MX Warm Spare HA with multiple L3 distribution switch stack.

Solved
Prithiviraj
Here to help

MX Warm Spare HA with multiple L3 distribution switch stack.

Hi, 

I am planning to design a network with multiple distribution stack with different subnet downstream, however all my distribution are L3 switch to do inter-vlan routing. So I plan to use only a transit vlan between MS to MX for routing. MX will have static routing downstream. Would like to get expert's advice if below setup and connectivity will work , as I did not see any document with similar topology to validate. I have 3 distribution segment in different buildings as in below picture. 

 

Question1 : Should I use a single transit vlan between all the distribution switch stack to MX or can I have separate transit vlan between each distribution segment to MX?

 

Question2: For the 4-switch stack in main building, I use switch 1&3 uplink to MX1, switch 2&4 uplink to MX2 for HA. Is this connection valid? Because, Meraki document says each MS should connect to both MX, however all document use only 2 switch in switch stack, they havent provide detail on what if the stack is of bigger size. 

 

Meraki MX to MS connection.jpg

Thanks,

Raj

1 Accepted Solution
PhilipDAth
Kind of a big deal
Kind of a big deal

That is much better.  Except I would only connect each MX250 to the transit switch stack with a single connection, not a pair of connections.  Otherwise you introduce a layer 2 loop again.

View solution in original post

6 Replies 6
GIdenJoe
Kind of a big deal
Kind of a big deal

That does not appear to be a best practices campus design model you are using.
If you are truly using a CORE stack and distribution stacks then those distribution stacks would connect to the CORE and not to the MX'es.

 

For a distribution or core block it only makes sense to use more than 2 switches if you are out of ports but then you would need all your stackmembers to be in close proximity to each other for the stacking cables unless you are using MR425 models which do flexible stacking.

 

It's also non-sensical to connect MX appliances directly to distri/core switches because those are some expensive ports.  You normally connect those to an access layer stack in your Internet/WAN edge.  Only if you are in a small company and use access switches as distribution like MS250 then you could collapse both functions in that one stack.

If however you would continue with your design as is shown in your post:
Question 1: You could use a single subnet or separate subnets.  The thing is that MX'es won't fully participate in OSPF so you would need static routing everywhere to reach all the subnets behind each distribution stack.

 

Question 2: The ports will behave spanning-tree wise as belonging to the same 'switch' so you will have 2 links in blocking state.  But this could differ at every boot of the stack since the switch numbering will not always be consistent.  It is however important to split each mx over at least 2 switches so that downlink survives a single switch outage.

PhilipDAth
Kind of a big deal
Kind of a big deal

I'm with @GIdenJoe .  There are a lot of layer 2 loops in that design.  You should have the distribution switches plugged into the core switches.

If geography does not permit this, then you may need to co-locate a pair of switches with the MXs and make them the core switches, and have a separate server switch block (if that is the reason why the "core" switches can not be near the MXs).

 

I would follow the campus design guide:

https://meraki.cisco.com/lib/pdf/meraki_campus_deployment_guide.pdf 

Prithiviraj
Here to help

Hi @GIdenJoe  @PhilipDAth , 

 

Thanks for your inputs, I followed the Layer-3 recommended topology using below link.

https://documentation.meraki.com/Architectures_and_Best_Practices/MX_and_MS_Basic_Recommended_Layer_...

 

Below are the models that will be used as core and access switch. 

Core: MS425-32-HW (Main building)

Access Switch: MS350 models

There are some 50+ MS350 as access switch downstream to core stack.

 

Building 1: MS410-16-HW (transit switch for different subnets)

Building 2: MS425-16-HW (transit switch for different subnets)

 

The distribution stack in my design are transit switches for other networks, they do not use same subnet used under core switch. I also took reference from below community link for my design, except for direct link between two MX lan ports.

https://community.meraki.com/t5/Security-SD-WAN/Meraki-Network-Campus-Design/m-p/48897#M12324

 

Based on MX and MS Basic Recommended Layer 3 Topology, I plan to use a transit vlan between core to MX and other distribution to MX configuring as access ports. Configure STP on the switch side to avoid loops. 

 

If I use a different transit vlan for each segment, they will have their own broadcast domain and blocking ports between core and distribution to MX.

 

Please advice based on these comments. 

 

Thanks,

 
Prithiviraj
Here to help

Spoiler
 

Hi,

Based on the suggestions, I made some corrections to the design. Can help to confirm,if this is good? 

 

 

Prithiviraj_0-1597630935635.png

Thanks, 

PhilipDAth
Kind of a big deal
Kind of a big deal

That is much better.  Except I would only connect each MX250 to the transit switch stack with a single connection, not a pair of connections.  Otherwise you introduce a layer 2 loop again.

Prithiviraj
Here to help

Thank you, @PhilipDAth . Appreciate the clarification. 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels