Solved

Cisco Switching Core

Posted on 2011-03-23
9
476 Views
Last Modified: 2012-05-11
What benefits does changing a layer 2 switching platform to layer 3 core in the main part of your network?
0
Comment
Question by:Jack_son_
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 3

Accepted Solution

by:
dan4132 earned 100 total points
ID: 35197492
VLANS is one of them. For Example you can have two different VLANS and have them not talk or see each other but they can both still access a shared resource or the Internet. To do this you need Layer 3 switching.

Some other Benefits are (copied from WIKI):

Hardware-based packet forwarding
High-performance packet switching
High-speed scalability
Low latency
Lower per-port cost
Flow accounting
Security
Quality of service (QoS)
0
 
LVL 16

Expert Comment

by:memo_tnt
ID: 35197507
here is an answer to your explanation with recommendation;

http://wiki.answers.com/Q/What_is_the_difference_between_Layer_2_switch_and_Layer_3_switch

0
 
LVL 4

Assisted Solution

by:m_walker
m_walker earned 200 total points
ID: 35197539
If you only have 1 VLAN and the number of computers is < 250 odd, then I dont see any real value in going layer 3.  But if you have more then one VLAN, then you will need some layer 3 devices so you can route between each vlan.  

If you have more then one path between to devices, then at layer 2 one will be spanned out via spanning tree, so only one path at a time.  Layer 3 allows multi-routes so both can stay up and packets will go via the best route.  If one link failes the 2nd route will keep the network running.
(this is where you have a link between S1-S2-S3-S4-S1 not 2 or more links between S1 and S2).

One of the key reasons for vlans is to keep the broadcast domain node count low.  When a computer sends a broadcast, every computer on that Layer 2 segment will see the broadcast.  This packet will enter the nic and the ip stack will need to deal with it (repond or drop).  So every computer deals with every broadcast, the more broadcasts to more work your nic and ip stack does.  This work load may have no value and delay the processing of needed packets (slowing the network down).  An example of a broadcast is the local ARP request "who has ip 1.2.3.4".  Every computer on the layer2 we see that request, but only the computer with the ip 1.2.3.4 will respond.

If you where to have a core layer 3 switch.  Then have 5 access layer 2 switches connected to it then you limit those layer 2 broadcasts to the local access layer switch (24/48 ports).

If you have slow links, then you will want to limit traffic on those links to data that needs to be there. Layer 3 will only send the data for the remote  device/network over the slower link, Layer 2 will send all broadcasts over the link, thus slower again as above.

You may want to restrict access to servers (eg: port 80 only on your web server).  Put the web server into the server vlan, user and the user vlan, then setup ACLs to restict access or route via a firewall.

Cisco have some nice things lke vrf so you can have different routing tables for different vlans (or groups of vlans) so you could run 2 or more networks over your core backbone and the traffic will never see each other or force the links to go via a firewall if needed (handy for a staff and student network as an example).

Any key areas you would like to know about?
0
How to Defend Against the WCry Ransomware Attack

On May 12, 2017, an extremely virulent ransomware variant named WCry 2.0 began to infect organizations. Within several hours, over 75,000 victims were reported in 90+ countries. Learn more from our research team about this threat & how to protect your organization!

 

Author Comment

by:Jack_son_
ID: 35197761
Great explanation!  We do have multiple vlans and really need internal routing, is OSPF a good protocol?  I have about 120 servers right now, have layer 2 switches.  I do have some internal routing issues.  Is it possible to do one layer 3 core switches, i.e. that does core and access layer?

Also, how do you explain on the business side the benefits i.e. improve performance, etc?
0
 
LVL 4

Assisted Solution

by:m_walker
m_walker earned 200 total points
ID: 35197872
The routing protocol can depend on some of the fine detail of the design.  We use vrf and find EIGRP works for us.  But you will find the network design you want could work better with a different protocol.  

I think every network tech will have a differnet idea of what works best.  So the trick will be what works best for you and your budgets. We run about 40-50 Servers and about 1000 clients over 10 sites.  So out network is spread out, but not that busy.  
We have our servers connected to a 4500 Layer2/Layer3 switch.  We use vrf and layer 3 for inter site connections (but we have a 10G links between them) and user Layer 2 for the local site.
Servers are in their own vlans, phones in a vlan and users in a vlan as well.

So on a single site 1 Layer 3 and many layer 2 does work and works well for us.
We use vrf for trusted (unlimited routing) vlans, then push it up to an ASA if non-trusted vlan traffic (eg: to allow students to get to the web server).

For you local business side, you need to work out what is importent to the management.
If they think its fast now, then the may not come at improved performance, but if the think its slow, who knows...

I find you always need to link it back what the business does, not how the network works.
eg: We are reaching the limits of the current network design, if we do nothing then we wont be able to grow and support <some thing here> and may miss out on income.  It takes time to design and implement a new network design so we need to start now rather then wait until its needed so we will be in the best postion to support new and bigger activities.

Take to the delivery teams and find out what is importent to them and base you submission around that.

Look at the business plans and work out where it is going.  If you feel you are a bit of a "no" team in IT, and others feel that, use it.... "In order to be in a position where we can say Yes, we need to build the systems that will support ...... be safe, secure, reliable and can exapnd to meet the rapid changes to ensure our customers get the best service....."

Of course, re-write to suit what you do... this is just ideas....
 
0
 
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
ID: 35203076
If you have multiple VLANs and only one router you can just use a good layer3 switch.
You don't need to configure a routing protocol - a routing protocol will just share routing information between routers, but if you only have one router you aren't sharing any info.

If you have 120+ servers I'd really start to think about using a redundant core with multiple layer3 switches and routers.  Redundancy is one of the major selling points to core and access models.
0
 
LVL 1

Assisted Solution

by:arasmy
arasmy earned 100 total points
ID: 35208475
Depends on size, design, and the function of the network
Tell us a little bit about your network
0
 

Author Comment

by:Jack_son_
ID: 35359605
Thanks for all the input; also is it standard protocol to continue to route internal vlans thru the firewalls or is vlan security enough?
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question