Colapsed Core and Distribution Designs

Unanswered Question
Apr 3rd, 2008

Greetings, im looking to go through my CCNP soon and im putting together some theoretical designs to help in my study.


At present im looking at switch topology designs and uplinks between switches specifically core and distribution.


Reading the Cisco material i understand that links between core and distribution aswell as core to core links should be layer 3 combined with routing protocols as per the visio diagram, could someone let me know if this design would be feasible.


I have configured Routed Physical Layer 3 P2P Interfaces on each switch and defined SVI's for each Vlan on the distribution switches. Both networks are then advertised using EIGRP.


One thing i was struggling with was should i have the same Vlans on different distribution switches would Layer 2 trunks be required between distribution switches or can this be handled at Layer 3?


Regards



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Edison Ortiz Thu, 04/03/2008 - 05:06

One thing i was struggling with was should i have the same Vlans on different distribution switches would Layer 2 trunks be required between distribution switches or can this be handled at Layer 3?


You can have the same Vlan "number" as the number is arbitrary, however - you can't have the same subnet in different switches.


If you've elected to have the same subnet on different switches, you can Layer3 those switches up to the "Core" and Layer2 between those switches so they can share the same Vlan.


HTH,


__


Edison.

Jon Marshall Thu, 04/03/2008 - 05:12

In addition to Edison's comments. I'm not sure how your EIGRP routing is working. You can't advertise 192.168.0.0/24 - is this meant to 192.168.0.0/16 from all the distribution switches as the core will not know which distribution switch to send traffic to for each vlan.


Have i misunderstood your layout.


Jon

exonetinf1nity Thu, 04/03/2008 - 05:24

You are indeed correct, grammatical error on my part.


One of the things im trying to nail i whether routing can be achieved simply using Routed Interfaces or a combination of Routed Interfaces and SVI's.


I have seen some examples where one switch is configured with a routed interface say 172.16.1.1 /30 and the second switch configured with an SVI defined as Vlan 901 and an ip of 172.16.1.2 /30.


Regards

Jon Marshall Thu, 04/03/2008 - 05:38

You can achieve routing by using purely L3 routed interfaces. One thing you don't make clear is how your access-layer is connecting to the distribution. Presumably L3 dual connections ?


Jon

exonetinf1nity Thu, 04/03/2008 - 05:59

I had envisioned that in this design there would not be an access layer. Which does indeed lead me onto my next step of adding the access layer.


Could i ask that should an access layer be added too this design how would layer 3 connectivity be achieved between a layer 2 switch and the layer 3 distribution layer, i would have assumed that the connection be a layer 2 switch as svi's and routed ports cant be defined on a layer 2 device?


Regards

Edison Ortiz Thu, 04/03/2008 - 06:30

I had envisioned that in this design there would not be an access layer.


A network without users, printers, servers ? :)

Oh, the beauty ...



Could i ask that should an access layer be added too this design how would layer 3 connectivity be achieved between a layer 2 switch and the layer 3 distribution layer, i would have assumed that the connection be a layer 2 switch as svi's and routed ports cant be defined on a layer 2 device?


If you are planning to deploy Layer2 switches at the access layer, you can trunk the Vlans up to the distribution switches. You can also deploy Layer3 switches at the access layer and implement a 'routed' design but this can become an administrative nightmare in terms of creating Vlans on each switch, IP management, routing, etc...


I recommend using the KISS principle and terminate the 'routed' switch design up to the distribution switches.


__


Edison.


Jon Marshall Thu, 04/03/2008 - 06:31

If you are using L2 switches then you have a slight issue as you have different vlans on your distributions switches.


So you cannot dual connect your L2 switches with L2 trunks to a pair of distribution switches as the distribution switches don't have common vlans.


So either


1) connect L2 to just one distro switch - not very resilient

2) Use L3 switches at access-layer, migrate vlans to access-layer, use EIGRP stub in access-layer and connecting with dual paths to pair of distro switches.

3) Connect each pair of distro switches together with L2 trunk and then have common vlans on the pair of distro switches and connect an access-layer switch with L2 trunks to both distro's.


Bear in mind that the 3560/3750 base image will do EIGRP stub routing so it isn't necessarily that expensive to have L3 in access but it does depend on how many access ports you need to provide.


Hope this makes sense


Jon

exonetinf1nity Thu, 04/03/2008 - 06:37

Thank you for your help guys, it's starting to make sense now.


Unfortunately im more at ease taking a practical approach to this in a lab but i dont have access to enough L3 switches to test this out at present.


Your time is much appreciated.

exonetinf1nity Thu, 04/03/2008 - 07:19

Strange you should ask that as ive just thought of something else.


Say i went with option 2


"2) Use L3 switches at access-layer, migrate vlans to access-layer, use EIGRP stub in access-layer and connecting with dual paths to pair of distro switches."


Following the revised diagram below would it be possible to place vlans with the same subnet on different access switches and allow traffic between or would it be considered best practise to confine vlans and subnets to single access switches?


Regards



Jon Marshall Thu, 04/03/2008 - 09:24

Firstly, you cannot advertise 192.168.0.0/16 from all your L3 access-layer switches as how will the distro layer know where a particular 192.168.x.x subnet lives. What you could do is allocate 4 /24 vlans per access-layer switch ie.


192.168.0.0 -> 192.168.3.0

192.168.4.0 -> 192.168.7.0


These ranges are summarisable from the access-layer ie.


192.168.0.0/22

192.168.4.0/22


etc.


To answer your question, you could place vlans on differnet access-layer switches and join via a pair of access switches with a L2 trunk. This would still confine STP to the access-layer but i'm not sure what you would get from this.


In the access-layer there are traditionally clients and maybe printers, both of which are usually singly connected. So you wouldn't get any more resilience by using a pair of switches. If you had teamed servers with connections to a pair of access-layer switches it may be worth it but then you shouldn't have servers on those access-layer switches.


If you are deploying the routed access-layer for clients/printers it makes sense to confine vlans/subnets to single access-layer switches.


Edison's point about KISS is well made and there are good arguments for and against a routed access-layer. We use both where i work and they both work well.


One last point - if you are planning to deploy wireless in the access-layer you need to be careful with roaming between floors as one way to do this is to extend the same vlan across access-layer switches. LWAPP can allow you roam with L3 in access layer.


Jon

Actions

This Discussion