9

I deal with many clients in warehousing and industrial applications who have IT staff or local consultants. Many of these sites are still using a 10/100 Megabit switching backbone... I've managed to get some clients to invest in networking as a part of larger, more visible initiatives; e.g. security, warehouse management or VoIP (thanks to PoE).

My question is really about how to arrange a group of 3+ standalone switches in a server room/closet. Assume these switches are of the web-managed Layer-2 full-gigabit category (HP ProCurve 1800-24G) and have no dedicated stacking interfaces. Assume a normal range of servers and one uplink to a Cisco ASA firewall for internet connectivity. Often times, I see switches like this simply daisy-chained.

enter image description here

The reality of small-business IT... :( enter image description here

With only two switches, I'd set an LACP bond between units. Spanning tree, if supported. But what about three or more units?

In my own environments, I've had the luxury of using higher-quality stackable gear or just leveraging full chassis switches (Cisco 4507, HP 5400zl) because of the need for PoE or more complicated routing. But what the correct process for the situation described above?

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • The *right* answer is to buy proper switches. Given in the past, I've bought a 10/100 Cisco 4000 series chassis switch for less than 200 bucks (equivalent).. – Tom O'Connor Jan 06 '14 at 13:25
  • I love a good chassis switch, but just to play devil's advocate: Those cheap Cisco 4000-series chassis switches are power sucking beasts and portable heaters, though. Its also very difficult to make the cabling clean with a chassis switch like you can w/ staggered patch panels, 1U switches, and Neatpatch (http://www.neatpatch.com/) cable management shelves. – Evan Anderson Jan 06 '14 at 20:54
  • 1
    @EvanAnderson [***Say WHAT?!?!***](http://i.stack.imgur.com/2Pj9A.jpg) (another room at the same facility) – ewwhite Jan 06 '14 at 21:03
  • @ewwhite - Oh, I'm not saying that a chassis can't be made to look good (and that one certainly does), but I've been totally won-over by Neatpatch. I don't have any pictures of stuff I've done handy, but a quick Google image search on "Neatpatch" will show you some very, very pretty pictures. (I shudder to think about what the cabling might look like on a Cisco Cat6513 loaded up with 48-port 10/100/1000 blades...) – Evan Anderson Jan 06 '14 at 21:11
  • @EvanAnderson I got that, too... Don't make me dig into my photo archive. Answer the question, though!! – ewwhite Jan 06 '14 at 21:17
  • @ewwhite - I just realized that's a Chase IOLAN Rack in there. I feel like I've been in that closet. Tell me the SMDR port on an old key phone system is plugged into that puppy... >smile< I've spent hours in "that" closet. – Evan Anderson Jan 06 '14 at 22:04

1 Answers1

15

You're limited to daisy-chain if you don't have spanning tree, as redundant links without spanning tree will cause a loop. LACP doesn't really do anything here, in your case it would only used for switch-to-switch redundancy and throughput increase.

Mind that there is no point of using LACP unless switches in both ends understands the LACP protocol.

My suggestion is to get managed L2+ switches that supports basic features like STP. Since you're mentioning HP - we're having great success with the HP 2520 switches for edge PoE deployments. Dirt cheap and reliable. I'd probably get a bigger model for a SMB server closet.

pauska
  • 19,532
  • 4
  • 55
  • 75
  • The switches in use may sometimes support STP. The ProCurve 1800-24G does now. I'm trying to step some sites up to better equipment where I can. But until now, I've leaned on just deploying chassis switches to not having to think about managing multiple non-stackable standalones. What is the cabling approach for 3+ non-stackables that *DO* support spanning-tree? – ewwhite Jan 06 '14 at 13:38
  • @ewwhite depends on how redundant you want it. You could connect every switch to every other switch and use STP priorities to decide what links stay up and what links are backup. – pauska Jan 06 '14 at 13:39
  • So you suggest a full-mesh? – ewwhite Jan 06 '14 at 13:49
  • 4
    Depends on how many switches and the traffic flow really. If we're talking about 3 switches i'd probably connect Switch A -> B, B -> C and C -> A (backup link), and configure STP to block the link between C and A. – pauska Jan 06 '14 at 13:52
  • Which is both - a ring *and* a full mesh in a 3-node configuration. Typically, a ring configuration is sufficient if you have a "simple case" where you do not have to bother about congestion on inter-switch links as it would provide the necessary fault-tolerance in a rather simple setup. – the-wabbit Jan 06 '14 at 14:21
  • 1
    +1 - I don't have enough to add to actually contribute an answer. Obviously, the tradeoff here is redundancy (and throughput bringing LAGs into) versus "wasting" ports. More often than not I've got one or more devices that have a single network interface, making one of the switches a SPoF anyway, so I just end up with a "star" around the SPoF switch. When I do actually want redundancy with 3 switches, though, I'll generally do a ring w/ 2 ports LAG'd between the switches, using 4 ports on each switch, just like pauska says. When I get to 4 or more switches I'll do a dual-star. – Evan Anderson Jan 06 '14 at 22:00
  • @EvanAnderson All relies on spanning-tree, though. – ewwhite Jan 06 '14 at 22:13
  • @ewwhite - Oh, definitely. No STP = no loops = no redundancy. If I was stuck in a world where I couldn't spend a few hundred dollars to get switches that supported STP I could see buying a couple Ubiquiti Edgerouter Lite boxes (little $100 / ea Linux boxes w/ a customized Vyatta distro and 3x 10/100/1000 Ethernet-- actually very handy little things) and running them as bridges w/ STP to connect the switches together. It would be an ugly hack, but it would certainly work. In the example you describe the ASA ends up being a SPoF anyway, so having a looped topology probably gets you nothing. – Evan Anderson Jan 06 '14 at 22:22
  • Except for continued internal operation. These are warehousing environments. ASA 5505 failure is infrequent... – ewwhite Jan 06 '14 at 22:33
  • @EvanAnderson The ASA 5505 does not support standby interfaces, but it does support failover to a secondary ASA with the Security Plus license. – pauska Jan 07 '14 at 08:55
  • @pauska - I'm aware, but I suspect the size of Customer ewwhite is talking about probably doesn't buy redundant ASA5505's or even Security Plus licenses. (I know my small shops don't... heck, getting them to spring for an ASA is a feat in itself. "What do you mean you don't recommend using our ASUS wifi router as our enterprise firewall?") – Evan Anderson Jan 07 '14 at 08:57
  • @EvanAnderson SMB in a nutshell :) Nobody realizes how much it costs if they are without their firewall for a few days. – pauska Jan 07 '14 at 09:01
  • @pauska - I end up being a nice guy and bringing some kit from home and getting them back up. I feel guilty about doing it, later, but it still ends up being billable labor. >smile – Evan Anderson Jan 07 '14 at 09:02
  • Meh, I have spare ASA's in most of my clients' general regions. I've only had one ASA fail in 7 years, so from a value perspective, the customers don't see it as necessary. I don't push it. – ewwhite Jan 10 '14 at 07:30