Network design for a retail store

reachabdulla · ‎09-08-2006

Hi.

I need to make a design for a retail store. Please see the attachment. For illustration purpose on each switch block I had attached 3 access switches. In reality there are many access switches for each switch block. There are different packages involved and each wants to be separated from the other. Lets say there are 4 packages. P1 ? vlan 50, P2 ?vlan 150, P3-vlan 200 and P4- vlan 250. They want each package to be assigned a different VLAN. Each package is spread all over the store. They don?t want to use MPLS.

I suggest the following:

In the core switch, the following can be applied:

-Gateway Load Balancing Protocol (GLBP).

-VTP Server.

In the Distribution switch, the following can be applied:

-Complete Layer 2, with trunk to core switch and access switches.

-No link between the Distribution switches link. (This reduces the number of STP loop)

In the access switch, the following can be applied:

-Complete Layer 2, with trunk to distribution switches.

Please advice and comment on the design.

yprasannas · ‎09-14-2006

I dont know how Gateway Load Balancing Protocol (GLBP) works.

We have similar setup with HSRP configured on the DSW. Some of the VLANs have HSRP on DSW1 and some of them have the HSRP active on DSW2. This requires the DSW1 and DSW2 be trunked.

The above setup gives a gateway redundancy if one of the DSW goes down.

This may function similar to GBLP but i dont know how it works?

dtecco · ‎09-14-2006

Just out of curiosity, what model switches will you use for the distribution?

I have a similar design scenario where I am using 2960Gs, and I am concerned on how they will behave with R-PVST+ enabled.

mchoo2005 · ‎09-14-2006

What switch models do you use in distribution and core? Starting from Catalyst 4948-E, you can run multiple VRFs on the switch without having to implement MPLS (VRF-Lite). Implementing VRF-Lite will provide you with logical layer-3 separation of networks, therefore, you can avoid having so many Layer-2 trunk links. If this applies to you (i.e. you are using, or can use, at least Cat 4948-E on distribution and/or Core), let me know, and I'll elaborate a bit further.

reachabdulla · ‎09-16-2006

Thanx yprasannas@hotmail.com, dtecco, mchoo2005 for your replies and queries.

My core and distributions switches are 6509s.

mchoo2005, VRF sounds interesting. Please elaborate on how VRF can provide a better design for me.

yprasannas@hotmail.com, the reason I cannot have HSRP at the DSW because all my VLANS are all over the access switches. If you notice on my diagram, VLAN 50 is required on each access switch, which is connected to different DSW. Therefore, the VTP server has to be at the core.

Lets take a scenario to explain why I want to use GLBP instead of HSRP. Lets say I use HSRP, and CSW1 is Active while CSW2 is Standby for VLAN50. Incase the link DSW1-CSW1 and DSW2-CSW1 fail together, CSW1 will still remain Active for VLAN50. This is because CSW1 can still send hello packets for VLAN50 via DSW3, DSW4, DSW5 and DSW6. Therefore, the all devices of VLAN50 on access switches connecting DSW1 and DSW2 will have to communicate via CSW2 which is Standby. To solve this problem, I decided to use GLBP (which is Active-Active) instead of HSRP.

mchoo2005 · ‎09-17-2006

Hi... I think I might've misunderstood your requirements. I thought you wanted to have logical separations between VLANs on the distribution switches, which can be achieved by implementing VRF-Lite. But after reading through your requirements again, I realised your problem seems to be more on STP vs HSRP. Is this correct? Or do you also want to make sure each VLAN does not talk to each other?

dtecco · ‎09-18-2006

On a side note, it must be some kind of retail store if it requires multiple 6509's throughout the fabric.

jackyoung · ‎09-17-2006

Let me share my opinion.

If the servers and common used devices are located at the core switches then it is fine to use core as layer 3 switching only. Otherwise, the distribution switch may better to enable layer 3 switching two.

Access layer - it is fine for current design

Desitribution layer - will require etherchannel & trunking to core switch and may etherchannel & trunking to access switch that depends on the bandwidth requirement.

Core layer - enable etherchannel & trunking to distribution layer and between core switches. Layer 3 switching enabled for inter-VLAN routing if there is a need. If different VLAN will access the same server but you do not want the traffic to be flowed between VLAN, you may require to enable access-control list between VLAN to block the unwanted traffic and disable inter-VLAN routing. Or control it by routing protocol design.

Use separated VLAN for the common used device in core switch, e.g. VLAN 10. It is easier to apply the ACL and control the traffic.

If there is no layer 3 enabled at distribution & access layer, the layer 3 switching or inter-vlan routing may not be required, because the core switch will be the only layer device and no need to communicate to other routing device. If there is external device require require then layer 3 switching is a must and separated VLAN for those devices.

The link between core switches will require to trunk all VLANs. But please ensure the host will connect to both core switches will be able to present at the same segment. Otherwise, the server VLAN may be excluded from the link between two core to prevent any problem.

If the common used device can be load-sharing by user (i.e. connect to two core switches) then it is fine to use GLBP. Otherwise, if the traffic from access switch, distribution switch then core switch but finally reach the same host at one core switch. It will not be a benefit and the inter-link between two core switches may be the bottle-neck.

Therefore, HSRP may be good enough, it depends on the common used device connection design.

Just my 2 cents, hope this helps.