Cisco WAN :: 3750 / BGP Multihoming Design Topology
Apr 17, 2012
Currently we have a 50mb pipe with our carrier SONIC. We have signed another contract with another provider here in town (Charter) to multihome our Internet connections in an active/active configuration. We have leased our /24 space through our carrier SONIC. ARIN has already approved our org-ID for an ASN and they will be sending us that once the billing portion is finished.
There a few design considerations I was hoping I could get some insight from the community on.. Before I start, the ultimate goal for us to use BOTH Internet connections in an active/active configuration - utilizing both pipes..
Disclaimer: I have gathered this design from a lot of other posts that have somewhat of a similiar topology with ASA-->3750-->router pair-->CPE--internet...
What kind of routes should I get from each carrier? I have been told that partial/partial routes plus a default route form each carrier is the way to go. Also, I've heard mention that full routes from both carriers are preferred. My ASR1001's can support ~500k routes. I know the global table is approximately ~337k routes. My goal is to use both pipes and use the best outbound path per carrier.
We will be leasing our /24 space from SONIC. I plan on running OSPF on the DC-Edge-SW1 in conjunction with iBGP - so I can default originate two equal cost routes back to my ASA. My confusion is when the traffic hits DC-Edge-SW1, there will be default equal-cost iBGP routes to both ASR1001's (DC-Edge-RT1 & DC-Edge-RT2). If the switch does not have the BGP table, it will just load-share across both ASR's. When the traffic hits the ASR's, will they know which carrier has the best path and route accordingly?
Should the iBGP connection between both routers be directly connected ? Or will it suffice through the L3 3750 connection? Also, with the limitations on the routes for the ASR1001 at ~500k. If we end up getting full routes from carriers and create a iBGP neighborship between both routers, will this exceed the route limitations on this platform? On both routes, I will have the network statement 'network 12.231.69.0 mask 255.255.255.0.' This is a leased network from SONIC, and we NAT everything on our ASA to 12.231.69.10. My question is, will this be a problem broadcasting this network from our AS to both carriers AS? Refer to bgp-design.jpg - is it a requirement that I use our leased public subnet 12.231.69.0/24 for the interfaces from ASA5510 -> 3750 -> ASR1001?
I would like to do the following architecture with the same C3750 : network X,Y,Z connected to 3750 in VRF D the 3750 uses a routed interface on subnet E for the default route in VRF D on this routed interface a BYPASS EQUIPMENT the other BYPASS EQUIPMENT interface is connected also to another routed interface on subnet E "also" this routed interface is in another VRF C with other network A and B.do you know if it will work because of 2 routed interfaces on the same IP subnet or is there a way to do that ? the only goal for me is to catch traffic from network X,Y,Z on SYN and ACK.
We are currently designing a complete Layer 3 to the edge solution for our customers. The network design is a combination of a collapsed core (Core to access) as well as a three layer model (Core/Distro/Access) for connectivity to the Data Centre, Internet and Wireless Blocks.
The core of the network contains two 6509E switches interconnected on a Layer 3 Port channel (no VSS). Access Layer switches (3750 Stacks) connect to the core switches over p2p routed links (Collapsed core part of the design). Distribution layer switches provide connectivity to the Data centre, Internet and Wireless Blocks.(three layer model.
All IP addressing is being planned for assignment from the private RFC 1918 address block(10.0.0.0/8) for both Infrastructure and Access layer VLANs for users.
I'm working designing a switch system for our core/data center.
We have 5 esx hosts, 2 sans with 3 nodes each. We have voice servers, a couple of routers and a few odds and ends. There are 7 other locations aggregating into this data center via 1-2gbps fiber connections. The bandwidth usage on these links is minimal, but there is a total of about 3000 devices aggregating into the system. My main concern right now is the 3560G's are seeing many output drops, due to the small buffer size on those switches. I have been looking at couple of options to resolve this issue, including the 4948E, 4507E, and 3750X switches.
Budget being the biggest factor, I am finding that the 4507 might be out of the price range. So I was leaning towards the 4948E switches for connecting the servers and iscsi san's as the 3750X is not recommended for iscsi. Redundancy is important so I would like to have two. The second concern is that I need to aggregate the fiber connections and for that I was looking at the ME-3600X or possibly the WS-C3750X-12S-E. I'm running eigrp, so this switch would need to have full routing, as it would also serve as the core switch for the 4948E's.
So in the end I was thinking that two 4948E switches up linked to the ME-3600X which would do full routing for the fiber aggregation and any routing needed for the servers and sans.
