Campus Network Design v2.0

Campus Network
Design
By dividing the campus Network into subsystemsor building blocksand

assembling them into a clear order, we achieve a higher degree of stability,
flexibility, and manageability for the individual pieces of the campus and the
campus as a whole.
CCNP Cisco Certified Network Professional Routing and Switching (AEC LEA.CS)
2007 2010, Cisco Systems, Inc. All rights reserved.
Cisco Public
Enterprise Campus
consists of the integrated elements that comprise the set of
services used by a group of users and end-station devices
that all share the same high-speed switching
communications fabric.
the high-speed Layer-2 and Layer-3 Ethernet switching
portions of the network outside of the data center.
The campus core can often interconnect the campus
access, the data center and WAN portions of the network.
Campus Network Design

Cisco Public
Campus Network Architecture Change - Drivers

Growing expectation within the business community for a
flexible work environmentproviding anytime/anywhere
network connectivityis one of the most visible.
Regulatory Standards
Security - disaster recovery, and business continuance
Innovation and technological advances

Cisco Public
Is Campus Network Design Approach Needed?

Early LAN-based computer networks started as simple
highly optimized connections between a small number of
PCs, printers, and servers.
As these LANs grew and became interconnected, forming
the first generation of campus networks, area of the network
very often impacted the entire network.
Simple add and move changes in one area had to be
carefully planned or they might affect other parts of the
network.
a failure in one part of the campus quite often affected the
entire campus network.

Cisco Public
Core Network Design Approach

Structured Campus Network Design
Any large complex Network must be built using a set of modularized
components that can be assembled in a hierarchical and structured
manner.
Benefits provided by Dividing any Network into its

components.
Each of the components or modules can be designed with some
independence from the overall design , ( ISOLATION)
all modules can be operated as semi-independent elements providing
for overall higher system availabilityas well as for simpler
management and operations.( controlled Interaction between Modules)
higher degree of stability, flexibility, and manageability for the individual
pieces of the campus and the campus as a whole.

Cisco Public
Campus Architecture Design Principles

The use of a guiding set of fundamental engineering principles serves
to ensure that the campus design provides for the balance of
availability, security, flexibility, and manageability required to meet
current and future business and technological needs.
Four Campus Fundamental engineering Objectives
Modularity
Hierarchy
Resiliency
Flexibility
Structured Campus Network Design questions:

1. what is the overall hierarchical structure of the campus
2. what features and functions should be implemented at each layer of the
hierarchy?
3. what are the key modules or building blocks?
4. how do the building blocks relate to each other and work in the overall
hierarchy?
Cisco Public
Layers of the Campus Network

Hierarchy
Core
Collapsed Distribution and

Core Campus
Single-Node Campus Core

Multi-Node Campus Core
Distribution
Access
hierarchical design help achieve a
degree of specialization in each of the
layers, but this specialization assumes
certain network behavior.
One of the assumptions or
requirements : traffic is always going to
flow in the same upstream or
downstream hierarchical fashion
(access to distribution to core).
Isolating the distribution and

core into two separate modules
creates a clean delineation for
change control between
activities affecting end stations
and those that affect the data
center, WAN or other parts of the
network.
Access

Cisco Public
Failure Domains Analysis

1. If the Edge Router fails, it will impact every device connected to
it.
2. If S1 fails, it will impact H1, H2, H3, and AP1.
3. If S2 fails, it will impact S3, H4, H5, and H6.
4. If AP1 fails, it will impact H1.
5. If S3 fails, it will impact H5 and H6

Cisco Public
Campus Network fault and change isolation

Applies to
the logical control plane design and
the data flow design
Failure
Domain
From a physical perspective, the distribution layer

provides the boundary between
the access-distribution block and
the core of the network.
provides the physical demarcation between the core infrastructure

and the access-distribution blocks.
Is the demarcation and summarization point between the cores
control plane and the access-distribution block control plane
Traffic Recovery in a Hierarchical Design for LAN Flow

Distribution switch Uplink
Distribution switch downlink
Cisco Public
Campus Network Modularity

The modules of the Network are the building blocks that are
assembled into the larger campus.
The advantage of the modular approach is largely due to the
isolation that it can provide.
Failures that occur within a module can be isolated from the remainder of the
network,
providing for both simpler problem detection and higher overall system availability.
Network changes, upgrades, can be made in a controlled and staged fashion,

allowing greater flexibility in the maintenance and operation of the campus network.
The campus network architecture is based on the use of two basic

blocks or modules that are connected together via the core of the
network:
Access-distribution block
Services block

Cisco Public
10
Switch Block
a switch or group of switches providing access to users
Routers, or multilayer switches, are usually deployed in pairs, with
access layer switches evenly divided between them.
Each switch block acts independently of the others.
As a result, the failure of a single device does not cause the network to go down.
Even the failure of an entire switch block does not affect a significant
number of end users.
To understand how many VLANs can be configured in a switch
block, you must understand the following factors:
Traffic patterns
Applications used
Network management
Group commonality
IP addressing scheme

Cisco Public
11
Defining VLAN Boundaries

End-to-End VLANs
spans the switch-fabric from end to end
are configured to allow membership based on function, project,
department, and so on
Goal: maintain 80 percent of the network traffic as local, or within the
VLAN. Only 20 percent or less should extend outside the VLAN.
Local VLANs/Geographically configured VLANs

configured by physical location
a building or just a closet in a building, depending on switch size.
used in corporations that have centralized server and mainframe blocks

because end-to-end VLANs are difficult to maintain in this situation.
when the 80/20 rule becomes the 20/80 rule,
end-to-end VLANs are more difficult to maintain, so use a local VLAN
If an organization is using centralized resources, such as a server farm.
The users will spend most of their time utilizing these centralized resources(80)
and 20 percent or less on the local VLAN.
Cisco Public
12
Access-Distribution Block
Building block that comprises Devices of the access layer and
the distribution layer of the multi-layer campus architecture.
is the fundamental component of a campus design.
Properly designing the distribution block goes a long way to ensuring the
success and stability of the overall architecture.
the network topology control plane design choicessuch as

routing and spanning tree protocols determine how the
distribution block glues together and fits within the overall
architecture.
three basic design choices for configuring the accessdistribution block and the associated control plane:
Multi-Tier Access-Distribution Block
Routed access
Virtual switch
Cisco Public
13
Managing Oversubscription and Bandwidth

Cisco Public
14
Multi-Tier Access-Distribution Block

All of the access switches are configured to run in
Layer-2 forwarding mode
the distribution switches are configured to run both
Layer-2 and Layer-3 forwarding.
VLAN-based trunks are used to extend the subnets
from the distribution switches down to the access
layer.
First Hop Redundancy Protocol (FHRP) is run on
the distribution layer switches along with a routing
protocol to provide upstream routing to the core of
the campus.
spanning tree and the use of the spanning tree
hardening features (such as Loopguard, Rootguard,
and BPDUGuard) are configured on the access
ports and switch-to-switch links as appropriate
each access switch is configured with unique voice
and data VLANs.
The distribution building block
provides route summarization and fault isolation for access
node and link failures and
provides a summarization point for access routes up into the
core of the network.

Cisco Public
15
Layer 2 Distribution Switch Interconnection

If the enterprise campus requirements must support VLANs spanning
multiple access layer switches,
the design model uses a Layer 2 link for interconnecting the distribution switches
Use only if Layer 2 VLAN spanning flexibility required

STP convergence required for uplink failure and recovery
More complex because STP root and HSRP should match
Distribution-to-distribution link required for route summarization

Cisco Public
16
Layer 3 Distribution Switch Interconnection
no VLANs span between access layer switches across the

distribution switches
A subnet equals a VLAN which equals an access switch.
No STP convergence required for uplink failure and recovery

Distribution-to-distribution link required for route summarization
Map Layer 2 VLAN number to Layer 3 subnet for ease of use
and management

Cisco Public
17
Layer 3 Distribution Interconnection with GLBP

Fully utilize uplinks via GLBP
Distribution-to-distribution required for route summarization
No STP convergence required for uplink failure/recovery
The distribution-to- distribution link is still required for route
summarization.
Since the VLANs do not span access switches, STP convergence
is not required for uplink failure and recovery.

