Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Occasional Contributor I

How failover works?

Hi all,

We are going to use 2x 3810m switches that are acting as routers and handling BGP session with public AS

Several questions about it:

1) If we mix different models of switches (e.g. 48 ports with 24 ports), put them in stacking and make commander/standby, how will it act during failover if there are some hosts that are connected to 48ports switch, but not to 24? (I hope it works like master/slave in HA mode?)

2) As they will handle bgp from the uplink how it will act about it? What is the better way to configure it, is it something to do with VRRP? Does it support dual multi-homed connectivity somehow? Or LACP is solution?

 

3) Not related to failover, but: Firewall is going to be placed there to filter traffic from the hosts that are connected (using bonding configuration on server side) to both switches. Taking into account that BGP is running there with announced public IPs, where would you put the firewall ? (actually also 2 firewalls in HA), e.g. Watchguard XTM515

 

Appreciate any advice

Thank you

 


Accepted Solutions
Highlighted
MVP Guru

Re: How failover works?

One thing at time...

 


@aruba3810m wrote: does it mean in fact that i can use another model of 3810m in stack, where ports from different devices will be configured in one single trunk port with LACP? 

For example port 1 from 3810m 48port device and port 3 from 3810m 24port device are acting as one trunk port with LACP? 

 

What about the missing ports, e.g. 10Gb/s smart rate ports that are missing on 24port device, hosts are connected only to 1st device? In case of failure of the 1st 3810 48port device i will just loose connectivity of vlan400 and nothing more?


Yes, you can stack different models (SKUs) together within the very same series (family) thus you can stack a 48 ports along with a 24 ports for a grandtotal of a 72 ports virtual switch.

When your backpkane stack is correctly formed (and you deployed the stack through dedicated hardware Stacking modules+Cables) standalone ports are renumbered so that forty eights ports of 1st 48 ports member switch became 1/1 - 1/48...thus twenty four ports of the 2nd 24 ports member switch became 2/1 - 2/24...and so on. If your 1st stack members goes blue (KO) you will lose first fourtyeitghts ports of your virtual switch (and vice-versa if your 2nd member has an issue too). That's it.

 

It's cristal clear then that you should always connect (by distributing) links coming from each server bonded interfaces to both switches (say - it's just an example, a possible linking pattern - terminating the four ports bonded LACP coming from Server by uplinking its eth0 to port 1/1, eth1 to 1/48, eth2 to 2/1 and eth3 to 2/24...but any other balanced pattern would work too). Port Trunk, Switch side, shall be formed by those four ports (in this case 1/1+1/48+2/1+2/24) aggregated with LACP.

View solution in original post


All Replies
Highlighted
Occasional Contributor II

Re: How failover works?

1. How do you mean? A failover is initiated when the master goes down. So you lose the connections on that switch.

 

2. You only have one ip on the stack so vrrp will not be a solution for this.

When you configure a stack you can create a lacp trunk with ports on the 2 switches.

How many routes are you learning from you uplink provider? only the 0.0.0.0? if so why don't you do this on the watchguard box. The 3810 supports up to 10k routes so not full table.

As the 3810 do not support routing instances i don't think its a good idea to terminate your external bgp routes on this box.

 

I would do BGP router ---> XTM --> 3810 ---> servers

 

 

Highlighted
MVP Guru

Re: How failover works?

It's not clear: each Server on VLAN 300 should be concurrently connected to both (backplane stacked) Aruba 3810M through a LACP uplink (with at least two physical links)...Server side this is called "bonding" or "teaming" or "etherchannel" or "Link Aggregation"...Switch side - HP/HPE/Aruba jargon here - it is Port Trunk with LACP as link aggregation control protocol...in other terms this is dual homing any Server uplinked to the Aruba 3810M stack.

There is not Active/Passive...there is one Stack node with the Commander role and the other with the Standby role...but both partecipate to switching and both act as a single VIRTUAL SWITCH from the standpoint of any connected peer device.

Highlighted
Occasional Contributor I

Re: How failover works?


@parnassus wrote:

It's not clear: each Server on VLAN 300 should be concurrently connected to both (backplane stacked) Aruba 3810M through a LACP uplink (with at least two physical links)...Server side this is called "bonding" or "teaming" or "etherchannel" or "Link Aggregation"...Switch side - HP/HPE/Aruba jargon here - it is Port Trunk with LACP as link aggregation control protocol...in other terms this is dual homing any Server uplinked to the Aruba 3810M stack.

