Solved: Switching Design for a big Network

zain_gabon · ‎09-26-2011

Hi Everybody,

I need to design the architecture for a big network (about 800 nodes)

1-/ what is the core level in an archietcure and in what case we need a core level?

2-/ for a big network with 900 nodes, wich switches can be used for Distributions Level

Your help will be appreciated

Regards

esomarriba · ‎09-26-2011

Hi Zain,

Before you start buying gear, I would recommend setting up some meetings with your upper management and ask some key questions to get a clear understanding of what exactly they are looking for and what is their network expectation. With this exercise you should be able to get good input from all business areas. You would be amaze of the kind of crazy things management expects the network to do. Use this as a filtering tool.

To have a good architectural design you need to fully understand what kind of traffic the new network is going to support. Have a clear view of the network limits. You should be able to know if your network will support Data, Wireless, Voice and Video, and future proof it with the growing demands of today business needs.

Another important design tip is to make sure you say “NO” to your stake holders when they come up with “brilliant ideas” about a new service they saw in a magazine ad in their way back to headquarters from a London trip about Cisco TelePresence.

You could use the CDA model from Cisco to design, Core, Distribution or Access layer and you should be ok for 900 nodes. If you don’t see the need you could do a Collapse Core, this is a 2-Tier design and it has pros and cons, make sure you look into this.

You can never go wrong with Cisco Catalyst 6500-E series switches for Distribution layer. VSS is a really good route to go.

Cisco has really good documentation with best practice designs on their “Cisco Design Zone” here is the URL: http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns815/landing_cOverall_design.html

HTH,

/ES

View solution in original post

ANTONIO DEUS · ‎09-27-2011

Hi Zain,

Yes, U can.

But you must define one domain to your network, and made one or both C3560 VTP server and all other switches configured as VTP client. With this you create the vlans at level 2 and the VTP it will take care of the rest. Remember all switch must be configured with same domain and have the same password (with this U reduced the admin work and troubleshooting in your network).

The C3560 can be used as all (20 vlans) gateways (intervlan routing, you must activate ip routing on the C3560, and change the sdm prefer), also you can use the great advantaged have the virtual gateway in both 3560 (with HSRP), and both 3560 can be distribution. Other thing you must know is what version os IOS are run in the C3560? Maybe, you need to upgrade de IOS to do this.

SDM

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_53_se/configuration/guide/swsdm.html

HSRP

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swhsrp.html

InterVLAN Routing and VTP modes

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

The connection between C2950, C2960 and C3560 will be made in trunk (carry only the correct vlan, activated the vtp pruning on the switch that are running on mode server).

However, you can chose on catalyst 4500R and replace the C3560, but your budget will be short.

http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_models_comparison.html

ADAJio

View solution in original post

esomarriba · ‎09-27-2011

Hi Zain,

If you are going to use the 3560 platform you will need to upgrade your IOS to IP SERVICES to be able to do routing on the box.

With IP BASE you won't be able to run BGP or any other advanced routing protocols.

HTH,

/ES

View solution in original post

ANTONIO DEUS · ‎09-26-2011

Hi Zain,

What you mean with 800/900 nodes? It is meaning hosts, switches, routers?

ADAJio

zain_gabon · ‎09-26-2011

Hi Antonio

800 nodes means hosts, printers, servers, switches and routers

esomarriba · ‎09-26-2011

Hi Zain,

Before you start buying gear, I would recommend setting up some meetings with your upper management and ask some key questions to get a clear understanding of what exactly they are looking for and what is their network expectation. With this exercise you should be able to get good input from all business areas. You would be amaze of the kind of crazy things management expects the network to do. Use this as a filtering tool.

To have a good architectural design you need to fully understand what kind of traffic the new network is going to support. Have a clear view of the network limits. You should be able to know if your network will support Data, Wireless, Voice and Video, and future proof it with the growing demands of today business needs.

Another important design tip is to make sure you say “NO” to your stake holders when they come up with “brilliant ideas” about a new service they saw in a magazine ad in their way back to headquarters from a London trip about Cisco TelePresence.

You could use the CDA model from Cisco to design, Core, Distribution or Access layer and you should be ok for 900 nodes. If you don’t see the need you could do a Collapse Core, this is a 2-Tier design and it has pros and cons, make sure you look into this.

You can never go wrong with Cisco Catalyst 6500-E series switches for Distribution layer. VSS is a really good route to go.

Cisco has really good documentation with best practice designs on their “Cisco Design Zone” here is the URL: http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns815/landing_cOverall_design.html

HTH,

/ES

Leo Laohoo · ‎09-26-2011

What I'd like to know is HOW MUCH is your budget.

