Network Design Question

Unanswered Question
May 28th, 2009

Hi I am redesigning a network for the please can someone clarify the following questions;

At the DC I have a:

2 x Distribution switches 4506-10G

2 x Core switches 6500 10G

2 x DMZ switches 4503

The Dis switch is where I connect the external connection to the Client site. Do I also configure all the Virtual vlan interfaces on the Dis switches with the routes to different networks? Or do I configure the vlans interfaces on the Core where all the blades are connected with the 10G uplinks


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Giuseppe Larosa Thu, 05/28/2009 - 05:17

Hello Levent,

if the 10GE links are routed links you can terminate the server vlans on the core switches.

This is recommended to limit broadcast traffic otherwise broadcast traffic has to travel on the 10GE links.

confining broadcast traffic is one of the key factor for scalability.

Modern campus design uses a L3 core, old design used a L2 only core but with modern multilayer switches a L3 core is a better choice.

Deploy an appropriate routing protocol like EIGRP or OSPF for fast convergence between distribution devices and core switches.


I don't understand how you use the DMZ: it looks connected to Dis block and to core block but if it is so it is in parallel with the 10 GE links between Dis and core.

In security designs a DMZ is usually the third leg of a Firewall that can be accessed from outside world.

Hope to help


network_team Thu, 05/28/2009 - 05:29


we have a L2 network. So my understanding is to have all the external client links connected to the DIS and create all the virtual vlans on the core. The DMZ is where we plu in the firewall interfaces segrated vlans but not the external web

Collin Clark Thu, 05/28/2009 - 05:20

I would create user VLANs on the 4503s, Server VLANs on the 6503s, and layer 3 links between all switches. Essentially the 4506s become your 'core'.

Hope that helps.

lamav Thu, 05/28/2009 - 18:03

Given this less-than-optimal topology, I sort of agree with Collin.

The 6504s are effectively acting as server farm distribution layer switches, the server blades being the access layer.

The 4506s are acting as aggregation switches for the different users/clients (by the way, makes me wonder why the clients arent firewalled, but I guess that is another discussion) who access the data center via L2 links. So, the L3 boundary should be the 4506s. This is where the user and client L3 SVI interfaces should be created and inter-vlan routing occuring.

So, as for the core, I would either get two more switches and have redundant L3 links between them and the server farm and user/client modules, with OSPF or EIGRP, leveraging ECMPs. Or, use redunandt L3 uplinks bteween the user aggregation and server farm switches and have the server farm switches act as a collapsed core.




This Discussion