PHYSICAL TOPOLOGY
Recently one of the customer I am working for came up with an interesting requirement.
Current customer setup look alike something similar to topology (logical) given above. Customer has two locations per say connected through back to back T1 Circuits. In current setup R1-R3 is the primary path, and if a failure occurs in that case traffic should fall back to backup path using R2-R4. Customer is using One HSRP group on each side for auto failover purpose and currently static routing is in place.
So considering all this, following is how over all traffic flow looks like at the moment from A to C and from B to C perspective:
Hmmm... sounds like a pretty flat and easy network... isn't it ? :-)
Now here is the new requirement: As you guys can see we are wasting our bandwidth here on the backup circuit between R2-R4. And Bandwidth in our real life means $$$$$$ :-)
So here is new desired flow: When Host A talks to Host C, It should use Path through R1-R3. At the same time if Host B talks to Host C, It should use Path through R2-R4. At the same time both links should be redundant for each other for all traffic flow. So based on this requirement , the traffic flow needs to look like following:
As you can see , we need to account 8 potential FAILURE DOMAINS to ensure our fail-over scenarios works just fine.
Also requirement is to ensure we don't have any asymmetric routing into the network. And of course NO dynamic routing protocol should be introduced.
So how you gonna do this ? :-) , since from very high level perspective it looks very easy. But it ain't :-)
Current Configuration
++++++++++++++
SW-A
=====
!
en
!
conf t
!
ho SW-A
!
no ip do lo
!
no cdp run
!
ip routing
!
int f1/1
sw mo acc
sw acc vl 10
exit
!
int vlan 10
ip add 10.0.0.1 255.255.255.0
no sh
exit
!
ip route 20.0.0.0 255.255.255.0 12.0.0.1
ip route 30.0.0.0 255.255.255.0 12.0.0.1
!
int f1/0
no switchport
ip add 12.0.0.2 255.255.255.0
no sh
exit
!
end
!
SW-B
=====
!
en
!
conf t
!
ho SW-B
!
no ip do lo
!
no cdp run
!
ip routing
!
int f1/0
no switchport
ip add 34.0.0.2 255.255.255.0
no sh
exit
!
int f1/1
sw mode access
sw acc vl 20
exit
!
int f1/2
sw mode access
sw acc vl 30
exit
!
int vlan 20
ip add 20.0.0.1 255.255.255.0
no sh
exit
!
int vlan 30
ip add 30.0.0.1 255.255.255.0
no sh
exit
!
ip route 0.0.0.0 0.0.0.0 34.0.0.1
!
end
!
R1
====
!
en
!
conf t
!
ho R1
!
no ip do lo
!
int f0/0
ip add 12.0.0.111 255.255.255.0
standby 1 ip 12.0.0.1
standby 1 pri 105
standby 1 pree
standby 1 track s1/0
exit
!
int s1/0
ip add 13.0.0.1 255.255.255.0
encap ppp
no sh
exit
!
ip route 20.0.0.0 255.255.255.0 13.0.0.3
ip route 30.0.0.0 255.255.255.0 13.0.0.3
ip route 0.0.0.0 0.0.0.0 13.0.0.3
!
ip route 10.0.0.0 255.255.255.0 12.0.0.2
!
end
!
R2
===
!
en
!
conf t
!
ho R2
!
no ip do lo
!
no cdp run
!
int f0/0
ip add 12.0.0.112 255.255.255.0
standby 1 ip 12.0.0.1
standby 1 pree
no sh
exit
!
int s1/0
ip add 24.0.0.2 255.255.255.0
encap ppp
no sh
exit
!
ip route 20.0.0.0 255.255.255.0 24.0.0.4
ip route 30.0.0.0 255.255.255.0 24.0.0.4
ip route 0.0.0.0 0.0.0.0 24.0.0.4
!
ip route 10.0.0.0 255.255.255.0 12.0.0.2
!
end
!
R3
===
!
en
!
conf t
!
ho R3
!
no ip do lo
!
no cdp run
!
int f0/0
ip add 34.0.0.3 255.255.255.0
standby 1 ip 34.0.0.1
standby 1 pri 105
standby 1 pree
standby 1 track s1/0
no sh
exit
!
int s1/0
ip add 13.0.0.3 255.255.255.0
encap ppp
no sh
exit
!
ip route 10.0.0.0 255.255.255.0 13.0.0.1
ip route 0.0.0.0 0.0.0.0 13.0.0.1
!
ip route 20.0.0.0 255.255.255.0 34.0.0.2
ip route 30.0.0.0 255.255.255.0 34.0.0.2
!
end
!
R4
===
!
en
!
conf t
!
ho R4
!
no ip do lo
!
no cdp run
!
int f0/0
ip add 34.0.0.4 255.255.255.0
standby 1 ip 34.0.0.1
standby 1 pree
no sh
exit
!
int s1/0
encap ppp
ip add 24.0.0.4 255.255.255.0
no sh
exit
!
ip route 10.0.0.0 255.255.255.0 24.0.0.2
ip route 0.0.0.0 0.0.0.0 24.0.0.2
!
ip route 20.0.0.0 255.255.255.0 34.0.0.2
ip route 30.0.0.0 255.255.255.0 34.0.0.2
!
end
!
