redundant switch uplinks on a 7206?

Discussion in 'Cisco' started by Bill F, Jan 24, 2004.

  1. Bill F

    Bill F Guest

    running c7200-ik9s-mz.122-17a.bin

    currently has a trunked GE to a 3548. This 3548 will be uplinked to a
    second 3548 for additional port density. Wondered if I could uplink the
    second 3548 to the 7200 for redundancy. I know I've read you can do
    this on two pairs of catalysts, and I assume SPT will guard against
    bridge loops but, I don't know if it's possible to do this with a single
    router on the other end.

    Thanks
     
    Bill F, Jan 24, 2004
    #1
    1. Advertising

  2. Bill F

    Andy Furnell Guest

    On 2004-01-24, Bill F <> wrote:
    > running c7200-ik9s-mz.122-17a.bin
    >
    > currently has a trunked GE to a 3548. This 3548 will be uplinked to a
    > second 3548 for additional port density. Wondered if I could uplink the
    > second 3548 to the 7200 for redundancy. I know I've read you can do
    > this on two pairs of catalysts, and I assume SPT will guard against
    > bridge loops but, I don't know if it's possible to do this with a single
    > router on the other end.
    >
    > Thanks
    >


    You won't run into problems with spanning-tree because the router is a layer
    3 device, and provides separation between interfaces meaning no BPDUs will
    be forwarded. The problem you'll run into is that by uplinking to a second
    port on the 7200 you'll have to assign it a new IP subnet. This doesn't
    gain you resiliancy as your hosts will still have to have a default gateway
    of ONE of the ports that won't fail over to the second if the first switch
    fails. You would have to put another layer 2 device between the 3548s and the
    router to aggregate the uplinks (which *would* cause a spanning-tree loop).

    Unfortunately the only way to provide redundancy in this way is to create
    loops in your topology. Or get a second router and run HSRP between the two.
    Alternatively if you upgrade the 3548s to 3550s you can terminate the layer
    3 there and run HSRP between the two (with just a default pointing to the
    appropriate interface on the 7200). By abstracting your traffic this way it
    also makes your life easier when you want to add more upstream routers as
    your access termination point remains the same.

    A

    --
    Andy Furnell
     
    Andy Furnell, Jan 24, 2004
    #2
    1. Advertising

  3. Hi Bill.

    Try IRB (Integrated Routing and Bridging)

    bridge irb
    !
    interface gigabitethernet 1/0
    no ip address
    bridge-group 1
    !
    interface gigabitethernet 2/0
    no ip address
    bridge-group 1
    !
    interface BVI 1
    ip address 192.168.1.1 255.255.255.0
    !
    bridge 1 protocol ieee
    bridge 1 route ip

    Then attach each of the gigabits to each switch. Then when one switch
    fails the other will still be attached to the router. The router will
    run IEEE spanning-tree so one will be FORWARDING and one BLOCKING.
    Make sure spanning-tree portfast is not on the switch gigabit
    interfaces.

    Simon
     
    Simon Tibbitts, Jan 24, 2004
    #3
  4. Bill F

    Andy Furnell Guest

    On 2004-01-24, Simon Tibbitts <> wrote:
    > Hi Bill.
    >
    > Try IRB (Integrated Routing and Bridging)
    >


    beware: IRB cannot be fast switched, and you will find that your CPU will
    run MUCH hotter than if using routed interfaces.

    A

    --
    Andy Furnell
     
    Andy Furnell, Jan 24, 2004
    #4
  5. Bill F

    Hansang Bae Guest

    In article <>,
    says...
    > Hi Bill.
    >
    > Try IRB (Integrated Routing and Bridging)


    Please don't.

    IRB is a bandaid. All bets are off if you use IRB. Just say no.


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Jan 24, 2004
    #5
  6. Bill F

    AnyBody43 Guest

    Hansang Bae <> wrote in message
    > In article <>,
    > says...
    > > Hi Bill.
    > >
    > > Try IRB (Integrated Routing and Bridging)

    >
    > Please don't.
    >
    > IRB is a bandaid. All bets are off if you use IRB. Just say no.


    In support I say:

    My view of IRB is that it is probably not widely deployed,
    that you will be at the 'bleeding edge' and that it will be
    more likely that you will run into some bug or other.

