Any of you guys know the best way to span vlans over wan links?

Here’s what I’ve got. We have two networks connected via a 15-meg MPLS circuit. The switches on either side are 3560G’s. The VMware guys want to have some of the vlans on either side of the link to be accessible from the other side. In other words they want to be able to place ports in site B in a vlan that currently only resides in site A. That way if the VMware servers from site A have to come up in site B they won’t have to readdress everything.

Is this something that I can do with tunnel groups, using HSRP groups so that either switch can route traffic to that vlan? Any good documentation on how to do this?

Thanks,

Ben

The only thing that comes to mind is bridging or L2TPv3 psuedo-wire. Since this is a switch to switch connection dont think its going to be possible.

Q in Q tunneling would work though.

QinQ will only work if the WAN provides the passing of ethernet frames. I'm assuming that isn't the case here. Getting a VPLS service with l2pt support would be your best bet. That would give you the "cloud as an ethernet switch" set up you need.

I opened a TAC case with Cisco about this today. I'm not sure the guy I worked with really had any experience doing it, but he seemed to agree with me that I could do it using GRE tunnels and expanding my HSRP groups for each vlan.

I'll do some testing tomorrow and let you know how I make out. I've done things like this in the past where I had to bridge flat networks across wan links, but that was always just done on the router. I've never done it with layer 3 switches like this.

Ben

I don't think that guy knows what he is talking about. How is GRE and HSRP going to allow VLANs to span the WAN? You can create the same VLAN on both sides and have overlapping addresses, but thats not the same thing as VLANs spanning across.

I think you could probably do it with GRE tunnels and AToM, but I can't quite wrap my head around it without labbing.

I think you are right Vito, just without the GRE tunnel part. AToM can do this:
http://blog.ine.com/tag/xconnect/

Haven't read into it much but I believe there are some problems with STP and Mac address learning.

No, you're talking about the provider side, which you could obviously use AToM for.

I'm saying you could run AToM across GRE tunnels on gear he owns. Maybe with bridged ints too or something. I can't get my head around it, but if I get some time I'll try to lab a solution.

There is something called EoIP (Ethernet over IP) that can let you do this. I don't think it has a lot of support though...

I thought I saw something else that can do this very recently... Didn't PacketPushers talk about it?

EoMPLSoGRE, I was reading about that today. I'm pretty sure 3560s don't support full MPLS though, just VRF-Lite. You'll need a Metro series switch or a router IIRC.