Chapter 3. Enterprise Campus Network Design

Similar documents
Campus Network for High Availability Design Guide

Objectives. The Role of Redundancy in a Switched Network. Layer 2 Loops. Broadcast Storms. More problems with Layer 2 loops

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network

Course Contents CCNP (CISco certified network professional)

RESILIENT NETWORK DESIGN

Switching in an Enterprise Network

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

CHAPTER 10 LAN REDUNDANCY. Scaling Networks

IMPLEMENTING CISCO SWITCHED NETWORKS V2.0 (SWITCH)

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS

Objectives. Explain the Role of Redundancy in a Converged Switched Network. Explain the Role of Redundancy in a Converged Switched Network

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Network Virtualization and Data Center Networks Data Center Virtualization - Basics. Qin Yin Fall Semester 2013

High-Availability Enterprise Network Design

hp ProLiant network adapter teaming

CISCO STUDY GUIDE. Building Cisco Multilayer Switched Networks (BCMSN) Edition 2

Top-Down Network Design

Chapter 4: Spanning Tree Design Guidelines for Cisco NX-OS Software and Virtual PortChannels

Introducing Network Design Concepts

Designing High-Availability Services

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Virtual PortChannels: Building Networks without Spanning Tree Protocol

- Spanning Tree Protocol -

"Charting the Course...

LAN Baseline Architecture Branch Office Network Reference Design Guide

Introducing Network Design Concepts

How To Learn Cisco Cisco Ios And Cisco Vlan

: Interconnecting Cisco Networking Devices Part 2 v1.1

CHAPTER 6 DESIGNING A NETWORK TOPOLOGY

NETE-4635 Computer Network Analysis and Design. Designing a Network Topology. NETE Computer Network Analysis and Design Slide 1

Interconnecting Cisco Networking Devices Part 2

This chapter covers four comprehensive scenarios that draw on several design topics covered in this book:

Expert Reference Series of White Papers. Planning for the Redeployment of Technical Personnel in the Modern Data Center

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

COURSE AGENDA. Lessons - CCNA. CCNA & CCNP - Online Course Agenda. Lesson 1: Internetworking. Lesson 2: Fundamentals of Networking

Interconnecting Cisco Networking Devices, Part 2 Course ICND2 v2.0; 5 Days, Instructor-led

IP SAN Best Practices

: Interconnecting Cisco Networking Devices Part 2 v2.0 (ICND2)

TechBrief Introduction

TÓPICOS AVANÇADOS EM REDES ADVANCED TOPICS IN NETWORKS

Chapter 1 Reading Organizer

6/8/2011. Document ID: Contents. Introduction. Prerequisites. Requirements. Components Used. Conventions. Introduction

AlliedWare Plus OS How To Configure interoperation between PVST+ and RSTP or MSTP

CORPORATE NETWORKING

Configuring EtherChannels

Walmart s Data Center. Amadeus Data Center. Google s Data Center. Data Center Evolution 1.0. Data Center Evolution 2.0

Layer 3 Network + Dedicated Internet Connectivity

Data Center Infrastructure Design Guide 2.1 Readme File

Fast Fault Recovery in Switched Networks for Carrying IP Telephony Traffic

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Cisco Data Centre: Introducing Cisco Data Center Networking

INTERCONNECTING CISCO NETWORKING DEVICES PART 2 V2.0 (ICND 2)

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version Rev.

OSPF Routing Protocol

Interconnecting Cisco Networking Devices, Part 2 **Part of CCNA Route/Switch**

Abstract. MEP; Reviewed: GAK 10/17/2005. Solution & Interoperability Test Lab Application Notes 2005 Avaya Inc. All Rights Reserved.

