The campus network architecture is based on the use of two basic blocks or modules connected through the core of the network:
■ Distribution layer
■ Access layer
The following sections describe both layers in detail.
Distribution Layer
The distribution layer interconnects the access layer switches to the core of the network. A large enterprise campus network can have one or more distribution switches, depending on the number of downstream access layer switches connected to it. Best practices recommend not going beyond 20 access layer switches connected to a single distribution layer. This is mostly limited by the control plane handling of the distribution layer, whether it is a Layer 2 or a routed access design. There are currently three basic design choices for configuring the distribution layer:
■ Layer 2 access design
■ Routed access design
■ Virtual switch design
Layer 2 Access Design
The Layer 2 access is the traditional campus access-distribution design where all the access switches are configured to run in Layer 2 forwarding mode, and the distribution switches act as a demarcation for Layer 2 and Layer 3. In this particular design, the distribution layer switches act as the default gateway for the end hosts.
VLAN-based trunks extend the subnets from the distribution switches down to the access layer. A first-hop redundancy protocol, such as Hot Standby Router Protocol (HSRP) or Gateway Load Balancing Protocol (GLBP), is run on the distribution layer switches along with a routing protocol to provide upstream routing to the core of the campus. One version of Spanning Tree and the use of the Spanning Tree hardening features (such as Loopguard, Rootguard, and BPDUGuard) are configured on the access ports and switch-to-switch links as appropriate. Although these technologies and features are critical to a campus deployment, they are independent of IPv6 and are not discussed in detail.
The Layer 2 access design has two basic variations (as shown in Figure 2-3) that primarily differ only in the manner in which VLANs are defined:
■ Looped design: One-to-many VLANs are configured to span multiple access switches. As a result, each of these spanned VLANs has a Spanning Tree or Layer 2 looped topology.
■ V (or loop-free) design: This follows the current best practice guidelines for the mul-titier design and defines unique VLANs for each access switch. The removal of loops in the topology provides a number of benefits, including per-device uplink load balancing with the use of GLBP, a reduced dependence on Spanning Tree to provide network recovery, reduction in the risk of broadcast storms, and the ability to avoid uni-cast flooding (and similar design challenges associated with nonsymmetrical Layer 2 and Layer 3 forwarding topologies).
Figure 2-3 Layer 2 Access Design
Routed Access Design
An alternative configuration to the traditional multitier distribution block model is one in which the access switch acts as a full Layer 3 routing node (provides both Layer 2 and Layer 3 switching) and the access to distribution Layer 2 uplink trunks is replaced with Layer 3 point-to-point routed links. This alternative configuration, in which the Layer 2/3 demarcation is moved from the distribution switch to the access switch (as shown in Figure 2-4), appears to be a major change to the design, but is actually an extension of the best practice multitier design.
Figure 2-4 Routed Access Design
The routed access design has a number of advantages over the multitier design with its use of Layer 2 access to distribution uplinks:
■ It offers common end-to-end troubleshooting tools (such as ping and traceroute), it uses a single control protocol (either Enhanced IGRP [EIGRP] or Open Shortest Path First [OSPF]), and it removes the need for features such as HSRP.
■ Although it is the appropriate design for many environments, it is not suitable for all environments because it requires no VLAN span multiple access switches.
Because routed access designs provide additional advantages, they also pose certain challenges as follows:
■ Implementing routed access design requires careful planning and design to avoid routing loops and requires appropriate route summarization to ensure that the network design can scale as new users and access layer switches are added to the network.
■ With a Layer 2 design, subnets can be easily extended across multiple access layer switches connecting to the same distribution layer. With the routed access design, extending the same subnet across two access switches can lead to overlapping addresses, which can be challenging and require the network designer to carefully implement subnetting and route summarization at the distribution layer.
■ Implementing routed access can be expensive because it might require different hardware and software at each access layer to provide Layer 3 functionalities.
Virtual Switching System Distribution Block
The Virtual Switching System (VSS) distribution block design (as shown in Figure 2-5) is a radical change from the typical Layer 2 or Layer 3 access design. In the past, multiple access switches were connected to two redundant distribution switches, and the configuration of the network control protocols (such as HSRP and 802.1D Spanning Tree) determined the way in which the switches forwarded traffic over each of the uplinks and how the network recovered in the event of a switch or link failure. With the introduction of the virtual switch concept, the distribution switch pair can now be configured to run as a single logical switch.
Figure 2-5 Virtual Switching System Distribution Block Design
By converting the redundant physical distribution switches into a single logical switch, a significant change is made to the topology of the network. In the other access-distribution block designs, an access switch is configured with two uplinks to two distribution switches and needs a control protocol to determine which of the uplinks to use. In a VSS implementation, the access switch has a single, logical Multichassis EtherChannel (MEC) upstream link connected to a single distribution switch.
Comparing Distribution Block Designs
Although each of the three access-distribution block designs provides a viable approach, there are advantages to the virtual switch and routed access designs over the traditional multitier approach. Simpler overall network configuration and operation, per-flow upstream and downstream load balancing, and faster convergence are some of the differences between these newer design options and the traditional multitier approach. Table 2-2 compares the three design options.
Table 2-2 Comparison of Distributed Block Design Models
|
Features |
Layer 2 Access Design |
Routed Access |
Virtual Switch |
|
Access distribution control plane protocols |
Spanning Tree (PVST+, Rapid-PVST+ or MST) |
EIGRP or OSPF |
PAgP, LACP |
|
VLAN spanning access switches |
Supported (requires L2 Spanning Tree loops) |
No |
Supported |
|
Layer 3 boundary |
Distribution |
Access |
Distribution |
|
First-hop redundancy Protocol |
HSRP, GLBP, VRRP required |
Not required |
Not required |
|
Access to distribution per-flow load balancing |
No |
Yes – Equal Cost Multipath (ECMP) |
Yes – MEC |
|
Convergence |
900 ms to 50 seconds (dependent on the STP topology and FHRP tuning) |
50 to 600 ms |
50 to 600 ms |
Access Layer
The access layer is the first point of contact or edge of the enterprise network. This layer is the point where end devices attach to access the network. The access layer also serves as the first place where network services can be initiated. PCs, servers, IP phones, wireless access points, cameras, and other PoE/PoE+ devices are examples of a wide variety of devices that can connect to the access layer. Table 2-3 summarizes some services that an access layer switch provides.
