Building Distribution Layer Design Considerations

The Building Distribution layer aggregates the Building Access layer, segments workgroups, and isolates segments from failures and broadcast storms. This layer implements many policies based on access lists and QoS settings. The Building Distribution layer can protect the Campus Core network from any impact of Building Access layer problems by implementing all the organization's policies.

When implementing the Building Distribution layer, consider the following questions:

■ How many devices will each Building Distribution switch handle?

■ What type and level of redundancy are required?

■ How many uplinks are needed?

■ What speed do the uplinks need to be to the building core switches?

■ What cabling is currently available in the wiring closet, and what cabling options exist for uplink connectivity?

■ As network services are introduced, can the network continue to deliver high performance for all its applications, such as video on demand, IP multicast, or IP telephony?

The network designer must pay special attention to the following network characteristics:

■ Performance: Building Distribution switches should provide wire-speed performance on all ports. This feature is important because of Building Access layer aggregation on one side and high-speed connectivity of the Campus Core module on the other side. Future expansions with additional ports or modules can result in an overloaded switch if it is not selected properly.

■ Redundancy: Redundant Building Distribution layer switches and redundant connections to the Campus Core should be implemented. Using equal-cost redundant connections to the core supports fast convergence and avoids routing black holes. Network bandwidth and capacity should be engineered to withstand node or link failure.

When redundant switches cannot be implemented in the Campus Core and Building Distribution layers, redundant supervisors and the Stateful Switchover (SSO) and Nonstop Forwarding (NSF) technologies can provide significant resiliency improvements. These technologies result in 1 to 3 seconds of outage in a failover, which is less than the time needed to replace a supervisor and recover its configuration. Depending on the switch platform, full-image In Service Software Upgrade (ISSU) technology might be available such that the complete Cisco IOS software image can be upgraded without taking the switch or network out of service, maximizing network availability.

■ Infrastructure services: Building Distribution switches should not only support fast multilayer switching, but should also incorporate network services such as high availability, QoS, security, and policy enforcement.

Expanding and/or reconfiguring distribution layer devices must be easy and efficient. These devices must support the required management features.

With the correct selection of Building Distribution layer switches, the network designer can easily add new Building Access modules.

KEY POINT

Multilayer switches are usually preferred as the Building Distribution layer switches, because this layer must usually support network services, such as QoS and traffic filtering.

KEY POINT

The following are best-practice recommendations for optimal Building Distribution layer design:

■ Use first-hop redundancy protocols.

■ Deploy Layer 3 routing protocols between the Building Distribution switches and Campus Core switches.

■ If required, Building Distribution switches should support VLANs that span multiple Building Access layer switches.

The following sections describe these recommendations.

Using First-Hop Redundancy Protocols

If Layer 2 is used between the Building Access switch and the Building Distribution switch, convergence time when a link or node fails depends on default gateway redundancy and failover time. Building Distribution switches typically provide first-hop redundancy (default gateway redundancy) using HSRP, Gateway Load-Balancing Protocol (GLBP), or Virtual Router Redundancy Protocol (VRRP).

This redundancy allows a network to recover from the failure of the device acting as the default gateway for end nodes on a physical segment. Uplink tracking should also be implemented with the first-hop redundancy protocol.

HSRP or GLBP timers can be reliably tuned to achieve subsecond (800 to 900 ms) convergence for link or node failure in the boundary between Layer 2 and Layer 3 in the Building Distribution layer.

In Cisco deployments, HSRP is typically used as the default gateway redundancy protocol. VRRP is an Internet Engineering Task Force (IETF) standards-based method of providing default gateway redundancy. More deployments are starting to use GLBP because it supports load balancing on the uplinks from the access layer to the distribution layer, as well as first-hop redundancy and failure protection.

As shown in Figure 4-10, this model supports a recommended Layer 3 point-to-point interconnection between distribution switches.

