Hello,
I'm looking to verify and/or get feedback on a proposed network design for a hub site that I have at which we use 2 MX-105 in an HA setup (warm spare config), 2 MS-250-24P (each on a different VLAN), and a single MS355-X2 (also on a separate VLAN, for internal 10 Gb clients).
The current design uses CAT5E connections between the switches and each switch uses a management IP from its own VLAN. This was done initially to simplify the design and avoid spanning tree issues/loops. I'd like to optimize the current design in order to:
I've attached the proposed design and would like to know if it would work as configured. The config would be as follows:
Would the design function properly from a spanning tree standpoint or would it introduce issues/loops/other problems? I haven't dealt with STP in a while so I wanted to make sure I wasn't missing any glaring issues.
Thanks!
LACP & Link Aggregation
The MX does not run LACP or any link aggregation protocols. Connecting aggregated ports to the LAN of the MX is not supported; all connected ports should be un-aggregated. If multiple ports are connected to the MX from a single switch for redundancy, it is highly recommended that you run STP on that switch, to ensure that one of the redundant ports is safely put into a blocking state.
I don't plan on using link aggregation as each device will be connected with a single link.
It's just advice.
Much appreciated 🙂 Just wanted to clarify that it wasn't being used is all.
Also check it https://documentation.meraki.com/%E6%97%A5%E6%9C%AC%E8%AA%9E/Architectures_and_Best_Practices/Cisco_...
With two devices in HA and two ISPs you likely also need an external switch (or two for redundancy) to connect the MXes to the ISPs.
I'm using a virtual IP config on the MX's and haven't had issues with regards to ISP connectivity when an internet link fails. Basically using the following recommended setup (minus the switch to switch link as shown below).
Would adding an upstream switch improve the setup?
If your ISP routers provide two ports, this is fine.
Yup each MX is connected to a different ISP port on each modem.
But this topology is similar to an LACP, your MXs have a LAN connection on each switch. In this case, you have to enable the spanning tree as I recommended before.
Can you not stack the two MS250s, are they too far apart?
They're definitely close enough in the rack to connect with a stacking cable. Would that add more redundancy to the design if the VLANs are kept the same or would I have to reconfigure them?
It does add more availability and performance to the design, but it does mean that when you apply a firmware change, both have to be done at the same time, so that might be a concern if you are a 24/7 operation.
I have revised the design and configuration based on the recommendations in this thread. It now looks like this:
There's no LACP from the MS250 switch stack to the MX-105 HA pair because the MX doesn't support that according to @alemabrahao and the subsequent Meraki documentation. Are there any other caveats or design considerations to take into account that anyone would recommend based on the latest diagram above?
That looks good to me, you might want to lose the connections to P10 on the MX105 pair, but they might be fine 😎
Do you think those redundant connections could cause STP issues?
Technically, the STP must block one of the paths and it shouldn't be a problem. Today I have cases where I use the STP to decide and it didn't cause any problems.
We have had STP not block properly with MX + MS though it works fine with Catalyst switches. I haven't re-tried this config with MS15.x stacks yet.