Friday, March 19, 2010

You are here: Home / Cisco / On Layer 2 Access Designs and MPLS

On Layer 2 Access Designs and MPLS

January 15, 2008 by Greg Ferro · Leave a Comment 

I look­ing closely at Data Centre Designs at the moment, and been con­sid­er­ing whether a looped tri­angle or a looped square is the best for edge switches. I find it dif­fi­cult to detect a dif­fer­ence that makes a clear pur­chas­ing decision. So I sat down to think about this. I did some pic­tures and think­ing.

I look­ing closely at Data Centre Designs at the moment, and been con­sid­er­ing whether a looped tri­angle or a looped square is the best for edge switches. I find it dif­fi­cult to detect a dif­fer­ence that makes a clear pur­chas­ing decision. So I sat down to think about this.

The Looped Triangle provides:

  • sup­port for single switch
  • sim­pler con­fig­ur­a­tion for troubleshoot­ing as the edge device is effect­ively alone. This would provide sup­port for dual con­nec­ted serv­ers on a single switch or for non crit­ical devices that might need only a single port.
design1.png

The Looped Square provides:

  • - less traffic in the core, serv­ers will send keep alive pack­ets to each other to mon­itor status. Having dir­ectly con­nec­ted switches means that traffic will need to to the core and thus VLANs do not need to be propag­ated across the core switches.
  • more dif­fi­cult to troubleshoot, as you need to con­sider the other switch in the pair, espe­cially when try­ing to
    cap­ture pack­ets ro do band­width analysis.
  • less ports needed in the core
design2.png

For some Data Centre designs the core will be MPLS, and I do not want VLANs to be propag­ated unless I am using MPLS. By allow­ing VLANs into the core I am effect­ively cer­at­ing a situ­ation where a lazy Network Engineer can just extend VLANs and thus bypass the MPLS. In this case, the Looped Triangle is not recommended.

Consider the fol­low­ing MPLS core and edge for a small data centre and the VLAN traffic between what should be two PE routers.

design3.png

I can still imple­ment L2 by using L2 MPLS (in one of its many forms), but it seems to bet­ter to delib­er­ately block VLANs to improve secur­ity and ser­vice sep­ar­a­tion. by mak­ing L3 sep­ar­a­tion the default for serv­ers on either side of the MPLS cloud, I should be improv­ing the future design.

For some net­works, the abil­ity to have VLANs any­where across the net­work might be import­ant, but this would remove some of the secur­ity and sep­ar­a­tion bene­fits of MPLS.

Please rate this post:

  Why Rate Posts?
1 Star - It\\\'s Crud2 Stars - It\\\'s Tosh3 Stars - Something\\\'s missing4 Stars - Needs works5 Stars - Good Enough6 Stars - Good7 Stars - Excellent8 Stars - Brilliant9 Stars - Astonishing10 Stars - Awesomely Godlike? (2 votes, average: 2.00 out of 10)
Loading ... Loading ...

Filed under Cisco, Design · Tagged with ,

Probably Related Posts on the Same Topic

    Blue Coat ProxySG VIP and Cisco Switches Need Multicast Enabled

    You have a pair of shiny new ProxySG boxen that you want to setup in act­ive /​ standby for high avail­ab­il­ity. You con­fig­ure it up and everything seems to work, and then it doesn’t, or other equip­ment on the same net­work exper­i­ences ran­dom problems.

    What you are hav­ing is a Multicast prob­lem with your Ethernet switches, most likely your Cisco switches, that has the prob­lem. How to under­stand and solve the prob­lem after the jump.

    Read the full article

    Single Internet Connection but HA Infrastructure — Using Bridging Instead of Routing

    The cus­tomer had decided to build a host­ing plat­form, but could only arrange for a single inter­net con­nec­tion to that site due to loc­a­tion. However, all other hard­ware was duplic­ated for high avail­ab­il­ity. After con­sid­er­ing the options the fol­low­ing dia­gram was pre­pared show­ing the first pass at the design. This was the Internet Connection (100Mb Ethernet) con­nec­ted to the router, then con­nec­ted to a switch, which was inter­con­nec­ted by trunk to a second switch. The first layer of fire­walls is then connected.

    Read the full article

    Network Fabric:TRILL for Server and Network People. Welcome RBridges

    TRILL is a key net­work tech­no­logy for enabling Cloud Computing by allow­ing for bet­ter migra­tions of VM’s, and bet­ter util­isa­tion of the net­work switch­ing fab­ric and much improved sta­bil­ity of the Data Centre Server Fabric.

    Read the full article

    Network Diagrams: VLANs and IP Subnets

    One of the most com­mon items that we need to draw are VLANs and Layer 3 seg­ment. Lets look at one way to cre­ate a use­ful shape.

    Read the full article

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

A Random Selection of Other Fine Posts (or Not)