Need help with network design

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered

Hello,


I am currently trying to find/test the best solution for the network below:



Switch X670-1,2,3 and 4 are already in use, switch X670-5 and 6 are new.
1,2,3 and 4 are currently connected with MLAG.

X670-1 and 2 are present on one site.
X670-3 and 4 are present on one site.
X670-5 and 6 are present on one (new) site.

I have the above set up in a testlab.

Should i configure EAPS or ERPS for this setup or can is simply use MLAG?
I am afraid i will get loops if I connect the switches like this.

Can anyone give me some tips how i can do this the most effectively.

Photo of dilu

dilu

  • 244 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,574 Points 10k badge 2x thumb
Hello Dilu,

If you are planning on stacking the new x670s you can simply use MLAG and you will not experience any loops. The lag built for 1:16 and 2:16 will simply split to the current switches in deployment.

If they are separate switches then follow the same concept where they each have there own lag split to the MLAG peers.

If stacking is not being used then you can build a EAPS ring as long as the master is not one of the MLAG peers.

Hope this helps!
Photo of dilu

dilu

  • 244 Points 100 badge 2x thumb

Hi Patrick,

Thanks for your reply.
I wasn't planning on stacking any of the switches actually.

At this moment:
X670-1 and 2 are MLAG peers.
X670-3 and 4 are MLAG peers.
X670-5 and 6 are MLAG peers.

They have the following configs:

X670-1:
enable sharing 15 grouping 15,16 algorithm address-based l3_l4 lacp
create vlan ISC-1-2
configure vlan ISC-1-2 tag 20
configure vlan ISC-1-2 add ports 15 tagged
configure vlan ISC-1-2 ipaddress 172.31.231.5/30
create mlag peer X670-2
configure mlag peer X670-2 ipaddress 172.31.231.6
enable mlag port 1 peer X670-2 id 101
enable mlag port 2 peer X670-2 id 102

X670-2:
enable sharing 15 grouping 15,16 algorithm address-based l3_l4 lacp
create vlan ISC-1-2
configure vlan ISC-1-2 tag 20
configure vlan ISC-1-2 add ports 15 tagged
configure vlan ISC-1-2 ipaddress 172.31.231.6/30
create mlag peer X670-1
configure mlag peer X670-1 ipaddress 172.31.231.5
enable mlag port 1 peer X670-1 id 101
enable mlag port 2 peer X670-1 id 102


X670-3:
enable sharing 15 grouping 15,16 algorithm address-based l3_l4 lacp
create vlan ISC-3-4
configure vlan ISC-3-4 tag 21
configure vlan ISC-3-4 add ports 15 tagged
configure vlan ISC-3-4 ipaddress 172.31.231.1/30
create mlag peer X670-4
configure mlag peer X670-4 ipaddress 172.31.231.2
enable mlag port 1 peer X670-4 id 201
enable mlag port 2 peer X670-4 id 202

X670-4:
enable sharing 15 grouping 15,16 algorithm address-based l3_l4 lacp
create vlan ISC-3-4
configure vlan ISC-3-4 tag 21
configure vlan ISC-3-4 add ports 15 tagged
configure vlan ISC-3-4 ipaddress 172.31.231.2/30
create mlag peer X670-3
configure mlag peer X670-3 ipaddress 172.31.231.1
enable mlag port 1 peer X670-3 id 201
enable mlag port 2 peer X670-3 id 202

X670-5:
enable sharing 15 grouping 15,16 algorithm address-based l3_l4 lacp
create vlan ISC-5-6
configure vlan ISC-5-6 tag 22
configure vlan ISC-5-6 add ports 47 tagged
configure vlan ISC-5-6 ipaddress 172.31.231.9/30
create mlag peer X670-6
configure mlag peer X670-6 ipaddress 172.31.231.10
enable mlag port 16 peer X670-6 id 301

X670-6:
enable sharing 15 grouping 15,16 algorithm address-based l3_l4 lacp
create vlan ISC-5-6
configure vlan ISC-5-6 tag 22
configure vlan ISC-5-6 add ports 47 tagged
configure vlan ISC-5-6 ipaddress 172.31.231.10/30
create mlag peer X670-5
configure mlag peer X670-5 ipaddress 172.31.231.9
enable mlag port 16 peer X670-5 id 301

Does this look ok to you?
Since they are all MLAG peers i can't use EAPS correct?


