Solved: L2 and L3 Access-Distribution limitation design

alexandre34 · ‎08-20-2012

Hello,

I'm studying CCDP Arch module. For the followings topologies, they explain that :

A limitation of those solutions is that it is optimal for networks where each access layer VLAN can be constrained to a single access switch.

Stretching VLANs across multiple access switches is not recommended in this design.

Could someone explain this limitation ?

Thanks,

Alex.

Leo Laohoo · ‎08-20-2012

I presume the CCDP book you have does not talk about VSS or vPC.

The picture on the left is not recommendable because STP can be a nightmare. Ok, so you can "configure" STP to behave. But personally? I wouldn't recommend it because you need to regularly determine that STP is indeed behaving.

The right picture is understandable because a network administrator can configure weights on the routing to protocol so the switch can determine which link will ALWAYS be used.

Throw VSS and vPC into the mix and you can throw your book away.

View solution in original post

andrew.butterworth · ‎08-21-2012

I think what they are trying to say is that if you take the 1st image and then split the layer-2 access switch into several access switches this affects the behaviour of the topology. Introducing additional access-layer switches switches means the STP topology is more complex (I admit probably not much). It also introduces unicast flooding which you would have had already but you would never have noticed it as the only device performing the flooding would have been one of the distribution switches (typically the HSRP standby switch) and the flooding would have only occured on the downlink. If a second layer-2 switch was in the mix you would have seen flooding here (this isn't an issue if you are using stacked access layer switches such as 3750 or 2960S).

I suggest you search for unicast flooding to understand this as it can be a big issue in networks with VLANs stretched between access layer switches.

However, after just writing all that I now think what the notes are saying is that with the routed access-layer design you cannot have common VLANs between access-layer switches as your uplinks are no longer VLAN trunk ports carrying multiple VLANs but are now routed ports (/30 or /31) and using a routing protocol. In reality you can still stretch VLANs between your access-layer switches by making the uplinks trunks and having your P2P routed VLAN and then a common VLAN you want to stretch. This is something you SHOULD NOT DO though as it destroys what you have achieved by deploying a routed access layer design - you may as well have kept the L2 access layer design.

In my experience there is just no need to stretch VLANs between access switches unless you are talking Server clustering or Virtualisation. User access layers should be routed in my opinion - its IP (v4 or v6) its just as easy to route and much more manageable.

Andy

View solution in original post

Leo Laohoo · ‎08-20-2012

I presume the CCDP book you have does not talk about VSS or vPC.

The picture on the left is not recommendable because STP can be a nightmare. Ok, so you can "configure" STP to behave. But personally? I wouldn't recommend it because you need to regularly determine that STP is indeed behaving.

The right picture is understandable because a network administrator can configure weights on the routing to protocol so the switch can determine which link will ALWAYS be used.

Throw VSS and vPC into the mix and you can throw your book away.

andrew.butterworth · ‎08-21-2012

I think what they are trying to say is that if you take the 1st image and then split the layer-2 access switch into several access switches this affects the behaviour of the topology. Introducing additional access-layer switches switches means the STP topology is more complex (I admit probably not much). It also introduces unicast flooding which you would have had already but you would never have noticed it as the only device performing the flooding would have been one of the distribution switches (typically the HSRP standby switch) and the flooding would have only occured on the downlink. If a second layer-2 switch was in the mix you would have seen flooding here (this isn't an issue if you are using stacked access layer switches such as 3750 or 2960S).

I suggest you search for unicast flooding to understand this as it can be a big issue in networks with VLANs stretched between access layer switches.

However, after just writing all that I now think what the notes are saying is that with the routed access-layer design you cannot have common VLANs between access-layer switches as your uplinks are no longer VLAN trunk ports carrying multiple VLANs but are now routed ports (/30 or /31) and using a routing protocol. In reality you can still stretch VLANs between your access-layer switches by making the uplinks trunks and having your P2P routed VLAN and then a common VLAN you want to stretch. This is something you SHOULD NOT DO though as it destroys what you have achieved by deploying a routed access layer design - you may as well have kept the L2 access layer design.

In my experience there is just no need to stretch VLANs between access switches unless you are talking Server clustering or Virtualisation. User access layers should be routed in my opinion - its IP (v4 or v6) its just as easy to route and much more manageable.

Andy

alexandre34 · ‎08-21-2012

Thank you both of you and yes the book talk a lot about VSS but the limitation word was disturbing for me.