Cisco Switching Core

Posted on 2011-03-23
Last Modified: 2012-05-11
What benefits does changing a layer 2 switching platform to layer 3 core in the main part of your network?
Question by:Jack_son_

Accepted Solution

dan4132 earned 100 total points
ID: 35197492
VLANS is one of them. For Example you can have two different VLANS and have them not talk or see each other but they can both still access a shared resource or the Internet. To do this you need Layer 3 switching.

Some other Benefits are (copied from WIKI):

Hardware-based packet forwarding
High-performance packet switching
High-speed scalability
Low latency
Lower per-port cost
Flow accounting
Quality of service (QoS)
LVL 16

Expert Comment

ID: 35197507
here is an answer to your explanation with recommendation;


Assisted Solution

m_walker earned 200 total points
ID: 35197539
If you only have 1 VLAN and the number of computers is < 250 odd, then I dont see any real value in going layer 3.  But if you have more then one VLAN, then you will need some layer 3 devices so you can route between each vlan.  

If you have more then one path between to devices, then at layer 2 one will be spanned out via spanning tree, so only one path at a time.  Layer 3 allows multi-routes so both can stay up and packets will go via the best route.  If one link failes the 2nd route will keep the network running.
(this is where you have a link between S1-S2-S3-S4-S1 not 2 or more links between S1 and S2).

One of the key reasons for vlans is to keep the broadcast domain node count low.  When a computer sends a broadcast, every computer on that Layer 2 segment will see the broadcast.  This packet will enter the nic and the ip stack will need to deal with it (repond or drop).  So every computer deals with every broadcast, the more broadcasts to more work your nic and ip stack does.  This work load may have no value and delay the processing of needed packets (slowing the network down).  An example of a broadcast is the local ARP request "who has ip".  Every computer on the layer2 we see that request, but only the computer with the ip will respond.

If you where to have a core layer 3 switch.  Then have 5 access layer 2 switches connected to it then you limit those layer 2 broadcasts to the local access layer switch (24/48 ports).

If you have slow links, then you will want to limit traffic on those links to data that needs to be there. Layer 3 will only send the data for the remote  device/network over the slower link, Layer 2 will send all broadcasts over the link, thus slower again as above.

You may want to restrict access to servers (eg: port 80 only on your web server).  Put the web server into the server vlan, user and the user vlan, then setup ACLs to restict access or route via a firewall.

Cisco have some nice things lke vrf so you can have different routing tables for different vlans (or groups of vlans) so you could run 2 or more networks over your core backbone and the traffic will never see each other or force the links to go via a firewall if needed (handy for a staff and student network as an example).

Any key areas you would like to know about?
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.


Author Comment

ID: 35197761
Great explanation!  We do have multiple vlans and really need internal routing, is OSPF a good protocol?  I have about 120 servers right now, have layer 2 switches.  I do have some internal routing issues.  Is it possible to do one layer 3 core switches, i.e. that does core and access layer?

Also, how do you explain on the business side the benefits i.e. improve performance, etc?

Assisted Solution

m_walker earned 200 total points
ID: 35197872
The routing protocol can depend on some of the fine detail of the design.  We use vrf and find EIGRP works for us.  But you will find the network design you want could work better with a different protocol.  

I think every network tech will have a differnet idea of what works best.  So the trick will be what works best for you and your budgets. We run about 40-50 Servers and about 1000 clients over 10 sites.  So out network is spread out, but not that busy.  
We have our servers connected to a 4500 Layer2/Layer3 switch.  We use vrf and layer 3 for inter site connections (but we have a 10G links between them) and user Layer 2 for the local site.
Servers are in their own vlans, phones in a vlan and users in a vlan as well.

So on a single site 1 Layer 3 and many layer 2 does work and works well for us.
We use vrf for trusted (unlimited routing) vlans, then push it up to an ASA if non-trusted vlan traffic (eg: to allow students to get to the web server).

For you local business side, you need to work out what is importent to the management.
If they think its fast now, then the may not come at improved performance, but if the think its slow, who knows...

I find you always need to link it back what the business does, not how the network works.
eg: We are reaching the limits of the current network design, if we do nothing then we wont be able to grow and support <some thing here> and may miss out on income.  It takes time to design and implement a new network design so we need to start now rather then wait until its needed so we will be in the best postion to support new and bigger activities.

Take to the delivery teams and find out what is importent to them and base you submission around that.

Look at the business plans and work out where it is going.  If you feel you are a bit of a "no" team in IT, and others feel that, use it.... "In order to be in a position where we can say Yes, we need to build the systems that will support ...... be safe, secure, reliable and can exapnd to meet the rapid changes to ensure our customers get the best service....."

Of course, re-write to suit what you do... this is just ideas....
LVL 46

Assisted Solution

by:Craig Beck
Craig Beck earned 100 total points
ID: 35203076
If you have multiple VLANs and only one router you can just use a good layer3 switch.
You don't need to configure a routing protocol - a routing protocol will just share routing information between routers, but if you only have one router you aren't sharing any info.

If you have 120+ servers I'd really start to think about using a redundant core with multiple layer3 switches and routers.  Redundancy is one of the major selling points to core and access models.

Assisted Solution

arasmy earned 100 total points
ID: 35208475
Depends on size, design, and the function of the network
Tell us a little bit about your network

Author Comment

ID: 35359605
Thanks for all the input; also is it standard protocol to continue to route internal vlans thru the firewalls or is vlan security enough?

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWall Max Connection Setting 7 37
Network Design Question 1 45
Simple Router Management, Subnets and VLANs e.g. RV0xx 7 67
Error after upgrade of 3850s 15 49
Hello to you all, I hear of many people congratulate AWS (Amazon Web Services) on how easy it is to spin up and create new EC2 (Elastic Compute Cloud) instances, but then fail and struggle to connect to them using simple tools such as SSH (Secure…
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question