So let's see who among you is a Real Network Warrior :-)
Final Config
R1
====
!
en
!
conf t
!
ho R1
!
no ip do lo
!
ip sla 2
icmp-echo 34.0.0.3 source-interface f0/0
freq 5
timeout 5000
exit
!
ip sla schedule 2 life forever start-time now
!
track 2 rtr 2 reachability
!
int f0/0
ip add 12.0.0.111 255.255.255.0
standby 1 ip 12.0.0.1
standby 1 pri 105
standby 1 pree
standby 1 track s1/0
standby 1 track 2
standby 2 ip 12.0.0.11
standby 2 pree
no sh
exit
!
int s1/0
ip add 13.0.0.1 255.255.255.0
encap ppp
no sh
exit
!
ip route 20.0.0.0 255.255.255.0 13.0.0.3
ip route 0.0.0.0 0.0.0.0 13.0.0.3
!
ip route 10.0.0.0 255.255.255.0 12.0.0.2
!
end
!
R2
===
!
en
!
conf t
!
ho R2
!
no ip do lo
!
no cdp run
!
ip sla 1
icmp-echo 34.0.0.4 source-interface s1/0
time 500
freq 3
exit
!
ip sla schedule 1 life forever start-time now
!
track 2 rtr 1 reachability
!
int f0/0
ip add 12.0.0.112 255.255.255.0
standby 1 ip 12.0.0.1
standby 1 pree
standby 2 ip 12.0.0.11
standby 2 pri 105
standby 2 pree
standby 2 track 2
no sh
exit
!
int s1/0
ip add 24.0.0.2 255.255.255.0
encap ppp
no sh
exit
!
ip route 30.0.0.0 255.255.255.0 24.0.0.4
ip route 0.0.0.0 0.0.0.0 24.0.0.4
!
ip route 10.0.0.0 255.255.255.0 12.0.0.2
!
end
!
SW-A
=====
!
en
!
conf t
!
ho SW-A
!
no ip do lo
!
no cdp run
!
ip routing
!
int f1/1
sw mo acc
sw acc vl 10
exit
!
int vlan 10
ip add 10.0.0.1 255.255.255.0
no sh
exit
!
ip route 20.0.0.0 255.255.255.0 12.0.0.1
ip route 30.0.0.0 255.255.255.0 12.0.0.11
!
int f1/0
no switchport
ip add 12.0.0.2 255.255.255.0
no sh
exit
!
end
!
R3
===
!
en
!
conf t
!
ho R3
!
no ip do lo
!
no cdp run
!
int f0/0
ip add 34.0.0.3 255.255.255.0
standby 1 ip 34.0.0.1
standby 1 pri 105
standby 1 pree
standby 1 track s1/0
no sh
exit
!
int s1/0
ip add 13.0.0.3 255.255.255.0
encap ppp
no sh
exit
!
ip route 10.0.0.0 255.255.255.0 13.0.0.1
ip route 0.0.0.0 0.0.0.0 13.0.0.1
!
ip route 20.0.0.0 255.255.255.0 34.0.0.2
ip route 30.0.0.0 255.255.255.0 34.0.0.2
!
ip route 24.0.0.0 255.255.255.0 34.0.0.4
!
access-l 100 permit ip 30.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
!
ip sla 1
icmp-echo 24.0.0.4 source-ip 34.0.0.3
timeout 5000
frequency 3
!
ip sla schedule 1 life forever start-time now
!
ip sla 3
icmp-echo 12.0.0.112 source-interface FastEthernet0/0
frequency 5
!
ip sla schedule 3 life forever start-time now
!
track 1 rtr 1 reachability
!
track 3 rtr 3 reachability
!
track 2 list boolean and
object 1
object 3
!
route-map PBR per 10
match ip address 100
set ip next-hop verify-availability 34.0.0.4 1 track 2
route-map PBR per 20
exit
!
int f0/0
ip policy route-map PBR
no ip route-cache cef
exit
!
ip sla 5
icmp-echo 12.0.0.111 source-interface Serial1/0
frequency 5
timeoute 5000
!
ip sla schedule 5 life forever start-time now
!
track 5 rtr 5 reachability
!
int f0/0
standby 1 track 5
exit
!
end
!
R4
===
!
en
!
conf t
!
ho R4
!
no ip do lo
!
no cdp run
!
int f0/0
ip add 34.0.0.4 255.255.255.0
standby 1 ip 34.0.0.1
standby 1 pree
no sh
exit
!
int s1/0
encap ppp
ip add 24.0.0.4 255.255.255.0
no sh
exit
!
ip route 10.0.0.0 255.255.255.0 24.0.0.2
ip route 0.0.0.0 0.0.0.0 24.0.0.2
!
ip route 20.0.0.0 255.255.255.0 34.0.0.2
ip route 30.0.0.0 255.255.255.0 34.0.0.2
!
end
!
