Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Marco32
Contributor

Uplink bond configuration for redundant router

Hello, I would your support to better understand how to configure uplink on dual orchestrator MHO-140.

I'm migrating from a VSX enviroment with 2 member that are connected in this way to a couple of router that implement HSRP, so only one router per time is active and I have a 20GB of channel available:

bond_1
Member_1 : eth1-01 (10GB) -> Router_A : eth1
Member_1 : eth1-02 (10GB) -> Router_A : eth2

bond_1
Member_2 : eth1-01 (10GB) -> Router_B : eth1
Member_2 : eth1-02 (10GB) -> Router_B : eth2

Moving this enviroment on Maestro, is it correct this configuration to have similar redundancy to the router and same speed?

bond_1
MHO_1 : eth1-05 (10GB) -> Router_A : eth1
MHO_2 : eth2-05 (10GB) -> Router_A : eth2
MHO_1 : eth1-05 (10GB) -> Router_B : eth1
MHO_2 : eth2-05 (10GB) -> Router_B : eth2

In this way I have only one bond configured on SMO (on VSX, VS0) with 4 slave interface but only the eth1-05 on both MHO will be active with a 20GB of speed.
In case of Router_A failure, HSRP will move on Router_B and the ports eth2-06 of both MHO (that are in the same bond) will be used.

Is this configuration correct?

Regards
M

0 Kudos
12 Replies
Wolfgang
Authority
Authority

Have look at How to configure Single Site Dual MHO Cluster, Dual Site Single MHO Cluster, or Dual Site Dual MHO C... and Maestro Dual Site configuration using a direct connection and via L2 switches 

It depends on your Maestro configuration.

Does your ClusterXL environment working fine? Normally all cluster members should have layer2 connectivity to all connected routers. You wrote member 1 connects only to routerA and member2 only to routerB. If your routers VIP is active on routerA and your active ClusterXL-Node is memberB you don’t have connectivity.

Or are these routers routing switches running something like VPC or any other interswitch link to act like one device?

0 Kudos
Marco32
Contributor

Hi Wolfgang,

I described customer configuration. Yes, actually router_A is connected only to member_1 due to have 20gb of speed and because the have not PVC configuration. If HSRP on router fail over to router_B and this is not due to link down from router to member, we loose connection.

 

This is not a good configuration, so in the evolution we proposed using Maestro, I want to improve this situation.

Which is the better way to connect 2 orchestrator with 2 router that use HSRP (not VPC) using 2 link (10G+10G) from every router?

I proposed the configuration shared before, using 1 bond with 4 eth, 2 for MHO_1 and 2 for MHO_2. Is it correct?

 

M

0 Kudos
Pawel_Topczewsk
Employee
Employee

Why not to put some Switch between MHOs and Routers? I am not sure how two independent Routers in HSRP will cooperate with Security Group building bond interface between each other.
In my honest opinion I would build kind of VPC (or any other similar technology) layer which will interconnect MHOs and 2 independent routers working in HSRP. This will help mitigate possible incompatibilities on Router site.

0 Kudos
Wolfgang
Authority
Authority

You cannot doing a bond with two routers they are not doing something like VPC/PVC. As @Pawel_Topczewsk mentioned you need an additional switch infrastructure. Between MHOs and this switch you can bond 4 interfaces (two from each MHO). Your routers can connect with one bond (both interfaces) on each router to this switch. Put them all in the same VLAN and your' right.

0 Kudos
Marco32
Contributor

Hi there, and thanks for your support.

Sorry, maybe I expleined in a wrong way. The router I told are Cisco Nexus so they are L3 switch, have a HSRP vIP for every VLAN the manage and have a trunk between them.

In production environment we have several VIP configured on HSRP Nexus. Customer don't want to do change on router side.

Is this solution supported: use a turnk of 2 ports from Nexus_1 to MHO_1, and other 2 ports from Nexus_2 to MHO_2, and Nexus implement HSRP to manage vIP of this VLAN? On Security Group, configure a bond with the 4 ports (2 from MHO_1 and 2 from MHO_2) usin LACP mode.

In this scenario, if VIP is active on Nexus_1, the VS1 running on Security Group VSX:

- will use the 4 ports to reach the VIP (2 ports is connected directly to Nexus_1 while 2 other ports will use Nexus_2 on L2, the trunk Nexus_1/Nexus_2 and reach the VIP on Nexus_1

or

-will use onty the 2 ports (one per MHO) that are connected to Nexus_1 so can reach the VIP?

 

Please, help me to solve this doubt

M

 

 

0 Kudos
Wolfgang
Authority
Authority

If you configure a LACP-bond  with 4 interfaces on the MHOs you have to configure a LACP-bond with 4 interfaces on your Nexus-Switches. You need to have to support for a LACP-bond via two switch devices. Normally this will be done with vPC in the NEXUS world or stacking with other switches. Other option will be  Cisco VSS (Virtual Switch System), but we don't know what you're customer is using.

0 Kudos
Marco32
Contributor

Hi Wolfgang, so my solution can't working in that way, it's right?

Without adding device or modifing Nexus with vPC or VSS, what can I do to have a good redundancy from my 2 MHO and my 2 Nexus in HSRP? Which is the best topology I can set?

Actually I have 2 link of 10 GB (total 20GB in LACP) for Nexus/Member of VSX, how to mantain this speed?

0 Kudos
Wolfgang
Authority
Authority

With your new Maestro deployment you have the same problem as with your old ClusterXL solution. There is a need for link redundancy between both routers. This can be achieved with VPC or with an external switch. You wrote you need 2x10Gb for your router to gateway connection. This looks like for me not like a  small or simple solution. 20Gb will be a request for more effort to build a redundant solution. Adding two additional switches with some 10Gb interfaces should be not so much cost and work. On the other hand VPC and HSRP deployment is a normal use case.

0 Kudos
Marco32
Contributor

Hi Wolfgang,

talking with che customer, we think that create a VPC is now possible. In this case, is this solution possible:

Nexus1 -> 10 GB -> MHO1

Nexus2 -> 10 GB -> MHO2

Create a VPC on Nexus1/Nexus2 and use HSRP on them to share the VIP

Create a bond on the SecurityGroup and assign it to the VS. In this case, can I configure the bond in Active/Standby or if I prefer (so I can use the 20GB) configure the LACP?

 

0 Kudos
Wolfgang
Authority
Authority

@Marco32 with VPC both solution are possible (active/standby or LACP).

The nexus administrators should configure a LACP-portchannel with one 10G port port from every Nexus, you'll get 20Gb/s.

set "LACP Rate" => fast and "Transmit Hash Policy" => "Layer 3+4"

If you use "Transmit Hash Policy" => "Layer 2" you're connections with the routers VIP will be always goes only over one physical link. The same configuration will be needed in the NEXUS configuration.

0 Kudos
Marco32
Contributor

Hi Wolfgang,

ok in this scenario I can use the 2 link or if client prefer I can use 4 link in the uploink bond. In this case LACP is the only solution.

with "layer3+4" do the bond distribuite the traffic on the 2 (or 4) link?

0 Kudos
Wolfgang
Authority
Authority

@Marco32 @you can build the LACP-group with 2 or 4 interface.

With „Layer3+4“ hash policy the traffic will be distributed over all links in your LACP-group, but one connections traffic will always flows only over one link.

0 Kudos