04-30-2012 07:29 AM
I need some insight on design more than anything. We have a pair of FWS648G switches running L3 base code. Along side we have 10 FWS624-POE switches running L2 code. Currently our main switch is one of the 648G switches which acts as our gateway for our subnets, (.3.11). The second 648G (.3.10) has a pair of ports setup as a trunk to .3.11. The rest of the 624's have a connection to each of the 648G's. So we have a nice big loop with RSTP configured and working well.
The issue is that our .3.11 is still our main gateway switch, and if it were to fail everything fails for going out to the world. Is there a means to have a connection from each 648G to our carriers router (Cisco 1811). One thought was if I stack the two 648G's could I have a virtual interface that spans across both switches, so that our gateway IP is virtual across the two switches? The carrier manages the Cisco, we can have them make changes, but we like having our configuration and control right up to the "edge".
Or is there a better design that we could use?
04-30-2012 11:48 AM
You'll want to look at VRRP, (of VRRP-e if the FWS648Gs support it...don't know off the top of my head).
VRRP(e) gives you a "virtual IP" that can be active on one or the other of the routers, with a heartbeat protocol between them so that if the router that currently actively carries the virtual IP goes down, the other will take over for the IP addres (and MAC) so traffic will reroute through the other.
I'll say that my personal preference would've been to route on all the FWSs (include the 624's) and just let whatever routing protocol you wish to use between all the FWSs (probably OSPF) handle rerouting around failures. I understand, however, that I'm a bit out of mainstream thought on preferring to do things at Layer 3 rather than Layer 2. *shrug*
05-15-2012 07:27 AM
Thanks Jeff. My apologize for the delay. We ended up configuring and deploying the VRRP solution. The VRRP-e was not available on the base L3 code. But this solution works for us. There is one other question. While we did this work we looked at the configuration, and the intial or "owner" switch had 5 Router IP addresses configured as virtual interfaces. It seems that each VLAN and subnet associated with it's respective router IP allows for routing between each other subnet. I went through the documentation and Brocade has their ISR technology that does this. Is there any way to have multiple virtual interfaces configured but without ISR enabled?
05-15-2012 08:05 AM
I don't think it is possible to do it without ISR, as ISR essentially is the ability to deal with virtual interfaces associated with a VLAN. What would be the purpose of having a virtual interface (interface ve <num>) except to do routing between the VLANs?
To continue from the original question, VRRP can be configured on the ve interface just as easily as it could be on an ethernet interface directly.
So, my guess if you've got your 10 downstream L2-only switches partitioned into some number of VLANs/IP subnets and you want to set up the 648Gs to switch between connections in the same VLAN (if there are any) and route between the separate VLANs. This is a pretty commonplace setup.
You define the VLANs with the appropriate ports as members of the appropriate VLAN based on what downstream switches need to members of the appropriate VLAN. You configure a router-interface on each VLAN (I'm assuming, here that the config directives are the same as the FESXs that I'm used to...flavor to suit the FWS if its not), and then on the ve interface created by the router-interface directive, you can configure your IPs, VRRP, and whatever routing configuration you need.
This is essentially a description of what ISR does, and based on the specs I could find, seems to be supported in base L3 code on the FWS line.