Solved

Cisco Switching Core

Posted on 2011-03-23
9
466 Views
Last Modified: 2012-05-11
What benefits does changing a layer 2 switching platform to layer 3 core in the main part of your network?
0
Comment
Question by:Jack_son_
9 Comments
 
LVL 3

Accepted Solution

by:
dan4132 earned 100 total points
ID: 35197492
VLANS is one of them. For Example you can have two different VLANS and have them not talk or see each other but they can both still access a shared resource or the Internet. To do this you need Layer 3 switching.

Some other Benefits are (copied from WIKI):

Hardware-based packet forwarding
High-performance packet switching
High-speed scalability
Low latency
Lower per-port cost
Flow accounting
Security
Quality of service (QoS)
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 35197507
here is an answer to your explanation with recommendation;

http://wiki.answers.com/Q/What_is_the_difference_between_Layer_2_switch_and_Layer_3_switch

0
 
LVL 4

Assisted Solution

by:m_walker
m_walker earned 200 total points
ID: 35197539
If you only have 1 VLAN and the number of computers is < 250 odd, then I dont see any real value in going layer 3.  But if you have more then one VLAN, then you will need some layer 3 devices so you can route between each vlan.  

If you have more then one path between to devices, then at layer 2 one will be spanned out via spanning tree, so only one path at a time.  Layer 3 allows multi-routes so both can stay up and packets will go via the best route.  If one link failes the 2nd route will keep the network running.
(this is where you have a link between S1-S2-S3-S4-S1 not 2 or more links between S1 and S2).

One of the key reasons for vlans is to keep the broadcast domain node count low.  When a computer sends a broadcast, every computer on that Layer 2 segment will see the broadcast.  This packet will enter the nic and the ip stack will need to deal with it (repond or drop).  So every computer deals with every broadcast, the more broadcasts to more work your nic and ip stack does.  This work load may have no value and delay the processing of needed packets (slowing the network down).  An example of a broadcast is the local ARP request "who has ip 1.2.3.4".  Every computer on the layer2 we see that request, but only the computer with the ip 1.2.3.4 will respond.

If you where to have a core layer 3 switch.  Then have 5 access layer 2 switches connected to it then you limit those layer 2 broadcasts to the local access layer switch (24/48 ports).

If you have slow links, then you will want to limit traffic on those links to data that needs to be there. Layer 3 will only send the data for the remote  device/network over the slower link, Layer 2 will send all broadcasts over the link, thus slower again as above.

You may want to restrict access to servers (eg: port 80 only on your web server).  Put the web server into the server vlan, user and the user vlan, then setup ACLs to restict access or route via a firewall.

Cisco have some nice things lke vrf so you can have different routing tables for different vlans (or groups of vlans) so you could run 2 or more networks over your core backbone and the traffic will never see each other or force the links to go via a firewall if needed (handy for a staff and student network as an example).

Any key areas you would like to know about?
0
 

Author Comment

by:Jack_son_
ID: 35197761
Great explanation!  We do have multiple vlans and really need internal routing, is OSPF a good protocol?  I have about 120 servers right now, have layer 2 switches.  I do have some internal routing issues.  Is it possible to do one layer 3 core switches, i.e. that does core and access layer?

Also, how do you explain on the business side the benefits i.e. improve performance, etc?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 4

Assisted Solution

by:m_walker
m_walker earned 200 total points
ID: 35197872
The routing protocol can depend on some of the fine detail of the design.  We use vrf and find EIGRP works for us.  But you will find the network design you want could work better with a different protocol.  

I think every network tech will have a differnet idea of what works best.  So the trick will be what works best for you and your budgets. We run about 40-50 Servers and about 1000 clients over 10 sites.  So out network is spread out, but not that busy.  
We have our servers connected to a 4500 Layer2/Layer3 switch.  We use vrf and layer 3 for inter site connections (but we have a 10G links between them) and user Layer 2 for the local site.
Servers are in their own vlans, phones in a vlan and users in a vlan as well.

So on a single site 1 Layer 3 and many layer 2 does work and works well for us.
We use vrf for trusted (unlimited routing) vlans, then push it up to an ASA if non-trusted vlan traffic (eg: to allow students to get to the web server).

For you local business side, you need to work out what is importent to the management.
If they think its fast now, then the may not come at improved performance, but if the think its slow, who knows...

I find you always need to link it back what the business does, not how the network works.
eg: We are reaching the limits of the current network design, if we do nothing then we wont be able to grow and support <some thing here> and may miss out on income.  It takes time to design and implement a new network design so we need to start now rather then wait until its needed so we will be in the best postion to support new and bigger activities.

Take to the delivery teams and find out what is importent to them and base you submission around that.

Look at the business plans and work out where it is going.  If you feel you are a bit of a "no" team in IT, and others feel that, use it.... "In order to be in a position where we can say Yes, we need to build the systems that will support ...... be safe, secure, reliable and can exapnd to meet the rapid changes to ensure our customers get the best service....."

Of course, re-write to suit what you do... this is just ideas....
 
0
 
LVL 45

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
ID: 35203076
If you have multiple VLANs and only one router you can just use a good layer3 switch.
You don't need to configure a routing protocol - a routing protocol will just share routing information between routers, but if you only have one router you aren't sharing any info.

If you have 120+ servers I'd really start to think about using a redundant core with multiple layer3 switches and routers.  Redundancy is one of the major selling points to core and access models.
0
 
LVL 1

Assisted Solution

by:arasmy
arasmy earned 100 total points
ID: 35208475
Depends on size, design, and the function of the network
Tell us a little bit about your network
0
 

Author Comment

by:Jack_son_
ID: 35359605
Thanks for all the input; also is it standard protocol to continue to route internal vlans thru the firewalls or is vlan security enough?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now