Professional Documents
Culture Documents
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 1
High-Availability Networking in the Campus
Network Operations:
Best Practices
Best-in-Class Support:
TAC, CA, Etc.
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 2
What Is High Availability?
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 5
Multilayer Network Design
Without a Rock Solid Foundation the Rest Doesn’t Matter
Access
• Offers hierarchy – each layer has specific
role
• Modular topology - building blocks
Si
Distribution • Easy to grow, understand, and
Si
troubleshoot
• Creates small fault domains – Clear
demarcations and isolation
Core
• Promotes load balancing and redundancy Si
Si
Distribution
Si Si
Access
Si Si Si Si Distribution
Access
• Protects core from high density • HSRP or GLBP to provide first hop
peering and problems in access layer redundancy
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 8
Defining the Core Layer
Core
Distribution
Access
Distribution 3
Distribution 1
Distribution 1
Distribution 3
• Core and
distribution Access
engineered with
redundant nodes
and links to Distribution Si Si Si Si Si Si
provide maximum
redundancy and
optimal Redundant
convergence Core Nodes
Si Si
• Network bandwidth
and capacity
engineered to Distribution Si Si
Si
Si
Si
Si
withstand node
or link failure
• 120–200ms to Access
converge around WAN Data Center Internet
most events
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 11
Single Points of Termination
SSO/NSF Avoiding Total Network Outage
L2 = SSO
Access L3 = SSO/NSF
Distribution Si Si Si Si Si Si
Core
Si Si
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 13
ESE Campus Solution Test Bed
Verified Design Recommendations
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 15
Best Practices—Layer 3 Routing Protocols
• Typically deployed in
distribution to core, and core
to core interconnections
• Used to quickly re-route
around failed node/links while Si Si Si Si
Si Si
providing load balancing over
redundant paths
• Build triangles not squares for
deterministic convergence
Layer 3 Equal Layer 3 Equal
• Only peer on links that you Cost Link’s Cost Link’s
intend to use as transit Si Si
Si Si Si
Si
Si Si Si
Si
Model A Model B
• Best practice—summarize
at the distribution layer to
limit EIGRP queries or Core
OSPF LSA propagation Si Si
• Gotcha:
Summary:
Upstream: HSRP on left
distribution takes over when 10.1.0.0/16
link fails
Return path: old router still Distribution
advertises summary to core
Tra
Return traffic is dropped on Si w
Si f
ith fic D
right distribution switch No rop
Ro ped
ute
• Summarizing requires
a link between the
distribution switches Access
• Alternative design:
Use the access layer for
transit 10.1.1.b/24 10.1.1.a/24
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 22
CEF Load Balancing
Avoid Underutilizing Redundant Layer 3 Paths
Redundant Paths Ignored
• CEF polarization: without
some tuning CEF will
select the same path
Distribution left/left or right/right
Si Si
Default L3 Hash
• Imbalance/overload
L R
could occur
Core
Si
• Redundant paths are
Default L3 Hash Si
ignored/underutilized
• CEF uses a multi-step process to Src IP| Dst IP | Src Port | Dst Port
make final forwarding decision
• First it determines the longest path
match for the destination address via
an hardware lookup
• Each specific index is associated with Hardware
a next hop adjacencies table Lookup
• Default: using the packet source and
destination IP address one of the
possible adjacencies is selected via a
HW hash
Select
• Tweak: using the packet source and Specific
destination IP address and port Hash
information one of the possible Adjacency
adjacencies is selected via a HW hash Based on
Hash
• New MAC address is attached and
packet is forwarded
• If you change the input to the hash
you will change the output
• Changing the default from L3 to L3/L4
causes different hashes to be derived MAC Re-Write Src IP| Dst IP | Src Port | Dst Port
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 24
CEF Load Balancing
Avoid Underutilizing Redundant Layer 3 Paths
All Paths Used
• Without some tuning CEF will
select the same path left/left or
right/right and imbalance/
overload could occur
Distribution
Si
(redundant paths ignored)
L3/L4 Hash Si
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 25
Spanning Tree
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 26
PVST+ and Rapid PVST+, MST
Spanning Tree Toolkit, 802.1d, 802.1s, 802.1w
Root Distribution
• PortFast*: Bypass listening-learning Switches
phase for access port
• UplinkFast: Three to five seconds F F
Si Si
convergence after link failure
• BackboneFast: Cuts convergence time F F