Cisco Public
18
Two Major Variations of the Multi-Tier Distribution Block
In the looped design, one-to-many VLANs are configured to span

multiple access switches.
each of these spanned VLANs has a spanning tree or Layer-2 looped topology.
the V or loop-free design defines unique VLANs for each access switch
Cisco Public
19
Cisco STP Toolkit

PortFast: Bypass listening-learning phase for an access port
UplinkFast: Provides three to five seconds convergence after link failure
BackboneFast: Cuts convergence time by max_age for indirect failure
LoopGuard: Prevents alternate or root port from becoming designated in
absence of BPDUs
RootGuard: Prevents external switches from becoming root
BPDUGuard: Disable PortFast-enabled port if a BPDU is received

Cisco Public
20
Layer 2 Hardening
Place the root where you want it
Root Primary/Secondary Macro
The root bridge should stay

where you put it
RootGuard
LoopGuard
UplinkFast
UDLD
Only end station traffic should

be seen on an edge port
BPDUGuard
RootGuard
PortFast
port-security
Cisco Public
21
Layer 2 Design Recommendations

Use RSTP when you must implement STP
Harden Layer 2 by defining primary and secondary root
switches and using STP toolkit for STP predictability
Use 802.1Q trunks with a non-default native VLAN
Set VTP mode to transparent
Set DTP to desirable/desirable and negotiate
Manually prune unneeded VLANs
Disable trunks and EtherChannels on host ports
Globally configure aggressive mode UDLD for fiber links

Configure EtherChannel where needed
Use desirable/desirable for PAgP operations
Use active/active for LACP operations
Disable EtherChannels on host ports and when not needed.
Cisco Public
22
Layer 3 Access-to-Distribution Interconnection
Best option for fast convergence and ease to implement

Equal-cost Layer 3 load balancing on all links
No spanning tree required for convergence
No HSRP or GLBP configuration required
No VLAN spanning possible

Cisco Public
23
Routed Access Distribution Block

access switch acts as a full Layer-3 routing node
the access to distribution Layer-2 uplink trunks are replaced with Layer-3
point-to-point routed links
each access switch is configured with unique voice, data, and any other
required VLANs.
requires that no VLAN span multiple access switches
the default gateway and root bridge for VLANs are simply moved from the
distribution switch to the access switch
Addressing for all end stations and for the default gateway remains the same.
VLAN and specific port configuration remains unchanged on the access
switch.
Router interface configuration, access lists, ip helper and any other
configurations for each VLAN are now configured on the VLAN Switched
Virtual Interface (SVI) defined on the access switch
uses a single control protocol (either EIGRP or OSPF), and removes the need
for features such as HSRP.

Cisco Public
24
Campus Routing
fundamental rules of routing design.
Rapid convergence because of link and/or switch failures
Deterministic traffic recovery
Scalable and manageable routing hierarchy
Route convergence
optimize the routing design to ensure a minimal and deterministic convergence time for this failure case
Layer 3 routed campus designs use the equal-cost path design principle for the recovery of upstream traffic flows
from the access layer.
Deterministic traffic recovery

stub routing (redundant equal-cost paths)
route filtering (prevent traffic to transit on LAN Switches)
Link Failure Detection Tuning
Link Debounce
By default, GigE and 10GigE interfaces operate with a 10 msec debounce timer which provides for optimal link failure detection.
The default and recommended configuration for debounce timer is disabled
Carrier-Delay
carrier-delay behavior is configured to a value of zero (0)
Hello/Hold and Dead Timer Tuning
The summarization scheme

should map onto the logical building blocks of the network and
provide isolation for local route convergence events
link and/or node failures within a building block should not result in routing updates being propagated to other
portions of the network.
Cisco Public
25
Equal-Cost Path Traffic Recovery

each switch has two routes and two associated hardware Cisco Express
Forwarding (CEF) forwarding adjacency entries.
Before a failure, traffic is being forwarded using both of these forwarding entries.
On failure of an adjacent link or neighbor, the switch hardware and software
immediately remove the forwarding entry associated with the lost neighbor.
After the removal of the route and forwarding entries associated with the lost path,
the switch still has a remaining valid route and associated CEF forwarding entry.
it does not need to trigger or wait for a routing protocol convergence,
it is immediately able to continue forwarding all traffic using the remaining CEF
entry.

