• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 86
  • Last Modified:

Layer 3 switch stack default route to HSRP address

I have a customer who is using their ISP to provide their on premise routers as part of their MPLS, which has a firewall service on their internet breakout.  The routers onsite are in a HSRP configuration.

I want to add layer 3 switch functionality, so to do this we have a pair of HP Procurve (now Aruba) 2920 stacked switches.

So the layer 3 switches will become the default gateway, with the ISP's routers remaining.  I have asked for the ISP routers to have their IP range changed as I want to retain the subnet for the customer and I don't want to change their servers IP addresses etc.

ISP router 1 - 172.16.10.13/28
ISP Router 2 - 172.16.10.14/28
HSRP address 171.16.10.1/28

The Core switch stack IP is 172.16.10.2/28
The core switch will carry on running the existing subnet 10.1.1.0/24, with the core switch stack now having the default gateway that used to belong to the ISP HSRP.
The default route 0.0.0.0 0.0.0.0 172.16.1.1 will be set on the core switch stack
I have requested that the ISP add the routes to forward all traffic to the 10.1.1.0 network to the core switch stack
The ISP router 1 will be in the top core switch and ISP router 2 will be in the second core switch

- Can I use the HSRP address as the default route in this instance?
- Any other foreseeable issues?
-
0
DLeaver
Asked:
DLeaver
  • 3
  • 2
  • 2
2 Solutions
 
atlas_shudderedSr. Network EngineerCommented:
DLeaver -

I'm trying to get my head wrapped around what you are trying to do.  How are you routing the 10.1.1.0/24 today?
0
 
buckethead34Commented:
Yes you should be able to use the HSRP address to route to. All you are really doing is adding the local routing to your L3 switches. If you split the uplinks to the two routers between the stack you should be good to go.
0
 
DLeaverAuthor Commented:
@Atlas  - It is currently assigned to the inside interface of the ISP's router onsite - this goes into their layer 2 switches

@Buckethead - Thanks for confirming - I can only see one presentation from the ISP at the moment, which looks odd (cable goes from main ISP router into the 800 series backup router and from the 800 series into their switch - shouldn't I see a link from both?...
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
buckethead34Commented:
So do they have two routers that are running hsrp? I would have a link from R1->S1 and R2->S2.
0
 
atlas_shudderedSr. Network EngineerCommented:
Okay, based on the information above, I would say that I would do one of two things.

A. Keep the HSRP between the routers for the 172. network and place their uplinks to your switch inside its own VLAN - ex. VLAN 172.  Create an SVI on the switch so that it will participate in the routing of that network and then route the 10.x from the core itself.  You would then create a default route to the .1 HSRP address on the routers.  This is quick and low labor but will limit future flexibility.

B. And I would prefer this over A if possible.  Have the ISP change their uplinks to two /30's in a different scope (e.g. 192.168.x.x/30).  I would then create two layer three interfaces on the core switch and pin these to the /30's of the ISP.  Bring the 172.16 totally inside, recovering two IP's for future use.  
Establish OSPF with the ISP routers and have them install default-information originate in their OSPF context
On the switch, create an SVI with the 172.16.10.1 HSRP address assigned to it  
Create a second SVI for your 10. network.  
Allow OSPF to make your routing/failover decisions based on ECLB inside OSPF.
This would be a little more time and effort to set up but will provide flexibility moving forward.  It also provides the benefits of being more easily manipulated if you want and, with the default-info orig, if an ISP router loses its DFG, OSPF will failover fully to the one that is still advertising.
0
 
DLeaverAuthor Commented:
Thanks both.

Carried out the change, with routing to the HSRP working as expected and straightening out the ISP's bodge setup by connecting each router to a different switch within the stack.
0
 
atlas_shudderedSr. Network EngineerCommented:
Excellent.  Cheers
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now