Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
1
Replies

Designing the LAN

Jellyman_4eva
Level 1
Level 1

‎01-09-2011 02:24 AM - edited ‎03-06-2019 02:53 PM

Hi,

I am a CCNA who understands the basics of networks, but have now been thrown into a environment which requires designing, which is something I have never had to do, and I am looking for a little help.

The layout is basically 7 buildings (3 with a small number of nodes <100, others with > 750) on one site within very close proximity to one another, along with 5 small remote sites. The small remote sites seem to be pretty sorted in that they simply have a router and a few switches linked into them. (There is not much needed).

The key area is the main site. Currently it is a very flat layer 2 network with fast links between buildings. A lot of people are saying that we need to VLAN (Which I understand), but at the moment it seems to be a buzz word, rather than it being defined as to why we need to VLAN, as in what are the aims. We do have a lot of nodes 3000 (In total across all sites), so the first reason I have is restrict the broadcasts element.

I think I need to take some stats from the network, and get a lot of documentation together to back this side up, (Number of broadcasts etc).

The next bit is just my thoughts, I would really appreciate it if someone could correct me etc...

We have two server rooms, each of which are in separate buildings (A and B for example). There are certain things which are only in one room, such as our internet connection. Due to this fact I believe our traffic fits the 20/80 rule as opposed to 80/20... I guess the first basic question is what is the criteria to VLAN in this scenario? Some people VLAN by number of nodes, some by purpose (e.g. management VLAN, servers VLAN, VoIP VLAN etc), some people both!

As well as this, some people where I am just seem to think implementing VLAN's is simply the answer (buzz word usage), but to me this does not seem to be a full answer, as inter VLAN routing requires a L3 device, which I guess with the model they are implying this would be a single device in one of the server rooms. There would be less broadcast traffic being received by all nodes with this option but there is still potentially wasted traffic as broadcasts could still be traversing the entire network from for example from Building D to Building A? And could we run into issues of overloading this single L3 device, or an upstream port if that makes sense?

In my mind because of the decent links between buildings, and even more so with slow links, it seems to make more sense to perhaps have a L3 device in each building, then use L2 switches for client connections within each building. This then gives us the ability to prevent broadcasts traversing end to end and also an advantage to simply cut out any unwanted traffic close to the source by ACL's on the L3 device (I believe L2 devices cannot do ACL?) and the ability to use QoS etc. I believe at the moment each building has a single link to the central building, but future plans could then include linking each building to another building, and then using a routing protocol across all L3 devices between buildings and potentially establish redundancy through routing?

My question is, if this design sounds like a better idea, should the L3 device in each building be a switch or router? I believe a router is required if the link is like ATM or something non ethernet based? I am guessing that a switch would be better to avoid having multiple L2 devices in a daisy chain? and this daisychaining could overload the upstream ports? Also how does this affect VLAN allocation, so for example if I use a management VLAN 20 for example and wish to put all my networking devices in it across all buildings, do I just define it multiple times at each building (Seperate instances of the same VLAN number - As in they have no knowledge of each other), and how is secure access maintained, does this now become a L3 ACL function? And at what point would this turn into a the need for a firewall as opposed to a L3 device with ACL's?

Now the other questions I have are regarding the larger buildings with more nodes, in this case multiple VLAN's to break up the sheer number of nodes seems to make sense, perhaps a VLAN per floor for example, but then the question becomes where do these run to, to a central L3 device in the building, like the other smaller buildings or something different?

Finally (Sorry for all this, just writing it as it comes to me!), I would like to see some server redundancy by using techniques such as Windows clustering, NLB etc and for this to be very resilient, using the two seperate server rooms in seperate buildings, I may be wrong but some techniques require devices to be on the same subnet, so would this mean I would need to stretch a Servers VLAN across the two buildings? Can this be done? Is this done in the real world?

As you can see I have a lot of questions, I hope someone can illuminate me on some of these points...

Labels:
0 Helpful
1 Reply 1

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎01-09-2011 07:30 AM

Hello Jellyman,

you put many questions but you also provide most of the answers in your post

Having 3000 devices in a single broadcast domain is simply not efficient because everytime a device sends out an ARP request it is received and processed by all the other devices.

Not only part of available bandwidth is used by broadcast traffic but also cpu of single devices is put under pressure simply to discard traffic that is not interesting for them.

Vlans as you have noted are the way to divide the single flat network in multiple broadcast domains

For doing this job the current solution are multilayer switches because they are cheap and have high performance.

Most use /24 or /25 IP subnets mapped one to one to different Vlans.

if the buildings are close enough it is enough to deploy fiber cables between them to set up the campus infrastructure.

You will likely need two routers and/or firewall to perform NAT because this is not possible on multilayer switches less then C6500 with Sup720.

The use of fiber based GE links within the campus with multilayer switches will give you also the capability to extend some Vlans over the whole campus (for example for management or for extending server Vlans).

Multilayer switches can be connected with L2 trunks and can peer at L3 on some of the carried Vlans and at OSI L2 on others.

However, most of recent designs try to avoid this and for example you may define a dedicated management subnet in each building and you can even re-use the same Vlan-id number if the core facing links are L3 routed links.

you can use a reference the following solution design for enterprise that covers multiple aspects.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents