cancel
Showing results for 
Search instead for 
Did you mean: 

Core Routing VLAN

Core Routing VLAN

BillBixby
New Contributor II
Best practices for layer 3 network design and routing traffic
5 REPLIES 5

Mrxlazuardin
New Contributor III
Hi Bill, I have experienced with likely configuration, but I use all edge switches as Layer 2 and only core switches are used as Layer 3 with OSPF. The most problem is about looping of the end points/end users mistakes since there are some unmanaged switches under edge switches. Anyway, your explanation of your case is great but huge to understand. Maybe, I have missed something there. You may upload some "before/existing and after/suggested" topology, so I and/or other members can have better understanding of your case. Best regards,

Hi Bill,

The second topology can be used too if there is enough ports on X620s. If not, you still need to aggregate them by using cascaded X450s like on first topology. Beside, you can remove link between X620s if those core switches only serve layer 3 between edge switches. That link is still required if those core switches still need to serve layer 2 between edge switches.

Best regards,

Thanks for the reply, and yes I think it is big to describe like I have.

This would be how I see it configured and similar to what we have now. The "Routing" VLAN exists on the core switches, is tagged between them and has VRRP enabled.

The uplinks to the ZONE switches are tagged with the "Routing" VLAN and nothing else.

The ZONE1 VLAN's are
DATA
VOIP
GUEST
and exist only on the edge/ZONE switches

0394dfe07e564b27a06dff378348257b_RackMultipart20180625-15041-ysjayd-Routing_VLAN_VRRP_2_inline.png



But what they seem to be building is this:

0394dfe07e564b27a06dff378348257b_RackMultipart20180625-29096-owzv70-Routing_VLAN_VRRP_1_inline.png


So the ZONE VLAN's DATA, VOIP and GUEST are tagged up to the core and they are on the LAG and with VRRP.

When the other zones are connected it would end up looking a bit like:

0394dfe07e564b27a06dff378348257b_RackMultipart20180625-4661-e601qg-Routing_VLAN_VRRP_3_inline.png



The routing is handled by the VLAN's existing on the core and having ipforwarding to allow the inter VLAN traffic as necessary.

Each MLAG would have their own 3 VLAN's tagged. But the LAG would then have the 3 VLAN's x the number of zones.

BillBixby
New Contributor II
I was editting it as I kinda killed my forst post here, sorry.

Oops first post not a great start.

We're trading out our core X450's for a pair of X620 (10GB) and planning on demoting the X450's for a short period as we transition in new edge/advanced edge devices.

Our current design is very much layer 3 VLAN based where the X450's have a VLAN called Routing and that VLAN is pretty much the only VLAN tagged on the uplink ports to all the edge switches.

The edge's are a combination of X250's, 440's and maybe a 450. So we have to work with what we have. To this end we are using the only dynamic routing protocol that doesn't require a license and is supported by all the switches - RIP.

We create VLAN's on the edges eg. ID: 1001, DATA, ID: 1002, VOIP, and as soon as a device is active on the edges VLAN the route pops everywhere because of RIP. The traffic from the edge VLAN's goes into the Routing VLAN and finds it's way to servers using the appropriate core switch gateway.

So the core's pretty much only have the Routing VLAN.

Our vendor is looking at changing this and I can't figure out why. It's took them an age to come up with a proof of concept - which concerns me a bit. Especially as we'll have to manage the config once delivered.

They are suggesting we add the edge VLAN's into the core switches and tag the uplinks with the VLAN's from the edges. So our uplinks would be tagged say DATA and VOIP and then correct me if I'm wrong, but we'd have a layer 2 VLAN between core and edge for those.

Now let us say we have 10 edge switches hung from the core. This means we'd have to add 10 x DATA, 10 x VOIP VLAN's to the core config eg. for edge 1 ID: 1001, DATA1, ID: 1002, VOIP2 - for edge 2 ID: 2001, DATA2, ID: 2002, VOIP2 ... etc.

If that doesn't seem enough work now add in LAGS, VRRP and MLAG's. we'd have to configure each core switch with the 10 lots of VLAN's and then configure those 10 VLAN's for VRRP 😮

So is it best practice to put VLAN's on the core and uplink like this or are we best sticking to a routing VLAN?

I know there's probably no right or wrong, just different ways. But just setting up one Routing VLAN with VRRP and then MLAG's to the edges seems a lot less config.

The only benefit I can see is that the routing between VLAN's then happens at the cores and doesn't require RIP. But we'll have gone from a core with 30 lines of config to one with 300 lines and not gain anything - same VRRP and MLAG resilience either way.

You're comments would be appreciated.

GTM-P2G8KFN