There is not Active/Passive...there is one Stack node with the Commander role and the other with the Standby role...but both partecipate to switching and both act as a single VIRTUAL SWITCH from the standpoint of any connected peer device.


Hello,

The plan was that each server will have 2 bonding interfaces of 2 ethernets, so not 1 cable like on schema, it will be 2 to each 3810m from each host.

 

 

There is not Active/Passive...there is one Stack node with the Commander role and the other with the Standby role...but both partecipate to switching and both act as a single VIRTUAL SWITCH from the standpoint of any connected peer device.

 

- does it mean in fact that i can use another model of 3810m in stack, where ports from different devices will be configured in one single trunk port with LACP? 

For example port 1 from 3810m 48port device and port 3 from 3810m 24port device are acting as one trunk port with LACP? 

 

What about the missing ports, e.g. 10Gb/s smart rate ports that are missing on 24port device, hosts are connected only to 1st device? In case of failure of the 1st 3810 48port device i will just loose connectivity of vlan400 and nothing more? 

 

 

Also from your perspective, how ugly does the firewall "connectivity loop" look? 

 

Very appreciate you help

Thank you and best regards.

 

 

 

Highlighted
MVP Guru

Re: How failover works?

One thing at time...

 


@aruba3810m wrote: does it mean in fact that i can use another model of 3810m in stack, where ports from different devices will be configured in one single trunk port with LACP? 

For example port 1 from 3810m 48port device and port 3 from 3810m 24port device are acting as one trunk port with LACP? 

 

What about the missing ports, e.g. 10Gb/s smart rate ports that are missing on 24port device, hosts are connected only to 1st device? In case of failure of the 1st 3810 48port device i will just loose connectivity of vlan400 and nothing more?


Yes, you can stack different models (SKUs) together within the very same series (family) thus you can stack a 48 ports along with a 24 ports for a grandtotal of a 72 ports virtual switch.

When your backpkane stack is correctly formed (and you deployed the stack through dedicated hardware Stacking modules+Cables) standalone ports are renumbered so that forty eights ports of 1st 48 ports member switch became 1/1 - 1/48...thus twenty four ports of the 2nd 24 ports member switch became 2/1 - 2/24...and so on. If your 1st stack members goes blue (KO) you will lose first fourtyeitghts ports of your virtual switch (and vice-versa if your 2nd member has an issue too). That's it.

 

It's cristal clear then that you should always connect (by distributing) links coming from each server bonded interfaces to both switches (say - it's just an example, a possible linking pattern - terminating the four ports bonded LACP coming from Server by uplinking its eth0 to port 1/1, eth1 to 1/48, eth2 to 2/1 and eth3 to 2/24...but any other balanced pattern would work too). Port Trunk, Switch side, shall be formed by those four ports (in this case 1/1+1/48+2/1+2/24) aggregated with LACP.

View solution in original post

Highlighted
Occasional Contributor I

Re: How failover works?


@parnassus wrote:


Yes, you can stack different models (SKUs) together within the very same series (family) thus you can stack a 48 ports along with a 24 ports for a grandtotal of a 72 ports virtual switch.

When your backpkane stack is correctly formed (and you deployed the stack through dedicated hardware Stacking modules+Cables) standalone ports are renumbered so that forty eights ports of 1st 48 ports member switch became 1/1 - 1/48...thus twenty four ports of the 2nd 24 ports member switch became 2/1 - 2/24...and so on. If your 1st stack members goes blue (KO) you will lose first fourtyeitghts ports of your virtual switch (and vice-versa if your 2nd member has an issue too). That's it.

 

It's cristal clear then that you should always connect (by distributing) links coming from each server bonded interfaces to both switches (say - it's just an example, a possible linking pattern - terminating the four ports bonded LACP coming from Server by uplinking its eth0 to port 1/1, eth1 to 1/48, eth2 to 2/1 and eth3 to 2/24...but any other balanced pattern would work too). Port Trunk, Switch side, shall be formed by those four ports (in this case 1/1+1/48+2/1+2/24) aggregated with LACP.


Thanks a lot. Now everything is clear from the failover side. BGP session in this case should not be interrupted, as well as package loss should not happen. 

 

I would like to hear some criticism about the schema that i`ve attached above.

Some people say that it is a bad idea not to use "real" router and run bgp on switch that can do layer 3 (though we don`t need full view as we have only 1 uplink from one neighbour AS), also they say that connecting a firewall "in the loop" and separating the up/down link (dirty/clean traffic) by vlan on the switch is also not good, but noone can explain why.

Appreciate  any advices, maybe based on your experience 

Thanks in advance  

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: