VLAN interface and STP
Ok, so suppose I have a layer 2 access switch connected to two layer 3 core switches for redundancy... if I want to implement redundancy (without a FHRP) then I'm going to have to configure both core switches VLAN interfaces with identical IP addresses-- right? My question is, is this a valid design? Obviously I'd expect to get notifications in IOS, but apart from that is there a problem with this design?
Thank you.
Thank you.
Comments
-
amb1s1 Member Posts: 408You can't have the same ip on two different device. Is the interconnection between the core and the access a layer 3 connection or Layer 2? If it is a layer 3 routing should take care redundancy. If it is layer 2, use different IPs on the core and you still would have redundancy, just allow the vlan on the trunk.
-
Trifidw Member Posts: 281Ignoring everything else that's wrong with the design, connected PC's will not be able to access anything outside of their subnet when their router fails until their arp cache timesout.
There is a reason why protocols such as HSRP exist... -
Eildor Member Posts: 444You can't have the same ip on two different device. Is the interconnection between the core and the access a layer 3 connection or Layer 2? If it is a layer 3 routing should take care redundancy. If it is layer 2, use different IPs on the core and you still would have redundancy, just allow the vlan on the trunk.
The connection between access and core is layer 2 as I alluded to in my first post.
If I were to have different IP addresses on the VLAN interfaces then I'd be in trouble if one of the core switches were to go down, since they are the default gateway. -
Eildor Member Posts: 444There is a reason why protocols such as HSRP exist...
Ok, sure... and if you don't have layer 3 access switches which support FHRP? -
Trifidw Member Posts: 281Ok, sure... and if you don't have layer 3 access switches which support FHRP?
What model is the switch? I'll sell you 2 3550's that support HSRP for £200...
I'd have the second switch as a cold standby with the routed interface in a shut state. If the first switch fails it is a simple of case of "no shut". If they need no downtime, tell them to get some money. Or if I was dead set on having a terrible lukewarm standby solution, I wouldn't look into the possibility of having a DHCP server on each L3 switch, advertising its own unique IP address as the default gateway and only having access to half the IP address scope. -
Eildor Member Posts: 444What model is the switch? I'll sell you 2 3550's that support HSRP for £200...
I'd have the second switch as a cold standby with the routed interface in a shut state. If the first switch fails it is a simple of case of "no shut". If they need no downtime, tell them to get some money. Or if I was dead set on having a terrible lukewarm standby solution, I wouldn't look into the possibility of having a DHCP server on each L3 switch, advertising its own unique IP address as the default gateway and only having access to half the IP address scope.
This is all just theoretical, as I was curious.
But I guess you're right, layer 3 switches are cheap enough not to have to work around STP. -
Forsaken_GA Member Posts: 4,024The first problem is that you're not defining redundancy. What kind of redundancy are you looking for, layer 2 or layer 3?
Layer 2 redundancy, you'd be fine with since the access switch has a link to each core switch. One link fails, it goes the other way.
And I could probably do layer 3 redundancy utilizing floating static routes. Have the layer 3 switch with the vlan's default gateway on it advertise that route via an IGP, and then define a static route for the gateway pointing out the secondary switches default path out with a higher administrative distance than the IGP... if the first switch goes down, the 2nd switch loses the route, and it's static kicks in. Whether or not you'd need any further static routes to get the return traffic through depends on the design further upstream.
So while it's certainly possible to get redundancy without deploying a FHRP, it's foolish to be deploying core gear without the capability of at least HSRP/VRRP.
And your layer 3 redundancy has absolutely nothing to do with STP. -
Eildor Member Posts: 444Forsaken_GA wrote: »And your layer 3 redundancy has absolutely nothing to do with STP.
Of course, I was referring to layer 2 redundancy and inter-VLAN routing. -
Forsaken_GA Member Posts: 4,024Of course, I was referring to layer 2 redundancy and inter-VLAN routing.
and Inter-Vlan routing is a layer 3 function, not a layer 2 one, and has nothing to do with STP. Redundancy for one does not equate to redundancy for another.
Your layer 2 redundancy is fine, since you've got two links. Link to the switch with the gateway SVI dies, no problem, it goes the other link and you've maintained end to end.
Now let's say the switch with the gateway SVI dies entirely. Your layer 2 redundancy is *still* there, it'll go via the other link, however, since the SVI is down, your traffic dies there, since you're not deploying any layer 3 redundancy.
Entirely separate problems with entirely separate solutions. -
Eildor Member Posts: 444Forsaken_GA wrote: »Now let's say the switch with the gateway SVI dies entirely. Your layer 2 redundancy is *still* there, it'll go via the other link, however, since the SVI is down, your traffic dies there, since you're not deploying any layer 3 redundancy.
Entirely separate problems with entirely separate solutions.
But that's what I'm trying to say, if I have both of the layer 3 switches configured with SVI's with identical IP addresses then I have some layer 3 redundancy don't I? And the reason I mention STP is because, sure, if STP wasn't blocking one of the redundant links then I'm going to have an issue due to the duplicate IP addresses, but since STP is blocking one link the duplicate SVI IP addresses shouldn't cause a problem to devices connected to the access switches... or at least that's what I thought.
I'm sorry I'm confusing myself, and probably you. -
Forsaken_GA Member Posts: 4,024But that's what I'm trying to say, if I have both of the layer 3 switches configured with SVI's with identical IP addresses then I have some layer 3 redundancy don't I? And the reason I mention STP is because, sure, if STP wasn't blocking one of the redundant links then I'm going to have an issue due to the duplicate IP addresses, but since STP is blocking one link the duplicate SVI IP addresses shouldn't cause a problem to devices connected to the access switches... or at least that's what I thought.
I'm sorry I'm confusing myself, and probably you.
If you dupe the IP within the VLAN, you're going to create ARP problems, and depending on how you advertise the SVI(s) to the rest of the routing domain, you're also going to create asymetric routing, which may cause issues with your firewalls if you're doing reverse path checking, screw with the delay and jitter on your VOIP calls if you're doing that, and so on.
The point I'm trying to make is that STP does not solve layer 3 problems, and continuing to think it does is going to cause you massive amounts of headaches. Either accept the lack of layer 3 redundancy, or deploy one of the solutions specifically developed for it. -
Eildor Member Posts: 444Forsaken_GA wrote: »If you dupe the IP within the VLAN, you're going to create ARP problems, and depending on how you advertise the SVI(s) to the rest of the routing domain, you're also going to create asymetric routing, which may cause issues with your firewalls if you're doing reverse path checking, screw with the delay and jitter on your VOIP calls if you're doing that, and so on.
The point I'm trying to make is that STP does not solve layer 3 problems, and continuing to think it does is going to cause you massive amounts of headaches. Either accept the lack of layer 3 redundancy, or deploy one of the solutions specifically developed for it.
I see your point, cheers mate.