Cisco Public
26
Link Load Balancing with EtherChannel

EtherChannel allows load sharing of traffic among the links in the
channel and redundancy in the event that one or more links in the
channel fail.
You can tune the hashing algorithm used to select the specific
EtherChannel link on which a packet is transmitted.
To achieve the best load balancing, use two, four, or eight ports in the port
channel.
use either :
the default Layer 3 source and destination information, or
add a level of load balancing to the process by adding the Layer 4 TCP/IP port
information as an input to the algorithm.
The command port-channel loadbalance is used to present the

more unique values to the hashing algorithm
EtherChannel load balancing does not support per-packet load
balancing.
Cisco Public
27
Load Balancing - CEF polarization

polarization in cef occurs when traffic uses per destination load balancing
and the same algorithm (the default).
this will cause traffic to be unevenly load balanced after the initial
distribution.
verify the interface selected for load balancing.
show ip cef exact-route source - ip address [src-port port number] destination-ip
address[ dest-port port number] [ gtp-teid teid] command in the User EXEC mode or
the Privileged EXEC mode
Balancing Network Traffic
tune the input into the CEF algorithm across
the layers in the network.
1. In the core layer, continue to use the
default, which is based on only Layer 3
information.
2. In the distribution layer, use the Layer 3
plus Layer 4 information as input into the
CEF hashing algorithm with the command
Dist2-6500 (config)#mls ip cef loadsharing full.
Cisco Public
28
Layer 3 Access using EIGRP
EIGRP Stub
Distribution Summarization
Route Filters
Hello and Hold Timer Tuning
Cisco still recommends that the EIGRP hold and dead or OSPF hello
and dead timers be reduced in the campus.
Cisco still recommends in the Layer 3 campus design that the EIGRP
hello and dead timers be reduced to 1 and 3 seconds, respectively

Cisco Public
29
EIGRP stub
EIGRP stub feature is configured on all of the access switches to prevent the distribution
switch from sending routes queries to the Layer 3 access switches.
Layer 3 access switches are intended to forward traffic only to and from the locally
connected subnets.
The access switch is never intended to be a transit or intermediary device for any data
flows that are not to or from locally-connected devices.
the impact on the distribution switch is to limit the number of queries generated to " 3" or
less for any link failure.
Configuring the L3 access switch as a stub router enforces hierarchical traffic patterns in
the network.
router eigrp 100

passive-interface default
no passive-interface GigabitEthernet1/1
no passive-interface GigabitEthernet1/2
network 10.0.0.0
no auto-summary
eigrp router-id 10.120.4.1
eigrp stub connected = EIGRP process run in
"stub connected" state

Cisco Public
30
Distribution Summarization
In the event of a downlink failure, the distribution switch generates three queries;
EIGRP recovery is bounded by the longest query response time.
The EIGRP process has to wait for replies from all queries to ensure that it calculates the optimal loop free path.
Responses to the two queries sent towards the core need to be received before EIGRP can complete the route
recalculation.
To ensure that the core switches generate an immediate response to the query, it is necessary to
summarize the block of distribution routes into a single summary route advertised towards the core.
The summary-address statement is configured on the uplinks from each distribution switch to both
core nodes.
CC1: With the upstream route summarization in place, whenever the distribution switch generates a
query for a component subnet of the summarized route, the core switches reply that they do not
have a valid path (cost = infinity) to the subnet query
CC0: In the presence of any more specific component of the 10.120.0.0/16 address space, it
causes EIGRP
to generate a summarized route for the 10.120.0.0/16 network,
to advertise only that route upstream to the core switches.
interface TenGigabitEthernet4/1
description Distribution 10 GigE uplink to Core 1
ip address 10.122.0.26 255.255.255.254
ip pim sparse-mode
ip hello-interval eigrp 100 1
ip hold-time eigrp 100 3
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 eigrp
ip summary-address eigrp 100 10.120.0.0 255.255.0.0 5
mls
qos trust dscp
Cisco Public
31
Route Filters
Requirements: hierarchical traffic flows
Traffic flows pass from access through the distribution to the core
Traffic flows should never pass through the access layer unless they are destined to a
locally attached device.
Solutions:
EIGRP stub feature is configured on all of the access switches to prevent the distribution
switch from sending routes queries to the Layer 3 access switches.
apply a distribute-list to all the distribution downlinks to filter the routes received by the
access switches.
a default or quad zero route (0.0.0.0 mask 0.0.0.0) is the only route advertised to the
access switches.
router eigrp 100
network 10.120.0.0 0.0.255.255
network 10.122.0.0 0.0.0.255
. . .
distribute-list Default out GigabitEthernet3/3
. . .
eigrp router-id 10.120.200.1
!
ip Access-list standard
permit 0.0.0.0
Cisco Public
32

Cisco Public
33

Cisco Public
34
Virtual Switching System (VSS) distribution block

Cisco Catalyst 6500 VSS
and Stackwise/StackwisePlus in the Cisco Catalyst
3750/3750E
the access switch has a
single multi-chassis
Etherchannel (MEC)
upstream link connected to
a single (logical)
distribution switch.

Cisco Public
35
VSS single multi-chassis Etherchannel uplink Advantages
Load balancing of traffic and recovery from uplink failure

now leverage Etherchannel capabilities.
Traffic is load-balanced per flow, rather than per client or per
subnet.
In the event that one of the uplinks fails, the Etherchannel
automatically redistributes all traffic to the remaining links in
the uplink bundle rather than waiting for spanning tree,
HSRP, or other protocol to converge.
The ability to remove physical Layer-2 loops from the
topologyand to no longer be dependent on spanning tree
to provide for topology maintenance and link redundancy
results in a distribution block design that allows for subnets
and VLANs to be spanned across multiple access switches
Cisco Public
36
Virtual Switching System (VSS) block

A virtual switch can be used in any location in the campus
design where it is desirable to replace the current control
plane and hardware redundancy with the simplified topology
offered by the use of a virtual switch
Where two or more nodes existed with multiple independent
links connecting the topology, a virtual switch can replace
portions of the network with a single logical node with fewer
links.

Cisco Public
37
Layer-2 topology migrated from to an end-to-end virtual switch-based network.
a fully
redundant
spanning treebased topology
end-to-end
virtual switchbased network.

Cisco Public
38
Routed Access or Switches Access

For those campus designs requiring greater flexibility in
subnet usage
distribution block designs using Layer 2 switching in the access layer
and Layer 3 switching at the distribution layer provides the best
balance for the distribution block design
For campus designs requiring simplified configuration, the

fastest convergence
distribution block design using Layer 3 switching in the access layer
(routed access) in combination with Layer 3 switching at the
distribution layer provides the fastest restoration of voice and data
traffic flows.

Cisco Public
39
Comparison of Distribution Block Design Models

Cisco Public
40
Services Block
Allows to integrate more network services to the campus
network while providing for the appropriate degree of
operational change management and fault isolation and
continuing to maintain a flexible and scalable design.
The network service is designed as a Block and connected to
the campus network
functions recommended to be located in a services block
include:
Centralized LWAPP wireless controllers
IPv6 ISATAP tunnel termination
Local Internet edge
Unified Communications services (Cisco Unified Communications
Manager, gateways, MTP, and the like)
Policy gateways
Cisco Public
41
Campus Network Resiliency

It is not enough that a campus network be seen as being complete
solely because it correctly passes data from one point to another
Systems must also be designed to resist failure under unusual or
abnormal conditions
Network resiliency is the ability for the network to remain available
for use under both normal and abnormal conditions.
Normal conditions include such events as change windows and normal or
expected traffic flows and traffic patterns.
Abnormal conditions include hardware or software failures, extreme traffic
loads, unusual traffic patterns, denial-of-service (DoS) events whether
intentional or unintentional, and any other unplanned event.
By engineering the network to both what you want it to do and

prevent it from doing what you do not want it to do, you
decrease the likelihood of some unexpected event from breaking
or disrupting the network.
Cisco Public
42

