Thursday, October 18, 2012

Network Design Challenge

PHYSICAL TOPOLOGY


       LOGICAL TOPOLOGY

Recently one of the customer I am working for came up with an interesting requirement.

Current customer setup look alike something similar to topology (logical) given above. Customer has two locations per say connected through back to back T1 Circuits. In current setup R1-R3 is the primary path, and if a failure occurs in that case traffic should fall back to backup path using R2-R4. Customer is using One HSRP group on each side for auto failover purpose and currently static routing is in place.
 
So considering all this, following is how over all traffic flow looks like at the moment from A to C and from B to C perspective:
 



Hmmm... sounds like a pretty flat and easy network... isn't it ? :-)


Now here is the new requirement: As you guys can see we are wasting our bandwidth here on the backup circuit between R2-R4. And Bandwidth in our real life means $$$$$$ :-)

So here is new desired flow: When Host A talks to Host C, It should use Path through R1-R3. At the same time if Host B talks to Host C, It should use Path through R2-R4. At the same time both links should be redundant for each other for all traffic flow. So based on this requirement , the traffic flow needs to look like following:



As you can see , we need to account 8 potential FAILURE DOMAINS to ensure our fail-over scenarios works just fine. 


Also requirement is to ensure we don't have any asymmetric routing into the network. And of course NO dynamic routing protocol should be introduced.

So how you gonna do this ? :-) , since from very high level perspective it looks very easy. But it ain't :-)

            
Current Configuration
++++++++++++++                                                                                                                        
SW-A
=====

!
en
!
conf t
!
ho SW-A
!
no ip do lo
!
no cdp run
!
ip routing
!
int f1/1
 sw mo acc
 sw acc vl 10
 exit
!
int vlan 10
 ip add 10.0.0.1 255.255.255.0
 no sh
 exit
!
ip route 20.0.0.0 255.255.255.0 12.0.0.1
ip route 30.0.0.0 255.255.255.0 12.0.0.1
!
int f1/0
 no switchport
 ip add 12.0.0.2 255.255.255.0
 no sh
 exit
!
end


!


SW-B
=====

!
en
!
conf t
!
ho SW-B
!
no ip do lo
!
no cdp run
!
ip routing
!
int f1/0
 no switchport
 ip add 34.0.0.2 255.255.255.0
 no sh
 exit
!
int f1/1
 sw mode access
 sw acc vl 20
 exit
!
int f1/2
 sw mode access
 sw acc vl 30
 exit
!
int vlan 20
 ip add 20.0.0.1 255.255.255.0
 no sh
 exit
!
int vlan 30
 ip add 30.0.0.1 255.255.255.0
 no sh
 exit
!
ip route 0.0.0.0 0.0.0.0 34.0.0.1
!
end
!


R1
====

!
en
!
conf t
!
ho R1
!
no ip do lo
!
int f0/0
 ip add 12.0.0.111 255.255.255.0
 standby 1 ip 12.0.0.1
 standby 1 pri 105
 standby 1 pree
 standby 1 track s1/0
 exit
!
int s1/0
 ip add 13.0.0.1 255.255.255.0
 encap ppp
 no sh
 exit
!
ip route 20.0.0.0 255.255.255.0 13.0.0.3
ip route 30.0.0.0 255.255.255.0 13.0.0.3

ip route 0.0.0.0 0.0.0.0 13.0.0.3
!
ip route 10.0.0.0 255.255.255.0 12.0.0.2
!
end
!



R2
===

!
en
!
conf t
!
ho R2
!
no ip do lo
!
no cdp run
!
int f0/0
 ip add 12.0.0.112 255.255.255.0
 standby 1 ip 12.0.0.1
 standby 1 pree
 no sh
 exit
!
int s1/0
 ip add 24.0.0.2 255.255.255.0
 encap ppp
 no sh
 exit
!
ip route 20.0.0.0 255.255.255.0 24.0.0.4
ip route 30.0.0.0 255.255.255.0 24.0.0.4

ip route 0.0.0.0 0.0.0.0 24.0.0.4
!
ip route 10.0.0.0 255.255.255.0 12.0.0.2
!
end
!


