[c-nsp] Wireless Controllers, SVIs and WCCP
Jeff Kell
jeff-kell at utc.edu
Sun Nov 18 18:35:36 EST 2012
On 11/18/2012 6:20 PM, Andrew Miehs wrote:
> Although not a bad idea, it will be a little difficult to convince
> management that we now want to replace the controllers.
> The reason for MPLS is that we could just hang all the wireless gear off a
> wireless only PE, rather than requiring an extra hop from a CE.
> This is a large campus network, and I am a big believer in collapsed PE/CE
> for this type of environment.
You can "VRF-Lite" this arrangement without MPLS. We run our wireless
(Aruba, but similar central controller) with APs/Controllers in their
own VRF, and the userland SVIs from the controller split across multiple
VRFs depending on the resulting wireless role for the user. Simple
trunks work just fine with a dedicated vlan per VRF as the backbone
link, no need for official MPLS here.
There is the issue of tunneling the APs back to the controller... for
remote sites, if you can't encapsulate the MPLS layer-2 connectivity,
you can of course just let it tunnel naturally (assume the Cisco's can
do that like the Aruba's) back to the controller. For remotes, we use
IPsec VPN and bring it back a little more securely than plain public
internet tunneling would provide.
> The other issue is that we will still need a router to host all the SVIs.
> All of our "routers" are 6500s or smaller switches and the number of
> wireless users we have causes quite a load on the CPU - so regardless, we
> would still need to buy an additional router.
We used to use 3750s, but they will max out at 6K mac addresses. We
have an intermediate 4500 now that seems to be handling the load.
Jeff
More information about the cisco-nsp
mailing list