Showing results for 
Search instead for 
Did you mean: 

Layer2/3 switch/router best practices

Level 1
Level 1



I worked small LANs and IPv4 networks with a single Internet modem for many years before being exposed to campus and Wide Area Networks.  With campus networks and Layer 2/3 switches it is quite simple to set up link aggregation and survivability/trunk protection, using LACP and one of the Spanning Tree variants (I prefer MSTP). 


Now, for the first time, I am trying to apply network load balancing, link aggregation, and survivability to a WAN link and am looking for guidance on best practices.   Unlike a campus environment, where all trunk links are high speed (1Gbps  and 10Gbps), some of my WAN links (Ethernet) can be as slow as 20Mbps.


I must question, do I use Layer 2 protocols for load balancing, link aggregation and trunk protection for the Wide Area Network or is it best to start thinking of Layer 3 protocols?   One piece of background, one of my WAN links has <20ms latency while another has >120ms latency.


All help is appreciated.





3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

Generally speaking you would use L3 for the LAN in most instances unless you had something like VPLS where it is all L2.

And you would, again usually, run a routing protocol across your links.

You mention link aggregation and trunking. Trunking is L2 so you wouldn't normally extend these into the WAN.

Link aggregation could be PPP multilink or even L3 etherchannel I suppose but aggregating links is not as common in the WAN as it is in the LAN.

You normally have separate physical links and you load balance across them using a routing protocol.

In terms of load balancing across links of different latencies and bandwidths most dynamic routing protocols are not particularly good at this. EIGRP has the ability to load balance across links of different bandwidths but it is not used that often as far as I know.

PfR is a solution that allows dynamic load balancing across links but apart from the name I know very little about it as I have never configured it.

The above is just a general answer though and it really depends on your specific setup.




Right, thanks.  My equipment is CISCO SG500X-24s running on Layer 2 and 3 mode.  


On most of the LAN segments I have one IP subnet per VLAN ID.   Two sites are on Native Stack mode, physically tied in a ring, running LAG and MSTP.    On the campus LAN I let the Layer 2 protocols do their job for link aggregation and trunk-protection.


For transport links I have switched Ethernet links, routing IP between "sites", tested on a lab environment.   I expect to have two 20Mbps VPLS circuits to one site and two 50Mbps circuits to the other, with a 3rd and 4th sites expected later in the year.   Of course, on the lab environment I could experiment using LAG and MSTP instead of IP, but I suspect that's impractical once I ship and install those devices to their end sites since the latency will probably kill BPDU traffic.  


I'd like to aggregate those switched Ethernet links between remote sites and will read up on PPP multilink and L3 etherchannel, as you suggest.  I assume that's strictly for WAN link aggregation.   Not knowing what those two will do for me I'm thinking I'll need link protection in case one of the WAN links fails the other can stay up, keeping my Layer 3 network alive.


Now, this one confuses me.   I've chosen one VLAN ID/IP Subnet for network management and am assuming I could choose one of two options:

   1) use the same VLAN ID/IP subnet across all sites and pass that L2/L3 traffic across the switched

       Ethernet links, but I doubt that extending a broadcast domain across remote sites is a good idea,

       even if it's just the network management traffic.   Here I have no clue.   Or,

   2) assign different VLAN IDs/IP subnets for network management to each remote site and route

        NM traffic at Layer 3.


As you can see best practices in this environment can help me.   Any further suggestions will be welcome.





No point in reading up on PPP multilink if you are getting VPLS.

Also L3 etherchannel is far more common within a LAN than WAN environment, I was just giving possible aggregation techniques you may use.

VPLS is a L2 extension between sites not L3.

So usually with VPLS all your sites connect at L2 and you do extend vlans between sites. There are optimisations with VPLS that allow this to work efficiently.

So maybe routing isn't what you want.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking products for a $25 gift card