R3
===

!
en
!
conf t
!
ho R3
!
no ip do lo
!
no cdp run
!
int f0/0
 ip add 34.0.0.3 255.255.255.0
 standby 1 ip 34.0.0.1
 standby 1 pri 105
 standby 1 pree
 standby 1 track s1/0
 no sh
 exit
!
int s1/0
 ip add 13.0.0.3 255.255.255.0
 encap ppp
 no sh
 exit
!
ip route 10.0.0.0 255.255.255.0 13.0.0.1
ip route 0.0.0.0 0.0.0.0 13.0.0.1
!
ip route 20.0.0.0 255.255.255.0 34.0.0.2
ip route 30.0.0.0 255.255.255.0 34.0.0.2
!
end
!
 


R4
===

!
en
!
conf t
!
ho R4
!
no ip do lo
!
no cdp run
!
int f0/0
 ip add 34.0.0.4 255.255.255.0
 standby 1 ip 34.0.0.1
 standby 1 pree
 no sh
 exit
!
int s1/0
 encap ppp
 ip add 24.0.0.4 255.255.255.0
 no sh
 exit
!
ip route 10.0.0.0 255.255.255.0 24.0.0.2
ip route 0.0.0.0 0.0.0.0 24.0.0.2
!
ip route 20.0.0.0 255.255.255.0 34.0.0.2
ip route 30.0.0.0 255.255.255.0 34.0.0.2
!
end
!




So let's see who among you is a Real Network Warrior  :-)




Final Config

R1
====

!
en
!
conf t
!
ho R1
!
no ip do lo
!
ip sla 2
 icmp-echo 34.0.0.3 source-interface f0/0
 freq 5
 timeout 5000
 exit
!
ip sla schedule 2 life forever start-time now
!
track 2 rtr 2 reachability
!
int f0/0
 ip add 12.0.0.111 255.255.255.0
 standby 1 ip 12.0.0.1
 standby 1 pri 105
 standby 1 pree
 standby 1 track s1/0
 standby 1 track 2
 standby 2 ip 12.0.0.11
 standby 2 pree
 no sh
 exit
!
int s1/0
 ip add 13.0.0.1 255.255.255.0
 encap ppp
 no sh
 exit
!
ip route 20.0.0.0 255.255.255.0 13.0.0.3
ip route 0.0.0.0 0.0.0.0 13.0.0.3
!
ip route 10.0.0.0 255.255.255.0 12.0.0.2
!
end
!





R2
===

!
en
!
conf t
!
ho R2
!
no ip do lo
!
no cdp run
!
ip sla 1
 icmp-echo 34.0.0.4 source-interface s1/0
 time 500
 freq 3
 exit
!
ip sla schedule 1 life forever start-time now
!
track 2 rtr 1 reachability
!
int f0/0
 ip add 12.0.0.112 255.255.255.0
 standby 1 ip 12.0.0.1
 standby 1 pree
 standby 2 ip 12.0.0.11
 standby 2 pri 105
 standby 2 pree
 standby 2 track 2
 no sh
 exit
!
int s1/0
 ip add 24.0.0.2 255.255.255.0
 encap ppp
 no sh
 exit
!
ip route 30.0.0.0 255.255.255.0 24.0.0.4
ip route 0.0.0.0 0.0.0.0 24.0.0.4
!
ip route 10.0.0.0 255.255.255.0 12.0.0.2
!
end
!


SW-A
=====

!
en
!
conf t
!
ho SW-A
!
no ip do lo
!
no cdp run
!
ip routing
!
int f1/1
 sw mo acc
 sw acc vl 10
 exit
!
int vlan 10
 ip add 10.0.0.1 255.255.255.0
 no sh
 exit
!
ip route 20.0.0.0 255.255.255.0 12.0.0.1
ip route 30.0.0.0 255.255.255.0 12.0.0.11
!
int f1/0
 no switchport
 ip add 12.0.0.2 255.255.255.0
 no sh
 exit
!
end
!



