CNDO: Deploying a Layer 3 Switch in a Campus

View Transcript

now let's look at what we have learned and applied to the case of a simple campus this campus we've got one subnet per building and the slide shows an ethernet switch with a routing process turned on so it has the layer 3 capability turned on and the two ports on the left have been configured in different vlans the dark red port is vlan 10 and the green port is in vlan 20. each vlan has an ip address and this ip address will be used as the default gateway for any devices that connect to this switch if we've got multiple subnets per building then we would make the gigabit ports on this switch rather than just an access port we'd make them a trunk port so you see the example here the red on the left that's interface gigabit one it's now been defined as a trunk and it's allowing vlans 10 11 and 12 in through that trunk port we've defined ip addresses for vlan 10 to be 10 1 0 1 for vlan 11 to be 10 1 1 1 and for vlan 12 to be 10 1 2 1. so these are the default gateways that end users would use if they're on the respective vlans gigabit 2 and this core switch that we have would be similarly set up to connect to another building so this building would be using vlans 2021 and 22 and we have the same ip addresses defined for vlan 2021 and 22. so again based on what you have learned so far in this video series what has to be different at the building aggregation switch so let's have a look at some of the hints and tips about all this remember one subnet equals one vlan we've advised in several sessions before never to use vlan 1. it's the default vlan on many different vendor switches and often has special default behavior in fact in some cases you can't even turn it off so be very wary about vlan 1. it should never be used it may appear by default on all ports it's very hard quite often to use it with tagging so it's better to ignore it and if you can remove it but vlans 2 through to 4094 are usable and should be more than enough for a modern campus what other hints and tips can we look at well it's also important not to enable the same vlan on links to different buildings we want to try and keep the group of vlans within a building v-lines within the building routing at the core has been a general theme throughout this series a layer-free switch lets you do this and you find many design documents talking about how to configure this but that doesn't mean it's a good idea you end up with vlan spaghetti you end up with a big mess that you cannot scale and you cannot manage so this implies you're going to have a wired v line per building and a wi-fi v line per building and whatever other vlans you need the vlans will stay in the building we carry them on a trunk to the core router and the router there will write between them and it's actually very rare for a user on a wired vlan in a building to need to be able to send vast amount of data to a user on another vlan in the same building most campus end users are consumers consuming internet content or accessing content that's in the network core and when you're doing your vlan planning make sure you choose a consistent scheme so for example vlans 2 to 9 could be for the knock 10 to 19 for building 1 20 to 29 for building 2 and so forth you're not likely to need more than 10 vlans per building and so if you follow this scheme this is going to allow for up to 400 buildings with ease is your campus really that big so this could be a very viable scheme for you to follow and it means you can identify traffic and users based simply on the vlans that they are assigned to some layer 3 switches will let you configure routed ports making it work exactly like a router instead of a switch some also have routed sub-interfaces with vlan tags this means you could route multiple subnets to each building without actually having to create separate vlans this will help you scale in the case that you're going to run out of vlans the other thing to remember is you can actually use the same vlan tags for different subnets in different buildings and this makes the distribution and edge switch configurations almost identical everywhere so rather than the example we talked about in the previous slide where we said built building one would have vlan 10 to 19 and building 2 would have 20 to 29 make every building use vlan 10 to 19. because you're not going to be passing the vlans from building to building they're all routed in the core and as long as the core router knows how to get between the different vlans configured that's all you need to know so looking on a switch where you've got fully routed interface again the configuration example shows you how this might work so the gigabit one interface on the left the red one shows that it's not a switch port so this is now routed port we now create sub-interfaces so interface gig 1.10 we've said encapsulation.1 q10 that means we're tagging that interface sub-interface as in vlan 10. so all the traffic on that one will be vlan 10. and gigabit 1.11 encapsulation.1 q11 that is vlan 11. so again traffic on this interface going out to the distribution will be tagged according to which vlan it is sitting in we can do the same with gigabit 2 and so on and so forth both buildings in this case are using vlan tags 10 and 11 but these are different isolated subnets remember we are not passing vlan 11 in one building to vlan 11 in another building because this is a fully routed interface.

Exercises

Acceptable Use

Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
You are free to:

Share — copy and redistribute the material in any medium or format
Adapt — remix, transform, and build upon the material
The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:

Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
NonCommercial — You may not use the material for commercial purposes.
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.

BGP for All

Introduction to Routing

Introduction to BGP

BGP Attributes

BGP Policy

BGP Scaling Techniques

BGP Best Practices

Multi-Homing

BGP Case Studies

Communities

Value of Peering

IXP Design and Implementation

BGP for NRENs

Routing Security

Route Origin Validation

MANRS

perfSONAR

Intro & Installation

Configuration

Regular Testing

Using Metrics

Network Measurements

Using MaDDash

ScienceDMZ

Background and Structure

Specific Designs

Techniques & Technology

FedIdM

Campus Identity

Federated Identity

Identity and Business Models

Campus Network Design & Ops

Campus Design

Cabling

View Transcript

Related Documents

Exercises

Acceptable Use