HARTING Ha-VIS Management Software

Migrate from Cisco Catalyst 6500 Series Switches to Cisco Nexus 9000 Series Switches

Data Center Multi-Tier Model Design

Juniper Networks EX Series/ Cisco Catalyst Interoperability Test Results. May 1, 2009

IP SAN BEST PRACTICES

Configure IOS Catalyst Switches to Connect Cisco IP Phones Configuration Example

How To Monitor A Network With A Network Probe

Configuring IPS High Bandwidth Using EtherChannel Load Balancing

How To Switch In Sonicos Enhanced (Sonicwall) On A 2400Mmi 2400Mm2 (Solarwall Nametra) (Soulwall 2400Mm1) (Network) (

CCNA R&S: Introduction to Networks. Chapter 5: Ethernet

ANZA Formación en Tecnologías Avanzadas

VMDC 3.0 Design Overview

VMware Virtual SAN Network Design Guide TECHNICAL WHITE PAPER

SSVP SIP School VoIP Professional Certification

LiveAction Application Note

Ethernet Storage Best Practices

Juniper / Cisco Interoperability Tests. August 2014

VMware Virtual SAN 6.2 Network Design Guide

Designing Cisco Network Service Architectures ARCH v2.1; 5 Days, Instructor-led

NX-OS and Cisco Nexus Switching

Dell PowerVault MD Series Storage Arrays: IP SAN Best Practices

Top-Down Network Design

REFERENCE ARCHITECTURES FOR MANUFACTURING

Zarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)

Network Considerations to Optimize Virtual Desktop Deployment

Overview of Routing between Virtual LANs

Reliability and Load Handling Problem in Internet Service Provider s Network

- EtherChannel - Port Aggregation

Troubleshooting an Enterprise Network

Cisco Certified Network Professional - Routing & Switching

Chapter 2 Lab 2-2, Configuring EtherChannel Instructor Version

Interconnecting Data Centers Using VPLS

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

Auspex Support for Cisco Fast EtherChannel TM

How To Design A Network For A Small Business

TRILL for Service Provider Data Center and IXP. Francois Tallet, Cisco Systems

High Availability Failover Optimization Tuning HA Timers PAN-OS 6.0.0

Resiliency in Ethernet Based Transport Networks

Implementation of High Availability

How To Set Up A Virtual Network On Vsphere (Vsphere) On A 2Nd Generation Vmkernel (Vklan) On An Ipv5 Vklan (Vmklan)

Troubleshooting and Maintaining Cisco IP Networks Volume 1

Brocade One Data Center Cloud-Optimized Networks

ALL8894WMP. User s Manual. 8-Port 10/100/1000Mbps with 4-port PoE. Web Management Switch

How To Balance On A Cisco Catalyst Switch With The Etherchannel On A Fast Ipv2 (Powerline) On A Microsoft Ipv1 (Powergen) On An Ipv3 (Powergadget) On Ipv4

Transcription:

Chapter 3 Enterprise Campus Network Design 1

Overview The network foundation hosting these technologies for an emerging enterprise should be efficient, highly available, scalable, and manageable. This module provides recommended designs for the campus network, and includes descriptions of various topologies, routing protocols, configuration guidelines, and other considerations relevant to the design of highly available and reliable campus networks. 2

High Availability in the Enterprise Campus The hierarchical network model supports designing a highly available modular topology using scalable building blocks that allow the network to meet evolving business needs. The modular design makes the network easy to scale, understand, and troubleshoot by promoting deterministic traffic patterns. Objectives: 1. Describe the layers of the enterprise campus architecture 2. Discuss high availability options in the enterprise campus 3

Enterprise Campus Infrastructure Three layers: access layer, distribution layer, and core layer. The access layer is the point of entry into the network for end devices. 4

Access Layer Aggregates end users and provides uplinks to the distribution layer. The access layer can be a feature-rich environment: High availability Convergence: Supports inline power over Ethernet (PoE) for IP telephony and wireless access points, allowing customers to converge voice onto their data network and providing roaming WLAN access for users Security: Provides services for additional security against unauthorized access to the network. 5

Access Layer Quality of Service (QoS): Allows prioritization of mission-critical network traffic using traffic classification and queuing as close to the ingress of the network as possible IP multicast: Supports efficient network and bandwidth management using software features such as Internet Group Management Protocol (IGMP) snooping. 6

Distribution Layer Aggregates nodes and uplinks from the access layer and provides policy-based connectivity. Availability, load balancing, QoS and provisioning are the important considerations at this layer. 7

Distribution Layer The distribution layer is the place where routing and packet manipulation are performed and can be a routing boundary between the access and core layers. To further improve routing protocol performance, the distribution layer summarizes routes from the access layer. The distribution layer uses a combination of Layer 2 and multilayer switching to segment workgroups and isolate network problems, preventing them from impacting the core layer. 8

Core Layer Provides scalability, high availability, and fast convergence to the network. 9