R3
===


!
en
!
conf t
!
ho R3
!
no ip do lo
!
no cdp run
!
int f0/0
 ip add 34.0.0.3 255.255.255.0
 standby 1 ip 34.0.0.1
 standby 1 pri 105
 standby 1 pree
 standby 1 track s1/0
 no sh
 exit
!
int s1/0
 ip add 13.0.0.3 255.255.255.0
 encap ppp
 no sh
 exit
!
ip route 10.0.0.0 255.255.255.0 13.0.0.1
ip route 0.0.0.0 0.0.0.0 13.0.0.1
!
ip route 20.0.0.0 255.255.255.0 34.0.0.2
ip route 30.0.0.0 255.255.255.0 34.0.0.2
!
ip route 24.0.0.0 255.255.255.0 34.0.0.4
!
access-l 100 permit ip 30.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
!
ip sla 1
 icmp-echo 24.0.0.4 source-ip 34.0.0.3
 timeout 5000
 frequency 3
!
ip sla schedule 1 life forever start-time now
!
ip sla 3
 icmp-echo 12.0.0.112 source-interface FastEthernet0/0
 frequency 5
!
ip sla schedule 3 life forever start-time now
!
track 1 rtr 1 reachability
!
track 3 rtr 3 reachability
!
track 2 list boolean and
 object 1
 object 3
!
route-map PBR per 10
 match ip address 100
 set ip next-hop verify-availability 34.0.0.4 1 track 2
route-map PBR per 20
 exit
!
int f0/0
 ip policy route-map PBR
 no ip route-cache cef
 exit
!
ip sla 5
 icmp-echo 12.0.0.111 source-interface Serial1/0
 frequency 5
 timeoute 5000
!
ip sla schedule 5 life forever start-time now
!
track 5 rtr 5 reachability
!
int f0/0
 standby 1 track 5
 exit
!
end
!



R4
===

!
en
!
conf t
!
ho R4
!
no ip do lo
!
no cdp run
!
int f0/0
 ip add 34.0.0.4 255.255.255.0
 standby 1 ip 34.0.0.1
 standby 1 pree
 no sh
 exit
!
int s1/0
 encap ppp
 ip add 24.0.0.4 255.255.255.0
 no sh
 exit
!
ip route 10.0.0.0 255.255.255.0 24.0.0.2
ip route 0.0.0.0 0.0.0.0 24.0.0.2
!
ip route 20.0.0.0 255.255.255.0 34.0.0.2
ip route 30.0.0.0 255.255.255.0 34.0.0.2
!
end
!





SW-B
=====


!
en
!
conf t
!
ho SW-B
!
no ip do lo
!
no cdp run
!
ip routing
!
int f1/0
 no switchport
 ip add 34.0.0.2 255.255.255.0
 no sh
 exit
!
int f1/1
 sw mode access
 sw acc vl 20
 exit
!
int f1/2
 sw mode access
 sw acc vl 30
 exit
!
int vlan 20
 ip add 20.0.0.1 255.255.255.0
 no sh
 exit
!
int vlan 30
 ip add 30.0.0.1 255.255.255.0
 no sh
 exit
!
ip route 0.0.0.0 0.0.0.0 34.0.0.1
!
end
!





HTH...
DEEPAK ARORA
Evil CCIE

11 comments:

Originull Networks said...

Hello. My company is always trying to stay connected with talented network engineers. If you happen to be job hunting for full-time or part-time opportunities or know someone who is, please refer to http://originullnetworks.com/jobs/

Henrik G said...

I guess two HSRP groups is a start?

But then I'm lost, haha!

HUMOROUS HEMANTH said...

