VRRP

[Nuwave]

I'm helping with an install of a new redundant alcatel core to replace our single alcatel core.

Part of this includes redundant routers that feed multiple Cabinets.

We've already had Alcatel Engineers Okay our design, but one of our network analysts says they made a mistake.

Assumptions

-1. Assume Routers and Switches are configured correctly.
0. Test Lab Environment
1. Router 1 feeds switch 1 directly
2. Router 2 feeds switch 2 directly
3. Switch 1 and 2 has the same virtual default gateway

My question is where do you add the physical VRRP link so there is no single point of failure, other than the switches themselves obviously?

If you have letters behind your name, please go ahead and add them.

 

[spidey07]

You don't need a single VRRP link, they just need to be on the same broadcast domain. It depends on if router 1 and 2 are doing any layer2 functions or not, if so that would have the link needed. Otherwise you would have to linke switch 1 and 2.

If this is a collapsed core and you only have the core and access layer switches the normal way is by having a layer2 link between the cores or use layer3 to the access switches and eliminate VRRP completely.

Bascially the decision comes down to how you want to deal with layer2 loops/spanning tree and where you want the default gateway to live. It can be done many different ways with the layer3 to the access giving you the best redundancy and fastest convergence time. This however breaks layer2 adjacency which can be a good or bad thing. Good for wiring closets, not so good for virtualization/data centers.

 

[Cooky]

This is off topic, but keep in mind that if you have VMWare ESX hosts, they need to be L2 adjacent for VMotion. (VMotion itself could traverse L3 hops away, but the VM's will maintain the same MAC & IP's)

 

[spidey07]

Originally posted by: Cooky
This is off topic, but keep in mind that if you have VMWare ESX hosts, they need to be L2 adjacent for VMotion. (VMotion itself could traverse L3 hops away, but the VM's will maintain the same MAC & IP's)

And they need to be shot for that.

 

[yinan]

What is wrong with them keeping the same MACs and IPs? It is what allows VMotion to function as well as it does. If either of those changed, when a VM changed hosts devices accessing the VM would lose connectivity.

 

[spidey07]

Originally posted by: yinan
What is wrong with them keeping the same MACs and IPs? It is what allows VMotion to function as well as it does. If either of those changed, when a VM changed hosts devices accessing the VM would lose connectivity.

Because from a network design perspective that same broadcast domain (vlan) is spanned EVERYWHERE to every switch just about. This leads to a very complicated layer2 network where spanning-tree is a huge concern as well as trunks everywhere and broadcasts filling those up. On even decent sized data centers this is a big concern, blade servers just make it worse.

If the host changes mac addresses it is supposed to send a gratuitous ARP, no need for it to keep the same mac.