Cisco Public
43
Campus Network Resiliency Features

Cisco Public
44
Campus Network Flexibility

The structured hierarchical design inherently provides for a
high degree of flexibility because it allows staged or gradual
changes to each module in the network fairly independently
of the others.
Changes in core transport can be made independently of the
distribution blocks.
Changes in the design or capacity of the distribution layer can be
implemented in a phased or incremental manner.
the introduction of the services block module into the architecture is
specifically intended to address the need to implement services in a
controlled fashion.
modularization of the overall design also applies to the selection of
devices to fill each of the roles in the overall architecture.

Cisco Public
45
Campus Network Evolutionary changes options

Control Plane Flexibility
Provides The ability to support and allow migration between multiple routing, spanning tree,
and other control protocols.
Forwarding Plane Flexibility

Provides The ability to support the introduction and use of IPv6 as a parallel requirement
along side IPv4.
User Group Flexibility

Provides The ability to virtualize the network forwarding capabilities and services within the
campus fabric to support changes in administrative structure of the enterprise.
Traffic Management and Control Flexibility

Unified communications, collaborative business approaches, and software models continue
to evolvealong with a trend toward increased growth in peer-to-peer traffic flows.
campus designs that allow the deployment the security, monitoring, and troubleshooting tools
available to support these new traffic patterns.
Flexible Security Architecture

The high probability of changing traffic patterns and a continual increase in security threats
as new applications and communications patterns develop will require a security architecture
that can adapt to these changing conditions.
Cisco Public
46
Campus Network Services

Campus network Services are functionalities, features the
campus network provides to network flows on the campus
network
Campus network Services allow the network design team to
meet specific customer's network requirements.
Variety of campus network services exists:
Non-Stop High Availability
Access and Mobility Services
Application Optimization and Protection Services
Virtualization Services
Security Services
Operational and Management Services

Cisco Public
47
Approaches for Campus High Availability

Network resiliency
topology redundancy,
redundant links
how the control plane protocols
Device resiliency
physical redundancy to address Layer-1 physical failures (physical hardware and software
redundancy,)
supervisor redundancy to provide for a non-stop forwarding (data) plane,
provide the appropriate protection for the switches control plane.
Limit the baseline control plane and CPU load on each switch through modular design, as well as to
provide control plane isolation between modules in the event any failure does occur.
Reduce the probability of a flooding event through the reduction in the scope of the Layer-2 topology and
the use of the spanning tree toolkit features to harden the spanning tree design.
Leverage the hardware CPU protection mechanisms and Control Plane Protection (CoPP) features of the
Catalyst switches to limit and prioritize traffic forwarded to each switch CPU.
Operational resiliency
The campus network be designed to enable standard operational processes, configuration
changes, software and hardware upgrades without disrupting network services.
mechanisms exist to upgrade software
Full-image In-Service Software Upgrade (ISSU) on the Cisco Catalyst 4500
Sub-system ISSU on the Cisco Catalyst 6500
Cisco Public
48
Access and Mobility Services

Cisco Public
49
Campus Virtualization Mechanisms

Layer-2 virtualization technique: Virtual LAN
Layer-3 Virtualization technique:
Virtualized Routing and Forwarding (VRF) with GRE, 802.1q and
MPLS tagging

Cisco Public
50
Security Services - Infrastructure Protection
Protecting the Network Devices

use of secure management and change control for all devices(AAA + SSH)
each device should be configured to minimize the possibility of any attacker gaining access or compromising
the switch itself(AutoSecure).
Protect the Links

Protecting the inter-switch links from security threats is largely accomplished through the implementation of the
campus QoS design
Protect the Control Plane

hardening the system CPU from overload conditions,
securing the control plane protocols
use of MD5-based authentication and
explicitly disabling any control protocol on any interface where it is not specifically required, together
provide the first level of protection by securing the control plane protocols .
Infrastructure Telemetry and Monitoring

to detect and observe any anomalous or malicious activities
NetFlow
Provides the ability to track each data flow that appears in the network.
Hardware DPI (NBAR)