Servers and Sans_________4948E________ME-3600X_________7 fiber connections |____________4948E_____________|
I would look at a second ME-3600X in the future for redundancy. This is the lowest cost biggest buffer solution that I could find.
I am just browsing and looking for a solution to converge my multi-vendor switched network and bring some redundancy to it as recently we managed to get a redundant links. I have a need to change core switch to Cat3750G, which has Per-V LAN-RSTP+ on board, but tests have shown that it won't be compatible with some other proprietary per-V LAN RSTP solution other vendor's switches use currently.
So, I thought maybe standard-based MSTP design might do the trick. I've made some tests and got some weird and unstable switching result. I have two topology rings with a core switch in the center. Every ring has about 10 switches, so practically network diameter may vary from 5 switches (when spanning-tree converges in the center and I have a blocking port somewhere int the middle of the ring) to about 10-11 switches (if a I have link failure on any of ports right at the core switch). I disconnected one port from core switch to eliminate a possible switching loop while I will be configuring new MSTP design. Then I started enabling MSTP on all the switches staring from core Cat3750G to MSTP, one by one, placing all switches to the same MSTP region, and placing all V LAN's to default MSTI0(CIST) cause I don't need to organize any separate MSTP instances for every V LAN or for group of V LAN s. When I turned MSTP on on 7th or 8th switch in the chain (cause I had a physical chain when I disconnected one port out of redundant ring) I got all switches "flapping", storming and flooding the network with broadcasts. Even when I had one redundant port disabled.
I have no idea what I am doing wrong. I noticed that Cat3750G has an option that defines a possible network diameter which actually automatically changes some hello, max age etc. attributes according to diameter specified. When I defined a maximum network diameter of 7, if didn't change anything: I still have hello timer of 2 sec etc. I've been wondering if the maximum network diameter has something more than just a "variable" to fine tune hello timers etc? Maybe I won't be able to use MSTP in my network which might have diameter more that 7 switches. Or maybe it was a mistake of placing all the switches to the same region and all the v LAN s to the default MSTI0 (CIST) and I should configure one MSTI per V LAN or per some group of V LANs and subdivide my switches to few MSTP regions?
I'm trying to make multihoming on cisco 892 router.I Managed to build configuration which works as I wanted but I ran into problem which I can't solve till now.I'm trying to do port forwarding on cisco with 2 working WAN interfaces.
Configuration:
interface FastEthernet8 description ISP_B ip address 192.168.150.10 255.255.255.0 ip nat outside [Code]...
I am looking for a simple router recomendation for multihoming dual 100Mbps internet connections with BGP routing. What are the current best practices regarding required resources for the full Internet BGP routing table? We were thinking of specing a 3945 for this application, but is that overkill? The customer has a 2821 that is not in use, I'm thinking this would be too slow for Internet BGP routing combined with the 100Mbps line speed.
I have a typical LAN environment that spans across a large warehouse. I have done a lot of redesigning of the environment to satisfy the need for a disaster recover plan. I now have created a LAN with multiple v lans and must also connect all the access layer switches back to the core switch where the servers are.
I was thinking of something simple such as Port channel of 2 Gbps across the backbone and simple floating static routes . I have then moved my wan access link to a 3750 and implemented routing a CEF at each of the 3 core switches (blue). My question is more of design.
i have an issue with the lms 4.2 Topology Data Collection. After installation the Topology Data Collection was running normaly, but since first server reload the Topo Data Collect under Inventory > Dashboards > Device Status > Collection Summary is "frozen".Is there any option to stop this process elsewhere? I cannot find anything under jobs in running state or so. Clicking on Schedule only give me the option to start data collection, but lms always returns that the process is running.
1)i have problem in LMS 4.2 , he shows most devices not connected to topology sitting lonly even though the have cdp enable , how to force these to join the topology
2)why some devices are shown unreachable , even though i can ping them from lms server and gets reply, also they have community and cdp configured
On a LMS 4.0.1 :I want to know what is the right way to change the telnet program on the campus mgr map (topology services map), when right-clicking a device icon and selecting telnet.I would like to use a tool of mine, and not to launch a telnet command from the IE browser.I changed the default telnet of Windows in the registry, but the program is still launched as a telnet URL in the browser and this is not what I would like to do.
The regular problem with the LMS topology and WAN Links when you see the branches are disconnected from the HQ BUT in my case the branches are already connected via Layer2 links but unfortunately some intermediate layer2 modem/switch exist in some branches which prevent CDP discovery but you will find both HQ and branch router in the same subnet .
have ether-channel across 2 switches?i am new in cisco LMS . now i am in client site installing cisco LMS 4.1 in UCS server-rack version. we did it well for the installation, and the LMS working properly until i cannot open topology service.