Core Layer The core layer is the backbone for campus connectivity, and is the aggregation point the other layers and modules. The core should be a high-speed, Layer 3 switching environment utilizing hardware-accelerated services. The core devices must be able to implement scalable protocols and technologies, alternate paths, and load balancing. 10

Core Layer The core and distribution layer functions can be combined at the distribution layer for a smaller campus. 11

Core Layer Without a core layer, the distribution layer switches will need to be fully meshed. This design is difficult to scale, and increases the cabling requirements as new building distribution switch need full-mesh connectivity to all the distribution switches. The routing complexity of a full mesh design increases as new neighbors are added. four additional links for full mesh connectivity to the first module. require 8 additional links to support connections to all the distribution switches, or a total of 12 links 12

Implement Optimal Redundancy High availability is concerned with minimizing link and node failures and optimizing recovery times to minimize convergence and downtime. Access switches should have redundant connections to redundant distribution switches. 13

Implement Optimal Redundancy The core and distribution layers are built with redundant switches and fully meshed links to provide maximum redundancy and optimal convergence. Access switches should have redundant connections to redundant distribution switches. In a fully redundant topology, redundant supervisors with nonstop forwarding (NSF) and stateful switchover (SSO) may cause longer convergence times than single supervisors. NSF/SSO are designed to maintain link up/layer 3 up state during a convergence event. 14

Provide Alternate Paths 15

Avoid Single Points of Failure Nonstop forwarding with stateful switchover (NSF/SSO) and redundant supervisors have the most impact in the campus in the access layer. 16

Cisco Nonstop Forwarding with Stateful Switchover NSF/SSO is a supervisor redundancy mechanism in Cisco IOS Software that allows extremely fast supervisor switchover at Layers 2 to 4. 17

NSF/SSO SSO allows the standby Route Processor (RP) to takes control of the device after a hardware or software fault on the Active RP. SSO synchronizes startup configuration, startup variables, and running configuration as well as dynamic runtime data including Layer 2 protocol state for trunks and ports, hardware Layer 2 and Layer 3 tables (MAC, FIB(forwarding information base), adjacency table) as well as ACL and QoS tables. NSF is a Layer 3 function that works with SSO to minimize the amount of time a network is unavailable to its users following a switchover. The main objective of NSF is to continue forwarding IP packets following a RP switchover. 18

Layer 2 Design Recommendations 19

Objectives To develop designs to support Layer 2 high availability and optimum convergence. Describe how to support supporting tree convergence in the enterprise campus Discuss how to harden Layer 2 for STP predictability Describe recommended practices for Layer 2 trunks Describe recommended practices for UDLD (unidirectional link detection) configuration Describe recommended practices for EtherChannel 20

Spanning Tree For the most deterministic and highly available network topology, the requirement to support Spanning Tree Protocol (STP) convergence. There are several reasons you may need to implement STP: When a VLAN spans access layer switches in order to support business applications. To protect against user side loops. STP lets the network deterministically block interfaces and provide a loop-free topology in a network with redundant links. To support data center application on a server farm. 21

Spanning Tree Drawback: Not all physical links are used No load-sensitive dynamic routing Fail-over latency is high ( > 5 seconds) 22

Spanning Tree Topology N3 N4 N5 s1 s2 N2 s3 s4 N6 N1 N8 N7 23

Spanning Tree Topology N3 N4 N5 N2 s1 s3 D D B s2 R s4 N6 Root N1 N8 N7 24

IEEE 802.1D: STP A distributed spanning tree construction algorithm Bridge Protocol Data Unit (BPDU): root ID, cost (link data rate), sender ID Port state: Root, Designated, Blocked and Disabled Port operating mode: Blocked: receiving BPDU Listening: receiving/processing BPDU Learning: receiving/processing BPDU, and learning Forwarding: receiving/processing BPDU, learning, and forwarding Slow convergence: 30 seconds Everyone agrees on a common SPT Everyone knows that everyone agrees on a common SPT, and turn a port from blocked to forwarding 25

STP There are several varieties of STP: STP is the original 802.1D version to provide a loopfree topology in a network with redundant links. Common Spanning Tree (CST) assumes one spanning-tree instance for the entire bridged network, regardless of the number of VLANs. Rapid STP (RSTP), or 802.1w, is an evolution of STP providing for faster convergence of STP. 26

