Link to home
Start Free TrialLog in
Avatar of aleghart
aleghartFlag for United States of America

asked on

VLAN multiple sites

I have two buildings (A&B), each with three WAN connections:
microwave bridge between only Bldgs A & B
DIA circuit at Bldgs A & B
WAN (switched ethernet) between Bldgs A, B, C, D, E,...

I want to attack connectivity with the radio bridge, but need to look forward so I won't have to reconfigure when the other WAN links are lit up.

Current:
Radio A (10.3.4.10) in a VLAN 4 of Bldg A
VLAN 4 has virtual IP of 10.3.4.1 on Cores in Bldg A
Radio B (10.3.4.11) direct connected to X1 (WAN) port of B-Sonicwall in Bldg B
Bldg B is a flat network 10.5.5.0/24
B-Sonicwall X0 (LAN) is 10.5.5.254
B-Sonicwall X1 (WAN) is 10.3.4.14
Bldg B has default route to 10.5.5.254 (B-Sonicwall X0)
B-Sonicwall has default route to 10.3.4.1 (virt.IP in Bldg A VLAN 4)

Everything is working...basically all traffic that is not in the broadcast domain for 10.5.5.0/24 is routed to the B-Sonicwall.  Hops from Radio B to Radio A, then lands in VLAN 4 as traffic from 10.3.4.14 (B-Sonicwall X1 WAN interface).

All traffic comes from Bldg B to Bldg A as routed traffic over the single IP 10.3.4.14 (B-Sonicwall X1 WAN).

User generated image
I want to convert this radio bridge into a trunk so that:
traffic will have the true source IP, not routed through a single IP
voice will stay in a specific VLAN back to Bldg A PBX system

Future considerations:
fiber WAN to multi-site will be the primary path between all remote sites
user internet traffic always flow through Bldg A for content filtering

Trunk radios on A-3750x & B-3750g (bypassing the B-Sonicwall).
Copy Bldg A VLANs onto the switches in Bldg B.
Create a new VLAN 5 for Bldg B's devices on _both_ Bldg A & B switches.
Assign VLANs to the ports in Bldg B
Remove IP from B-Sonicwall X1 WAN port (prep for new DIA).
Default route for VLAN 5 is 10.3.4.1 (virt.IP on A-cores)

User generated image
Avatar of Akinsd
Akinsd
Flag of United States of America image

I think your model is pretty much set and solid.
I couldn't figure out the question
Avatar of aleghart

ASKER

Sorry, Akinsd, I edited the original Q a couple of times and messed up the actual Question at the end:

My Questions:

1.

Will these steps get me connected at Layer 2 so my content filter in Bldg A can see all of the proper source IP addresses?

2.

How do I take care of inter-VLAN routing...or do I need to?

3.

What am I missing (now or for future)?

4.

Am I right to expect a couple of hours downtime at Bldg B?

Trunk radios on A-3750x & B-3750g (bypassing the B-Sonicwall).
Copy Bldg A VLANs onto the switches in Bldg B.
Create a new VLAN 5 for Bldg B's devices on _both_ Bldg A & B switches.
Assign VLANs to the ports in Bldg B
Remove IP from B-Sonicwall X1 WAN port (prep for new DIA).
Default route for VLAN 5 is 10.3.4.1 (virt.IP on A-cores)
SOLUTION
Avatar of pergr
pergr

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
The A-cores have been running for a couple of years as-is, with HSRP and virtual IP addresses for each VLAN:  .1 virtual IP for VLAN,   .2 for core1,   .3 for core2

For VLAN 5 (and 6, 7, 8...) which will reside primarily at Bldg B, do I need to worry about assigning an IP address for the VLANs on A-core1 and A-core2?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I think i'll put VLAN 5 on the B-3750g in Bldg B.
Will that allow me to create 2 routes on A-cores?  One via the radio bridge, and one in the future via the new fiber WAN?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
OK.  Uplinks to the A-cores from A-3750x are port channel.   I can't do that with the radio bridge and the new fiber WAN.  The WAN is switched Ethernet from a carrier that will be giving a Layer 2 link between multiple sites, not just Bldgs A & B.

STP with preference to the fiber WAN should work, right?  Actually, we can do some tests later...I might have more bandwidth on this radio bridge (750Mbps) than the fiber WAN, which will be carrying traffic from a half dozen other sites at the same time.

For STP to work, however, I'll have to let the radios drop their Gig ports if the signal gets too weak.  Otherwise, the switch thinks the bridge is still working because the NIC is up/up.  We just had that at another site...NIC is working, but radio link was weak/broken.  Traffic wouldn't move to the other path until we shutdown the ports manually.

If I tell the radios to shutdown their data NIC upon loss of signal, I still have a management port that I can connect to.  On the switch side, do I treat this management port as a normal access port on VLAN 4?  That way, data doesn't come pouring through the port, thinking it's a trunk for all the VLANs to use.

If I lose the radio link, the management IP for Radio B is in VLAN 4's subnet.  But on Bldg B, I no longer have a path to A-cores to handle the inter-VLAN routing.

Can I still reach the Radio B management interface from Bldg B?  Or will I have to plug something into a same VLAN port over there?
Avatar of pergr
pergr

You need to figure out what the "layer 2 link between multiple sites" is. It could be either VPLS or several point to point pseudowires.

If it is VPLS, the service providers network learns MAC addresses, and effectively works as a switch, If it is pseudowires, the service providers network does not learn MAC, and is effectively a number of cables. It makes a difference when implementing redundancy with the radio link.

Personally I would prefer using a routing protocol for redundancy (like OSPF or BGP), assuming all your switches can run that. It does mean you do not get VLAN across sites, but it is typically not necessary. Also, with OSPF, if you add a new VLAN+subnet in one site, then automatically the core site (and all other sites) learn that route via OSPF. Very useful...

What are the core switches?
If you do LAG on the 3750, there is some sort of multi-chassis lag on the core switchs..., or VSS, etc.
Layer 2 between sites will switched Ethernet.  Each site claims one IP in a /24 subnet, then publishes routes via EIGRP.  The other sites pick up these routes to that single IP.  A few (that don't need to be published to all) are added manually as-needed.

Most if the inter-site routes are learned, not entered statically.

The cores at Bldg A and B will be  a pair of 3850X on one side.  The other will be a pair of Nexus 5K.
So if you route on the layer-2 service, you will not use STP.

I do advice you to go for OSPF instead of EIGRP though.
With EIGRP you are locked to using Cisco devices only - and there is better stuff around...
With hundreds of Cisco devices, several dozen in-production routes, and 24/7 operations at all sites, we're not going to sneak in one piece of non-Cisco gear without a lot of meetings, emails...

There are some powerful solutions out there.  I had a Vyatta switch for $2.5K that would let me handle BGP for a full /24 on two ISPs...much cheaper than Cisco.

Too bad Brocade is trying to kill it off.
Thanks for all the help.