A network of about 800-900 clients isn't really big so I don't want to start giving out a recommended model without getting to know more about your budget.

I agree with ES's post. Talk to management. Recently, I've come across a number of management directives that were decided in a meeting where everyone involved in the decision making were taking "magic mushrooms". Whoooopie!

zain_gabon · ‎09-27-2011

Hi Leo,

My client budget is about 60 000 $.

The existing network is a flat network into the same subnet (172.16.0.0/16), we want to make vlans with Acces and distributiobn Layer. There are about 20 Catalyst C2950 and 2 Catalyst C3560.

10 C2960 are connected to 1 C3560, the rest 10 C2950 are connected to the other C3560 and finally, the both C3560 are connected together by fiber optical. There is no vlans and all nodes (about 900 ) are in vlan 1.

My question is: Can i use the both C 3560 like Distribution level and create about 20 vlans. and make intervlan routing on the C3560? can the both C3560 support the charge of all Network with 900 end users (printers, pc, servers etc)?

Thanks in advance.

ANTONIO DEUS · ‎09-27-2011

Hi Zain,

Yes, U can.

But you must define one domain to your network, and made one or both C3560 VTP server and all other switches configured as VTP client. With this you create the vlans at level 2 and the VTP it will take care of the rest. Remember all switch must be configured with same domain and have the same password (with this U reduced the admin work and troubleshooting in your network).

The C3560 can be used as all (20 vlans) gateways (intervlan routing, you must activate ip routing on the C3560, and change the sdm prefer), also you can use the great advantaged have the virtual gateway in both 3560 (with HSRP), and both 3560 can be distribution. Other thing you must know is what version os IOS are run in the C3560? Maybe, you need to upgrade de IOS to do this.

SDM

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_53_se/configuration/guide/swsdm.html

HSRP

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swhsrp.html

InterVLAN Routing and VTP modes

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

The connection between C2950, C2960 and C3560 will be made in trunk (carry only the correct vlan, activated the vtp pruning on the switch that are running on mode server).

However, you can chose on catalyst 4500R and replace the C3560, but your budget will be short.

http://www.cisco.com/en/US/products/hw/switches/ps4324/prod_models_comparison.html

ADAJio

zain_gabon · ‎09-27-2011

Thanks a lot ADAJIO.

I know how to create VTP domain and joined all switches as client to the domain.

My only concern was if the C3560 can handle the network load with about 800 end users.

The both C3560 ios is: c3560-IPBASE-M 12.2(25)SEE3.

I think to limit the budget, i will use the Both C3560 like Distribution, makig routing on it and create all vlans

Thanks

esomarriba · ‎09-27-2011

Hi Zain,

If you are going to use the 3560 platform you will need to upgrade your IOS to IP SERVICES to be able to do routing on the box.

With IP BASE you won't be able to run BGP or any other advanced routing protocols.

HTH,

/ES

zain_gabon · ‎09-27-2011

Thanks,

I will first upgrade the ios of C3560 from IP-BASE to IPSERVICES.

But no problem for the network if i used 3560 in distribution layer? with about 20 vlans?

Regards

flokki123 · ‎09-27-2011

hi zain,

in your case it is actually not the nodes which are important for the calculation of the troughput on the c3560, the uplinks from the access switches to the core switches (3560) are the important thing here.

e.g. if you connect all 10 access layer switches over a 1gbit link to the core switch then you have a max. throughput of 10x 1gbit at the core switch, if the access switches are the only devices attached to the core switch.

so in the example above you would have a max. throughput of 10gbit + the connection to the other core switch, which might be 10gbit. so it would be a max. throughput at the core switch of 20gbit. then you have to check the backplane troughput of the core switch, but be carefull with this number, as this is a full duplex number, which means half it, or double the port values.

just learned this stuff last week and hope passed it on correct.

HTH

florian

zain_gabon · ‎09-27-2011

Hi Florian

All Acces switches will be connected to the core (3560), each switch by a 1 giga port on the C3560.

So for 10 access layer switches will directly connected to 10 giga port on C3560.

flokki123 · ‎09-27-2011

hi zain,

because even if there are 24, or 48 pc or servers connected to the access switches they all share a 1gbit uplink to the core. so the core switch dosnt know from a throughput perspective that he has to handle 800 or 900 switches behind the uplinks. he only has to switch the ports connected to it.

but like i mentioned before, i was told that stuff last week and hope i explain it to you in the right way.

if someone here could confirm that, i would appreciate it!

regards,

florian

esomarriba · ‎09-27-2011

As a side note, make sure you are not over subscribing your uplinks. As part of your planning and design face remember to include a decent QoS policy. That will come in handy if you run into congestion.