by Max_Age for indirect failure
• LoopGuard*: Prevents alternate or root
port to become designated in absence
of BPDUs
• RootGuard*: Prevents external switches X
Wiring
from becoming root
F B Closet
• BPDUGuard*: Disable PortFast enabled Switch
port if a BPDU is received
• BPDUFilter*: Do not send or receive
BPDUs on PortFast enabled ports
35
To Access To Server Farm
Timed to Converge in
30
25
Seconds
20 30 Seconds of
Delay/Loss
15 Tuned Away
10
5
0
PVST+ Rapid PVST+
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 30
Best Practices—UDLD Configuration
• Config example
Cisco IOS: udld Si Si Si Si
aggressive Si Si
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 31
Unidirectional Link Detection
Protecting Against One Way Communication
• Typically deployed on
interconnection between
access and distribution layers 802.1q Trunks
• Use VTP transparent mode to
decrease potential for Si Si Si Si Si Si
operational error
• Hard set trunk mode to on and
encapsulation negotiate off for Layer 3 Equal Layer 3 Equal
optimal convergence Cost Link’s Cost Link’s
Si Si
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 34
DTP Dynamic Trunk Protocol
2.5
3550 (Cisco IOS)
Time to Converge in Seconds
4006 (CatOS)
2 4507 (Cisco IOS)
6500 (CatOS)
1.5 Si
Two Seconds
1 of Delay/Loss
Tuned Away
0.5
Voice Data
0
Trunking Desirable Trunking Nonegotiate
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 36
Best Practices—
EtherChannel Configuration
• Typically deployed in
distribution to core, and core
to core interconnections
• Used to provide link Si Si Si Si
Si Si
redundancy—while reducing
peering complexity
• Tune L3/L4 load balancing
Layer 3 Equal Layer 3 Equal
hash to achieve maximum Cost Link’s Cost Link’s
utilization of channel members Si Si
need it
• Disable unless needed
CatOS: set port host WAN Data Center Internet
L3 Hash
• Network did not load Link 0 load—68%
balance using default L3
load balancing hash
Common IP addressing scheme Si Si
Link 1 Load—48%
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 38
PAgP Port Aggregation Protocol
• Automatic formation of Si Si
On/On
bundled redundant switch Channel
to switch interconnection
On: always be a
Si Si
channel/bundle member On/Off
No Channel
Desirable: ask if the other
side can/will
Auto: if the other sides Si
Auto/Desirable
Si
7
6
Time to Converge in
5 As Much As
Seconds
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 40
Best Practices—First Hop Redundancy
Si Si
balancing
• Preempt timers need to
be tuned to avoid black-
holed traffic WAN Data Center Internet
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 41
First Hop Redundancy with VRRP
IETF Standard RFC 2338 (April 1998)
R1—Master, Forwarding Traffic; R2,—Backup
• A group of routers VRRP ACTIVE VRRP BACKUP
function as one virtual IP: 10.0.0.254 IP: 10.0.0.253
router by sharing ONE MAC: 0000.0c12.3456 MAC: 0000.0C78.9abc
vIP: 10.0.0.10 vIP:
virtual IP address and vMAC: 0000.5e00.0101 vMAC:
one virtual MAC address
• One (master) router R1 R2
performs packet
Si Si
forwarding for local hosts
• The rest of the routers act Distribution-A Distribution-B
as “back up” in case the VRRP Active VRRP Backup
master router fails Access-a
Si Si Si Si
Si Si
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 44
Optimizing Convergence: HSRP Preempt Delay
Preempt Delay Needs to Be Longer Than Box Boot Time
25
0
No Preempt Delay Prempt Delay Tuned
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 45
First Hop Redundancy with GLBP
Cisco Designed, Load Sharing, Patent Pending
R1- AVG; R1, R2 Both Forward Traffic
• All the benefits of GLBP AVG/AVF,SVF GLBP AVF,SVF
HSRP plus load IP: 10.0.0.254 IP: 10.0.0.253
balancing of default MAC: 0000.0c12.3456 MAC: 0000.0C78.9abc
gateway à utilizes all vIP: 10.0.0.10 vIP: 10.0.0.10
vMAC: 0007.b400.0102
vMAC: 0007.b400.0101
available bandwidth
• A group of routers R1
function as one virtual Si Si
router by sharing one
virtual IP address but Distribution-A Distribution-B
using multiple virtual GLBP AVG/AVF, SVF GLPB AVF,SVF
MAC addresses for Access-a
traffic forwarding
• Allows traffic from a
single common subnet
to go through multiple
redundant gateways IP: 10.0.0.1 IP: 10.0.0.2 IP: 10.0.0.3
using a single virtual MAC: aaaa.aaaa.aa01 MAC: aaaa.aaaa.aa02 MAC: aaaa.aaaa.aa03
IP address GW: 10.0.0.10 GW: 10.0.0.10 GW: 10.0.0.10
ARP: 0007.B400.0101 ARP: 0007.B400.0102 ARP: 0007.B400.0101
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 46
First Hop Redundancy with Load Balancing
Cisco Gateway Load Balancing Protocol (GLBP)
.4 .5
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 47
Optimizing Convergence: VRRP, HSRP,
GLBP Mean, Max, and Min—Are There Differences?
• VRRP does not have sub-second timers and all flows go through a
common VRRP peer; mean, max, and min are equal
Si Si
Core Core
Layer 3 Distribution-A Distribution-B
GLBP Virtual GLBP Virtual MAC 2
Distribution MAC 1
Layer 2/3
Si Si
2
F2 B
F 2
Access F: Forwarding
B2
Layer 2 B: Blocking
Access-a Access-b
VLAN 2 VLAN 3
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 49
GLBP + STP turning
Change Port Cost to Change the Blocking Interfaces
Core Core
Layer 3 Distribution-A Distribution-B
GLBP Virtual GLBP Virtual MAC 2
Distribution MAC 1
Layer 2/3 B x STP Port
Cost
Si Si Increased
Access
Layer 2
Access-a Access-b
VLAN 2 VLAN 2
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 50
Best Practices—Quality of Service
Si Si
Si
configurable admission
criteria and scheduling
are required
WAN Data Center Internet
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 51
Transmit Queue Congestion
WAN
Router
100 Meg in 128 Kb/S out—Packets Serialize in Faster Than They Serialize out
Packets Queued as They Wait to Serialize out Slower Link
1 Gig In 100 Meg out—Packets Serialize in Faster Than They Serialize out
Packets Queued as They Wait to Serialize out Slower Link
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 52
Enabling QoS in the Campus
Scheduling in the Campus
Police and Mark Throttle
Anomalies
• Scavenger traffic is
assigned it’s own
queue/threshold Si
• Scavenger queue is
shallow with a large
burst to penalize
Scavenger
sustained loads Gold Queue
• Multiple queues are the RX Aggressive Drop
only way to “guarantee” Data
voice quality, protect RX
mission critical and
throttle abnormal
sources
• Cisco switches have
Scavenger
RX Si TX
multiple queues
Voice
RX Voice Put into
Delay/Drop
RST-2501: Campus QoS Design Sensitive Queue
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 53
Agenda
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 54
Campus Design Best Practices
Access
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 55
Daisy Chaining Access Layer Switches
Avoid Potential Black Holes
Return Path Traffic Has a 50/50 Chance of Being ‘Black Holed’
Core
Si Si
Layer 3
50% Chance That Traffic
Will Go Down Path with
No Connectivity
Layer 3 Link
Distribution
Layer 2/3 Distribution-A Distribution-B
Si Si
Dr Tra
o f
No pped fic
De Pa wit
stin th h
atio to
n
Access
Layer 2
Access-a Access-n Access-c
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 56
Daisy Chaining Access Layer Switches
New Technology Addresses Old Problems
Forwarding HSRP
Si
Active
Layer 3
Forwarding HSRP
Si
Standby
3750
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 57
Campus Design Best Practices
Access
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 58
Asymmetric Routing (Unicast Flooding)
• Affects redundant
topologies with
shared L2 access
• One path upstream Asymmetric
and two paths Equal Cost
downstream Return Path
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 59
Best Practices Prevent Unicast Flooding
Access
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 61
Keep Redundancy Simple
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 62
But Don’t Go Too Far…
What Happens if You Don’t Link the Distributions?
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 63
What If You Don’t?
Black Holes and Multiple ‘Transitions’…
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 64
What If You Don’t?
