FVNET9712 S06 S07 Notes

‫آموزش طراحی شبکههای‬
‫کامیپوتری ‪Enterprise‬‬
‫آموزش طراحی شبکههای کامیپوتری ‪Enterprise‬‬

‫درس ششم‪ :‬طراحی شبکههای ‪ - Campus‬بخش یکم‬
‫مدرس‪:‬‬
‫رضا گنجی‬
‫کارشناس ارشد مهندسی فناوری اطالعات )‪(IT‬‬
‫‪1‬‬
‫طراحی شبکههای ‪Campus‬‬

‫مرزبندی الیه‪/ 2‬الیه ‪ 3‬شبکه‬
‫‪2‬‬
Enterprise ‫کامیپوتری‬
End-to-End vs. Local VLANs
• End-to-end VLANs:
- Users are grouped into VLANs independent of physical location.
- If users are moved within the campus, their VLAN membership remains the same.
3
End-to-End vs. Local VLANs (Cont.)
• Local VLANs:
- This solution is recommended in the Cisco Enterprise Campus Architecture.
- Users are grouped into VLANs depending on physical location.
- If users are moved within the campus, their VLAN membership changes.
4
End-to-End vs. Local VLANs (Cont.)
• Consider that End-to-end and local VLANs are two deployment models, your
network might be a mix of the two models.
5
Traditional Layer 2 Access Layer
• Traditional model: L2/L3 demarcation at the

distribution layer.
• Distribution layer switches act as default
gateways.
• No Simple way to achieve true load balancing.
• Slow convergence.
6
Updated Layer 2 Access Layer
• Updated traditional model: L2/L3 demarcation still at the

distribution layer.
• Distribution layer switches act as default gateways.
• All access layer uplinks are active:
- Bundling distribution switches into a virtual switch is
prerequisite.
- STP only to prevent wiring errors.
- EtherCharmel gives decent results in load balancing.
• No need for FHRP.
• Much better convergence than with traditional Layer 2
access design.
7
Layer 3 Access Layer
• Routed access model: L2/L3 demarcation at the

access layer.
• Access layer switches act as default gateways.
• Every device participates in routing.
- Routing, if configured properly, gives best results
as far load balancing goes.
8
Routed or Switched Access Layer?
• Layer 2 design:
- VSS is required, otherwise you end up with slower convergence and you are left without dynamic
traffic load balancing.
• Layer 3 design:
- Provides better convergence times than traditional layer 2 design.
- Unified network design- single set of troubleshooting tools (e.g. ping and traceroute).
- Make sure that you have all Layer 3 capabilities you need on your access layer switches.
• Bottom line: It depends (business needs, knowledge level, and budget).
9
Hybrid Access Layer
• If you need to compromise, a hybrid model is also possible (but not recommended)-
layer 2 where required and layer 3 where possible.
10
Case Study: Common Access-Distribution

Interconnection Design
• Convergence of access-distribution blocks relies on which of the following?

- STP convergence
- FHRP convergence
- Routing protocol convergence
11

Interconnection Design (Cont.)
• How is load balancing done between access and distribution layer switches?
12

Interconnection Design (Cont.)
• Which design supports extending VLANs across multiple access switches?
13
Small and Medium Campus Design Options
14
Summary
• Recommendation is not to span VLANs across the access layer.

• Routed access layer provides you with fast convergence, unified network design
(routing everywhere), but it can increase your budget for access layer switches.
• If you are using layer 2 at the access layer, make sure that you use VSS to bundle
distribution layer switches.
- Otherwise your convergence will be slow and you are left without dynamic traffic
load balancing.
15

‫مالحظات طراحی الیه ‪2‬‬
‫‪16‬‬
VLAN and Trunk Considerations
• Use 802 .1 Q to trunk.

• Avoid automatic pruning- do it manually.
• Move management to a different VLAN- do not use VLAN 1.
• Do not rely on DTP-manual configuration is recommended.
17
VTP Considerations
• VTP enables you to manage VLAN database of all switches in your network from
one single switch.
• If you add a switch with higher revision number (either client or server) to your
network, it may bring your whole network down.
18
VTP Considerations (Cont.)
• VTP version 3 eliminates instabilities, however:

- VTPv3 is compatible with VTPv2 only if you do not use it to propagate private
or extended VLANs.
- VTPv2 is commonly the default mode, you will need to configure VTPv3 if you want to
use it.
• If your network only supports VTPv2, do not use it:
- Configure all switches in VTP domain in transparent mode.
- Changes to VLANs on VTP transparent mode switch stay local to that switch.
19
STP Considerations
• For better convergence, use rapid versions of STP.

