Saturday, March 15, 2008

Data Center Rebuild

Today we redesigned the core of our datacenter. Some of the configuration tasks included:
  • HSRP with object tracking
  • dot1q trunking to a router
  • transparent firewall BPDU passthrough
  • BGP advertise-map configuration
One of the primary benefits of this configuration was it allowed us to add some functionality to the network, while replacing a number of layer 3 switches with layer 2 ones. This allows us to use less expensive resources and redeploy the freed up devices to more suitable locations. It also simplifies the network, which is generally a good thing.

Just from my experience with the CCIE lab, I changed my normal plan of attack here. In the past I was more one who prefered to gut everything and replace it all at once. Now, I tend to follow lab strategy and do one piece at a time, verifying as I go.

As with the lab experience, things go much slower this way, but it gets done right. When something doesn't come up I know exactly where to look for the issue instead of having to troubleshoot everything.

As expected, there were a few bugs to work out, but just about everything ended up as designed. The great work up front and during the implementation by the whole team really paid off.

Some of the learning experiences were
  • A firewall in transparent mode can pass layer 2 information, but not CDP. A ethertype access list is required to allow BPDUs to pass. This was necessary so that a backup link can be used while letting rstp block the link. If this didn't work, another option would have been the "switchport backup" option for the 2560/3560 series switches, which functions a bit like a layer 2 version of the backup interface router configuration command.
  • It always helps when default gateways are set correctly
  • When using Hyperterminal to paste commands, make sure to set the character delay to prevent buffer overflows
  • Duplicate IP addresses are very bad things
Most of these were minor and corrected quickly.

No comments: