Wired Core Configuration
The most critical point of connectivity in a campus LAN, the network core is designed for simplicity and reliability. Relative to the rest of the network, the core provides high-speed, high-bandwidth, Layer 3 connectivity between the various aggregation points across the campus.
The network core also provides services aggregation functions when needed. Deciding where to locate network services, such as gateway devices, depends on the number of access aggregation switches and where user applications are hosted. Refer to the Campus Design Validated Solution Guide for further discussion.
Table of contents
Configure the Core Switch Group
The following procedures describe the creation of a core switch configuration in CLI format. The switch configuration can be created offline in a text editor and copied into MultiEdit, or it can be typed directly in MultiEdit in a UI group of HPE Aruba Networking Central. After pasting a configuration block in the MultiEdit window, right-click a configuration statement value to display a Modify Parameters window, which is used to assign individual device values.
Switches in the group receive saved configuration when synchronized to Central.
The figure below shows the two independent core switches in the HPE Aruba Networking campus design.
Enable MultiEdit for the Group
The base configuration of the switch was previously described in the Switch Group Configuration section of this guide. The following procedure completes the switch configuration using the Central MultiEdit tool, a CLI-based configuration editor built into Central.
Step 1 Go to Central and login using administrator credentials.
Step 2 In the filter dropdown, select a core switch Group name. On the left menu, select Devices.
Step 3 In the upper right of the Switches page, select Config.
Note: When a device group is configured to manage both AOS-S and AOS-CX switches, the single Config button is repalced with two separate buttons named AOS-S and AOS-CX.
Step 4 In the upper left of the Switches page, move the slider right to enable MultiEdit.
Step 5 Select both core switches for editing. In the lower right window, click EDIT CONFIG.
Complete NTP Configuration
CX switches may select an NTP server from the default NTP configuration. To ensure the switches use the NTP servers previously configured, delete the following configuration line from the MultiEdit window:
ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
Configure Global OSPF, PIM-SM, and Loopback Interfaces
In the following procedure, Open Shortest Path First (OSPF) and Protocol Independent Multicast-Sparse Mode (PIM-SM) routing protocols are globally enabled on core routers. Loopback interfaces are created for toubleshooting and multicast purposes.
Step 1 Configure the global OSPF routing instance with area 0 and enable passive-interface default to avoid unwanted OSPF adjacencies. Use a pre-allocated loopback IP address as the router-id. When a chassis has redundant management modules, enable graceful-restart.
router ospf 1
area 0
passive-interface default
router-id 10.0.0.1
graceful-restart restart-interval 30
Step 2 Right-click the router-id value. In the Modify Parameters popup window, set the router-id value for RSVCP-CR1-2 to 10.0.0.2, then click SAVE CHANGES.
Step 3 Configure multicast routing globally.
router pim
enable
Step 4 Create the loopback 0 interface and configure the IP address using the router ID from the first step. Enable OSPF with area 0 and PIM-SM.
interface loopback 0
ip address 10.0.0.1/32
ip pim-sparse enable
ip ospf 1 area 0
Note: Best practice is to configure loopback 0 with the IP address used as the router-id in OSPF and BGP routing protocols. Loopback 0 also is used by the PIM-SM BSR mechanism.
Step 5 Right-click the ip address value. In the Modify Parameters popup window, set the ip address value for RSVCP-CR1-2 to 10.0.0.2, then click SAVE CHANGES.
Step 6 Create a second loopback interface with an anycast IP address that is shared by both core routers. Enable OSPF with area 0 and PIM-SM.
interface loopback 1
ip address 10.0.0.100/32
ip pim-sparse enable
ip ospf 1 area 0
Note: An anycast IP address is the same unicast address configured on muliple Layer 3 switches. An anycast IP is used as the PIM-SM rendezvous point (RP) address to allow both core switches to actively operate as PIM-SM RPs for redundancy and efficient multicast forwarding.
Configure Multicast Routing
In the following procedure, PIM-SM is configured for auto-RP selection using the bootstrap router (BSR) mechanism. Each core is configured as a BSR candidate using its unique loopback 0 IP address. Both swithces are configured to advertise the loopback 1 anycast IP address as the candidate RP, which allows both switches to function as an RP concurrently. MSDP is configured to share multicast group source addresses between the core switches.
Step 1 Configure the RP candidate source IP interface using loopback 1, and the BSR candidate source IP interface using loopback 0. Set the RP-candidate group prefix and the BSR-candidate priority.
router pim
enable
rp-candidate source-ip-interface loopback1 group-prefix 224.0.0.0/4
bsr-candidate source-ip-interface loopback0
bsr-candidate priority 1
Note: The RP candidate group prefix should be adjusted based on the IP design of the local network. The 224.0.0.0/4 prefix assigns all multicast groups to the RP.
Step 2 Right click on the bsr-candidate priority value. In the Modify Parameters popup window, delete the value for RSVCP-CR1-2, then click SAVE CHANGES.
Note: The RSVCP-CR1-2 bsr-candidate priority value automatically changes to N/A after deleting the initial populated value. Disregard the invalid range message.
Step 3 Configure MSDP peering between core switches. The ip msdp peer value is the loopback0 address on the adjacent core switch. The local loopback0 interface is the connect-source.
router msdp
enable
ip msdp peer 10.0.0.2
connect-source loopback0
enable
mesh-group RSVCP
Note: The mesh-group must be specified to exchange multicast group source address (SA) information, even when only two switches are participating in MSDP. An MSDP peer relationship will form without the mesh-group specificiation, but no SA information will be exchanged.
Step 4 Right click on the ip msdp peer value. In the Modify Parameters pop-up menu, set the ip msdp peer value for RSVCP-CR1-2 to 10.0.0.1, then click SAVE CHANGES.
Configure Switch Interfaces
Physical interfaces connected between the core switches and between core and aggregation switches are configured for OSPF and PIM-SM routing. OSPF and PIM-SM adjacencies are established over point-to-point IP links using /31 subnets, and PIM-SM distributes the RP address to aggregation switches.
Step 1 Configure the following on the physical interface connecting core switches to AG1-1.
- Large IP MTU.
- The OSPF process configured above using area 0.0.0.0.
- Disable OSPF passive mode to allow the formation of OSPF adjacencies.
- Set the OSPF network to point-to-point.
- Enable PIM-SM.
interface 1/1/1
description CORE_TO_AG1-1
no shutdown
mtu 9198
ip address 172.18.101.0/31
ip mtu 9198
no ip ospf passive
ip ospf network point-to-point
ip ospf 1 area 0
ip pim-sparse enable
Step 2 Right click on the ip address value. In the Modify Parameters popup window, set the value for RSVCP-CR1-2 to 172.18.101.2/31, then click SAVE CHANGES.
Step 3 Repeat steps 1 and 2 for each routed interface between the core switches and between core and aggregation switches. The following tables provide the values used in this sample deployment.
Example interface addressing for CR1-1:
| Interface | IP Address | Peer Device |
|---|---|---|
| 1/1/12 | 172.18.100.0/31 | CR1-2 |
| 1/2/12 | 172.18.100.2/31 | CR1-2 |
| 1/1/1 | 172.18.101.0/31 | AG1-1 |
| 1/2/1 | 172.18.101.4/31 | AG1-2 |
| 1/1/2 | 172.18.102.0/31 | AG2-1 |
| 1/2/2 | 172.18.102.4/31 | AG2-2 |
| 1/1/3 | 172.18.103.0/31 | AG3-1 |
| 1/2/3 | 172.18.103.4/31 | AG3-2 |
| 1/1/10 | 172.18.110.0/31 | SS1-1 |
| 1/2/10 | 172.18.110.4/31 | SS1-2 |
Example interface addressing for CR1-2:
| Interface | Core 2 IP Address | Peer Device |
|---|---|---|
| 1/1/12 | 172.18.100.1/31 | CR1-1 |
| 1/2/12 | 172.18.100.3/31 | CR1-1 |
| 1/1/1 | 172.18.101.2/31 | AG1-1 |
| 1/2/1 | 172.18.101.6/31 | AG1-2 |
| 1/1/2 | 172.18.102.2/31 | AG2-1 |
| 1/2/2 | 172.18.102.6/31 | AG2-2 |
| 1/1/3 | 172.18.103.2/31 | AG2-1 |
| 1/2/3 | 172.18.103.6/31 | AG2-2 |
| 1/1/10 | 172.18.110.2/31 | SS1-1 |
| 1/2/10 | 172.18.110.6/31 | SS1-2 |
Step 4 At the bottom right of the MultiEdit window, click Save.
Note: Devices in the group automatically synchronize the new configuration. Synchronization status is updated on the Configuration Status page. Process step execution can be observed by clicking Audit Trail on the left menu. Verification of OSPF routing is performed during aggregation switch deployment.
Configure Data Center Connectivity
Many campuses have a locally attached data center. With this arrangement, routing must be established between the two networks so that clients in the campus can access applications in the data center. In the OWL, Corp. campus, OSPF is used to exchange IP prefixes between the campus and data center. PIM-SM shares the campus RP address with data center switches.
Each core router has one physical connection to the active firewall and a second physical connection to the passive firewall using the same VLAN for both connections.
Step 1 Select CR1-1 in the MultiEdit list of switches. In the lower right window, click EDIT CONFIG.
Step 2 Create VLANs and SVIs for peering between the CR1-1 and data center firewalls. Enable OSPF with area 0 and PIM-SM on the SVI.
vlan 3998
name to-RSVDC-FW
interface vlan 3998
description RSVDC-FW
ip address 10.255.12.8/31
ip mtu 9000
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
ip pim-sparse enable
Note: The IP MTU must match between the campus switches and data center firewalls to form an OSPF adjacency. Many firewalls and network devices have a maximum IP MTU of 9000. Verify the maximum IP MTU supported, when connecting to third-party devices.
Step 3 Configure the physical interfaces connected to the data center firewalls.
interface 1/3/19
description to-RSVDC-FW1-1
shutdown
mtu 9198
no routing
vlan access 3998
exit
interface 1/3/20
description to-RSVDC-FW1-2
no shutdown
mtu 9198
no routing
vlan access 3998
Step 4 At the bottom right of the MultiEdit window, click Save.
Step 5 Select CR1-2 in the MultiEdit list of switches. In the lower right window, click EDIT CONFIG.
Step 6 Repeat steps 2 and 3 with for CR1-2. The configuration below shows an example of both steps.
vlan 3999
name to-RSVDC-FW
interface vlan 3999
description RSVDC-FW
ip address 10.255.12.10/31
ip mtu 9000
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
ip pim-sparse enable
interface 1/3/19
description to-RSVDC-FW1-1
shutdown
mtu 9198
no routing
vlan access 3999
exit
interface 1/3/20
description to-RSVDC-FW1-2
no shutdown
mtu 9198
no routing
vlan access 3999
Step 7 At the bottom right of the MultiEdit window, click Save.