Broadcast and Source Learning Source learning: When receiving a packet, bind its source address with the port via which it comes in Switch broadcasts a packet when its forwarding state does not exist Example: N7 sends a packet to N3 N7 sends a broadcast-based ARP query for N3 Establishing forwarding state for N7 in the spanning tree N3 responds with a unicast-based ARP response Establish forwarding state for N3 in the spanning tree 27

Broadcast and Source Learning N3 N4 N5 N2 s1 s3 D D B s2 R s4 N6 Root N1 N8 N7 28

CISCO STP Instructions PortFast*: Causes a Layer 2 LAN interface configured as an access port to enter the forwarding state immediately, bypassing the listening and learning states. Use PortFast only when connecting a single end station to a Layer 2 access port. ( 從 Disable state ---> Forwarding state) UplinkFast: Provides three to five seconds convergence after a direct link failure and achieves load balancing between redundant Layer 2 links using uplink groups. ( 可 以 在 有 link 故 障 的 情 況 下 改 善 STP 的 收 斂 時 間 ) 29

STP BackboneFast: Cuts convergence time by max_age for indirect failure. BackboneFast is initiated when a root port or blocked port on a network device receives inferior BPDUs from its designated bridge. ( 是 在 某 條 沒 有 直 接 連 到 該 交 換 器 的 link 故 障 時, 用 來 加 快 收 斂 的 速 度 ) LoopGuard*: LoopGuard helps prevent bridging loops that could occur because of a unidirectional link failure on a point-to-point link. RootGuard*: Secures root on a specific switch by preventing external switches from becoming root. BPDUGuard*: When enabled on a port, BPDU Guard shuts down a port that receives a BPDU. 30

Layer 2 Hardening Loop guard is implemented on the Layer 2 ports between distribution switches, and on the uplink ports from the access switches to the distribution switches. Root guard is configured on the distribution switch ports facing the access switches. UplinkFast is implemented on the uplink ports from the access switches to the distribution switches. BPDU guard or root guard is configured on ports from the access switches to the end devices, as is PortFast. 32

Layer 3 Design Recommendations 33

Objectives Describe recommendations for managing oversubscription and bandwidth Discuss design tradeoffs for supporting link load balancing Describe recommendations for routing protocol design Discuss recommendations for first hop redundancy protocols 34

Managing Oversubscription and Bandwidth 35

Oversubscription Ratio Typical campus networks are designed with oversubscription. The rule-of-thumb recommendation for data oversubscription is 20:1 for access ports on the access-to-distribution uplink. The recommendation is 4:1 for the distributionto-core links. (Congestion may occur infrequently on the uplinks) 36

Bandwidth Management with EtherChannel As bandwidth from the distribution layer to the core increases, oversubscription to the access layer must be managed, and there are some design decisions to be made. 37

EtherChannel EtherChannel is a port link aggregation technology or portchannel architecture used primarily on Cisco switches. It allows grouping of several physical Ethernet links to create one logical Ethernet link for the purpose of providing faulttolerance and high-speed links between switches, routers and servers. An EtherChannel can be created from between two and eight active Fast, Gigabit or 10-Gigabit Ethernet ports, with an additional one to eight inactive (failover) ports which become active as the other active ports fail. 38

EtherChannel EtherChannel is primarily used in the backbone network, but can also be used to connect end user machines. EtherChannel technology was invented by Kalpana in the early 1990s. They were later acquired by Cisco Systems in 1994. In 2000 the IEEE passed 802.3ad which is an open standard version of EtherChannel. 39

Bandwidth Management with EtherChannel Simply adding more uplinks between the distribution and core layers leads to more peer relationships with an increase in associated overhead. EtherChannels can reduce the number of peers by creating single logical interface. But there are some issues to consider about how routing protocols will react to single link failure: Traffic is re-routed, and this design leads to a convergence event. Enhanced Interior Gateway Protocol (EIGRP) may not change link cost, since the protocol looks at the end-to-end cost. 40

