Spanning Tree Setup

load-balancing cisco spanning-tree cisco-ace

Solution 1:

Update after you provided a diagram:

You already have a circle there at the bottom half of the diagram. It looks like the ACEs don't bridge, so if you don't have a problem there you shouldn't have a problem connecting the two top ones.

It's a bit hard to talk about the diagram if you don't name the devices, but let's say I name them left to right, top to bottom. You have a circle ACE1-SW3-ACE2-SW4-ACE1..., obviously there's no problem there (right?). I'm guessing you configured the ACEs so they don't bridge any traffic at all, and therefore no loop.

Why not connect ACE1 to SW2 and ACE2 to SW1? Then you have the same setup as the bottom part.

If you have a different VLAN in the top and bottom parts (not the same layer2 segment) then you can't have a spanning tree loop between them.

It would be clearer if you provided (obfuscated if you like, but make sure we can tell network A from B. Such as 10.123.0.0/24 and 10.123.1.0/24) IP networks on the map, and perhaps VLANs (if you use them).

Update after naming the switches:

If the ACE do routing, and therefore are the next-hop for the servers on 10.0.0.0/24 etc.., and don't do bridging (in the ACEs), then connecting the way I said above is safe.

Solution 2:

I think that what you want is to:

  1. Make ACE2 into a failover peer using the "ft peer" CLI commands
  2. Connect ACE2 to the same switch that ACE1 is connected to.

This gives you box redundancy (the ACE's pass heartbeat information between them) and switch redundancy (the downstream Catalysts are cross-connected). You aren't, of course, protected from a co-lo switch failure.

Are you sure you want to go BGP? Who's providing the ASN? Is your downstream network fully portable? You need to make sure that you've got a network architect who can explain the pros and cons to you.

If you don't do BGP, and your Catalysts are capable of layer-3 switching, then you might want to:

  1. Use VLANs to carve the Catalysts into virtual switches: inside and outside
  2. Use a floating static route or route policy to send packets to the desired ISP.

There's a few ways to solve this. You would be well-served by a few hours in front of a whiteboard.

Related

How to disable Tcp/Ip settings in windows 7 via GPO?
Send Nagios data to central monitoring server
Sharepoint replacement
apache2: Get a list of registered handlers
bandwidth shaping, the best approach
Windows 7 UAC requests escalated to sysadmins?
RDP Client address is unknown when connecting through a gateway
Cannot connect to local network shares when connected to VPN. Error: "the user name could not be found"
Can I "merge" two groups using SID history?
Why am I getting unauthorized errors with Powershell get-winevent?
Postfix emails detected as spam with gmail [duplicate]
Is this Kerberos/AD setup possible?