Figure 4-10 Layer 3 Distribution Switch Interconnection

Layer 3

HSRP Active VLAN 20,140

HSRP Active VLAN 40,120

Layer 2 Links

Layer 2 Links

Figure 4-10 Layer 3 Distribution Switch Interconnection

Layer 3

HSRP Active VLAN 20,140

HSRP Active VLAN 40,120

Layer 2 Links

Layer 2 Links

VLAN 40 Data VLAN 140 Voice

Building Access

Building Access

VLAN 40 Data VLAN 140 Voice

No VLANs span the Building Access layer switches across the distribution switches, so from an STP perspective, both access layer uplinks are forwarding, and no STP convergence is required if uplink failure occurs. The only convergence dependencies are the default gateway and return path route selection across the Layer 3 distribution-to-distribution link.

NOTE Notice in Figure 4-10 that the Layer 2 VLAN number is mapped to the Layer 3 subnet for ease of management.

If Layer 3 is used to the Building Access switch, the default gateway is at the multilayer Building Access switch, and a first-hop redundancy protocol is not needed.

Deploying Layer 3 Routing Protocols Between Building Distribution and Campus Core Switches

Routing protocols between the Building Distribution switches and the Campus Core switches support fast, deterministic convergence for the distribution layer across redundant links.

Convergence based on the up or down state of a point-to-point physical link is faster than timer-based nondeterministic convergence. Instead of indirect neighbor or route loss detection using hellos and dead timers, physical link loss indicates that a path is unusable; all traffic is rerouted to the alternative equal-cost path.

For optimum distribution-to-core layer convergence, build redundant triangles, not squares, to take advantage of equal-cost redundant paths for the best deterministic convergence. Figure 4-11 illustrates the difference.

Figure 4-11 Redundant Triangles Versus Redundant Squares

Triangle Redundancy Square Redundancy

Figure 4-11 Redundant Triangles Versus Redundant Squares

Triangle Redundancy Square Redundancy

On the left of Figure 4-11, the multilayer switches are connected redundantly with a triangle of links that have Layer 3 equal costs. Because the links have equal costs, they appear in the routing table (and by default will be used for load balancing). If one of the links or distribution layer devices fails, convergence is extremely fast, because the failure is detected in hardware and there is no need for the routing protocol to recalculate a new path; it just continues to use one of the paths already in its routing table. In contrast, on the right of Figure 4-11, only one path is active by default, and link or device failure requires the routing protocol to recalculate a new route to converge.

Other related recommended practices are as follows:

■ Establish routing protocol peer relationships only on links that you want to use as transit links.

■ Summarize routes from the Building Distribution layer into the Campus Core layer.

Supporting VLANs That Span Multiple Building Access Layer Switches

In a less-than-optimal design where VLANs span multiple Building Access layer switches, the

Building Distribution switches must be linked by a Layer 2 connection, or the Building Access layer switches must be connected via trunks.

This design is more complex than when the Building Distribution switches are interconnected with Layer 3. STP convergence is required if an uplink failure occurs.

As shown in Figure 4-12, the following are recommendations for use in this (suboptimal) design:

■ Provide a Layer 2 link between the two Building Distribution switches to avoid unexpected traffic paths and multiple convergence events.

■ If you choose to load-balance VLANs across uplinks, be sure to place the HSRP primary and the RPVST+ root on the same Building Distribution layer switch to avoid using the interdistribution switch link for transit.

Figure 4-12 Layer 2 Building Distribution Switch Interconnection

Layer 2

HSRP Active and RSTP Root VLAN 20,140

Layer 2 Links

Figure 4-12 Layer 2 Building Distribution Switch Interconnection

Layer 2

HSRP Active and RSTP Root VLAN 20,140

Layer 2 Links

HSRP Standby and RSTP Secondary Root VLAN 20,140

Layer 2 Links

VLAN 20 Data VLAN 140 Voice

HSRP Standby and RSTP Secondary Root VLAN 20,140

Layer 2 Links

VLAN 20 Data VLAN 140 Voice

Building Distribution

Building Access

Was this article helpful?

+2 0

Post a comment