Campus and WAN Multilayer Network Design

Multilayer Campus Design

The idea for defining a multilayer campus model was developed by Cisco to improve campus network performance, availability and scalability. There are three layers that comprise the campus multilayer model with associated network services for each layer. The layers include the access layer, distribution layer and core layer.

Access Layer is the network edge where desktops, network servers and various peripherals including video equipment and IP phones are connected. The access switch is either a Layer 2 switch or a Layer 3 switch for routed access layer designs. Connectivity to the access switch is typically with standard Gigabit (1000 Mbps) links today. The access switch uplinks used for forwarding traffic to the distribution layer are Gigabit as well, sometimes with EtherChannel for increased performance. The access layer is responsible for defining VLANs and assigning quality of service to various traffic types. In addition, security is applied at the access layer and packet filtering is deployed to optimize performance and decrease traffic sent to the distribution switches.

Access Layer Services

  • VLAN Assignment
  • Access Control Lists
  • Static Routing
  • QoS Policies
  • Switch Stacking
  • Port Security
  • DHCP Snooping
  • Broadcast Filtering
  • NIC Teaming
  • Power over Ethernet

Distribution Layer is the aggregation layer where traffic from the access layer switches is forwarded to the core layer. The distribution multilayer switches are responsible for routing and load balancing of traffic. In addition policy based routing is applied and route filtering of traffic toward the access layer. Routes are summarized to the core layer for improved performance and decreased device utilization. The distribution switch is typically the default gateway for all employees connected to the access switches.

The HSRP protocol is a common default gateway protocol that provides gateway redundancy and load sharing. The default gateway will ARP for server MAC addresses and maintain the ARP and CAM table for switch connectivity. The VLANs are terminated at the distribution switches and any VLANs are pruned there to decrease broadcast traffic between switches. The server farm traffic is forwarded to the distribution switch where it is forwarded to a connected access layer switch with attached servers at the data center. Client-server applications use multiple web, application and database servers that are connected to multiple access switches.

Distribution Layer Services

  • Dynamic Routing
  • Load Balancing
  • Terminate VLANs
  • Policy Based Routing
  • Route Filtering To Access Layer
  • Route Summarization To Core Layer
  • First Hop Redundancy Protocol (HSRP, GLBP, VRRP)
  • VLAN Pruning
  • ARP Services
  • Server Farm Connectivity
  • Firewall, IPS, SSL, Load Balancer Service Modules

Core Layer is responsible for high speed packet forwarding of traffic from the distribution layer, WAN core and the Internet DMZ. The Nexus 7000 switches and 6500 switches are popular as core layer switches for optimized switching performance. Dynamic routing is deployed at the core switches however the purpose is to forward packets. Most of the routing decisions are made by the multilayer distribution switches and WAN core routers. The 10 GE interface uplinks are becoming the standard for core layer and distribution layer switch connectivity.

In addition to high speed packet forwarding, the distribution and core layers are often designed with equal cost links to improve network convergence with ECMP. That allows for optimized load balancing to increase network performance.

Core Layer Services

  • High Speed Packet Forwarding
  • Point to Point Load Balancing
  • Decreased Peering of Distribution Switches for Scalability
  • Forward Internet DMZ traffic

Services Block is an architectural component as part of the newer campus switching design. It is used primarily for migration and centralizing if data center services including IPv6 and wireless LAN controllers. Tunneling is a key feature used to integrate traffic across the switching infrastructure for various purposes.

Services Block

  • Data Center Centralized Services
  • Modularizing and Adding of Services Easier
  • IPv4 and IPv6 Dual Stack Migration
  • Centralized Wireless LAN Controller
  • Tunneling of Traffic for Compatibility

Multilayer WAN Design

The multilayer WAN design model as with the multilayer campus model, was developed by Cisco to improve network performance, availability and scalability across the company WAN. The WAN hierarchical model defines three layers, with associated network services for each layer. The multilayer WAN model include branch layer, distribution layer and core layer.

Branch Layer is the network WAN edge comprised of smaller branch offices that have typically 25 to 100 employees. The WAN infrastructure has much less bandwidth compared to the campus switching infrastructure. The branch layer is responsible for various services that minimize traffic sent to the distribution layer. Route filtering and summarization is deployed at the branch routers to decrease advertisements and bandwidth usage. In addition QoS is deployed at the branch routers and switches to classify and mark voice, video and data traffic.

Branch WAN Services

  • Route Filtering
  • Summarization to the Distribution Layer
  • QoS Edge Classification and Marking
  • Voice and Video Services

WAN Distribution Layer is the aggregation layer for all traffic from connected branch offices going to and from the data center. The WAN distribution layer is responsible for various services that optimize routing and minimize broadcasts. As a result dynamic routing, policy based routing and summarization are deployed at the distribution layer routers along with route filtering to the branch layer. Load balancing services are deployed as well to increase throughput between branch and core layers. It should be noted that distribution and core offices don’t have to have a large number of employees. They could be locations strategic for traffic forwarding purposes.

Distribution WAN Services

  • Branch Layer Aggregation
  • Summarization to the Core Layer
  • Dynamic Routing
  • Policy Based Routing
  • Route Filtering to the Branch Layer
  • Load Balancing to the Core Layer

WAN Core Layer is the aggregation layer for distribution layer connected offices and traffic going to and from the data center. The WAN core layer is responsible for high speed routing of packets. As a result the core layer routers are deployed with dynamic routing and policy based routing. Packet classification, marking and queuing is essential to optimizing bandwidth at the core layer considering the amount of traffic. Load balancing to the distribution layer and data center ensures optimized throughput.

Core WAN Services

  • Distribution and WAN Core Aggregation
  • QoS to the Distribution and WAN Core Layer
  • High Speed Packet Forwarding
  • Dynamic Routing
  • Policy Based Routing
  • Load Balancing to the Distribution Layer

Internet DMZ Services is the edge connectivity for traffic going to and from the public Internet. The DMZ services forward packets from employees, telecommuters, business partners and customers. Standard Internet DMZ services include ISP connectivity, high speed routing, security, packet filtering, VPN and authentication servers.

Internet DMZ Services

  • ISP Internet Connectivity
  • Security Services (Firewall, IDS, IPS)
  • VPN Services
  • Public Servers (DNS, FTP, Email, Web)

Copyright © 2013 Shaun L. Hummel All Rights Reserved



Source by Shaun Hummel

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *