Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Design
CCNP Cisco Certified Network Professional Routing and Switching (AEC LEA.CS)
2007 2010, Cisco Systems, Inc. All rights reserved.
Cisco Public
Enterprise Campus
consists of the integrated elements that comprise the set of
services used by a group of users and end-station devices
that all share the same high-speed switching
communications fabric.
the high-speed Layer-2 and Layer-3 Ethernet switching
portions of the network outside of the data center.
The campus core can often interconnect the campus
access, the data center and WAN portions of the network.
Cisco Public
Cisco Public
Cisco Public
Cisco Public
Cisco Public
Core
Distribution
Access
hierarchical design help achieve a
degree of specialization in each of the
layers, but this specialization assumes
certain network behavior.
One of the assumptions or
requirements : traffic is always going to
flow in the same upstream or
downstream hierarchical fashion
(access to distribution to core).
Access
Cisco Public
Cisco Public
Failure
Domain
Cisco Public
Cisco Public
10
Switch Block
a switch or group of switches providing access to users
Routers, or multilayer switches, are usually deployed in pairs, with
access layer switches evenly divided between them.
Each switch block acts independently of the others.
As a result, the failure of a single device does not cause the network to go down.
Even the failure of an entire switch block does not affect a significant
number of end users.
To understand how many VLANs can be configured in a switch
block, you must understand the following factors:
Traffic patterns
Applications used
Network management
Group commonality
IP addressing scheme
Cisco Public
11
Cisco Public
12
Access-Distribution Block
Building block that comprises Devices of the access layer and
the distribution layer of the multi-layer campus architecture.
is the fundamental component of a campus design.
Properly designing the distribution block goes a long way to ensuring the
success and stability of the overall architecture.
Cisco Public
13
Cisco Public
14
Cisco Public
15
Cisco Public
16
Cisco Public
17
Cisco Public
18
the V or loop-free design defines unique VLANs for each access switch
Campus Network Design
2007 2010, Cisco Systems, Inc. All rights reserved.
Cisco Public
19
Cisco Public
20
Layer 2 Hardening
Place the root where you want it
Root Primary/Secondary Macro
Cisco Public
21
Cisco Public
22
Cisco Public
23
the default gateway and root bridge for VLANs are simply moved from the
distribution switch to the access switch
Addressing for all end stations and for the default gateway remains the same.
VLAN and specific port configuration remains unchanged on the access
switch.
Router interface configuration, access lists, ip helper and any other
configurations for each VLAN are now configured on the VLAN Switched
Virtual Interface (SVI) defined on the access switch
uses a single control protocol (either EIGRP or OSPF), and removes the need
for features such as HSRP.
Cisco Public
24
Campus Routing
fundamental rules of routing design.
Rapid convergence because of link and/or switch failures
Deterministic traffic recovery
Scalable and manageable routing hierarchy
Route convergence
optimize the routing design to ensure a minimal and deterministic convergence time for this failure case
Layer 3 routed campus designs use the equal-cost path design principle for the recovery of upstream traffic flows
from the access layer.
Carrier-Delay
carrier-delay behavior is configured to a value of zero (0)
Cisco Public
25
Cisco Public
26
use either :
the default Layer 3 source and destination information, or
add a level of load balancing to the process by adding the Layer 4 TCP/IP port
information as an input to the algorithm.
Cisco Public
27
Cisco Public
28
EIGRP Stub
Distribution Summarization
Route Filters
Hello and Hold Timer Tuning
Cisco still recommends that the EIGRP hold and dead or OSPF hello
and dead timers be reduced in the campus.
Cisco still recommends in the Layer 3 campus design that the EIGRP
hello and dead timers be reduced to 1 and 3 seconds, respectively
Cisco Public
29
EIGRP stub
EIGRP stub feature is configured on all of the access switches to prevent the distribution
switch from sending routes queries to the Layer 3 access switches.
Layer 3 access switches are intended to forward traffic only to and from the locally
connected subnets.
The access switch is never intended to be a transit or intermediary device for any data
flows that are not to or from locally-connected devices.
the impact on the distribution switch is to limit the number of queries generated to " 3" or
less for any link failure.
Configuring the L3 access switch as a stub router enforces hierarchical traffic patterns in
the network.
Cisco Public
30
Distribution Summarization
In the event of a downlink failure, the distribution switch generates three queries;
EIGRP recovery is bounded by the longest query response time.
The EIGRP process has to wait for replies from all queries to ensure that it calculates the optimal loop free path.
Responses to the two queries sent towards the core need to be received before EIGRP can complete the route
recalculation.