• All switches should use rapid version of STP-otherwise convergence time will be that
of non-rapid STP.
• Do not disable STP in Layer 2 environments.
20
STP Considerations (Cont.)
21
STP Root Bridge Placement
22
STP Root Bridge Placement (Cont.)
23
Alignment of STP with FHRP
24
Alignment of STP with FHRP (Cont.)
25
Consistent STP Metrics
• Mixing switches that calculate cost in different way might produce suboptimal traffic
paths.
26
Cisco STP Toolkit
• Mechanisms that improve STP performance:

- UplinkFast*: Enables fast uplink failover on access switch
- BackboneFast*: Enables fast convergence in distribution or core layer when STP change occurs
- PortFast: Configures access port to transition directly to forwarding state
• Mechanisms that ensure STP stability:
- BPDU guard: Disables PortFast-enabled port if a BPDU is received
- BPDU filter: Suppresses BPDUs on ports
- Root guard: Prevents external switches from becoming roots
- Loop guard: Prevents an alternate port from becoming the designated port if no BPDUs are received
* No need to enable these mechanisms if you are using RSTP.
27
STP Stability Mechanism Recommendations
28
Problem with Unidirectional Links
29
Problem with Unidirectional Links (Cont.)
30
Comparing Loop Guard with UDLD
• The highest level of protection is provided when you enable UDLD and loop guard
together.
31
UDLD Recommended Practices
• Typically, it is deployed on any fiber-optic

interconnection.
• Use UDLD aggressive mode for the best
protection.
• Turn on UDLD in global configuration to
avoid operational errors and misses.
32
Need for MST
• In some scenarios, many VLANs are spanning

several switches.
• Grouping instances simplifies the tree structure.
• MST is backward-compatible with other STP forms.
33
MST Recommended Practices
• Two VLANs mapped to the same instance block the same ports, so use trunks and do
not prune VLANs from trunks.
34
MST Recommended Practices (Cont.)
• The IST instance is active on all ports, whether trunk or access, so use trunks and do
not prune VLANs from trunks.
35
Summary
• Do not use DTP to negotiate your trunk links.
• Use VTP only if version 3 is available on all switches throughout your network.
• With Spanning Tree:
- Do not disable STP
- Use rapid versions.
- Manually decide which device is the root bridge.
- Align STP root bridges with FHRP active routers for all VLANs.
- Have consistent metrics.
- Make use of Portfast, BPDUGuard, RootGuard, and LoopGuard to improve and stabilize your network's
performance.
- Use MST if you are running really high number of STP instances or you are connecting from a Cisco to a non-
Cisco network.
36

‫مفهوم ‪High Availability‬‬
‫‪37‬‬
Managing Bandwidth and Oversubscription

• To prioritize important traffic during times of congestion, you can employ QoS mechanisms.
• However, if congestion is frequent, it means that your design did not allocate enough bandwidth on
uplinks.
• You can increase bandwidth by adding more links and aggregating them or upgrading to faster links
(preferred).
38
Port Aggregation Considerations
• L2 EtherChannel:
- Aggregates bandwidth of multiple Layer 2 links
- Changes STP behavior- all links in bundle are treated
as one link and thus all are forwarding
• L3 EtherChannel:
- Aggregates bandwidth of multiple Layer 3 links
- Also optimizes routing behavior, since there is only
one neighbor relationship per switch interconnect
39
Port Aggregation Considerations (Cont.)
• EtheChannel establishment:
- LACP: Standard-based protocol that has protection against misconfiguration.
- Static persistence: No protection against misconfiguration, but has less negotiation
overhead.
- PAgP: Cisco's legacy protocol.
40
Port Aggregation Considerations (Cont.)
• Availability of load balancing on members of EtherChannel depends on the platform.

• Use a combination of source and destination per-port load balancing if available on
switch's platform. It offers most granular load balancing.
• Bundling number of links that is power of 2 (2,4 ,8, etc.) will result in optimal load
balancing.
41
VSS Considerations
42
VSS Considerations (Cont.)
• Use at least two links in MEC between switches.

- Terminate links on different line cards for maximum availability.
• Do not configure switch preemption within VSS.
43
Stacking Considerations
• Stacking (e.g. StackWise) provides a method to join multiple physical switches into a single logical
switching unit.
• Switches are united by special interconnect cables.
• The master switch is elected.
• The stack is managed as a single object and has a single management IP address.
44
Stacking Considerations (Cont.)
• Multiple access switches in the same rack

• Reduced management overhead
• Stack interconnect
• Multiple switches can create an Ether Channel connection
45
First Hop Redundancy
• First-hop redundancy protocol is only needed if access is layer 2.