I have a customer who wants to disable cdp on all switches for securtity reasons. The same customer has also LMS 4.0 installed.
When disabling cdp, does it affect the topology services on LMS? Can you still see the topology tab on device manager or the topology map of the entire network?
I config the routers with EIGRP and also write Static route between two PC before remove the link between router0 and router1 , destination is reachable , but when remove this connection , packet from pc1 to pc0 will drop in a loop and never reach to destination , is it possible to have a Link state routing protocol and static route at the same network like this scenario , how to prevent loop in this topology static route is configure as bellow :
I have problem with topology view in LMS 4.2.1, it doesn't show the tunnels connecting branches, though both devices are shown in sh cdp neighbour command output. If I choose Show Devices in Admin > Collection Settings > Data Collection, it is showing cdp neighbours correctly.
I am running LMS 4.2 , using that i am monitering some switches . I am using topology services also. In that i am getting veiw of all connected devices with links. But bandwidth utilization is for those links are not showning in topology veiw .
Is there any settings to be done in LMS 4.2.2 or any configuration changes to done on my switches ? to find the traffic flow bandwidth utilization.
I installed LMS 4.0.1 and every module works from the local server. Http login from a remote system, topology services does not start, complains about java version. I followed the link to install the java version, it then complains about some Ansiserver stuff.
the client os is win7 64 bits, eplorer version is 7.
When i try to launch topology services in LMS 4.0 i get prompted to install a java plugin. When i install this it tells me to restart the browser but nothing is changed, it asks me if i want to install the java plugin again.
I'm trying to make an attached topology. This router should be attached to 2 different ISPs on both WAN interfaces (ISP1 with IP address - A.B.C.D, and ISP2 with IP W.X.Y.Z) and I want to use DMZ, too. My idea is to make a L2/L3 segmentation with 2 VLANs - Vlan RED for DMZ (private network 192.168.1.0/24) and vlan BLUE for Internal network (network 192.168.2.0/24). I checked in the manual that vlans are supported, but I can't see anything about 802.1q, can I use one trunk port or I should use 2 physical cables?
There should be inter-vlan routing and basic stateful firewall, so PCs in Vlan Blue should be able to initiate connections to DMZ servers, but the opposite should be denied. Router should make a port forwarding on its both WAN interfaces and forward incomming traffic (from Internet) to DMZ servers (with NAT). Both DMZ servers and internal PCs should have an internet access with NAT over both WAN uplinks.
Can I use RV042G for this setup and if not at all - are there any cisco SMB device which can do this?
I work with the topology view in LMS 4.1. I can see all the links between the differrent switches (N7K, 3750, 3040).I miss only the links between the different N7K's. This links have one special thinks: they are configured as " rate-mode dedicated force" In the N7K cli this interfaces are displayed with the SN too.
sw-bb13# show cdp ne.The links to sw-bb11 and sw-bb21 are not painted in the topoloyview.
Attached is BGP confederation configuration and Topology. They are taken from "Routing TCP/IP Volume 2" book.AS 65000 is designed as a backbone AS connected to non-backbone AS 65535, 65534 and 65533. All are member AS's in AS 1200.I have couple of questions as i think some parts of Sunshine's and Talisman's configurations are incorrect.
1. The next-hop-self keyword is mentioned only for Panorama router, why the keyword wasn't mentioned for Nakiska and Talisman routers? .. As we know, the next hop is preserved throughout the confederation, therefore, next hop self should be configured in all member AS's inside the confederation. The same thing with Talisman, why the next hop keyword wasn't mentioned for Lakeridge and Sunshine?
2. Why the remote-as keyword wasn't mentioned for Panorama in Sunshine's configuration while the keyword was mentioned correctly for every neighbor routers in Talisman's configuration?
3. I don't understand the below statements that are stated in the book, as it conflicts with the rule "MEDs are preserved throughout the confederation"
"AS 65000 can safely send MEDs to AS 65535. A route that includes 65000 in its AS_PATH is not accepted by Sunshine or Talisman, so MEDs sent from those routers to AS 65535 are not seen by other member AS's".
I am trying to configure MSTP on Layer-2 network at work. We have multiple switches connected on Wireless point-to-point links with redundent links.MSTP is configured with multiple regions. All the servers are located in RegionA and other regions are connected to RegionA via multiple links.
