i am planning to extend layer 3 to my access switch. i have 6 4506 on the access layer with uplink gig to each my 6509 core/distribution. my plan on my core/distribution cisco 6509 switch with sup 720 is to trunk both 6509. my question is: is their any company that's running this type of setup? if so, what is the caveat with this design.
my design is 2 6509 switch trunk together, 6 4506 switch with layer 3 (routed) link to my 6509.
Yes we run this setup in some of our newer offices. Basically we have
2 x 6509 - core/distro connected together via L2 trunk
On each floor we then have 4500 switches with dual L3 routed connections to the 6500 switches. All user vlans are routed on the 4500 switches.
All 4500 switches are configured as EIGRP stub routers. We advertise only a default-route from the 6500's to each 4500 and the 4500's just advertise out their connected subnets.
1) Each 4500 has dual paths to the core/distro switches. No need to mess around with manually setting STP root and HSRP gateways as you would with layer 2 setup.
2) No STP at all running over the access to distro links.
3) Almost instantaneous failover if one of the links fails as you do not have to wait for STP to reconverge. Even Rapid-PVST is not a quick in my testing as a L3 routing protocol - EIGRP in our case.
1) You cannot extend a L2 vlan across floors. This may or may not be a problem for you.
2) Because of 1 the L3 model is not quite as flexible in vlan assignment etc. I have not found this to be an issue in a building/campus type environment but i'm not sure how well it would work in a data centre - we still use L2 from access-switches there.
3) If you are deploying service modules in the 6500 switches then some options are not available to you eg. FWSM in transparent mode.
Hope some of this has helped
Edit - you may want to have a look at this link if you haven't already
With a routed access layer and L3 isolation, what is the purpose of the L2 trunk between the routed core/distro switches?
Secondly, is there a benefit to having an L3 connection between those same switches?
I'll take a guess...
Servers and other key networking devices dual-homed to both 6509s and you need to share the Vlan for this purpose.
I thought of something along those lines, but it seems improbable to me that they would connect servers directly into a collapsed core/distro switches...maybe, I dont know...
Well, it seems that Jon was only commenting on the campus/user environment (since he mentioned floor switches and user inter-vlan traffic being routed by the 4500s), just to point out the routed access topology that the original poster alluded to.
Anyway, as I said, you may be right and the servers may be connected to the distro switches...thats why I was asking him to elaborate on the purpose of the L2 trunk...
Yes it comes down to cost really. We had a small number of file/print servers + VOIP servers and as Edison says, there's really no other place to put them unless you are prepared to buy a separate pair of switches.
On the floor where the 6500's were we still had 4500's for user connectivity as we didn't want to patch users into the 6500's but all the 6500's were doing is terminating 4 floors of gigabit etherchannels from the 4500's so there was lots of spare capacity in the chassis. And as the chassis for the 6500 really isn't one of the big costs we still went with 6509's.
Certainly in a server farm design you wouldn't want to do this and we don't in our data centres but i don't see a major issue in the campus. STP is still restricted to the 6500's.
I now understand why you had the L2 cross link. Thanks.
As for my second question, would it have been beneficial to add an L3 crosslink, too? Is that a good design practice for the routed core/distribution layers?
If you had no servers to connect in or your servers were on a different pair of switches then yes i think it would make sense to connect your core/distro switches with a L3 link.
Do you benefit by adding a L3 link as well as having a Layer 2 link. Well it depends on what your layer 2 link is for. If for example you were deploying resilient FWSM (Firewall Service Modules) they need layer 2 adjacency so you would have to have a L2 link between the 2.