Wired Intelligent Edge

Hi there, hopefully someone can help me with this, I'm thinking I'm just off on something simple.

 

I have two Procurve E3500yl switches setup to do routing. I have 5 VLAN's setup on each.

 

VLAN 9 10.1.2.x/24

VLAN 11 10.2.14.x/24

VLAN 31 10.2.16.x/24

VLAN 61 10.2.18.x/24

VLAN 121 10.2.150.x/24

 

VLAN 9 is connected to a single direct connection to our other datacenter on Switch 1 Port 1 and is configured with an IP of 10.1.2.1. The connection on the other end at the datacenter is 10.1.2.2. Switch 2 Port 1 is configured with an IP of 10.1.2.5 on the same VLAN, but has no cable connected to it. I have a cable connecting the 2 switches on Port 4. All VLANs which need to reach the other datacentre are untagged on their own ports and tagged on Port 1 and Port 4.

 

Each system which is connected has as it's gateway the IP address of the VLAN port on Switch 1, (ex: 10.2.16.3). The same port on Switch 2 would be 10.2.16.4.

 

I have created a VRRP group for each VLAN with Switch 1 as the owner and Switch 2 as the backup and the IP set as the same as Switch 1. VRRP VRID 9 is configured on Switch 1 and Switch 2 with an ip of 10.1.2.1.

 

My goal is to set it so that if Switch 1 were to fail, we would simply have to move the single wire of the direct connection to the datacenter from Switch 1 Port 1 to Switch 2 Port 1, with no reconfiguration of gateways on servers. Based on what I've read, VRRP should be able to acheive this.

 

So, I picked up a procurve 2510-24Gconfigured 2 VLAN's on it with no IP configuration. Ports 1-12 are on VLAN 51 and 13-24 are on VLAN 52. I also turned on spanning tree protocol on my two E3500's per the documentation.

 

So, what I tried is this: I took the cable from the direct connection and plugged it into port 2 on my 2510 and I took a wire from Switch 1 Port 1 and and Switch 2 Port 1 and plugged them into port's 3 and 4 respectively on my 2510. Everything breaks. I lose all access to my E3500 switches, as well as all access to the other datacentre.

 

Hopefully I've given enough information here to be useful, can anyone make any suggestions? If you need more info, just let me know.

#VRRP

Ok, I figured out that my VLAN on the Layer 2 switch needs to match the VLAN I am connecting to. So, I have configured Ports 1-12 on Layer 2 switch untagged on VLAN 9.

If i plug my laptop into a port on Layer 2 switch and give myself an IP in the 10.1.2.x/24 subnet, then I can reach everything on both sides of the network just fine. However, I still have no connectivity from either E3500 to anything else, including the management IPs on whatever VLAN I happen to be plugging into. I'm thinking this has to do with tagged/untagged ports somehow, but all my VLANs are tagged to the ports where VLAN 9 is, and VLAN 9 is tagged on all ports except the ones where it is untagged.

More details, this appears to be a communication issue between Switch 1 and Switch 2. A blackhole route has been added for the VRRP master IP address of each VLAN (ie: 10.2.14.3/32 blackhole) on Switch 2. This seems to have been done automatically. I assume there's some reason for this, but my understanding of VRRP is obviously fairly limited. Anyone care to enlighten? I still need my traffic to be able to flow through both switches, as I have redundant NICs configured on ESX hosts, SAN nodes, etc which connect through both switches. Any help would be appreciated.

Wow, no responses?

 

Well, anyway, I am slowly but surely getting my head around this stuff. It seems, based on what I am reading, that the HP VRRP configuration does not support an active/active type of setup. So, I'm struggling a little bit with how to best accomplish what I need.

 

I have 2 ESX hosts, and 2 SAN nodes, each with teamed NICs in active/active configurations. Right now, 1 NIC from each team connects to each switch and everything uses Switch 1 as their gateways.

 

The routes are all the same on switch 1 and 2, so if Switch 1 were to fail, moving the direct link over to switch 2 would restore switch connectivity to the other datacenter, but I'm still faced with the problem of having to re-gateway each ESX host and SAN node (not to mention each VM inside). This would most likely require a physical trip to the datacentre since we wouldn't have connectivity from outside to these devices until the gateway was modified on each one. This means, then, that we'd be looking at a relatively substantial outage for a simple switch failure, not cool.

 

I looked at meshing as well as the distributed trunking, but these don't seem to be compatible with routing enabled.

 

This seems like it shouldn't be that hard of a thing to accomplish, can anyone make any suggestions as to how I can best get what I need out of these two devices?

First - starting K.15.05 Distributed Trunking and Routing are no longer mutually exclusive. You can see that if you check the Management and Configuration Guide page 11-48, http://bizsupport2.austin.hp.com/bc/docs/support/SupportManual/c02879530/c02879530.pdf

 

This won't help you just now, since K.15.05 is not downloadable... but it's coming back.

 

Meshing isn't applicable for this situation, it's only for inter-switch links, and only helps if you have 3 or more switches.

 

If you point your DGW to the switch physical IP address you're kinda going against the idea of VRRP. Have you tried to point the DGW to the Virtual IP instead? The backup router will take this one over if the primary fails, so you don't have to manually re-configure anything.

 

I'd recommend that you go to http://h20000.www2.hp.com/bizsupport/TechSupport/DocumentIndex.jsp?contentType=SupportManual&lang=en&cc=us&docIndexId=64179&taskId=101&prodTypeId=12883&prodSeriesId=1827663 and download the Multicast and Routing Guide for your software version. This gives you quite a good overview how VRRP works on ProCurve, and what you need to do to get it running.

Hey Arimo,

 

Thanks for the response. I have configured the Virtual IP of the gateway as the same as the physical IP on the switch, per the manual, so that's where stuff is. The problem is, anything connected to switch 2 could no longer reach that gateway as soon as I connected it VRRP style.

 

The main thing I was struggling with is I wanted to preferably keep my active/active configuration on my ESX and SAN NIC teams through both switches, but it doesn't seem like that's do-able. I'm just going to have to do a bit of re-architecting on the VMware networking side of things to make everything work as I want it to.

 

 

Ok, I've made some small amount of progress, but still getting stuck on a couple of key points.

 

Based on the diagrams in the multicast & routing guide, I reconfigured some networking on my hosts and connected everything as shown in the 'actualconfig' graphic attached. However, this doesn't get me totally there. What I'd like to do is have the connection to the other datacenter coming through the layer 2 switch too, then distributed to the 2 routing switches. However, when I connect it as showing the 'datacenter1' graphic, my network gets flooded and taken down completely. I've enabled spanning tree on all the switches, but I'm a little stumped at this point. Anyone got any ideas?

Essentially, I'm just trying to do what's shown in the image attached (from multicase & routing guide), except with a switch between the two routers and the intranet. This should be do-able, right?

have turned on spanning-tree on all switches?