Cisco Switching Core

What benefits does changing a layer 2 switching platform to layer 3 core in the main part of your network?
Who is Participating?
dan4132Connect With a Mentor Commented:
VLANS is one of them. For Example you can have two different VLANS and have them not talk or see each other but they can both still access a shared resource or the Internet. To do this you need Layer 3 switching.

Some other Benefits are (copied from WIKI):

Hardware-based packet forwarding
High-performance packet switching
High-speed scalability
Low latency
Lower per-port cost
Flow accounting
Quality of service (QoS)
here is an answer to your explanation with recommendation;

m_walkerConnect With a Mentor Commented:
If you only have 1 VLAN and the number of computers is < 250 odd, then I dont see any real value in going layer 3.  But if you have more then one VLAN, then you will need some layer 3 devices so you can route between each vlan.  

If you have more then one path between to devices, then at layer 2 one will be spanned out via spanning tree, so only one path at a time.  Layer 3 allows multi-routes so both can stay up and packets will go via the best route.  If one link failes the 2nd route will keep the network running.
(this is where you have a link between S1-S2-S3-S4-S1 not 2 or more links between S1 and S2).

One of the key reasons for vlans is to keep the broadcast domain node count low.  When a computer sends a broadcast, every computer on that Layer 2 segment will see the broadcast.  This packet will enter the nic and the ip stack will need to deal with it (repond or drop).  So every computer deals with every broadcast, the more broadcasts to more work your nic and ip stack does.  This work load may have no value and delay the processing of needed packets (slowing the network down).  An example of a broadcast is the local ARP request "who has ip".  Every computer on the layer2 we see that request, but only the computer with the ip will respond.

If you where to have a core layer 3 switch.  Then have 5 access layer 2 switches connected to it then you limit those layer 2 broadcasts to the local access layer switch (24/48 ports).

If you have slow links, then you will want to limit traffic on those links to data that needs to be there. Layer 3 will only send the data for the remote  device/network over the slower link, Layer 2 will send all broadcasts over the link, thus slower again as above.

You may want to restrict access to servers (eg: port 80 only on your web server).  Put the web server into the server vlan, user and the user vlan, then setup ACLs to restict access or route via a firewall.

Cisco have some nice things lke vrf so you can have different routing tables for different vlans (or groups of vlans) so you could run 2 or more networks over your core backbone and the traffic will never see each other or force the links to go via a firewall if needed (handy for a staff and student network as an example).

Any key areas you would like to know about?
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Jack_son_Author Commented:
Great explanation!  We do have multiple vlans and really need internal routing, is OSPF a good protocol?  I have about 120 servers right now, have layer 2 switches.  I do have some internal routing issues.  Is it possible to do one layer 3 core switches, i.e. that does core and access layer?

Also, how do you explain on the business side the benefits i.e. improve performance, etc?
m_walkerConnect With a Mentor Commented:
The routing protocol can depend on some of the fine detail of the design.  We use vrf and find EIGRP works for us.  But you will find the network design you want could work better with a different protocol.  

I think every network tech will have a differnet idea of what works best.  So the trick will be what works best for you and your budgets. We run about 40-50 Servers and about 1000 clients over 10 sites.  So out network is spread out, but not that busy.  
We have our servers connected to a 4500 Layer2/Layer3 switch.  We use vrf and layer 3 for inter site connections (but we have a 10G links between them) and user Layer 2 for the local site.
Servers are in their own vlans, phones in a vlan and users in a vlan as well.

So on a single site 1 Layer 3 and many layer 2 does work and works well for us.
We use vrf for trusted (unlimited routing) vlans, then push it up to an ASA if non-trusted vlan traffic (eg: to allow students to get to the web server).

For you local business side, you need to work out what is importent to the management.
If they think its fast now, then the may not come at improved performance, but if the think its slow, who knows...

I find you always need to link it back what the business does, not how the network works.
eg: We are reaching the limits of the current network design, if we do nothing then we wont be able to grow and support <some thing here> and may miss out on income.  It takes time to design and implement a new network design so we need to start now rather then wait until its needed so we will be in the best postion to support new and bigger activities.

Take to the delivery teams and find out what is importent to them and base you submission around that.

Look at the business plans and work out where it is going.  If you feel you are a bit of a "no" team in IT, and others feel that, use it.... "In order to be in a position where we can say Yes, we need to build the systems that will support ...... be safe, secure, reliable and can exapnd to meet the rapid changes to ensure our customers get the best service....."

Of course, re-write to suit what you do... this is just ideas....
Craig BeckConnect With a Mentor Commented:
If you have multiple VLANs and only one router you can just use a good layer3 switch.
You don't need to configure a routing protocol - a routing protocol will just share routing information between routers, but if you only have one router you aren't sharing any info.

If you have 120+ servers I'd really start to think about using a redundant core with multiple layer3 switches and routers.  Redundancy is one of the major selling points to core and access models.
arasmyConnect With a Mentor Commented:
Depends on size, design, and the function of the network
Tell us a little bit about your network
Jack_son_Author Commented:
Thanks for all the input; also is it standard protocol to continue to route internal vlans thru the firewalls or is vlan security enough?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.