There are 3 SG-300-10 switches in RegionA --- SwitchA_1, SwitchA_2 and SwitchA_3.One of the simple regions (RegionB) has a single SF-300-08 switch (SwitchB) connected to SwitchA_2 via port e7 and SwitchA_3 via port e8. Hello Time, Forward Delay and Max Age are at their default values of 2, 15 and 20 respectively. The link between SwitchB (port e7) ---- SwitchA_2 is the primary link with cost 200,000 and the link between SwitchB (port e8) ---- SwitchA_3 is the backup link with cost 500,000.
The log on SwitchB is shows in the table below. As it is seen from the table there are frequent topology changes for very short duration (1-4 seconds) before the topology settles back to the configured one. (Primary link forwarding and secondary link blocking). During this time there have been no link failures reported.Same thing is also observed within RegionA (SwitchA_1, SwitchA_2 and SwitchA_3 are connected to each other).
How to stop these frequent topology changes? The topology changes within RegionA causes a lot of PPPoE sessions to reset and re-establish.Is there any way to find out what triggers these topology changes?
21474646232011-May-24 13:54:15Warning%STP-W-PORTSTATUS: e7 of instance 1: STP status Forwarding21474646242011-May-24 13:54:15Warning%STP-W-PORTSTATUS: e7 of instance 0: STP status Forwarding21474646252011-May-24 13:54:15Warning%STP-W-PORTSTATUS: e8 of instance 1: STP status Blocking21474646262011-May-24 13:54:15Warning%STP-W-PORTSTATUS: e8 of instance 0: STP status Blocking21474646272011-May-24 13:54:13Warning%STP-W-PORTSTATUS: e8 of instance 1: STP status Forwarding21474646282011-May-24 13:54:13Warning%STP-W-PORTSTATUS: e8 of instance 0: STP status Forwarding21474646292011-May-24 13:54:13Warning%STP-W-PORTSTATUS: e7 of instance 1: STP status Blocking21474646302011-May-24 13:54:13Warning%STP-W-PORTSTATUS: e7 of instance 0: STP status Blocking21474646312011-May-24 12:53:22Warning%STP-W-PORTSTATUS: e7 of instance 1: STP status Forwarding21474646322011-May-24 12:53:22Warning%STP-W-PORTSTATUS: e7 of instance 0: STP status Forwarding21474646332011-May-24 12:53:22Warning%STP-W-PORTSTATUS: e8 of instance 1: STP status Blocking21474646342011-May-24 12:53:22Warning%STP-W-PORTSTATUS: e8 of instance 0: STP status
I'm designing a new topology to access to the Internet using Cisco2921 NAT and MS ISA Firewall. I'm going to use ISA as a proxy to public some internal services and to provide internet access for my users. ISA won’t use NAT. It will route traffic. Cisco 2921 will handle NAT, ISP Failover and IPSec VPN to datacenters.
Cisco 3750 will route outbound internal traffic.My routing for internal users on Cisco 3750 will look like this: [code] My question is about route from Cisco 2921 to my local network 192.168.0.0/22.If I use this route, I'll restrict my traffic from datacenter to go through ISA server BUT all responses from the Internet will go directly to 3750 too.I doubt about security and functionality of such solution. Of course I will public my internal resources to internet that way. It is on Cisco 2921
ip nat inside source static tcp 172.16.0.2 80 (my external IP) 80.I could use PBR to divide my traffic from datacenter and other traffic, but I don't know how to use PBR with IPSec VPN traffic.
After some time LMS stops to refresh network topology (not changing colors for devices which lost/found). However, if I restart topology services devices are refreshed.
Checked the processes. Everything is fine but there is a process named "1018". But I did not found any job with this number.
I have CISCO 2911 with SRE module for Wireless Lan controller software. also between my local network and CISCO router is a firewall, CISCO router is an edge router so router and my Lan are in different subnets. i want Wlan and Lan to be in a same subnet is it possible? In other words, can WLC and Access points be in different subnets? the case is that wireless devices should be behind the firewall.
I have users that are unable to save their changes to topology maps - when devices are moved in a map and the map is exited, the next time the user goes into the map it is back at the default layout. The unusual part is that this does not affect all users - I have two users with the same CiscoWorks rights, but only one can save map changes. The admin user is one that can't save map changes. I'm running LMS 2.2 on Solaris 2.8. The problem existed before and after I upgraded to Campus Manager IDU 11, and stopping and starting services hasn't worked.
I have installed LMS 4.1 and discover all the devices (router/switches) but i want to show IP Phone on the LMS. I am unable to discover call manager in LMS 4.1 topology.
In Call Manager 8.6 in Cisco Serviceability under snmp setting i have enable the read community string and check snmp, MIB service are running.AM i using the correct proecdure. How can i get the Call Manager on LMS server so that i can see IP phones on LMS topology. 8.6 is installed on VM Ware.