EIGRP EIGRP is an enhanced distance vector protocol, relying on the Diffused Update Algorithm (DUAL) to calculate the shortest path to a destination within a network. 在 EIGRP 的 網 路 中, 每 一 台 Router 必 須 維 護 3 個 表 格 路 徑 表 (Routing Table): 記 錄 每 一 個 網 段 的 最 佳 路 徑, 往 該 網 段 最 佳 路 徑 的 下 一 個 路 由 器 稱 之 為 Successor 拓 樸 表 (Topology Table): 記 錄 到 目 的 網 段 的 所 有 路 徑, 最 佳 的 路 徑 連 接 的 Router 稱 successor, 次 佳 的 稱 為 feasible successor 鄰 居 表 (Neighbor Table): 記 錄 直 接 相 接 的 路 由 器 有 哪 些 41

EIGRP Example (1) 1. Router 送 出 Hello packet 給 鄰 居 Router(s) 2. 鄰 居 Router(s) 傳 送 他 們 的 Routing Information(s) 42

EIGRP Example (2) 3. Router 收 到 後 回 應 ACK packet 給 鄰 居 Router(s) 4. Router 建 立 Topology table 43

EIGRP Example (3) 5. Router 傳 送 自 己 的 Routing Information 給 鄰 居 Router(s) 6. 鄰 居 Router(s) 收 到 Router 的 Routing Table 後 回 應 ACK 如 果 連 結 的 狀 態 沒 更 動, 則 不 會 在 傳 送 任 何 Routing Table 的 訊 息! 44

10 Gigabit Interfaces 45

10 Gigabit Interfaces The 10 Gigabit Ethernet links can also support the increased bandwidth requirements. Advantage: Unlike the multiple link solution, 10 Gigabit Ethernet links does not increase routing complexity. The number of routing peers is not increased. Unlike the EtherChannel solution, the routing protocols will have the ability to deterministically select the best path between the distribution and core layer. 46

Link Load Balancing 47

Link Load Balancing In the figure, many equal cost redundant paths are provided in the recommended network topology from one access switch to the other across the distribution and core switches. Cisco Express Forwarding is a deterministic algorithm. When packets traverse the network that all use the same input value to the Cisco Express Forwarding hash, a go to the right or go to the left decision is made for each redundant path 48

Link Load Balancing with EtherChannel EtherChannel allows load sharing of traffic among the links in the channel and redundancy in the event that one or more links in the channel fail. You can tune the hashing algorithm used to select the specific EtherChannel link on which a packet is transmitted. You can use the default Layer 3 source and destination information, or you can add a level of load balancing to the process by adding the Layer 4 TCP/IP port information as an input to the algorithm. 49

EtherChannel Load Balancing The default Layer 3 hash algorithm provided about one-third to two-thirds utilization. When the algorithm was changed to include Layer 4 information, nearly full utilization was achieved with the same topology and traffic pattern. To use Layer 3 plus Layer 4 load balancing to provide as much information as possible for input to the EtherChannel algorithm to achieve the best or most uniform utilization of EtherChannel members. 50

Link Load Balancing 51

Link Load Balancing The default input hash value is Layer 3 for source and destination. If you change this input value to Layer 3 with Layer 4, the output hash value also changes. In the core layer, continue to use the default which is based on only Layer 3 information. In the distribution layer, use the Layer 3 and Layer 4 information as input into the Cisco Express Forwarding hashing algorithm with the mls ip cef load-sharing full command 52

Routing Protocol Design Routing protocols are usually deployed across the distribution-to-core and core-to-core interconnections. Layer 3 routing design can be used in the access layer, too, but this design is currently not as common. Layer 3 routing protocols are used to quickly reroute around failed nodes or links while providing load balancing over redundant paths. 53

Build Redundant Triangles For optimum distribution-to-core layer convergence, build redundant triangles, not squares, to take advantage of equal-cost, redundant paths for the best deterministic convergence. 54

Build Redundant Triangles The triangle design is in Model A, and uses dual equalcost paths to avoid timer-based, nondeterministic convergence. Instead of indirect neighbor or route-loss detection using hellos and dead timers, the triangle design failover is hardware based and relies on physical link loss to mark a path as unusable and reroute all traffic to the alternate equal-cost path. In contrast, the square topology in Model B requires routing protocol convergence to fail over to an alternate path in the event of a link or node failure. It is possible to build a topology that does not rely on equal-cost, redundant paths to compensate for limited physical fiber connectivity or to reduce cost. However, with this design, it is not possible to achieve the same deterministic convergence in the event of a link or node failure, and for this reason the design will not be optimized for high availability. 55

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information