Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4408
Views
13
Helpful
5
Replies

How to span vlans across core layer in core/distribution/access campus design?

Go to solution
thorsten.steffen
Level 3
Level 3

‎04-24-2014 07:09 AM - edited ‎03-07-2019 07:12 PM

Hi,

I studied Cisco Borderless Campus Design Guide 1.0 (http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1-0/Borderless_Campus_1-0_Design_Guide.html) last week because we plan to redesign our campus backbone to a three tier Core/Distribution/Access Design.

Today we use a collapsed backbone where a lot of vlans are spanned across the backbone because they are needed in different buildings.
Could anybody give me a hint how Cisco recommends to deal with that kind of vlans in the multi-tier design?
In my eyes between core and distribution layer there is only routing functionality and no l2 transport of vlans.
So using the same vlan in different buildings seems not to be supported?
 
Best Regards,
Thorsten
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-24-2014 10:56 AM

Thorsten

Just to add to Joseph's post.

It is quite common for a vlan to be spanned when it doesn't actually need to be ie. the network has evolved that way.

Most things do not need L2 adjacency, they can happily use L3. Servers sometimes do but in the campus design your servers are usually located in one site so you don't need to extend vlans to other sites in your campus.

Not suggesting this is the case for you but it may be worth checking whether you really do. (apologies if you already have)

As Joseph mentioned you really want to avoid it if at all possible ie. ideally all connections to the core switches are L3 ie. no need for vlans at all in the core.

If you need to extend a few vlans then you can do this but still route for all other vlans ie. you would configure your distribution to core connections as trunks and then allow the vlans you need to extend plus one other vlan, unique per distribution pair, to route all other vlans. So per site your distribution switches route all vlans except the extended vlans and of they need to route to a vlan in another site they use that unique vlan.

But this is not ideal because you then need to extend certain vlans across the core and because you are using L2 connections STP could come into it although that does depend on your core switch selection eg. 4500/6500 VSS etc. would alleviate this.

There are ways to extend vlans across a L3 network but the solutions available are very much dependant on the kit you use and their capabilities so if you do need multiple vlans in multiple sites but still want to keep a L3 core you may want to investigate some of those before purchasing kit (unless of course you have already purchased it).

What you do really depends on just how many vlans you actually need to extend between sites.

Jon

View solution in original post

5 Replies 5

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎04-24-2014 07:44 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Right!  Using the same VLAN in different buildings shouldn't be supported.  Especially if you're Campus network is large enough to really (!) require 3 tiers, and you're routing in core and distribution, you shouldn't be transporting a VLAN across the core.  But, even in two tier, or with routing to the edge, once you get to L3, L2 should generally be blocked.

 

I realize you may have some special case, such as devices that will only exchange data across L2, and not L3 (bad app!), and to support those, you can push a VLAN across L3 switches, as they still also support L2.  Should very much be exception, and not the rule.

 

 

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-24-2014 10:56 AM

Thorsten

Just to add to Joseph's post.

It is quite common for a vlan to be spanned when it doesn't actually need to be ie. the network has evolved that way.

Most things do not need L2 adjacency, they can happily use L3. Servers sometimes do but in the campus design your servers are usually located in one site so you don't need to extend vlans to other sites in your campus.

Not suggesting this is the case for you but it may be worth checking whether you really do. (apologies if you already have)

As Joseph mentioned you really want to avoid it if at all possible ie. ideally all connections to the core switches are L3 ie. no need for vlans at all in the core.

If you need to extend a few vlans then you can do this but still route for all other vlans ie. you would configure your distribution to core connections as trunks and then allow the vlans you need to extend plus one other vlan, unique per distribution pair, to route all other vlans. So per site your distribution switches route all vlans except the extended vlans and of they need to route to a vlan in another site they use that unique vlan.

But this is not ideal because you then need to extend certain vlans across the core and because you are using L2 connections STP could come into it although that does depend on your core switch selection eg. 4500/6500 VSS etc. would alleviate this.

There are ways to extend vlans across a L3 network but the solutions available are very much dependant on the kit you use and their capabilities so if you do need multiple vlans in multiple sites but still want to keep a L3 core you may want to investigate some of those before purchasing kit (unless of course you have already purchased it).

What you do really depends on just how many vlans you actually need to extend between sites.

Jon

Go to solution
thorsten.steffen
Level 3
Level 3
In response to Jon Marshall

‎04-24-2014 11:27 PM

Thanks John,

that's what I already assumed.

We have servers at different campus sites so we need to bring the vlans to more than one site for heartbeat/sync links, vm etc.

Concerning the routing connection of a distribution block to the core routers you mentioned "one unique vlan". Isn't it recommended to use a separate point-to-point vlan from each distribution router to the neighbor core router for routing all other access vlans?

 

Thorsten

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to thorsten.steffen

‎04-25-2014 01:10 PM

Thorsten

If you don't extend vlans then you would use L3 routed links between each distribution pair and the core switches.

What i was referring to was where you do need to extend vlans. If you do then you need to make the connections trunks (unless you use some other L2 extension method). So for each site where you need an extended vlan you would need to allow that extended vlan(s) on the trunk and one other vlan which is unique per site (distribution pair of switches).

This unique vlan per site is used to route all the vlans that do not need extending. You don't want those vlans allowed on the trunk link otherwise you have extended all vlans to the core.

Hope that makes sense.

In terms of alternatives yes L2TPv3 could be used but most switches don't support it.

There are other options such as EoMPLS/VPLS and if you are using virtual servers something like VXLAN but a the first two rely on an underlying MPLS network which complicates things and the latter is really more of a DC technology. Should also say i haven't used any of them so can't guarantee whether they would meet your requirements or not.

What may be worth considering is the selection of your core switches. If they support MEC (Multichassis Etherchannel) such as stacked switches, 4500/6500 with VSS, Nexus using vPC then you can significantly reduce the impact of STP plus you get the full bandwdith through to the core switches from each distribution pair.

Jon

Go to solution
thorsten.steffen
Level 3
Level 3
In response to Jon Marshall

‎04-25-2014 12:00 AM

btw, are there any alternative solutions to extend vlans via normal l2 vlan tagging with stp?

Do maybe l2 tunnel mechanisms like l2tpv3 make sense to avoid stp in the core layer?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card