?
Solved

Redundant Cisco 4948E network design

Posted on 2013-05-10
9
Medium Priority
?
1,305 Views
Last Modified: 2013-05-13
Hello,
I have two racks in a dc, the first (old) rack has a Cisco 4948E switch with an 10gig uplink to the DC Cisco switch (managed by them, I don't remember the exact model but it's something new and takes about 4-8U).

All the servers in the first rack are connected to the Cisco 4948E gigabit ports. This switch is operating as Layer3 switch with vlans and vlan interfaces. Each customer has it's own vlan and the Cisco 4948E is his gateway. The uplink port sits inside Vlan1 which has /29 IP configured and a default route to the DC's Cisco.

The new rack installed with a new Cisco 4948E switch. Currently there are no servers (yet) connected to him and his uplink is to the same DC's Cisco. This switch also use 10gig port for the uplink connection.
I asked the DC to put both switches in the same Vlan (from their side) so the new Cisco 4949E has an IP from the same /29.

The desired goal is to achieve redundancy, I would like to interconnect those two racks, using another 10gig connection between the Cisco 4948E switches.
The purpose is to eliminate single point of failure of one of the uplinks so I will have a redundant network path in case one of the uplinks goes down, and also to have load balancing and/or an ability to use the same IPs on both switches so that I can connect  2 HA x F5 LTMS with a floating IP each of them to other Cisco 4948E switch.
Thus i would like to connect a server to 2 F5 LTMs and gain a redundant highly available solution.

Both switches IOS support IP routing  and all features.

I am not sure how to do it and what is the correct design topology.

I thought to create a trunk between the switches but probably STP will kill one of them.
DC team are ready to perform any needed changes or configurations on their switch.
I also thought about etherchannel but in my case I have two physical switches which are not stack-able (as far as I know). I ready about VSS technology which is also, unfortunately, not supported at those switches.

So I am not sure what is the correct way to do what I want.
Perhaps Layer 3 redundancy.... or some game play with L2 and STP.
All links must be active, both switches and f5 ltms have to be active-active, the ltms have a floating IP.

I need help to understand what are the recommended designs, which are available. If I a doing a mistake then I am ready to change the topology and rebuild it the right way.

Thank you very much.
0
Comment
Question by:m4dd0g
  • 4
  • 4
9 Comments
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39155593
First question, is the new 4948E uplink will be connected to the same DC cisco switch?(where old one is connected)

If yes, then no point of discussing because it will fail the main concept of redundancy.

If no, then let's first get the cabling done. If DC1 and DC2 are cisco switches and your switches are Sw1(old 4948) and Sw2(new 4948), then the cabling should be,

DC1 --->sw1 (1 uplink)
DC1 --->Sw2 (1 uplink)
DC2 --> Sw1 (1 uplink)
Dc2 ---> Sw2 (1 uplink)

Above should be the standard implementation. You can view it as a criss-cross kind of a thing.

Once it's done we have the option of implementing HSRP/VRRP/GLBP (4948E supports all).

Which is your priority? Load balancing or redundancy?

Best,
0
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39155632
Please note, load balancing works well in intranet, not on internet. You will have the option of load balancing only for the outgoing traffic, not the incoming one. This might cause issues in some cases. For load balancing to work perfectly both source and destination network should be controlled  by you.

If you want to load balance between only between 2 racks, can be done.

Best,
0
 

Author Comment

by:m4dd0g
ID: 39156012
Thanks for reminding me about HSRP/VRRP/GLBP I totally forgot about this features.
The servers actually server so 90% of the traffic goes out but incoming traffic should be also balanced in case of DDOS attack i want each uplink receive half portion of incoming flood to each F5 ASM.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 17

Expert Comment

by:surbabu140977
ID: 39156088
it's a bad thinking that you will divert certain % of traffic  to one ASM and rest to the other. The ASM's should be in a redundant configuration so that if one fails, the other takes over.

Switch should divert traffic to ASM,(which is in redundant config)  which in turn will protect  your applications.

Best,
0
 

Author Comment

by:m4dd0g
ID: 39156302
I view F5 as a single device since F5 supports clustering ha with a virtual floating ip in a master master configuration. Which can advertise its VIP dynamically , each time, from one of the siblings.

I understand somewhere in the redundant design there must be a layer 2 pair, stacked or virtualized ?

I need both load balancing and redundancy.
0
 
LVL 17

Accepted Solution

by:
surbabu140977 earned 1500 total points
ID: 39157759
I am not sure how 4948 will throw 50% incoming traffic to each F5. Traffic policing is an option but looks like not the very best design. Did you speak with F5 guys?

You already have 96 ports in 2x4948, you still need more L2 ports?

Best,
0
 
LVL 7

Expert Comment

by:diepes
ID: 39158061
On the uplinks and F5's are you using private or public IP's ?
0
 

Author Comment

by:m4dd0g
ID: 39158090
public ips
0
 

Author Comment

by:m4dd0g
ID: 39160890
thanks guys,
I am going to resolve it with new pair of 4500-x aggregation switches using VSS.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question