Home / server / Questions / 36687
Accepted
mrdenny
Asked: 2009-07-07 14:54:10 +0800 CST

Spanning Tree Setup

  • 772

I understand the basics of spanning tree, but that's about it. I'm hoping that someone can tell me if this will work as I want it to.

I've got two Cisco ACE load balancers setup for redundancy. Each ACE is connected to its own layer 2 switch. Currently each layer 2 switch is connected to its own 1 Gig fibre link to the CoLo. Each fibre link is setup for a different IP Subnet and our CoLo doesn't offer handling the BGP for us. We have to purchase our own routers to handle that, which is a project which is coming up.

(I've got the layer 2 switches in there because the CoLo provides fibre and the ACEs only have copper so all the switches are doing is changing the fibre to copper for me.)

So currently I can only use a single load ballancer because the ACEs don't support spanning tree. Now the layer 2 switches to support spanning tree, it is just disabled by default. Now if I were to enable spanning tree, and cross connect the layer 2 switches would everything work as expected, or would this cause the network to come crashing down?

I'm hoping to get some expert advise before I try this as it is a production network and I don't have a couple of extra Cisco ACE load ballancers to try it with in a lab.

UPDATE: based on the comments I need to include a diagram. Here's what we currently have.

The problem is that the second ISP link isn't usable to us at the moment because of the lack of BGP. So I want to cross connect the two network switches together. I've been told that if I connect the two ACEs together that'll complete the circle and cause network problems. So if I can connect the switches at the top which support spanning tree that should take care of the problem. Eventually there will be two routers between the top switches and the load ballancers to handle the BGP over the two network links.

Am I making sense? Sorry this is such a mess, I'm much more at home in SQL Server then Networking.

load-balancing cisco spanning-tree cisco-ace

5 Answers

  1. Best Answer

    Update after you provided a diagram:

    You already have a circle there at the bottom half of the diagram. It looks like the ACEs don't bridge, so if you don't have a problem there you shouldn't have a problem connecting the two top ones.

    It's a bit hard to talk about the diagram if you don't name the devices, but let's say I name them left to right, top to bottom. You have a circle ACE1-SW3-ACE2-SW4-ACE1..., obviously there's no problem there (right?). I'm guessing you configured the ACEs so they don't bridge any traffic at all, and therefore no loop.

    Why not connect ACE1 to SW2 and ACE2 to SW1? Then you have the same setup as the bottom part.

    If you have a different VLAN in the top and bottom parts (not the same layer2 segment) then you can't have a spanning tree loop between them.

    It would be clearer if you provided (obfuscated if you like, but make sure we can tell network A from B. Such as 10.123.0.0/24 and 10.123.1.0/24) IP networks on the map, and perhaps VLANs (if you use them).

    Update after naming the switches:

    If the ACE do routing, and therefore are the next-hop for the servers on 10.0.0.0/24 etc.., and don't do bridging (in the ACEs), then connecting the way I said above is safe.

    • 2

  2. I think that what you want is to:

    1. Make ACE2 into a failover peer using the "ft peer" CLI commands
    2. Connect ACE2 to the same switch that ACE1 is connected to.

    This gives you box redundancy (the ACE's pass heartbeat information between them) and switch redundancy (the downstream Catalysts are cross-connected). You aren't, of course, protected from a co-lo switch failure.

    Are you sure you want to go BGP? Who's providing the ASN? Is your downstream network fully portable? You need to make sure that you've got a network architect who can explain the pros and cons to you.

    If you don't do BGP, and your Catalysts are capable of layer-3 switching, then you might want to:

    1. Use VLANs to carve the Catalysts into virtual switches: inside and outside
    2. Use a floating static route or route policy to send packets to the desired ISP.

    There's a few ways to solve this. You would be well-served by a few hours in front of a whiteboard.

    • 1

  3. I have a similar situation where I have a quad port NIC that funnels FTP traffic from two core switches, and a myriad of remote switches.

    I currently have the two core switches and quad-port NIC connected in a triangle, two Gig links on each side. Each of the pairs of GigE is aggregated to give a 2Gig link. I am using Intel NIC adaptive aggregation mode. That seems to work well.

    If you had a single layer 2 switch with 2 Fiber ports up-linking to your colo, then the switch would be similar in spirit to my NIC. Then connect the Cisco devices to the switch, and you're good to go. But I do understand that you are losing redundancy here.

    You're trying to create a fully redundant path from colo to your Cisco devices, correct?

    • 0

  4. As long as the two networks that are behind the ACE's aren't connected then you will be fine.

    • 0

  5. If you have enough interfaces on the ASAs connect both ASAs to both (isp facing) switches and run vrrp or hsrp on the ASAs and then do policy routes or whatever to distribute the traffic across both links.

    example from cisco

    • 0