- Not needed with routed access layer.
- Not needed with VSS in distribution layer.
• Common choices: HSRP (Cisco proprietary), VRRP (IETF standard), or GLBP (Cisco Proprietary).
46
HSRP and VRRP Subsecond Failover
47
HSRP and VRRP Preempt Delay

• Enable preemption to ensure alignment of HSRP/VRRP active/master router and STP root bridge for
given VLAN (optimal traffic paths).
• By default, preemption is disabled for HSRP and enabled for VRRP.
• Preemption delay should be configured to ensure that there is full connectivity from distribution to
core before preemption is performed.
48
HSRP/VRRP Load Sharing
• HSRP and VRRP do not support load sharing with default configuration. However, it
can be achieved through implementing multiple FHRP groups with different
active/master first-hop devices.
49
HSRP/VRRP Tracking
• Interface tracking is utilized to prevent traffic taking suboptimal path after failover occurs.
50
HSRP/VRRP Tracking (Cont.)
51
Case for GLBP

• As opposed to HSRP and VRRP, with GLBP, all routers within a group forward traffic by default.
GLBP provides automatic, true load-sharing, with a single group, and no administrative overhead.
52
Case for GLBP (Cont.)
• When active forwarder for a group fails, other routers take over forwarding traffic.
53
Case Against GLBP
• In topologies where STP has blocked one of the access layer uplinks, a two-hop path at Layer 2 for
upstream traffic can appear. In cases like this, stick to VRRP or HSRP.
54
Summary
• For load balancing within EtherChannel, use combination of source and destination per-port load
balancing if available on switch's platform. It offers most granular load balancing.
• In EtherChannel, bundling number of links that is power of 2 (2,4 ,8, etc.) will result in optimal load
balancing.
• With VSS, use at least two links in MEC and terminate links on different line cards for maximum
availability.
• First-hop redundancy is not needed if access layer is routed or VSS is employed.
- Use VRRP or HSRP when spanning Layer 2 across access switches or when you have only two first-hop
switches.
- With GLBP, by default all routers within a group forward traffic and load balancing is done automatically.
55

‫مالحظات طراحی الیه ‪3‬‬
‫‪56‬‬
Building Triangles
• Triangles: Link or box failure does not • Squares: Link or box failure requires
require routing protocol convergence. routing protocol convergence
57
Redundant Links
• Designing redundant switches with equal cost link is very

good for convergence.
• Each switch has two routes and two CEF forwarding entries.
• Before failure, both CEF entries are used to forward traffic.
58
Redundant Links (Cont.)
• When failure occurs, switch immediately removes

forwarding entry that is associated with the lost
neighbor.
• Forwarding was not interrupted because one valid
CEF forwarding entry is still there.
• No routing protocol re-convergence was needed.
59
Routing Convergence
• If either of the uplinks from access layer switch

fail, re-convergence must occur.
60
Limit Peering Across the Access Layer
• Waste of CPU processing time, generation o unnecessary traffic, and adds to complexity.
• Prevent peering by configuring distribution layer ports towards access layer as passive.
61
Summarize at Distribution Layer
62
Summary
• In Layer 3 Campus, build triangles and not squares, because with triangles a link or
box failure does not require routing protocol convergence.
• Limit neighbor adjacencies across access layer.
• Summarization at distribution layer will result in more stable network.
- Fewer advertisements to core and other buildings.
- Less interaction between peers.
63

‫ترافیک شبکه و ارتباطات فیزیکی‬
‫‪64‬‬
Network Requirements of Applications
65
Client-Server Traffic Considerations
66
lntrabuilding Structure Considerations
• Provides connectivity inside the building

• Built with the building access and building
distribution layers
• Transmission options:
- Copper (1G/10G*)
- Optical fiber (1G/10G)
- Wireless
* Support for 10GBASE-T is available only
on selected enterprise switches.
67
lnterbuilding Structure Considerations

• Provides connectivity between campus buildings.
• Distances between buildings within a few kilometers.
• Typical transmission media: optical fiber.
- Short range (10GBASE-SR) up to 400m over multimode fiber.
- Long range (10GBASE-LR) up to 10km over single-mode fiber.
- Extended range (10GBASE-ER) up to 40-80km single-mode fiber.
68
Transmission Media Considerations
• Available network bandwidth

