[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Cisco Switching Core

Posted on 2011-03-23
Medium Priority
Last Modified: 2012-05-11
What benefits does changing a layer 2 switching platform to layer 3 core in the main part of your network?
Question by:Jack_son_
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

dan4132 earned 400 total points
ID: 35197492
VLANS is one of them. For Example you can have two different VLANS and have them not talk or see each other but they can both still access a shared resource or the Internet. To do this you need Layer 3 switching.

Some other Benefits are (copied from WIKI):

Hardware-based packet forwarding
High-performance packet switching
High-speed scalability
Low latency
Lower per-port cost
Flow accounting
Quality of service (QoS)
LVL 16

Expert Comment

ID: 35197507
here is an answer to your explanation with recommendation;



Assisted Solution

m_walker earned 800 total points
ID: 35197539
If you only have 1 VLAN and the number of computers is < 250 odd, then I dont see any real value in going layer 3.  But if you have more then one VLAN, then you will need some layer 3 devices so you can route between each vlan.  

If you have more then one path between to devices, then at layer 2 one will be spanned out via spanning tree, so only one path at a time.  Layer 3 allows multi-routes so both can stay up and packets will go via the best route.  If one link failes the 2nd route will keep the network running.
(this is where you have a link between S1-S2-S3-S4-S1 not 2 or more links between S1 and S2).

One of the key reasons for vlans is to keep the broadcast domain node count low.  When a computer sends a broadcast, every computer on that Layer 2 segment will see the broadcast.  This packet will enter the nic and the ip stack will need to deal with it (repond or drop).  So every computer deals with every broadcast, the more broadcasts to more work your nic and ip stack does.  This work load may have no value and delay the processing of needed packets (slowing the network down).  An example of a broadcast is the local ARP request "who has ip".  Every computer on the layer2 we see that request, but only the computer with the ip will respond.

If you where to have a core layer 3 switch.  Then have 5 access layer 2 switches connected to it then you limit those layer 2 broadcasts to the local access layer switch (24/48 ports).

If you have slow links, then you will want to limit traffic on those links to data that needs to be there. Layer 3 will only send the data for the remote  device/network over the slower link, Layer 2 will send all broadcasts over the link, thus slower again as above.

You may want to restrict access to servers (eg: port 80 only on your web server).  Put the web server into the server vlan, user and the user vlan, then setup ACLs to restict access or route via a firewall.

Cisco have some nice things lke vrf so you can have different routing tables for different vlans (or groups of vlans) so you could run 2 or more networks over your core backbone and the traffic will never see each other or force the links to go via a firewall if needed (handy for a staff and student network as an example).

Any key areas you would like to know about?
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!


Author Comment

ID: 35197761
Great explanation!  We do have multiple vlans and really need internal routing, is OSPF a good protocol?  I have about 120 servers right now, have layer 2 switches.  I do have some internal routing issues.  Is it possible to do one layer 3 core switches, i.e. that does core and access layer?

Also, how do you explain on the business side the benefits i.e. improve performance, etc?

Assisted Solution

m_walker earned 800 total points
ID: 35197872
The routing protocol can depend on some of the fine detail of the design.  We use vrf and find EIGRP works for us.  But you will find the network design you want could work better with a different protocol.  

I think every network tech will have a differnet idea of what works best.  So the trick will be what works best for you and your budgets. We run about 40-50 Servers and about 1000 clients over 10 sites.  So out network is spread out, but not that busy.  
We have our servers connected to a 4500 Layer2/Layer3 switch.  We use vrf and layer 3 for inter site connections (but we have a 10G links between them) and user Layer 2 for the local site.
Servers are in their own vlans, phones in a vlan and users in a vlan as well.

So on a single site 1 Layer 3 and many layer 2 does work and works well for us.
We use vrf for trusted (unlimited routing) vlans, then push it up to an ASA if non-trusted vlan traffic (eg: to allow students to get to the web server).

For you local business side, you need to work out what is importent to the management.
If they think its fast now, then the may not come at improved performance, but if the think its slow, who knows...

I find you always need to link it back what the business does, not how the network works.
eg: We are reaching the limits of the current network design, if we do nothing then we wont be able to grow and support <some thing here> and may miss out on income.  It takes time to design and implement a new network design so we need to start now rather then wait until its needed so we will be in the best postion to support new and bigger activities.

Take to the delivery teams and find out what is importent to them and base you submission around that.

Look at the business plans and work out where it is going.  If you feel you are a bit of a "no" team in IT, and others feel that, use it.... "In order to be in a position where we can say Yes, we need to build the systems that will support ...... be safe, secure, reliable and can exapnd to meet the rapid changes to ensure our customers get the best service....."

Of course, re-write to suit what you do... this is just ideas....
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 400 total points
ID: 35203076
If you have multiple VLANs and only one router you can just use a good layer3 switch.
You don't need to configure a routing protocol - a routing protocol will just share routing information between routers, but if you only have one router you aren't sharing any info.

If you have 120+ servers I'd really start to think about using a redundant core with multiple layer3 switches and routers.  Redundancy is one of the major selling points to core and access models.

Assisted Solution

arasmy earned 400 total points
ID: 35208475
Depends on size, design, and the function of the network
Tell us a little bit about your network

Author Comment

ID: 35359605
Thanks for all the input; also is it standard protocol to continue to route internal vlans thru the firewalls or is vlan security enough?

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question