cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2296
Views
0
Helpful
7
Replies

Catalyst 3850 Stack VLANs, layer 2 vs. layer 3 design question

corpengineer818
Level 1
Level 1

Hello there:

Just a generic, design question, after doing much reading, I am just not clear as when to use one or the other, and what the benefits/tradeoffs are:

 

Should we configure the switch stack w/ layer 3, or layer 2 VLANs?

 

We have a Catalyst 3850 Stack, connected to an ASA-X 5545 firewall via 8GB etherchannel.

We have about 100 servers (some connected w/ bonding or mini-etherchannels), and 30 VLANs.

We have several 10GB connections to servers.

We push large, (up to) TB sized files from VLAN to VLAN, mostly using scp.

No ip phones, no POE.

Inter-VLAN connectivity/throughput and security are priorities.

Originally, we planned to use the ASA to filter connections between VLANs, and VACLs or PACLs on the switch stack to filter connections between hosts w/in the same VLAN.

 

Thank you.

7 Replies 7

Leo Laohoo
Hall of Fame
Hall of Fame

If all of your servers are going to the 3850 then I'd say you've got the wrong switch model to do DC job.  If you don't configure QoS properly, then your servers will start dropping packets because Catalyst switches have very, very shallow memory buffers.  These memory buffers get swamped when servers do non-stop traffic. 

 

Ideally, Cisco recommends the Nexus solution to connect servers to.  One of the guys here, Joseph, regularly recommends the Catalyst 4500-X as a suitable (and financial) alternative to the more expensive Nexus range.

 

In a DC environment, if you have a lot of VM stuff, then stick with Layer 2.  V-Motion and Layer 3 don't go hand-in-hand.

Network traffic is sporadic throughout the day, w/ maybe 1 - 2 concurrent file transfers at a time. This isn't really a DC environment, maybe technically it is, however servers are NOT getting hammered non-stop.  

No virtualization here.

Does this change your view at all?

 

Thank you.

 

Does this change your view at all?

LOL!  A bit.  

 

Presently (emphasis on the word "presently"), yes.  If you are saying that the current environment is working well with the current design, then sure.  

 

In the future, can you look into your "crystal ball"?  (I ask because I can't see what your network is going to be like 5 years down the track.)

We have several 10GB connections to servers.

How many?  

We have (5) 10GB connections.

Presently, yes, we are fine.

I'm asking about design for this type of environment, presently.  Should we implement layer 3 here at the switch level, would be benefit from this?

Thank you.

If you need a lot of Inter-vlan routing and it seems like you do, then I would create the SVIs for the vlans on the 3850, so the packets don't have to go to the firewall to get routed from one vlan to another. In addition, this will also avoid the extra hop that is not need it if the 3850 is doing the routing.

HTH

 

Appreciate the input.  Thank you.

So with layer 3 enabled w/ SVI's and ACL's, inter-VLAN traffic doesn't touch the ASA?

But isn't the ASA 'faster' than the switch re processing ACL's?

Thank you.

Review Cisco Networking for a $25 gift card