[c-nsp] L3 to access layer

Mike Johnson harbor235 at gmail.com
Mon Mar 24 11:43:50 EDT 2008


This thread has gone a little off course,  I am really interested in L3 to
the access.
In addition, are there any reasons for not doing it or good reasons to do
it?

current Cisco and Juniper CAN designs to recommend L2 to the access.

any thoughts ?

-Mike j


On 3/21/08, Colin McNamara <Colin at 2cups.com> wrote:
>
> If you want to do teaming across chassis in a L3 to the edge design, you
> have to do something like VSS which makes it kinda "fuzzy".
> Two L3 to the edge designs that I have seen lots of success around it
> setting up MPLS VPN's inside the enterprise datacenter, and then popping
> out to fwsm contexts (or a full throttle ASA now) between vpn's. This
> solves a multitude of problems, especially mergers and acquisitions, and
> segregated business units. You can also do this on a small scale by
> using vrf-lite, though you really need to script the heck out of your
> configs, and if you get to many VRF's running you can run into scaling
> issues.
>
> The other main gotcha with L3 to the edge is VMware. ESX clusters need
> layer 2 adjacency to dynamically move virtual machines between ESX
> servers. Ideally you want these devices in different area's of your DC
> or Metro area for redundancy, but having l3 to the edge really throws a
> wrench in that.
>
> One solution I have been toying with is using VPLS to establish a tag
> switched "vlan" spanning the L3 chassis that ESX exists on. This allows
> you to have the l2 adjacency, while removing STP from your core (VPLS
> contains full paths through your label switch routers). And it also
> allows you to cleanly fit into a metro failover design, while keeping
> your wan label switched.
>
> --
> Colin McNamara
> (858)208-8105
> CCIE #18233,RHCE,GCIH
> http://www.colinmcnamara.com
> http://www.linkedin.com/in/colinmcnamara
>
> "The difficult we do immediately, the impossible just takes a little
> longer"
>
>
>
> James Slepicka wrote:
> > Maybe only a consideration in the data center, but you can't do NIC
> > teaming across multiple switches for fault tolerance.
> >
> >
> > Mike Johnson wrote:
> >
> >> Is anyone doing layer 3 to the access layer? Problems? Cost?
> >>
> >> I know it would be cheaper to go layer 2 to the access but I am looking
> for
> >> problems/issues tchnically that make it less attractive?
> >>
> >>
> >> thanx in advance,
> >>
> >> harbor235
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >>
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
>


More information about the cisco-nsp mailing list