SW-B
=====
!
en
!
conf t
!
ho SW-B
!
no ip do lo
!
no cdp run
!
ip routing
!
int f1/0
no switchport
ip add 34.0.0.2 255.255.255.0
no sh
exit
!
int f1/1
sw mode access
sw acc vl 20
exit
!
int f1/2
sw mode access
sw acc vl 30
exit
!
int vlan 20
ip add 20.0.0.1 255.255.255.0
no sh
exit
!
int vlan 30
ip add 30.0.0.1 255.255.255.0
no sh
exit
!
ip route 0.0.0.0 0.0.0.0 34.0.0.1
!
end
!
HTH...
DEEPAK ARORA
Evil CCIE
11 comments:
Hello. My company is always trying to stay connected with talented network engineers. If you happen to be job hunting for full-time or part-time opportunities or know someone who is, please refer to http://originullnetworks.com/jobs/
I guess two HSRP groups is a start?
But then I'm lost, haha!
Hi
On Switch A there is a Static Route configuration as follows
ip route 30.0.0.0 255.255.255.0 12.0.0.11
But i dont see any IP Address such as 12.0.0.11 in the diagram
What is the gateway configured on A,B and C
Is it the HSRP VIP or else SVI Address.
If HSRP VIP address, then you need to have MHSRP configured from R3 and R4 so that R3 will be master for VLAN 20 and R4 will be master for VLAN 30
In case of R1 and R2,HSRP or MSHSRP wont work because of single VLAN and all traffic will traverse through a single router only.
If SVI address is configured as gateway then SWB has to send VLAN 20 frames to R3 and VLAN 30 frames to R4, so it can be done by just static routing on SWB but it doesn't offer redundancy :)
Ok on SWA we can have floating static routes
ip route 20.0.0.0 255.255.255.0 12.0.0.1
ip route 30.0.0.0 255.255.255.0 12.0.0.112 f1/0
ip route 30.0.0.0 255.255.255.0 12.0.0.1 100
This should provide us both redundancy and Effective utilization of links
But on the other side, its too tricky to think through, i thought of PBR but still it doesn't loadbalance effectively
Can i use any NAT based solutions to achieve this ?
Yeap gotchaa
We can use PBR on SWB side to generate the the traffic flow for A from B and C such as R3----R1 and R4---R2 respectively
On SWB configure PBR
route-map VLAN_20 permit 10
match ip add 100
set ip next-hop 34.0.0.1
access-list 100 permit ip 20.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255
int vlan 20
ip policy route-map VLAN_20
route-map VLAN_30 permit 10
match ip add 105
set ip default next-hop 34.0.0.1
access-list 105 permit ip 30.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255
ip route 10.0.0.0 255.255.255.0 34.0.0.4
int vlan 30
ip policy route-map VLAN_30
This will work out for redundancy n utilization of links
Hemanth, Here are quick answers:
> For A,B & C , their respective SVIs are configured as gateways.
> The potential problem with you SW-B configuration is that it the if R2's F0/0 goes down, your packet would be routed upto R2 S1/0 but eventually be get dropped.
In my real Design though, the situation was even challenging since I had a Checkpoint R70 Firewall cluster instead of SW-B which doesn't allow your configuration. ;-)
Oh ok so we can have a SLA tracking for R2 F0/0 interface on R4 and if the Track fails, R4's F0/0 interface state will be down.
EEM script on R4 to track R2 f 0/0 address reachability and if it is not reachable, make R4 F 0/0 down.
I dont have the commands on top of my mind. These are possible solutions.
That's a possibility but the solution is becoming over complicated. I'll post my solution Wednesday. Let see if someone is coming with more easier solution by the time. ;-)
Is there any easiest solution than this?
:)
I thought of configuring MHSRP and tracking the interface and changing the priority. I think that may help
And i think Static route with IP SLA track will also work .
Yes there is another solution
1. Configure MHSRP between R3 and R4 and make R3 as master gateway for Vlan 20 and R4 as master gateway for Vlan 30.
Make them standby for each other vlans.
2. Track R1's F0/0 interface on R3 and decrement the priority and make R4 as master and R2's F 0/0 interface on R4 and decrement the priority and make R3 as master
3. On SWA Floating static routes should work fine with ip sla tracking attached to the static routes works fine.
At my last job, we had a very similar setup. We were running OSPF so that initially took care of load balancing the traffic, as we built tunnels across the infrastructure. What we ran into was that VoIP suffered bad being mixed with data, so by using BGP and route-maps we sent certain traffic over one link, and data over the other. If either link failed, traffic didn't suffer too bad.
-P
use rsvp to build the tunnels..
Post a Comment