switch, VLANs 40, 120 use uplinks to the right distribution switch.

 

Tell me please, how to switch HSRP default gateway to right distribution in case of uplink failure between left access and distribution switches (VLAN 20 failover)? Right distribution switch does not have any VLAN 20 if I'm correct.

 

As there is L3 interlink and VLANs do not span switches - therefore HSRP failover not possible?

 

----

 

If right distribution switch DOES have VLAN 20 as well, then in case of this failure between D and A on left side, both distribution switches will be Active for VLAN 20 (they will both lose HSRP hellos in VLAN 20). So the returning traffic might come on the wrong left side and be then dropped (directly connected VLAN20 down).

 

Any ideas?

 

Thank you.

  • Currently Being Moderated
    1. Sep 18, 2011 11:51 AM (in response to Todd)
    Re: Deploying the L2 /L3 Boundary at the Distribution Layer

    In that diagram the links between the distribution and the access layer are Layer 2, with the inter-distribution link being Layer 3.  This means that both distribution switches must have all of the access VLANs defined on them, and here is why....

     

    This is typically referred to as a V-topology, since given the two distribution switches and any particular access switch, the L2 links form a V. HSRP communicates across multicasts for it's hellos, which will be propogated from the active distro switch down to the access switch and then subsequently will be forwarded up to the standby distro switch.

     

    The idea behind the V topology is that if either the active distro switch or the link to the active distro switch goes down, the standby will notice the drop of hellos and will grat-arp the virtual MAC for the VIP and will then start forwarding traffic.

     

    Does that make more sense? if not please let me know and we can try and clear up any other particular points.

  • Brian 2,971 posts since
    Aug 17, 2009

    Very nice explanation.  I used a sample configuration under the CCDP thread to basically say the same thing, but I do like how you articulated it in words so eloquently.

     

    Brian

  • Currently Being Moderated
    3. Sep 18, 2011 12:08 PM (in response to Brian)
    Re: Deploying the L2 /L3 Boundary at the Distribution Layer

    Why thank you sir!  You taking the time to build the config such as you did is equally impressive though. 

  • Currently Being Moderated
    5. Sep 18, 2011 12:46 PM (in response to Todd)
    Re: Deploying the L2 /L3 Boundary at the Distribution Layer

    Both Distribution switches will have all of the VLANs - that is how this works.  If you don't have the VLANs on both switches, you cannot fail over for L2 forwarding. 

     

    Yes, there is a failure potential. You can resolve that by tracking the uplink port for that access switch under the VLAN, so that if the port goes down, the SVI goes down as well.

  • Todd, I think you misunderstood me.  I meant using EOT : http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/fthsrptk.html

     

    By tracking the link state/line status of the local uplink on the distros, you can then shut down the SVI if the physical link goes down.  This then avoids the black hole issue if the SVI was being routed to dynamically. 

     

     

     

    With that said, any time you summarize you run the risk of black holing traffic, regardless of HSRP.  I would not advocate summarization in this case for obvious reason which you've discovered.

  • With a L2 link between the distribution switches, you have to rely on STP (whatever variant you are running), and that adds another caveat to bring up.  STP root has to be where the HSRP Active(primary) will be, and when HSRP fails over, STP should as well. 

     

    With that said, with the L3 link between the devices, you avoid the STP issue and rely on EIGRP.  Cisco has done studies(whcih I'd have to look up to find, but I can if you'd like) that says for typical campus design, routed to the access via EIGRP with tuned timers results in quicker convergence than even the best deployment of RPVST+(or any other L3 protocol for that matter). 

     

    FWIW the project I'm currently on, we're routing all the way to the access layer in the campus, so EIGRP controls it all.  Say hello to equal cost load balancing by default.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)