cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7600
Views
0
Helpful
3
Replies
Highlighted

Data Center Network Design options LAYER 2 CORE vs LAYER 3 CORE

Dears,

I am designing the Datacenter Network using below details;

1: Nexus 7K as Core

2: Nexus 5K, N2K for Data Center Servers

3: 6513 as Core for Users Layer

4: Multiple layers of Firewalls + IPS (Internet, WAN, Data Center)

5: Data Center Firewall is Firewall on stick act as gateway for more than 20 DC Servers vlans

6: Load Balancers, Routers, etc

7: All devices uplinks are 10G

8: Redundant network with Mesh uplinks

9: Separate VTP domain for every encircle/color layer

10: Traffic Flow is between Layers and towards Internet

I have 2 design options (Diagram is attached);

1: Data Center Core as Layer 2

  • No SVI on N7K (core)
  • Core is a an aggregation point for all layers
  • Core is acting as hub connecting one layer to another
  • For example: Users layer traffic flow to Internet Layer
      • 6513 is gateway for all users vlans
      • Create an SVI on 65K (10.1.1.254)
      • Create an Interface on Internet Firewall (10.1.1.250)
      • Create a vlan on N7K = vlan 2
      • Assign the connection interfaces of 6513 to N7K = vlan 2
      • Assign the connection interfaces of Internet Firewall to N7K = vlan 2
      • Add routes
  • PROS:
      • Extra SVI (L3 Hop) is avoided on Core (N7K)
      • Your comments ??????????
  • CONS:
      • Risk of Layer 2 issues
      • Risk of Layer2 broad cost
      • Unlike Traditional Design: I could not find any Design reference supporting such design from Cisco or other vendor
      • Your comments??????????

2: Data Center Core as Layer 3

  • Create SVI on Core (N7K) for each layers connectivity
  • Core is a an aggregation point for all layers
  • Core is acting as Layer 3 connecting one layer to another
  • For example: Users layer traffic flow to Internet Layer
      • 6513 is gateway for all users vlans
      • Create an SVI on 65K (10.1.1.254)
      • Create an SVI on N7K (10.1.1.250)
      • Create an Interface on Internet Firewall (192.168.1.254)
      • Create an SVI on N7K (192.168.1.250)
      • Create a vlan on N7K = vlan 2
      • Create a vlan on N7K = vlan 3
      • Assign the connection interfaces of 6513 to N7K = vlan 2
      • Assign the connection interfaces of Internet Firewall to N7K = vlan 3
      • Add routes
  • PROS:
      • No risk of layer 2 issues
      • Layer 3 boundaries on Core
      • Traditional Design: supported with Cisco and other vendors reference documents
      • Your comments ??????????
  • CONS:
      • Extra/additional SVI(hop) is introduced in the Data Flow
      • Your comments??????????

Please share your ideas to know which design is better with pros and cons of each. Also recommend if i need to create any VDC on N7K.

BR,

ABDUL MAJID KHAN

3 REPLIES 3

Data Center Network Design options LAYER 2 CORE vs LAYER 3 CORE

in my experience - if you have the choice - always go with layer 3.

so many issues can arise with layer 2 and they are much harder to troubleshoot than layer 3 issues.

i dont think the extra hop is going to be that big of a deal especially if you are doing 10GB links the way through

Cisco Employee

Data Center Network Design options LAYER 2 CORE vs LAYER 3 CORE

Hi Abdul,

Best pratice is to set the boundary between the Layer 2 and Layer3.

Some of the best practices guide,

http://www.cisco.com/en/US/docs/switches/datacenter/sw/design/vpc_design/vpc_best_practices_design_guide.pdf

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/nx_7000_dc.htm

As discussed on call, Please understand you business needs and contact our design team to proceed further.

Richard

Beginner

What did you end up doing and

What did you end up doing and how did it work out?

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards