Wired Intelligent Edge

Hello! I was hoping you may be able to pass some pointers on to me.  I am in the midst of implementing a network into an existing facility that will require:

• several vlans
• routing between vlans with OSPF or, if I have to, RIP
• routing internet traffic to a dedicated firewall/gateway (with a default static route)
• using a combination of newer 6200/3500 switches and older 2650 switches
• devices networked onto each vlan are not rigidly grouped, but potentially spread out
• switches are linked together with trunks, passing all VLAN's

My main question, is when devices/vlans are generally grouped, with some sporadic devices in other parts of the network, what is the best way to configure default gateways, to minimize hops/provide the best performance.  I attached a pdf showing a couple options in an example setting.

In the first drawing:

• Will all devices route to the internet firewall via switch-01 static route?
• Will 10.10.2.100 route to 10.10.3.100 via switch-02 or switch-01?
• Will 10.10.2.107 route to 10.10.3.100 via switch-06 or switch-01?
• Will any routing really happen outside of switch-01?

In the second drawing:

• will devices on each vlan route to the internet firewall via whichever switch is configured as that vlans gateway?
• Will 10.10.2.100 route to 10.10.3.100 via switch-02 or switch-01?
• Will 10.10.2.107 route to 10.10.3.100 via switch-06 or switch-01?

I am new to some of this routing and want to see if I am on the right path.  I am sure I will be back with some other questions along the way.

Thank you in advance for your guidance. 

Attachment(s)

sample network.pdf   703 B 1 version

Hi pjsjr627,

First off I would like to state that I am no routing expert in any shape or form and no doubt there are other guys on here that can teach me a thing or two :)

From what you have shown in your design I think that OSPF is not what you need. The problem lies in the fact that you have VLAN members dotted all over the OSPF Domain. If you want to employ OSPF then you would need to put each device on its own subnet.

Like I say, I am no expert and I could well be un-aware of a way of achieving what you are after, but I honestly don't think it is possible unless you have individual device subnets or group your devices on the same subnets in each area of the facility. OSPF would just get confused as it would keep thinking that a specific subnet is available on one link and then on another and so on, but as you have no loops in place I get the feeling that some devices could possibly get orphaned. - Any routing peeps please correct me if I am way off the mark! :)

Hi pjsjr627,

If i understand your diagram rightly, the only thing different in the two designs is

1. which switches are doing the routing, and
2. which IPs they are allocated. 

First things first: you don't need an IP address on every switch in every VLAN.  You only need 1 IP per switch for management, and one IP per VLAN on the switch(es) doing routing.

If you require devices on the same VLANs distributed across all switches (e.g. if port 1 on switch-06 and port 3 on switch-04 MUST be on the same VLAN), then the easiest solution is to do all of your routing only on switch-01, and disable routing on the rest.  This is also simplest from a configuration point of view.  The down side is that for 10.10.2.100 to get to 10.10.3.100, it must go via switch-01, even though it's attached to the same switch.  You'll need to decide whether optimal routing or having the devices you've indicated on the same VLANs is most important for you.  This will largely depend on the traffic profiles of the different devices, and whatever application requirements dictate.  (In this scenario, you also don't need subnet 10.10.1.0/24 anywhere except on switch-01 and the gateway.)

The other option (if you are willing/able to forego devices in different buildings being on the same VLANs) is to use a fully-routed setup, where each switch is the gateway for its local systems and all switches are connected by a VLAN which acts as your routing backbone.  In this scenario, you'd need to choose different VLAN numbers and subnets for each switch, e.g. switch-02 might use VLANs 22-23 (and subnets 10.10.22.0/24 and 10.10.23.0/24), switch-03 might use VLANs 32-34, switch-04 might use VLANs 42 and 45, etc.  All traffic would be routed optimally and only cross the backbone when it needs to.

If you really must have both optimal routing and VLANs which span buildings, you will need to set up routing on each switch and have the devices attached to it use it as their default gateway, and have both the routing VLAN and all the edge VLANs on the switch-to-switch links.  This will get confusing for anyone who comes along, and you'll have asymmetric routing, but it should still mostly work.

In the 1st scenario, the only place OSPF or RIP would help you is between switch-01 and the Internet gateway.  I would still use dynamic routing in this case simply because it means when you add VLAN 7 you won't have to change your firewall's config.

In the 2nd scenario, OSPF or RIP is a must, because every switch will have at least 3 routes, and most will have more than that.  The 3rd scenario is the same, but i would avoid it if at all possible.

Either of the first two scenarios should work well; it's really a decision of what makes most sense in your environment, given:

1. how your traffic flows, and
2. how easy it is for you and anyone else in your organisation to understand the configuration

I would tend to go for a distributed routing setup (option 1) if it were my network and i had the choice, but would recommend a centralised routing setup (option 2) if requirements dictated it, or if there are not a lot of routing skills on site.  Option 3 is not what i would do at all unless forced.

Hope that makes sense.