Provides the ability to detect undesirable application traffic flows at the network access layer and allow for selected control (drop or
police) of undesirable traffic.
Syslog
Provides the ability to track system events.
inserting IPS devices at key choke points provides an additional level of observation and mitigation capability.
While NetFlow provides for a very scalable mechanism to detect and find anomalous traffic flows, IPS along
with NBAR based DPI can provide visibility into the content of individual packets.
Cisco Public
51
CAMPUS Network Distributed Security Services

Perimeter Access Control
and Edge Security
Security access control
policy : authentication
mechanisms such as IBNS
(802.1X) or Network
Admission Control (NAC).
Cisco Integrated Security
Features (CISF), port
security, DHCP Snooping,
Dynamic ARP Inspection,
and IP Source Guard on all
access ports
Endpoint Security
client security applications
Cisco Security Agent (CSA),
NAC and IBNS client software
Cisco Public
52

Cisco Public
53

1. Inventory ports numbers, current and expected endpoint on
the campus.
2. Select the routing protocol to be used in the campus network
3. Define data oversubscription :
a. 20:1 for access ports on the access-to- distribution uplink.
b. 4:1 for the distribution-to-core links.
4. How to perform load balancing on the campus?

a. EtherChannel Design Versus Equal-Cost Multipathing
5. Design access distribution blocks: number and type of blocks

a. For each block type, specify layer 2 and layer 3 features and tell why
and how each feature is going to be implemented.
b. Select and justify implementation of Cisco Catalyst Integrated Security
Features

Cisco Public
54

Cisco Public
55

Campus Network Design v2.0

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Campus Network Design v2.0

Caricato da

Copyright:

Formati disponibili

Campus Network

By dividing the campus Network into subsystemsor building blocksand

Campus Network Design

Campus Network Architecture Change - Drivers

Innovation and technological advances

Campus Network Design

Is Campus Network Design Approach Needed?

Campus Network Design

Core Network Design Approach

Benefits provided by Dividing any Network into its

Campus Network Design

Campus Architecture Design Principles

Structured Campus Network Design questions:

Layers of the Campus Network

Collapsed Distribution and

Single-Node Campus Core

Isolating the distribution and

Campus Network Design

Failure Domains Analysis

Campus Network Design

Campus Network fault and change isolation

From a physical perspective, the distribution layer

provides the physical demarcation between the core infrastructure

Traffic Recovery in a Hierarchical Design for LAN Flow

Campus Network Modularity

Network changes, upgrades, can be made in a controlled and staged fashion,

The campus network architecture is based on the use of two basic

Campus Network Design

Campus Network Design

Defining VLAN Boundaries

Local VLANs/Geographically configured VLANs

used in corporations that have centralized server and mainframe blocks

the network topology control plane design choicessuch as

Managing Oversubscription and Bandwidth

Campus Network Design

Multi-Tier Access-Distribution Block

Campus Network Design

Layer 2 Distribution Switch Interconnection

Use only if Layer 2 VLAN spanning flexibility required

Campus Network Design

Layer 3 Distribution Switch Interconnection

no VLANs span between access layer switches across the

No STP convergence required for uplink failure and recovery

Campus Network Design

Layer 3 Distribution Interconnection with GLBP

Campus Network Design

Two Major Variations of the Multi-Tier Distribution Block

In the looped design, one-to-many VLANs are configured to span

Cisco STP Toolkit

Campus Network Design

The root bridge should stay

Only end station traffic should

Layer 2 Design Recommendations

Globally configure aggressive mode UDLD for fiber links

Layer 3 Access-to-Distribution Interconnection

Best option for fast convergence and ease to implement

Campus Network Design

Routed Access Distribution Block

Campus Network Design

Deterministic traffic recovery

Hello/Hold and Dead Timer Tuning

The summarization scheme

Campus Network Design

2007 2010, Cisco Systems, Inc. All rights reserved.