To ensure that the core switches generate an immediate response to the query, it is necessary to
summarize the block of distribution routes into a single summary route advertised towards the core.
The summary-address statement is configured on the uplinks from each distribution switch to both
core nodes.
CC1: With the upstream route summarization in place, whenever the distribution switch generates a
query for a component subnet of the summarized route, the core switches reply that they do not
have a valid path (cost = infinity) to the subnet query
CC0: In the presence of any more specific component of the 10.120.0.0/16 address space, it
causes EIGRP
to generate a summarized route for the 10.120.0.0/16 network,
to advertise only that route upstream to the core switches.
interface TenGigabitEthernet4/1
description Distribution 10 GigE uplink to Core 1
ip address 10.122.0.26 255.255.255.254
ip pim sparse-mode
ip hello-interval eigrp 100 1
ip hold-time eigrp 100 3
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 eigrp
ip summary-address eigrp 100 10.120.0.0 255.255.0.0 5
mls
qos trust dscp
Campus Network Design
2007 2010, Cisco Systems, Inc. All rights reserved.
Cisco Public
31
Route Filters
Requirements: hierarchical traffic flows
Traffic flows pass from access through the distribution to the core
Traffic flows should never pass through the access layer unless they are destined to a
locally attached device.
Solutions:
EIGRP stub feature is configured on all of the access switches to prevent the distribution
switch from sending routes queries to the Layer 3 access switches.
apply a distribute-list to all the distribution downlinks to filter the routes received by the
access switches.
a default or quad zero route (0.0.0.0 mask 0.0.0.0) is the only route advertised to the
access switches.
router eigrp 100
network 10.120.0.0 0.0.255.255
network 10.122.0.0 0.0.0.255
. . .
distribute-list Default out GigabitEthernet3/3
. . .
eigrp router-id 10.120.200.1
!
ip Access-list standard
permit 0.0.0.0
Campus Network Design
2007 2010, Cisco Systems, Inc. All rights reserved.
Cisco Public
32
Cisco Public
33
Cisco Public
34
Cisco Public
35
Cisco Public
36
Cisco Public
37
a fully
redundant
spanning treebased topology
end-to-end
virtual switchbased network.
Cisco Public
38
Cisco Public
39
Cisco Public
40
Services Block
Allows to integrate more network services to the campus
network while providing for the appropriate degree of
operational change management and fault isolation and
continuing to maintain a flexible and scalable design.
The network service is designed as a Block and connected to
the campus network
functions recommended to be located in a services block
include:
Centralized LWAPP wireless controllers
IPv6 ISATAP tunnel termination
Local Internet edge
Unified Communications services (Cisco Unified Communications
Manager, gateways, MTP, and the like)
Policy gateways
Campus Network Design
2007 2010, Cisco Systems, Inc. All rights reserved.
Cisco Public
41
Cisco Public
42
Cisco Public
43
Cisco Public
44
Cisco Public
45
Cisco Public
46
Cisco Public
47
Device resiliency
physical redundancy to address Layer-1 physical failures (physical hardware and software
redundancy,)
supervisor redundancy to provide for a non-stop forwarding (data) plane,
provide the appropriate protection for the switches control plane.
Limit the baseline control plane and CPU load on each switch through modular design, as well as to
provide control plane isolation between modules in the event any failure does occur.
Reduce the probability of a flooding event through the reduction in the scope of the Layer-2 topology and
the use of the spanning tree toolkit features to harden the spanning tree design.
Leverage the hardware CPU protection mechanisms and Control Plane Protection (CoPP) features of the
Catalyst switches to limit and prioritize traffic forwarded to each switch CPU.
Operational resiliency
The campus network be designed to enable standard operational processes, configuration
changes, software and hardware upgrades without disrupting network services.
mechanisms exist to upgrade software
Full-image In-Service Software Upgrade (ISSU) on the Cisco Catalyst 4500
Sub-system ISSU on the Cisco Catalyst 6500
Campus Network Design
2007 2010, Cisco Systems, Inc. All rights reserved.
Cisco Public
48
Cisco Public
49
Cisco Public
50
Syslog
Provides the ability to track system events.
inserting IPS devices at key choke points provides an additional level of observation and mitigation capability.
While NetFlow provides for a very scalable mechanism to detect and find anomalous traffic flows, IPS along
with NBAR based DPI can provide visibility into the content of individual packets.
Campus Network Design
2007 2010, Cisco Systems, Inc. All rights reserved.
Cisco Public
51
Cisco Public
52
Cisco Public
53
Cisco Public
54
Cisco Public
55