[c-nsp] L3 to access layer

Colin McNamara Colin at 2cups.com
Fri Mar 21 14:41:47 EDT 2008 

If you want to do teaming across chassis in a L3 to the edge design, you 
have to do something like VSS which makes it kinda "fuzzy".
Two L3 to the edge designs that I have seen lots of success around it 
setting up MPLS VPN's inside the enterprise datacenter, and then popping 
out to fwsm contexts (or a full throttle ASA now) between vpn's. This 
solves a multitude of problems, especially mergers and acquisitions, and 
segregated business units. You can also do this on a small scale by 
using vrf-lite, though you really need to script the heck out of your 
configs, and if you get to many VRF's running you can run into scaling 
issues.

The other main gotcha with L3 to the edge is VMware. ESX clusters need 
layer 2 adjacency to dynamically move virtual machines between ESX 
servers. Ideally you want these devices in different area's of your DC 
or Metro area for redundancy, but having l3 to the edge really throws a 
wrench in that.

One solution I have been toying with is using VPLS to establish a tag 
switched "vlan" spanning the L3 chassis that ESX exists on. This allows 
you to have the l2 adjacency, while removing STP from your core (VPLS 
contains full paths through your label switch routers). And it also 
allows you to cleanly fit into a metro failover design, while keeping 
your wan label switched.

-- 
Colin McNamara
(858)208-8105
CCIE #18233,RHCE,GCIH 
http://www.colinmcnamara.com
http://www.linkedin.com/in/colinmcnamara

"The difficult we do immediately, the impossible just takes a little longer"



James Slepicka wrote:
> Maybe only a consideration in the data center, but you can't do NIC 
> teaming across multiple switches for fault tolerance.
>
>
> Mike Johnson wrote:
>   
>> Is anyone doing layer 3 to the access layer? Problems? Cost?
>>
>> I know it would be cheaper to go layer 2 to the access but I am looking for
>> problems/issues tchnically that make it less attractive?
>>
>>
>> thanx in advance,
>>
>> harbor235
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>   
>>     
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list