Network Management

We have 28  HP 5412 ZL2 switches configured with Routing.  1 is the Core router which connects the to the other 27 rourters via individual 10GB dark fiber lines.  Each Router is its own spanning root for its site. Each site router has multiple layer 2 switches behind it.  The Core router is also connected to our ISP and has another connection to our SAN and Servers.  So all DHCP, DNS, Internet, etc come through the core router.

Currently each 5412 has is on the same VLAN.  For example:

The core router has the following vlan config for the 28 routers. 

Vlan 100
name: remote sites uplink
ip address 10.100.1.1  255.255.0.0
tagged A1-A8, B1-B8, C1-C8, D1-D8, E1-4

and the remote site routers have the following VLAN configs

Site 2
-------
Vlan 100
name: remote site uplinks
ip address 10.100.2.1 255.255.0.0
tagged A1

Site 3
-------
Vlan 100
name: remote site uplinks
ip address 10.100.3.1 255.255.0.0
tagged A1

 

Site 4
-------
Vlan 100
name: remote site uplinks
ip address 10.100.4.1 255.255.0.0
tagged A1

All remote sites have default route back to core.    0.0.0.0/ 0.0.0.0 - 10.100.1.1

My question is can this be problematic by having 28 routers on a single broadcast domain?

Would it be better or worse if I used something like such between the sites:

Core Router
--------------
Vlan 102
name: uplink remote site 2
ip address 10.100.2.1 255.255.255.252
untagged A1

Vlan 103
name: uplink remote site 3
ip address 10.100.3.1 255.255.255.252
untagged A2

Vlan 104
name: uplink remote site 4
ip address 10.100.4.1 255.255.255.252
untagged A3

 

Remote Site 2 Router
-------------------------
Vlan 102
name: uplink to Core Router
ip address 10.100.2.2 255.255.255.252
untagged A1

0.0.0.0 / 10.100.2.1 

 

Remote Site 3 Router
-------------------------
Vlan 103
name: Uplink to Core Router
ip address 10.100.3.2 255.255.255.252
untagged A1

0.0.0.0 / 10.100.3.1 

 

Remote Site 4 Router
-------------------------
Vlan 104
name: uplink to Core Router
ip address 10.100.4.2 255.255.255.252
untagged A1

0.0.0.0 / 10.100.4.1 

------------------------------
Aaron Piazza
------------------------------

Hi Aaron, your 1st Scenario (VLAN 100 distributed to all your twenty eight peer switches), strictly speaking, doesn't require the "Default Route" to be setup on each peer switch...that's because once you assign a IP (belonging to VLAN Id 100 of 10.100.0.0/16 network segment) on each peer switch (10.100.2.1, 10.100.3.1, 10.100.4.1 and so on) you just need to correctly set the Default Gateway parameter pointing to 10.100.1.1 Core Switch. Each Peer Switch shouldn't have IP Routing enabled (you're transporting and distributing the VLAN 100).

Personally I prefer the second approach (2nd Scenario) where each Peer Switch is the root of its Spanning Tree topology and the connectivity between a Peer Switch and the Core happens through routing (you defined various Transit VLANs each one within a 10.100.x.0/30 segment, two hosts: 10.100.x.1 on the Core side and 10.100.x.2 on the Peer side) and you just need to instruct your Core and your Peer Switches with specific static routing and, on the Peer Switches side, with a Default Route using that Transit VLAN. Static Routing is needed to reach what's behind the Core and, for the Core, to reach what's behind the specific Peer Switch. Also this way you can keep the STP Topologies separated by means of bpdu-filter on peers' ports used for interlinks (say Core port A1 and Remote Site port A1 both Transit VLAN members).

------------------------------
Davide Poletto
------------------------------

Original Message:
Sent: Mar 03, 2022 08:09 AM
From: Aaron Piazza
Subject: Network Design Best Practices

We have 28  HP 5412 ZL2 switches configured with Routing.  1 is the Core router which connects the to the other 27 rourters via individual 10GB dark fiber lines.  Each Router is its own spanning root for its site. Each site router has multiple layer 2 switches behind it.  The Core router is also connected to our ISP and has another connection to our SAN and Servers.  So all DHCP, DNS, Internet, etc come through the core router.

Currently each 5412 has is on the same VLAN.  For example:

The core router has the following vlan config for the 28 routers. 

Vlan 100
name: remote sites uplink
ip address 10.100.1.1  255.255.0.0
tagged A1-A8, B1-B8, C1-C8, D1-D8, E1-4

and the remote site routers have the following VLAN configs

Site 2
-------
Vlan 100
name: remote site uplinks
ip address 10.100.2.1 255.255.0.0
tagged A1

Site 3
-------
Vlan 100
name: remote site uplinks
ip address 10.100.3.1 255.255.0.0
tagged A1

 

Site 4
-------
Vlan 100
name: remote site uplinks
ip address 10.100.4.1 255.255.0.0
tagged A1

All remote sites have default route back to core.    0.0.0.0/ 0.0.0.0 - 10.100.1.1

My question is can this be problematic by having 28 routers on a single broadcast domain?

Would it be better or worse if I used something like such between the sites:

Core Router
--------------
Vlan 102
name: uplink remote site 2
ip address 10.100.2.1 255.255.255.252
untagged A1

Vlan 103
name: uplink remote site 3
ip address 10.100.3.1 255.255.255.252
untagged A2

Vlan 104
name: uplink remote site 4
ip address 10.100.4.1 255.255.255.252
untagged A3

 

Remote Site 2 Router
-------------------------
Vlan 102
name: uplink to Core Router
ip address 10.100.2.2 255.255.255.252
untagged A1

0.0.0.0 / 10.100.2.1 

 

Remote Site 3 Router
-------------------------
Vlan 103
name: Uplink to Core Router
ip address 10.100.3.2 255.255.255.252
untagged A1

0.0.0.0 / 10.100.3.1 

 

Remote Site 4 Router
-------------------------
Vlan 104
name: uplink to Core Router
ip address 10.100.4.2 255.255.255.252
untagged A1

0.0.0.0 / 10.100.4.1 

------------------------------
Aaron Piazza
------------------------------