    It may for example have been put in to meet some huge corporate's
    RFP years ago hence the (according to HSB) lack of support for
    fast switching. e.g. Day Networks kit does X, we would really,
    really, really like to buy 1000 Frisco routers however we can't
    unless it does X. Perhaps it is not expected that anyone will
    actually use it? Account manager kicks developers around until
    kit does X at least once:)


    I got burned with something like this years ago with DECNET routing.
    It all looked as if it should work and seemed OK in the Lab but the
    particular set of features that I had combined simply did not
    actually work.

    On network resilience:
    You need to pay for it.
     
    AnyBody43, Jan 27, 2004
    #6
  7. Bill F

    AnyBody43 Guest

    Hansang Bae <> wrote
    > says...
    > > Hi Bill.
    > >
    > > Try IRB (Integrated Routing and Bridging)

    >
    > Please don't.
    >
    > IRB is a bandaid. All bets are off if you use IRB. Just say no.


    Hi,
    1.
    Does anyone know of a reason that IOS does not allow two interfaces
    to have IP addresses on the same Network?

    e.g.

    Interface e0
    ip address 1.1.1.252 255.255.255.0
    standby address 1.1.1.254

    Interface e1
    ip address 1.1.1.253 255.255.255.0
    standby address 1.1.1.254

    This would seem to be a "solution" to Bill's problem but as
    far as I know Cisco have never supported this configuration.

    Maybe it is possible to use some workaround using
    "incorrect" netmasks and or secondary addresses?

    Interface e0
    ip address 1.1.1.1 255.255.255.128
    standby address 1.1.1.254

    Interface e1
    ip address 1.1.1.129 255.255.255.128
    standby address 1.1.1.254

    2.
    Here is a potential workaround:

    How about this?

    Solution for resiliently connected Router using two ports onto the
    same LAN.
    Explanation by example.

    I have not got the facilities to test this right now but have done
    some partial testing with a single interface router and I
    think that it might well work.

    Network 1.1.1.0 255.255.255.0

    Each host (e.g.PC) needs two configured IP addresses one on each half
    of the network range. (Windows 2000 and later is OK with this)
    e.g. 1.1.1.1 255.255.255.0
    1.1.1.129 255.255.255.0

    Each host default gateway 1.1.1.254

    Router config

    interface Ethernet0
    ip address 1.1.1.125 255.255.255.128
    standby ip 1.1.1.254

    interface Ethernet1
    ip address 1.1.1.253 255.255.255.128
    standby ip 1.1.1.254


    ! A pair of routes for each PC in the router
    ip route 1.1.1.1 255.255.255.255 1.1.1.129
    ip route 1.1.1.129 255.255.255.255 1.1.1.1
    !
    ! Another PC might be 2 and 130
    ip route 1.1.1.2 255.255.255.255 1.1.1.130
    ip route 1.1.1.130 255.255.255.255 1.1.1.2


    Obviously this demands a fair bit of manual configuration and
    would not usually be recommended however I suspect that it will
    work.
     
    AnyBody43, Jan 27, 2004
    #7
  8. Bill F

    Andy Furnell Guest

    On 2004-01-27, AnyBody43 <> wrote:
    >
    > Hi,
    > 1.
    > Does anyone know of a reason that IOS does not allow two interfaces
    > to have IP addresses on the same Network?


    Because that configuration is just wrong. How does the router know which
    interface to send packets out of onto that network? When an ARP is received,
    how does it know which interface to store the resolution entry in the ARP
    cache? There's a million reasons why this shouldn't be done, which is why
    most router vendors don't support multiple interfaces in the same subnet
    as a valid configuration.

    > Maybe it is possible to use some workaround using
    > "incorrect" netmasks and or secondary addresses?
    >
    > Interface e0
    > ip address 1.1.1.1 255.255.255.128
    > standby address 1.1.1.254
    >
    > Interface e1
    > ip address 1.1.1.129 255.255.255.128
    > standby address 1.1.1.254


    this way you end up splitting outbound traffic 50/50 across the /25
    boundary, which again doesn't really achieve anything in terms of
    resiliancy.

    >
    > 2.
    > Here is a potential workaround:
    >
    > How about this?
    >
    > Solution for resiliently connected Router using two ports onto the
    > same LAN.
    > Explanation by example.
    >
    > I have not got the facilities to test this right now but have done
    > some partial testing with a single interface router and I
    > think that it might well work.
    >
    > Network 1.1.1.0 255.255.255.0
    >
    > Each host (e.g.PC) needs two configured IP addresses one on each half
    > of the network range. (Windows 2000 and later is OK with this)
    > e.g. 1.1.1.1 255.255.255.0
    > 1.1.1.129 255.255.255.0
    >
    > Each host default gateway 1.1.1.254
    >
    > Router config
    >
    > interface Ethernet0
    > ip address 1.1.1.125 255.255.255.128
    > standby ip 1.1.1.254
    >
    > interface Ethernet1
    > ip address 1.1.1.253 255.255.255.128
    > standby ip 1.1.1.254
    >
    >
    > ! A pair of routes for each PC in the router
    > ip route 1.1.1.1 255.255.255.255 1.1.1.129
    > ip route 1.1.1.129 255.255.255.255 1.1.1.1
    > !
    > ! Another PC might be 2 and 130
    > ip route 1.1.1.2 255.255.255.255 1.1.1.130
    > ip route 1.1.1.130 255.255.255.255 1.1.1.2
    >
    >
    > Obviously this demands a fair bit of manual configuration and
    > would not usually be recommended however I suspect that it will
    > work.


    this is not a solution. any design that involves statics for /32s, hsrp
    and mismatched netmasks is IMO not worth thinking about. rather than try
    to bodge together an answer that works but is held together by bits of
    string, the OP would do better to think seriously about why he wants
    this design, and then plan around it properly. While hacks seem great
    when you implement them and find out they actually work, 6 months down
    the line when things actually do fail over you're often left with the
    unenviable task of unravelling what you did. this effectively negates
    any sort of resiliancy you hoped to introduce by implementing the design
    in the first place :)

    as i mentioned in my last post, the tried and tested way of designing
    a network in this manner is to bring your layer 3 termination to the
    distribution layer and abstract traffic BEFORE it hits the 7200 (which
    in this case would probably be considered a core box). while there are
    other ways of achieving this goal, there is a reason why pretty much
    everyone else does it this way :)

    A

    --
    Andy Furnell
     
    Andy Furnell, Jan 27, 2004
    #8
  9. Bill F

    Andy Furnell Guest

    On 2004-01-27, AnyBody43 <> wrote:
    > Hansang Bae <> wrote in message
    >>
    >> Please don't.
    >>
    >> IRB is a bandaid. All bets are off if you use IRB. Just say no.

    >
    > In support I say:
    >
    > My view of IRB is that it is probably not widely deployed,
    > that you will be at the 'bleeding edge' and that it will be
    > more likely that you will run into some bug or other.


    IRB is pretty mature... it's integral to the way the G-L3 and 8500
    series work, and on those platforms it seems to work fine. with hardware
    acceleration it's a great tool with a thousand legitimate uses. But
    these are platforms that have been built specifically to work around
    IRB. Software-based routing platforms (including the 7200) implement
    IRB to enable low-traffic bridging of ethernet traffic across various
    media, not as an excuse to design your network badly... Remember that
    a router's primary function is to route traffic between interfaces
    based on layer 3 information... by creating what is effectively a
    virtual switch inside the router you're trying to make the box do something
    it was never really meant to do.

    > It may for example have been put in to meet some huge corporate's
    > RFP years ago hence the (according to HSB) lack of support for
    > fast switching. e.g. Day Networks kit does X, we would really,
    > really, really like to buy 1000 Frisco routers however we can't
    > unless it does X. Perhaps it is not expected that anyone will
    > actually use it? Account manager kicks developers around until
    > kit does X at least once:)


    Cisco have many devices in their product line that will do what's
    required here. Because of their design, routing switches are built
    more around sharing IPs between physical interfaces - it's important
    to remember that when you're making a product you have to strike a
    balance between what the device can do (and what your customers want
    it to do) and what it's practical to implement. Rolling in hundreds of
    features with only limited appeal not only increases cost to your
    end users, but reduces efficiency of your end product. Increasing
    the efficiency of a protocol like IRB in a routing platform is
    pointless if there are already products out there much more suited to
    the purpose.

    A

    --
    Andy Furnell
     
    Andy Furnell, Jan 27, 2004
    #9
  10. Bill F

    Hansang Bae Guest

    In article <4.org>,
    says...
    > IRB is pretty mature...


    You mean manure, right?! (I kill myself)

    > it's integral to the way the G-L3 and 8500
    > series work, and on those platforms it seems to work fine.


    8540CSRs suck. They suck beyond belief. Everything about the 8540's
    suck. It sucks when you have to upgrade the FPGA, it sucks when you have
    to upgrade the microcode, it sucks because it loses its mind and stops
    forwarding traffic (BVI, MAC bug), it sucks because it does not support
    NAT, it sucks because one misconfigured NetWare server can bring it down
    (2501's 4500's, 4700, even a 7000 with SP/RP stayed up), it sucks
    because an arp storm can bring it down (again, 4500 router stayed up).
    It sucks because some of the commands are slightly different from normal
    IOS/CatOS.

    > with hardware
    > acceleration it's a great tool with a thousand legitimate uses.


    They (8540's) are not horrible when you use them as a pure L3 device.
    Throw BVIs in there, and you'll see instability.




    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Jan 27, 2004
    #10
  11. Bill F

    Ivan Ostres Guest

    In article <>,
    says...
    > 8540CSRs suck. They suck beyond belief. Everything about the 8540's
    > suck. It sucks when you have to upgrade the FPGA, it sucks when you have
    > to upgrade the microcode, it sucks because it loses its mind and stops
    > forwarding traffic (BVI, MAC bug), it sucks because it does not support
    > NAT, it sucks because one misconfigured NetWare server can bring it down
    > (2501's 4500's, 4700, even a 7000 with SP/RP stayed up), it sucks
    > because an arp storm can bring it down (again, 4500 router stayed up).
    > It sucks because some of the commands are slightly different from normal
    > IOS/CatOS.
    >
    >
    >


    Is that a haiku poem? :) LOL

    --
    Ivan
     
    Ivan Ostres, Jan 28, 2004
    #11
  12. Bill F

    Gert Doering Guest

    Andy Furnell <> writes:

    >IRB is pretty mature... it's integral to the way the G-L3 and 8500
    >series work,


    .... which is a good argument against IRB. I've never seen anything so
    broken as the G-L3 switches. And there is a good reason why neither
    products are sold anymore. :)

    > and on those platforms it seems to work fine. with hardware
    >acceleration it's a great tool with a thousand legitimate uses. But
    >these are platforms that have been built specifically to work around
    >IRB. Software-based routing platforms (including the 7200) implement
    >IRB to enable low-traffic bridging of ethernet traffic across various
    >media, not as an excuse to design your network badly...


    Actually, we use IRB on 7200s with good success (bridge IPv6 from an
    ATM VC to a 802.1q subif, to make IPv6-over-ADSL work across a router
    that can only do IPv4).

    gert
    --
    Yield to temptation ... it may not pass your way again! -- Lazarus Long
    //www.muc.de/~gert
    Gert Doering - Munich, Germany
    fax: +49-89-3243328 -muenchen.de
     
    Gert Doering, Feb 14, 2004
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Stuart Kendrick

    redundant switches / redundant server NICs

    Stuart Kendrick, Aug 9, 2004, in forum: Cisco
    Replies:
    4
    Views:
    4,539
    Stuart Kendrick
    Aug 10, 2004
  2. Replies:
    3
    Views:
    501
  3. tkmuthuvel

    How to enable two uplinks

    tkmuthuvel, Aug 1, 2006, in forum: Cisco
    Replies:
    0
    Views:
    1,086
    tkmuthuvel
    Aug 1, 2006
  4. tony

    uplinks

    tony, Sep 13, 2006, in forum: Cisco
    Replies:
    0
    Views:
    601
  5. FLEngineer

    7206-dslam-adsl-7206

    FLEngineer, May 8, 2008, in forum: Cisco
    Replies:
    0
    Views:
    833
    FLEngineer
    May 8, 2008
Loading...

Share This Page