• Allowable distance between devices
• Optical fiber design considerations:
- Single-mode or multimode cabling
- Transceiver selection
• Copper design considerations:
- Selection of cable category
- Electromagnetic interference
• Wireless design considerations:
- Coverage, interference, bandwidth, security
69
Transmission Media Considerations (Cont.)
• Copper Twisted-Pair Characteristics:
• Category 6A Unshielded Twisted Pair (UTP) Cable • Category 6A Unshielded Twisted Pair (UTP) Cable
70
Case Study: Transmission Media
• Task: identify the suitable media to connect end users and floor switches in secondary
building to the campus HQ.
71
Case Study: Transmission Media (Cont.)
72
Case Study: Transmission Media (Cont.)
73
Summary
• Know your application network requirements to incorporate them into network design.
• 80:20 rule for local traffic against traffic leaving the segment has changed to 20:80 .
• Most common media for intrabuilding connectivity is copper (1000BASET, 10GBASE-T)
and multi-mode fiber.
• lnterbuilding connections rely on multi-mode or single-mode fiber, depending on the path
length.
• Physical media selection does not influence only cabling, but also design, gear selection and
configuration.
74
‫شبکههای‬
‫تکمیلی‬
‫طراحی‬
‫آموزش‬
‫آموزش‬
‫نت‬
‫‪Enterprise‬‬
‫بیسیک دات‬
‫کامیپوتری‬
‫ویژوال‬
‫این اسالیدها بر مبنای نکات مطرح شده در فرادرس‬

‫«آموزش طراحی شبکههای کامیپوتری ‪»Enterprise‬‬
‫تهیه شده است‪.‬‬
‫برای کسب اطالعات بیشتر در مورد این آموزش به لینک زیر مراجعه نمایید‪.‬‬
‫‪faradars.org/fvnet9712‬‬

FVNET9712 S06 S07 Notes

Uploaded by

Copyright:

Available Formats

You might also like

FVNET9712 S06 S07 Notes

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

FVNET9712 S06 S07 Notes

Uploaded by

Copyright:

Available Formats

‫آموزش طراحی شبکههای‬

‫آموزش طراحی شبکههای کامیپوتری ‪Enterprise‬‬

‫طراحی شبکههای ‪Campus‬‬

End-to-End vs. Local VLANs

End-to-End vs. Local VLANs (Cont.)

End-to-End vs. Local VLANs (Cont.)

Traditional Layer 2 Access Layer

• Traditional model: L2/L3 demarcation at the

Updated Layer 2 Access Layer

• Updated traditional model: L2/L3 demarcation still at the

Layer 3 Access Layer

• Routed access model: L2/L3 demarcation at the

Routed or Switched Access Layer?

Hybrid Access Layer

Case Study: Common Access-Distribution

• Convergence of access-distribution blocks relies on which of the following?

Case Study: Common Access-Distribution

Case Study: Common Access-Distribution

• Which design supports extending VLANs across multiple access switches?

Small and Medium Campus Design Options

• Recommendation is not to span VLANs across the access layer.

‫طراحی شبکههای ‪Campus‬‬

VLAN and Trunk Considerations

• Use 802 .1 Q to trunk.

VTP Considerations (Cont.)

• VTP version 3 eliminates instabilities, however:

• For better convergence, use rapid versions of STP.

STP Considerations (Cont.)

STP Root Bridge Placement

STP Root Bridge Placement (Cont.)

Alignment of STP with FHRP

Alignment of STP with FHRP (Cont.)

Consistent STP Metrics

Cisco STP Toolkit

• Mechanisms that improve STP performance:

STP Stability Mechanism Recommendations

Problem with Unidirectional Links

Problem with Unidirectional Links (Cont.)

Comparing Loop Guard with UDLD

UDLD Recommended Practices

• Typically, it is deployed on any fiber-optic

Need for MST

• In some scenarios, many VLANs are spanning

MST Recommended Practices

MST Recommended Practices (Cont.)

‫طراحی شبکههای ‪Campus‬‬

Managing Bandwidth and Oversubscription

Port Aggregation Considerations

Port Aggregation Considerations (Cont.)

Port Aggregation Considerations (Cont.)

• Availability of load balancing on members of EtherChannel depends on the platform.

VSS Considerations (Cont.)

• Use at least two links in MEC between switches.

Stacking Considerations (Cont.)

• Multiple access switches in the same rack

First Hop Redundancy

• First-hop redundancy protocol is only needed if access is layer 2.