Return Path Traffic Black Holed…
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 65
Layer2 Distribution Interconnection
Redundant Link from Access Layer Is Blocked
HSRP Active HSRP Active
and STP Root Layer 2 and STP Root
VLAN 20,140 Si Trunk Si VLAN 40,120
Distribution
Layer 2 Layer 2
Links Links
STP Model
Access
10.1.20.0 VLAN 20 Data 10.1.40.0 VLAN 40 Data
10.1.120.0 VLAN 120 Voice 10.1.140.0 VLAN 140 Voice
Distribution
Layer 2 Layer 2
Links Links
HSRP Model
Access
10.1.20.0 VLAN 20 Data 10.1.40.0 VLAN 40 Data
10.1.120.0 VLAN 120 Voice 10.1.140.0 VLAN 140 Voice
Distribution
Layer 2 Layer 2
Links Links
GLBP Model
Access
10.1.20.0 VLAN 20 Data 10.1.40.0 VLAN 40 Data
10.1.120.0 VLAN 120 Voice 10.1.140.0 VLAN 140 Voice
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 68
Layer3 Access to Distribution Interconnection
All Links Are Routed
Layer 3
Si Si
Distribution
Layer 3 Layer 3
Equal Cost Equal Cost
Links Links
Routed Model
Access
10.1.20.0 VLAN 20 Data 10.1.40.0 VLAN 40 Data
10.1.120.0 VLAN 120 Voice 10.1.140.0 VLAN 140 Voice
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 70
PVST+, Rapid PVST+, or a Routing Protocol
STP vs. Equal Cost Layer3 Links and Routing
Distribution to Access Link Failure
Server Farm to Access
10
Time in Seconds to
9 2950 (Cisco IOS) 3550 (Cisco IOS) 4507 (CatOS)
8 4507 (Cisco IOS) 6500 (CatOS) 6500 (Cisco IOS)
Converge
Si Si
7
6
5
4 All Sub-Second
3
2
1
0
Si Si
PVST+ Rapid PVST+ EIGRP OSPF
6
5 Approaching
All
4 Sub-Second
SONET Speeds
3
A B 2
1
0
RST-2032 PVST+ Rapid PVST+ EIGRP OSPF
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 71
PVST+, Rapid PVST+, or a Routing Protocol
STP vs. Equal Cost Layer3 Links and Routing
Distribution to Access Link Failure
Server Farm to Access
45
Time in Seconds to
40 2950 (Cisco IOS) 3550 (Cisco IOS) 4507 (CatOS)
Converge
Si Si 35 4507 (Cisco IOS) 6500 (CatOS) 6500 (Cisco IOS)
30
25
Four Seconds
20
of Loss Zero Packet
15 Loss
10
5
Si Si 0
PVST+ Rapid PVST+ EIGRP OSPF
Access to Server Farm
45
402950 (Cisco IOS)
Time in Seconds to
30
25 As Much as
20 40 Seconds
A B 15 of Loss
10
5
RST-2032 0
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved.
PVST+ Rapid PVST+ EIGRP OSPF 72
EIGRP vs. OSPF as Your IGP
Feasible Successor vs. LSA’s and SPF’s
Si Si Si Si
• When routes are summarized
Si Si and filtered only the distribution
peers in an EIGRP network need
to calculate new routes in event
of link or node failure
WAN Data Center Internet
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 73
EIGRP to the Edge Design Rules
interface GigabitEthernet1/1
ip hello-interval eigrp 100 1
ip hold-time eigrp 100 3
interface GigabitEthernet1/1
Si Si Si Si
ip ospf dead-interval minimal
Si Si
hello-multiplier 4
router ospf 100
area 120 stub no-summary
timers throttle spf 10 100 5000
WAN Data Center Internet timers throttle lsa all 10 100 5000
timers lsa arrival 80
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 75
Agenda
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 76
Mitigating Plug and Players
Protecting Against Well-Intentioned Users
Cisco Secure
Network Instability ACS
BPDU Guard
Unauthorized
Switch
Unauthorized
Switch Incorrect Root Guard
STP Info
Enterprise
Enterprise Server
Server
Authorized Authorized
Switch Switch
PROBLEM: SOLUTION:
• Well intentioned users place • Catalyst switches support
unauthorized network devices rogue BPDU filtering: BPDU
on the network possibly Guard, Root Guard
causing instability
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 77
BPDU Guard
Prevent Loops via WLAN (Windows XP Bridging)
PROBLEM:
• WLAN AP’s do not
forward BPDU’s
• Multiple Windows XP STP Loop
Formed
machines can create a
BPDU Guard
loop in the wired VLAN Disables Port
via the WLAN
SOLUTION:
• BPDU Guard configured BPDU
on all end station switch Generated
ports will prevent loop
from forming
BPDU
Win XP Discarded Win XP
Bridging Bridging
Enabled Enabled
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 78
Problem: Prevalence of Rogue AP’s
Example: 59 APs in Seven Miles in SJ Commute
