Redundant Cisco 4948E network design
Hello,
I have two racks in a dc, the first (old) rack has a Cisco 4948E switch with an 10gig uplink to the DC Cisco switch (managed by them, I don't remember the exact model but it's something new and takes about 4-8U).
All the servers in the first rack are connected to the Cisco 4948E gigabit ports. This switch is operating as Layer3 switch with vlans and vlan interfaces. Each customer has it's own vlan and the Cisco 4948E is his gateway. The uplink port sits inside Vlan1 which has /29 IP configured and a default route to the DC's Cisco.
The new rack installed with a new Cisco 4948E switch. Currently there are no servers (yet) connected to him and his uplink is to the same DC's Cisco. This switch also use 10gig port for the uplink connection.
I asked the DC to put both switches in the same Vlan (from their side) so the new Cisco 4949E has an IP from the same /29.
The desired goal is to achieve redundancy, I would like to interconnect those two racks, using another 10gig connection between the Cisco 4948E switches.
The purpose is to eliminate single point of failure of one of the uplinks so I will have a redundant network path in case one of the uplinks goes down, and also to have load balancing and/or an ability to use the same IPs on both switches so that I can connect 2 HA x F5 LTMS with a floating IP each of them to other Cisco 4948E switch.
Thus i would like to connect a server to 2 F5 LTMs and gain a redundant highly available solution.
Both switches IOS support IP routing and all features.
I am not sure how to do it and what is the correct design topology.
I thought to create a trunk between the switches but probably STP will kill one of them.
DC team are ready to perform any needed changes or configurations on their switch.
I also thought about etherchannel but in my case I have two physical switches which are not stack-able (as far as I know). I ready about VSS technology which is also, unfortunately, not supported at those switches.
So I am not sure what is the correct way to do what I want.
Perhaps Layer 3 redundancy.... or some game play with L2 and STP.
All links must be active, both switches and f5 ltms have to be active-active, the ltms have a floating IP.
I need help to understand what are the recommended designs, which are available. If I a doing a mistake then I am ready to change the topology and rebuild it the right way.
Thank you very much.
I have two racks in a dc, the first (old) rack has a Cisco 4948E switch with an 10gig uplink to the DC Cisco switch (managed by them, I don't remember the exact model but it's something new and takes about 4-8U).
All the servers in the first rack are connected to the Cisco 4948E gigabit ports. This switch is operating as Layer3 switch with vlans and vlan interfaces. Each customer has it's own vlan and the Cisco 4948E is his gateway. The uplink port sits inside Vlan1 which has /29 IP configured and a default route to the DC's Cisco.
The new rack installed with a new Cisco 4948E switch. Currently there are no servers (yet) connected to him and his uplink is to the same DC's Cisco. This switch also use 10gig port for the uplink connection.
I asked the DC to put both switches in the same Vlan (from their side) so the new Cisco 4949E has an IP from the same /29.
The desired goal is to achieve redundancy, I would like to interconnect those two racks, using another 10gig connection between the Cisco 4948E switches.
The purpose is to eliminate single point of failure of one of the uplinks so I will have a redundant network path in case one of the uplinks goes down, and also to have load balancing and/or an ability to use the same IPs on both switches so that I can connect 2 HA x F5 LTMS with a floating IP each of them to other Cisco 4948E switch.
Thus i would like to connect a server to 2 F5 LTMs and gain a redundant highly available solution.
Both switches IOS support IP routing and all features.
I am not sure how to do it and what is the correct design topology.
I thought to create a trunk between the switches but probably STP will kill one of them.
DC team are ready to perform any needed changes or configurations on their switch.
I also thought about etherchannel but in my case I have two physical switches which are not stack-able (as far as I know). I ready about VSS technology which is also, unfortunately, not supported at those switches.
So I am not sure what is the correct way to do what I want.
Perhaps Layer 3 redundancy.... or some game play with L2 and STP.
All links must be active, both switches and f5 ltms have to be active-active, the ltms have a floating IP.
I need help to understand what are the recommended designs, which are available. If I a doing a mistake then I am ready to change the topology and rebuild it the right way.
Thank you very much.
Please note, load balancing works well in intranet, not on internet. You will have the option of load balancing only for the outgoing traffic, not the incoming one. This might cause issues in some cases. For load balancing to work perfectly both source and destination network should be controlled by you.
If you want to load balance between only between 2 racks, can be done.
Best,
If you want to load balance between only between 2 racks, can be done.
Best,
ASKER
Thanks for reminding me about HSRP/VRRP/GLBP I totally forgot about this features.
The servers actually server so 90% of the traffic goes out but incoming traffic should be also balanced in case of DDOS attack i want each uplink receive half portion of incoming flood to each F5 ASM.
The servers actually server so 90% of the traffic goes out but incoming traffic should be also balanced in case of DDOS attack i want each uplink receive half portion of incoming flood to each F5 ASM.
it's a bad thinking that you will divert certain % of traffic to one ASM and rest to the other. The ASM's should be in a redundant configuration so that if one fails, the other takes over.
Switch should divert traffic to ASM,(which is in redundant config) which in turn will protect your applications.
Best,
Switch should divert traffic to ASM,(which is in redundant config) which in turn will protect your applications.
Best,
ASKER
I view F5 as a single device since F5 supports clustering ha with a virtual floating ip in a master master configuration. Which can advertise its VIP dynamically , each time, from one of the siblings.
I understand somewhere in the redundant design there must be a layer 2 pair, stacked or virtualized ?
I need both load balancing and redundancy.
I understand somewhere in the redundant design there must be a layer 2 pair, stacked or virtualized ?
I need both load balancing and redundancy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
On the uplinks and F5's are you using private or public IP's ?
ASKER
public ips
ASKER
thanks guys,
I am going to resolve it with new pair of 4500-x aggregation switches using VSS.
I am going to resolve it with new pair of 4500-x aggregation switches using VSS.
If yes, then no point of discussing because it will fail the main concept of redundancy.
If no, then let's first get the cabling done. If DC1 and DC2 are cisco switches and your switches are Sw1(old 4948) and Sw2(new 4948), then the cabling should be,
DC1 --->sw1 (1 uplink)
DC1 --->Sw2 (1 uplink)
DC2 --> Sw1 (1 uplink)
Dc2 ---> Sw2 (1 uplink)
Above should be the standard implementation. You can view it as a criss-cross kind of a thing.
Once it's done we have the option of implementing HSRP/VRRP/GLBP (4948E supports all).
Which is your priority? Load balancing or redundancy?
Best,