Core Routing VLAN

  • 0
  • 1
  • Question
  • Updated 3 weeks ago
Best practices for layer 3 network design and routing traffic
Photo of Bill Bixby

Bill Bixby

  • 120 Points 100 badge 2x thumb
  • confused

Posted 4 weeks ago

  • 0
  • 1
Photo of Mrxlazuardin

Mrxlazuardin

  • 1,514 Points 1k badge 2x thumb
Hi Bill,

What is your case actually?

Best regards,
Photo of Bill Bixby

Bill Bixby

  • 120 Points 100 badge 2x thumb
I was editting it as I kinda killed my forst post here, sorry.

Oops first post not a great start.

We're trading out our core X450's for a pair of X620 (10GB) and planning on demoting the X450's for a short period as we transition in new edge/advanced edge devices.

Our current design is very much layer 3 VLAN based where the X450's have a VLAN called Routing and that VLAN is pretty much the only VLAN tagged on the uplink ports to all the edge switches.

The edge's are a combination of X250's, 440's and maybe a 450. So we have to work with what we have. To this end we are using the only dynamic routing protocol that doesn't require a license and is supported by all the switches - RIP.

We create VLAN's on the edges eg. ID: 1001, DATA, ID: 1002, VOIP, and as soon as a device is active on the edges VLAN the route pops everywhere because of RIP. The traffic from the edge VLAN's goes into the Routing VLAN and finds it's way to servers using the appropriate core switch gateway.

So the core's pretty much only have the Routing VLAN.

Our vendor is looking at changing this and I can't figure out why. It's took them an age to come up with a proof of concept - which concerns me a bit. Especially as we'll have to manage the config once delivered.

They are suggesting we add the edge VLAN's into the core switches and tag the uplinks with the VLAN's from the edges. So our uplinks would be tagged say DATA and VOIP and then correct me if I'm wrong, but we'd have a layer 2 VLAN between core and edge for those.

Now let us say we have 10 edge switches hung from the core. This means we'd have to add 10 x DATA, 10 x VOIP VLAN's to the core config eg. for edge 1 ID: 1001, DATA1, ID: 1002, VOIP2 - for edge 2 ID: 2001, DATA2, ID: 2002, VOIP2 ... etc.

If that doesn't seem enough work now add in LAGS, VRRP and MLAG's. we'd have to configure each core switch with the 10 lots of VLAN's and then configure those 10 VLAN's for VRRP :o

So is it best practice to put VLAN's on the core and uplink like this or are we best sticking to a routing VLAN?

I know there's probably no right or wrong, just different ways. But just setting up one Routing VLAN with VRRP and then MLAG's to the edges seems a lot less config.

The only benefit I can see is that the routing between VLAN's then happens at the cores and doesn't require RIP. But we'll have gone from a core with 30 lines of config to one with 300 lines and not gain anything - same VRRP and MLAG resilience either way.

You're comments would be appreciated.
Photo of Mrxlazuardin

Mrxlazuardin

  • 1,514 Points 1k badge 2x thumb
Hi Bill,

I have experienced with likely configuration, but I use all
edge switches as Layer 2 and only core switches are used as Layer 3 with OSPF. The most problem is about looping of the end points/end users mistakes since there are some unmanaged switches under edge switches.

Anyway, your explanation of your case is great but huge to understand. Maybe, I have missed something there. You may upload some "before/existing and after/suggested" topology, so I and/or other members can have better understanding of your case.

Best regards,
Photo of Bill Bixby

Bill Bixby

  • 120 Points 100 badge 2x thumb
Thanks for the reply, and yes I think it is big to describe like I have.

This would be how I see it configured and similar to what we have now. The "Routing" VLAN exists on the core switches, is tagged between them and has VRRP enabled.

The uplinks to the ZONE switches are tagged with the "Routing" VLAN and nothing else.

The ZONE1 VLAN's areĀ 
DATA
VOIP
GUEST
and exist only on the edge/ZONE switches



But what they seem to be building is this:


So the ZONE VLAN's DATA, VOIP and GUEST are tagged up to the core and they are on the LAG and with VRRP.

When the other zones are connected it would end up looking a bit like:




The routing is handled by the VLAN's existing on the core and having ipforwarding to allow the inter VLAN traffic as necessary.

Each MLAG would have their own 3 VLAN's tagged. But the LAG would then have the 3 VLAN's x the number of zones.
Photo of Mrxlazuardin

Mrxlazuardin

  • 1,514 Points 1k badge 2x thumb
Hi Bill,

The second topology can be used too if there is enough ports on X620s. If not, you still need to aggregate them by using cascaded X450s like on first topology. Beside, you can remove link between X620s if those core switches only serve layer 3 between edge switches. That link is still required if those core switches still need to serve layer 2 between edge switches.

Best regards,