cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
609
Views
0
Helpful
8
Replies

Network Design Choices

Rchaoua12
Level 1
Level 1

I have a couple of questions regarding network design. Hopefully someone can help.

(1) Should servers be placed in the core of the network or should the servers be placed in the access layer of the design?

(2) If you have a core with redundant Layer 3 switches is it a good practice to place all odd VLANs on one and all even on the other?

Thanks!

8 Replies 8

darren.g
Level 5
Level 5

Rachid Chaoua wrote:

I have a couple of questions regarding network design. Hopefully someone can help.

(1) Should servers be placed in the core of the network or should the servers be placed in the access layer of the design?

(2) If you have a core with redundant Layer 3 switches is it a good practice to place all odd VLANs on one and all even on the other?

Thanks!

Rachid

The answer to 1) really depends on how deep your pockets are when building the network. I've done both - had servers on decicated switches which are not part of the core (treat them as any other access device), and also had servers connected directly to the core (collapsed core type design). My preference is for the former if I can get enough funding out of the business concerned - keep the core pure and provide high bandwidth access switches for servers, lower bandwidth switches for users - but this isn't always practical - especially now you've got servers wanting 10 gig links (blade chassis etc) for unified comms and what not.

The answer to 2) is neither - it's better that you have all VLAN's across both redundant switches - or they're not really redundant! If you only have half the VLAN's on one switch and half ont he other, if you lose one of your "redundant' switches you lose half your VLAN's. Far better to half them on both core switches with a nice big trunk between the core to keep them contiguous. The Nexus7000 vPC concent is *great* for this - run your redundant core, and connect your access switches to both core using a vPC - you never lose an access switch even if you drop a core switch, provided you've done your conenctivity properly.

Cheers.


Thanks for the reply.

Perhaps I should clarify on the second question. I meant split up the root bridge for the VLANs amongst the two switches. The VLAN IDs willbe  present on both switches. I don't really seem keen on the idea of doing this. However, a co-worker brought it up today.

The only jsutifcation I can give for not doing this is because it can become confusing to someone how comes into tolearn your network.

If you look at the campus design for HA, I think you will find that splitting the root bridge is done there.

As far as where to place servers, that depends on how many and what growth.

I have done server only access layers and its worked just fine.

take a look at this:

http://www.cisco.com/en/US/partner/docs/solutions/Enterprise/Data_Center/DC_3_0/DC-3_0_IPInfra.html

Rachid Chaoua wrote:


Thanks for the reply.

Perhaps I should clarify on the second question. I meant split up the root bridge for the VLANs amongst the two switches. The VLAN IDs willbe  present on both switches. I don't really seem keen on the idea of doing this. However, a co-worker brought it up today.

The only jsutifcation I can give for not doing this is because it can become confusing to someone how comes into tolearn your network.

Ahhh, in that case then yeah, it's a good idea, although depending on which technology you use (if you're using vPC's on a Nexus platform of VSS on a 6500 platform) it can just be confusing and a waste of time - when I implemented a pair of N7K's with vPC's linking to access switches, Cisco's recommendationw as to actually force one fo the N7K's to be the root bridge for all VLAN's rather than allowing them to reside across the pair.

Cheers.

Marwan ALshawi
VIP Alumni
VIP Alumni

just to add to the other posts

- if you have a core then i am assuming you have access and aggregation layer

- it is better to eave the core to do routing between differnt aggregation blocks such as Internet block, server farm ..etc

- if you can put you servers in a dedicated access/distribution layer upi to the core the will be best practice as this will give the chance to have proper server farm and data center design where you can add load balancer in the future, firewalling and you may add some DC switch such as Cisco Nexus

if you connect directly to the core it will work but you will loose al the capabilities mentioned above

- also from better routing design in the core keep it simple and summarized route for fast routing

hope this help

wasmer_anne
Level 1
Level 1

I understand that on the same site you have a number of servers and users. How you want to organise your VLANs really depends on your organisation's traffic flows: if all servers are centralised (used accross departments / VLANS), then yes I would create a number of VLANs specifically for the servers but maybe each department use dedicated file and print servers, and the access to some servers should be restricted to the users requiring access only. Similarly, if a large portion of the LAN traffic is within the department, maybe I would put those servers within the same VLAN than the users.

It all really depends on your budget ($ and time) and your organisation's security requirements.

Ideally you could create a number of "shared VLANs" (access to those required accross the organisation) for email - DC - DNS- DHCP - backup etc, then department specific VLANs depending on the type of applications required by each department and a few Users VLANs.

You can then implement lots of nice L2 security features beteen and within the vLANs.

Between Access and Distribution I would manually prune non required VLANs on the trunks.

Problem with HSRP hen you have even VLANs on Distri 1 and pair VLANs on Distri 2 is that load-balancing is static and does not take into account the dynamic amount of traffic per VLAN. Would GLBP be possible?

At the core / collapsed core you can control specifically the inter-vlan routing.

Then you reduce unnecessary traffic and increase overall internal security!

Voila!

jlhainy
Level 2
Level 2

Remember that what ever Design you go with must fall within the Business and Technological goals and Business and Technological constraints.

In my cause, I would love to get some redundancy in parts of my network.  However, the business constraint of budget prohibits me from doing so, therefore, redundancy is not in the design right now.

As far as where the servers should be placed... you have the option of distributed or centralized servers.  If all users in all sites of your organization are going to use the services on these servers, then I would put them at the core.  If only the users in a certain building will be using a server, it could make sense to place them on the access layer.

In my case, I do a little of both.

Thanks for all the replies.

I have viewed the Campus design for HA and noted what it stated for the placement of server farms. I now agree that the servers should be placed at the access layer.

What threw me off was that in Oppenhiemer's Top Down Network Design book, it is mentioned that servers can be placed in the core but typically they are placed at the access layer. Therefore, I was curious of the benefits of doing the former versuses the latter.

On paper, it sounds like a good idea. At the core, the servers are central to the network. However, from the research I've done it sounds advantegous to place them at the access layer in order to maximize the performance of the core network.

Luckily, the funding of this design is not lacking. The time portion perhaps. Therfore, redundancy is a must.

Unfortunately, we are not using anything as sexy as a new Nexus only a pair of 4500 series switches.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: