Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Change 1 or both of my HP5412zl to Routing mode

 
drinla
Occasional Contributor

Change 1 or both of my HP5412zl to Routing mode

I have a project to speed up our network performance; here is what I have today:

 

2 HP ProCurve 5412zl connected with ISC (8 GB links as Trk1 – LACP) firmware for both K.15.08.0013. No premium license. I have a MSM765 as wireless controller in one of my 5412 – for my laptop users and Guests.

 

Routing is via a Cisco ASA5512, attached to both switches as Trk2 – dt-lacp (port-Channel in the ASA). ASA version 9.1(1).

Multiple managed Cisco switches and a ton of unmanaged Netgear switches.

 

A total of 10 VLANs, 6 for my users, phone system and server (for now called routed networks), 1 for Guest network, and 3 more secure for Management, storage and backup. A total of about 300 IP devices.

 

The ASA is used for the Site-to-Site VPN for our remote sites.

 

A mix of Windows and Linux server – some physical, most are VMware. Servers are connected to the 5412 as DT-LACP trunks (connected to both 5412) for performance and failover (if one switch goes down).

 

Reason why to change:

I want to use IPS functionality in my ASA and had a trial version running. Performance of the internal network went very poor. Example – A user in the user VLAN accessing a server in the server VLAN – right click context menu on the server: from instantly to about 2 – 3 seconds. The IPS was checking everything – I turned it off. Users are happy again. If I have the 5412 running in routing mode, I would be able to turn on my IPS – my guess. True?

 

Here is what I want to do:

Turn on the routing capability on the 5412.

 

Q: do I have to turn routing on for both switches? Originally I wanted to do with VRRP, but I don’t have the premium license – would cost about $2k each 5412 to have this feature (and others) – $4k.

 

Configure my “routed networks” VLAN with a VLAN IP (and Gateway).

 

Does it make sense to have my server connected to both switches with DT-LACP – if the main switch goes down I lose my routing – or I need two GW?

 

I have iSCSI storage attached to both switches. I can configure the switch, as well the server in this VLAN to not use a Gateway. A reboot of one of the switches should be transparent for the storage (and server). True?

 

My storage VLAN I would not configure on my ASA nor for the trunk between the ASA and the 5412 – correct?

 

Do I need to configure my other “routed networks” on the ASA and for the trunk? Not sure about this.

 

Do I need a Routing protocol? If yes, I would need to use RIP –5412 has OSPF protocol only included with the premium license. I have to configure this on my ASA, as well 1 or both of my 5412. What is the best procedure to have RIP implemented.

 

All my clients using DHCP – I need to change the GW from the router IP to any of the 5412 VLAN IP (best the VLAN GW)?

 

Do I need proxy-arp ? – was reading about in one thread

 

What else do I miss to perform this change?

 

2 REPLIES 2
Vince_Whirlwind
Trusted Contributor

Re: Change 1 or both of my HP5412zl to Routing mode

1/ If you don't have VRRP, then you should turn on IP routing on your chosen "core"

 

2/ For each VLAN, remove the current "default gateway" from the firewall and configure that address on the VLAN interface on your "Core".

For each VLAN you move to the "Core" remove that VLAN entirely from the firewall. Delete the VLAN, delete the VLAN interface.

Create a new link between your core and the firewall - a stand-alone VLAN that dousn't go anywhere but this point-to-point link between "Core" and firewall.

Create routes on the firewall pointing at the "Core" for any of your internal subnets.

Create a default route on the "Core" pointing at the firewall.

 

3/ Can servers have two default routes configured? If so, you could enable IP routing on your second 5412 and configure a second address on the Server VLAN interface and get the servers to use that. The 2nd 5412 needs a default route pointing at the 1st 5412. Starting to get messy. Sure you can't get a premium licence?

 

4/ If your iSCSI doesn't have a gateway, how is it reachable from anywhere?

 

5/ No, your storage VLAN will be internal. The connection between "Core" and ASA is not a trunk, just an aggregated point-to-point link.

 

6/ You should keep your routing simple: internal subnets are routed by the "Core", the ASA is there to route to the outside.

 

7/ I don't see why you need RIP. Best to configure it statically so you aren't relying on any dynamic and potentially unpredictable process.

 

8/ You will need DHCP helpers on your "core" router interfaces.

drinla
Occasional Contributor

Re: Change 1 or both of my HP5412zl to Routing mode

Thank you Vince for your fast and informative reply!

 

I'll try to get this implemented the coming weekend.