HPE Aruba Networking & ProVision-based
1839314 Members
2526 Online
110138 Solutions
New Discussion

Re: Multi-Site Help

 
doubleH
Regular Advisor

Multi-Site Help

Site Connectivity.gifHi,

 

We are implementing a secondary office location. Until our new fiber is put in place, we will be using a wireless access point and creating a VPN tunnel between the 2 sites. I can't get my head around how I can have the remote switch connected to our network at our main site.

 

Currently I have the remote switch (2900al) at the main site for configuration and have it connected to our network no problem and can see the switch in PCM. To enable the connection to our network I created a VLAN on both switches and made sure the ports on each switch were in this new VLAN. The main site has a pair of 5406zl that are trunked together. How would I be able to accomplish the same thing when the switch is in a remote location?

 

Thanks

 

7 REPLIES 7
paulgear
Esteemed Contributor

Re: Multi-Site Help

H doubleH,

If you want to join "CORE switches" and "Remote Switch" from your diagram on the same VLAN, you need to provide a layer 2 (bridged/switched) connection between them. Since you have a firewall in the data path, it's very unlikely that you have this - your connection is most likely layer 3. There are various ways to achieve what you're asking, including plugging your fibre (when it comes) directly into the switches and bypassing the firewalls (assuming your ISP is providing a bridged connection), but this is generally not a preferred option. Layer 2 WAN links have the possibility of taking down both sites with a broadcast storm (even a single bad workstation NIC can do this), so i would recommend keeping the sites separated at layer 3 and using routing to get between them.
Regards,
Paul
Brad_199
Frequent Advisor

Re: Multi-Site Help

I'm interested to hear more on that subject Paulgear since this is the setup in my company. Two buildings are connected with a fibre link plugged directly into two layer 3 switches.

Im not quite following your comments are you able to amend doubleH diagram to your suggested config/topology?
paulgear
Esteemed Contributor

Re: Multi-Site Help

Hi Brad_199,

 

The issue with L2 WAN links is you have everything in one broadcast domain.  See http://blog.ioshints.info/2012/05/layer-2-network-is-single-failure.html for a summary.  Ivan has lots more articles on the same topic; have a poke around his blog and you'll find plenty there.

Regards,
Paul
Brad_199
Frequent Advisor

Re: Multi-Site Help

So do you mean even if the ports connecting the switches were in the same vlan and all other ports (to servers etc) were in different vlans in either site, that still has the potential to bring down both buildings?
paulgear
Esteemed Contributor

Re: Multi-Site Help

Hi Brad,

 

A broadcast storm in one VLAN should not impact another on the same site, but think about what happens to a 100 Mbps WAN link, for example, if it is connecting two 1 Gbps environments: a broadcast storm on VLAN 10 on site A floods across the link to site B, and even though VLAN 20 on site A may be unaffected, VLAN 20 between the two sites is affected, because VLAN 10 is taking all of the bandwidth on the link.  This can happen in LAN environments as well, but will often have less impact.

Regards,
Paul
Brad_199
Frequent Advisor

Re: Multi-Site Help

Please don't take this like I am challenging you, because I'm not, I'm still learning my trade so I'm trying to increase the knowledge but how could there be a broadcast storm between two switch ports bearing in mind how a switch forwards broadcasts?

Also what if a variation of spanning tree were enabled on the two switches? Would that alter your concerns of a L2 WAN link?

paulgear
Esteemed Contributor

Re: Multi-Site Help

Hi Brad,

Broadcasts are sent to the all-ones MAC address (ff:ff:ff:ff:ff:ff), and switches forward these frames to all ports on the VLAN except for the one on which they receive them. So broadcast storms are certainly possible.

Spanning Tree can prevent broadcast storms at the source, and it should definitely be deployed on normal office LANs. But a broadcast storm will definitely cross an L2 WAN link if it is not prevented before reaching it.

I'm not saying you should immediately change your link from L2 to L3, but when i'm deploying new WAN links, i always try to use L3.
Regards,
Paul