Designing Cisco Network Service Architectures - Free Books

More documents

Recommendations

Info

• Note that using 3 instead of 2 switches for the building distribution switches is a customersolution to a perceived problem. The real requirement is higher availability. It is up to thedesigner to decide the best way to provide the higher availability.• The network staff needs training and skills-building. Bringing in someone with deepertechnical skills might inspire staff to build skills.Step 2 Proposed DesignHere are some points about the optimal design and how to justify it:• The current MegaCorp design is clearly an older style of design. More substantial use ofLayer 3 switching would provide better stability. The problem is telling the customer that,diplomatically but effectively. Justification: Routing limits the scope of failure domains andis simpler and easier to troubleshoot.• Use VLANs per closet or portion of floor, and get out of the moves, adds, changesbusiness. Justification: This frees up staff for more useful tasks, or cuts costs. It also helpsminimize VLANs spanning distribution switches.• With 10,000 employees, 8 buildings, there will be about 1250 people per building, perhaps250 or 300 per floor. This design assumes to start that twice that many ports are needed. Tosupport this port density, a modular switch such as a Cisco Catalyst 4500 or 6500 Seriesswitch is recommended.NoteAn alternate design would use five or size 48 port 100/1000 switches at the access layer percloset per floor to support the expected 500 to 600 ports per floor. The Cisco Catalyst 3750Series switches with StackWise technology would avoid daisy-chaining access layerswitches as occurred in the original design. Daisy-chained switches are strongly to beavoided, due to the high likelihood of STP problems . However, this alternative with multipleindividual switches should be avoided since the sheer number of devices becomes hard tomanage.• You should plan for one or two VLANs per access switch. With 20:1 oversubscriptionestimate, and 100 MB access ports, each chassis would need an uplink of about 1.25 G souse 2 GB EtherChannel to each building switches. The VLANs should be at most trianglesconsisting of the two uplinks and the trunk between the distribution layer switches ifneeded to span distribution switches.• Layer 3 (routing) to the access layer should be considered as a desirable option. It increasescost mildly, but would greatly reduce the need to troubleshoot Spanning Tree (simplicity!).It would require some staff training for the MegaCorp technical staff.• The distribution layer could be small 6500s, and the core bigger 6500 model switches. Oneargument in favor of using the 6500 would be 10 Gbps readiness which can also supportoversubscription ratios for data today, and voice in the future.• The current Layer 2 Core is an older approach. Most sites want Layer 3 cores to avoid thelarge-scale outage a core Spanning Tree loop creates. You should highly recommendMegaCorp use a Layer 3 core. A Layer 2 Core would be unwise with 8 x 2 + 2 = 18switches in the STP domain.• The building switches should have two uplinks to the core switches, not just one.Recommended Practice: “Use triangles, not squares.” Justification: Equal-cost routingprovides fast failover. If you use 4:1 oversubscription model, the uplinks from building tocore would be (2 closets * 2 GB * 5 floors)/4 = 5GB. So the design can start with 4 GB42 Designing Cisco Network Service Architectures (ARCH) v2.0 © 2007 Cisco Systems, Inc.
uplinks, since the speeds on the uplinks from closets were rounded up. All uplinks in thedesign will need to be upgraded when VoIP is deployed.• Simplicity is somewhat at odds with power injection. PoE is affordable for MegaCorp ifused where needed, namely in the access switches. While utility ports (printers, etc.) mightbe grouped on one non-PoE blade, it may be simpler to just provide PoE support on anyport or blade in an access switch.• The distribution and core switches need little or no PoE.• VTP transparent mode is required: there is little reason for VLANs to be changingfrequently.Step 3 Other Technical Design Elements• Turning off STP anywhere should be avoided.• Layer 2 and Layer 3 security features should be used (disable trunking on access ports, setnative VLANs to an unused VLAN for trunks, BPDU Guard, Root Guard, Dynamic ARPInspection, …).• Any Layer 2 switches should use the Layer 2 toolkit (UplinkFast, UDLD, etc.).• Use voice VLANs in every closet.• (Later topic) Plan addressing to assist in IPT deployment, and allow simple access lists forquality of Service (QoS) and voice security.• Coming up with a QoS architecture (plan) would be a good follow-up task.NoteCongratulations! MegaCorp agrees to your proposal. They especially liked the part aboutincluding design and implementation services in with the three year equipment lease.Step 4 Network Migration Plan• Put in the replacement core switches next to the existing ones. Cable them, and routebetween old and new networks. This is simplified if a distinct address block or prefix isused for the new switches.• Put in the replacement building switches next to the existing one. Cable their uplinks to thecore. Configure routing, etc.• Schedule building cutover to occur during the night (one building per week allows time forpreparation, recovery from a late evening, etc.). When cutting over an existing building,pre-position and configure closet switches. First test link status and cable or fiber quality onthe uplinks, then shut those ports down before configuring the switch. Pre-provision anyDHCP scopes that will be needed.• The actual cutover then consists of activating uplinks, moving user patch cables, readdressingprinters and devices with hard-coded addresses, verifying DHCP is working,verifying key applications work, troubleshooting, etc.• Have a Quality Assurance plan to help make sure that everything is done properly despitelate night brain fogging.Step 5 Mitigating the MegaCorp “Equipment Modernizing” Plan• Use Layer 3 Core if at all possible.• Decrease the size of VLANs to single closets if at all possible.© 2007 Cisco Systems, Inc. Lab Guide 43
Page 1 and 2: ARCHDesigning Cisco NetworkService
Page 3 and 4: Table of ContentsLab Guide 1Overvie
Page 5 and 6: ARCHLab GuideOverviewThis guide pre
Page 7: MegaCorp Campus Case Study Scenario
Page 10: MegaCorp Campus Design TasksComplet
Page 13 and 14: Case Study 2: CP Hotels Addressing
Page 15 and 16: The following diagram illustrates t
Page 17 and 18: Note128 x 256 Kbps is approximately
Page 19 and 20: The routing design uses external Bo
Page 21 and 22: Addressing at CP HotelsHQ buildings
Page 23 and 24: CP Hotels Design TasksComplete thes
Page 25 and 26: Case Study 3: CP Hotels Network Ini
Page 27 and 28: Series switches use HSRP and EIGRP
Page 29 and 30: Step 3 (E-Commerce Redesign Stateme
Page 31 and 32: Case Study 4: CP Hotels Security an
Page 33 and 34: The following diagram indicates the
Page 35 and 36: The data centers will be connected
Page 37 and 38: Step 2 Review the CP Hotels design
Page 39 and 40: Case Study 5: DS Medical Research I
Page 41 and 42: DS-MRI Design TasksComplete these s
Page 43 and 44: Activity VerificationYour group has
Page 45: Answer KeyThe recommended solutions
Page 49 and 50: Case Study 2 Answer Key: CP Hotels
Page 51 and 52: Another option uses 3 bits for desi
Page 53 and 54: Case Study 3 Answers: CP Hotels Net
Page 55 and 56: Step 3 E-Commerce Refresh• For th
Page 57 and 58: Case Study 4 Answer Key: CP Hotels
Page 59 and 60: Step 2 CP Hotels Security• The to
Page 61 and 62: Case Study 5 Answer Key: DS Medical
Page 63 and 64: Step 5 High Level Storage Design•
Page 65 and 66: • DS-MRI would also need to ident

Designing Cisco Network Service Architectures - Free Books

Create successful ePaper yourself

Delete template?

Save as template?