(Edited)
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,574 Points 10k badge 2x thumb
This will work as long as the ports heading up to each peer (not the ISC) are configured as MLAG ports. In order to fully utilize this design it would be best to create a lag split from x670-1 to 3,4 and from x670-2 to 3,4. This way you can utilize the 2-tier MLAG setup. Here is an article that explains more:

https://gtacknowledge.extremenetworks.com/articles/How_To/Sample-configuration-for-two-tier-MLAG

This design can be turned into a 3-tier MLAG setup but I believe you will have to move the connections from 5,6 to 1,2 or 3,4. Considering 1,3 are not MLAG peers they will not share the necessary information for the design above to work.

Let me know if you have any questions.

Photo of dilu

dilu

  • 244 Points 100 badge 2x thumb

Hi Patrick,

Ah thanks i understand.
Moving connections/links unfortunately isn't possible.

I don't quite understand what you mean with a "lag split" could you elaborate on that please?
Can't i just make 1 and 3 MLAG peers?

Photo of Patrick Voss

Patrick Voss, Alum

  • 11,574 Points 10k badge 2x thumb
Hello Dilu,

The "lag split" i mentioned is talking about the client switch that is connecting to the MLAG peers. for example, sw1 and sw2 are mlag peers. You create a 2 port lag on sw3 (ports 1,2). Port 1 will go to sw1 and port 2 will go to sw2. This is the split I am referencing since both ports aren't going to the same switch.

If you are on 15.5 or above one switch can be peered with up to 2 switches.
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,574 Points 10k badge 2x thumb
Unfortunately this will not work because you cannot have your ISC and MLAG port on the same link. If you want to Have all 3 connected together using MLAG you need to make the horizontal links the ISC and the vertical links the MLAG ports. This is however a major design change and without a link crossing from 2 to 3 and 1 to 4 you wouldn't be utilizing the two-tiered MLAG to it's full potential.
Photo of Chad Smith

Chad Smith, Alum

  • 5,640 Points 5k badge 2x thumb
dilu,

Unfortunately, the inability to change the connections limits the options.  If we are looking for the "best" option, and stacking is a possibility, I think the following topology would be preferred:


Otherwise, an EAPS topology may be the next best option (this would require the MLAG configuration to be removed):



Any other combination that I can think of, without changing physical connections, would either be non-ideal or not supported.
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,254 Points 10k badge 2x thumb
One caveat to the first (MLAG) design. It looks like X670-1/2 are in one building, and X670-3/4 are in another.

If this is the case, it may be better to use EAPS, so that the ISC will not be used heavily for user traffic. You could either use the EAPS topology that Chad showed, or a single EAPS ring between three stacks (one at each site).
Photo of dilu

dilu

  • 244 Points 100 badge 2x thumb

Hello Patrick, Chad and Brandon,

First off all thank you for the extensive replies, it really helps me understand
the options.

I like the “Stacks with MLAG” design from Chad, although Brandon is right:
1 and 2 are in building 1.
3 and 4 are in building 2.
5 and 6 are in building 3.

The fact is that the most traffic (90%) will flow from building 1 (switch 1,2) to building 2 (switch 3 and 4).

The one thing i don’t understand from EAPS, will i get the full bandwith from the uplinks or will
for example traffic from switch 1 to switch 3 flow “through” 5 and 6?
This does not seem very effective right?

Thanks again for all your help.

Photo of Chad Smith

Chad Smith, Alum

  • 5,640 Points 5k badge 2x thumb
When you use EAPS, you always have to contend with the fact that you have a link blocked.  This can cause certain inefficiencies.  However, you do have control over what port is blocked.  So if you want to ensure traffic from 1 to 3 doesn't have to go through 5 and 6 you can ensure that the normally blocked port is between 3 and 6.  You can also "load share" with EAPS using multiple rings on the same physical topology.  Lets say you have VLAN A and VLAN B and both send equal amounts of traffic.  You can create an EAPS ring for VLAN A that is blocked on the switch 3-6 connection and an EAPS ring for VLAN B that is blocked on switch 1-5 connection.  This allows both links to be utilized for traffic transmission.

(Edited)