RST-2032
SEC-2005: Understanding Identity-Based Networking Services
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 80
Securing Layer 2 from Surveillance Attacks
Cutting off MAC-Based Attacks
00:0e:00:aa:aa:aa
00:0e:00:bb:bb:bb Only 3 MAC
Addresses
Allowed on
250,000 the Port:
Bogus MAC’s Shutdown
per Second
PROBLEM: SOLUTION:
“Script Kiddie” Hacking Tools Port Security Limits MAC Flooding
Enable Attackers Flood Switch Attack and Locks down Port and
CAM Tables with Bogus Macs; Sends an SNMP Trap
Turning the VLAN into a “Hub”
switchport port-security
and Eliminating Privacy switchport port-security maximum 3
switchport port-security violation restrict
Switch CAM Table Limit Is Finite switchport port-security aging time 2
Number of Mac Addresses switchport port-security aging type
inactivity
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 81
DHCP Snooping
Protection Against Rogue/Malicious DHCP Server
1
D us
Re HCP g P DHCP
qu
est Bo HC nse Server
1000s of DHCP D po
Requests to e s
R
Overrun the 2
DHCP Server
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 84
Catalyst Integrated Security Features
Summary Cisco IOS
IP Source Guard
ip dhcp snooping
ip dhcp snooping vlan 2-10
Dynamic ARP Inspection ip arp inspection vlan 2-10
!
DHCP Snooping
interface fa3/1
Port Security switchport port-security
switchport port-security max 3
switchport port-security violation
• Port security prevents MAC restrict
flooding attacks
switchport port-security aging time 2
• DHCP snooping prevents client switchport port-security aging type
attack on the switch and server inactivity
• Dynamic ARP Inspection adds ip arp inspection limit rate 100
security to ARP using DHCP
ip dhcp snooping limit rate 100
snooping table
!
• IP source guard adds security to IP
source address using DHCP Interface gigabit1/1
snooping table ip dhcp snooping trust
ip arp inspection trust
RST-2032
SEC-2002: Understanding and Preventing Layer 2 Attacks
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 85
Agenda
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 86
Layer3 Distribution Interconnection
Reference Design—No VLANs Span Access Layer
• Summarize routes
towards core
• Filter routes towards
the access Distribution
• Disable Etherchannel Si
Layer 3
Si
unless needed
P-t-P Link
• Set port host on access
layer ports:
Disable Trunking
Disable Etherchannel
Enable PortFast
Access
• RootGuard or BPDU-Guard VLAN 20 Data VLAN 40 Data
• Use security features 10.1.20.0/24 10.1.40.0/24
VLAN 120 Voice VLAN 140 Voice
10.1.120.0/24 10.1.140.0/24
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 89
Agenda
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 90
Multilayer Network Design
Without a Rock Solid Foundation the Rest Doesn’t Matter
Access
• Offers hierarchy – each layer has specific
role
• Modular topology - building blocks
Distribution Si Si
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 91
Optimizing Convergence
• Limit VLAN’s to a single closet when ever
possible to limit STP boundaries.
Access • If STP required utilize rapid PVST+
• Set trunks to ON/ON no-negotiate
• Match PaGP settings CatOS/Cisco IOS
• Consider EIGRP/routing in the access
Si
Distribution Si
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 93
Multilayer Network Design
Without a Rock Solid Foundation the Rest Doesn’t Matter
Access
Load
Balancing
Si
Distribution Si
ing
Trunk
Core GLBP Si
Si
Distribution HSRP
Si Si
Spanning
Routing
Access Tree
Data Center
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 94
Reference Materials
http://www.cisco.com/go/srnd
• High Availability Campus Design Guide
• High Availability Campus Convergence Analysis
• High Availability Campus Design Guide – Routed
Access EIGRP (soon)
• High Availability Campus Design Guide – Routed
Access OSPF (soon)
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 95
Recommended Reading
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 96
RST-2032
11208_05_2005_c2 © 2005 Cisco Systems, Inc. All rights reserved. 97