Solved

Connection lost to some servers

Posted on 2014-09-15
10
209 Views
Last Modified: 2014-09-24
Dear Experts,

I installed two switches ; UP switch and Down switch ; as shown on the diagram attached, I configured both switches with VRRP between the two switches , these switches are connected to two core switches ; core 1 and core 2; core 2 should be the backup of core 1.
Both UP and Down switches are connected to a rack with many servers inside, these servers have IP's in networks 10.2.17.0 , and the gateway of servers is 10.2.17.1 which is configured on UP switch for vlan 1.
When someone try to connect ping to server on the rack some servers loose connection and the extended ping oscillates between reply and request timed out.
I attached the diagram and configuration of both switches, I need also to know if VRRP is configured correctly because it is the first time I'm doing it in production network?

Thanks In Advance,
Diagram.pdf
Down.docx
UP.docx
0
Comment
Question by:oamal2001
  • 5
  • 4
10 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 40326351
Why are you connecting only your edge switches?  Why don't you connect your cores together, then redundant path from each edge switch to each core?

From this diagram (connections) it looks like your "core" is something like an internet or WAN router, not a core.
0
 

Author Comment

by:oamal2001
ID: 40326633
Hi,

Sorry I forgot the redundant link between the core switches, I modified the diagram and attached it.
I need to add that when I try to ping from down switch to networks 10.2.17.0, 10.2.18.0 and 10.2.20.0 I cannot ping.

Thanks,
Diagram.pdf
0
 
LVL 32

Expert Comment

by:aleghart
ID: 40327185
If your cores are connected, then your edge switches do not need to be connected to each other.  They connect only to the cores.

I guess I'm asking, why are your running VRRP/HSRP on edge switches instead of the cores?

Cross-connect Core1 and Core2 with VRRP/HSRP
Connect(trunk) SwDown to Core1.
Connect(trunk) SwDown to Core2.
Connect(trunk) SwUp to Core1.
Connect(trunk) SwUp to Core2.
Do not connect SwDown to SwUp.

Maybe I'm misreading something.  I'm no architect.
0
 

Author Comment

by:oamal2001
ID: 40327290
The VRRP between the two down and UP switches are required because they will handle a critical system, and all servers will be connected to both switches, I'm responsible of these switches , I cannot access the core switches.
I need to know if this design can be implemented to work fine or not.

Thanks,
0
 
LVL 32

Expert Comment

by:aleghart
ID: 40327446
Yes.  You're collapsed differently.  Your design is not collapsing core+distribution (my assumption, sorry...didn't realise that you can't control the cores).  Your design is collapsing access+distribution.  This collapsed layer is your boundary between L2 & L3.  This boundary is the place to have VRRP/HSRP.

Your addressing is a little confusing.  
Your SwDN doesn't have an IPv4 address for vlan 1.  SwUP is holding the .1 address.  The virtual IP is .3
My numbering would be something like this:

interface vlan 1
ip address 10.1.1.1 (virtual IP shared by both switches)
ip address 10.1.1.2 (SwUP)
ip address 10.1.1.3 (SwDN)

interface vlan 2
ip address 10.1.2.1 (virtual IP shared by both switches)
ip address 10.1.2.2 (SwUP)
ip address 10.1.2.3 (SwDN)

interface vlan 3
ip address 10.1.3.1 (virtual IP shared by both switches)
ip address 10.1.3.2 (SwUP)
ip address 10.1.3.3 (SwDN)

This makes it easier for all vlans...the gateway address for the subnet is always the .1 address.

I'm not sure if it's inadvertent, but your current vlan addressing are publicly routable address spaces.
12.0.0.1 belongs to AT&T Services
20.0.0.1 belongs to Computer Sciences Corp
Any misconfiguration or routing problem, and traffic will go to default route (0.0.0.0) which would be expected to jump to your core and out to the internet.

I fight that problem all the time...somebody "designed" with IP addresses that are _not_ private, non-routable IP addresses.  Anything that isn't handled explicitly by a created route will jump to the nearest internet connection.

I hope this makes sense.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:oamal2001
ID: 40327482
What about address 10.2.17.1, I need to make this address the gateway for all servers which connected to both switches.

Thanks,
0
 
LVL 32

Accepted Solution

by:
aleghart earned 250 total points
ID: 40327496
10.0.0.0/8 (anything that starts with "10.") is private address space.
0
 

Author Comment

by:oamal2001
ID: 40327508
Kindly, How to configure 10.2.17.1 on the switches to be the default gateway connected to them?
Thanks,
0
 

Author Comment

by:oamal2001
ID: 40328856
HI ,

I configured one of the switches to disable spanning tree with no spanning tree, does this affect?

Thanks,
0
 
LVL 3

Assisted Solution

by:Johneil1
Johneil1 earned 250 total points
ID: 40340831
"Kindly, How to configure 10.2.17.1 on the switches to be the default gateway connected to them?
Thanks,"

--If you would like for the IP above to be a DG for your servers....then i would not use the management VLAN1 and create a new SVI (e.g. VLAN 10) with the interface IP of 10.2.17.1 and then place servers in that vlan.

This LINK may help you. with quoted text above. Let me know what you need for the other stuff.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now