HPE Community
Switches, Hubs, and Modems
1753481 Members
4116 Online
108794 Solutions
New Discussion юеВ

Re: New Switch Config Ideas/Recommendations - Vlans / Redundant Paths

 
SOLVED
Go to solution
David Frensham
Occasional Contributor

тАО06-16-2010 06:09 PM

тАО06-16-2010 06:09 PM

New Switch Config Ideas/Recommendations - Vlans / Redundant Paths

Hi All

I have read a number of posts where you have provided some guidance based on your hands on experience on HP switches and am hoping you can help me.

Please go easy, I am kind of new to this. I have done a lot of top level reading but not much hands on.

Background
We have got a network consisting of around 120 pcs, 10-12 servers. Cat5e throughout.

I have inherited a mix of old 3com switches.

In the main wiring closest 2nd flr I have 48 ports (2 stacked 3870├в s), nokia IP295 firewall (6 Nics, 4 in use linked to different vlans), internet service provided through two cisco routers doing hsrp each providing 2 different internet feeds for failover, a Les3 router link to a DR site, another router link via an MPLS network to Canada.

I have got public ISP provided IP├в s used inside the network and additional private subnets as well!.

We have also got the beginnings of IP phones being distributed and these have been put on the DMZ vlan (don├в t ask).

These two switches have got vlans implemented in a sporadic way each with ports added in no particular physical order.

VLAN 1 general nw on 192.168.10.x & 192.168.40.x and public 62.188.116.x
VLAN 2 external nw on 62.188.116.192 (dmz and ip phones)
VLAN 3 guest nw on 192.168.30.x
VLAN 4 internet / vpn ├в 62.188.116.129

So from the above everything has become reliant on two 24 port switches stacked together which are old, failing fans and at capacity. The closet is max├в d out. The only thing to happen in this closet room in the future is that the digital phone handsets will be replaced, meaning we will gain space on the voice extension space in the racks but will need switch ports providing POE for future handsets on that floor.

The firewall has 6 NICs, 4 in use and does all routing between Vlans. The 4 Nics are connected to the main stack but in different VLANS.

We have a server room consisting of a bunch of servers, where each server is teamed onto two different switches. These switches are 3870├в s; they ARE NOT stacked.
Both switches connect to the Stack upstairs using Fibre.

We have four other Edge locations where we have single 3com switches. These are connected using either fibre or Cat5e cables.

These edges need switch replacements as expansion is in the offing and we will need to consider poe and non poe switches. VLANS will need to be spread across all switches as physical devices may have to belong to different VLANs for specific reasons.

Based on my thoughts, I├в ve put the following idea together.

I need to make sure there is a redundant path from all major switches in the LAN and make sure the Firewall has multiple links to the LAN so that there is a route from another switch if the main switch fails.

Cost is an issue. In terms of redundancy, I need to know when and if a network switch fails completely, what is the time delay before clients will suddenly realise a different route; I accept there will be an application timeout or something along those lines, but I do not want to go rebooting switches or devices. Is it reasonable to demand this at the low end of the product range.

I├в ve also considered the switches below based on physical space considerations.

My thoughts were to use a combination of 4208vl-72GS and 4204vl-48GS with additional 20 Port T-Gig modules which also come with 4 SFPs which I can populate with SX-LC Mini Gbics. My intention is to use the ports for a mix of PC and IP phones (with phones using poe injectors) or if I can get budget use dedicated high density poe switches for areas where we need IP Phones.

Since I have chosen Chassis switches mainly, I have thought about using multiple modules in each switch and then using single connections from both modules to create a redundant path if one module fails.
Anybody got any comments on where modules fail or do chassis├в s just fail ├в is it worth trying to solve this delima.

The diagram doesn├в t show the Firewall having 4 phyiscal connections to switch ports but assume it does. I do however, want to know if I can put a cable on the 5th NIC in the firewall and link it to another switch downstairs, therefore if the 2nd floor switch failed completely, the rest of the network would still have internet access.

So besides making sure we have a fast├в ish redundant links which can work without doing anything to most places (I know I can├в t do it all over the place as some edge locations only one links to one other area), I also need to make sure the solution also meets a future ISCSI solution that may be introduced in the future. The idea is that an ISCSI SAN will be linked to the main server farm switches. I have been given guidelines on the switches and they must support the following:

Non├в Blocking backplane design
A switch should be able to provide the same amount of backplane bandwidth to support full duplex communication on ALL ports simultaneously.
Support for Inter├в Switch Linking (ISL) or Dedicated Stacking Architecture
ISL support is required to link all switches in SAN infrastructure together. For non├в stacking switches, the switch should support designating one or more (through Link Aggregation Groups) ports for inter├в switch links.
For stacking switches, the use of stacking ports for ISL is assumed. Switch should provide at least 20 Gbps full├в duplex bandwidth.
Support for creating Link Aggregation Groups (LAG)
For non├в stacking switches, the ability to bind multiple physical ports into a single logical link for use as an ISL is required. Switch should support creating LAGs of at least 8x 1Gbps ports or at least 1x 10Gbps port.
Support for active or passive Flow Control (802.3x) on ALL ports.
Switches must be able to actively manage ├в pause├в frames received from hosts, or they must passively pass all ├в pause├в frames through to the target arrays.
Support for Rapid Spanning Tree Protocol (R├в STP)
For SAN infrastructures consisting of more than 2 non├в stacking switches, R├в STP must be enabled on all ports used for ISLs. All non├в ISL ports should be marked as ├в edge├в ports or set to ├в portfast├в .

Support for Jumbo Frames

Not a requirement, but desirable. Many storage implementations can take advantage of Jumbo Frames. Jumbo frames may not provide any performance increases depending on the application and data characteristics.
Ability to disable Unicast Storm Control
iSCSI in general, and Dell EqualLogic SANs in particular can send packets in a very ├в bursty├в profile that many switches mis├в diagnose as a viral induced packet storm. Since the SAN should be isolated from general Ethernet traffic, the viral possibilities are non├в existent. Switches need to always pass Ethernet packets regardless of bandwidth utilization.
Adequate Buffer Space per switch port
The Dell EqualLogic SAN solution makes use of the SAN infrastructure to support inter├в array communication and data load balancing on top of supporting data transfers between the hosts and the SAN. For this reason, the more buffer space per port that a switch can provide the better.
Due to the multitude of buffer implementations used by switch vendors, Dell cannot provide definitive guidelines as to how much is enough, but should be enough such that data is not lost during when traffic reaches extreme levels.

Sorry for such a long posting. I know I could change out the Datacentre/server Farm switches to something like two individual 24 port switches which may have a better expansion capability such as a 10Gbe.

Finally, from a software configuration point of view, what are the main features I will be using. I keep seeing vrrp, vtp, mstp and rstp.
0 Kudos
4 REPLIES 4
David Frensham
Occasional Contributor

тАО06-16-2010 06:11 PM

тАО06-16-2010 06:11 PM

Re: New Switch Config Ideas/Recommendations - Vlans / Redundant Paths

sorry in advance, I posted this but noticed lots of characters messed up.
0 Kudos
David Frensham
Occasional Contributor

тАО06-17-2010 04:13 PM

тАО06-17-2010 04:13 PM

Re: New Switch Config Ideas/Recommendations - Vlans / Redundant Paths

Anyone got any comments/help.
Tx.
0 Kudos
EckerA
Respected Contributor

тАО06-17-2010 10:10 PM

тАО06-17-2010 10:10 PM

Solution

Re: New Switch Config Ideas/Recommendations - Vlans / Redundant Paths

ok,
i will try to answer some of your questions:

1)"I need to make sure there is a redundant path from all major switches in the LAN and make sure the Firewall has multiple links to the LAN so that there is a route from another switch if the main switch fails."

don't know but i guess it should work with vrrp/hsrp at your FW.

2)" I need to know when and if a network switch fails completely, what is the time delay before clients will suddenly realise a different route; Is it reasonable to demand this at the low end of the product range."

not really a question of HP switches but the Protocol used: RSTP/MSTP should be fast enough to achieve that.

3)"Since I have chosen Chassis switches mainly, I have thought about using multiple modules in each switch and then using single connections from both modules to create a redundant path if one module fails. "

Does make sense. Modules do fail occasionaly.

4)"Non├Г┬в├В ├В Blocking backplane design
A switch should be able to provide the same amount of backplane bandwidth to support full duplex communication on ALL ports simultaneously. "

hm, with 4200vl, as far as i know the 4200vl isn't none blocking. 4208 has 76,8GB/s / 8= 9,6-> with 40 to 48 GB/s Module thats not really none blocking!

5)"Support for Inter├Г┬в├В ├В Switch Linking (ISL) or Dedicated Stacking Architecture
ISL support is required to link all switches in SAN infrastructure together. For non├Г┬в├В ├В stacking switches, the switch should support designating one or more (through Link Aggregation Groups) ports for inter├Г┬в├В ├В switch links.
For stacking switches, the use of stacking ports for ISL is assumed. Switch should provide at least 20 Gbps full├Г┬в├В ├В duplex bandwidth.
Support for creating Link Aggregation Groups (LAG)
For non├Г┬в├В ├В stacking switches, the ability to bind multiple physical ports into a single logical link for use as an ISL is required. Switch should support creating LAGs of at least 8x 1Gbps ports or at least 1x 10Gbps port.
Support for active or passive Flow Control (802.3x) on ALL ports.
Switches must be able to actively manage ├Г┬в├В ├В pause├Г┬в├В ├В frames received from hosts, or they must passively pass all ├Г┬в├В ├В pause├Г┬в├В ├В frames through to the target arrays.
Support for Rapid Spanning Tree Protocol (R├Г┬в├В ├В STP)
For SAN infrastructures consisting of more than 2 non├Г┬в├В ├В stacking switches, R├Г┬в├В ├В STP must be enabled on all ports used for ISLs. All non├Г┬в├В ├В ISL ports should be marked as ├Г┬в├В ├В edge├Г┬в├В ├В ports or set to ├Г┬в├В ├В portfast├Г┬в├В ├В ."

Real stacking isn't supported by the Procurve switches. with the 4200 you can build channels up to 8GB. there is a 10GB modules. with the 4200 you can't do distributed trunking and it doesn't support jumbo frames.

6)"Finally, from a software configuration point of view, what are the main features I will be using. I keep seeing vrrp, vtp, mstp and rstp."

With the 4200vl you don't have the option for vrrp. vtp is cisco. the 4200 does support mstp and rstp.


hth.
Alex


David Frensham
Occasional Contributor

тАО06-18-2010 01:16 AM

тАО06-18-2010 01:16 AM

Re: New Switch Config Ideas/Recommendations - Vlans / Redundant Paths

Alex
Thanks for the pointers.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.