Hi

On Switch A there is a Static Route configuration as follows

ip route 30.0.0.0 255.255.255.0 12.0.0.11

But i dont see any IP Address such as 12.0.0.11 in the diagram

What is the gateway configured on A,B and C
Is it the HSRP VIP or else SVI Address.

If HSRP VIP address, then you need to have MHSRP configured from R3 and R4 so that R3 will be master for VLAN 20 and R4 will be master for VLAN 30

In case of R1 and R2,HSRP or MSHSRP wont work because of single VLAN and all traffic will traverse through a single router only.

If SVI address is configured as gateway then SWB has to send VLAN 20 frames to R3 and VLAN 30 frames to R4, so it can be done by just static routing on SWB but it doesn't offer redundancy :)

Ok on SWA we can have floating static routes

ip route 20.0.0.0 255.255.255.0 12.0.0.1

ip route 30.0.0.0 255.255.255.0 12.0.0.112 f1/0

ip route 30.0.0.0 255.255.255.0 12.0.0.1 100


This should provide us both redundancy and Effective utilization of links

But on the other side, its too tricky to think through, i thought of PBR but still it doesn't loadbalance effectively

Can i use any NAT based solutions to achieve this ?

HUMOROUS HEMANTH said...

Yeap gotchaa

We can use PBR on SWB side to generate the the traffic flow for A from B and C such as R3----R1 and R4---R2 respectively

On SWB configure PBR

route-map VLAN_20 permit 10
match ip add 100
set ip next-hop 34.0.0.1

access-list 100 permit ip 20.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255

int vlan 20
ip policy route-map VLAN_20

route-map VLAN_30 permit 10
match ip add 105
set ip default next-hop 34.0.0.1

access-list 105 permit ip 30.0.0.0 0.0.0.255 10.0.0.0 0.0.0.255

ip route 10.0.0.0 255.255.255.0 34.0.0.4

int vlan 30
ip policy route-map VLAN_30

This will work out for redundancy n utilization of links

Deepak Arora said...

Hemanth, Here are quick answers:

> For A,B & C , their respective SVIs are configured as gateways.

> The potential problem with you SW-B configuration is that it the if R2's F0/0 goes down, your packet would be routed upto R2 S1/0 but eventually be get dropped.

In my real Design though, the situation was even challenging since I had a Checkpoint R70 Firewall cluster instead of SW-B which doesn't allow your configuration. ;-)

HUMOROUS HEMANTH said...

Oh ok so we can have a SLA tracking for R2 F0/0 interface on R4 and if the Track fails, R4's F0/0 interface state will be down.

EEM script on R4 to track R2 f 0/0 address reachability and if it is not reachable, make R4 F 0/0 down.

I dont have the commands on top of my mind. These are possible solutions.

Deepak Arora said...

That's a possibility but the solution is becoming over complicated. I'll post my solution Wednesday. Let see if someone is coming with more easier solution by the time. ;-)

HUMOROUS HEMANTH said...

Is there any easiest solution than this?
:)

I thought of configuring MHSRP and tracking the interface and changing the priority. I think that may help

And i think Static route with IP SLA track will also work .

HUMOROUS HEMANTH said...

Yes there is another solution

1. Configure MHSRP between R3 and R4 and make R3 as master gateway for Vlan 20 and R4 as master gateway for Vlan 30.
Make them standby for each other vlans.

2. Track R1's F0/0 interface on R3 and decrement the priority and make R4 as master and R2's F 0/0 interface on R4 and decrement the priority and make R3 as master

3. On SWA Floating static routes should work fine with ip sla tracking attached to the static routes works fine.

Piffer said...

At my last job, we had a very similar setup. We were running OSPF so that initially took care of load balancing the traffic, as we built tunnels across the infrastructure. What we ran into was that VoIP suffered bad being mixed with data, so by using BGP and route-maps we sent certain traffic over one link, and data over the other. If either link failed, traffic didn't suffer too bad.

-P

shivlu jain said...

use rsvp to build the tunnels..